Porteus Kernel Builder

Here is a place for your projects which are not officially supported by the Porteus Team. For example: your own kernel patched with extra features; desktops not included in the standard ISO like Gnome; base modules that are different than the standard ISO, etc...
neko
DEV Team
DEV Team
Posts: 1470
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#541 by neko » 11 May 2019, 11:05

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest stable version of the Linux kernel is: 5.1.1
The latest mainline version of the Linux kernel is: 5.1
The latest stable 5.1 version of the Linux kernel is: 5.1.1 <---NEW
The latest stable 5.0 version of the Linux kernel is: 5.0.15
The latest longterm 4.19 version of the Linux kernel is: 4.19.42
The latest longterm 4.14 version of the Linux kernel is: 4.14.118
The latest longterm 4.9 version of the Linux kernel is: 4.9.175
The latest longterm 4.4 version of the Linux kernel is: 4.4.179
The latest longterm 3.18 version of the Linux kernel is: 3.18.139 (EOL)
The latest linux-next version of the Linux kernel is: next-20190510


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" was updated.

"copy firmwares from firmware packages" function was used when build kernel.


==== Overlay FS Kernel ====
[5.1.1]
ov.v5.1.1.tar.xz (93 M)
http://www.mediafire.com/file/7ref0wb9c ... 1.1.tar.xz
md5sum: 924dd60b508c9a1bd5eb80e3062b2898 ov.v5.1.1.tar.xz

ov.crippled_sources-5.1.1-32bit.xzm (22 M)
http://www.mediafire.com/file/5sebom4ma ... -32bit.xzm
md5sum: d1f55052b6c7c02421bcedff8dc23bf0 ov.crippled_sources-5.1.1-32bit.xzm

ov.crippled_sources-5.1.1-64bit.xzm (22 M)
http://www.mediafire.com/file/vk8rc5o5a ... -64bit.xzm
md5sum: 17ec34565c46d113b05ea40622410cd4 ov.crippled_sources-5.1.1-64bit.xzm


Note 1: Compiler
Compiled by gcc-8.3.0-x86_64-1

Note 2: AUFS patch
Kernel 5.1.1 was built without AUFS patch that was not adapted correctly.

Note 3: Config
Configs were changed by "make oldconfig" command with the following spec.
<5.1.1 64bit>
PCI Express Bandwidth Change Notification (PCIE_BW) [N/y/?] (NEW) N
<5.1.1 32bit>
PCI Express Bandwidth Change Notification (PCIE_BW) [N/y/?] (NEW) N


3. Replace the kernel of another distri which uses OverlayFS/AUFS
kernel: 5.1.1 (ov.v5.1.1.tar.xz)
austrumi 4.0.2: austrumi64-4.0.2.iso (ftp://austrumi.ru.lv/austrumi64-4.0.2.iso)
austrumi 4.0.2 includes libreoffice 6.2.3.2, firefox 66.0.5 etc,.

austrumi64-4.0.2-k5.1.1.iso (453 M Kernel 5.1.1)
http://www.mediafire.com/file/3vdm853p5 ... k5.1.1.iso
md5sum: 229c218b359057122935b135cb73c082 austrumi64-4.0.2-k5.1.1.iso

=======
rm -fr Austrumi-ISO@austrumi/austrumi.fs@lib/modules
cp -a ov.v5.1.1.tar.xz@v5.1.1/64/lib/modules Austrumi-ISO@austrumi/austrumi.fs@lib/
cp -a ov.v5.1.1.tar.xz@v5.1.1/64/lib/firmware/* Austrumi-ISO@austrumi/austrumi.fs@lib/firmware/
cp ov.v5.1.1.tar.xz@v5.1.1/64/vmlinuz Austrumi-ISO@austrumi/bzImage
=======

Note : Language (cs, de, el, en, es, fr, gd, hu, it, lv, ltg, pt_br, ru, uk, ja)
"Brasil", "Český", "Deutsch", "Ελληνική", "English", "Español", "Français", "Gàidhlig",
"Italiano", "Latgalīšu", "Latviešu", "Magyar", "Occitan", "Русский", "Українська",
and includes "Japanese local" patch.


Thanks.

neko
DEV Team
DEV Team
Posts: 1470
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#542 by neko » 15 May 2019, 03:39

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest stable version of the Linux kernel is: 5.1.2
The latest mainline version of the Linux kernel is: 5.1
The latest stable 5.1 version of the Linux kernel is: 5.1.2 <---NEW
The latest stable 5.0 version of the Linux kernel is: 5.0.16 <---NEW
The latest longterm 4.19 version of the Linux kernel is: 4.19.43 <---NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.119 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.176 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.179
The latest longterm 3.18 version of the Linux kernel is: 3.18.139 (EOL)
The latest linux-next version of the Linux kernel is: next-20190514


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" was updated.

"copy firmwares from firmware packages" function was used when build kernel.


=== Simple package (vmlinuz, 000-kernel.xzm, 06-crippled_sources-NNN-XXbit.xzm) ===
[5.0.16]
32bit-kernel5.0.16.tar (86 M)
http://www.mediafire.com/file/aybch97c7 ... 5.0.16.tar
md5sum: f3d013a2931429d40c61bf2051eef111 32bit-kernel5.0.16.tar

64bit-kernel5.0.16.tar (92 M)
http://www.mediafire.com/file/68h78kmul ... 5.0.16.tar
md5sum: 8ee8a529142ba1cc6a183cf949b239aa 64bit-kernel5.0.16.tar


==== Overlay FS Kernel ====
[5.1.2]
ov.v5.1.2.tar.xz (93 M)
http://www.mediafire.com/file/4oc0q8o9w ... 1.2.tar.xz
md5sum: a5e2affd3c4c85facf631983e810f1f9 ov.v5.1.2.tar.xz

ov.crippled_sources-5.1.2-32bit.xzm (22 M)
http://www.mediafire.com/file/0ucunayiq ... -32bit.xzm
md5sum: 62e6e47899998b3eacaa57ab6d2e25d4 ov.crippled_sources-5.1.2-32bit.xzm

ov.crippled_sources-5.1.2-64bit.xzm (22 M)
http://www.mediafire.com/file/wiw3jlqnw ... -64bit.xzm
md5sum: 3cae14eaf0696b0676f4d027cad5e388 ov.crippled_sources-5.1.2-64bit.xzm


Note 1: Compiler
Compiled by gcc-8.3.0-x86_64-1

Note 2: AUFS patch
Kernel 5.0.16 was patched with AUFS_VERSION "5.0-20190311".
Kernel 5.1.2 was built without AUFS patch that was not adapted correctly.

