Skip to content

Commit 911a584

Browse files
mirage335mirage335
committed
Draft - config .
1 parent 498471a commit 911a584

18 files changed

+47
-15
lines changed

_lib/linux/lts-server/.config

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8069,7 +8069,7 @@ CONFIG_MMC_SDRICOH_CS=m
80698069
CONFIG_MMC_CB710=m
80708070
CONFIG_MMC_VIA_SDMMC=m
80718071
CONFIG_MMC_VUB300=m
8072-
CONFIG_MMC_USHC=m
8072+
# CONFIG_MMC_USHC is not set
80738073
# CONFIG_MMC_USDHI6ROL0 is not set
80748074
CONFIG_MMC_REALTEK_PCI=m
80758075
CONFIG_MMC_REALTEK_USB=m

_lib/linux/lts-server/statement.html

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,14 +70,14 @@
7070
<!-- # --><span style="color:#b218b2;background-color:#848484;"> Carefully evaluate 'tradeoff-legacy' for specific use cases.</span>
7171
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: tradeoff-harden</span>
7272
<!-- # --><span style="color:#b218b2;background-color:#848484;"> Carefully evaluate 'tradeoff-harden' for specific use cases.</span>
73+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CPU_SRSO</span>
7374
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_RETPOLINE</span>
7475
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_PAGE_TABLE_ISOLATION</span>
7576
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_RETHUNK</span>
7677
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_UNRET_ENTRY</span>
7778
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_IBPB_ENTRY</span>
7879
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_IBRS_ENTRY</span>
7980
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_SLS</span>
80-
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_X86_SGX_kVM</span>
8181
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: TDX_GUEST_DRIVER</span>
8282
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT</span>
8383
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_DEBUG_CREDENTIALS</span>
@@ -94,6 +94,7 @@
9494
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_GCC_PLUGIN_RANDSTRUCT</span>
9595
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: N: CONFIG_KEXEC</span>
9696
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: Y: CONFIG_EFI_DISABLE_PCI_DMA</span>
97+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_GDS_FORCE_MITIGATION</span>
9798
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: virtualization-accessory</span>
9899
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: virtualbox</span>
99100
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: boot</span>
@@ -126,8 +127,10 @@
126127
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: investigation: docker</span>
127128
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: investigation: prog</span>
128129
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: convenience</span>
130+
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: embedded</span>
129131
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: special</span>
130132
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: N: BLK_DEV_WRITE_MOUNTED</span>
133+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: N: SSB_SDIOHOST_POSSIBLE</span>
131134
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make menuconfig</span>
132135
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make -j $(nproc)</span>
133136
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make deb-pkg -j $(nproc)</span>

_lib/linux/lts-server/statement.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,14 +72,14 @@ if false; then true; # -->
7272
<!-- # --><span style="color:#b218b2;background-color:#848484;"> Carefully evaluate 'tradeoff-legacy' for specific use cases.</span>
7373
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: tradeoff-harden</span>
7474
<!-- # --><span style="color:#b218b2;background-color:#848484;"> Carefully evaluate 'tradeoff-harden' for specific use cases.</span>
75+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CPU_SRSO</span>
7576
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_RETPOLINE</span>
7677
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_PAGE_TABLE_ISOLATION</span>
7778
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_RETHUNK</span>
7879
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_UNRET_ENTRY</span>
7980
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_IBPB_ENTRY</span>
8081
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_IBRS_ENTRY</span>
8182
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_SLS</span>
82-
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_X86_SGX_kVM</span>
8383
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: TDX_GUEST_DRIVER</span>
8484
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT</span>
8585
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_DEBUG_CREDENTIALS</span>
@@ -96,6 +96,7 @@ if false; then true; # -->
9696
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_GCC_PLUGIN_RANDSTRUCT</span>
9797
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: N: CONFIG_KEXEC</span>
9898
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: Y: CONFIG_EFI_DISABLE_PCI_DMA</span>
99+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_GDS_FORCE_MITIGATION</span>
99100
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: virtualization-accessory</span>
100101
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: virtualbox</span>
101102
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: boot</span>
@@ -128,8 +129,10 @@ if false; then true; # -->
128129
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: investigation: docker</span>
129130
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: investigation: prog</span>
130131
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: convenience</span>
132+
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: embedded</span>
131133
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: special</span>
132134
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: N: BLK_DEV_WRITE_MOUNTED</span>
135+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: N: SSB_SDIOHOST_POSSIBLE</span>
133136
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make menuconfig</span>
134137
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make -j $(nproc)</span>
135138
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make deb-pkg -j $(nproc)</span>

