diff --git a/Makefile.rhelver b/Makefile.rhelver index 51d34901a..72df93ba9 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 99 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 50 +RHEL_RELEASE = 51 # # ZSTREAM diff --git a/dracut-virt.conf b/dracut-virt.conf new file mode 100644 index 000000000..3724026b0 --- /dev/null +++ b/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront " # xen + +# drivers: storage +drivers+=" ahci nvme sd_mod sr_mod " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront " # xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index 442da1622..c4a686f93 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -4297,7 +4297,7 @@ CONFIG_PCIE_IPROC=y # CONFIG_PCI_ENDPOINT is not set # CONFIG_PCI_ENDPOINT_TEST is not set CONFIG_PCIEPORTBUS=y -# CONFIG_PCIE_PTM is not set +CONFIG_PCIE_PTM=y # CONFIG_PCIE_QCOM is not set CONFIG_PCIE_TEGRA194_HOST=y # CONFIG_PCIE_XILINX is not set diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index 36dff4465..bb7d0c4ab 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -4274,7 +4274,7 @@ CONFIG_PCIE_IPROC=y # CONFIG_PCI_ENDPOINT is not set # CONFIG_PCI_ENDPOINT_TEST is not set CONFIG_PCIEPORTBUS=y -# CONFIG_PCIE_PTM is not set +CONFIG_PCIE_PTM=y # CONFIG_PCIE_QCOM is not set CONFIG_PCIE_TEGRA194_HOST=y # CONFIG_PCIE_XILINX is not set diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config index ad3506a49..fe094b779 100644 --- a/kernel-ppc64le-debug-rhel.config +++ b/kernel-ppc64le-debug-rhel.config @@ -4066,7 +4066,7 @@ CONFIG_PCIE_EDR=y # CONFIG_PCI_ENDPOINT is not set # CONFIG_PCI_ENDPOINT_TEST is not set CONFIG_PCIEPORTBUS=y -# CONFIG_PCIE_PTM is not set +CONFIG_PCIE_PTM=y # CONFIG_PCIE_XILINX is not set # CONFIG_PCI_FTPCI100 is not set # CONFIG_PCI_HOST_GENERIC is not set diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config index 665c2e649..7b39c47a5 100644 --- a/kernel-ppc64le-rhel.config +++ b/kernel-ppc64le-rhel.config @@ -4045,7 +4045,7 @@ CONFIG_PCIE_EDR=y # CONFIG_PCI_ENDPOINT is not set # CONFIG_PCI_ENDPOINT_TEST is not set CONFIG_PCIEPORTBUS=y -# CONFIG_PCIE_PTM is not set +CONFIG_PCIE_PTM=y # CONFIG_PCIE_XILINX is not set # CONFIG_PCI_FTPCI100 is not set # CONFIG_PCI_HOST_GENERIC is not set diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config index 4ab51bba7..b69e9cdb3 100644 --- a/kernel-s390x-debug-rhel.config +++ b/kernel-s390x-debug-rhel.config @@ -4048,7 +4048,7 @@ CONFIG_PCIE_EDR=y # CONFIG_PCI_ENDPOINT is not set # CONFIG_PCI_ENDPOINT_TEST is not set # CONFIG_PCIEPORTBUS is not set -# CONFIG_PCIE_PTM is not set +CONFIG_PCIE_PTM=y # CONFIG_PCIE_XILINX is not set # CONFIG_PCI_FTPCI100 is not set # CONFIG_PCI_HOST_GENERIC is not set diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config index 5529716c1..ffb98d7ce 100644 --- a/kernel-s390x-rhel.config +++ b/kernel-s390x-rhel.config @@ -4027,7 +4027,7 @@ CONFIG_PCIE_EDR=y # CONFIG_PCI_ENDPOINT is not set # CONFIG_PCI_ENDPOINT_TEST is not set # CONFIG_PCIEPORTBUS is not set -# CONFIG_PCIE_PTM is not set +CONFIG_PCIE_PTM=y # CONFIG_PCIE_XILINX is not set # CONFIG_PCI_FTPCI100 is not set # CONFIG_PCI_HOST_GENERIC is not set diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config index 57aa15903..ae6b8ec16 100644 --- a/kernel-s390x-zfcpdump-rhel.config +++ b/kernel-s390x-zfcpdump-rhel.config @@ -4041,7 +4041,7 @@ CONFIG_PCIE_EDR=y # CONFIG_PCI_ENDPOINT is not set # CONFIG_PCI_ENDPOINT_TEST is not set # CONFIG_PCIEPORTBUS is not set -# CONFIG_PCIE_PTM is not set +CONFIG_PCIE_PTM=y # CONFIG_PCIE_XILINX is