* Add i.MX8mq-evk board support
Modify the kernel configs to include the needed drivers as well as voltage regulators.
Add the dtb to the kernel spec as a subpackage by arch type
Update the kernel files to match spec version number
- Update kernel-headers, kernel, kernel-hyperv, and hyperv-daemons specs to use 5.4.83
- Refresh version numbers for kernel-signed- specs
- Update toolchain to use 5.4.83 source when building kernel headers
- Address CVE-2020-14351, CVE-2020-14381, CVE-2020-25656, CVE-2020-25704,
CVE-2020-29534, CVE-2020-29660, CVE-2020-29661
- Update cgmanifest's download URLs to point to 5.4.83 source location
* Enable arm64 hyperv and SoCs support for CBL-Mariner
* Update kernel config for Arm64 arch
* Update kernel configs for arm64 arch
* Enable arm64 hyperv and SoCs support for CBL-Mariner
Co-authored-by: schalam <schalam@microsoft.com>
Update kernel source to 5.4.72. New kernel source contains fixes for many kernel CVEs flagged by our tooling so address the CVEs. As part of this update, also add the kernel COPYING file to the packages missing the license file.
* Add IMA feature to the kernel, add config for it
- Add IMA measurement configs to the x86_64, and aarch64 kernel configs (IMA_APPRAISE currently disabled).
- Add KernelCommandLine config field to control IMA, and allow additional configs to be passed.
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
Co-authored-by: Christopher Co <christopher.co@microsoft.com>
* Add kernel config checks
Automatically check if the kernel configs have any inconsistencies
during the SPEC build for both kernel and kernel-hyperv
* Address feedback
* kernel-signed-x64: Add missing requires
The %post step fails because /sbin/depmod is not present. depmod
is supplied by the kmod package.
This error manifested as a hyper-v boot hang where the image is
stuck infinitely waiting for the rootfs to mount. Since depmod was
never run during kernel installation, the module database is stale. Then when the initramfs regeneration occurs, certain modules (i.e. hv_storvsc)
are not available for dracut to include into the initrd.
Bump release number
* kernel-signed-aarch64: Add missing requires
The %post step fails because /sbin/depmod is not present. depmod
is supplied by the kmod package.
This error manifested as a hyper-v boot hang where the image is
stuck infinitely waiting for the rootfs to mount. Since depmod was
never run during kernel installation, the module database is stale. Then when the initramfs regeneration occurs, certain modules (i.e. hv_storvsc)
are not available for dracut to include into the initrd.
Bump release number
* kernel: Bump release
* kernel: clean up lingering invalid aarch64 configs
* kernel: Fix bogus date rpmlint message
As part of enabling the UEFI Secure Boot chain, the kernel binary must
be signed with our distro key.
At the moment, the signing infrastructure isn't quite ready to perform
inline signing during package build. So to work around this, we
introduced the kernel-signed-<arch> packages. The purpose of these
packages is to supply a way for signed versions of the kernel binary
and the associated kernel modules to land on the end-user's
filesystem.
As part of enabling UEFI Secure Boot, the grub2 EFI binary must be
signed with our distro key.
At the moment, the signing infrastructure isn't quite ready to perform
inline signing during package build. So to work around this, we
introduced the grub2-efi-binary-signed-<arch> packages. The purpose
of these packages is to supply a way for signed versions of the
grub efi binary to land on the end-user's filesystem.
Daniel McIlvaney