Porteus Kernel Builder

Here is a place for your projects which are not officially supported by the Porteus Team. For example: your own kernel patched with extra features; desktops not included in the standard ISO like Gnome; base modules that are different than the standard ISO, etc...
neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#286 by neko » 17 Feb 2018, 10:15

@Jack
Thank you for your advice.
Although I updated this post (http://forum.porteus.org/viewtopic.php?p=52232#p52232),
I forgot to update that post (http://forum.porteus.org/viewtopic.php?p=57468#p57468).

Now I updated it.

Thanks.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#287 by neko » 18 Feb 2018, 05:57

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc1
The latest stable 4.15 version of the Linux kernel is: 4.15.4 <---NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.20 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.82 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.116 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.95 (EOL) <---NEW
The latest linux-next version of the Linux kernel is: next-20180216


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Thanks.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#288 by neko » 20 Feb 2018, 04:56

1. "Porteus Kernel Builder" was updated to mkKernel-18.02.20-noarch-1.xzm
Please refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232

(1) Own patch for v4.16-rc was updated.
Patching error of v4.16-rc AUFS patch has been fixed.
Therefore the own patches for this patching error is not needed.

(2) "Kernel Builder" specification is not redesigned yet.
not fix the bug yet:
Please refer to http://forum.porteus.org/viewtopic.php?p=61024#p61024


2. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc2 <---NEW
The latest stable 4.15 version of the Linux kernel is: 4.15.4
The latest longterm 4.14 version of the Linux kernel is: 4.14.20
The latest longterm 4.9 version of the Linux kernel is: 4.9.82
The latest longterm 4.4 version of the Linux kernel is: 4.4.116
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.95 (EOL)
The latest linux-next version of the Linux kernel is: next-20180220


3. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note 1: check spectre/meltdown on kernel 4.16-rc2
tool: spectre-meltdown-checker.sh (VERSION='0.35')
https://codeload.github.com/speed47/spe ... zip/master
result: (set vmlinuz in /boot)

Code: Select all

Spectre and Meltdown mitigation detection tool v0.35

Checking for vulnerabilities on current system
Kernel is Linux 4.16.0-rc2-porteus #1 SMP PREEMPT Mon Feb 19 23:49:49 UTC 2018 x86_64
CPU is Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
We're missing some kernel info (see -v), accuracy might be reduced

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 92 stepping 9 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  UNKNOWN  (couldn't read your kernel configuration)
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer


Thanks.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#289 by neko » 23 Feb 2018, 09:10

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc2
The latest stable 4.15 version of the Linux kernel is: 4.15.5 <---NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.21 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.83 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.117 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.95 (EOL)
The latest linux-next version of the Linux kernel is: next-20180223


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Thanks.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#290 by neko » 26 Feb 2018, 06:13

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc3 <---NEW
The latest stable 4.15 version of the Linux kernel is: 4.15.6 <---NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.22 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.84 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.118 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.96 (EOL) <---NEW
The latest linux-next version of the Linux kernel is: next-20180223


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".

Note 1: check spectre/meltdown on kernel 4.16-rc3
tool: spectre-meltdown-checker.sh (VERSION='0.35' gotten on 18.02.28)
https://codeload.github.com/speed47/spe ... zip/master
result:

Code: Select all

# modprobe configs
# ln -sf /mnt/sda13/porteus/kernel/v4.16-rc3/64/vmlinuz /boot/.
# ./spectre-meltdown-checker-0.35-18.02.28.sh -v
Spectre and Meltdown mitigation detection tool v0.35

Checking for vulnerabilities on current system
Kernel is Linux 4.16.0-rc3-porteus #1 SMP PREEMPT Mon Feb 26 12:39:03 UTC 2018 x86_64
CPU is Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
Will use vmlinux image /boot/vmlinuz
Will use kconfig /proc/config.gz (decompressed)
Will use no System.map file (accuracy might be reduced)
We're missing some kernel info (see -v), accuracy might be reduced
Kernel image is Linux version 4.16.0-rc3-porteus (root@porteus) (gcc version 7.3.0 (GCC)) #1 SMP PREEMPT Mon Feb 26 12:39:03 UTC 2018

