January 2023 - kernel - Fedora Mailing-Lists

Two other build warnings and one output change

by Prarit Bhargava

Hey everyone, I just posted https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2255 to fix three build warnings, as well as some output from pathfix.py. There still are two other build warnings and one set of messages that need to be fixed but require further discussion. 1) https://src.fedoraproject.org/rpms/kernel-srpm-macros/pull-request/6 Hopefully self-explanatory via the link :) but it fixes the "readelf: /tmp/find-provides.ksyms.XXXXXX.ko: Warning: Section '.rodata' was not dumped because it does not exist" errors in the rpm log. 2) The signing code should be moved into it's own script. If you look at a rpm build log [1] you'll find lines like <snip> + shift + shift + [[ 15 -ge 2 ]] + case " ${1} " in + client_cert[0]=-c + client_cert[1]='/CN=Fedora Secure Boot Signer' + shift + shift + [[ 13 -ge 2 ]] + case " ${1} " in + cert[0]=-c + cert[1]='Red Hat Test Certificate' + shift <snip> from the signing code. While the execution of this code is interesting, I'm not sure it should be verbose in every log. I propose to push this code into it's own separate script to keep the log a bit cleaner. If users do need to debug this code they can add an -xv to the bash header and run through koji that way. 3) The kernel-devel absolute symlink The log contains this error: absolute symlink: /lib/modules/6.2.0-0.rc4.7287904c8771.33.test.fc36.x86_64/build -> /usr/src/kernels/6.2.0-0.rc4.7287904c8771.33.test.fc36.x86_64 From the kernel.spec.template:2235 # This is going to create a broken link during the build, but we don't use # it after this point. We need the link to actually point to something # when kernel-devel is installed, and a relative link doesn't work across # the F17 UsrMove feature. ln -sf $DevelDir $RPM_BUILD_ROOT/lib/modules/$KernelVer/build I understand why this link exists, however, I wonder if the link should be created in the pre-install section of either the kernel-core rpm or the kernel-devel rpm instead (and of course, clean it up in the pre-uninstall sections)? AFAICT that would work and would give us a cleaner rpm build. P.

4 months, 2 weeks

1
0
0 / 0

[OS-BUILD PATCHv4] redhat/kernel.spec.template: Parallelize compression

by Prarit Bhargava (via Email Bridge)

From: Prarit Bhargava <prarit(a)redhat.com> redhat/kernel.spec.template: Parallelize compression This line in the kernel.spec file: find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -P${RPM_BUILD_NCPUS} -r xz; implies that ${RPM_BUILD_NCPUS} xz instances are run. This is not true, and this line actually applies ${RPM_BUILD_NCPUS} to a single instance of xz. This means that the compression has been done one module at a time (ie, in serial) rather than in parallel as is implied by the code. Use xz's -n option to assign one cpu per process and parallelize the compression. Suggested-by: "Herton R. Krzesinski" <herton(a)redhat.com> Signed-off-by: Prarit Bhargava <prarit(a)redhat.com> diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -2472,7 +2472,8 @@ find Documentation -type d | xargs chmod u+w fi \ fi \ if [ "%{zipmodules}" -eq "1" ]; then \ - find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -P${RPM_BUILD_NCPUS} -r xz; \ + echo "Compressing kernel modules ..." \ + find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -n 1 -P${RPM_BUILD_NCPUS} -r xz; \ fi \ %{nil} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2254

4 months, 2 weeks

2
1
0 / 0

[OS-BUILD PATCHv3] redhat/kernel.spec.template: Parallelize compression

by Prarit Bhargava (via Email Bridge)