_lib/linux/lts-server/statement.pdf

-79 Bytes
Binary file not shown.

_lib/linux/lts-server/statement.sh.out.txt

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,14 @@ _ Statement _
66
 Carefully evaluate 'tradeoff-legacy' for specific use cases. 
77
 kernelConfig: tradeoff-harden 
88
 Carefully evaluate 'tradeoff-harden' for specific use cases. 
9+
 bad: not: Y: CPU_SRSO 
910
 bad: not: Y: CONFIG_RETPOLINE 
1011
 bad: not: Y: CONFIG_PAGE_TABLE_ISOLATION 
1112
 bad: not: Y: CONFIG_RETHUNK 
1213
 bad: not: Y: CONFIG_CPU_UNRET_ENTRY 
1314
 bad: not: Y: CONFIG_CPU_IBPB_ENTRY 
1415
 bad: not: Y: CONFIG_CPU_IBRS_ENTRY 
1516
 bad: not: Y: CONFIG_SLS 
16-
 bad: not: Y: CONFIG_X86_SGX_kVM 
1717
 bad: not: Y: TDX_GUEST_DRIVER 
1818
 bad: not: Y: CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT 
1919
 bad: not: Y: CONFIG_DEBUG_CREDENTIALS 
@@ -30,6 +30,7 @@ _ Statement _
3030
 bad: not: Y: CONFIG_GCC_PLUGIN_RANDSTRUCT 
3131
 warn: not: N: CONFIG_KEXEC 
3232
 warn: not: Y: CONFIG_EFI_DISABLE_PCI_DMA 
33+
 bad: not: Y: CONFIG_GDS_FORCE_MITIGATION 
3334
 kernelConfig: virtualization-accessory 
3435
 kernelConfig: virtualbox 
3536
 kernelConfig: boot 
@@ -62,8 +63,10 @@ _ Statement _
6263
 kernelConfig: investigation: docker 
6364
 kernelConfig: investigation: prog 
6465
 kernelConfig: convenience 
66+
 kernelConfig: embedded 
6567
 kernelConfig: special 
6668
 warn: not: N: BLK_DEV_WRITE_MOUNTED 
69+
 bad: not: N: SSB_SDIOHOST_POSSIBLE 
6770
 request: make menuconfig 
6871
 request: make -j $(nproc) 
6972
 request: make deb-pkg -j $(nproc) 