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
    * Kernel has set the spec_ctrl flag in cpuinfo:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 92 stepping 9 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
* Checking count of LFENCE instructions following a jump in kernel...  NO  (only 4 jump-then-lfence instructions found, should be >= 30 (heuristic))
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Performance impact if PTI is enabled
  * CPU supports PCID:  NO  (no security impact but performance will be degraded with PTI)
  * CPU supports INVPCID:  NO  (no security impact but performance will be degraded with PTI)
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
Thanks.
Last edited by neko on 28 Feb 2018, 14:46, edited 3 times in total.

raja
Samurai
Samurai
Posts: 134
Joined: 02 May 2017, 09:51
Distribution: v3.2.2-32 and v4.0-rc1-64
Location: Chennai,India

Porteus Kernel Builder

Post#291 by raja » 26 Feb 2018, 09:04

Neko,

1)Please consider enabling CONFIG for MICROCODE,intel,amd ,legacy processors and MSR,CPUID, in your future Kernels. This is only a provision for hardware mitigation, and is left to the user. No harm is done to the system.

2)Please enable Intel LPSS modules (MFD), for future Porteus CONFIG ( Brokenman has forgotten this modification) Your Kernel v4.15.3 is without these module drivers. Without this, i2c designware drivers will not work.

thanks
Linux Kernel-4.4.120-32 bit; Linux kernel-4.15.7-64 bit.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#292 by neko » 26 Feb 2018, 13:14

@raja
1. There was a problem with Intel's microcode update.
For this reason, Intel told us to restore it.
The Intel CPU problem has not been solved yet.
I hesitate to put the microcode related code in the built kernel which is prepared as a sample in this situation.

2. The kernel has many functions / drivers.
If you incorporate these without choosing, the size will increase.
The features of Porteus are in its size, so many useful drivers and functions have been removed from the kernel.
You need to incorporate yourself what you need by all means for individual users.


----------------------------
The build kernel introduced in this thread is just an example of creation.
The purpose of this thread is to provide a kernel builder.
I appreciate your understanding.


Thanks.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#293 by neko » 01 Mar 2018, 08:05

1. "Porteus Kernel Builder" was updated to mkKernel-18.02.27-noarch-1.xzm
Please refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232

(1) Setting multi items in "setting window": refer to http://forum.porteus.org/viewtopic.php?p=61024#p61024
Image
setting window

Image
confirm window

Setting multi items in "setting window" is available and will be performed.
:download source file.
:patch
:compile
:apply firmware from packages
:create crippled_sources
:replace kernel of ISO

[Created shell script]

Code: Select all

#!/bin/sh
###=== Download ===###
cd /home/guest/porteus/kernel/v4.15.7
rm -f sha256sums.asc
wget -c --no-check-certificate https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
if [ ! -f sha256sums.asc ]
then
	echo "wget error: sha256sum" >> /tmp/work11819/errorMSG
	exit 1
fi
rm -f linux-4.15.7.tar.xz
wget -c --tries=0 --retry-connrefused --no-check-certificate https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.15.7.tar.xz
if [ ! -f linux-4.15.7.tar.xz ]
then
	echo "wget error: linux-4.15.7.tar.xz" >> /tmp/work11819/errorMSG
	rm sha256sums.asc
	exit 1
fi

A=`sha256sum linux-4.15.7.tar.xz`
B=`grep linux-4.15.7.tar.xz sha256sums.asc`
#	rm sha256sums.asc
if [ "$A" != "$B" ]
then
	echo "wget error: sha256sum mismatch" >> /tmp/work11819/errorMSG
	rm linux-4.15.7.tar.xz
	exit 1
fi

rm -f aufs.patch
/usr/local/share/mkKernel/lib/v4.15/get.aufs.patch
if [ ! -f aufs.patch ]
then
	echo "git error: aufs patch cannot be gotten"  >> /tmp/work11819/errorMSG
#	rm linux-4.15.7.tar.xz
	exit 1
fi
cp /usr/local/share/mkKernel/lib/v4.15/*bit.config .