Note 3: Config
Configs were changed by "make oldconfig" command with the following spec.
<5.1.2 64bit>
PCI Express Bandwidth Change Notification (PCIE_BW) [N/y/?] (NEW) N
<5.1.2 32bit>
PCI Express Bandwidth Change Notification (PCIE_BW) [N/y/?] (NEW) N


Thanks.

neko
DEV Team
DEV Team
Posts: 1470
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#543 by neko » 17 May 2019, 01:18

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest stable version of the Linux kernel is: 5.1.3
The latest mainline version of the Linux kernel is: 5.1
The latest stable 5.1 version of the Linux kernel is: 5.1.3 <---NEW
The latest stable 5.0 version of the Linux kernel is: 5.0.17 <---NEW
The latest longterm 4.19 version of the Linux kernel is: 4.19.44 <---NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.120 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.177 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.180 <---NEW
The latest longterm 3.18 version of the Linux kernel is: 3.18.140 (EOL) <---NEW
The latest linux-next version of the Linux kernel is: next-20190516


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" was updated.

"copy firmwares from firmware packages" function was used when build kernel.


=== Simple package (vmlinuz, 000-kernel.xzm, 06-crippled_sources-NNN-XXbit.xzm) ===
[5.1.3]
32bit-kernel5.1.3.tar (85 M)
http://www.mediafire.com/file/lu4z4pvbj ... l5.1.3.tar
md5sum: fa4fb122cdf8f2406188dfffd2d7407e 32bit-kernel5.1.3.tar

64bit-kernel5.1.3.tar (90 M)
http://www.mediafire.com/file/sl5o2oc7v ... l5.1.3.tar
md5sum: 65c2af94b718ff7cc0a1c7ee4937afd5 64bit-kernel5.1.3.tar

[5.0.17]
32bit-kernel5.0.17.tar (86 M)
http://www.mediafire.com/file/253nkv11m ... 5.0.17.tar
md5sum: 46867aa331b06eb013f6407c72e17d5d 32bit-kernel5.0.17.tar

64bit-kernel5.0.17.tar (92 M)
http://www.mediafire.com/file/gyq9wnvo7 ... 5.0.17.tar
md5sum: 8029994c3b1ecb628fbd72ebf1ae3669 64bit-kernel5.0.17.tar


==== Overlay FS Kernel ====
[5.1.3]
ov.v5.1.3.tar.xz (93 M)
http://www.mediafire.com/file/3w2lrvzvb ... 1.3.tar.xz
md5sum: 77a35e7a0405057e8af65b23055715e7 ov.v5.1.3.tar.xz

ov.crippled_sources-5.1.3-32bit.xzm (22 M)
http://www.mediafire.com/file/206w5d64n ... -32bit.xzm
md5sum: 862c377beab8e61b07040fdb5c1c75c2 ov.crippled_sources-5.1.3-32bit.xzm

ov.crippled_sources-5.1.3-64bit.xzm (22 M)
http://www.mediafire.com/file/g6chc3leh ... -64bit.xzm
md5sum: 2f8bee3d31b3c7778c4e3893b9c3ba10 ov.crippled_sources-5.1.3-64bit.xzm


Note 1: Compiler
Compiled by gcc-8.3.0-x86_64-1

Note 2: AUFS patch
Kernel 5.0.17 was patched with AUFS_VERSION "5.0-20190311".
Kernel 5.1.3 was built without AUFS patch that was not adapted correctly.

=== Kernel 5.1.3 was built with AUFS patch ===
Kernel 5.1.3 was patched with AUFS_VERSION "5.x-rcN-20190311" exclusing lockdep-debug.patch
and then fs/Kconfig was corrected.

Note 3: Config
Configs were changed by "make oldconfig" command with the following spec.
<5.1.3 64bit>
PCI Express Bandwidth Change Notification (PCIE_BW) [N/y/?] (NEW) N
<5.1.3 32bit>
PCI Express Bandwidth Change Notification (PCIE_BW) [N/y/?] (NEW) N

Note 4:
With the help of @Kriss, now Kernel 5.1.3 was built with AUFS patching.
It was uploaded.
@Kriss, thank you!!


3. "Porteus Kernel Builder" was updated to mkKernel-19.05.17-noarch-1.xzm
Please refer to Porteus Kernel Builder (Post by neko #52232)

mkKernel-19.05.17-noarch-1.xzm (52 M)
http://simosnet.com/livecd/isobuilder/k ... arch-1.xzm
md5sum: a0f44541349c6dafb43a03c75ba5eb23 mkKernel-19.05.17-noarch-1.xzm

(1) For kernel 5.1 line configs were updated for AUFS.
Configs were changed by "make oldconfig" command with the following spec.
<5.1.3 32/64bit>