From: Prarit Bhargava <prarit(a)redhat.com> redhat/kernel.spec.template: Parallelize compression This line in the kernel.spec file: find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -P${RPM_BUILD_NCPUS} -r xz; implies that ${RPM_BUILD_NCPUS} xz instances are run. This is not true, and this line actually applies ${RPM_BUILD_NCPUS} to a single instance of xz. This means that the compression has been done one module at a time (ie, in serial) rather than in parallel as is implied by the code. Use xz's -n option to assign one cpu per process and parallelize the compression. Suggested-by: "Herton R. Krzesinski" <herton(a)redhat.com> Signed-off-by: Prarit Bhargava <prarit(a)redhat.com> diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -2472,7 +2472,8 @@ find Documentation -type d | xargs chmod u+w fi \ fi \ if [ "%{zipmodules}" -eq "1" ]; then \ - find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -P${RPM_BUILD_NCPUS} -r xz; \ + echo "Compressing kernel modules ..." + find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -n 1 -P${RPM_BUILD_NCPUS} -r xz; \ fi \ %{nil} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2254

4 months, 2 weeks

1
0
0 / 0

[OS-BUILD PATCHv2] redhat/kernel.spec.template: Parallelize compression

by Prarit Bhargava (via Email Bridge)

From: Prarit Bhargava <prarit(a)redhat.com> redhat/kernel.spec.template: Parallelize compression This line in the kernel.spec file: find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -P${RPM_BUILD_NCPUS} -r xz; implies that ${RPM_BUILD_NCPUS} xz instances are run. This is not true, and this line actually applies ${RPM_BUILD_NCPUS} to a single instance of xz. This means that the compression has been done one module at a time (ie, in serial) rather than in parallel as is implied by the code. Use xz's -n option to assign one cpu per process and parallelize the compression. Suggested-by: "Herton R. Krzesinski" <herton(a)redhat.com> Signed-off-by: Prarit Bhargava <prarit(a)redhat.com> diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -2472,7 +2472,7 @@ find Documentation -type d | xargs chmod u+w fi \ fi \ if [ "%{zipmodules}" -eq "1" ]; then \ - find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -P${RPM_BUILD_NCPUS} -r xz; \ + find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -n 1 -P${RPM_BUILD_NCPUS} -r xz; \ fi \ %{nil} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2254

4 months, 2 weeks

1
1
0 / 0

[OS-BUILD PATCH] redhat/kernel.spec.template: Parallelize compression

by Prarit Bhargava (via Email Bridge)

From: Prarit Bhargava <prarit(a)redhat.com> redhat/kernel.spec.template: Parallelize compression This line in the kernel.spec file: find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -P${RPM_BUILD_NCPUS} -r xz; implies that ${RPM_BUILD_NCPUS} xz instances are run. This is not true, and this line actually applies ${RPM_BUILD_NCPUS} to a single instance of xz. This means that the compression has been done one module at a time (ie, in serial) rather than in parallel as is implied by the code. Rewrite this code into a script and make the execution truly parallel. Signed-off-by: Prarit Bhargava <prarit(a)redhat.com> diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -632,6 +632,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check scripts/mod/mod-internal.list \ scripts/mod/mod-partner.list \ scripts/mod/mod-sign.sh \ + scripts/mod/mod-compress.sh \ configs/flavors \ configs/generate_all_configs.sh \ configs/merge.pl \ diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -767,6 +767,8 @@ Source21: mod-sign.sh %define modsign_cmd %{SOURCE21} +Source22: mod-compress.sh + %if 0%{?include_rhel} Source23: x509.genkey.rhel @@ -2472,7 +2474,8 @@ find Documentation -type d | xargs chmod u+w fi \ fi \ if [ "%{zipmodules}" -eq "1" ]; then \ - find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -P${RPM_BUILD_NCPUS} -r xz; \ + echo "Compressing modules ..." \ + %{SOURCE22} "$RPM_BUILD_ROOT/lib/modules/" "${RPM_BUILD_NCPUS}" \ fi \ %{nil} diff --git a/redhat/scripts/mod/mod-compress.sh b/redhat/scripts/mod/mod-compress.sh new file mode 100755 index blahblah..blahblah 100755 --- /dev/null +++ b/redhat/scripts/mod/mod-compress.sh @@ -0,0 +1,22 @@ +#!/usr/bin/bash + +BUILD_DIR=$1 +NCPUS=$2 + +if [ ! -e "$BUILD_DIR" ]; then + echo "Could not find $BUILD_DIR" + exit 1 +fi + +modcount=0 +for module in $(find "$BUILD_DIR" -name *.ko) +do + xz $module & + waitpids[${modcount}]=$! + modcount=$(expr $modcount + 1) + while [ "$(jobs | grep -c Running)" -ge "$NCPUS" ]; do :; done +done + +for pid in ${waitpids[*]}; do + wait ${pid} +done -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2254

