diff --git a/.gitignore b/.gitignore index 425733ad5..a24a0287c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,9 @@ -fedoraimaca.x509 -kernel-abi-stablelists-6.12.0-55.9.1.el10_0.tar.xz -kernel-kabi-dw-6.12.0-55.9.1.el10_0.tar.xz -linux-6.12.0-55.9.1.el10_0.tar.xz +kernel-abi-stablelists-6.12.0-55.19.1.el10_0.tar.xz +kernel-kabi-dw-6.12.0-55.19.1.el10_0.tar.xz +linux-6.12.0-55.19.1.el10_0.tar.xz nvidiagpuoot001.x509 +olima1.x509 +olimaca1.x509 redhatsecureboot501.cer redhatsecurebootca5.cer rheldup3.x509 diff --git a/Makefile.rhelver b/Makefile.rhelver index 3168a54ff..723a137bd 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 0 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 55.9.1 +RHEL_RELEASE = 55.19.1 # # RHEL_REBASE_NUM diff --git a/bug37756650-nvme-pci-remove-two-deallocate-zeroes-quirks.patch b/bug37756650-nvme-pci-remove-two-deallocate-zeroes-quirks.patch new file mode 100644 index 000000000..79ea68fe1 --- /dev/null +++ b/bug37756650-nvme-pci-remove-two-deallocate-zeroes-quirks.patch @@ -0,0 +1,44 @@ +From b0de5456e201c475d6a860ceeb3ed8ee2923695a Mon Sep 17 00:00:00 2001 +From: Keith Busch +Date: Mon, 2 Dec 2024 09:45:48 -0800 +Subject: [PATCH] nvme-pci: remove two deallocate zeroes quirks + +The quirk was initially used as a signal to set the discard_zeroes_data +queue limit because there were some use cases that relied on that +behavior. The queue limit no longer exists as every user of it has been +converted to use the write zeroes operation instead. + +The quirk now means to use a discard command as an alias to a write +zeroes request. Two of the devices previously using the quirk support +the write zeroes command directly, so these don't need or want to use +discard when the desired operation is to write zeroes. + +Reviewed-by: Christoph Hellwig +Signed-off-by: Keith Busch + +Orabug: 37756650 + +Modified-by: Alex Burmashev +Signed-off-by: Alex Burmashev +--- + drivers/nvme/host/pci.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c +index 4c644bb7f06927..9535e35ef18a56 100644 +--- a/drivers/nvme/host/pci.c ++++ b/drivers/nvme/host/pci.c +@@ -3588,12 +3588,10 @@ static const struct pci_device_id nvme_id_table[] = { + NVME_QUIRK_DEALLOCATE_ZEROES, }, + { PCI_VDEVICE(INTEL, 0x0a54), /* Intel P4500/P4600 */ + .driver_data = NVME_QUIRK_STRIPE_SIZE | +- NVME_QUIRK_DEALLOCATE_ZEROES | + NVME_QUIRK_IGNORE_DEV_SUBNQN | + NVME_QUIRK_BOGUS_NID, }, + { PCI_VDEVICE(INTEL, 0x0a55), /* Dell Express Flash P4600 */ +- .driver_data = NVME_QUIRK_STRIPE_SIZE | +- NVME_QUIRK_DEALLOCATE_ZEROES, }, ++ .driver_data = NVME_QUIRK_STRIPE_SIZE, }, + { PCI_VDEVICE(INTEL, 0xf1a5), /* Intel 600P/P3100 */ + .driver_data = NVME_QUIRK_NO_DEEPEST_PS | + NVME_QUIRK_MEDIUM_PRIO_SQ | diff --git a/kernel-aarch64-64k-debug-rhel.config b/kernel-aarch64-64k-debug-rhel.config index 349b1b355..c6653002f 100644 --- a/kernel-aarch64-64k-debug-rhel.config +++ b/kernel-aarch64-64k-debug-rhel.config @@ -3361,7 +3361,7 @@ CONFIG_KUNIT_TEST=m CONFIG_KVM_MAX_NR_VCPUS=4096 CONFIG_KVM_PROVE_MMU=y CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM=y # CONFIG_KXCJK1013 is not set @@ -8166,7 +8166,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-aarch64-64k-rhel.config b/kernel-aarch64-64k-rhel.config index 2c889cdc9..36c211bd6 100644 --- a/kernel-aarch64-64k-rhel.config +++ b/kernel-aarch64-64k-rhel.config @@ -3340,7 +3340,7 @@ CONFIG_KUNIT_TEST=m CONFIG_KVM_MAX_NR_VCPUS=4096 # CONFIG_KVM_PROVE_MMU is not set CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM=y # CONFIG_KXCJK1013 is not set @@ -8141,7 +8141,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-aarch64-automotive-debug-rhel.config b/kernel-aarch64-automotive-debug-rhel.config index c4b0963e5..3832276e9 100644 --- a/kernel-aarch64-automotive-debug-rhel.config +++ b/kernel-aarch64-automotive-debug-rhel.config @@ -3595,7 +3595,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096 # CONFIG_KVM_MMU_AUDIT is not set CONFIG_KVM_PROVE_MMU=y CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM=y # CONFIG_KXCJK1013 is not set @@ -8941,7 +8941,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-aarch64-automotive-rhel.config b/kernel-aarch64-automotive-rhel.config index c34a537bd..16987dd26 100644 --- a/kernel-aarch64-automotive-rhel.config +++ b/kernel-aarch64-automotive-rhel.config @@ -3574,7 +3574,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096 # CONFIG_KVM_MMU_AUDIT is not set # CONFIG_KVM_PROVE_MMU is not set CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM=y # CONFIG_KXCJK1013 is not set @@ -8916,7 +8916,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index 1119e73b1..8c3c32176 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -3358,7 +3358,7 @@ CONFIG_KUNIT_TEST=m CONFIG_KVM_MAX_NR_VCPUS=4096 CONFIG_KVM_PROVE_MMU=y CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM=y # CONFIG_KXCJK1013 