Code: Select all

Aufs (Advanced multi layered unification filesystem) support (AUFS_FS) [N/m/y/?] (NEW) y
Maximum number of branches
    > 1. 127 (AUFS_BRANCH_MAX_127) (NEW)
      2. 511 (AUFS_BRANCH_MAX_511) (NEW)
      3. 1023 (AUFS_BRANCH_MAX_1023) (NEW)
      4. 32767 (AUFS_BRANCH_MAX_32767) (NEW)
    choice[1-4?]: 1
Detect direct branch access (bypassing aufs) (AUFS_HNOTIFY) [N/y/?] (NEW) y
NFS-exportable aufs (AUFS_EXPORT) [N/y/?] (NEW) y
support for XATTR/EA (including Security Labels) (AUFS_XATTR) [N/y/?] (NEW) y
File-based Hierarchical Storage Management (AUFS_FHSM) [N/y/?] (NEW) y
Readdir in userspace (AUFS_RDU) [N/y/?] (NEW) y
Workaround for rename(2)-ing a directory (AUFS_DIRREN) [N/y/?] (NEW) y
Show whiteouts (AUFS_SHWH) [N/y/?] (NEW) y
Ramfs (initramfs/rootfs) as an aufs branch (AUFS_BR_RAMFS) [N/y/?] (NEW) y
Fuse fs as an aufs branch (AUFS_BR_FUSE) [N/y/?] (NEW) y
Hfsplus as an aufs branch (AUFS_BR_HFSPLUS) [Y/n/?] (NEW) y
Debug aufs (AUFS_DEBUG) [N/y/?] (NEW) n
(2) For kernel 5.1 line, getting AUFS patch, applying it, and applying own patch are updated.
"own patch procedure" is not yet implemented.



Thanks.

User avatar
Rava
Contributor
Contributor
Posts: 2221
Joined: 11 Jan 2011, 02:46
Distribution: Porteus 4.0 x86-64 XFCe
Location: Forests of Germany

Porteus Kernel Builder

Post#544 by Rava » 19 May 2019, 18:13

zagreb please not use all caps text, on a forum that is the equivalent to shouting.

And no, neko can not convert waterfox to 32 bit. As it says on its Waterfox wikipedia entry:
Platform x64, ARM64
There is no i586 for waterfox. When you want a 32 bit alternative for Firefox, try Palemoon.
Cheers!
Yours Rava

neko
DEV Team
DEV Team
Posts: 1470
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#545 by neko » 20 May 2019, 11:04

1. "Porteus Kernel Builder" was updated to mkKernel-19.05.20-noarch-1.xzm
Please refer to Porteus Kernel Builder (Post by neko #52232)

mkKernel-19.05.20-noarch-1.xzm (5.3 M)
http://simosnet.com/livecd/isobuilder/k ... arch-1.xzm
md5sum: 8b715181870dcc2834a76d80c6982cff mkKernel-19.05.20-noarch-1.xzm

The latest mainline version of the Linux kernel 5.2-rc was added.

Configs were changed from 5.1 configs by "make oldconfig" command with the following spec.

Code: Select all

Enable kernel header artifacts through /proc/kheaders.tar.xz (IKHEADERS_PROC) [N/m/y/?] (NEW) N
Page allocator randomization (SHUFFLE_PAGE_ALLOCATOR) [N/y/?] (NEW) N
ACPI Heterogeneous Memory Attribute Table Support (ACPI_HMAT) [N/y/?] (NEW) N
Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] (NEW) N
Virtual (secure) IP: tunneling (NET_IPVTI) [N/m/y/?] (NEW) N
Virtual (secure) IPv6: tunneling (IPV6_VTI) [N/m/?] (NEW) N
MediaTek HCI SDIO driver (BT_MTKSDIO) [N/m/?] (NEW) N
Bad sector simulation target (DM_DUST) [N/m/?] (NEW) N
Xilinx devices (NET_VENDOR_XILINX) [Y/n/?] (NEW) N
MediaTek MT7615E (PCIe) support (MT7615E) [N/m/?] (NEW) N

