added seucurity patches and patch files
This commit is contained in:
parent
3e9b87139f
commit
98fd9fc5ac
GPG key ID:
0804DD39BB9BF5AC
5 changed files with 88 additions and 8 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
!patches/
|
||||
10
README.md
10
README.md
|
|
@ -1 +1,11 @@
|
|||
patches folder contains all the patches. files shipped are already prepatched
|
||||
|
||||
patch order:
|
||||
|
||||
1. waydroid.patch
|
||||
2. security.patch
|
||||
|
||||
sources:
|
||||
|
||||
waydroid.patch: https://wiki.archlinux.org/title/Waydroid
|
||||
security.patch: selected from https://www.kicksecure.com/wiki/Hardened-kernel
|
||||
17
config
17
config
|
|
@ -4662,8 +4662,8 @@ CONFIG_SSIF_IPMI_BMC=m
|
|||
CONFIG_IPMB_DEVICE_INTERFACE=m
|
||||
CONFIG_HW_RANDOM=y
|
||||
CONFIG_HW_RANDOM_TIMERIOMEM=m
|
||||
CONFIG_HW_RANDOM_INTEL=m
|
||||
CONFIG_HW_RANDOM_AMD=m
|
||||
CONFIG_HW_RANDOM_INTEL=y
|
||||
CONFIG_HW_RANDOM_AMD=y
|
||||
CONFIG_HW_RANDOM_BA431=m
|
||||
CONFIG_HW_RANDOM_VIA=m
|
||||
CONFIG_HW_RANDOM_VIRTIO=m
|
||||
|
|
@ -9386,7 +9386,7 @@ CONFIG_AMD_IOMMU=y
|
|||
CONFIG_DMAR_TABLE=y
|
||||
CONFIG_INTEL_IOMMU=y
|
||||
CONFIG_INTEL_IOMMU_SVM=y
|
||||
# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
|
||||
CONFIG_INTEL_IOMMU_DEFAULT_ON=y
|
||||
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
|
||||
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y
|
||||
CONFIG_INTEL_IOMMU_PERF_EVENTS=y
|
||||
|
|
@ -10935,7 +10935,7 @@ CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y
|
|||
# Hardening of kernel data structures
|
||||
#
|
||||
CONFIG_LIST_HARDENED=y
|
||||
# CONFIG_BUG_ON_DATA_CORRUPTION is not set
|
||||
CONFIG_BUG_ON_DATA_CORRUPTION=y
|
||||
# end of Hardening of kernel data structures
|
||||
|
||||
CONFIG_RANDSTRUCT_NONE=y
|
||||
|
|
@ -11525,7 +11525,7 @@ CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y
|
|||
# CONFIG_DEBUG_VM is not set
|
||||
# CONFIG_DEBUG_VM_PGTABLE is not set
|
||||
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
|
||||
# CONFIG_DEBUG_VIRTUAL is not set
|
||||
CONFIG_DEBUG_VIRTUA=y
|
||||
CONFIG_DEBUG_MEMORY_INIT=y
|
||||
# CONFIG_DEBUG_PER_CPU_MAPS is not set
|
||||
CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y
|
||||
|
|
@ -11613,10 +11613,11 @@ CONFIG_STACKTRACE=y
|
|||
#
|
||||
# Debug kernel data structures
|
||||
#
|
||||
# CONFIG_DEBUG_LIST is not set
|
||||
CONFIG_DEBUG_LIST=y
|
||||
# CONFIG_DEBUG_PLIST is not set
|
||||
# CONFIG_DEBUG_SG is not set
|
||||
# CONFIG_DEBUG_NOTIFIERS is not set
|
||||
CONFIG_DEBUG_SG=y
|
||||
CONFIG_DEBUG_NOTIFIERS=y
|
||||
CONFIG_DEBUG_CREDENTIALS=y
|
||||
# CONFIG_DEBUG_CLOSURES is not set
|
||||
# CONFIG_DEBUG_MAPLE_TREE is not set
|
||||
# end of Debug kernel data structures
|
