| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
| |
"reason" says:
The typical embedded use-cases are more sensitive to latency than
throughput. Thus a fully preemptible kernel is preferred.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
"reason" says:
Keeping userspace processes without CAP_SYS_RAWIO from writing to low pages
can help reduce the impact of kernel NULL pointer bugs. 64kB is recommended
by default. 32kB is recommended on ARM.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
| |
Found by "reason".
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
"reason" says:
Enable ARM idle if possible. Before Linux kernel version 4.8,
networking on i.MX6 may be broken.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
| |
"reason" detected that we have initrd support, but we don't use it.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
"reason" says:
Auditing support is not needed on most embedded systems. Except
INTEGRITY is enabled.
We don't have INTEGRITY, so disable AUDIT as well.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
"reason" says:
Randomizes the freelist order used on creating new pages. This
security feature reduces the predictability of the kernel slab
allocator against heap overflows.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
"reason" says:
Namespace support is not needed on most embedded systems (except NET_NS for
systemd).
Switch it off.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
| |
Only root needs access to dmesg by default.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
"reason" says:
fq_codel helps fight the network bufferbloat problem. It is believed
to be a good default with no tuning required for most workloads.
Enable it.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This config enables the early debug for the Raspberry-Pi Firmware
bootloader.
This makes sure that the UART is available to barebox even if the
used board has additional hardware (like Bluetooth) connected to the
UART.
This command only works if the firmware is loaded from the SD-Card.
See for more information:
https://github.com/raspberrypi/firmware/wiki/USB-MSD-and-network-boot-debugging
Signed-off-by: Chris Fiege <chris@tinyhost.de>
|
|
|
|
|
|
|
| |
These patch has been merged by upstream and is part of barebox
since 2017.12.0.
Signed-off-by: Chris Fiege <chris@tinyhost.de>
|
|
|
|
|
|
|
|
| |
This firmware was taken from the official firmware repository at:
https://github.com/raspberrypi/firmware
from 86e3ccc14e43618f82a13e639002199de29a16b1
Signed-off-by: Chris Fiege <chris@tinyhost.de>
|
|
|
|
|
|
|
| |
CRYPTO_SHA256 is set as a dependency of several modules, so
CRYPTO_SHA256_ARM shold be used too.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
This option checks for a stack overrun on calls to schedule(). If the
stack end location is found to be overwritten, always panic as the
content of the corrupted region can no longer be trusted. This is to
ensure no erroneous behaviour occurs which could result in data
corruption or a sporadic crash at a later stage once the region is
examined. The runtime overhead introduced is minimal.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
| |
RPi doesn't have any usable storage for swap.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
|
| |
ext2 and ext3 have been replaced by ext4, and those two file systems are
not used on the target.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
| |
/proc/config.gz is useful for debugging or rebuilding the kernel.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
|
| |
This protects against using obviously wrong memory regions when copying
memory to/from the kernel.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
|
|
| |
The kernel lockup detector should be active, as it's low overhead and
potentially provides useful debug output when the system is failing due
to a lockup.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
| |
Enable some debug options needed for 'ss'.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
To avoid security issues, only sync (MAGIC_SYSRQ_DEFAULT_ENABLE == 0x10)
is allowed by default. Note: with systemd, another value is always set
at runtime (also 0x10 by default) so the runtime default should be
changed there. Suggested by 'reason' checker.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Alexander Dahl <post@lespocky.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch to using the gdb version provided by the toolchain, and clear its
md5sum to prevent problems in the get stage (see thread in [9]).
Otherwise use the default configuration.
Compile-tested on platforms v7a, v8a and rpi.
[9]: https://www.mail-archive.com/ptxdist@pengutronix.de/msg13675.html
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
- enable stack protector
- link with --as-needed
- don't add CONFIG_DEBUG_SECTION_MISMATCH=y to makevars
- don't create the ipkg index
All suggested by reason.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
Needed to build scripts/extract-cert (CONFIG_SYSTEM_TRUSTED_KEYRING).
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
Remove all references to PTXDIST_PLATFORMCONFIGDIR to do this.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
For lm-sensors to be able to read the RPi temperatur sensor we need
CONFIG_THERMAL and CONFIG_HWMON, see
https://github.com/groeck/lm-sensors/issues/30 for details.
Signed-off-by: Alexander Dahl <post@lespocky.de>
|
|
|
|
| |
Signed-off-by: Alexander Dahl <post@lespocky.de>
|
|
|
|
|
|
|
| |
Update to ptxdist-2018.10.0, which is the first one that contains
layering support.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reason suggests:
--- reference
+++ suggested
@@ -1 +1,11 @@
-systemd_cgroup_bpf: {}
+systemd_cgroup_bpf:
+ history:
+ systemd_ptxdist.ref:
+ description: |
+ Since systemd 235 (present in PTXdist 2018.01) BPF programs
+ attached to cgroups are used to implement some of the
+ firewalling features. This requires kernel support.
+ analyzer: kconfig.KernelConfig()['CGROUP_BPF']
+ matched: (kconfig.KernelConfig().version >=
+ kconfig.KernelConfig().parse_version('4.10') and
+ kconfig.PTXBSPConfig().version >=
+ kconfig.PTXBSPConfig().parse_version('2018.01'))
+ value: True
+ value: False
CGROUP_BPF depends on CONFIG_BPF_SYSCALL, so enable that too.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
| |
Run a ptxdist migrate with default settings.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
|
|
| |
Since ptxdist 2016.07, there is only one unified image section in
platformconfig. If the package is in a section named "image2", it will
never be built because that section no longer exists.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
|
| |
We're too late for 2018.04.0, so we skip it. Some packages moved into
staging, but they were disabled anyway.
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Roland Hieber <rohieb@rohieb.name>
|
|
|
|
|
|
|
|
| |
The old barebox does not build with OSELAS.Toolchain-2018.02. Also
barebox is configured to compress its image with LZO, so host-lzop is
needed.
Signed-off-by: Roland Hieber <rohieb@rohieb.name>
|
|
|
|
|
|
| |
Update ptxdist to the latest version.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
| |
Update PTXdist to the latest version:
- systemd now uses the Python-based Meson build system
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
|
|
|
|
|
|
|
| |
Use the LED related settings from bcm2835_defconfig. Now the ACT LED
blinks like an heartbeat.
Tested-by: Roland Hieber <rohieb@rohieb.name>
Signed-off-by: Alexander Dahl <post@lespocky.de>
|
|
|
|
|
| |
Tested-by: Roland Hieber <rohieb@rohieb.name>
Signed-off-by: Alexander Dahl <post@lespocky.de>
|
|
|
|
|
| |
Tested-by: Roland Hieber <rohieb@rohieb.name>
Signed-off-by: Alexander Dahl <post@lespocky.de>
|
|
|
|
| |
Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
|
| |
|