not set # CONFIG_PCI_FTPCI100 is not set # CONFIG_PCI_HOST_GENERIC is not set diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index b9dc63e03..7fa67661f 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -4255,7 +4255,7 @@ CONFIG_PCIE_EDR=y # CONFIG_PCI_ENDPOINT is not set # CONFIG_PCI_ENDPOINT_TEST is not set CONFIG_PCIEPORTBUS=y -# CONFIG_PCIE_PTM is not set +CONFIG_PCIE_PTM=y # CONFIG_PCIE_XILINX is not set # CONFIG_PCI_FTPCI100 is not set # CONFIG_PCI_HOST_GENERIC is not set diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index 902f61ee6..baea5710d 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -4234,7 +4234,7 @@ CONFIG_PCIE_EDR=y # CONFIG_PCI_ENDPOINT is not set # CONFIG_PCI_ENDPOINT_TEST is not set CONFIG_PCIEPORTBUS=y -# CONFIG_PCIE_PTM is not set +CONFIG_PCIE_PTM=y # CONFIG_PCIE_XILINX is not set # CONFIG_PCI_FTPCI100 is not set # CONFIG_PCI_HOST_GENERIC is not set diff --git a/kernel.spec b/kernel.spec index a97f0f13f..aab05bb18 100755 --- a/kernel.spec +++ b/kernel.spec @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -126,13 +132,13 @@ Summary: The Linux kernel # define buildid .local %define specversion 6.2.0 %define patchversion 6.2 -%define pkgrelease 0.rc7.20230206gitd2d11f342b17.50 +%define pkgrelease 0.rc7.20230207git05ecb680708a.51 %define kversion 6 -%define tarfile_release 6.2-rc7-2-gd2d11f342b17 +%define tarfile_release 6.2-rc7-11-g05ecb680708a # This is needed to do merge window version magic %define patchlevel 2 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc7.20230206gitd2d11f342b17.50%{?buildid}%{?dist} +%define specrelease 0.rc7.20230207git05ecb680708a.51%{?buildid}%{?dist} # This defines the kabi tarball version %define kabiversion 6.2.0 @@ -699,6 +705,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -826,6 +847,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1331,6 +1354,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ +%endif\ %{nil} # @@ -1400,6 +1430,14 @@ Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. +%if %{efiuki} +%description debug-uki-virt +Prebuilt debug unified kernel image for virtual machines. + +%description uki-virt +Prebuilt default unified kernel image for virtual machines. +%endif + %if %{with_ipaclones} %kernel_ipaclones_package %endif @@ -2181,6 +2219,45 @@ BuildKernel() { touch lib/modules/$KernelVer/modules.builtin fi +%if %{efiuki} + popd + + KernelUnifiedImageDir="$RPM_BUILD_ROOT/lib/modules/$KernelVer" + KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-virt.efi" + + mkdir -p $KernelUnifiedImageDir + + dracut --conf=%{SOURCE86} \ + --confdir=$(mktemp -d) \ + --verbose \ + --kver "$KernelVer" \ + --kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \ + --logfile=$(mktemp) \ + --uefi \ + --kernel-image $(realpath $KernelImage) \ + --kernel-cmdline 'console=tty0 console=ttyS0' \ + $KernelUnifiedImage + +%if %{signkernel} + + %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} + %pesign -s -i $KernelUnifiedImage.tmp -o $KernelUnifiedImage.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1} + rm -f $KernelUnifiedImage.tmp + + if [ ! -s $KernelUnifiedImage.signed ]; then + echo "pesigning failed" + exit 1 + fi + mv $KernelUnifiedImage.signed $KernelUnifiedImage + +# signkernel +%endif + + pushd $RPM_BUILD_ROOT + +# efiuki +%endif + remove_depmod_files # Go back and find all of the various directories in the tree. We use this @@ -2865,12 +2942,14 @@ fi\ # It also defines a %%postun script that does the same thing. # %%kernel_modules_core_post [] # +# FIXME: /bin/kernel-install can't handle UKIs (yet), so cleanup depmod files in %postun for now. +# %define kernel_modules_core_post() \ %{expand:%%posttrans %{?1:%{1}-}modules-core}\ /sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ %{nil}\ %{expand:%%postun %{?1:%{1}-}modules-core}\ -/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ +rm -f /lib/modules/%{KVERREL}%{?1:+%{1}}/modules.