is not set @@ -8162,7 +8162,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index de97d0bc9..ac8f2bf8b 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -3337,7 +3337,7 @@ CONFIG_KUNIT_TEST=m CONFIG_KVM_MAX_NR_VCPUS=4096 # CONFIG_KVM_PROVE_MMU is not set CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM=y # CONFIG_KXCJK1013 is not set @@ -8137,7 +8137,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-aarch64-rt-64k-debug-rhel.config b/kernel-aarch64-rt-64k-debug-rhel.config index 4e4a4ca93..64607c40c 100644 --- a/kernel-aarch64-rt-64k-debug-rhel.config +++ b/kernel-aarch64-rt-64k-debug-rhel.config @@ -3402,7 +3402,7 @@ CONFIG_KUNIT_TEST=m CONFIG_KVM_MAX_NR_VCPUS=4096 CONFIG_KVM_PROVE_MMU=y CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM=y # CONFIG_KXCJK1013 is not set @@ -8215,7 +8215,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-aarch64-rt-64k-rhel.config b/kernel-aarch64-rt-64k-rhel.config index 33aeb9c09..ec6fff109 100644 --- a/kernel-aarch64-rt-64k-rhel.config +++ b/kernel-aarch64-rt-64k-rhel.config @@ -3381,7 +3381,7 @@ CONFIG_KUNIT_TEST=m CONFIG_KVM_MAX_NR_VCPUS=4096 # CONFIG_KVM_PROVE_MMU is not set CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM=y # CONFIG_KXCJK1013 is not set @@ -8190,7 +8190,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-aarch64-rt-debug-rhel.config b/kernel-aarch64-rt-debug-rhel.config index 18488d149..318cb6927 100644 --- a/kernel-aarch64-rt-debug-rhel.config +++ b/kernel-aarch64-rt-debug-rhel.config @@ -3399,7 +3399,7 @@ CONFIG_KUNIT_TEST=m CONFIG_KVM_MAX_NR_VCPUS=4096 CONFIG_KVM_PROVE_MMU=y CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM=y # CONFIG_KXCJK1013 is not set @@ -8211,7 +8211,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-aarch64-rt-rhel.config b/kernel-aarch64-rt-rhel.config index 0cce49b3a..f4868982f 100644 --- a/kernel-aarch64-rt-rhel.config +++ b/kernel-aarch64-rt-rhel.config @@ -3378,7 +3378,7 @@ CONFIG_KUNIT_TEST=m CONFIG_KVM_MAX_NR_VCPUS=4096 # CONFIG_KVM_PROVE_MMU is not set CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM=y # CONFIG_KXCJK1013 is not set @@ -8186,7 +8186,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config index 7f6e799a2..9415dc192 100644 --- a/kernel-ppc64le-debug-rhel.config +++ b/kernel-ppc64le-debug-rhel.config @@ -3028,7 +3028,7 @@ CONFIG_KVM_GUEST=y CONFIG_KVM_MAX_NR_VCPUS=4096 CONFIG_KVM_PROVE_MMU=y CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM_XICS=y # CONFIG_KXCJK1013 is not set @@ -7605,7 +7605,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config index 14fcd0161..954fe4fde 100644 --- a/kernel-ppc64le-rhel.config +++ b/kernel-ppc64le-rhel.config @@ -3008,7 +3008,7 @@ CONFIG_KVM_GUEST=y CONFIG_KVM_MAX_NR_VCPUS=4096 # CONFIG_KVM_PROVE_MMU is not set CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set CONFIG_KVM_XICS=y # CONFIG_KXCJK1013 is not set @@ -7582,7 +7582,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config index 9b93411eb..ab7e78f40 100644 --- a/kernel-s390x-debug-rhel.config +++ b/kernel-s390x-debug-rhel.config @@ -3004,7 +3004,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096 CONFIG_KVM_PROVE_MMU=y # CONFIG_KVM_S390_UCONTROL is not set CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set # CONFIG_KXCJK1013 is not set # CONFIG_KXSD9 is not set @@ -7587,7 +7587,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config index 08a23830a..afe9ac4f5 100644 --- a/kernel-s390x-rhel.config +++ b/kernel-s390x-rhel.config @@ -2984,7 +2984,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096 # CONFIG_KVM_PROVE_MMU is not set # CONFIG_KVM_S390_UCONTROL is not set CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set # CONFIG_KXCJK1013 is not set # CONFIG_KXSD9 is not set @@ -7564,7 +7564,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config index 26e1ed1a3..c5471088d 100644 --- a/kernel-s390x-zfcpdump-rhel.config +++ b/kernel-s390x-zfcpdump-rhel.config @@ -2992,7 +2992,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096 # CONFIG_KVM_PROVE_MMU is not set # CONFIG_KVM_S390_UCONTROL is not set CONFIG_KVM_SMM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set # CONFIG_KXCJK1013 is not set # CONFIG_KXSD9 is not set @@ -7586,7 +7586,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set # CONFIG_WDAT_WDT is not set # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-x86_64-automotive-debug-rhel.config b/kernel-x86_64-automotive-debug-rhel.config index c3255d903..3446846f4 100644 --- a/kernel-x86_64-automotive-debug-rhel.config +++ b/kernel-x86_64-automotive-debug-rhel.config @@ -3364,7 +3364,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096 CONFIG_KVM_PROVE_MMU=y CONFIG_KVM_SMM=y CONFIG_KVM_SW_PROTECTED_VM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set # CONFIG_KXCJK1013 is not set # CONFIG_KXSD9 is not set @@ -8263,7 +8263,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set CONFIG_WDAT_WDT=m # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-x86_64-automotive-rhel.config b/kernel-x86_64-automotive-rhel.config index 4b35b22dc..3c291505f 100644 --- a/kernel-x86_64-automotive-rhel.config +++ b/kernel-x86_64-automotive-rhel.config @@ -3344,7 +3344,7 @@ CONFIG_KVM_MAX_NR_VCPUS=4096 # CONFIG_KVM_PROVE_MMU is not set CONFIG_KVM_SMM=y CONFIG_KVM_SW_PROTECTED_VM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set # CONFIG_KXCJK1013 is not set # CONFIG_KXSD9 is not set @@ -8239,7 +8239,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set CONFIG_WDAT_WDT=m # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 38802a53e..16a1024b4 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -3254,7 +3254,7 @@ CONFIG_KVM_MMU_AUDIT=y CONFIG_KVM_PROVE_MMU=y CONFIG_KVM_SMM=y CONFIG_KVM_SW_PROTECTED_VM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set # CONFIG_KXCJK1013 is not set # CONFIG_KXSD9 is not set @@ -7998,7 +7998,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set CONFIG_WDAT_WDT=m # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index 5c4063c6e..1a5e634fe 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -3234,7 +3234,7 @@ CONFIG_KVM_MMU_AUDIT=y # CONFIG_KVM_PROVE_MMU is not set CONFIG_KVM_SMM=y CONFIG_KVM_SW_PROTECTED_VM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set # CONFIG_KXCJK1013 is not set # CONFIG_KXSD9 is not set @@ -7974,7 +7974,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set CONFIG_WDAT_WDT=m # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config index 33bfb75c2..421752eb1 100644 --- a/kernel-x86_64-rt-debug-rhel.config +++ b/kernel-x86_64-rt-debug-rhel.config @@ -3295,7 +3295,7 @@ CONFIG_KVM_MMU_AUDIT=y CONFIG_KVM_PROVE_MMU=y CONFIG_KVM_SMM=y CONFIG_KVM_SW_PROTECTED_VM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set # CONFIG_KXCJK1013 is not set # CONFIG_KXSD9 is not set @@ -8047,7 +8047,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set CONFIG_WDAT_WDT=m # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config index cb1c943fe..655feb895 100644 --- a/kernel-x86_64-rt-rhel.config +++ b/kernel-x86_64-rt-rhel.config @@ -3275,7 +3275,7 @@ CONFIG_KVM_MMU_AUDIT=y # CONFIG_KVM_PROVE_MMU is not set CONFIG_KVM_SMM=y CONFIG_KVM_SW_PROTECTED_VM=y -# CONFIG_KVM_WERROR is not set +CONFIG_KVM_WERROR=y # CONFIG_KVM_XEN is not set # CONFIG_KXCJK1013 is not set # CONFIG_KXSD9 is not set @@ -8023,7 +8023,7 @@ CONFIG_WATCH_QUEUE=y # CONFIG_WCN36XX is not set CONFIG_WDAT_WDT=m # CONFIG_WDTPCI is not set -# CONFIG_WERROR is not set +CONFIG_WERROR=y # CONFIG_WFX is not set # CONFIG_WIL6210 is not set # CONFIG_WILC1000_SDIO is not set diff --git a/kernel.spec b/kernel.spec index 2cae7abc2..995d1c152 100644 --- a/kernel.spec +++ b/kernel.spec @@ -98,7 +98,7 @@ Summary: The Linux kernel %if 0%{?fedora} %define secure_boot_arch x86_64 %else -%define secure_boot_arch x86_64 aarch64 s390x ppc64le +%define secure_boot_arch x86_64 s390x ppc64le %endif # Signing for secure boot authentication @@ -162,15 +162,15 @@ Summary: The Linux kernel %define specrpmversion 6.12.0 %define specversion 6.12.0 %define patchversion 6.12 -%define pkgrelease 55.9.1 +%define pkgrelease 55.19.1 %define kversion 6 -%define tarfile_release 6.12.0-55.9.1.el10_0 +%define tarfile_release 6.12.0-55.19.1.el10_0 # This is needed to do merge window version magic %define patchlevel 12 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 55.9.1%{?buildid}%{?dist} +%define specrelease 55.19.1%{?buildid}.0.1%{?dist} # This defines the kabi tarball version -%define kabiversion 6.12.0-55.9.1.el10_0 +%define kabiversion 6.12.0-55.19.1.el10_0 # If this variable is set to 1, a bpf selftests build failure will cause a # fatal kernel package build error @@ -716,6 +716,8 @@ Requires: kernel-modules-core-uname-r = %{KVERREL} Provides: installonlypkg(kernel) %endif +Provides: oracle(kernel-sig-key) == 202502 +Conflicts: shim-x64 < 15.8-1.0.6 # # List the packages used during the kernel build @@ -875,8 +877,6 @@ BuildRequires: tpm2-tools %if 0%{?rhel}%{?centos} && !0%{?eln} %if 0%{?centos} BuildRequires: centos-sb-certs >= 9.0-23 -%else -BuildRequires: redhat-sb-certs >= 9.4-0.1 %endif %endif %endif @@ -896,42 +896,11 @@ Source10: redhatsecurebootca5.cer Source13: redhatsecureboot501.cer %if %{signkernel} -# Name of the packaged file containing signing key -%ifarch ppc64le -%define signing_key_filename kernel-signing-ppc.cer -%endif -%ifarch s390x -%define signing_key_filename kernel-signing-s390.cer -%endif -# Fedora/ELN pesign macro expects to see these cert file names, see: -# https://github.com/rhboot/pesign/blob/main/src/pesign-rpmbuild-helper.in#L216 -%if 0%{?fedora}%{?eln} -%define pesign_name_0 redhatsecureboot501 -%define secureboot_ca_0 %{SOURCE10} -%define secureboot_key_0 %{SOURCE13} -%endif - -# RHEL/centos certs come from system-sb-certs -%if 0%{?rhel} && !0%{?eln} %define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer %define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer -%if 0%{?centos} -%define pesign_name_0 centossecureboot201 -%else -%ifarch x86_64 aarch64 -%define pesign_name_0 redhatsecureboot501 -%endif -%ifarch s390x -%define pesign_name_0 redhatsecureboot302 -%endif -%ifarch ppc64le -%define pesign_name_0 redhatsecureboot701 -%endif -%endif -# rhel && !eln -%endif +%define pesign_name_0 OracleLinuxSecureBootKey3 # signkernel %endif @@ -1008,7 +977,10 @@ Source102: nvidiagpuoot001.x509 Source103: rhelimaca1.x509 Source104: rhelima.x509 Source105: rhelima_centos.x509 -Source106: fedoraimaca.x509 +# Oracle Linux IMA CA certificate +Source106: olimaca1.x509 +# Oracle Linux IMA signing certificate +Source107: olima1.x509 %if 0%{?fedora}%{?eln} %define ima_ca_cert %{SOURCE106} @@ -1023,9 +995,11 @@ Source106: fedoraimaca.x509 %define ima_signing_cert %{SOURCE105} %else %define ima_signing_cert %{SOURCE104} +%define ima_signing_cert_ol %{SOURCE107} %endif %define ima_cert_name ima.cer +%define ima_cert_name_ol ima_ol.cer Source200: check-kabi @@ -1090,6 +1064,10 @@ Source4000: README.rst Source4001: rpminspect.yaml Source4002: gating.yaml +# Oracle Linux RHCK Module Signing Key +Source5001: olkmod_signing_key.pem +Source5002: olkmod_signing_key1.pem + ## Patches needed for building this package %if !%{nopatches} @@ -1097,6 +1075,9 @@ Source4002: gating.yaml Patch1: patch-%{patchversion}-redhat.patch %endif +# Oracle patches +Patch1001: bug37756650-nvme-pci-remove-two-deallocate-zeroes-quirks.patch + # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch @@ -1943,6 +1924,8 @@ ApplyOptionalPatch() mv linux-%{tarfile_release} linux-%{KVERREL} cd linux-%{KVERREL} +#removal of git history +rm -rf .git cp -a %{SOURCE1} . %{log_msg "Start of patch applications"} @@ -1951,6 +1934,7 @@ cp -a %{SOURCE1} . ApplyOptionalPatch patch-%{patchversion}-redhat.patch %endif +ApplyPatch bug37756650-nvme-pci-remove-two-deallocate-zeroes-quirks.patch ApplyOptionalPatch linux-kernel-test.patch %{log_msg "End of patch applications"} @@ -2063,6 +2047,13 @@ openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem openssl x509 -inform der -in %{SOURCE102} -out nvidiagpuoot001.pem cat rheldup3.pem rhelkpatch1.pem nvidiagpuoot001.pem > ../certs/rhel.pem +# Add Oracle Linux IMA CA certificate to the kernel trusted certificates list +openssl x509 -inform der -in %{SOURCE106} -out olimaca1.pem +cat olimaca1.pem >> ../certs/rhel.pem +# Add olkmod_signing_key.pem to the kernel trusted certificates list +cat %{SOURCE5001} >> ../certs/rhel.pem +# Add olkmod_signing_key1.pem to the kernel trusted certificates list +cat %{SOURCE5002} >> ../certs/rhel.pem %if %{signkernel} %ifarch s390x ppc64le openssl x509 -inform der -in %{secureboot_ca_0} -out secureboot.pem @@ -2085,7 +2076,7 @@ done %if 0%{?rhel} %{log_msg "Adjust FIPS module name for RHEL"} for i in *.config; do - sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux %{rhel} - Kernel Cryptographic API"/' $i + sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Oracle Linux 10 Kernel Crypto API Cryptographic Module"/' $i done %endif @@ -2735,8 +2726,11 @@ BuildKernel() { %endif SBAT=$(cat <<- EOF linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com + linux,1,Oracle Linux,linux,$KernelVer,mailto:secalert_us@oracle.com linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com + linux.ol,1,Oracle Linux,linux,$KernelVer,mailto:secalert_us@oracle.com kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com + kernel-uki-virt.ol,1,Oracle Linux,kernel-uki-virt,$KernelVer,mailto:secalert_us@oracle.com EOF ) @@ -2764,6 +2758,7 @@ BuildKernel() { python3 %{SOURCE151} %{SOURCE152} $KernelAddonsDirOut virt %{primary_target} %{_target_cpu} %if %{signkernel} +%if ! %{?oraclelinux} %{log_msg "Sign the EFI UKI kernel"} %if 0%{?fedora}%{?eln} %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} @@ -2791,6 +2786,7 @@ BuildKernel() { done # signkernel +%endif %endif # hmac sign the UKI for FIPS @@ -2966,7 +2962,7 @@ BuildKernel() { # prune junk from kernel-debuginfo find $RPM_BUILD_ROOT/usr/src/kernels -name "*.mod.c" -delete - # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel + # UEFI Secure Boot CA cert, which can be used to authenticate the kernel %{log_msg "Install certs"} mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer %if %{signkernel} @@ -2981,6 +2977,8 @@ BuildKernel() { %if 0%{?rhel} # Red Hat IMA code-signing cert, which is used to authenticate package files install -m 0644 %{ima_signing_cert} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{ima_cert_name} + # Oracle Linux IMA signing cert + install -m 0644 %{ima_signing_cert_ol} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{ima_cert_name_ol} %endif %if %{signmodules} @@ -4312,15 +4310,153 @@ fi\ # # %changelog -* Mon May 19 2025 Andrew Lukoshko [6.12.0-55.9.1.el10_0] -- redhat: kabi: update stablelist checksums (Čestmír Kalina) [RHEL-80552] -- Merge: Add symbols to stablelist and enable check-kabi (Jan Stancek) [RHEL-79881] -- Merge tag 'kernel-6.12.0-55.9.1.el10_0' into main (Jan Stancek) -- Merge tag 'kernel-6.12.0-55.7.1.el10_0' into main (Jan Stancek) -- Merge tag 'kernel-6.12.0-55.4.1.el10_0' into main (Jan Stancek) -- Merge tag 'kernel-6.12.0-55.3.1.el10_0' into main (Jan Stancek) -- Merge tag 'kernel-6.12.0-55.2.1.el10_0' into main (Jan Stancek) -- Merge tag 'kernel-6.12.0-55.1.1.el10_0' into main (Jan Stancek) +* Tue Jul 01 2025 Alex Burmashev [6.12.0-55.19.1.0.1.el10_0.OL10] +- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] +- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782] +- Disable UKI signing [Orabug: 36571828] +- Update Oracle Linux certificates (Kevin Lyons) +- Disable signing for aarch64 (Ilya Okomin) +- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] +- Update x509.genkey [Orabug: 24817676] +- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9 +- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] +- Add Oracle Linux IMA certificates +- Update module name for cryptographic module [Orabug: 37400433] + +* Tue Jul 01 2025 Alex Burmashev [6.12.0-55.19.1.el10_0] +- Clean git history at setup stage +- Prevent kABI check error for BLK_CGROUP_PUNT_BIO +- Bump internal version to 55.19.1 +- ibmvnic: Use kernel helpers for hex dumps +- eth: bnxt: fix truesize for mb-xdp-pass case +- ice: Avoid setting default Rx VSI twice in switchdev setup +- ice: Fix deinitializing VF in error path +- ice: add E830 HW VF mailbox message limit support +- block/Kconfig: Allow selecting BLK_CGROUP_PUNT_BIO + +* Tue Jun 24 2025 Alex Burmashev [6.12.0-55.18.1.el10_0] +- Import config changes from Centos Stream kernel kernel-6.12.0-77.el10 +- Bump internal version to 55.18.1 +- drm/i915/dp_mst: Handle error during DSC BW overhead/slice calculation +- sched/rt: Fix race in push_rt_task MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit +- mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation - upstream CVE-2024-56559 +- block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone +- proc: fix UAF in proc_get_inode() CVE-2025-21999 +- ext4: ignore xattrs past end CVE-2025-37738 +- nvme-fabrics: handle zero MAXCMD without closing the connection +- ext4: fix off-by-one error in do_split CVE-2025-23150 +- r8169: disable RTL8126 ZRX-DC timeout +- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support +- vmxnet3: unregister xdp rxq info in the reset path +- block: fix 'kmem_cache of name 'bio-108' already exists' +- ice: implement low latency PHY timer updates +- ice: check low latency PHY timer update firmware capability +- ice: add lock to protect low latency interface +- ice: rename TS_LL_READ* macros to REG_LL_PROXY_H_* +- ice: use read_poll_timeout_atomic in ice_read_phy_tstamp_ll_e810 +- cifs: Fix integer overflow while processing acdirmax mount option CVE-2025-21963 +- smb: client: fix UAF in decryption with multichannel CVE-2025-37750 +- sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug +- keys: Fix UAF in key_put() CVE-2025-21893 +- ndisc: use RCU protection in ndisc_alloc_skb() CVE-2025-21764 +- ipv6: use RCU protection in ip6_default_advmss() CVE-2025-21765 +- net: add dev_net_rcu() helper CVE-2025-21765 +- vfio/pci: Align huge faults to order +- Bluetooth: L2CAP: Fix corrupted list in hci_chan_del CVE-2025-21969 +- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd CVE-2025-21969 +- cifs: Fix integer overflow while processing closetimeo mount option CVE-2025-21962 +- ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up CVE-2025-21887 +- wifi: cfg80211: init wiphy_work before allocating rfkill fails CVE-2025-21979 +- wifi: cfg80211: cancel wiphy_work before freeing wiphy CVE-2025-21979 +- net: fix geneve_opt length integer overflow CVE-2025-22055 +- vsock/virtio: discard packets if the transport changes CVE-2025-21669 +- net: gso: fix ownership in __udp_gso_segment CVE-2025-21926 +- xsk: fix an integer overflow in xp_create_and_assign_umem() CVE-2025-21997 +- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi CVE-2025-37943 +- sched/fair: Fix potential memory corruption in child_cfs_rq_on_list CVE-2025-21919 +- drm/i915/display: Use joined pipes in dsc helpers for slices, bpp - upstream +- drm/i915/display: Use joined pipes in intel_mode_valid_max_plane_size - upstream +- drm/i915/display: Use joined pipes in intel_dp_joiner_needs_dsc - upstream +- drm/i915/display: Simplify intel_joiner_num_pipes and it's usage - upstream +- drm/i915/display: Check whether platform supports joiner - upstream +- Revert drm/i915/dp_mst: Handle error during DSC BW overhead/slice +- Revert drm/i915/dp_mst: Don't require DSC hblank quirk for a non-DSC +- drm/mgag200: Added support for the new device G200eH5 - upstream +- cifs: Fix integer overflow while processing acregmax mount option CVE-2025-21964 +- ext4: fix OOB read when checking dotdot dir CVE-2025-37785 +- vsock: Orphan socket after transport release CVE-2025-21756 +- vsock: Keep the binding until socket destruction CVE-2025-21756 +- bpf, vsock: Invoke proto::close on close() CVE-2025-21756 +- idpf: call set_real_num_queues in idpf_open +- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format CVE-2024-53104 +- redhat: enable CONFIG_WERROR=y +- redhat: don't enforce WERROR for 3rd-party OOT kmods +- redhat: make ENABLE_WERROR enable also KVM_WERROR +- fortify: Hide run-time copy size from value range tracking +- resolve_btfids: Fix compiler warnings +- ixgbe: fix media cage present detection for E610 device +- ixgbe: fix media type detection for E610 device +- ixgbevf: Add support for Intel(R) E610 device +- PCI: Add PCI_VDEVICE_SUB helper macro +- ixgbe: Enable link management in E610 device +- ixgbe: Clean up the E610 link management related code +- ixgbe: Add ixgbe_x540 multiple header inclusion protection +- ixgbe: Add support for EEPROM dump in E610 device +- ixgbe: Add support for NVM handling in E610 device +- ixgbe: Add link management support for E610 device +- ixgbe: Add support for E610 device capabilities detection +- ixgbe: Add support for E610 FW Admin Command Interface +- smb: client: don't retry IO on failed negprotos with soft mounts - pick from MR +- scsi: core: Fix command pass through retry regression - cherry pick from MR +- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature CVE-2025-21966 +- ice: stop storing XDP verdict within ice_rx_buf +- ice: gather page_count()'s of each frag right before XDP prog call +- ice: put Rx buffers after being done with current frame +- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() CVE-2025-21993 +- smb: client: fix regression with guest option +- pnfs/flexfiles: retry getting layout segment for reads +- nfs: fix incorrect error handling in LOCALIO +- nfs: probe for LOCALIO when v3 client reconnects to server +- nfs: probe for LOCALIO when v4 client reconnects to server +- nfs/localio: remove redundant code and simplify LOCALIO enablement +- nfs_common: add nfs_localio trace events +- nfs_common: track all open nfsd_files per LOCALIO nfs_client +- nfs_common: rename nfslocalio nfs_uuid_lock to nfs_uuids_lock +- nfsd: nfsd_file_acquire_local no longer returns GC'd nfsd_file +- nfsd: rename nfsd_serv_ prefixed methods and variables with nfsd_net_ +- nfsd: update percpu_ref to manage references on nfsd_net +- nfs: cache all open LOCALIO nfsd_file(s) in client +- nfs_common: move localio_lock to new lock member of nfs_uuid_t +- nfs_common: rename functions that invalidate LOCALIO nfs_clients +- nfsd: add nfsd_file_{get,put} to 'nfs_to' nfsd_localio_operations +- nfs/localio: add direct IO enablement with sync and async IO support +- ice: ensure periodic output start time is in the future +- ice: fix PHY Clock Recovery availability check +- ice: Drop auxbus use for PTP to finalize ice_adapter move +- ice: Use ice_adapter for PTP shared data instead of auxdev +- ice: Initial support for E825C hardware in ice_adapter +- ice: Add ice_get_ctrl_ptp() wrapper to simplify the code +- ice: Introduce ice_get_phy_model() wrapper +- ice: Enable 1PPS out from CGU for E825C products +- ice: Read SDP section from NVM for pin definitions +- ice: Disable shared pin on E810 on setfunc +- ice: Cache perout/extts requests and check flags +- ice: Align E810T GPIO to other products +- ice: Add SDPs support for E825C +- ice: Implement ice_ptp_pin_desc +- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() - modified CVE-2025-21927 +- scsi: storvsc: Set correct data length for sending SCSI command without payload +- smb: client: fix chmod(2) regression with ATTR_READONLY +- mm/hugetlb: fix hugepage allocation for interleaved memory nodes +- net: mana: use ethtool string helpers +- net: mana: cleanup mana struct after debugfs_remove() - upstream +- net: mana: Cleanup "mana" debugfs dir after cleanup of all children +- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs +- net: mana: Fix memory leak in mana_gd_setup_irqs +- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT +- net: mana: Enable debugfs files for MANA device +- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 +- net: mana: Add get_link and get_link_ksettings in ethtool * Tue Mar 25 2025 Jan Stancek [6.12.0-55.9.1.el10_0] - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (Davide Caratti) [RHEL-80306] {CVE-2024-57901} diff --git a/olkmod_signing_key.pem b/olkmod_signing_key.pem new file mode 100644 index 000000000..7a51daf16 --- /dev/null +++ b/olkmod_signing_key.