###=== Expand & Patch ===###
cd /home/guest/porteus/kernel/v4.15.7/64
rm -fr linux-4.15.7
xz -dc /home/guest/porteus/kernel/v4.15.7/linux-4.15.7.tar.xz | tar -xv
cd linux-4.15.7
patch -p1 < /home/guest/porteus/kernel/v4.15.7/aufs.patch
cp /home/guest/porteus/kernel/v4.15.7/64bit.config .config

###=== Own Patch ===###
/usr/local/share/mkKernel/lib/v4.15/ownPatch.sh /home/guest/porteus/kernel 4.15.7 64

###=== Compile ===###
cd /home/guest/porteus/kernel/v4.15.7/64/
rm -fr vmlinuz lib
cd linux-4.15.7
make oldconfig
make -j4
cp arch/x86/boot/bzImage ../vmlinuz
make modules_install INSTALL_MOD_PATH=../
make firmware_install INSTALL_MOD_PATH=../ 2>/dev/null
cp .config ../64bit.config
cd ../
if [ ! -f vmlinuz -o ! -d lib ]
then
	echo "compile error" >> /tmp/work11819/errorMSG
	exit 1
fi
DIR=`/bin/ls lib/modules/`
rm lib/modules/$DIR/build lib/modules/$DIR/source
ln -sf /usr/src/linux lib/modules/$DIR/build
ln -sf /usr/src/linux lib/modules/$DIR/source

#==== Set Variables ====#
WORK=/tmp/work11819
KDIR=/home/guest/porteus/kernel
KVER=4.15.7
COMPARCH=64

###=== Make firmware from packages ===###
cd $KDIR
#---- get FW list ----#
/usr/local/share/mkKernel/bin/getFWlist $KDIR/v$KVER/$COMPARCH/lib 2>> $WORK/errorMSG
if [ $? -ne 0 ]
then
	exit 1
fi
mv FW.list v${KVER}-${COMPARCH}fw.list

#---- download FW package ----#
FWadr=`cat /usr/local/share/mkKernel/lib/firmware.adr | sed -n 1p`
FWname=${FWadr##*/}
if [ ! -f $FWname ]
then
	Gmd5=`mediafire $FWadr | cut -d' ' -f1`
	if [ $Gmd5 = "0" ]
	then
		mkKernelMSG_mkfw1=`gettext mkKernel "Error: Download Firmware Package."`
		echo $mkKernelMSG_mkfw1 >> $WORK/errorMSG
		exit 1
	fi
	Fmd5=`cat /usr/local/share/mkKernel/lib/firmware.adr | sed -n 2p`
	if [ $Gmd5 != $Fmd5 ]
	then
		mkKernelMSG_mkfw2=`gettext mkKernel "md5sum mismatch: Download Firmware Package."`
		echo $mkKernelMSG_mkfw2 >> $WORK/errorMSG
		exit 1
	fi
fi
mkdir mntFW$$
mount -t squashfs -o loop $FWname mntFW$$
if [ $? -ne 0 ]
then
	umount -f -l mntFW$$
	rm -fr mntFW$$
	mkKernelMSG_mkfw3=`gettext mkKernel "loop mount error: Firmware Package."`
	echo $mkKernelMSG_mkfw3 >> $WORK/errorMSG
	exit 1
fi

#---- create firmware ----#
/usr/local/share/mkKernel/bin/getFW v${KVER}-${COMPARCH}fw.list mntFW$$/lib 2>> $WORK/errorMSG
if [ $? -ne 0 ]
then
	umount -f -l mntFW$$
	rm -fr mntFW$$
	exit 1
fi
rm -f $WORK/errorMSG
REPO=`ls -ltd repo_getFW*|rev|cut -d' ' -f1|rev|grep -v 'repo_getFW-'|sed -n 1p`
rm -fr $KDIR/v$KVER/$COMPARCH/repo_getFW-v${KVER}-${COMPARCH}
mv $REPO $KDIR/v$KVER/$COMPARCH/repo_getFW-v${KVER}-${COMPARCH}