Realtek 802.11ac wireless chips support (RTW88) [N/m/?] (NEW) m

Realtek 8822BE PCI wireless network adapter (RTW88_8822BE) [N/y/?] (NEW) N
Realtek 8822CE PCI wireless network adapter (RTW88_8822CE) [N/y/?] (NEW) N
Microchip AT42QT1050 Touch Sensor Chip (KEYBOARD_QT1050) [N/m/y/?] (NEW) N
Azoteq IQS550/572/525 trackpad/touchscreen controller (TOUCHSCREEN_IQS5XX) [N/m/y/?] (NEW) N
GPIO vibrator support (INPUT_GPIO_VIBRA) [N/m/y/?] (NEW) N
Regulator haptics support (INPUT_REGULATOR_HAPTIC) [N/m/y/?] (NEW) N
NULL TTY driver (NULL_TTY) [N/m/y/?] (NEW) N
AMD MP2 PCIe (I2C_AMD_MP2) [N/m/y/?] (NEW) N
Battery charger manager for multiple chargers (CHARGER_MANAGER) [N/y/?] (NEW) N
Analog Devices LT3651 charger (CHARGER_LT3651) [N/m/y/?] (NEW) N
Infineon IR38064 (SENSORS_IR38064) [N/m/?] (NEW) N
Intersil ISL68137 (SENSORS_ISL68137) [N/m/?] (NEW) N
Regulator support for LTC2978 and compatibles (SENSORS_LTC2978_REGULATOR) [N/y/?] (NEW) N
Regulator debug support (REGULATOR_DEBUG) [N/y/?] (NEW) N
Fixed voltage regulator support (REGULATOR_FIXED_VOLTAGE) [N/m/y/?] (NEW) N
Virtual regulator consumer support (REGULATOR_VIRTUAL_CONSUMER) [N/m/y/?] (NEW) N
Userspace regulator consumer support (REGULATOR_USERSPACE_CONSUMER) [N/m/y/?] (NEW) N
Marvell 88PG86X voltage regulators (REGULATOR_88PG86X) [N/m/y/?] (NEW) N
Active-semi act8865 voltage regulator (REGULATOR_ACT8865) [N/m/y/?] (NEW) N
Analog Devices AD5398/AD5821 regulators (REGULATOR_AD5398) [N/m/y/?] (NEW) N
Freescale i.MX on-chip ANATOP LDO regulators (REGULATOR_ANATOP) [N/m/y/?] (NEW) N
X-POWERS AXP20X PMIC Regulators (REGULATOR_AXP20X) [N/m/?] (NEW) N
Dialog Semiconductor DA9210 regulator (REGULATOR_DA9210) [N/m/y/?] (NEW) N
Dialog Semiconductor DA9211/DA9212/DA9213/DA9223/DA9214/DA9224/DA9215/DA9225 regulator (REGULATOR_DA9211) [N/m/y/?] (NEW) N
Fairchild FAN53555 Regulator (REGULATOR_FAN53555) [N/m/y/?] (NEW) N
GPIO regulator support (REGULATOR_GPIO) [N/m/y/?] (NEW) N
Intersil ISL9305 regulator (REGULATOR_ISL9305) [N/m/y/?] (NEW) N
Intersil ISL6271A Power regulator (REGULATOR_ISL6271A) [N/m/y/?] (NEW) N
National Semiconductors LP3971 PMIC regulator driver (REGULATOR_LP3971) [N/m/y/?] (NEW) N
National Semiconductors LP3972 PMIC regulator driver (REGULATOR_LP3972) [N/m/y/?] (NEW) N
TI/National Semiconductor LP8720/LP8725 voltage regulators (REGULATOR_LP872X) [N/m/y/?] (NEW) N
TI LP8755 High Performance PMU driver (REGULATOR_LP8755) [N/m/y/?] (NEW) N
LTC3589 8-output voltage regulator (REGULATOR_LTC3589) [N/m/y/?] (NEW) N
LTC3676 8-output voltage regulator (REGULATOR_LTC3676) [N/m/y/?] (NEW) N
Maxim 1586/1587 voltage regulator (REGULATOR_MAX1586) [N/m/y/?] (NEW) N
Maxim 8649 voltage regulator (REGULATOR_MAX8649) [N/m/y/?] (NEW) N
Maxim 8660/8661 voltage regulator (REGULATOR_MAX8660) [N/m/y/?] (NEW) N
Maxim MAX8952 Power Management IC (REGULATOR_MAX8952) [N/m/y/?] (NEW) N
MediaTek MT6311 PMIC (REGULATOR_MT6311) [N/m/y/?] (NEW) N
Freescale PFUZE100/200/3000/3001 regulator driver (REGULATOR_PFUZE100) [N/m/y/?] (NEW) N
Powerventure Semiconductor PV88060 regulator (REGULATOR_PV88060) [N/m/y/?] (NEW) N
Powerventure Semiconductor PV88080 regulator (REGULATOR_PV88080) [N/m/y/?] (NEW) N
Powerventure Semiconductor PV88090 regulator (REGULATOR_PV88090) [N/m/y/?] (NEW) N
PWM voltage regulator (REGULATOR_PWM) [N/m/y/?] (NEW) N
TI TPS51632 Power Regulator (REGULATOR_TPS51632) [N/m/y/?] (NEW) N
TI TPS6236x Power Regulator (REGULATOR_TPS62360) [N/m/y/?] (NEW) N
TI TPS65023 Power regulators (REGULATOR_TPS65023) [N/m/y/?] (NEW) N
TI TPS6507X Power regulators (REGULATOR_TPS6507X) [N/m/y/?] (NEW) N
TI TPS65086 Power regulators (REGULATOR_TPS65086) [N/m/?] (NEW) N
TI TPS65132 Dual Output Power regulators (REGULATOR_TPS65132) [N/m/y/?] (NEW) N
TI TPS6524X Power regulators (REGULATOR_TPS6524X) [N/m/y/?] (NEW) N
TI TPS65912 Power regulator (REGULATOR_TPS65912) [N/m/?] (NEW) N
V4L2 sub-device userspace API (VIDEO_V4L2_SUBDEV_API) [N/y/?] (NEW) N
OmniVision OV2680 sensor support (VIDEO_OV2680) [N/m/y/?] (NEW) N
OmniVision OV2685 sensor support (VIDEO_OV2685) [N/m/y/?] (NEW) N
AD5820 lens voice coil support (VIDEO_AD5820) [N/m/y/?] (NEW) N
ADP1653 flash support (VIDEO_ADP1653) [N/m/y/?] (NEW) N
LM3560 dual flash driver support (VIDEO_LM3560) [N/m/y/?] (NEW) N
LM3646 dual flash driver support (VIDEO_LM3646) [N/m/y/?] (NEW) N

Nouveau legacy context support (NOUVEAU_LEGACY_CTX_SUPPORT) [Y/n/?] (NEW) Y

3dfx Banshee/Voodoo3+ (DRM_TDFX) [N/m/y/?] (NEW) N
ATI Rage 128 (DRM_R128) [N/m/y/?] (NEW) N
Matrox g200/g400 (DRM_MGA) [N/m/y/?] (NEW) N
SiS video cards (DRM_SIS) [N/m/y/?] (NEW) N
Via unichrome video cards (DRM_VIA) [N/m/y/?] (NEW) N
Savage video cards (DRM_SAVAGE) [N/m/y/?] (NEW) N
Macally devices (HID_MACALLY) [N/m/y/?] (NEW) N
U2F Zero LED and RNG support (HID_U2FZERO) [N/m/?] (NEW) N

Host Firmware Load feature for Intel ISH (INTEL_ISH_FIRMWARE_DOWNLOADER) [N/m/?] (NEW) m

