import OL kernel-6.12.0-55.19.1.0.1.el10_0

2025-07-07 15:06:37 +00:00 · 2025-07-07 15:06:37 +00:00 · f0c672cccf
commit f0c672cccf
parent 76be8e3818
30 changed files with 378 additions and 137 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,8 +1,9 @@
-fedoraimaca.x509
-kernel-abi-stablelists-6.12.0-55.9.1.el10_0.tar.xz
-kernel-kabi-dw-6.12.0-55.9.1.el10_0.tar.xz
-linux-6.12.0-55.9.1.el10_0.tar.xz
+kernel-abi-stablelists-6.12.0-55.19.1.el10_0.tar.xz
+kernel-kabi-dw-6.12.0-55.19.1.el10_0.tar.xz
+linux-6.12.0-55.19.1.el10_0.tar.xz
 nvidiagpuoot001.x509
+olima1.x509
+olimaca1.x509
 redhatsecureboot501.cer
 redhatsecurebootca5.cer
 rheldup3.x509
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@ -12,7 +12,7 @@ RHEL_MINOR = 0
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 55.9.1
+RHEL_RELEASE = 55.19.1

 #
 # RHEL_REBASE_NUM
--- a/bug37756650-nvme-pci-remove-two-deallocate-zeroes-quirks.patch
+++ b/bug37756650-nvme-pci-remove-two-deallocate-zeroes-quirks.patch
@ -0,0 +1,44 @@
+From b0de5456e201c475d6a860ceeb3ed8ee2923695a Mon Sep 17 00:00:00 2001
+From: Keith Busch <kbusch@kernel.org>
+Date: Mon, 2 Dec 2024 09:45:48 -0800
+Subject: [PATCH] nvme-pci: remove two deallocate zeroes quirks
+
+The quirk was initially used as a signal to set the discard_zeroes_data
+queue limit because there were some use cases that relied on that
+behavior. The queue limit no longer exists as every user of it has been
+converted to use the write zeroes operation instead.
+
+The quirk now means to use a discard command as an alias to a write
+zeroes request. Two of the devices previously using the quirk support
+the write zeroes command directly, so these don't need or want to use
+discard when the desired operation is to write zeroes.
+
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Keith Busch <kbusch@kernel.org>
+
+Orabug: 37756650
+
+Modified-by: Alex Burmashev <alexander.burmashev@oracle.com>
+Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
+---
+ drivers/nvme/host/pci.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
+index 4c644bb7f06927..9535e35ef18a56 100644
+--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
+@@ -3588,12 +3588,10 @@ static const struct pci_device_id nvme_id_table[] = {
+ 				NVME_QUIRK_DEALLOCATE_ZEROES, },
+ 	{ PCI_VDEVICE(INTEL, 0x0a54),	/* Intel P4500/P4600 */
+ 		.driver_data = NVME_QUIRK_STRIPE_SIZE |
+-				NVME_QUIRK_DEALLOCATE_ZEROES |
+ 				NVME_QUIRK_IGNORE_DEV_SUBNQN |
+ 				NVME_QUIRK_BOGUS_NID, },
+ 	{ PCI_VDEVICE(INTEL, 0x0a55),	/* Dell Express Flash P4600 */
+-		.driver_data = NVME_QUIRK_STRIPE_SIZE |
+-				NVME_QUIRK_DEALLOCATE_ZEROES, },
+		.driver_data = NVME_QUIRK_STRIPE_SIZE, },
+ 	{ PCI_VDEVICE(INTEL, 0xf1a5),	/* Intel 600P/P3100 */
+ 		.driver_data = NVME_QUIRK_NO_DEEPEST_PS |
+ 				NVME_QUIRK_MEDIUM_PRIO_SQ |
--- a/kernel-aarch64-64k-debug-rhel.config
+++ b/kernel-aarch64-64k-debug-rhel.config
@ -3361,7 +3361,7 @@ CONFIG_KUNIT_TEST=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM=y
 # CONFIG_KXCJK1013 is not set
@ -8166,7 +8166,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-aarch64-64k-rhel.config
+++ b/kernel-aarch64-64k-rhel.config
@ -3340,7 +3340,7 @@ CONFIG_KUNIT_TEST=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM=y
 # CONFIG_KXCJK1013 is not set
@ -8141,7 +8141,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-aarch64-automotive-debug-rhel.config
+++ b/kernel-aarch64-automotive-debug-rhel.config
@ -3595,7 +3595,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_MMU_AUDIT is not set
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM=y
 # CONFIG_KXCJK1013 is not set
@ -8941,7 +8941,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-aarch64-automotive-rhel.config
+++ b/kernel-aarch64-automotive-rhel.config
@ -3574,7 +3574,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_MMU_AUDIT is not set
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM=y
 # CONFIG_KXCJK1013 is not set
@ -8916,7 +8916,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-aarch64-debug-rhel.config
+++ b/kernel-aarch64-debug-rhel.config
@ -3358,7 +3358,7 @@ CONFIG_KUNIT_TEST=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM=y
 # CONFIG_KXCJK1013 is not set
@ -8162,7 +8162,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-aarch64-rhel.config
+++ b/kernel-aarch64-rhel.config
@ -3337,7 +3337,7 @@ CONFIG_KUNIT_TEST=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM=y
 # CONFIG_KXCJK1013 is not set
@ -8137,7 +8137,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-aarch64-rt-64k-debug-rhel.config
+++ b/kernel-aarch64-rt-64k-debug-rhel.config
@ -3402,7 +3402,7 @@ CONFIG_KUNIT_TEST=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM=y
 # CONFIG_KXCJK1013 is not set
@ -8215,7 +8215,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-aarch64-rt-64k-rhel.config
+++ b/kernel-aarch64-rt-64k-rhel.config
@ -3381,7 +3381,7 @@ CONFIG_KUNIT_TEST=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM=y
 # CONFIG_KXCJK1013 is not set
@ -8190,7 +8190,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-aarch64-rt-debug-rhel.config
+++ b/kernel-aarch64-rt-debug-rhel.config
