The Linux kernel
Go to file
Dave Young eca4cec9a5 kexec/uefi: copy secure boot flag in boot params across kexec reboot
Kexec reboot in case secure boot enabled does not keep the secure boot mode
in new kernel, so later one can load unsigned kernel via legacy kexec_load.

Adding a patch to fix this by retain the secure_boot flag in original kernel.

Signed-off-by: Dave Young <dyoung@redhat.com>
2015-08-07 07:17:02 -04:00
scripts Revert "Use git format-patch for git snapshots" 2015-07-24 08:26:40 -04:00
.gitignore add kernel-4* to .gitignore 2015-03-13 12:54:51 -04:00
0001-dm-fix-dm_merge_bvec-regression-on-32-bit-systems.patch Fix i386 boot bug correctly (rhbz 1247382) 2015-08-03 21:09:12 -04:00
acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch Linux v4.2-rc2 2015-07-13 10:53:53 -04:00
ACPI-Limit-access-to-custom_method.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
Add-an-EFI-signature-blob-parser-and-key-loader.patch Linux v4.1-11355-g6aaf0da8728c 2015-06-30 13:01:28 -04:00
Add-EFI-signature-data-types.patch Linux v4.1-11355-g6aaf0da8728c 2015-06-30 13:01:28 -04:00
Add-option-to-automatically-enforce-module-signature.patch Linux v4.2-rc2 2015-07-13 10:53:53 -04:00
Add-secure_modules-call.patch Linux v4.2-rc2 2015-07-13 10:53:53 -04:00
Add-sysrq-option-to-disable-secure-boot-mode.patch Linux v4.2-rc2 2015-07-13 10:53:53 -04:00
amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch Update AMD Seattle a0 eth driver for 4.2 2015-07-14 18:52:00 +01:00
amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch Update AMD Seattle a0 eth driver for 4.2 2015-07-14 18:52:00 +01:00
arm64-acpi-drop-expert-patch.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
arm64-avoid-needing-console-to-enable-serial-console.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
arm-i.MX6-Utilite-device-dtb.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
ARM-tegra-usb-no-reset.patch Linux v4.1-11235-gc63f887bdae8 2015-06-29 11:24:25 -04:00
asus-wmi-Restrict-debugfs-interface-when-module-load.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
ath9k-rx-dma-stop-check.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
config-arm64 Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
config-arm-generic Enable DW MMC for generic ARM (hi6220 SoC support) 2015-07-17 10:48:13 +01:00
config-armv7 arm: drop old config options (nfc) 2015-07-17 14:11:11 +01:00
config-armv7-generic Linux v4.2-rc4-111-g8400935737bf 2015-07-31 11:49:28 -04:00
config-armv7-lpae minor virt config cleanups (NFC) 2015-05-03 18:50:11 +01:00
config-debug Linux v3.19-rc4 2015-01-12 11:36:21 -05:00
config-generic Disable debugging options. 2015-08-03 08:57:53 -04:00
config-i686-PAE Remove all references to unknown Kconfig symbols 2014-10-02 08:26:50 -04:00
config-local Add support for local rebuild config option overrides 2011-01-10 17:37:27 -05:00
config-no-extra disable extras on arm 2013-10-03 12:22:16 -04:00
config-nodebug Disable debugging options. 2015-08-03 08:57:53 -04:00
config-powerpc64 Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
config-powerpc64-generic Disable CRYPTO_DEV_VMX_ENCRYPT on PPC for now to fix Power 8 boot (rhbz 1237089) 2015-07-30 13:59:46 +01:00
config-powerpc64le Reorganisation and cleanup of the powerpc configs 2015-06-26 22:23:54 +01:00
config-powerpc64p7 Reorganisation and cleanup of the powerpc configs 2015-06-26 22:23:54 +01:00
config-s390x Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
config-x86_64-generic Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
config-x86-32-generic Linux v4.2-rc1-62-gc4b5fd3fb205 2015-07-10 09:47:55 -04:00
config-x86-generic Always enable mmiotrace when building x86 kernels 2015-08-04 07:49:09 -04:00
cpupower.config Create the kernel-tools package. WHEE 2011-08-17 21:19:57 -04:00
cpupower.service Create the kernel-tools package. WHEE 2011-08-17 21:19:57 -04:00
crash-driver.patch Linux v4.1-11355-g6aaf0da8728c 2015-06-30 13:01:28 -04:00
criu-no-expert.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
die-floppy-die.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
disable-i8042-check-on-apple-mac.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
drm-i915-hush-check-crtc-state.patch Linux v4.2-rc2 2015-07-13 10:53:53 -04:00
drm-i915-turn-off-wc-mmaps.patch Linux v4.1-11235-gc63f887bdae8 2015-06-29 11:24:25 -04:00
efi-Add-EFI_SECURE_BOOT-bit.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch Linux v4.1-11355-g6aaf0da8728c 2015-06-30 13:01:28 -04:00
efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch Linux v4.2-rc2 2015-07-13 10:53:53 -04:00
filter-aarch64.sh Fix filter files for the rpcrdma rename 2015-06-29 12:43:51 -04:00
filter-armv7hl.sh Fix filter files for the rpcrdma rename 2015-06-29 12:43:51 -04:00
filter-i686.sh Fix filter files for the rpcrdma rename 2015-06-29 12:43:51 -04:00
filter-modules.sh Linux v4.2-rc4-111-g8400935737bf 2015-07-31 11:49:28 -04:00
filter-ppc64.sh Fix filter files for the rpcrdma rename 2015-06-29 12:43:51 -04:00
filter-ppc64le.sh Fix filter files for the rpcrdma rename 2015-06-29 12:43:51 -04:00
filter-ppc64p7.sh Fix filter files for the rpcrdma rename 2015-06-29 12:43:51 -04:00
filter-s390x.sh Rename kernel-drivers to kernel-modules 2014-05-01 21:10:48 -04:00
filter-x86_64.sh Rename kernel-drivers to kernel-modules 2014-05-01 21:10:48 -04:00
firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch Linux v4.2-rc2 2015-07-13 10:53:53 -04:00
hibernate-Disable-in-a-signed-modules-environment.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch Patch from Nicholas Kudriavtsev for Acer Switch 12 Fn keys (rhbz 1244511) 2015-08-04 14:28:47 -04:00
input-kill-stupid-messages.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
input-silence-i8042-noise.patch Linux v4.1-5596-gaefbef10e3ae 2015-06-26 09:33:38 -04:00
Input-synaptics-pin-3-touches-when-the-firmware-repo.patch Linux v4.2-rc2 2015-07-13 10:53:53 -04:00
Kbuild-Add-an-option-to-enable-GCC-VTA.patch Linux v4.2-rc2 2015-07-13 10:53:53 -04:00
kbuild-AFTER_LINK.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
kdbus.patch Update to latest upstream kdbus 2015-08-06 14:39:08 -04:00
kernel.spec kexec/uefi: copy secure boot flag in boot params across kexec reboot 2015-08-07 07:17:02 -04:00
kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
kexec-uefi-copy-secure_boot-flag-in-boot-params.patch kexec/uefi: copy secure boot flag in boot params across kexec reboot 2015-08-07 07:17:02 -04:00
KEYS-Add-a-system-blacklist-keyring.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch Linux v4.1-11355-g6aaf0da8728c 2015-06-30 13:01:28 -04:00
lis3-improve-handling-of-null-rate.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
Makefile Linux v3.19-rc2 2015-01-05 16:09:49 -05:00
Makefile.config Reorganisation and cleanup of the powerpc configs 2015-06-26 22:23:54 +01:00
Makefile.release Linux v3.19-rc2 2015-01-05 16:09:49 -05:00
merge.pl initial srpm import 2010-07-29 16:46:31 -07:00
mod-extra.list Move joydev.ko from kernel-modules-extra to kernel-modules 2015-08-04 07:48:12 -04:00
mod-extra.sh Prep mod-extra.sh for signed modules 2012-09-25 13:22:00 -04:00
mod-sign.sh simplify the signing stuff now that sign-file takes pub/priv key args 2013-03-28 16:33:21 -04:00
MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch Linux v4.2-rc1 2015-07-06 16:34:35 -04:00
MODSIGN-Support-not-importing-certs-from-db.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
no-pcspkr-modalias.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
PatchList.txt Linux v3.13-rc1-77-g4c1cc40 2013-11-24 08:42:45 -05:00
PCI-Lock-down-BAR-access-when-module-security-is-ena.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
README.txt document inheritance/heirarchy of config generation 2012-01-13 15:42:52 -05:00
rebase-notes.txt rebase-notes: no X32 2012-03-19 20:54:31 -04:00
Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch Linux v4.1-5596-gaefbef10e3ae 2015-06-26 09:33:38 -04:00
silence-fbcon-logo.patch Linux v4.1-11235-gc63f887bdae8 2015-06-29 11:24:25 -04:00
sources Linux v4.2-rc5-42-g4e6b6ee253ce 2015-08-05 10:35:31 -04:00
TODO re-enable RCU_FAST_NO_HZ, enable NO_HZ_FULL on x86_64 2014-09-17 13:10:12 -05:00
usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch Linux v4.1-11235-gc63f887bdae8 2015-06-29 11:24:25 -04:00
watchdog-Disable-watchdog-on-virtual-machines.patch Linux v4.1-5596-gaefbef10e3ae 2015-06-26 09:33:38 -04:00
x86-Lock-down-IO-port-access-when-module-security-is.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
x86-Restrict-MSR-access-when-module-loading-is-restr.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00
x509.genkey Switch to using modsign-post-KS upstream with x509 certs 2012-09-25 13:22:04 -04:00
xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch Linux v4.1-rc2-79-g0e1dc4274828 2015-05-07 09:22:47 -04:00