LCD Backlight driver for LM3532 (LEDS_LM3532) [N/m/?] (NEW) N
REGULATOR driven LED support (LEDS_REGULATOR) [N/m/?] (NEW) N
Fieldbus Device Support (FIELDBUS_DEV) [N/m/y/?] (NEW) N
Daktronics KPC Device support (KPC2000) [N/y/?] (NEW) N
SiFive SoC driver support (CLK_SIFIVE) [N/y/?] (NEW) N
IXP4xx Queue Manager support (IXP4XX_QMGR) [N/m/y/?] (NEW) N
IXP4xx Network Processor Engine support (IXP4XX_NPE) [N/m/y/?] (NEW) N

/sys/bus/nvmem/devices/*/nvmem (sysfs interface) (NVMEM_SYSFS) [Y/n/?] (NEW) Y

Counter support (COUNTER) [N/m/y/?] (NEW) N

UTF-8 normalization and casefolding support (UNICODE) [N/y/?] (NEW) y

Test UTF-8 normalization support (UNICODE_NORMALIZATION_SELFTEST) [N/m/y/?] (NEW) N
EC-RDSA (GOST 34.10) algorithm (CRYPTO_ECRDSA) [N/m/y/?] (NEW) N
Generic bitfield packing and unpacking (PACKING) [N/y/?] (NEW) N
Miscellaneous debug code (DEBUG_MISC) [Y/n/?] (NEW) N
Debug priority linked list manipulation (DEBUG_PLIST) [N/y/?] (NEW) N
Test strscpy*() family of functions at runtime (TEST_STRSCPY) [N/m/y/?] (NEW) N

2. current kernel version
[from https://www.kernel.org/finger_banner]
The latest stable version of the Linux kernel is: 5.1.3
The latest mainline version of the Linux kernel is: 5.2-rc1 <---NEW
The latest stable 5.1 version of the Linux kernel is: 5.1.3
The latest stable 5.0 version of the Linux kernel is: 5.0.17
The latest longterm 4.19 version of the Linux kernel is: 4.19.44
The latest longterm 4.14 version of the Linux kernel is: 4.14.120
The latest longterm 4.9 version of the Linux kernel is: 4.9.177
The latest longterm 4.4 version of the Linux kernel is: 4.4.180
The latest longterm 3.18 version of the Linux kernel is: 3.18.140 (EOL)
The latest linux-next version of the Linux kernel is: next-20190520


3. NEW Example of updated kernel that was built by "Porteus Kernel builder" was updated.

"copy firmwares from firmware packages" function was used when build kernel.


=== Simple package (vmlinuz, 000-kernel.xzm, 06-crippled_sources-NNN-XXbit.xzm) ===
[5.2-rc1]
32bit-kernel5.2-rc1.tar (85 M)
http://www.mediafire.com/file/m4xlq3vbc ... .2-rc1.tar
md5sum: 2b367e073bf7fc0785ca8db74bc8d3cf 32bit-kernel5.2-rc1.tar

64bit-kernel5.2-rc1.tar (90 M)
http://www.mediafire.com/file/197ezi0a0 ... .2-rc1.tar
md5sum: da4e412cf7d1cc2d64f8817a2511bc55 64bit-kernel5.2-rc1.tar


Note 1: Compiler
Compiled by gcc-8.3.0-x86_64-1

Note 2: AUFS patch
Kernel 5.2-rc1 was patched with AUFS_VERSION "5.x-rcN-20190520".
Kernel 5.1 line will be patched with AUFS_VERSION "5.1-20190520" correctly.

Note 3: "fs/aufs/hfsnotify.c" syntax error

Code: Select all

fs/aufs/hfsnotify.c:206:19: error: initialization of 'int (*)(struct fsnotify_group *, struct inode *, u32,  const void *, int,  const struct qstr *, u32,  struct fsnotify_iter_info *)' {aka 'int (*)(struct fsnotify_group *, struct inode *, unsigned int,  const void *, int,  const struct qstr *, unsigned int,  struct fsnotify_iter_info *)'} from incompatible pointer type 'int (*)(struct fsnotify_group *, struct inode *, u32,  const void *, int,  const unsigned char *, u32,  struct fsnotify_iter_info *)' {aka 'int (*)(struct fsnotify_group *, struct inode *, unsigned int,  const void *, int,  const unsigned char *, unsigned int,  struct fsnotify_iter_info *)'} [-Werror=incompatible-pointer-types]
  .handle_event  = au_hfsn_handle_event,
                   ^~~~~~~~~~~~~~~~~~~~
fs/aufs/hfsnotify.c:206:19: note: (near initialization for 'au_hfsn_ops.handle_event')
cc1: some warnings being treated as errors
AUFS patch was applied correctly but an AUFS source file has a syntax error.

"struct fsnotify_ops" definition in "include/linux/fsnotify_backend.h" of Kernel 5.2-rc1 was changed.
const unsigned char *file_name ---> const struct qstr *file_name
But AUFS source was not corresponded to this change.

It was fixed as followed.

Code: Select all

% diff old.hfsnotify.c new.hfsnotify.c
165c165
< 				const unsigned char *file_name, u32 cookie,
---
> 				const struct qstr *qstrfile_name, u32 cookie,
167a168,169
> 	const unsigned char *file_name;
> 	file_name = (*qstrfile_name).name;
%
This fix is not assuranced.



Thanks.

User avatar
Blaze
DEV Team
DEV Team
Posts: 2423
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus current ☯ all DEs ☯
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

Porteus Kernel Builder

Post#546 by Blaze » 20 May 2019, 16:19

Hi neko,

can you set y
by default for

Code: Select all

Streebog Hash Function (CRYPTO_STREEBOG) [N/m/y/?] (NEW) N
?
Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian cryptographic standard algorithms (called GOST algorithms).
I (at my job) and a lot of users is use this cryptographic for open many Russian government portals.
Please believe me it's very important thing in Russia...

Thank you so much!