4 months, 2 weeks

2
1
0 / 0

[OS-BUILD PATCHv4] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines

by Vitaly Kuznetsov (via Email Bridge)

From: Vitaly Kuznetsov <vkuznets(a)redhat.com> redhat: Add sub-RPM with a EFI unified kernel image for virtual machines The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://uapi-group.org/specifications/specs/boot_loader_specification/ The key benefit of a unified kernel is that its secure boot signature covers the initrd and cmdline contents, allowing a trustworthy measured boot process with attestation, which is not practical with locally generated initrds/cmdlines. Since the initrd is pre-generated its contents have to be very generic, to be usable on a wide variety of deployments. To make this problem tractable, the sub-RPM targets only usage in virtual machines. With such a restriction, the initrd only needs a very small set of block driver modules present, in order to be usable across KVM, Hyper-V and Xen hypervisors which will cover essentially all common public and private clouds. Similarly the kernel cmdline cannot contain any host specific data, which means the root filesystem to mount needs to be able to be automatically detected. A virtual machine image intending to use this unified kernel package thus needs to comply with the discoverable partitions specification: https://uapi-group.org/specifications/specs/discoverable_partitions_speci... Based-on-patch-by: Daniel P. Berrangé <berrange(a)redhat.com> Based-on-patch-by: Gerd Hoffmann <kraxel(a)redhat.com> Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check ../Makefile.rhelver \ README.rst \ kernel-local \ + dracut-virt.conf \ $(SOURCES)/ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \ diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront " # xen + +# drivers: storage +drivers+=" ahci nvme scsi-hd scsi-cd " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront " # xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -699,6 +705,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -826,6 +847,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1331,6 +1354,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ +%endif\ %{nil} # @@ -1400,6 +1430,14 @@ Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. +%if %{efiuki} +%description debug-uki-virt +Prebuilt debug unified kernel image for virtual machines. + +%description uki-virt +Prebuilt default unified kernel image for virtual machines. +%endif + %if %{with_ipaclones} %kernel_ipaclones_package %endif @@ -2180,6 +2218,45 @@ BuildKernel() { touch lib/modules/$KernelVer/modules.builtin fi +%if %{efiuki} + popd + + KernelUnifiedImageDir="$RPM_BUILD_ROOT/lib/modules/$KernelVer" + KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-virt.efi" + + mkdir -p $KernelUnifiedImageDir + + dracut --conf=%{SOURCE86} \ + --confdir=$(mktemp -d) \ + --verbose \ + --kver "$KernelVer" \ + --kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \ + --logfile=$(mktemp) \ + --uefi \ + --kernel-image $(realpath $KernelImage) \ + --kernel-cmdline 'console=tty0 console=ttyS0' \ + $KernelUnifiedImage + +%if %{signkernel} + + %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} + %pesign -s -i $KernelUnifiedImage.tmp -o $KernelUnifiedImage.