[d-kernel] [PATCH std-def] config: Update some config options
Nikolai Kostrigin
nickel на basealt.ru
Ср Май 11 12:20:54 MSK 2022
Здравствуйте!
07.05.2022 21:40, Vitaly Chikunov пишет:
> Based on suggestions from Alexey V. Vissarionov <gremlin на altlinux.org>,
> but not completely following them. All mistakes are mine.
>
> - Mostly - add new hardware support.
> - Disable some legacy stuff.
> - Turn off SHA1 by default.
> - Set panic=60 by default.
>
> Signed-off-by: Vitaly Chikunov <vt на altlinux.org>
> ---
> config | 115 ++++++++++++++++++++++++++++-----------------------------
> 1 file changed, 57 insertions(+), 58 deletions(-)
>
[...]
> -CONFIG_PANIC_TIMEOUT=0
> +CONFIG_PANIC_TIMEOUT=60
> CONFIG_LOCKUP_DETECTOR=y
> CONFIG_SOFTLOCKUP_DETECTOR=y
> # CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set
Хотелось бы еще внести предложение изменить во всех ядрах (un-def, std-def)
diff --git a/config b/config
index a41e871016a8..be80ba93c04d 100644
--- a/config
+++ b/config
@@ -2323,7 +2323,7 @@ CONFIG_UEFI_CPER=y
CONFIG_UEFI_CPER_X86=y
CONFIG_EFI_DEV_PATH_PARSER=y
CONFIG_EFI_EARLYCON=y
-CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
+# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set
#
# Tegra firmware driver
ввиду того, что включение этой опции считается потенциальной уязвимостью
для режима UEFI SB [1].
"Is kernel upstream commit 75b0cea7bf307f362057cc778efe89af4c615354
present in your kernel, if you boot chain includes a Linux kernel ?
[...]
And the configuration setting CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is disabled."
[1] https://github.com/rhboot/shim-review/issues/233
--
Best regards,
Nikolai Kostrigin
Подробная информация о списке рассылки devel-kernel