Page 81 of 135
Porteus Kernel Builder
Posted: 17 Mar 2021, 09:51
by fulalas
Confirmed! Just need to add
mitigations=off in the desired APPEND line of [bootDevice]/boot/syslinux/porteus.cfg
Before:
Code: Select all
#lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 39 bits physical, 48 bits virtual
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 2
Core(s) per socket: 2
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 158
Model name: Intel(R) Pentium(R) CPU G4560 @ 3.50GHz
Stepping: 9
CPU MHz: 3275.100
CPU max MHz: 3500.0000
CPU min MHz: 800.0000
BogoMIPS: 6999.82
Virtualization: VT-x
L1d cache: 64 KiB
L1i cache: 64 KiB
L2 cache: 512 KiB
L3 cache: 3 MiB
NUMA node0 CPU(s): 0-3
Vulnerability Itlb multihit: KVM: Mitigation: Split huge pages
Vulnerability L1tf: Mitigation; PTE Inversion; VMX conditional cach
e flushes, SMT vulnerable
Vulnerability Mds: Vulnerable: Clear CPU buffers attempted, no mic
rocode; SMT vulnerable
Vulnerability Meltdown: Mitigation; PTI
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user
pointer sanitization
Vulnerability Spectre v2: Mitigation; Full generic retpoline, IBPB condit
ional, IBRS_FW, STIBP conditional, RSB filling
Vulnerability Srbds: Vulnerable: No microcode
Vulnerability Tsx async abort: Not affected
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtr
r pge mca cmov pat pse36 clflush dts acpi mmx f
xsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rd
tscp lm constant_tsc art arch_perfmon pebs bts
rep_good nopl xtopology nonstop_tsc cpuid aperf
mperf pni pclmulqdq dtes64 monitor ds_cpl vmx e
st tm2 ssse3 sdbg cx16 xtpr pdcm pcid sse4_1 ss
e4_2 x2apic movbe popcnt tsc_deadline_timer aes
xsave rdrand lahf_lm abm 3dnowprefetch cpuid_f
ault invpcid_single pti ibrs ibpb stibp tpr_sha
dow vnmi flexpriority ept vpid ept_ad fsgsbase
tsc_adjust smep erms invpcid mpx rdseed smap cl
flushopt intel_pt xsaveopt xsavec xgetbv1 xsave
s dtherm arat pln pts hwp hwp_notify hwp_act_wi
ndow hwp_epp
After (mitigations=off):
Code: Select all
#lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 39 bits physical, 48 bits virtual
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 2
Core(s) per socket: 2
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 158
Model name: Intel(R) Pentium(R) CPU G4560 @ 3.50GHz
Stepping: 9
CPU MHz: 3500.316
CPU max MHz: 3500.0000
CPU min MHz: 800.0000
BogoMIPS: 6999.82
Virtualization: VT-x
L1d cache: 64 KiB
L1i cache: 64 KiB
L2 cache: 512 KiB
L3 cache: 3 MiB
NUMA node0 CPU(s): 0-3
Vulnerability Itlb multihit: KVM: Vulnerable
Vulnerability L1tf: Mitigation; PTE Inversion; VMX vulnerable
Vulnerability Mds: Vulnerable; SMT vulnerable
Vulnerability Meltdown: Vulnerable
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1: Vulnerable: __user pointer sanitization and use
rcopy barriers only; no swapgs barriers
Vulnerability Spectre v2: Vulnerable, IBPB: disabled, STIBP: disabled
Vulnerability Srbds: Vulnerable: No microcode
Vulnerability Tsx async abort: Not affected
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtr
r pge mca cmov pat pse36 clflush dts acpi mmx f
xsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rd
tscp lm constant_tsc art arch_perfmon pebs bts
rep_good nopl xtopology nonstop_tsc cpuid aperf
mperf pni pclmulqdq dtes64 monitor ds_cpl vmx e
st tm2 ssse3 sdbg cx16 xtpr pdcm pcid sse4_1 ss
e4_2 x2apic movbe popcnt tsc_deadline_timer aes
xsave rdrand lahf_lm abm 3dnowprefetch cpuid_f
ault invpcid_single ibrs ibpb stibp tpr_shadow
vnmi flexpriority ept vpid ept_ad fsgsbase tsc_
adjust smep erms invpcid mpx rdseed smap clflus
hopt intel_pt xsaveopt xsavec xgetbv1 xsaves dt
herm arat pln pts hwp hwp_notify hwp_act_window
hwp_epp
Porteus Kernel Builder
Posted: 17 Mar 2021, 10:39
by neko
@fulalas
APorteus XFCE 64bit Kernel 5.12-rc3 boot
with cheatcode "mitigations=off".