#---- set firmware ----#
if [ -d $KDIR/v$KVER/$COMPARCH/lib/firmware ]
then
	cp -a $KDIR/v$KVER/$COMPARCH/lib/firmware/* firmware/
	rm -fr $KDIR/v$KVER/$COMPARCH/lib/firmware
fi
mv firmware $KDIR/v$KVER/$COMPARCH/lib/

umount -f -l mntFW$$
rm -fr mntFW$$

#exit 0
###=== Update kernel of ISO ===###
## 000-kernel ##
rm -fr /home/guest/porteus/kernel/000-kernel/lib/modules
cp -a /home/guest/porteus/kernel/v4.15.7/64/lib /home/guest/porteus/kernel/000-kernel/
rm -fr /home/guest/porteus/kernel/000-kernel.xzm
mksquashfs /home/guest/porteus/kernel/000-kernel /home/guest/porteus/kernel/000-kernel.xzm -b 256K -comp xz -Xbcj x86 -noappend
rm -fr /home/guest/porteus/kernel/000-kernel
mv /home/guest/porteus/kernel/000-kernel.xzm /home/guest/porteus/kernel/ISO/porteus/base/

## vmlinuz ##
cp /home/guest/porteus/kernel/v4.15.7/64/vmlinuz /home/guest/porteus/kernel/ISO/boot/syslinux/

## UP.Porteus-LXDE-v4.0rc4-x86_64.iso ##
rm -fr /home/guest/porteus/kernel/UP.Porteus-LXDE-v4.0rc4-x86_64.iso
mkisofs -o /home/guest/porteus/kernel/UP.Porteus-LXDE-v4.0rc4-x86_64.iso -v -l -J -joliet-long  -R -D -A Porteus -V Porteus \
-no-emul-boot -boot-info-table -boot-load-size 4 \
-b boot/syslinux/isolinux.bin -c boot/syslinux/isolinux.boot /home/guest/porteus/kernel/ISO
rm -fr /home/guest/porteus/kernel/ISO

###=== Create crippled_sources ===###
## set frame ##
rm -fr /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit.xzm
mkdir -p /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src
cp -av /home/guest/porteus/kernel/v4.15.7/64/linux-4.15.7 /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/
ln -sf linux-4.15.7 /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux

## slim up 1 ##
rm -rfv /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/Documentation /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/drivers /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/firmware /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/fs /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/net /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/sound
mv /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/arch/x86 /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/../
rm -rf /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/arch
mkdir /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/arch
mv /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/../x86 /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/arch/
find /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7 -maxdepth 99 -type f -name ".gitignore" -delete -print

## slim up 2 ##
rm -rfv /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/vmlinux* /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/.tmp_versions /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/arch/x86/boot/bzImage /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7/arch/x86/boot/compressed/vmlinux
find /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7 -maxdepth 99 -type f -name "*.o" -delete -print
find /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7 -maxdepth 99 -type f -name "*.bin" -delete -print
find /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7 -maxdepth 99 -type f -name "*.elf" -delete -print
find /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/usr/src/linux-4.15.7 -maxdepth 99 -type f -name "*.xz" -delete -print

## make module XZM ##
mksquashfs /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit/ /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit.xzm -b 256K -comp xz -Xbcj x86 -noappend
rm -fr /home/guest/porteus/kernel/crippled_sources-4.15.7-64bit

2. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc3
The latest stable 4.15 version of the Linux kernel is: 4.15.7 <---NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.23 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.85 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.119 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.97 (EOL) <---NEW
The latest linux-next version of the Linux kernel is: next-20180228


3. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".

