Two Kconfig symbols were part of upstream v5.3-rc1 but didn't make it
into v5.3 (for reasons I couldn't be bothered to unearth): PREEMPT_LL
and SOUNDWIRE_BUS. Remove them from our configuration generation system
too.
Commit 3e636fe3a6 ("Remove patch for GCC VTA") forgot to clean up the
configs/ directory. Do so now.
Commit e21e52b608 ("Linux v5.3-13236-g97f9a3c4eee5") forgot to remove
CONFIG_LOCK_DOWN_KERNEL and CONFIG_LOCK_DOWN_KERNEL_FORCE from the
configs/ directory. Do so now.
Commit 5c0d4daff4 ("Remove crash driver") forgot to clean up the
configs/ directory. Do so now.
There are 22 Kconfig symbols referenced in the files used for
configuration generation and in the shipped .config files that were
dropped in upstream v5.4-rc1. The references to these symbols can be
safely removed.
These symbols are:
CONFIG_ARM_QCOM_CPUFREQ_KRYO
CONFIG_CRYPTO_AEGIS128L
CONFIG_CRYPTO_AEGIS128L_AESNI_SSE2
CONFIG_CRYPTO_AEGIS256
CONFIG_CRYPTO_AEGIS256_AESNI_SSE2
CONFIG_CRYPTO_AES_586
CONFIG_CRYPTO_AES_X86_64
CONFIG_CRYPTO_MORUS1280
CONFIG_CRYPTO_MORUS1280_AVX2
CONFIG_CRYPTO_MORUS1280_SSE2
CONFIG_CRYPTO_MORUS640
CONFIG_CRYPTO_MORUS640_SSE2
CONFIG_DRM_TINYDRM
CONFIG_HISI_KIRIN_DW_DSI
CONFIG_I2C_BCM2048
CONFIG_KEXEC_VERIFY_SIG
CONFIG_MFD_CROS_EC_CHARDEV
CONFIG_MTD_M25P80
CONFIG_SENSORS_ADS1015
CONFIG_SERIAL_8250_MOXA
CONFIG_SGI_IOC4
CONFIG_TINYDRM_MIPI_DBI
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
The driver is needed for testing purposes, enable it on the architectures
where EFI is supported. Also, disallow access to the registered device if
the kernel is locked down.
Fedora has been carrying this patch for a very long time as
a workaround for MacBook Airs1,1. We've also gotten smarter
about detection (see d79e141c1c6e ("Input: i8042 - Trust
firmware a bit more when probing on X86")) so let's try
dropping this.
[ -n ] doesn't work on unquoted variables. The variable either needs to
get quoted or use [[ ]]. Without this the script always defines buildid.
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Upstream finally merged the lockdown patches, adjust the SysRq patch to
work with the upstreamed version.
Signed-off-by: Jeremy Cline <jcline@redhat.com>
This is a first pass at getting the secureboot patches working with the
upstream lockdown patches that got merged. The final patch from our
lockdown set is the sysrq patch which also needs work. For the present
it is not applied.