[Boot time & Benchmark]
Boot time: by command "systemd-analyze"
Startup finished in 6.720s (kernel) + 2.089s (userspace) = 8.810s
graphical.target reached after 1.944s in userspace
Benchmark: by /usr/bin/hardinfo (System Profiler and Benchmark)
-GPU Drawing-
* Intel(R) Pentium(R) CPU N4200 @ 1.10GHz 4x 2500.00 MHz 6410.27
----------------------------------------
without cheatcode "mitigations=off"
[Boot time & Benchmark]
Startup finished in 9.785s (kernel) + 3.255s (userspace) = 13.041s
graphical.target reached after 3.117s in userspace
-GPU Drawing-
* Intel(R) Pentium(R) CPU N4200 @ 1.10GHz 4x 2500.00 MHz 6160.69
Thanks.
Porteus Kernel Builder
Posted: 17 Mar 2021, 20:03
by fulalas
@neko, that's more than 30% difference! Impressive!
Thanks!
Porteus Kernel Builder
Posted: 19 Mar 2021, 13:27
by babam
Blaze wrote: ↑24 Feb 2021, 16:03
[Updated kernel Examples]
==== AUFS Kernel only for Porteus ====
Can you add this to the next kernel build
Code: Select all
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_INTEGRITY is not set
Thanks.
Porteus Kernel Builder
Posted: 20 Mar 2021, 08:47
by Blaze
babam, these options are activated by default:
Code: Select all
# egrep 'LOCKDOWN|CONFIDENTIALITY|CONFIG_INTEGRITY' /usr/src/linux/.config
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
CONFIG_INTEGRITY=y
# CONFIG_INTEGRITY_SIGNATURE is not set
==== AUFS Kernel only for Porteus ====
Simple package (vmlinuz, 000-kernel.xzm, 06-crippled_sources-NNN-XXbit.xzm, 07-kernel-header-NNN.xzm, 64bit.config - the standard neko kernel config)
[
5.11.7] <--
NEW : "All patches" patching was done.
64bit-ALL-kernel5.11.7.tar(~114 M)
https://files.sberdisk.ru/s/CozqkLLGPaiLEg9
e53df80ef14a887c8f155a1753af59f0 64bit-ALL-kernel5.11.7.tar
Note : Compiler that was used.
for kernel 5.11.7:
10.2.0-x86_64
Thanks to
neko for his support.
Porteus Kernel Builder
Posted: 20 Mar 2021, 09:27
by babam
Blaze wrote: ↑20 Mar 2021, 08:47
babam, these options are activated by default:
Code: Select all
# egrep 'LOCKDOWN|CONFIDENTIALITY|CONFIG_INTEGRITY' /usr/src/linux/.config
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_LOCK_DOWN_KERN
EL_FORCE_CONFIDENTIALITY=y
CONFIG_INTEGRITY=y
# CONFIG_INTEGRITY_SIGNATURE is not set
==== AUFS Kernel only for Porteus ====
Simple package (vmlinuz, 000-kernel.xzm, 06-crippled_sources-NNN-XXbit.xzm, 07-kernel-header-NNN.xzm, 64bit.config - the standard neko kernel config)
[
5.11.7] <--
NEW : "All patches" patching was done.
64bit-ALL-kernel5.11.7.tar(~114 M)
https://files.sberdisk.ru/s/CozqkLLGPaiLEg9
e53df80ef14a887c8f155a1753af59f0 64bit-ALL-kernel5.11.7.tar
Note : Compiler that was used.
for kernel 5.11.7:
10.2.0-x86_64
Thanks to
neko for his support.
Can you disable it
Ntfs3 module could not be loaded due to Kernel Lockdown.
Porteus Kernel Builder
Posted: 20 Mar 2021, 09:40
by Blaze
babam, it looks like as SELinux
(
about LSM)
and you are right and these options are must be disabled.
In the next build I will disable it. Not bad if
neko will do this too.
Thanks.
Отправлено спустя 4 часа 20 минут 38 секунд:
[Updated kernel Examples]
==== AUFS Kernel only for Porteus ====
Simple package (vmlinuz, 000-kernel.xzm, 06-crippled_sources-NNN-XXbit.xzm, 07-kernel-header-NNN.xzm, 64bit.config)
[
5.11.8] <--
NEW : "All patches" patching was done.