@ -3399,7 +3399,7 @@ CONFIG_KUNIT_TEST=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM=y
 # CONFIG_KXCJK1013 is not set
@ -8211,7 +8211,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-aarch64-rt-rhel.config
+++ b/kernel-aarch64-rt-rhel.config
@ -3378,7 +3378,7 @@ CONFIG_KUNIT_TEST=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM=y
 # CONFIG_KXCJK1013 is not set
@ -8186,7 +8186,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-ppc64le-debug-rhel.config
+++ b/kernel-ppc64le-debug-rhel.config
@ -3028,7 +3028,7 @@ CONFIG_KVM_GUEST=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM_XICS=y
 # CONFIG_KXCJK1013 is not set
@ -7605,7 +7605,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-ppc64le-rhel.config
+++ b/kernel-ppc64le-rhel.config
@ -3008,7 +3008,7 @@ CONFIG_KVM_GUEST=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 CONFIG_KVM_XICS=y
 # CONFIG_KXCJK1013 is not set
@ -7582,7 +7582,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-s390x-debug-rhel.config
+++ b/kernel-s390x-debug-rhel.config
@ -3004,7 +3004,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 # CONFIG_KVM_S390_UCONTROL is not set
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 # CONFIG_KXCJK1013 is not set
 # CONFIG_KXSD9 is not set
@ -7587,7 +7587,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-s390x-rhel.config
+++ b/kernel-s390x-rhel.config
@ -2984,7 +2984,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 # CONFIG_KVM_S390_UCONTROL is not set
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 # CONFIG_KXCJK1013 is not set
 # CONFIG_KXSD9 is not set
@ -7564,7 +7564,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-s390x-zfcpdump-rhel.config
+++ b/kernel-s390x-zfcpdump-rhel.config
@ -2992,7 +2992,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 # CONFIG_KVM_S390_UCONTROL is not set
 CONFIG_KVM_SMM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 # CONFIG_KXCJK1013 is not set
 # CONFIG_KXSD9 is not set
@ -7586,7 +7586,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 # CONFIG_WDAT_WDT is not set
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-x86_64-automotive-debug-rhel.config
+++ b/kernel-x86_64-automotive-debug-rhel.config
@ -3364,7 +3364,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
 CONFIG_KVM_SW_PROTECTED_VM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 # CONFIG_KXCJK1013 is not set
 # CONFIG_KXSD9 is not set
@ -8263,7 +8263,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 CONFIG_WDAT_WDT=m
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-x86_64-automotive-rhel.config
+++ b/kernel-x86_64-automotive-rhel.config
@ -3344,7 +3344,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
 CONFIG_KVM_SW_PROTECTED_VM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 # CONFIG_KXCJK1013 is not set
 # CONFIG_KXSD9 is not set
@ -8239,7 +8239,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 CONFIG_WDAT_WDT=m
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-x86_64-debug-rhel.config
+++ b/kernel-x86_64-debug-rhel.config
@ -3254,7 +3254,7 @@ CONFIG_KVM_MMU_AUDIT=y
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
 CONFIG_KVM_SW_PROTECTED_VM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 # CONFIG_KXCJK1013 is not set
 # CONFIG_KXSD9 is not set
@ -7998,7 +7998,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 CONFIG_WDAT_WDT=m
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-x86_64-rhel.config
+++ b/kernel-x86_64-rhel.config
@ -3234,7 +3234,7 @@ CONFIG_KVM_MMU_AUDIT=y
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
 CONFIG_KVM_SW_PROTECTED_VM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 # CONFIG_KXCJK1013 is not set
 # CONFIG_KXSD9 is not set
@ -7974,7 +7974,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 CONFIG_WDAT_WDT=m
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-x86_64-rt-debug-rhel.config
+++ b/kernel-x86_64-rt-debug-rhel.config
@ -3295,7 +3295,7 @@ CONFIG_KVM_MMU_AUDIT=y
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
 CONFIG_KVM_SW_PROTECTED_VM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 # CONFIG_KXCJK1013 is not set
 # CONFIG_KXSD9 is not set
@ -8047,7 +8047,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 CONFIG_WDAT_WDT=m
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel-x86_64-rt-rhel.config
+++ b/kernel-x86_64-rt-rhel.config
@ -3275,7 +3275,7 @@ CONFIG_KVM_MMU_AUDIT=y
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
 CONFIG_KVM_SW_PROTECTED_VM=y
-# CONFIG_KVM_WERROR is not set
+CONFIG_KVM_WERROR=y
 # CONFIG_KVM_XEN is not set
 # CONFIG_KXCJK1013 is not set
 # CONFIG_KXSD9 is not set
@ -8023,7 +8023,7 @@ CONFIG_WATCH_QUEUE=y
 # CONFIG_WCN36XX is not set
 CONFIG_WDAT_WDT=m
 # CONFIG_WDTPCI is not set
-# CONFIG_WERROR is not set
+CONFIG_WERROR=y
 # CONFIG_WFX is not set
 # CONFIG_WIL6210 is not set
 # CONFIG_WILC1000_SDIO is not set
--- a/kernel.spec
+++ b/kernel.spec
@ -98,7 +98,7 @@ Summary: The Linux kernel
 %if 0%{?fedora}
 %define secure_boot_arch x86_64
 %else
-%define secure_boot_arch x86_64 aarch64 s390x ppc64le
+%define secure_boot_arch x86_64 s390x ppc64le
 %endif