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEETCCAvmgAwIBAgIJANw8y5k9b7SaMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEXMBUGA1UEBwwOUmVkd29vZCBT +aG9yZXMxGzAZBgNVBAoMEk9yYWNsZSBDb3Jwb3JhdGlvbjEVMBMGA1UECwwMT3Jh +Y2xlIExpbnV4MS0wKwYDVQQDDCRPcmFjbGUgTGludXggUkhDSyBNb2R1bGUgU2ln +bmluZyBLZXkwHhcNMTYwNTA5MjMzNjA4WhcNMjYwNTA3MjMzNjA4WjCBnjELMAkG +A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFzAVBgNVBAcMDlJlZHdvb2Qg +U2hvcmVzMRswGQYDVQQKDBJPcmFjbGUgQ29ycG9yYXRpb24xFTATBgNVBAsMDE9y +YWNsZSBMaW51eDEtMCsGA1UEAwwkT3JhY2xlIExpbnV4IFJIQ0sgTW9kdWxlIFNp +Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6bUDNNZ +jIqgsqgspwBIQ18keDxQeGnWgubZZhHrQU3GpeSRPM4lNTHc+UjMjNXrv/CENZdv +4cETRsxT1VFhGG3CvkbQdzc8v4JOQvWSSJqmViPa1eC+yGaMRnGcFXzKsHiTLA4y +WMjpJnVowFkwTzscRBlN0AysUg/hT/74DE0oqVnlCJNynqccNWpx8MtNRD55ay9A +73yJinYES14rXcU3QbJoO0ZxtRz83ZACDUGX0GORT3+NbB0RK0sttogzA3eLvxKw +umWsWZAHmTuHdWgUjSqqZr34VNLPVcsTHAW8X4bq6rRVcB2lMJ3kJfDP8BJyTn99 +37UmA+/ld47cnwIDAQABo1AwTjAdBgNVHQ4EFgQU3ZlbFVwZs6fD73cHuWniX5Y5 +Zm4wHwYDVR0jBBgwFoAU3ZlbFVwZs6fD73cHuWniX5Y5Zm4wDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAF7nfhWfsk4uEDquLj7nJE0wPlVvllVDugzOk +R15pnQ7P+HTyz3sLaLJE4N5oWt6pFzDGDYEtPeoMCn1l447tX179Nf5SMZba9ut8 +3Vxbe7jAn9sQO7ArQR1swf1r101Me4+1oHq7rxPRizOOXrKeEvf5NSAUbSzzXfz6 +TEp21KTIQO7MjqpsKshRQbpPeiReaYy3A6gJftun5xekP04QTLZVBR4dL7tvZf0S +y9SjVg158lONXHfjBekyYTzSFBn/7v+AS8S+cAGRfYteE0Syxl7zJt3GUoEWau/e +kXHT+hd/hkdSQKZZWZo1380M1pVZZAvntLRBU6IN9SswafhiVg== +-----END CERTIFICATE----- diff --git a/olkmod_signing_key1.pem b/olkmod_signing_key1.pem new file mode 100644 index 000000000..b99afba7a --- /dev/null +++ b/olkmod_signing_key1.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGBjCCA+6gAwIBAgIUf99zHRXkhhuQepjkXdIfz1kNGiwwDQYJKoZIhvcNAQEL +BQAwgZ4xKTAnBgNVBAMMIE9yYWNsZSBMaW51eCBEcml2ZXIgU2lnbmluZyBDQSAx +MQswCQYDVQQGEwJ1czEVMBMGA1UEBwwMUmVkd29vZCBDaXR5MRswGQYDVQQKDBJP +cmFjbGUgQ29ycG9yYXRpb24xGzAZBgNVBAsMEk9yYWNsZSBDb3Jwb3JhdGlvbjET +MBEGA1UECAwKQ2FsaWZvcm5pYTAeFw0yNTA1MDIwOTIzNDFaFw0zNjA0MTIyMTEw +MjlaMGcxLDAqBgNVBAMMI09yYWNsZSBMaW51eCBEcml2ZXIgU2lnbmluZyAoa2V5 +IDEpMQswCQYDVQQGEwJ1czEVMBMGA1UEBwwMUmVkd29vZCBDaXR5MRMwEQYDVQQI +DApDYWxpZm9ybmlhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5dMQ +z4EwgCYLrxJCYTn0H5yncdJREDgAgkne3nQAmtJjfcoKNqRxieK5j1KjloF3Qvjt +c5gITvjpne1UrHTodPF9qpJrFieDPb9+CMUGg/R/gk20PofKa5+DhTMyeIEpBOa7 +P6/OdCGiwaGI85Js6JMnNX2YKerehKB44zVfiNmddn7T/3y2QFFNj3VH62tC4XNt +wZLCHnnO0JzOcZht5KA1JsITSLkT6/o//SZLpaNSAQkkanymdvszV5b0PDu4A0Fi +5Ch41Akset2kAlpRoRBaVVdNhqKDyzsGRFyzHD57EyyY4M6H3yh2T6SPPOTUOKgn +tcBfnFuijl2K/d87cnky1v1XzrvZqLzRz11ksLmZrUHZZ3PWfq2EndG8OiO4PdcF +sF4nd20yuUywW4nj5iZT5h6f8P06C62ILe+dJWNzpGm6JgyYvTnHoUXjoQR+TLs/ +WY1l1N2uf3lc5rkof4g+Ckh/6uI1k5XfyHIzw8Z9wEOliUvHXq/8TVZ653IMmfC8 +gIrIMNOXONMdG7ReTnsr9z7ckv/dYKbW1gWtyY8o92N3dLuYb8MpfvCHkVF5ItUR +52ay2wOQ1tDlfLUiU21yiglyW4rKanH6mrLd4mM8cphnPvRpZ9SM0qykwHrNqKOA +m9p0AwIf1zmUL6boX/Xd+6zM2HAXOPMS1EGjA6MCAwEAAaNyMHAwDAYDVR0TAQH/ +BAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYE +FDUwOWM0ZjZkYmZjMGUyODhjOGM4MB8GA1UdIwQYMBaAFGM2NDkzM2I4OWUzNTYw +ZmVhNWQzMA0GCSqGSIb3DQEBCwUAA4ICAQAmZbUs5P2HGRHt4W/QhGyfxxa/Go8K +6a1VZlh71OURsbQ42ZDCfrYgw8LtDPqx7ySlUlkjDcc7ZvRh6RzLyn+ARIohhKNH +PpEzIpOGm5P4zqY9R36STRSgCDl9iCNlk8pGKzqEIT+aCaZUWF+7NcFgePFDuN9W +FX5tXhxEqqn8rmvGMQ3ZtodxIJb6ksKz6j/JWnuvcD4EgI1ykyc8MAtIm2/qVmPQ +IofwXo6yL6ygT5K7cMsrte4EbzrHvuhuz89RHDmwmgB6XmZCWBOGYrO7lza2Yx0C +/m4LcUHPW6XgrtkvIcLST90Ng9fp8EQl7Rp3med0K83kdwKUt7Ju9aPze049tuTQ +QoHsIHDgsExK4wXUayHNgNNr8lMFm42gTB2DqP9F/Ihq7YhIdfXbOsVdS38Il9+Y +8RWI87H+0mAxsv2RnaNkEbmd+2vY9j1ebHyblN59mxDEY+h3W7v402ay01Ia2Lnw +szOAPq6AKZdfi0nan6zunurwEGKGeF4+Gr42RlA0Pcu1ZltBQVuMhvkO1wKZ5vO6 +MNR7swI0fH6VsyUms8wQbR85MCJg0MhpzRKw0g0Ka+c4nF1c4EmU4GaIbCNfzJy+ +68wdJDHhX+sbD7+AJBQ9i6TmtbPIGKNDHh9cMIXs+jMRtia/ZCYEsOOO5B+xrawF +JuZ4rgQv9ghmhQ== +-----END CERTIFICATE----- diff --git a/sources b/sources index 345423c36..0f9520ca0 100644 --- a/sources +++ b/sources @@ -1,12 +1,13 @@ -e04809394f4472c17e86d7024dee34f03fb68e82a85502fd5b00535202c72e57626a8376b2cf991b7e1e46404aa5ab8d189ebf320e0dd37d49e7efbc925c7a2e fedoraimaca.x509 -e67d1d2c39942f986026a4cb2fb80e9dba513a7095430a68c5f74791a97338a038f1f153fc639042c9326b72a605dd6b86fcc0e66dc405a323e211ef7360fa03 kernel-abi-stablelists-6.12.0-55.9.1.el10_0.tar.xz -a02b0cc5ca186917baf33f7cace650543b258728fd0f1b0f959bbd6783379af4ea9da366f449d143e81426af7dfb40e98b94e0150083bc2ec30bbe3884c4c247 kernel-kabi-dw-6.12.0-55.9.1.el10_0.tar.xz -f61cdeb0b53b5db6b5632bd3ac7a09c94db0fcbc5cf076be02fa658a553a9aab969e11abba6df3e37bda518bc598992ceb539b5e3a6dbf21eaed1dc0d6f11cf7 linux-6.12.0-55.9.1.el10_0.tar.xz -b42f836e1cfa07890cb6ca13de9c3950e306c9ec7686c4c09f050bb68869f5d82962b2cd5f3aa0eb7a0f3a3ae54e9c480eafbac5df53aa92c295ff511a8c59fe nvidiagpuoot001.x509 -eb2c2d342680d4c3453d3e4f30abdd1f6b0e98292e1be0410d0163afd01552a863b70ffaabeecd6e3981cd4d167198091a837c7d70f96a3a06de2d28b3355308 