diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 6ac1dda85b5..54a2fcdbd88 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -10,7 +10,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} Version: 5.15.137.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index a4c3a7c7518..9ad48b03d4c 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -1,7 +1,7 @@ Summary: Linux API header files Name: kernel-headers Version: 5.15.137.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index e093d43607f..13a980a523e 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -8147,6 +8147,7 @@ CONFIG_SUN6I_MSGBOX=y # CONFIG_SPRD_MBOX is not set # CONFIG_QCOM_IPCC is not set CONFIG_IOMMU_IOVA=y +CONFIG_IOASID=y CONFIG_IOMMU_API=y CONFIG_IOMMU_SUPPORT=y @@ -8165,12 +8166,17 @@ CONFIG_IOMMU_DEFAULT_DMA_STRICT=y # CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set CONFIG_OF_IOMMU=y CONFIG_IOMMU_DMA=y +CONFIG_IOMMU_SVA_LIB=y # CONFIG_ROCKCHIP_IOMMU is not set # CONFIG_SUN50I_IOMMU is not set # CONFIG_TEGRA_IOMMU_SMMU is not set # CONFIG_IPMMU_VMSA is not set -# CONFIG_ARM_SMMU is not set -# CONFIG_ARM_SMMU_V3 is not set +CONFIG_ARM_SMMU=y +# CONFIG_ARM_SMMU_LEGACY_DT_BINDINGS is not set +CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT=y +CONFIG_ARM_SMMU_QCOM=y +CONFIG_ARM_SMMU_V3=y +CONFIG_ARM_SMMU_V3_SVA=y # CONFIG_MTK_IOMMU is not set # CONFIG_QCOM_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index 467157a0ab1..395bc196fdc 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -2,8 +2,8 @@ "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", "config": "f529b9e9ad21c4f26edc849658bf38de43736901d8f3aabc9f3be2f0dc37497e", - "config_aarch64": "00728640d6c8bbe24667e0f63059a9bfef523962805648860e0d2e22e7fe0079", + "config_aarch64": "54f395290e569cc08f176166a8bed851f4bcae3628bbb4772fc6288164224aa2", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", "kernel-5.15.137.1.tar.gz": "c00abd18daa5fcdf732d88bed57eb26a247473888c8aa9003897baa15d6c0e58" } -} \ No newline at end of file +} diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index abbd2d02f43..2b7898e368e 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -28,7 +28,7 @@ Summary: Linux Kernel Name: kernel Version: 5.15.137.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 4b4d7a16506..32ea94101dc 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-17.cm2.aarch64.rpm -kernel-headers-5.15.137.1-1.cm2.noarch.rpm +kernel-headers-5.15.137.1-2.cm2.noarch.rpm glibc-2.35-6.cm2.aarch64.rpm glibc-devel-2.35-6.cm2.aarch64.rpm glibc-i18n-2.35-6.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index ca8d153ae93..1e26059c027 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-17.cm2.x86_64.rpm -kernel-headers-5.15.137.1-1.cm2.noarch.rpm +kernel-headers-5.15.137.1-2.cm2.noarch.rpm glibc-2.35-6.cm2.x86_64.rpm glibc-devel-2.35-6.cm2.x86_64.rpm glibc-i18n-2.35-6.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 0bd3e09f9e4..802f43db8c1 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -136,7 +136,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.aarch64.rpm kbd-debuginfo-2.2.0-1.cm2.aarch64.rpm -kernel-headers-5.15.137.1-1.cm2.noarch.rpm +kernel-headers-5.15.137.1-2.cm2.noarch.rpm kmod-29-2.cm2.aarch64.rpm kmod-debuginfo-29-2.cm2.aarch64.rpm kmod-devel-29-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index e168b9fb0fa..6f1d5d5a5c1 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -136,7 +136,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.x86_64.rpm kbd-debuginfo-2.2.0-1.cm2.x86_64.rpm -kernel-headers-5.15.137.1-1.cm2.noarch.rpm +kernel-headers-5.15.137.1-2.cm2.noarch.rpm kmod-29-2.cm2.x86_64.rpm kmod-debuginfo-29-2.cm2.x86_64.rpm kmod-devel-29-2.cm2.x86_64.rpm diff --git a/toolkit/scripts/mariner-required-configs.json b/toolkit/scripts/mariner-required-configs.json index cc2719d98db..37cf2bc8b3d 100644 --- a/toolkit/scripts/mariner-required-configs.json +++ b/toolkit/scripts/mariner-required-configs.json @@ -1213,6 +1213,103 @@ "PR": [ "https://github.com/microsoft/CBL-Mariner/pull/6574" ] + }, + "CONFIG_IOASID": { + "value": [ + "y" + ], + "arch": [ + "ARM64" + ], + "comment": "Needed for CONFIG_ARM_SMMU", + "PR": [ + "https://github.com/microsoft/CBL-Mariner/pull/6823" + ] + }, + "CONFIG_IOMMU_SVA_LIB": { + "value": [ + "y" + ], + "arch": [ + "ARM64" + ], + "comment": "Needed for CONFIG_ARM_SMMU_V3_SVA", + "PR": [ + "https://github.com/microsoft/CBL-Mariner/pull/6823" + ] + }, + "CONFIG_ARM_SMMU": { + "value": [ + "y" + ], + "arch": [ + "ARM64" + ], + "comment": "Needed for VFIO to work", + "PR": [ + "https://github.com/microsoft/CBL-Mariner/pull/6823" + ] + }, + "CONFIG_ARM_SMMU_LEGACY_DT_BINDINGS": { + "value": [ + "", + "is not set" + ], + "arch": [ + "ARM64" + ], + "comment": "No device tree support needed", + "PR": [ + "https://github.com/microsoft/CBL-Mariner/pull/6823" + ] + }, + "CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT": { + "value": [ + "y" + ], + "arch": [ + "ARM64" + ], + "comment": "More secure when set", + "PR": [ + "https://github.com/microsoft/CBL-Mariner/pull/6823" + ] + }, + "CONFIG_ARM_SMMU_QCOM": { + "value": [ + "y" + ], + "arch": [ + "ARM64" + ], + "comment": "Allow support of QCom SMMU, because why not?", + "PR": [ + "https://github.com/microsoft/CBL-Mariner/pull/6823" + ] + }, + "CONFIG_ARM_SMMU_V3": { + "value": [ + "y" + ], + "arch": [ + "ARM64" + ], + "comment": "Needed for VFIO to work", + "PR": [ + "https://github.com/microsoft/CBL-Mariner/pull/6823" + ] + }, + "CONFIG_ARM_SMMU_V3_SVA": { + "value": [ + "y" + ], + "arch": [ + "ARM64" + ], + "comment": "Needed for CONFIG_ARM_SMMU_V3", + "PR": [ + "https://github.com/microsoft/CBL-Mariner/pull/6823" + ] } } }