 # Signing for secure boot authentication
@ -162,15 +162,15 @@ Summary: The Linux kernel
 %define specrpmversion 6.12.0
 %define specversion 6.12.0
 %define patchversion 6.12
-%define pkgrelease 55.9.1
+%define pkgrelease 55.19.1
 %define kversion 6
-%define tarfile_release 6.12.0-55.9.1.el10_0
+%define tarfile_release 6.12.0-55.19.1.el10_0
 # This is needed to do merge window version magic
 %define patchlevel 12
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 55.9.1%{?buildid}%{?dist}
+%define specrelease 55.19.1%{?buildid}.0.1%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.12.0-55.9.1.el10_0
+%define kabiversion 6.12.0-55.19.1.el10_0

 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@ -716,6 +716,8 @@ Requires: kernel-modules-core-uname-r = %{KVERREL}
 Provides: installonlypkg(kernel)
 %endif

+Provides: oracle(kernel-sig-key) == 202502
+Conflicts: shim-x64 < 15.8-1.0.6

 #
 # List the packages used during the kernel build
@ -875,8 +877,6 @@ BuildRequires: tpm2-tools
 %if 0%{?rhel}%{?centos} && !0%{?eln}
 %if 0%{?centos}
 BuildRequires: centos-sb-certs >= 9.0-23
-%else
-BuildRequires: redhat-sb-certs >= 9.4-0.1
 %endif
 %endif
 %endif
@ -896,42 +896,11 @@ Source10: redhatsecurebootca5.cer
 Source13: redhatsecureboot501.cer

 %if %{signkernel}
-# Name of the packaged file containing signing key
-%ifarch ppc64le
-%define signing_key_filename kernel-signing-ppc.cer
-%endif
-%ifarch s390x
-%define signing_key_filename kernel-signing-s390.cer
-%endif

-# Fedora/ELN pesign macro expects to see these cert file names, see:
-# https://github.com/rhboot/pesign/blob/main/src/pesign-rpmbuild-helper.in#L216
-%if 0%{?fedora}%{?eln}
-%define pesign_name_0 redhatsecureboot501
-%define secureboot_ca_0 %{SOURCE10}
-%define secureboot_key_0 %{SOURCE13}
-%endif
-
-# RHEL/centos certs come from system-sb-certs
-%if 0%{?rhel} && !0%{?eln}
 %define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
 %define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer

-%if 0%{?centos}
-%define pesign_name_0 centossecureboot201
-%else
-%ifarch x86_64 aarch64
-%define pesign_name_0 redhatsecureboot501
-%endif
-%ifarch s390x
-%define pesign_name_0 redhatsecureboot302
-%endif
-%ifarch ppc64le
-%define pesign_name_0 redhatsecureboot701
-%endif
-%endif
-# rhel && !eln
-%endif
+%define pesign_name_0 OracleLinuxSecureBootKey3

 # signkernel
 %endif
@ -1008,7 +977,10 @@ Source102: nvidiagpuoot001.x509
 Source103: rhelimaca1.x509
 Source104: rhelima.x509
 Source105: rhelima_centos.x509
-Source106: fedoraimaca.x509
+# Oracle Linux IMA CA certificate
+Source106: olimaca1.x509
+# Oracle Linux IMA signing certificate
+Source107: olima1.x509

 %if 0%{?fedora}%{?eln}
 %define ima_ca_cert %{SOURCE106}
@ -1023,9 +995,11 @@ Source106: fedoraimaca.x509
 %define ima_signing_cert %{SOURCE105}
 %else
 %define ima_signing_cert %{SOURCE104}
+%define ima_signing_cert_ol %{SOURCE107}
 %endif

 %define ima_cert_name ima.cer
+%define ima_cert_name_ol ima_ol.cer

 Source200: check-kabi

@ -1090,6 +1064,10 @@ Source4000: README.rst
 Source4001: rpminspect.yaml
 Source4002: gating.yaml

+# Oracle Linux RHCK Module Signing Key
+Source5001: olkmod_signing_key.pem
+Source5002: olkmod_signing_key1.pem
+
 ## Patches needed for building this package

 %if !%{nopatches}
@ -1097,6 +1075,9 @@ Source4002: gating.yaml
 Patch1: patch-%{patchversion}-redhat.patch
 %endif

+# Oracle patches
+Patch1001: bug37756650-nvme-pci-remove-two-deallocate-zeroes-quirks.patch
+
 # empty final patch to facilitate testing of kernel patches
 Patch999999: linux-kernel-test.patch

@ -1943,6 +1924,8 @@ ApplyOptionalPatch()
 mv linux-%{tarfile_release} linux-%{KVERREL}

 cd linux-%{KVERREL}
+#removal of git history
+rm -rf .git
 cp -a %{SOURCE1} .

 %{log_msg "Start of patch applications"}
@ -1951,6 +1934,7 @@ cp -a %{SOURCE1} .
 ApplyOptionalPatch patch-%{patchversion}-redhat.patch
 %endif

+ApplyPatch bug37756650-nvme-pci-remove-two-deallocate-zeroes-quirks.patch
 ApplyOptionalPatch linux-kernel-test.patch

 %{log_msg "End of patch applications"}
@ -2063,6 +2047,13 @@ openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
 openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
 openssl x509 -inform der -in %{SOURCE102} -out nvidiagpuoot001.pem
 cat rheldup3.pem rhelkpatch1.pem nvidiagpuoot001.pem > ../certs/rhel.pem
+# Add Oracle Linux IMA CA certificate to the kernel trusted certificates list
+openssl x509 -inform der -in %{SOURCE106} -out olimaca1.pem
+cat olimaca1.pem >> ../certs/rhel.pem
+# Add olkmod_signing_key.pem to the kernel trusted certificates list
+cat %{SOURCE5001} >> ../certs/rhel.pem
+# Add olkmod_signing_key1.pem to the kernel trusted certificates list
+cat %{SOURCE5002} >> ../certs/rhel.pem
 %if %{signkernel}
 %ifarch s390x ppc64le
 openssl x509 -inform der -in %{secureboot_ca_0} -out secureboot.pem
@ -2085,7 +2076,7 @@ done
 %if 0%{?rhel}
 %{log_msg "Adjust FIPS module name for RHEL"}
 for i in *.config; do
-  sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux %{rhel} - Kernel Cryptographic API"/' $i
+  sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Oracle Linux 10 Kernel Crypto API Cryptographic Module"/' $i
 done
 %endif