redhatsecureboot501.cer -0285fd7cb1755b399cdd2d848d9eba51b72ef2dd8ea5d40d7061c29685a12e15bf8eb083cb2f8c14eb69d248cb3af2c2332e06f80e19ed4cc029070198c0d522 redhatsecurebootca5.cer -ebf56d821acb5c17bb1842a8ddc8f1014a9e112ef7569531eedbabc82c6b5740e2709f96c5ebc87ba837e8085d0b090a9e63ddd06507692b41dae54a2b48d21b rheldup3.x509 -910b39fe16c2d8675c45c360797e6fb4a61d423b2c45a5a49aabc29a21b8dca44d50772353c3b4e557af25a2253d2ad2a2a3825a07cab556fd4eb154013c90de rhelima.x509 -8ee9a0107a7fe12078c1a82e4accbecca4d1246eadc60692880b5c2e6617c2ace27114d79ec6cc5fef11296fa11765145fcfbd8e2092fa96c56b13af925e5444 rhelima_centos.x509 -164411c37d48de2ed59c0c5d44eb9f84340cfb4e209c32370d669304a3457bf2663ebf90bc5e5a592c9899755a08015b9284db6a55237f6aa67bc10e5c04b325 rhelimaca1.x509 -2dac65723dca562dabdf503f44fb70052e6fb3569d257f6f59d13275408a91b400ced1f42b37bac29bf5d73c3c3a4f96c7819832d0cbe85134a989cbbf863d7b rhelkpatch1.x509 +SHA512 (kernel-abi-stablelists-6.12.0-55.19.1.el10_0.tar.xz) = 6fee4a7489cd6ee6048a2299bb42052b0dad0f40d9edd6f9412286728ddc25e5fd491605c7f176284cce339660d0d2585c02e20b3460ebdef08152a70cb81c33 +SHA512 (kernel-kabi-dw-6.12.0-55.19.1.el10_0.tar.xz) = 95e56376dcb6f68300626e83bc60ca36443866f04e600f0a3eeb459435ee1f1cc3287d578209d5c1522fa0cc3e5a0c7999d573e46c9070bc0001e49c9fb8f9aa +SHA512 (linux-6.12.0-55.19.1.el10_0.tar.xz) = 684c6f5fd052b1f2b2c621d4246b993237f0c104a0575f2682373433717cf2b404f806a602be371ab25eaf0d845d3b27559e646215be37819f458bfc3fb9df92 +SHA512 (nvidiagpuoot001.x509) = b42f836e1cfa07890cb6ca13de9c3950e306c9ec7686c4c09f050bb68869f5d82962b2cd5f3aa0eb7a0f3a3ae54e9c480eafbac5df53aa92c295ff511a8c59fe +SHA512 (olima1.x509) = 123c26c1d698cc8523845c6e1103b9c72abf855acd225d37baf1f3388a47f912166d6d786fb367fe46de39e011b586ad7f3963aa2e8923da30a6ea9ae0d76ad3 +SHA512 (olimaca1.x509) = 3a779415fad29d6f7250ec97ab1f0a5eb62c351b724feee06b22e17f065bf74a558f32cc524d3222c4485635ae5b9cd5287855c94010fe743b51a4d954340c4c +SHA512 (redhatsecureboot501.cer) = eb2c2d342680d4c3453d3e4f30abdd1f6b0e98292e1be0410d0163afd01552a863b70ffaabeecd6e3981cd4d167198091a837c7d70f96a3a06de2d28b3355308 +SHA512 (redhatsecurebootca5.cer) = 0285fd7cb1755b399cdd2d848d9eba51b72ef2dd8ea5d40d7061c29685a12e15bf8eb083cb2f8c14eb69d248cb3af2c2332e06f80e19ed4cc029070198c0d522 +SHA512 (rheldup3.x509) = ebf56d821acb5c17bb1842a8ddc8f1014a9e112ef7569531eedbabc82c6b5740e2709f96c5ebc87ba837e8085d0b090a9e63ddd06507692b41dae54a2b48d21b +SHA512 (rhelima.x509) = 910b39fe16c2d8675c45c360797e6fb4a61d423b2c45a5a49aabc29a21b8dca44d50772353c3b4e557af25a2253d2ad2a2a3825a07cab556fd4eb154013c90de +SHA512 (rhelima_centos.x509) = 8ee9a0107a7fe12078c1a82e4accbecca4d1246eadc60692880b5c2e6617c2ace27114d79ec6cc5fef11296fa11765145fcfbd8e2092fa96c56b13af925e5444 +SHA512 (rhelimaca1.x509) = 164411c37d48de2ed59c0c5d44eb9f84340cfb4e209c32370d669304a3457bf2663ebf90bc5e5a592c9899755a08015b9284db6a55237f6aa67bc10e5c04b325 +SHA512 (rhelkpatch1.x509) = 2dac65723dca562dabdf503f44fb70052e6fb3569d257f6f59d13275408a91b400ced1f42b37bac29bf5d73c3c3a4f96c7819832d0cbe85134a989cbbf863d7b diff --git a/uki_addons.json b/uki_addons.json index f0bc569a7..accaf3901 100644 --- a/uki_addons.json +++ b/uki_addons.json @@ -1,30 +1,10 @@ { - "virt": { - "rhel": { - "aarch64": { - "crashkernel-default.addon": [ - "crashkernel=1G-4G:256M,4G-64G:320M,64G-:576M\n" - ] - } - }, - "common": { - "fips-disable.addon": [ - "fips=0\n" - ], - "fips-enable.addon": [ - "fips=1\n" - ] - } - }, "common": { - "crashkernel-default.addon": [ - "crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M\n" - ], "crashkernel-1536M.addon": [ "crashkernel=1536M\n" ], - "crashkernel-2G.addon": [ - "crashkernel=2G\n" + "crashkernel-192M.addon": [ + "crashkernel=192M\n" ], "crashkernel-1G.addon": [ "crashkernel=1G\n" @@ -32,14 +12,34 @@ "crashkernel-256M.addon": [ "crashkernel=256M\n" ], - "crashkernel-192M.addon": [ - "crashkernel=192M\n" + "crashkernel-2G.addon": [ + "crashkernel=2G\n" ], "crashkernel-512M.addon": [ "crashkernel=512M\n" ], + "crashkernel-default.addon": [ + "crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M\n" + ], "debug.addon": [ "debug" ] + }, + "virt": { + "common": { + "fips-disable.addon": [ + "fips=0\n" + ], + "fips-enable.addon": [ + "fips=1\n" + ] + }, + "rhel": { + "aarch64": { + "crashkernel-default.addon": [ + "crashkernel=1G-4G:256M,4G-64G:320M,64G-:576M\n" + ] + } + } } } \ No newline at end of file diff --git a/x509.genkey.rhel b/x509.genkey.rhel index b1bbe387f..5b7056d65 100644 --- a/x509.genkey.rhel +++ b/x509.genkey.rhel @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = Red Hat -CN = Red Hat Enterprise Linux kernel signing key -emailAddress = secalert@redhat.com +O = Oracle America, Inc.,c=US +CN = Oracle CA Server +emailAddress = support@oracle.com [ myexts ] basicConstraints=critical,CA:FALSE