Regards,
Blaze
Linux 5.2.0-rc1-porteus #1 SMP PREEMPT Tue May 21 08:26:55 UTC 2019 x86_64 Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Tobago PRO [Radeon R7 360 / R9 360 OEM] (rev 81) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

neko
DEV Team
DEV Team
Posts: 1470
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#547 by neko » 21 May 2019, 02:20

@Blaze
"can you set y ....?"
--->
Yes, I can.

I will rebuild kernel 5.2-rc1 by new config and upload them.
=== Simple package (vmlinuz, 000-kernel.xzm, 06-crippled_sources-NNN-XXbit.xzm) ===
[5.2-rc1]
32bit-kernel5.2-rc1-2.tar (85 M)
http://www.mediafire.com/file/iy4s9jkcq ... -rc1-2.tar
md5sum: 676396c41cad5f3ea560a0a342151915 32bit-kernel5.2-rc1-2.tar

64bit-kernel5.2-rc1-2.tar (90 M)
http://www.mediafire.com/file/ivc9asxrt ... -rc1-2.tar
md5sum: dbe0baebe4dd02a9ce7c641008ac13e8 64bit-kernel5.2-rc1-2.tar

Other kernel version will be built by new config at the kernel update.

New configs that will be included in "Kernel Builder" tool will be uploaded at next update.
=== OLD ===

Code: Select all

# grep CONFIG_CRYPTO_STREEBOG /usr/local/share/mkKernel/lib/v*/*.config
/usr/local/share/mkKernel/lib/v5.0-rc/32bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.0-rc/64bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.0/32bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.0/64bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.1-rc/32bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.1-rc/64bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.1/32bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.1/64bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.2-rc/32bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.2-rc/64bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.2/32bit.config:# CONFIG_CRYPTO_STREEBOG is not set
/usr/local/share/mkKernel/lib/v5.2/64bit.config:# CONFIG_CRYPTO_STREEBOG is not set
#
=== NEW ===

Code: Select all

# grep CONFIG_CRYPTO_STREEBOG mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v*/*.config
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.0-rc/32bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.0-rc/64bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.0/32bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.0/64bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.1-rc/32bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.1-rc/64bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.1/32bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.1/64bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.2-rc/32bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.2-rc/64bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.2/32bit.config:CONFIG_CRYPTO_STREEBOG=y
mkKernel-19.05.21-noarch-1/usr/local/share/mkKernel/lib/v5.2/64bit.config:CONFIG_CRYPTO_STREEBOG=y
#
set with "make menuconfig" command as following operation.
--->Cryptographic API
< > Streebog Hash Function
input 'y' in < >


Note:
Everytime as setting new config, almost every new item is set to N.
The reason is to prevent the kernel size from increasing.


Thanks.

User avatar
Blaze
DEV Team
DEV Team
Posts: 2423
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus current ☯ all DEs ☯
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

Porteus Kernel Builder

Post#548 by Blaze » 21 May 2019, 19:23

neko, I thought that Streebog is a as a cipher in the kernel. But Streebog is only hash function as module in kernel and not implemented as a cipher :(
For it need to use https://github.com/deemru/openssl.git (patched) and gostengy >>> Установка и настройка КриптоПро CSP в Porteus Linux (Пост Blaze #66795)

I am so sorry for it. You can disable Streebog Hash Function - since it does not provide value.

Thanks.
Linux 5.2.0-rc1-porteus #1 SMP PREEMPT Tue May 21 08:26:55 UTC 2019 x86_64 Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Tobago PRO [Radeon R7 360 / R9 360 OEM] (rev 81) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

User avatar
Rava
Contributor
Contributor
Posts: 2221
Joined: 11 Jan 2011, 02:46
Distribution: Porteus 4.0 x86-64 XFCe
Location: Forests of Germany

Porteus Kernel Builder

Post#549 by Rava » 21 May 2019, 20:37

neko wrote:
17 May 2019, 01:18
=== Simple package (vmlinuz, 000-kernel.xzm, 06-crippled_sources-NNN-XXbit.xzm) ===
[5.1.3]
32bit-kernel5.1.3.tar (85 M)
http://www.mediafire.com/file/lu4z4pvbj ... l5.1.3.tar
md5sum: fa4fb122cdf8f2406188dfffd2d7407e 32bit-kernel5.1.3.tar

64bit-kernel5.1.3.tar (90 M)
http://www.mediafire.com/file/sl5o2oc7v ... l5.1.3.tar
md5sum: 65c2af94b718ff7cc0a1c7ee4937afd5 64bit-kernel5.1.3.tar
I presume this kernel is already fixed against zombieload?

https://www.zdnet.com/article/linux-vs-zombieload/
Greg Kroah-Hartman, the stable Linux kernel maintainer, bluntly wrote:

I'm announcing the release of the 5.1.2 kernel.
All users of the 5.1 kernel series must upgrade. Well, kind of, let me rephrase that...
All users of Intel processors made since 2011 must upgrade.
Cheers!
Yours Rava

neko
DEV Team
DEV Team
Posts: 1470
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#550 by neko » 22 May 2019, 01:15

@Blaze
No broblem.
I have updated 5.xx configs.
The kernel size doesn't grow bigger.
I don't be care.

@Rava
I don't know the problem.
Could you check it with the build example kernel 5.1.3 that was uploaded ?
And would you tell me the result ?


Thanks.

User avatar
Rava
Contributor
Contributor
Posts: 2221
Joined: 11 Jan 2011, 02:46
Distribution: Porteus 4.0 x86-64 XFCe
Location: Forests of Germany

Porteus Kernel Builder

Post#551 by Rava » 22 May 2019, 01:23

neko wrote:
22 May 2019, 01:15
I don't know the problem.
I put in the link with info about the zombieload….
neko wrote:
22 May 2019, 01:15
Could you check it with the build example kernel 5.1.3 that was uploaded ?
And would you tell me the result ?
If I knew about some test that checks for this vulnerability like the heartbleed test script, but for now at least I have not found such script. But I only found out about zombieload yesterday. I can keep you updated on that matter if you like.