@ -2735,8 +2726,11 @@ BuildKernel() {
 %endif
        SBAT=$(cat <<- EOF
 	linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com
+	linux,1,Oracle Linux,linux,$KernelVer,mailto:secalert_us@oracle.com
 	linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com
+	linux.ol,1,Oracle Linux,linux,$KernelVer,mailto:secalert_us@oracle.com
 	kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com
+	kernel-uki-virt.ol,1,Oracle Linux,kernel-uki-virt,$KernelVer,mailto:secalert_us@oracle.com
 	EOF
 	)

@ -2764,6 +2758,7 @@ BuildKernel() {
  python3 %{SOURCE151} %{SOURCE152} $KernelAddonsDirOut virt %{primary_target} %{_target_cpu}

 %if %{signkernel}
+%if ! %{?oraclelinux}
 	%{log_msg "Sign the EFI UKI kernel"}
 %if 0%{?fedora}%{?eln}
        %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
@ -2791,6 +2786,7 @@ BuildKernel() {
      done

 # signkernel
+%endif
 %endif

    # hmac sign the UKI for FIPS
@ -2966,7 +2962,7 @@ BuildKernel() {
    # prune junk from kernel-debuginfo
    find $RPM_BUILD_ROOT/usr/src/kernels -name "*.mod.c" -delete

-    # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
+    # UEFI Secure Boot CA cert, which can be used to authenticate the kernel
    %{log_msg "Install certs"}
    mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
 %if %{signkernel}
@ -2981,6 +2977,8 @@ BuildKernel() {
 %if 0%{?rhel}
    # Red Hat IMA code-signing cert, which is used to authenticate package files
    install -m 0644 %{ima_signing_cert} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{ima_cert_name}
+    # Oracle Linux IMA signing cert
+    install -m 0644 %{ima_signing_cert_ol} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{ima_cert_name_ol}
 %endif