Note: check spectre/meltdown on kernel 4.15.7
tool: spectre-meltdown-checker.sh (VERSION='0.35' gotten on 18.02.28)
https://codeload.github.com/speed47/spe ... zip/master
result:

Code: Select all

# mkdir /boot
# ln -sf /mnt/sda13/porteus/kernel/v4.15.7/64/vmlinuz /boot/.
# modprobe configs
# ./spectre-meltdown-checker-0.35-18.02.28.sh -v
Spectre and Meltdown mitigation detection tool v0.35

Checking for vulnerabilities on current system
Kernel is Linux 4.15.7-porteus #1 SMP PREEMPT Thu Mar 1 10:38:56 UTC 2018 x86_64
CPU is Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
Will use vmlinux image /boot/vmlinuz
Will use kconfig /proc/config.gz (decompressed)
Will use no System.map file (accuracy might be reduced)
We're missing some kernel info (see -v), accuracy might be reduced

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
    * Kernel has set the spec_ctrl flag in cpuinfo:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 92 stepping 9 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  UNKNOWN  (couldn't check (missing 'readelf' tool, please install it, usually it's in the 'binutils' package))
* Kernel has the Red Hat/Ubuntu patch:  UNKNOWN  (missing 'strings' tool, please install it, usually it's in the binutils package)
* Checking count of LFENCE instructions following a jump in kernel...  UNKNOWN  (couldn't check (missing 'readelf' tool, please install it, usually it's in the 'binutils' package))
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Performance impact if PTI is enabled
  * CPU supports PCID:  NO  (no security impact but performance will be degraded with PTI)
  * CPU supports INVPCID:  NO  (no security impact but performance will be degraded with PTI)
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
Thanks.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#294 by neko » 05 Mar 2018, 03:34

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc4 <---NEW
The latest stable 4.15 version of the Linux kernel is: 4.15.7
The latest longterm 4.14 version of the Linux kernel is: 4.14.24 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.86 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.120 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.98 (EOL) <---NEW
The latest linux-next version of the Linux kernel is: next-20180302


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Thanks.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#295 by neko » 10 Mar 2018, 08:23

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc4
The latest stable 4.15 version of the Linux kernel is: 4.15.8 <---NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.25 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.86
The latest longterm 4.4 version of the Linux kernel is: 4.4.120
The latest longterm 4.1 version of the Linux kernel is: 4.1.50 <---NEW
The latest longterm 3.18 version of the Linux kernel is: 3.18.98 (EOL)
The latest linux-next version of the Linux kernel is: next-20180309


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note: "Intel CPU problem" news
https://newsroom.intel.com/wp-content/u ... idance.pdf



Thanks.

raja
Samurai
Samurai
Posts: 134
Joined: 02 May 2017, 09:51
Distribution: v3.2.2-32 and v4.0-rc1-64
Location: Chennai,India

Porteus Kernel Builder

Post#296 by raja » 10 Mar 2018, 19:04

neko, Suse Linux has suggested a patch for "PTI" for 32 bit Kernel. Has it been main streamed?
Now, there is no mitigation for 'meltdown' in 32 bit kernels.
Linux Kernel-4.4.120-32 bit; Linux kernel-4.15.7-64 bit.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#297 by neko » 11 Mar 2018, 08:47

@raja
1. "Suse Linux has suggested a patch for "PTI" for 32 bit Kernel."
https://forums.suse.com/showthread.php? ... 1SP4-32bit

I did not know about that.


2. The result of checking spectre/meltdown on 32bit kernel 4.9.86
by the tool: spectre-meltdown-checker.sh (VERSION='0.35' gotten on 18.02.28)

Code: Select all

# uname -m
i686
# modprobe configs
# ln -sf /mnt/sda13/porteus/kernel/v4.9.86/32/vmlinuz /boot/.
# ./spectre-meltdown-checker-0.35-18.02.28.sh
Spectre and Meltdown mitigation detection tool v0.35

Checking for vulnerabilities on current system
Kernel is Linux 4.9.86-porteus #1 SMP PREEMPT Mon Mar 5 04:55:30 UTC 2018 i686
CPU is Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
We're missing some kernel info (see -v), accuracy might be reduced

