Fedora currently only supports x86_64 secureboot signing.
There's ongoing work to enable other arches though. For now,
just bring in the packaging support with some of it commented
out.
While Fedora doesn't officially support kpatch, there's work
being done to enable kpatch elsewhere. Add the packaging work
but don't actually build anything.
The kernel currently builds the headers in a separate repository but
rebuilds may want to build it from the same srpm. Make sure the
cross command actually works.
The gcc-plugin-devel was a noble experiment that doesn't seem to be
something we'll shipp anytime soon. Remove it.
Building the headers now requires rsync
Two Kconfig symbols were part of upstream v5.3-rc1 but didn't make it
into v5.3 (for reasons I couldn't be bothered to unearth): PREEMPT_LL
and SOUNDWIRE_BUS. Remove them from our configuration generation system
too.
Commit 3e636fe3a6 ("Remove patch for GCC VTA") forgot to clean up the
configs/ directory. Do so now.
Commit e21e52b608 ("Linux v5.3-13236-g97f9a3c4eee5") forgot to remove
CONFIG_LOCK_DOWN_KERNEL and CONFIG_LOCK_DOWN_KERNEL_FORCE from the
configs/ directory. Do so now.
Commit 5c0d4daff4 ("Remove crash driver") forgot to clean up the
configs/ directory. Do so now.
There are 22 Kconfig symbols referenced in the files used for
configuration generation and in the shipped .config files that were
dropped in upstream v5.4-rc1. The references to these symbols can be
safely removed.
These symbols are:
CONFIG_ARM_QCOM_CPUFREQ_KRYO
CONFIG_CRYPTO_AEGIS128L
CONFIG_CRYPTO_AEGIS128L_AESNI_SSE2
CONFIG_CRYPTO_AEGIS256
CONFIG_CRYPTO_AEGIS256_AESNI_SSE2
CONFIG_CRYPTO_AES_586
CONFIG_CRYPTO_AES_X86_64
CONFIG_CRYPTO_MORUS1280
CONFIG_CRYPTO_MORUS1280_AVX2
CONFIG_CRYPTO_MORUS1280_SSE2
CONFIG_CRYPTO_MORUS640
CONFIG_CRYPTO_MORUS640_SSE2
CONFIG_DRM_TINYDRM
CONFIG_HISI_KIRIN_DW_DSI
CONFIG_I2C_BCM2048
CONFIG_KEXEC_VERIFY_SIG
CONFIG_MFD_CROS_EC_CHARDEV
CONFIG_MTD_M25P80
CONFIG_SENSORS_ADS1015
CONFIG_SERIAL_8250_MOXA
CONFIG_SGI_IOC4
CONFIG_TINYDRM_MIPI_DBI
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
The driver is needed for testing purposes, enable it on the architectures
where EFI is supported. Also, disallow access to the registered device if
the kernel is locked down.
Fedora has been carrying this patch for a very long time as
a workaround for MacBook Airs1,1. We've also gotten smarter
about detection (see d79e141c1c6e ("Input: i8042 - Trust
firmware a bit more when probing on X86")) so let's try
dropping this.