 %if %{signmodules}
@ -4312,15 +4310,153 @@ fi\
 #
 #
 %changelog
-* Mon May 19 2025 Andrew Lukoshko <alukoshko@almalinux.org> [6.12.0-55.9.1.el10_0]
- redhat: kabi: update stablelist checksums (Čestmír Kalina) [RHEL-80552]
- Merge: Add symbols to stablelist and enable check-kabi (Jan Stancek) [RHEL-79881]
- Merge tag 'kernel-6.12.0-55.9.1.el10_0' into main (Jan Stancek)
- Merge tag 'kernel-6.12.0-55.7.1.el10_0' into main (Jan Stancek)
- Merge tag 'kernel-6.12.0-55.4.1.el10_0' into main (Jan Stancek)
- Merge tag 'kernel-6.12.0-55.3.1.el10_0' into main (Jan Stancek)
- Merge tag 'kernel-6.12.0-55.2.1.el10_0' into main (Jan Stancek)
- Merge tag 'kernel-6.12.0-55.1.1.el10_0' into main (Jan Stancek)
+* Tue Jul 01 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.19.1.0.1.el10_0.OL10]
+- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
+- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
+- Disable UKI signing [Orabug: 36571828]
+- Update Oracle Linux certificates (Kevin Lyons)
+- Disable signing for aarch64 (Ilya Okomin)
+- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
+- Update x509.genkey [Orabug: 24817676]
+- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
+- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
+- Add Oracle Linux IMA certificates
+- Update module name for cryptographic module [Orabug: 37400433]
+
+* Tue Jul 01 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.19.1.el10_0]
+- Clean git history at setup stage
+- Prevent kABI check error for BLK_CGROUP_PUNT_BIO
+- Bump internal version to 55.19.1
+- ibmvnic: Use kernel helpers for hex dumps
+- eth: bnxt: fix truesize for mb-xdp-pass case
+- ice: Avoid setting default Rx VSI twice in switchdev setup
+- ice: Fix deinitializing VF in error path
+- ice: add E830 HW VF mailbox message limit support
+- block/Kconfig: Allow selecting BLK_CGROUP_PUNT_BIO
+
+* Tue Jun 24 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.18.1.el10_0]
+- Import config changes from Centos Stream kernel kernel-6.12.0-77.el10
+- Bump internal version to 55.18.1
+- drm/i915/dp_mst: Handle error during DSC BW overhead/slice calculation
+- sched/rt: Fix race in push_rt_task MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
+- mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation - upstream CVE-2024-56559
+- block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone
+- proc: fix UAF in proc_get_inode() CVE-2025-21999
+- ext4: ignore xattrs past end CVE-2025-37738
+- nvme-fabrics: handle zero MAXCMD without closing the connection
+- ext4: fix off-by-one error in do_split CVE-2025-23150
+- r8169: disable RTL8126 ZRX-DC timeout
+- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support
+- vmxnet3: unregister xdp rxq info in the reset path
+- block: fix 'kmem_cache of name 'bio-108' already exists'
+- ice: implement low latency PHY timer updates
+- ice: check low latency PHY timer update firmware capability
+- ice: add lock to protect low latency interface
+- ice: rename TS_LL_READ* macros to REG_LL_PROXY_H_*
+- ice: use read_poll_timeout_atomic in ice_read_phy_tstamp_ll_e810
+- cifs: Fix integer overflow while processing acdirmax mount option CVE-2025-21963
+- smb: client: fix UAF in decryption with multichannel CVE-2025-37750
+- sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug
+- keys: Fix UAF in key_put() CVE-2025-21893
+- ndisc: use RCU protection in ndisc_alloc_skb() CVE-2025-21764
+- ipv6: use RCU protection in ip6_default_advmss() CVE-2025-21765
+- net: add dev_net_rcu() helper CVE-2025-21765
+- vfio/pci: Align huge faults to order
+- Bluetooth: L2CAP: Fix corrupted list in hci_chan_del CVE-2025-21969
+- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd CVE-2025-21969
+- cifs: Fix integer overflow while processing closetimeo mount option CVE-2025-21962
+- ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up CVE-2025-21887
+- wifi: cfg80211: init wiphy_work before allocating rfkill fails CVE-2025-21979
+- wifi: cfg80211: cancel wiphy_work before freeing wiphy CVE-2025-21979
+- net: fix geneve_opt length integer overflow CVE-2025-22055
+- vsock/virtio: discard packets if the transport changes CVE-2025-21669
+- net: gso: fix ownership in __udp_gso_segment CVE-2025-21926
+- xsk: fix an integer overflow in xp_create_and_assign_umem() CVE-2025-21997
+- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi CVE-2025-37943
+- sched/fair: Fix potential memory corruption in child_cfs_rq_on_list CVE-2025-21919
+- drm/i915/display: Use joined pipes in dsc helpers for slices, bpp - upstream
+- drm/i915/display: Use joined pipes in intel_mode_valid_max_plane_size - upstream
+- drm/i915/display: Use joined pipes in intel_dp_joiner_needs_dsc - upstream
+- drm/i915/display: Simplify intel_joiner_num_pipes and it's usage - upstream
+- drm/i915/display: Check whether platform supports joiner - upstream
+- Revert drm/i915/dp_mst: Handle error during DSC BW overhead/slice
+- Revert drm/i915/dp_mst: Don't require DSC hblank quirk for a non-DSC
+- drm/mgag200: Added support for the new device G200eH5 - upstream
+- cifs: Fix integer overflow while processing acregmax mount option CVE-2025-21964
+- ext4: fix OOB read when checking dotdot dir CVE-2025-37785
+- vsock: Orphan socket after transport release CVE-2025-21756
+- vsock: Keep the binding until socket destruction CVE-2025-21756
+- bpf, vsock: Invoke proto::close on close() CVE-2025-21756
+- idpf: call set_real_num_queues in idpf_open
+- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format CVE-2024-53104
+- redhat: enable CONFIG_WERROR=y
+- redhat: don't enforce WERROR for 3rd-party OOT kmods
+- redhat: make ENABLE_WERROR enable also KVM_WERROR
+- fortify: Hide run-time copy size from value range tracking
+- resolve_btfids: Fix compiler warnings
+- ixgbe: fix media cage present detection for E610 device
+- ixgbe: fix media type detection for E610 device
+- ixgbevf: Add support for Intel(R) E610 device
+- PCI: Add PCI_VDEVICE_SUB helper macro
+- ixgbe: Enable link management in E610 device
+- ixgbe: Clean up the E610 link management related code
+- ixgbe: Add ixgbe_x540 multiple header inclusion protection
+- ixgbe: Add support for EEPROM dump in E610 device
+- ixgbe: Add support for NVM handling in E610 device
+- ixgbe: Add link management support for E610 device
+- ixgbe: Add support for E610 device capabilities detection
+- ixgbe: Add support for E610 FW Admin Command Interface
+- smb: client: don't retry IO on failed negprotos with soft mounts - pick from MR
+- scsi: core: Fix command pass through retry regression - cherry pick from MR
+- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature CVE-2025-21966
+- ice: stop storing XDP verdict within ice_rx_buf
+- ice: gather page_count()'s of each frag right before XDP prog call
+- ice: put Rx buffers after being done with current frame
+- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() CVE-2025-21993
+- smb: client: fix regression with guest option
+- pnfs/flexfiles: retry getting layout segment for reads
+- nfs: fix incorrect error handling in LOCALIO
+- nfs: probe for LOCALIO when v3 client reconnects to server
+- nfs: probe for LOCALIO when v4 client reconnects to server
+- nfs/localio: remove redundant code and simplify LOCALIO enablement
+- nfs_common: add nfs_localio trace events
+- nfs_common: track all open nfsd_files per LOCALIO nfs_client
+- nfs_common: rename nfslocalio nfs_uuid_lock to nfs_uuids_lock
+- nfsd: nfsd_file_acquire_local no longer returns GC'd nfsd_file
+- nfsd: rename nfsd_serv_ prefixed methods and variables with nfsd_net_
+- nfsd: update percpu_ref to manage references on nfsd_net
+- nfs: cache all open LOCALIO nfsd_file(s) in client
+- nfs_common: move localio_lock to new lock member of nfs_uuid_t
+- nfs_common: rename functions that invalidate LOCALIO nfs_clients
+- nfsd: add nfsd_file_{get,put} to 'nfs_to' nfsd_localio_operations
+- nfs/localio: add direct IO enablement with sync and async IO support
+- ice: ensure periodic output start time is in the future
+- ice: fix PHY Clock Recovery availability check
+- ice: Drop auxbus use for PTP to finalize ice_adapter move
+- ice: Use ice_adapter for PTP shared data instead of auxdev
+- ice: Initial support for E825C hardware in ice_adapter
+- ice: Add ice_get_ctrl_ptp() wrapper to simplify the code
+- ice: Introduce ice_get_phy_model() wrapper
+- ice: Enable 1PPS out from CGU for E825C products
+- ice: Read SDP section from NVM for pin definitions
+- ice: Disable shared pin on E810 on setfunc
+- ice: Cache perout/extts requests and check flags
+- ice: Align E810T GPIO to other products
+- ice: Add SDPs support for E825C
+- ice: Implement ice_ptp_pin_desc
+- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() - modified CVE-2025-21927
+- scsi: storvsc: Set correct data length for sending SCSI command without payload
+- smb: client: fix chmod(2) regression with ATTR_READONLY
+- mm/hugetlb: fix hugepage allocation for interleaved memory nodes
+- net: mana: use ethtool string helpers
+- net: mana: cleanup mana struct after debugfs_remove() - upstream
+- net: mana: Cleanup "mana" debugfs dir after cleanup of all children
+- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs
+- net: mana: Fix memory leak in mana_gd_setup_irqs
+- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT
+- net: mana: Enable debugfs files for MANA device
+- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024
+- net: mana: Add get_link and get_link_ksettings in ethtool