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1} + rm -f $KernelUnifiedImage.tmp + + if [ ! -s $KernelUnifiedImage.signed ]; then + echo "pesigning failed" + exit 1 + fi + mv $KernelUnifiedImage.signed $KernelUnifiedImage + +# signkernel +%endif + + pushd $RPM_BUILD_ROOT + +# efiuki +%endif + remove_depmod_files # Go back and find all of the various directories in the tree. We use this @@ -2873,12 +2950,14 @@ fi\ # It also defines a %%postun script that does the same thing. # %%kernel_modules_core_post [<subpackage>] # +# FIXME: /bin/kernel-install can't handle UKIs (yet), so cleanup depmod files in %postun for now. +# %define kernel_modules_core_post() \ %{expand:%%posttrans %{?1:%{1}-}modules-core}\ /sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ %{nil}\ %{expand:%%postun %{?1:%{1}-}modules-core}\ -/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ +rm -f /lib/modules/%{KVERREL}%{?1:+%{1}}/modules.*\ %{nil} # This macro defines a %%posttrans script for a kernel package. @@ -2926,6 +3005,20 @@ mkdir -p %{_localstatedir}/lib/rpm-state/%{name}\ touch %{_localstatedir}/lib/rpm-state/%{name}/installing_core_%{KVERREL}%{?-v:+%{-v*}}\ %{nil} +# +# This macro defines scripts for a kernel*-uki-virt package +# +# FIXME: /bin/kernel-install can't handle UKIs (yet), so just cp/rm as temporary stop-gap +# +%define kernel_uki_virt_scripts() \ +%{expand:%%posttrans %{?1:%{1}-}uki-virt}\ +mkdir -p /boot/efi/EFI/Linux\ +cp /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz-virt.efi /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil}\ +%{expand:%%postun %{?1:%{1}-}uki-virt}\ +rm -f /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil} + # # This macro defines a %%preun script for a kernel package. # %%kernel_variant_preun <subpackage> @@ -2939,6 +3032,10 @@ then\ fi\ %{nil} +%if %{efiuki} +%kernel_uki_virt_scripts +%endif + %kernel_variant_preun %kernel_variant_post -r kernel-smp @@ -2948,6 +3045,9 @@ fi\ %endif %if %{with_debug} +%if %{efiuki} +%kernel_uki_virt_scripts debug +%endif %kernel_variant_preun debug %kernel_variant_post -v debug %endif @@ -3188,6 +3288,11 @@ fi %{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\ %endif\ %endif\ +%if %{efiuki}\ +%{expand:%%files %{?3:%{3}-}uki-virt}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ +%ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?3:+%{3}}-virt.efi\ +%endif\ %if %{?3:1} %{!?3:0}\ %{expand:%%files %{3}}\ %endif\ -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175