*\ %{nil} # This macro defines a %%posttrans script for a kernel package. @@ -2918,6 +2997,20 @@ mkdir -p %{_localstatedir}/lib/rpm-state/%{name}\ touch %{_localstatedir}/lib/rpm-state/%{name}/installing_core_%{KVERREL}%{?-v:+%{-v*}}\ %{nil} +# +# This macro defines scripts for a kernel*-uki-virt package +# +# FIXME: /bin/kernel-install can't handle UKIs (yet), so just cp/rm as temporary stop-gap +# +%define kernel_uki_virt_scripts() \ +%{expand:%%posttrans %{?1:%{1}-}uki-virt}\ +mkdir -p /boot/efi/EFI/Linux\ +cp /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz-virt.efi /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil}\ +%{expand:%%postun %{?1:%{1}-}uki-virt}\ +rm -f /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil} + # # This macro defines a %%preun script for a kernel package. # %%kernel_variant_preun @@ -2931,6 +3024,10 @@ then\ fi\ %{nil} +%if %{efiuki} +%kernel_uki_virt_scripts +%endif + %kernel_variant_preun %kernel_variant_post -r kernel-smp @@ -2940,6 +3037,9 @@ fi\ %endif %if %{with_debug} +%if %{efiuki} +%kernel_uki_virt_scripts debug +%endif %kernel_variant_preun debug %kernel_variant_post -v debug %endif @@ -3182,6 +3282,11 @@ fi %{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\ %endif\ %endif\ +%if %{efiuki}\ +%{expand:%%files %{?3:%{3}-}uki-virt}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ +%ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?3:+%{3}}-virt.efi\ +%endif\ %if %{?3:1} %{!?3:0}\ %{expand:%%files %{3}}\ %endif\ @@ -3220,6 +3325,11 @@ fi # # %changelog +* Tue Feb 07 2023 Fedora Kernel Team [6.2.0-0.rc7.05ecb680708a.51] +- redhat/configs: Enable CONFIG_PCIE_PTM generically (Corinna Vinschen) +- redhat: Add sub-RPM with a EFI unified kernel image for virtual machines (Vitaly Kuznetsov) +- Linux v6.2.0-0.rc7.05ecb680708a + * Mon Feb 06 2023 Fedora Kernel Team [6.2.0-0.rc7.d2d11f342b17.50] - redhat/Makefile: Remove GIT deprecated message (Prarit Bhargava) - Revert "redhat: configs: Disable xtables and ipset" (Phil Sutter) diff --git a/sources b/sources index 89fb15bb7..a19e3d003 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-6.2-rc7-2-gd2d11f342b17.tar.xz) = 9ebbad0b29a891a78ebc6f57bc3ded43ce561063f5a4d0e8e9c0f1f0b349f30626ca04aad2fedd40bcf97a4252393f5e5ede3ff03159771bb1adb4af61d795f5 -SHA512 (kernel-abi-stablelists-6.2.0.tar.bz2) = 50dbc26d8c0b688471b850e9cb8c73d61853988285d0bc3d80a50c5565cc27a44bd72071f53dd7ee4cb1628b268357aacea0d415e14367a834af37f7d322655b -SHA512 (kernel-kabi-dw-6.2.0.tar.bz2) = cbc41c14679af092c6f3d6e8b6702af9d8b8fafe0eba26f1363e77bb990e3fd7c03d6993f1d21d1378b30b8d40b4afe04ba7307b7f1230297236fe72f7e4795a +SHA512 (linux-6.2-rc7-11-g05ecb680708a.tar.xz) = ae569c90f504f2b298c03f9e2d97f0b734f70cd8b14600ed66dd216c2b0831dd29ee0a7d7052399200a65af335aa26414decf68631663d14f0c74f87de755d16 +SHA512 (kernel-abi-stablelists-6.2.0.tar.bz2) = 4e7a677f5225a40792a818b26cf42d72b2e26b99109316f016d3a9905cb08e1bf29bed3cee46805b60d19fc57247c50c9d9997a4d0679c087c2f372411364c73 +SHA512 (kernel-kabi-dw-6.2.0.tar.bz2) = 287e0b8651fa112ebc1a3aa50da9d2bacda6e894427897df6af7608137df49d344f6a9f64a95c1f3e4bde1a4d3f1e4059ee3f2fe58968f79c6d51364980b0ce8