 * Tue Mar 25 2025 Jan Stancek <jstancek@redhat.com> [6.12.0-55.9.1.el10_0]
 - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (Davide Caratti) [RHEL-80306] {CVE-2024-57901}
--- a/olkmod_signing_key.pem
+++ b/olkmod_signing_key.pem
@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEETCCAvmgAwIBAgIJANw8y5k9b7SaMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEXMBUGA1UEBwwOUmVkd29vZCBT
+aG9yZXMxGzAZBgNVBAoMEk9yYWNsZSBDb3Jwb3JhdGlvbjEVMBMGA1UECwwMT3Jh
+Y2xlIExpbnV4MS0wKwYDVQQDDCRPcmFjbGUgTGludXggUkhDSyBNb2R1bGUgU2ln
+bmluZyBLZXkwHhcNMTYwNTA5MjMzNjA4WhcNMjYwNTA3MjMzNjA4WjCBnjELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFzAVBgNVBAcMDlJlZHdvb2Qg
+U2hvcmVzMRswGQYDVQQKDBJPcmFjbGUgQ29ycG9yYXRpb24xFTATBgNVBAsMDE9y
+YWNsZSBMaW51eDEtMCsGA1UEAwwkT3JhY2xlIExpbnV4IFJIQ0sgTW9kdWxlIFNp
+Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6bUDNNZ
+jIqgsqgspwBIQ18keDxQeGnWgubZZhHrQU3GpeSRPM4lNTHc+UjMjNXrv/CENZdv
+4cETRsxT1VFhGG3CvkbQdzc8v4JOQvWSSJqmViPa1eC+yGaMRnGcFXzKsHiTLA4y
+WMjpJnVowFkwTzscRBlN0AysUg/hT/74DE0oqVnlCJNynqccNWpx8MtNRD55ay9A
+73yJinYES14rXcU3QbJoO0ZxtRz83ZACDUGX0GORT3+NbB0RK0sttogzA3eLvxKw
+umWsWZAHmTuHdWgUjSqqZr34VNLPVcsTHAW8X4bq6rRVcB2lMJ3kJfDP8BJyTn99
+37UmA+/ld47cnwIDAQABo1AwTjAdBgNVHQ4EFgQU3ZlbFVwZs6fD73cHuWniX5Y5
+Zm4wHwYDVR0jBBgwFoAU3ZlbFVwZs6fD73cHuWniX5Y5Zm4wDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAF7nfhWfsk4uEDquLj7nJE0wPlVvllVDugzOk
+R15pnQ7P+HTyz3sLaLJE4N5oWt6pFzDGDYEtPeoMCn1l447tX179Nf5SMZba9ut8
+3Vxbe7jAn9sQO7ArQR1swf1r101Me4+1oHq7rxPRizOOXrKeEvf5NSAUbSzzXfz6
+TEp21KTIQO7MjqpsKshRQbpPeiReaYy3A6gJftun5xekP04QTLZVBR4dL7tvZf0S
+y9SjVg158lONXHfjBekyYTzSFBn/7v+AS8S+cAGRfYteE0Syxl7zJt3GUoEWau/e
+kXHT+hd/hkdSQKZZWZo1380M1pVZZAvntLRBU6IN9SswafhiVg==
+-----END CERTIFICATE-----
--- a/olkmod_signing_key1.pem
+++ b/olkmod_signing_key1.pem
@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGBjCCA+6gAwIBAgIUf99zHRXkhhuQepjkXdIfz1kNGiwwDQYJKoZIhvcNAQEL
+BQAwgZ4xKTAnBgNVBAMMIE9yYWNsZSBMaW51eCBEcml2ZXIgU2lnbmluZyBDQSAx
+MQswCQYDVQQGEwJ1czEVMBMGA1UEBwwMUmVkd29vZCBDaXR5MRswGQYDVQQKDBJP
+cmFjbGUgQ29ycG9yYXRpb24xGzAZBgNVBAsMEk9yYWNsZSBDb3Jwb3JhdGlvbjET
+MBEGA1UECAwKQ2FsaWZvcm5pYTAeFw0yNTA1MDIwOTIzNDFaFw0zNjA0MTIyMTEw
+MjlaMGcxLDAqBgNVBAMMI09yYWNsZSBMaW51eCBEcml2ZXIgU2lnbmluZyAoa2V5
+IDEpMQswCQYDVQQGEwJ1czEVMBMGA1UEBwwMUmVkd29vZCBDaXR5MRMwEQYDVQQI
+DApDYWxpZm9ybmlhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5dMQ
+z4EwgCYLrxJCYTn0H5yncdJREDgAgkne3nQAmtJjfcoKNqRxieK5j1KjloF3Qvjt
+c5gITvjpne1UrHTodPF9qpJrFieDPb9+CMUGg/R/gk20PofKa5+DhTMyeIEpBOa7
+P6/OdCGiwaGI85Js6JMnNX2YKerehKB44zVfiNmddn7T/3y2QFFNj3VH62tC4XNt
+wZLCHnnO0JzOcZht5KA1JsITSLkT6/o//SZLpaNSAQkkanymdvszV5b0PDu4A0Fi
+5Ch41Akset2kAlpRoRBaVVdNhqKDyzsGRFyzHD57EyyY4M6H3yh2T6SPPOTUOKgn
+tcBfnFuijl2K/d87cnky1v1XzrvZqLzRz11ksLmZrUHZZ3PWfq2EndG8OiO4PdcF
+sF4nd20yuUywW4nj5iZT5h6f8P06C62ILe+dJWNzpGm6JgyYvTnHoUXjoQR+TLs/
+WY1l1N2uf3lc5rkof4g+Ckh/6uI1k5XfyHIzw8Z9wEOliUvHXq/8TVZ653IMmfC8
+gIrIMNOXONMdG7ReTnsr9z7ckv/dYKbW1gWtyY8o92N3dLuYb8MpfvCHkVF5ItUR
+52ay2wOQ1tDlfLUiU21yiglyW4rKanH6mrLd4mM8cphnPvRpZ9SM0qykwHrNqKOA
+m9p0AwIf1zmUL6boX/Xd+6zM2HAXOPMS1EGjA6MCAwEAAaNyMHAwDAYDVR0TAQH/
+BAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYE
+FDUwOWM0ZjZkYmZjMGUyODhjOGM4MB8GA1UdIwQYMBaAFGM2NDkzM2I4OWUzNTYw
+ZmVhNWQzMA0GCSqGSIb3DQEBCwUAA4ICAQAmZbUs5P2HGRHt4W/QhGyfxxa/Go8K
+6a1VZlh71OURsbQ42ZDCfrYgw8LtDPqx7ySlUlkjDcc7ZvRh6RzLyn+ARIohhKNH
+PpEzIpOGm5P4zqY9R36STRSgCDl9iCNlk8pGKzqEIT+aCaZUWF+7NcFgePFDuN9W