4 months, 2 weeks

1
0
0 / 0

[OS-BUILD PATCH] RHMAINTAINERS: Update for Jan 20 2023

by Prarit Bhargava (via Email Bridge)

From: Prarit Bhargava <prarit(a)redhat.com> RHMAINTAINERS: Update for Jan 20 2023 Update RHMAINTAINERS to latest. Signed-off-by: Prarit Bhargava <prarit(a)redhat.com> diff --git a/redhat/rhdocs/MAINTAINERS/RHMAINTAINERS b/redhat/rhdocs/MAINTAINERS/RHMAINTAINERS index blahblah..blahblah 100644 --- a/redhat/rhdocs/MAINTAINERS/RHMAINTAINERS +++ b/redhat/rhdocs/MAINTAINERS/RHMAINTAINERS @@ -538,7 +538,7 @@ F: block/ F: drivers/block/ BLUETOOTH SUBSYSTEM -M: Gopal Tiwari <gtiwari(a)redhat.com> +M: David Marlin <dmarlin(a)redhat.com> S: Supported F: drivers/bluetooth/ F: include/net/bluetooth/ @@ -671,6 +671,7 @@ F: drivers/misc/ F: include/linux/miscdevice.h CIFS FILESYSTEM +M: Ronnie Sahlberg <lsahlber(a)redhat.com> S: Supported F: fs/cifs/ @@ -765,6 +766,8 @@ CRYPTO API M: Herbert Xu <herbert.xu(a)redhat.com> M: "David S. Miller" <davem(a)redhat.com> M: Vladis Dronov <vdronov(a)redhat.com> +M: Clemens Lang <cllang(a)redhat.com> +M: Simo Sorce <simo(a)redhat.com> R: Ondrej Mosnacek <omosnace(a)redhat.com> R: Phil Auld <pauld(a)redhat.com> S: Supported @@ -1161,7 +1164,6 @@ F: Documentation/ABI/stable/sysfs-bus-vmbus F: Documentation/ABI/testing/debugfs-hyperv I2C SUBSYSTEM -M: Gopal Tiwari <gtiwari(a)redhat.com> M: David Arcari <darcari(a)redhat.com> R: Tony Camuso <tcamuso(a)redhat.com> S: Supported @@ -1404,6 +1406,7 @@ M: Paolo Bonzini <pbonzini(a)redhat.com> M: Bandan Das <bsd(a)redhat.com> M: Vitaly Kuznetsov <vkuznets(a)redhat.com> S: Supported +F: drivers/virt/tdx F: Documentation/virt/kvm/ F: include/trace/events/kvm.h F: include/uapi/asm-generic/kvm* @@ -1538,6 +1541,7 @@ F: arch/x86/include/asm/livepatch.h F: arch/x86/kernel/livepatch.c F: include/linux/livepatch.h F: kernel/livepatch/ +F: kernel/module/livepatch.c F: lib/livepatch/ F: samples/livepatch/ F: tools/objtool/ @@ -1669,12 +1673,6 @@ M: Prarit Bhargava <prarit(a)redhat.com> S: Supported F: drivers/mfd/ -MICRON PCIe SSD DRIVER (mtip32xx) -M: Gopal Tiwari <gtiwari(a)redhat.com> -S: Supported -F: drivers/block/mtip32xx/mtip32xx.c -F: drivers/block/mtip32xx/mtip32xx.h - MICROSEMI SMART ARRAY SMARTPQI DRIVER (smartpqi) M: Don Brace <dbrace(a)redhat.com> M: Tomas Henzl <thenzl(a)redhat.com> @@ -2426,6 +2424,7 @@ R: Luis Claudio Goncalves <lgoncalv(a)redhat.com> R: Nico Pache <npache(a)redhat.com> R: Oleg Nesterov <onestero(a)redhat.com> R: Valentin Schneider <vschneid(a)redhat.com> +R: John B. Wyatt IV <jwyatt(a)redhat.com> S: Supported F: kernel/sched/ F: include/linux/sched/ @@ -2712,6 +2711,7 @@ F: usr/ VFIO DRIVER M: Alex Williamson <alex.williamson(a)redhat.com> M: Eric Auger <eric.auger(a)redhat.com> +M: Cédric Le Goater <clg(a)redhat.com> L: rhvirt-patches(a)redhat.com S: Supported F: Documentation/vfio.txt @@ -2722,6 +2722,7 @@ F: include/uapi/linux/vfio.h VFIO MEDIATED DEVICE DRIVERS M: Alex Williamson <alex.williamson(a)redhat.com> M: Eric Auger <eric.auger(a)redhat.com> +M: Cédric Le Goater <clg(a)redhat.com> L: rhvirt-patches(a)redhat.com S: Supported F: Documentation/vfio-mediated-device.txt -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2252

4 months, 2 weeks

1
0
0 / 0

[OS-BUILD PATCHv3] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines

by Vitaly Kuznetsov (via Email Bridge)