64bit-ALL-kernel5.11.8.tar(~114 M)
https://files.sberdisk.ru/s/kyCMs885ZyRSHH8
2f2a64bb5d1cbe6a4b5802bd7e3c0f54 64bit-ALL-kernel5.11.8.tar
Note : Compiler that was used.
for kernel 5.11.8:
10.2.0-x86_64
Code: Select all
# diff -Naur 64bit.config /mnt/sdc1/kernelx64/v5.11.8/64/64bit.config
--- 64bit.config 2021-03-20 15:57:33.681504000 +0000
+++ /mnt/sdc1/kernelx64/v5.11.8/64/64bit.config 2021-03-20 16:26:07.354636786 +0000
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.11.0 Kernel Configuration
+# Linux/x86 5.11.8 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.2.0"
CONFIG_CC_IS_GCC=y
@@ -225,6 +225,7 @@
# CONFIG_BPF_PRELOAD is not set
# CONFIG_USERFAULTFD is not set
CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
+CONFIG_KCMP=y
# CONFIG_RSEQ is not set
CONFIG_EMBEDDED=y
CONFIG_HAVE_PERF_EVENTS=y
@@ -1457,7 +1458,6 @@
# CONFIG_PCIEASPM_PERFORMANCE is not set
CONFIG_PCIE_PME=y
CONFIG_PCIE_PTM=y
-# CONFIG_PCIE_BW is not set
CONFIG_PCI_MSI=y
CONFIG_PCI_MSI_IRQ_DOMAIN=y
CONFIG_PCI_QUIRKS=y
@@ -5994,9 +5994,6 @@
# CONFIG_INTEL_UNCORE_FREQ_CONTROL is not set
# CONFIG_INTEL_CHTDC_TI_PWRBTN is not set
CONFIG_INTEL_PMC_CORE=y
-# CONFIG_INTEL_PMT_CLASS is not set
-# CONFIG_INTEL_PMT_TELEMETRY is not set
-# CONFIG_INTEL_PMT_CRASHLOG is not set
CONFIG_INTEL_PUNIT_IPC=m
# CONFIG_INTEL_SCU_PCI is not set
# CONFIG_INTEL_SCU_PLATFORM is not set
@@ -6409,8 +6406,8 @@
# CONFIG_UFS_DEBUG is not set
# CONFIG_EROFS_FS is not set
CONFIG_AUFS_FS=y
-CONFIG_AUFS_BRANCH_MAX_127=y
-# CONFIG_AUFS_BRANCH_MAX_511 is not set
+# CONFIG_AUFS_BRANCH_MAX_127 is not set
+CONFIG_AUFS_BRANCH_MAX_511=y
# CONFIG_AUFS_BRANCH_MAX_1023 is not set
# CONFIG_AUFS_BRANCH_MAX_32767 is not set
CONFIG_AUFS_SBILIST=y
@@ -6570,16 +6567,9 @@
# CONFIG_SECURITY_LOADPIN is not set
# CONFIG_SECURITY_YAMA is not set
# CONFIG_SECURITY_SAFESETID is not set
-CONFIG_SECURITY_LOCKDOWN_LSM=y
-CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
-CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
-CONFIG_INTEGRITY=y
-# CONFIG_INTEGRITY_SIGNATURE is not set
-# CONFIG_IMA is not set
+# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+# CONFIG_INTEGRITY is not set
# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
-# CONFIG_EVM is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
after disabling LSM, I get these trash
Code: Select all
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
Thanks to
neko for his support.
Porteus Kernel Builder
Posted: 20 Mar 2021, 14:03
by neko
@Blaze
"Kernel Builder" was updated to version 21.03.20. (Please refer to the first article.)
Configs of 5.10, 5.11, 5.12 were updated.
Code: Select all
# diff .config.old .config
6588,6595c6588,6589
< CONFIG_SECURITY_LOCKDOWN_LSM=y
< CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
< # CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
< # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
< CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
< CONFIG_INTEGRITY=y
< # CONFIG_INTEGRITY_SIGNATURE is not set
< # CONFIG_IMA is not set
---
> # CONFIG_SECURITY_LOCKDOWN_LSM is not set
> # CONFIG_INTEGRITY is not set
6597d6590
< # CONFIG_EVM is not set
#
Note:
APorteus-XFCE_ru-v21.03.20-x86_64.iso can be used as updated "Kernel Builder" ISO.
ArchLinux packages manager for Porteus (Post by neko #81802)
Thanks.