+FX5tXhxEqqn8rmvGMQ3ZtodxIJb6ksKz6j/JWnuvcD4EgI1ykyc8MAtIm2/qVmPQ
+IofwXo6yL6ygT5K7cMsrte4EbzrHvuhuz89RHDmwmgB6XmZCWBOGYrO7lza2Yx0C
+/m4LcUHPW6XgrtkvIcLST90Ng9fp8EQl7Rp3med0K83kdwKUt7Ju9aPze049tuTQ
+QoHsIHDgsExK4wXUayHNgNNr8lMFm42gTB2DqP9F/Ihq7YhIdfXbOsVdS38Il9+Y
+8RWI87H+0mAxsv2RnaNkEbmd+2vY9j1ebHyblN59mxDEY+h3W7v402ay01Ia2Lnw
+szOAPq6AKZdfi0nan6zunurwEGKGeF4+Gr42RlA0Pcu1ZltBQVuMhvkO1wKZ5vO6
+MNR7swI0fH6VsyUms8wQbR85MCJg0MhpzRKw0g0Ka+c4nF1c4EmU4GaIbCNfzJy+
+68wdJDHhX+sbD7+AJBQ9i6TmtbPIGKNDHh9cMIXs+jMRtia/ZCYEsOOO5B+xrawF
+JuZ4rgQv9ghmhQ==
+-----END CERTIFICATE-----
--- a/25
+++ b/25
@ -1,12 +1,13 @@
-e04809394f4472c17e86d7024dee34f03fb68e82a85502fd5b00535202c72e57626a8376b2cf991b7e1e46404aa5ab8d189ebf320e0dd37d49e7efbc925c7a2e fedoraimaca.x509
-e67d1d2c39942f986026a4cb2fb80e9dba513a7095430a68c5f74791a97338a038f1f153fc639042c9326b72a605dd6b86fcc0e66dc405a323e211ef7360fa03 kernel-abi-stablelists-6.12.0-55.9.1.el10_0.tar.xz
-a02b0cc5ca186917baf33f7cace650543b258728fd0f1b0f959bbd6783379af4ea9da366f449d143e81426af7dfb40e98b94e0150083bc2ec30bbe3884c4c247 kernel-kabi-dw-6.12.0-55.9.1.el10_0.tar.xz
-f61cdeb0b53b5db6b5632bd3ac7a09c94db0fcbc5cf076be02fa658a553a9aab969e11abba6df3e37bda518bc598992ceb539b5e3a6dbf21eaed1dc0d6f11cf7 linux-6.12.0-55.9.1.el10_0.tar.xz
-b42f836e1cfa07890cb6ca13de9c3950e306c9ec7686c4c09f050bb68869f5d82962b2cd5f3aa0eb7a0f3a3ae54e9c480eafbac5df53aa92c295ff511a8c59fe nvidiagpuoot001.x509
-eb2c2d342680d4c3453d3e4f30abdd1f6b0e98292e1be0410d0163afd01552a863b70ffaabeecd6e3981cd4d167198091a837c7d70f96a3a06de2d28b3355308 redhatsecureboot501.cer
-0285fd7cb1755b399cdd2d848d9eba51b72ef2dd8ea5d40d7061c29685a12e15bf8eb083cb2f8c14eb69d248cb3af2c2332e06f80e19ed4cc029070198c0d522 redhatsecurebootca5.cer
-ebf56d821acb5c17bb1842a8ddc8f1014a9e112ef7569531eedbabc82c6b5740e2709f96c5ebc87ba837e8085d0b090a9e63ddd06507692b41dae54a2b48d21b rheldup3.x509
-910b39fe16c2d8675c45c360797e6fb4a61d423b2c45a5a49aabc29a21b8dca44d50772353c3b4e557af25a2253d2ad2a2a3825a07cab556fd4eb154013c90de rhelima.x509
-8ee9a0107a7fe12078c1a82e4accbecca4d1246eadc60692880b5c2e6617c2ace27114d79ec6cc5fef11296fa11765145fcfbd8e2092fa96c56b13af925e5444 rhelima_centos.x509
-164411c37d48de2ed59c0c5d44eb9f84340cfb4e209c32370d669304a3457bf2663ebf90bc5e5a592c9899755a08015b9284db6a55237f6aa67bc10e5c04b325 rhelimaca1.x509
-2dac65723dca562dabdf503f44fb70052e6fb3569d257f6f59d13275408a91b400ced1f42b37bac29bf5d73c3c3a4f96c7819832d0cbe85134a989cbbf863d7b rhelkpatch1.x509
+SHA512 (kernel-abi-stablelists-6.12.0-55.19.1.el10_0.tar.xz) = 6fee4a7489cd6ee6048a2299bb42052b0dad0f40d9edd6f9412286728ddc25e5fd491605c7f176284cce339660d0d2585c02e20b3460ebdef08152a70cb81c33
+SHA512 (kernel-kabi-dw-6.12.0-55.19.1.el10_0.tar.xz) = 95e56376dcb6f68300626e83bc60ca36443866f04e600f0a3eeb459435ee1f1cc3287d578209d5c1522fa0cc3e5a0c7999d573e46c9070bc0001e49c9fb8f9aa
+SHA512 (linux-6.12.0-55.19.1.el10_0.tar.xz) = 684c6f5fd052b1f2b2c621d4246b993237f0c104a0575f2682373433717cf2b404f806a602be371ab25eaf0d845d3b27559e646215be37819f458bfc3fb9df92
+SHA512 (nvidiagpuoot001.x509) = b42f836e1cfa07890cb6ca13de9c3950e306c9ec7686c4c09f050bb68869f5d82962b2cd5f3aa0eb7a0f3a3ae54e9c480eafbac5df53aa92c295ff511a8c59fe
+SHA512 (olima1.x509) = 123c26c1d698cc8523845c6e1103b9c72abf855acd225d37baf1f3388a47f912166d6d786fb367fe46de39e011b586ad7f3963aa2e8923da30a6ea9ae0d76ad3