From: Vitaly Kuznetsov <vkuznets(a)redhat.com> redhat: Add sub-RPM with a EFI unified kernel image for virtual machines The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://uapi-group.org/specifications/specs/boot_loader_specification/ The key benefit of a unified kernel is that its secure boot signature covers the initrd and cmdline contents, allowing a trustworthy measured boot process with attestation, which is not practical with locally generated initrds/cmdlines. Since the initrd is pre-generated its contents have to be very generic, to be usable on a wide variety of deployments. To make this problem tractable, the sub-RPM targets only usage in virtual machines. With such a restriction, the initrd only needs a very small set of block driver modules present, in order to be usable across KVM, Hyper-V and Xen hypervisors which will cover essentially all common public and private clouds. Similarly the kernel cmdline cannot contain any host specific data, which means the root filesystem to mount needs to be able to be automatically detected. A virtual machine image intending to use this unified kernel package thus needs to comply with the discoverable partitions specification: https://uapi-group.org/specifications/specs/discoverable_partitions_speci... Based-on-patch-by: Daniel P. Berrangé <berrange(a)redhat.com> Based-on-patch-by: Gerd Hoffmann <kraxel(a)redhat.com> Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check ../Makefile.rhelver \ README.rst \ kernel-local \ + dracut-virt.conf \ $(SOURCES)/ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \ diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront " # xen + +# drivers: storage +drivers+=" ahci nvme scsi-hd scsi-cd " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront " # xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -699,6 +705,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -826,6 +847,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1331,6 +1354,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ +%endif\ %{nil} # @@ -1400,6 +1430,14 @@ Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. +%if %{efiuki} +%description debug-uki-virt +Prebuilt debug unified kernel image for virtual machines. + +%description uki-virt +Prebuilt default unified kernel image for virtual machines. +%endif + %if %{with_ipaclones} %kernel_ipaclones_package %endif @@ -2180,6 +2218,45 @@ BuildKernel() { touch lib/modules/$KernelVer/modules.builtin fi +%if %{efiuki} + popd + + KernelUnifiedImageDir="$RPM_BUILD_ROOT/lib/modules/$KernelVer" + KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-virt.efi" + + mkdir -p $KernelUnifiedImageDir + + dracut --conf=%{SOURCE86} \ + --confdir=$(mktemp -d) \ + --verbose \ + --kver "$KernelVer" \ + --kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \ + --logfile=$(mktemp) \ + --uefi \ + --kernel-image $(realpath $KernelImage) \ + --kernel-cmdline 'console=tty0 console=ttyS0' \ + $KernelUnifiedImage + +%if %{signkernel} + + %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} + %pesign -s -i $KernelUnifiedImage.tmp -o $KernelUnifiedImage.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1} + rm -f $KernelUnifiedImage.tmp + + if [ ! -s $KernelUnifiedImage.signed ]; then + echo "pesigning failed" + exit 1 + fi + mv $KernelUnifiedImage.signed $KernelUnifiedImage + +# signkernel +%endif + + pushd $RPM_BUILD_ROOT + +# efiuki +%endif + remove_depmod_files # Go back and find all of the various directories in the tree. We use this @@ -2873,12 +2950,14 @@ fi\ # It also defines a %%postun script that does the same thing. # %%kernel_modules_core_post [<subpackage>] # +# FIXME: /bin/kernel-install can't handle UKIs (yet), so cleanup depmod files in %postun for now. +# %define kernel_modules_core_post() \ %{expand:%%posttrans %{?1:%{1}-}modules-core}\ /sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ %{nil}\ %{expand:%%postun %{?1:%{1}-}modules-core}\ -/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ +rm -f /lib/modules/%{KVERREL}%{?1:+%{1}}/modules.*\ %{nil} # This macro defines a %%posttrans script for a kernel package. @@ -2926,6 +3005,20 @@ mkdir -p %{_localstatedir}/lib/rpm-state/%{name}\ touch %{_localstatedir}/lib/rpm-state/%{name}/installing_core_%{KVERREL}%{?-v:+%{-v*}}\ %{nil} +# +# This macro defines scripts for a kernel*-uki-virt package +# +# FIXME: /bin/kernel-install can't handle UKIs (yet), so just cp/rm as temporary stop-gap +# +%define kernel_uki_virt_scripts() \ +%{expand:%%posttrans %{?1:%{1}-}uki-virt}\ +mkdir -p /boot/efi/EFI/Linux\ +cp /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz-virt.efi /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil}\ +%{expand:%%postun %{?1:%{1}-}uki-virt}\ +rm -f /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil} + # # This macro defines a %%preun script for a kernel package. # %%kernel_variant_preun <subpackage> @@ -2939,6 +3032,10 @@ then\ fi\ %{nil} +%if %{efiuki} +%kernel_uki_virt_scripts +%endif + %kernel_variant_preun %kernel_variant_post -r kernel-smp @@ -2948,6 +3045,9 @@ fi\ %endif %if %{with_debug} +%if %{efiuki} +%kernel_uki_virt_scripts debug +%endif %kernel_variant_preun debug %kernel_variant_post -v debug %endif @@ -3188,6 +3288,11 @@ fi %{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\ %endif\ %endif\ +%if %{efiuki}\ +%{expand:%%files %{?3:%{3}-}uki-virt}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ +%ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?3:+%{3}}-virt.efi\ +%endif\ %if %{?3:1} %{!?3:0}\ %{expand:%%files %{3}}\ %endif\ -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175