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 92 stepping 9 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 32 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
* Kernel supports Page Table Isolation (PTI):  NO 
* PTI enabled and active:  NO 
* Running as a Xen PV DomU:  NO 
> STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer
CVE-2017-5754
PTI enabled and active: NO


3. A kernel patch is needed for build kernel with the config of CONFIG_PAGE_TABLE_ISOLATION=y.

[Kernel 4.14.25 32bit build]

Code: Select all

# make CONFIG_PAGE_TABLE_ISOLATION=y
arch/x86/mm/pti.c:69:13: error: redefinition of 'pti_check_boottime_disable'
 void __init pti_check_boottime_disable(void)
             ^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from arch/x86/mm/pti.c:43:0:
./arch/x86/include/asm/pti.h:10:20: note: previous definition of 'pti_check_boottime_disable' was here
 static inline void pti_check_boottime_disable(void) { }
                    ^~~~~~~~~~~~~~~~~~~~~~~~~~
arch/x86/mm/pti.c: In function '__pti_set_user_pgd':
arch/x86/mm/pti.c:116:7: error: implicit declaration of function 'pgdp_maps_userspace' [-Werror=implicit-function-declaration]
  if (!pgdp_maps_userspace(pgdp))
       ^~~~~~~~~~~~~~~~~~~
arch/x86/mm/pti.c:123:2: error: implicit declaration of function 'kernel_to_user_pgdp'; did you mean 'kernel_poison_pages'? [-Werror=implicit-function-declaration]
  kernel_to_user_pgdp(pgdp)->pgd = pgd.pgd;
  ^~~~~~~~~~~~~~~~~~~
  kernel_poison_pages
arch/x86/mm/pti.c:123:27: error: invalid type argument of '->' (have 'int')
  kernel_to_user_pgdp(pgdp)->pgd = pgd.pgd;
                           ^~
arch/x86/mm/pti.c: In function 'pti_user_pagetable_walk_p4d':
arch/x86/mm/pti.c:154:15: warning: initialization makes pointer from integer without a cast [-Wint-conversion]
  pgd_t *pgd = kernel_to_user_pgdp(pgd_offset_k(address));
               ^~~~~~~~~~~~~~~~~~~
In file included from ./include/linux/kernel.h:10:0,
                 from arch/x86/mm/pti.c:29:
arch/x86/mm/pti.c:169:15: error: implicit declaration of function 'pgd_large'; did you mean 'pud_large'? [-Werror=implicit-function-declaration]
  BUILD_BUG_ON(pgd_large(*pgd) != 0);
               ^
./include/linux/compiler.h:300:19: note: in definition of macro '__compiletime_assert'
   bool __cond = !(condition);    \
                   ^~~~~~~~~
./include/linux/compiler.h:323:2: note: in expansion of macro '_compiletime_assert'
  _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
  ^~~~~~~~~~~~~~~~~~~
./include/linux/build_bug.h:47:37: note: in expansion of macro 'compiletime_assert'
 #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
                                     ^~~~~~~~~~~~~~~~~~
./include/linux/build_bug.h:71:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
  BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
  ^~~~~~~~~~~~~~~~
arch/x86/mm/pti.c:169:2: note: in expansion of macro 'BUILD_BUG_ON'
  BUILD_BUG_ON(pgd_large(*pgd) != 0);
  ^~~~~~~~~~~~
cc1: some warnings being treated as errors
make[2]: *** [scripts/Makefile.build:321: arch/x86/mm/pti.o] Error 1
make[1]: *** [scripts/Makefile.build:579: arch/x86/mm] Error 2
make: *** [Makefile:1029: arch/x86] Error 2

4. Patch to kernel 4.14 about x86 mm page table isolation
4.14-007-146-x86-mm-pti-Add-infrastructure-for-page-table-isolation.patch was gotten from
https://patchwork.kernel.org/patch/10138837/

patch 4.14-007-146-x86-mm-pti-Add-infrastructure-for-page-table-isolation.patch to 4.14.25 kernel