Porteus Kernel Builder
Posted: 21 Mar 2021, 07:14
by babam
Oh no
Code: Select all
$ egrep 'BTRFS_FS=|VBOX' 64bit.config
# CONFIG_DRM_VBOXVIDEO is not set
CONFIG_BTRFS_FS=m
Porteus Kernel Builder
Posted: 21 Mar 2021, 09:09
by Blaze
Do you need in
Code: Select all
CONFIG_DRM_VBOXVIDEO=m
CONFIG_VBOXGUEST=m
by default?
why
y but not
m (as module)?
slackware64-current
https://sunsite.icm.edu.pl/pub/Linux/sl ... ic-5.10.25
Porteus Kernel Builder
Posted: 21 Mar 2021, 09:52
by babam
Yes
Because I use Btrfs for persistent (partition / container file).
You can try a partition or container file formatted to Btrfs and then use it as persistent (changes cheatcode)
Porteus Kernel Builder
Posted: 21 Mar 2021, 14:24
by neko
@babam
The pre-prepared CONFIG applies to the majority of Porteus users.
Individual CONFIG changes are not included
to prevent the kernel size from becoming too large,
so please follow the steps below to make your own changes before compiling.
1. Prepare the latest KERNEL BUILDER usage environment
Ex: APorteus-XFCE_ru-v21.03.20-x86_64.iso : This ISO can be used as "Kernel Builder"
ArchLinux packages manager for Porteus (Post by neko #81802)
2. Kernel Build
<GUI>
menu ---> "Kernel Builder"
"Kernel Builder Directory" : /buildDIR/
"Kernel Version" : 5.11.8
"64Bit" : select
"download : check ON
"expand & AUFS patch" : select
push "OK" button.
&
push "OK" button of confirm window.
<CUI>
Code: Select all
% su
# cd /buildDIR/v5.11.8/64/linux-5.11.8
# make menuconfig
..
(your own modification)
..
#
<GUI>
menu ---> "Kernel Builder"
"Kernel Builder Directory" : /buildDIR/
"Kernel Version" : 5.11.8
"64Bit" : select
"compile" : check ON
"Create FW" : check ON
push "OK" button.
&
push "OK" button of confirm window.
Thanks.
Porteus Kernel Builder
Posted: 21 Mar 2021, 16:09
by Blaze
babam, do you use Porteus in VirtualBox?
Specially for your request
[Updated kernel Examples]
==== AUFS Kernel only for Porteus ====
Simple package (vmlinuz, 000-kernel.xzm, 06-crippled_sources-NNN-XXbit.xzm, 07-kernel-header-NNN.xzm, 64bit.config)
[
5.12-rc3] <--
NEW : "All patches" patching was done.
64bit-ALL-kernel5.12-rc3.tar (~111 M)
https://files.sberdisk.ru/s/xDMYyQcADeszCMF
55062f246c001ac397a40aa5b726b107 64bit-ALL-kernel5.12-rc3.tar
Code: Select all
# diff old.config new.config
4751c4751
< # CONFIG_DRM_VBOXVIDEO is not set
---
> CONFIG_DRM_VBOXVIDEO=m
5863c5863,5865
< # CONFIG_VIRT_DRIVERS is not set
---
> CONFIG_VIRT_DRIVERS=y
> CONFIG_VBOXGUEST=m
> # CONFIG_NITRO_ENCLAVES is not set
6277c6279
< CONFIG_BTRFS_FS=m
---
> CONFIG_BTRFS_FS=y
6424a6427
> CONFIG_VBOXSF_FS=m
6612c6615
< CONFIG_XOR_BLOCKS=m
---
> CONFIG_XOR_BLOCKS=y
6709,6710c6712,6713
< CONFIG_CRYPTO_XXHASH=m
< CONFIG_CRYPTO_BLAKE2B=m
---
> CONFIG_CRYPTO_XXHASH=y
> CONFIG_CRYPTO_BLAKE2B=y
6863c6866
< CONFIG_RAID6_PQ=m
---
> CONFIG_RAID6_PQ=y
Note : Compiler that was used.
for kernel 5.12-rc3:
10.2.0-x86_64
Thanks to
neko for his support.
Porteus Kernel Builder
Posted: 21 Mar 2021, 18:07
by AcnapyxoB
Have this VirtualBox error in kernel 5.11.8 and 5.12-rc3:
Code: Select all
The VirtualBox Linux kernel driver is either not loaded or not set up
correctly. Please try setting it up again by executing
'/sbin/vboxconfig'
as root.
If your system has EFI Secure Boot enabled you may also need to sign
the kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before
you can load them. Please see your Linux system's documentation for
more information.
where: suplibOsInit what: 3 VERR_VM_DRIVER_NOT_INSTALLED
(-1908) - The support driver is not installed. On linux, open returned
ENOENT.
Any ideas !?
Porteus Kernel Builder
Posted: 21 Mar 2021, 23:40
by fulalas
@AcnapyxoB, how exactly did you build this vbox module?