4 months, 2 weeks

2
3
0 / 0

[OS-BUILD PATCHv2] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines

by Vitaly Kuznetsov (via Email Bridge)

From: Vitaly Kuznetsov <vkuznets(a)redhat.com> redhat: Add sub-RPM with a EFI unified kernel image for virtual machines The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://uapi-group.org/specifications/specs/boot_loader_specification/ The key benefit of a unified kernel is that its secure boot signature covers the initrd and cmdline contents, allowing a trustworthy measured boot process with attestation, which is not practical with locally generated initrds/cmdlines. Since the initrd is pre-generated its contents have to be very generic, to be usable on a wide variety of deployments. To make this problem tractable, the sub-RPM targets only usage in virtual machines. With such a restriction, the initrd only needs a very small set of block driver modules present, in order to be usable across KVM, Hyper-V and Xen hypervisors which will cover essentially all common public and private clouds. Similarly the kernel cmdline cannot contain any host specific data, which means the root filesystem to mount needs to be able to be automatically detected. A virtual machine image intending to use this unified kernel package thus needs to comply with the discoverable partitions specification: https://uapi-group.org/specifications/specs/discoverable_partitions_speci... Based-on-patch-by: Daniel P. Berrangé <berrange(a)redhat.com> Based-on-patch-by: Gerd Hoffmann <kraxel(a)redhat.com> Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check ../Makefile.rhelver \ README.rst \ kernel-local \ + dracut-virt.conf \ $(SOURCES)/ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \ diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront " # xen + +# drivers: storage +drivers+=" ahci nvme scsi-hd scsi-cd " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront " # xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -699,6 +705,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -826,6 +847,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1331,6 +1354,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ +%endif\ %{nil} # @@ -1400,6 +1430,14 @@ Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. +%if %{efiuki} +%description debug-uki-virt +Prebuilt debug unified kernel image for virtual machines. + +%description uki-virt +Prebuilt default unified kernel image for virtual machines. +%endif + %if %{with_ipaclones} %kernel_ipaclones_package %endif @@ -2180,6 +2218,45 @@ BuildKernel() { touch lib/modules/$KernelVer/modules.builtin fi +%if %{efiuki} + popd + + KernelUnifiedImageDir="$RPM_BUILD_ROOT/lib/modules/$KernelVer" + KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-virt.efi" + + mkdir -p $KernelUnifiedImageDir + + dracut --conf=%{SOURCE86} \ + --confdir=$(mktemp -d) \ + --verbose \ + --kver "$KernelVer" \ + --kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \ + --logfile=$(mktemp) \ + --uefi \ + --kernel-image $(realpath $KernelImage) \ + --kernel-cmdline 'console=tty0 console=ttyS0' \ + $KernelUnifiedImage + +%if %{signkernel} + + %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} + %pesign -s -i $KernelUnifiedImage.tmp -o $KernelUnifiedImage.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1} + rm -f $KernelUnifiedImage.tmp + + if [ ! -s $KernelUnifiedImage.signed ]; then + echo "pesigning failed" + exit 1 + fi + mv $KernelUnifiedImage.signed $KernelUnifiedImage + +# signkernel +%endif + + pushd $RPM_BUILD_ROOT + +# efiuki +%endif + remove_depmod_files # Go back and find all of the various directories in the tree. We use this @@ -2873,12 +2950,14 @@ fi\ # It also defines a %%postun script that does the same thing. # %%kernel_modules_core_post [<subpackage>] # +# FIXME: /bin/kernel-install can't handle UKIs (yet), so cleanup depmod files in %postun for now. +# %define kernel_modules_core_post() \ %{expand:%%posttrans %{?1:%{1}-}modules-core}\ /sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ %{nil}\ %{expand:%%postun %{?1:%{1}-}modules-core}\ -/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ +rm -f /lib/modules/%{KVERREL}%{?1:+%{1}}/modules.*\ %{nil} # This macro defines a %%posttrans script for a kernel package. @@ -2926,6 +3005,20 @@ mkdir -p %{_localstatedir}/lib/rpm-state/%{name}\ touch %{_localstatedir}/lib/rpm-state/%{name}/installing_core_%{KVERREL}%{?-v:+%{-v*}}\ %{nil} +# +# This macro defines scripts for a kernel*-uki-virt package +# +# FIXME: /bin/kernel-install can't handle UKIs (yet), so just cp/rm as temporary stop-gap +# +%define kernel_uki_virt_scripts() \ +%{expand:%%posttrans %{?1:%{1}-}uki-virt}\ +mkdir -p /boot/efi/EFI/Linux\ +cp /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz-virt.efi /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil}\ +%{expand:%%postun %{?1:%{1}-}uki-virt}\ +rm -f /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil} + # # This macro defines a %%preun script for a kernel package. # %%kernel_variant_preun <subpackage> @@ -2939,6 +3032,10 @@ then\ fi\ %{nil} +%if %{efiuki} +%kernel_uki_virt_scripts +%endif + %kernel_variant_preun %kernel_variant_post -r kernel-smp @@ -2948,6 +3045,9 @@ fi\ %endif %if %{with_debug} +%if %{efiuki} +%kernel_uki_virt_scripts debug +%endif %kernel_variant_preun debug %kernel_variant_post -v debug %endif @@ -3188,6 +3288,11 @@ fi %{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\ %endif\ %endif\ +%if %{efiuki}\ +%{expand:%%files %{?3:%{3}-}uki-virt}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ +%ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?3:+%{3}}-virt.efi\ +%endif\ %if %{?3:1} %{!?3:0}\ %{expand:%%files %{3}}\ %endif\ -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175