Code: Select all

patching file Documentation/admin-guide/kernel-parameters.txt
Hunk #1 succeeded at 2683 (offset -2 lines).
patching file arch/x86/boot/compressed/pagetable.c
Reversed (or previously applied) patch detected!  Assume -R? [n] y
patching file arch/x86/entry/calling.h
Hunk #1 FAILED at 205.
Hunk #2 FAILED at 233.
2 out of 2 hunks FAILED -- saving rejects to file arch/x86/entry/calling.h.rej
The next patch would create the file arch/x86/include/asm/pti.h,
which already exists!  Assume -R? [n] y
patching file arch/x86/include/asm/pti.h
patching file arch/x86/mm/Makefile
Reversed (or previously applied) patch detected!  Assume -R? [n] y
Hunk #1 succeeded at 41 (offset -2 lines).
patching file arch/x86/mm/init.c
Reversed (or previously applied) patch detected!  Assume -R? [n] y
Hunk #2 succeeded at 638 (offset 8 lines).
The next patch would create the file arch/x86/mm/pti.c,
which already exists!  Assume -R? [n] y
patching file arch/x86/mm/pti.c
Hunk #1 FAILED at 1.
Not deleting file arch/x86/mm/pti.c as content differs from patch
1 out of 1 hunk FAILED -- saving rejects to file arch/x86/mm/pti.c.rej
The next patch would create the file include/linux/pti.h,
which already exists!  Assume -R? [n] y
patching file include/linux/pti.h
patching file init/main.c
Reversed (or previously applied) patch detected!  Assume -R? [n] y
Hunk #1 succeeded at 74 (offset -1 lines).
Hunk #2 succeeded at 505 (offset -1 lines).
Patch error occurred.

5. other kernel versions patch
If you know the net address of patch to kernel 4.XX on "x86 mm page table isolation",
would you tell me?


Thanks.

raja
Samurai
Samurai
Posts: 134
Joined: 02 May 2017, 09:51
Distribution: v3.2.2-32 and v4.0-rc1-64
Location: Chennai,India

Porteus Kernel Builder

Post#298 by raja » 11 Mar 2018, 18:41

I could not locate the open suse page on pti.c, now. I must have jotted down somewhere.

Have a look and watch the progress here...

https://www.mail-archive.com/linux-kern ... 05741.html

or at;

git://git.kernel.org/pub/scm/linux/kernel/git/joro/linux.git pti-x32-v2

Thanks.
Linux Kernel-4.4.120-32 bit; Linux kernel-4.15.7-64 bit.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#299 by neko » 12 Mar 2018, 11:13

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc5 <---NEW
The latest stable 4.15 version of the Linux kernel is: 4.15.9 <---NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.26 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.87 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.121 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.50
The latest longterm 3.18 version of the Linux kernel is: 3.18.99 (EOL) <---NEW
The latest linux-next version of the Linux kernel is: next-20180309


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note: Updating config by "make oldconfig".
[64bit 4.16-rc5]
Dell SMBIOS driver (DELL_SMBIOS) [N/m/?] (NEW) N
[32bit 4.16-rc5]
Dell SMBIOS driver (DELL_SMBIOS) [N/m/?] (NEW) N


----------------------------
@raja
The configs for 32 bit are not yet updated.



Thanks.

neko
DEV Team
DEV Team
Posts: 1177
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#300 by neko » 16 Mar 2018, 02:08

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc5
The latest stable 4.15 version of the Linux kernel is: 4.15.10 <---NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.27 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.87
The latest longterm 4.4 version of the Linux kernel is: 4.4.121
The latest longterm 4.1 version of the Linux kernel is: 4.1.50
The latest longterm 3.18 version of the Linux kernel is: 3.18.99 (EOL)
The latest linux-next version of the Linux kernel is: next-20180315


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


----------------------------
@raja
Excuse me that it is too difficult for me to modify the patch for "PTI" for 32 bit Kernel.
The configs for 32 bit are not updated.


Thanks.

Post Reply