-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New package: linux5.11-5.11.1. #29056
Conversation
\o/ happy to see it worked for you. Are you going to update the older release series to do the same too? |
What about enabling intel sgx? |
Do you know what the config flag is ? I wasn't prompted for it, so it might be hidden behind something else. |
It's |
@toluschr it's easy enough to enable, do you feel it's necessary? |
AFAIK, some fingerprint readers might not work correctly without it. However, that knowledge is based off a BIOS message and a non-working fingerprint reader. I don't really care about the fingerprint reader, just wanted to test the hardware. Other people might though. |
The whole thing looks rather sketchy, so I'm pending towards leaving it disabled, but at the same time it seems most distros are enabling it. FWIW, I think you'd need to have drivers using SGX first for it to make a difference, which is not happening yet. |
80d64f4
to
fc3da37
Compare
Switch to using 5.11 tarball + minor version patch. Allows the tarball to be shared across updates. Remove the DocBook makefile stuff. It's been carried over since kernel 4.13 (was introduced in ef67cec), probably to allow building DKMS modules which depended on it. DKMS modules which build cleanly on 5.11 will definitely have been updated to not depend on that Makefile, so remove it. We are not enabling SGX for Intel due to it being mostly useless for now and looking generally sketchy. There's also no literature we could find supporting it not affecting overall system security, but literature pointing out the opposite definitely does: - https://arxiv.org/pdf/1702.08719.pdf "Using SGX to Conceal Cache Attacks" memory poisoning patch necessary for ppc hasn't been rebased yet, so remove those targets from archs.
Switch to using 5.11 tarball + minor version patch. Allows the tarball
to be shared across updates.
TODO:
mm/page_poison.c
has changed a lot, no idea if this is still necessary. @q66ppcle-broken-vdso.patch
andppcle-ll-compat-sys.patch
appear to not be upstream, but didn't apply cleanly. I assume they are still necessary?General
Have the results of the proposed changes been tested?
Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
[ci skip]