I found https://securityonline.info/zombieload- ... y-chekcer/ (sic! Is is called chekcer for some reason, and it claims to be
pectre (sic!), Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD
(sic! added by me)
but in reality, it is just info about the well known Spectre & Meltdown Checker.

And, unlike its name, I just downloaded the newest version "Spectre and Meltdown mitigation detection tool v0.41" and it does - unlike its name - indeed test for, among others, ZombieLoad.

And some Spectre & Meltdown Checker errors seem indeed be kernel related (currently running 4.20.5-porteus)
> STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the vulnerability)

> How to fix: To mitigate this vulnerability, you need either IBRS + IBPB, both requiring hardware support from your CPU microcode in addition to kernel support, or a kernel compiled with retpoline and IBPB, with retpoline requiring a retpoline-aware compiler (re-run this script with -v to know if your version of gcc is retpoline-aware) and IBPB requiring hardware support from your CPU microcode. The retpoline + IBPB approach is generally preferred as the performance impact is lower. More information about how to enable the missing bits for those two possible mitigations on your system follow. You only need to take one of the two approaches.

> How to fix: The microcode of your CPU needs to be upgraded to be able to use IBPB. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). An updated CPU microcode will have IBRS/IBPB capabilities indicated in the Hardware Check section above. If you're running under a hypervisor (KVM, Xen, VirtualBox, VMware, ...), the hypervisor needs to be up to date to be able to export the new host CPU flags to the guest. You can run this script on the host to check if the host CPU is IBRS/IBPB. If it is, and it doesn't show up in the guest, upgrade the hypervisor. You may need to reconfigure your VM to use a CPU model that has IBRS capability; in Libvirt, such CPUs are listed with an IBRS suffix.

> How to fix: Your kernel doesn't have IBPB support, so you need to either upgrade your kernel (if you're using a distro) or recompiling a more recent kernel.

> How to fix: The microcode of your CPU needs to be upgraded to be able to use IBRS. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). An updated CPU microcode will have IBRS/IBPB capabilities indicated in the Hardware Check section above. If you're running under a hypervisor (KVM, Xen, VirtualBox, VMware, ...), the hypervisor needs to be up to date to be able to export the new host CPU flags to the guest. You can run this script on the host to check if the host CPU is IBRS/IBPB. If it is, and it doesn't show up in the guest, upgrade the hypervisor. You may need to reconfigure your VM to use a CPU model that has IBRS capability; in Libvirt, such CPUs are listed with an IBRS suffix.

> How to fix: Your kernel doesn't have IBRS support, so you need to either upgrade your kernel (if you're using a distro) or recompiling a more recent kernel.
Cheers!
Yours Rava

neko
DEV Team
DEV Team
Posts: 1470
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#552 by neko » 22 May 2019, 06:50

@Rava
I have tested the example build kernel 5.2-rc1 with "spectre-meltdown-checker-0.41" that was told to me.
The result is as followed.

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* CPU supports the MD_CLEAR functionality: NO
* Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

[How to test]

Code: Select all

$ wget -c https://codeload.github.com/speed47/spectre-meltdown-checker/tar.gz/v0.41
$ tar -xzf v0.41
$ cd spectre-meltdown-checker-0.41
$ sudo cp APorteus-MULT_ja-v19.05.21-x86_64/boot/syslinux/vmlinuz /boot/
$ sudo modprobe configs
$ sudo ./spectre-meltdown-checker.sh -v --explain
Spectre and Meltdown mitigation detection tool v0.41

Checking for vulnerabilities on current system
Kernel is Linux 5.2.0-rc1-porteus #1 SMP PREEMPT Mon May 20 16:51:18 UTC 2019 x86_64
CPU is Intel(R) Celeron(R) N4100 CPU @ 1.10GHz
Will use kernel image /boot/vmlinuz
Will use kconfig /proc/config.gz (decompressed)
Will use no System.map file (accuracy might be reduced)
We're missing some kernel info (see -v), accuracy might be reduced
Kernel image is Linux version 5.2.0-rc1-porteus (root@porteus) (gcc version 8.3.0 (GCC)) #1 SMP PREEMPT Mon May 20 16:51:18 UTC 2019

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  YES 
    * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  YES 
    * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  YES 
    * CPU indicates STIBP capability:  YES  (Intel STIBP feature bit)
  * Speculative Store Bypass Disable (SSBD)
    * CPU indicates SSBD capability:  NO 
  * L1 data cache invalidation
    * FLUSH_CMD MSR is available:  NO 
    * CPU indicates L1D flush capability:  NO 
  * Microarchitecture Data Sampling
    * VERW instruction is available:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  YES 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  YES 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO 
  * CPU/Hypervisor indicates L1D flushing is not necessary on this system:  NO 
  * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA):  NO 
  * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDC_NO):  NO 
  * CPU supports Software Guard Extensions (SGX):  YES 
  * CPU microcode is known to cause stability problems:  NO  (model 0x7a family 0x6 stepping 0x1 ucode 0x22 cpuid 0x706a1)
  * CPU microcode is the latest known available version:  NO  (latest version is 0x2e dated 2019/01/02 according to builtin MCExtractor DB v110 - 2019/05/11)
* CPU vulnerability to the speculative execution attack variants
  * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES 
  * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES 
  * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  YES 
  * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  YES 
  * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES 
  * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO 
  * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  NO 
  * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  NO 
  * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  NO 
  * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  NO 
  * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  NO 
  * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  NO 

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
* Kernel has mask_nospec64 (arm64):  NO 
* Checking count of LFENCE instructions following a jump in kernel...  NO  (only 4 jump-then-lfence instructions found, should be >= 30 (heuristic))
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface:  YES  (Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES  (found IBRS in sysfs)
    * IBRS enabled and active:  YES 
  * Kernel is compiled with IBPB support:  YES  (IBPB found enabled in sysfs)
    * IBPB enabled and active:  YES 
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO 
  * Kernel compiled with retpoline option:  YES 
    * Local gcc is retpoline-aware:  YES 
  * Kernel supports RSB filling:  YES 
> STATUS:  NOT VULNERABLE  (IBRS + IBPB are mitigating the vulnerability)

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI):  YES  (found 'CONFIG_PAGE_TABLE_ISOLATION=y')
  * PTI enabled and active:  YES 
  * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability:  NO 
> STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate this vulnerability)

> How to fix: The microcode of your CPU needs to be upgraded to mitigate this vulnerability.
 This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot).
 If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel.
 Availability of a microcode update for you CPU model depends on your CPU vendor.
 You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section).
 The microcode update is enough, there is no additional OS, kernel or software change needed.

CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface:  NO  (Vulnerable)
* Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)
* SSB mitigation is enabled and active:  NO 
> STATUS:  VULNERABLE  (Your CPU doesn't support SSBD)

> How to fix: Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use.
 The microcode of your CPU hence needs to be upgraded.
 This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot).
 If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel.
 Availability of a microcode update for you CPU model depends on your CPU vendor.
 You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section).

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface:  YES  (Not affected)
* Kernel supports PTE inversion:  YES  (found in kernel image)
* PTE inversion enabled and active:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: 
* This system is a host running a hypervisor:  NO 
* Mitigation 1 (KVM)
  * EPT is disabled:  NO 
* Mitigation 2
  * L1D flush is supported by kernel:  YES  (found flush_l1d in kernel image)
  * L1D flush enabled:  UNKNOWN  (unrecognized mode)
  * Hardware-backed L1D flush supported:  NO  (flush will be done in software, this is slower)
  * Hyper-Threading (SMT) is enabled:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface:  YES  (Not affected)
* CPU supports the MD_CLEAR functionality:  NO 
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO 
* SMT is either mitigated or disabled:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface:  YES  (Not affected)
* CPU supports the MD_CLEAR functionality:  NO 
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO 
* SMT is either mitigated or disabled:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface:  YES  (Not affected)
* CPU supports the MD_CLEAR functionality:  NO 
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO 
* SMT is either mitigated or disabled:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface:  YES  (Not affected)
* CPU supports the MD_CLEAR functionality:  NO 
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO 
* SMT is either mitigated or disabled:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK

We're missing some kernel info (see -v), accuracy might be reduced
A false sense of security is worse than no security at all, see --disclaimer
$

Thanks.

User avatar
Rava
Contributor
Contributor
Posts: 2221
Joined: 11 Jan 2011, 02:46
Distribution: Porteus 4.0 x86-64 XFCe
Location: Forests of Germany

Porteus Kernel Builder

Post#553 by Rava » 22 May 2019, 06:59

Thanks for checking it out. Image
neko wrote:
22 May 2019, 06:50

Code: Select all

We're missing some kernel info (see -v), accuracy might be reduced
I wonder, that you of all people get this error as well. O__o
Cheers!
Yours Rava

neko
DEV Team
DEV Team
Posts: 1470
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#554 by neko » 22 May 2019, 10:51

@Rava
To delete this warning, kernel should be rebuilt with the config that is set to CONFIG_KALLSYMS=y.
Then copy System.map in Kernel source directory to /boot/System.map-$(uname -r).

Code: Select all

$ grep CONFIG_KALLSYMS /usr/local/share/mkKernel/lib/v*/*.config
/usr/local/share/mkKernel/lib/v3.18/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v3.18/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v3.2/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v3.2/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.1/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.1/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.10/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.10/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.11/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.11/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.12/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.12/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.13/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.13/32bit.ov.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.13/32bit.v4.13-rc6.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.13/32bit.v4.13.2.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.13/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.13/64bit.ov.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.13/64bit.v4.13-rc6.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.13/64bit.v4.13.2.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.14/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.14/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.15/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.15/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16-rc/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16-rc/32bit.org-18.05.13.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16-rc/32bit.org-18.05.13.i586.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16-rc/32bit.org.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16-rc/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16-rc/64bit.org-18.05.13.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16-rc/64bit.org.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16/32bit.org-18.05.13.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16/32bit.org-18.05.13.i586.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16/32bit.org.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16/64bit.org-18.05.13.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.16/64bit.org.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.17/32bit.NVIDIA.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.17/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.17/32bit.old.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.17/64bit.NVIDIA.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.17/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.17/64bit.old.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.18-rc/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.18-rc/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.18/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.18/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.19/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.19/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.20/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.20/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.4/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.4/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.7/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.7/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.8/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.8/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.9/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.9/4.9.0-64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.9/4.9.77-32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.9/4.9.80-64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v4.9/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.0-rc/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.0-rc/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.0/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.0/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.1-rc/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.1-rc/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.1/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.1/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.2-rc/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.2-rc/64bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.2/32bit.config:# CONFIG_KALLSYMS is not set
/usr/local/share/mkKernel/lib/v5.2/64bit.config:# CONFIG_KALLSYMS is not set
$

Thanks.

User avatar
Rava
Contributor
Contributor
Posts: 2221
Joined: 11 Jan 2011, 02:46
Distribution: Porteus 4.0 x86-64 XFCe
Location: Forests of Germany

Porteus Kernel Builder

Post#555 by Rava » 22 May 2019, 13:04

^
Thanks for the heads up, but when you recall I not even managed to get a simple kernel compiled without any extra secuity enhancement that would work for my NVIDIA driver for the testing Porteus (you recall the issue with the miss.-matched gcc versions between the kernel and the system + provided gcc.), so that I had to revert to an older kernel while using the newer testing modules outside of vmlinuz_Porteus and 000-kernel, that is. Image
Cheers!
Yours Rava

Post Reply