1. "Porteus Kernel Builder" was updated to mkKernel-18.02.12-noarch-1.xzm
Please refer to
http://forum.porteus.org/viewtopic.php?p=52232#p52232
(1) Firmware packages was updated.
constructed with following archlinux packages.
alsa-firmware-1.0.29-noarch-1
bluez-firmware-1.2-noarch-8
ipw2100-fw-1.3-noarch-8
ipw2200-fw-3.1-noarch-6
linux-atm-2.5.2-x86_64-4
linux-firmware-20180119.2a713be-noarch-1
zd1211-firmware-1.5-noarch-1
(2) New kernel version line v4.16-rc was added.
AUF patch for kernel 4.16-rc is not yet offered.
Therefore "aufs4.x-rcN" patch was used for kernel 4.16-rc.
But patching error and compiling error will occur.
[Patching error]
patching file include/linux/mm.h
Hunk #1 FAILED at 1362.
1 out of 1 hunk FAILED -- saving rejects to file include/linux/mm.h.rej
[Compiling error] : error is concerning on type 'atomic64_t'.
fs/aufs/sbinfo.c:163:18: error: wrong type argument to increment
inode->i_version++;
etc.,
[Own patch for v4.16-rc was added]
Own patch for v4.16-rc are mainly used for avoiding AUFS errors.
But the contents of the patch was not understood.
Therefore the result of built with these patches
is not assured.
[config for 4.16-rc]
64 Bit config was generated from 64 Bit 4.15 config by the command "make oldconfig".
Code: Select all
*
* GCC plugins
*
GCC plugins (GCC_PLUGINS) [N/y/?] n
Stack Protector buffer overflow detection
> 1. None (CC_STACKPROTECTOR_NONE)
2. Regular (CC_STACKPROTECTOR_REGULAR)
3. Strong (CC_STACKPROTECTOR_STRONG)
4. Automatic (CC_STACKPROTECTOR_AUTO) (NEW)
choice[1-4?]: 1
*
* Linux guest support
*
Linux guest support (HYPERVISOR_GUEST) [Y/n/?] y
Enable paravirtualization code (PARAVIRT) [N/y/?] n
Jailhouse non-root cell support (JAILHOUSE_GUEST) [N/y/?] (NEW) N
Defer initialisation of struct pages to kthreads (DEFERRED_STRUCT_PAGE_INIT) [N/y/?] (NEW) N
ACPI Serial Port Console Redirection Support (ACPI_SPCR_TABLE) [Y/n/?] (NEW) Y
"srh" Segment Routing header match support (IP6_NF_MATCH_SRH) [N/m/?] (NEW) N
Enable USB autosuspend for Bluetooth USB devices by default (BT_HCIBTUSB_AUTOSUSPEND) [N/y/?] (NEW) N
Realtek PCI-E card reader (MISC_RTSX_PCI) [N/m/y/?] (NEW) N
Realtek USB card reader (MISC_RTSX_USB) [N/m/y/?] (NEW) N
Default SATA Link Power Management policy for mobile chipsets (SATA_MOBILE_LPM_POLICY) [0] (NEW)
Unstriped target (DM_UNSTRIPED) [N/m/?] (NEW) N
Cavium PTP coprocessor as PTP clock (CAVIUM_PTP) [Y/n/m/?] (NEW) n
Cortina Gemini devices (NET_VENDOR_CORTINA) [Y/n/?] (NEW) n
Socionext ethernet drivers (NET_VENDOR_SOCIONEXT) [Y/n/?] (NEW) n
MediaTek MT76x2E (PCIe) support (MT76x2E) [N/m/?] (NEW) m
Simulated networking device (NETDEVSIM) [N/m/y/?] (NEW) m
ACCES PCIe-IDIO-24 GPIO support (GPIO_PCIE_IDIO_24) [N/m/y/?] (NEW) m
Nuvoton W83773G (SENSORS_W83773G) [N/m/y/?] (NEW) m
LIRC user interface (LIRC) [N/y/?] (NEW) N
Enable DVB memory-mapped API (EXPERIMENTAL) (DVB_MMAP) [N/y/?] (NEW) N
Enable DVB net ULE packet debug messages (DVB_ULE_DEBUG) [N/y/?] (NEW) N
OmniVision OV7740 sensor support (VIDEO_OV7740) [N/m/y/?] (NEW) m
NXP TDA18250 silicon tuner (MEDIA_TUNER_TDA18250) [M/n/y/?] (NEW) m
Jabra USB HID Driver (HID_JABRA) [N/m/y/?] (NEW) m
xHCI support for debug capability (USB_XHCI_DBGCAP) [N/y/?] (NEW) N
SDHCI support for Fujitsu Semiconductor F_SDH30 (MMC_SDHCI_F_SDH30) [N/m/y/?] (NEW) y
LED Netdev Trigger (LEDS_TRIGGER_NETDEV) [N/m/y/?] (NEW) n
Virtio drivers (VIRTIO_MENU) [Y/n/?] (NEW) n
Acer Wireless Radio Control Driver (ACER_WIRELESS) [N/m/y/?] (NEW) m
GPD Pocket Fan Controller support (GPD_POCKET_FAN) [N/m/y/?] (NEW) N
Platform support for Mellanox hardware (MELLANOX_PLATFORM) [N/y/?] (NEW) N
SoundWire support (SOUNDWIRE) [N/y/?] (NEW) N
Xilinx VCU logicoreIP Init (XILINX_VCU) [N/m/y/?] (NEW) N
Unisys visorbus driver (UNISYS_VISORBUS) [N/m/y/?] (NEW) N
Eckelmann SIOX Support (SIOX) [N/m/y/?] (NEW) N
SLIMbus support (SLIMBUS) [N/m/y/?] (NEW) N
Overlayfs: turn on NFS export feature by default (OVERLAY_FS_NFS_EXPORT) [N/y/?] (NEW) y
Runtime Testing (RUNTIME_TESTING_MENU) [N/y/?] (NEW) N
Platform Security Processor (PSP) device (CRYPTO_DEV_SP_PSP) [Y/n/?] (NEW) Y
AMD Secure Encrypted Virtualization (SEV) support (KVM_AMD_SEV) [Y/n/?] (NEW) Y
32 Bit config was generated from 64 Bit config by the command "make menuconfig".
2. current kernel version
[from
https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is:
4.16-rc1 <---
NEW
The latest stable 4.15 version of the Linux kernel is:
4.15.3 <---
NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.18
The latest longterm 4.9 version of the Linux kernel is: 4.9.80
The latest longterm 4.4 version of the Linux kernel is: 4.4.115
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.94 (EOL)
The latest linux-next version of the Linux kernel is: next-20180212
3.
NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.
Refer to
http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to
http://forum.porteus.org/viewtopic.php?p=52232#p52232
"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".
Note 1: check spectre/meltdown on kernel 4.16-rc1
tool: spectre-meltdown-checker.sh (VERSION='0.34+')
https://github.com/speed47/spectre-melt ... checker.sh
result: (set vmlinuz in /boot)
Code: Select all
Spectre and Meltdown mitigation detection tool v0.34+
Checking for vulnerabilities on current system
Kernel is Linux 4.16.0-rc1-porteus #1 SMP PREEMPT Mon Feb 12 12:05:18 UTC 2018 x86_64
CPU is Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
We're missing some kernel info (see -v), accuracy might be reduced
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 92 stepping 9 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: UNKNOWN (couldn't read your kernel configuration)
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: NO
> STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)
A false sense of security is worse than no security at all, see --disclaimer
Thanks.