||||
|
|
|
|||
55
patches/security.patch
Normal file
55
patches/security.patch
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
--- a/config 2024-07-11 19:47:36.660974102 +0800
|
||||
+++ b/config 2024-07-12 20:17:48.323530281 +0800
|
||||
@@ -4662,8 +4662,8 @@
|
||||
CONFIG_IPMB_DEVICE_INTERFACE=m
|
||||
CONFIG_HW_RANDOM=y
|
||||
CONFIG_HW_RANDOM_TIMERIOMEM=m
|
||||
-CONFIG_HW_RANDOM_INTEL=m
|
||||
-CONFIG_HW_RANDOM_AMD=m
|
||||
+CONFIG_HW_RANDOM_INTEL=y
|
||||
+CONFIG_HW_RANDOM_AMD=y
|
||||
CONFIG_HW_RANDOM_BA431=m
|
||||
CONFIG_HW_RANDOM_VIA=m
|
||||
CONFIG_HW_RANDOM_VIRTIO=m
|
||||
@@ -9386,7 +9386,7 @@
|
||||
CONFIG_DMAR_TABLE=y
|
||||
CONFIG_INTEL_IOMMU=y
|
||||
CONFIG_INTEL_IOMMU_SVM=y
|
||||
-# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
|
||||
+CONFIG_INTEL_IOMMU_DEFAULT_ON=y
|
||||
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
|
||||
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y
|
||||
CONFIG_INTEL_IOMMU_PERF_EVENTS=y
|
||||
@@ -10935,7 +10935,7 @@
|
||||
# Hardening of kernel data structures
|
||||
#
|
||||
CONFIG_LIST_HARDENED=y
|
||||
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
|
||||
+CONFIG_BUG_ON_DATA_CORRUPTION=y
|
||||
# end of Hardening of kernel data structures
|
||||
|
||||
CONFIG_RANDSTRUCT_NONE=y
|
||||
@@ -11525,7 +11525,7 @@
|
||||
# CONFIG_DEBUG_VM is not set
|
||||
# CONFIG_DEBUG_VM_PGTABLE is not set
|
||||
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
|
||||
-# CONFIG_DEBUG_VIRTUAL is not set
|
||||
+CONFIG_DEBUG_VIRTUA=y
|
||||
CONFIG_DEBUG_MEMORY_INIT=y
|
||||
# CONFIG_DEBUG_PER_CPU_MAPS is not set
|
||||
CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y
|
||||
@@ -11613,10 +11613,11 @@
|
||||
#
|
||||
# Debug kernel data structures
|
||||
#
|
||||
-# CONFIG_DEBUG_LIST is not set
|
||||
+CONFIG_DEBUG_LIST=y
|
||||
# CONFIG_DEBUG_PLIST is not set
|
||||
-# CONFIG_DEBUG_SG is not set
|
||||
-# CONFIG_DEBUG_NOTIFIERS is not set
|
||||
+CONFIG_DEBUG_SG=y
|
||||
+CONFIG_DEBUG_NOTIFIERS=y
|
||||
+CONFIG_DEBUG_CREDENTIALS=y
|
||||
# CONFIG_DEBUG_CLOSURES is not set
|
||||
# CONFIG_DEBUG_MAPLE_TREE is not set
|
||||
# end of Debug kernel data structures
|
||||
13
patches/waydroid.patch
Normal file
13
patches/waydroid.patch
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
--- a/config 2024-07-11 15:01:26.249996763 +0800
|
||||
+++ b/config 2024-07-11 15:09:27.942552038 +0800
|
||||
@@ -10310,6 +10310,10 @@
|
||||
#
|
||||
# Android
|
||||
#
|
||||
+CONFIG_ANDROID=y
|
||||
+CONFIG_ANDROID_BINDER_IPC=m
|
||||
+CONFIG_ANDROID_BINDERFS=n
|
||||
+CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder"
|
||||
# CONFIG_ANDROID_BINDER_IPC is not set
|
||||
# end of Android
|
||||
|
||||
Loading…
Reference in a new issue