5.5.1.arch1-1: Enable INTEL_IOMMU_DEFAULT_ON

IOMMU is important for security in systems using PCI bridges (e.g.
Thunderbolt, USB4) or other means of DMA from potentially untrusted
devices (e.g. FireWire). It's also used to safely pass devices into VMs.

Enable it by default. It can still be disabled at boot using
intel_iommu=off. intel_iommu=igfx_off is also available to exclude just
the iGPU.
This commit is contained in:
Jan Alexander Steffens 2020-02-01 17:53:24 +00:00
parent 727d1e1d47
commit 5c532afbaa
2 changed files with 4 additions and 4 deletions

View file

@ -1,7 +1,7 @@
# Maintainer: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
pkgbase=linux
pkgver=5.5.arch1
pkgver=5.5.1.arch1
pkgrel=1
pkgdesc='Linux'
_srctag=v${pkgver%.*}-${pkgver##*.}
@ -25,7 +25,7 @@ validpgpkeys=(
'8218F88849AAC522E94CF470A5E9288C4FA415FA' # Jan Alexander Steffens (heftig)
)
sha256sums=('SKIP'
'e967ac8bd663509cc0ca6451a95a9965eb59832e316eec77484960dcedec8c1c')
'63141b88e5ffb583617d51364ebc1378fd3a73b8352e13450e982851d40fbaf2')
export KBUILD_BUILD_HOST=archlinux
export KBUILD_BUILD_USER=$pkgbase

4
config
View file

@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 5.5.0-arch1 Kernel Configuration
# Linux/x86 5.5.1-arch1 Kernel Configuration
#
#
@ -8693,7 +8693,7 @@ CONFIG_AMD_IOMMU_V2=y
CONFIG_DMAR_TABLE=y
CONFIG_INTEL_IOMMU=y
CONFIG_INTEL_IOMMU_SVM=y
# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
CONFIG_INTEL_IOMMU_DEFAULT_ON=y
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
CONFIG_IRQ_REMAP=y
CONFIG_HYPERV_IOMMU=y