+SHA512 (olimaca1.x509) = 3a779415fad29d6f7250ec97ab1f0a5eb62c351b724feee06b22e17f065bf74a558f32cc524d3222c4485635ae5b9cd5287855c94010fe743b51a4d954340c4c
+SHA512 (redhatsecureboot501.cer) = eb2c2d342680d4c3453d3e4f30abdd1f6b0e98292e1be0410d0163afd01552a863b70ffaabeecd6e3981cd4d167198091a837c7d70f96a3a06de2d28b3355308
+SHA512 (redhatsecurebootca5.cer) = 0285fd7cb1755b399cdd2d848d9eba51b72ef2dd8ea5d40d7061c29685a12e15bf8eb083cb2f8c14eb69d248cb3af2c2332e06f80e19ed4cc029070198c0d522
+SHA512 (rheldup3.x509) = ebf56d821acb5c17bb1842a8ddc8f1014a9e112ef7569531eedbabc82c6b5740e2709f96c5ebc87ba837e8085d0b090a9e63ddd06507692b41dae54a2b48d21b
+SHA512 (rhelima.x509) = 910b39fe16c2d8675c45c360797e6fb4a61d423b2c45a5a49aabc29a21b8dca44d50772353c3b4e557af25a2253d2ad2a2a3825a07cab556fd4eb154013c90de
+SHA512 (rhelima_centos.x509) = 8ee9a0107a7fe12078c1a82e4accbecca4d1246eadc60692880b5c2e6617c2ace27114d79ec6cc5fef11296fa11765145fcfbd8e2092fa96c56b13af925e5444
+SHA512 (rhelimaca1.x509) = 164411c37d48de2ed59c0c5d44eb9f84340cfb4e209c32370d669304a3457bf2663ebf90bc5e5a592c9899755a08015b9284db6a55237f6aa67bc10e5c04b325
+SHA512 (rhelkpatch1.x509) = 2dac65723dca562dabdf503f44fb70052e6fb3569d257f6f59d13275408a91b400ced1f42b37bac29bf5d73c3c3a4f96c7819832d0cbe85134a989cbbf863d7b
--- a/uki_addons.json
+++ b/uki_addons.json
@ -1,30 +1,10 @@
 {
-    "virt": {
-        "rhel": {
-            "aarch64": {
-                "crashkernel-default.addon": [
-                    "crashkernel=1G-4G:256M,4G-64G:320M,64G-:576M\n"
-                ]
-            }
-        },
-        "common": {
-            "fips-disable.addon": [
-                "fips=0\n"
-            ],
-            "fips-enable.addon": [
-                "fips=1\n"
-            ]
-        }
-    },
    "common": {
-        "crashkernel-default.addon": [
-            "crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M\n"
-        ],
        "crashkernel-1536M.addon": [
            "crashkernel=1536M\n"
        ],
-        "crashkernel-2G.addon": [
-            "crashkernel=2G\n"
+        "crashkernel-192M.addon": [
+            "crashkernel=192M\n"
        ],
        "crashkernel-1G.addon": [
            "crashkernel=1G\n"
@ -32,14 +12,34 @@
        "crashkernel-256M.addon": [
            "crashkernel=256M\n"
        ],
-        "crashkernel-192M.addon": [
-            "crashkernel=192M\n"
+        "crashkernel-2G.addon": [
+            "crashkernel=2G\n"
        ],
        "crashkernel-512M.addon": [
            "crashkernel=512M\n"
        ],
+        "crashkernel-default.addon": [
+            "crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M\n"
+        ],
        "debug.addon": [
            "debug"
        ]
+    },
+    "virt": {
+        "common": {
+            "fips-disable.addon": [
+                "fips=0\n"
+            ],
+            "fips-enable.addon": [
+                "fips=1\n"
+            ]
+        },
+        "rhel": {
+            "aarch64": {
+                "crashkernel-default.addon": [
+                    "crashkernel=1G-4G:256M,4G-64G:320M,64G-:576M\n"
+                ]
+            }
+        }
    }
 }
--- a/x509.genkey.rhel
+++ b/x509.genkey.rhel
@ -5,9 +5,9 @@ prompt = no
 x509_extensions = myexts

 [ req_distinguished_name ]
-O = Red Hat
-CN = Red Hat Enterprise Linux kernel signing key
-emailAddress = secalert@redhat.com
+O = Oracle America, Inc.,c=US
+CN = Oracle CA Server
+emailAddress = support@oracle.com

 [ myexts ]
 basicConstraints=critical,CA:FALSE