4 months, 3 weeks

3
4
0 / 0

[OS-BUILD PATCH] Enable TDX Guest driver

by Vitaly Kuznetsov (via Email Bridge)

From: Vitaly Kuznetsov <vkuznets(a)redhat.com> Enable TDX Guest driver Enable guest driver (attestation) for Intel TDX. Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> diff --git a/redhat/configs/common/generic/CONFIG_TDX_GUEST_DRIVER b/redhat/configs/common/generic/CONFIG_TDX_GUEST_DRIVER new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/CONFIG_TDX_GUEST_DRIVER @@ -0,0 +1 @@ +CONFIG_TDX_GUEST_DRIVER=m diff --git a/redhat/configs/pending-ark/generic/CONFIG_TDX_GUEST_DRIVER b/redhat/configs/pending-ark/generic/CONFIG_TDX_GUEST_DRIVER deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/pending-ark/generic/CONFIG_TDX_GUEST_DRIVER +++ /dev/null @@ -1,13 +0,0 @@ -# Symbol: TDX_GUEST_DRIVER [=n] -# Type : tristate -# Defined at drivers/virt/coco/tdx-guest/Kconfig:1 -# Prompt: TDX Guest driver -# Depends on: VIRT_DRIVERS [=y] && INTEL_TDX_GUEST [=y] -# Location: -# -> Device Drivers -# -> Virtualization drivers (VIRT_DRIVERS [=y]) -# -> TDX Guest driver (TDX_GUEST_DRIVER [=n]) -# -# -# -# CONFIG_TDX_GUEST_DRIVER is not set diff --git a/redhat/configs/pending-fedora/generic/CONFIG_TDX_GUEST_DRIVER b/redhat/configs/pending-fedora/generic/CONFIG_TDX_GUEST_DRIVER deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/pending-fedora/generic/CONFIG_TDX_GUEST_DRIVER +++ /dev/null @@ -1,13 +0,0 @@ -# Symbol: TDX_GUEST_DRIVER [=n] -# Type : tristate -# Defined at drivers/virt/coco/tdx-guest/Kconfig:1 -# Prompt: TDX Guest driver -# Depends on: VIRT_DRIVERS [=y] && INTEL_TDX_GUEST [=y] -# Location: -# -> Device Drivers -# -> Virtualization drivers (VIRT_DRIVERS [=y]) -# -> TDX Guest driver (TDX_GUEST_DRIVER [=n]) -# -# -# -# CONFIG_TDX_GUEST_DRIVER is not set -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2250

4 months, 3 weeks

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

kernel January 2023