_lib/linux/lts-server/statement_presentation.html

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,14 +70,14 @@
7070
<!-- # --><span style="color:#b218b2;background-color:#848484;"> Carefully evaluate 'tradeoff-legacy' for specific use cases.</span>
7171
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: tradeoff-harden</span>
7272
<!-- # --><span style="color:#b218b2;background-color:#848484;"> Carefully evaluate 'tradeoff-harden' for specific use cases.</span>
73+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CPU_SRSO</span>
7374
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_RETPOLINE</span>
7475
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_PAGE_TABLE_ISOLATION</span>
7576
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_RETHUNK</span>
7677
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_UNRET_ENTRY</span>
7778
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_IBPB_ENTRY</span>
7879
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_IBRS_ENTRY</span>
7980
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_SLS</span>
80-
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_X86_SGX_kVM</span>
8181
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: TDX_GUEST_DRIVER</span>
8282
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT</span>
8383
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_DEBUG_CREDENTIALS</span>
@@ -94,6 +94,7 @@
9494
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_GCC_PLUGIN_RANDSTRUCT</span>
9595
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: N: CONFIG_KEXEC</span>
9696
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: Y: CONFIG_EFI_DISABLE_PCI_DMA</span>
97+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_GDS_FORCE_MITIGATION</span>
9798
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: virtualization-accessory</span>
9899
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: virtualbox</span>
99100
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: boot</span>
@@ -126,8 +127,10 @@
126127
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: investigation: docker</span>
127128
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: investigation: prog</span>
128129
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: convenience</span>
130+
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: embedded</span>
129131
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: special</span>
130132
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: N: BLK_DEV_WRITE_MOUNTED</span>
133+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: N: SSB_SDIOHOST_POSSIBLE</span>
131134
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make menuconfig</span>
132135
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make -j $(nproc)</span>
133136
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make deb-pkg -j $(nproc)</span>

_lib/linux/mainline-server/.config

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8069,7 +8069,7 @@ CONFIG_MMC_SDRICOH_CS=m
80698069
CONFIG_MMC_CB710=m
80708070
CONFIG_MMC_VIA_SDMMC=m
80718071
CONFIG_MMC_VUB300=m
8072-
CONFIG_MMC_USHC=m
8072+
# CONFIG_MMC_USHC is not set
80738073
# CONFIG_MMC_USDHI6ROL0 is not set
80748074
CONFIG_MMC_REALTEK_PCI=m
80758075
CONFIG_MMC_REALTEK_USB=m

_lib/linux/mainline-server/statement.html

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,14 +70,14 @@
7070
<!-- # --><span style="color:#b218b2;background-color:#848484;"> Carefully evaluate 'tradeoff-legacy' for specific use cases.</span>
7171
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: tradeoff-harden</span>
7272
<!-- # --><span style="color:#b218b2;background-color:#848484;"> Carefully evaluate 'tradeoff-harden' for specific use cases.</span>
73+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CPU_SRSO</span>
7374
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_RETPOLINE</span>
7475
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_PAGE_TABLE_ISOLATION</span>
7576
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_RETHUNK</span>
7677
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_UNRET_ENTRY</span>
7778
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_IBPB_ENTRY</span>
7879
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_CPU_IBRS_ENTRY</span>
7980
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_SLS</span>
80-
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_X86_SGX_kVM</span>
8181
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: TDX_GUEST_DRIVER</span>
8282
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT</span>
8383
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_DEBUG_CREDENTIALS</span>
@@ -94,6 +94,7 @@
9494
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_GCC_PLUGIN_RANDSTRUCT</span>
9595
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: N: CONFIG_KEXEC</span>
9696
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: Y: CONFIG_EFI_DISABLE_PCI_DMA</span>
97+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: Y: CONFIG_GDS_FORCE_MITIGATION</span>
9798
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: virtualization-accessory</span>
9899
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: virtualbox</span>
99100
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: boot</span>
@@ -126,8 +127,10 @@
126127
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: investigation: docker</span>
127128
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: investigation: prog</span>
128129
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: convenience</span>
130+
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: embedded</span>
129131
<!-- # --><span style="color:#18b2b2;background-color:#848484;"> kernelConfig: special</span>
130132
<!-- # --><span style="color:#ffff54;background-color:#848484;"> warn: not: N: BLK_DEV_WRITE_MOUNTED</span>
133+
<!-- # --><span style="color:#b21818;background-color:#848484;"> bad: not: N: SSB_SDIOHOST_POSSIBLE</span>
131134
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make menuconfig</span>
132135
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make -j $(nproc)</span>
133136
<!-- # --><span style="color:#b218b2;background-color:#848484;"> request: make deb-pkg -j $(nproc)</span>

0 commit comments

Comments
 (0)