		Kernel package tips & tricks.
		~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The kernel is one of the more complicated packages in the distro, and
for the newcomer, some of the voodoo in the spec file can be somewhat scary.
This file attempts to document some of the magic.


Speeding up make prep
---------------------
The kernel is nearly 500MB of source code, and as such, 'make prep'
takes a while. The spec file employs some trickery so that repeated
invocations of make prep don't take as long.  Ordinarily the %prep
phase of a package will delete the tree it is about to untar/patch.
The kernel %prep keeps around an unpatched version of the tree,
and makes a symlink tree clone of that clean tree and than applies
the patches listed in the spec to the symlink tree.
This makes a huge difference if you're doing multiple make preps a day.
As an added bonus, doing a diff between the clean tree and the symlink
tree is slightly faster than it would be doing two proper copies of the tree.


build logs.
-----------
There's a convenience helper script in scripts/grab-logs.sh
that will grab the build logs from koji for the kernel version reported
by make verrel


config heirarchy.
-----------------
Instead of having to maintain a config file for every arch variant we build on,
the kernel spec uses a nested system of configs.  At the top level, is
config-generic. Add options here that should be present in every possible
config on all architectures.

Beneath this are per-arch overrides. For example config-x86-generic add
additional x86 specific options, and also _override_ any options that were
set in config-generic.

The heirarchy looks like this..

                           config-generic
                                 |
                         config-x86-generic
                         |                |
             config-x86-32-generic   config-x86-64-generic

An option set in a lower level will override the same option set in one
of the higher levels.


There exist two additional overrides, config-debug, and config-nodebug,
which override -generic, and the per-arch overrides. It is documented
further below.


debug options.
--------------
This is a little complicated, as the purpose & meaning of this changes
depending on where we are in the release cycle.
If we are building for a current stable release, 'make release' has
typically been run already, which sets up the following..
- Two builds occur, a 'kernel' and a 'kernel-debug' flavor.
- kernel-debug will get various heavyweight debugging options like
  lockdep etc turned on.

If we are building for rawhide, 'make debug' has been run, which changes
the status quo to:
- We only build one kernel 'kernel'
- The debug options from 'config-debug' are always turned on.
This is done to increase coverage testing, as not many people actually
run kernel-debug.

To add new debug options, add an option to _both_ config-debug and config-nodebug,
and also new stanzas to the Makefile 'debug' and 'release' targets.

Sometimes debug options get added to config-generic, or per-arch overrides
instead of config-[no]debug. In this instance, the options should have no
discernable performance impact, otherwise they belong in the debug files.