CrimsonHawk/custom-kernel
1
0
Fork 0
Code Issues Pull requests Projects Releases 16 Packages Wiki Activity Actions

added seucurity patches and patch files

Browse source
This commit is contained in:
Crimson Hawk 2024-07-12 20:39:19 +08:00
parent 3e9b87139f
commit 98fd9fc5ac
Signed by: CrimsonHawk
GPG key ID: 0804DD39BB9BF5AC
5 changed files with 88 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
!patches/

10
README.md
View file

@ -1 +1,11 @@
patches folder contains all the patches. files shipped are already prepatched patches folder contains all the patches. files shipped are already prepatched
patch order:
1. waydroid.patch
2. security.patch
sources:
waydroid.patch: https://wiki.archlinux.org/title/Waydroid
security.patch: selected from https://www.kicksecure.com/wiki/Hardened-kernel

17
config
View file

@ -4662,8 +4662,8 @@ CONFIG_SSIF_IPMI_BMC=m
CONFIG_IPMB_DEVICE_INTERFACE=m CONFIG_IPMB_DEVICE_INTERFACE=m
CONFIG_HW_RANDOM=y CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_TIMERIOMEM=m CONFIG_HW_RANDOM_TIMERIOMEM=m
CONFIG_HW_RANDOM_INTEL=m CONFIG_HW_RANDOM_INTEL=y
CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_AMD=y
CONFIG_HW_RANDOM_BA431=m CONFIG_HW_RANDOM_BA431=m
CONFIG_HW_RANDOM_VIA=m CONFIG_HW_RANDOM_VIA=m
CONFIG_HW_RANDOM_VIRTIO=m CONFIG_HW_RANDOM_VIRTIO=m
@ -9386,7 +9386,7 @@ CONFIG_AMD_IOMMU=y
CONFIG_DMAR_TABLE=y CONFIG_DMAR_TABLE=y
CONFIG_INTEL_IOMMU=y CONFIG_INTEL_IOMMU=y
CONFIG_INTEL_IOMMU_SVM=y CONFIG_INTEL_IOMMU_SVM=y
# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set CONFIG_INTEL_IOMMU_DEFAULT_ON=y
CONFIG_INTEL_IOMMU_FLOPPY_WA=y CONFIG_INTEL_IOMMU_FLOPPY_WA=y
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y
CONFIG_INTEL_IOMMU_PERF_EVENTS=y CONFIG_INTEL_IOMMU_PERF_EVENTS=y
@ -10935,7 +10935,7 @@ CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y
# Hardening of kernel data structures # Hardening of kernel data structures
# #
CONFIG_LIST_HARDENED=y CONFIG_LIST_HARDENED=y
# CONFIG_BUG_ON_DATA_CORRUPTION is not set CONFIG_BUG_ON_DATA_CORRUPTION=y
# end of Hardening of kernel data structures # end of Hardening of kernel data structures
CONFIG_RANDSTRUCT_NONE=y CONFIG_RANDSTRUCT_NONE=y
@ -11525,7 +11525,7 @@ CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y
# CONFIG_DEBUG_VM is not set # CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_PGTABLE is not set # CONFIG_DEBUG_VM_PGTABLE is not set
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
# CONFIG_DEBUG_VIRTUAL is not set CONFIG_DEBUG_VIRTUA=y
CONFIG_DEBUG_MEMORY_INIT=y CONFIG_DEBUG_MEMORY_INIT=y
# CONFIG_DEBUG_PER_CPU_MAPS is not set # CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y
@ -11613,10 +11613,11 @@ CONFIG_STACKTRACE=y
# #
# Debug kernel data structures # Debug kernel data structures
# #
# CONFIG_DEBUG_LIST is not set CONFIG_DEBUG_LIST=y
# CONFIG_DEBUG_PLIST is not set # CONFIG_DEBUG_PLIST is not set
# CONFIG_DEBUG_SG is not set CONFIG_DEBUG_SG=y
# CONFIG_DEBUG_NOTIFIERS is not set CONFIG_DEBUG_NOTIFIERS=y
CONFIG_DEBUG_CREDENTIALS=y
# CONFIG_DEBUG_CLOSURES is not set # CONFIG_DEBUG_CLOSURES is not set
# CONFIG_DEBUG_MAPLE_TREE is not set # CONFIG_DEBUG_MAPLE_TREE is not set
# end of Debug kernel data structures # end of Debug kernel data structures

55
patches/security.patch Normal file
View file

@ -0,0 +1,55 @@
--- a/config 2024-07-11 19:47:36.660974102 +0800
+++ b/config 2024-07-12 20:17:48.323530281 +0800
@@ -4662,8 +4662,8 @@
CONFIG_IPMB_DEVICE_INTERFACE=m
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_TIMERIOMEM=m
-CONFIG_HW_RANDOM_INTEL=m
-CONFIG_HW_RANDOM_AMD=m
+CONFIG_HW_RANDOM_INTEL=y
+CONFIG_HW_RANDOM_AMD=y
CONFIG_HW_RANDOM_BA431=m
CONFIG_HW_RANDOM_VIA=m
CONFIG_HW_RANDOM_VIRTIO=m
@@ -9386,7 +9386,7 @@
CONFIG_DMAR_TABLE=y
CONFIG_INTEL_IOMMU=y
CONFIG_INTEL_IOMMU_SVM=y
-# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
+CONFIG_INTEL_IOMMU_DEFAULT_ON=y
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y
CONFIG_INTEL_IOMMU_PERF_EVENTS=y
@@ -10935,7 +10935,7 @@
# Hardening of kernel data structures
#
CONFIG_LIST_HARDENED=y
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+CONFIG_BUG_ON_DATA_CORRUPTION=y
# end of Hardening of kernel data structures
CONFIG_RANDSTRUCT_NONE=y
@@ -11525,7 +11525,7 @@
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VM_PGTABLE is not set
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
-# CONFIG_DEBUG_VIRTUAL is not set
+CONFIG_DEBUG_VIRTUA=y
CONFIG_DEBUG_MEMORY_INIT=y
# CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y
@@ -11613,10 +11613,11 @@
#
# Debug kernel data structures
#
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
# CONFIG_DEBUG_PLIST is not set
-# CONFIG_DEBUG_SG is not set
-# CONFIG_DEBUG_NOTIFIERS is not set
+CONFIG_DEBUG_SG=y
+CONFIG_DEBUG_NOTIFIERS=y
+CONFIG_DEBUG_CREDENTIALS=y
# CONFIG_DEBUG_CLOSURES is not set
# CONFIG_DEBUG_MAPLE_TREE is not set
# end of Debug kernel data structures

13
patches/waydroid.patch Normal file
View file

@ -0,0 +1,13 @@
--- a/config 2024-07-11 15:01:26.249996763 +0800
+++ b/config 2024-07-11 15:09:27.942552038 +0800
@@ -10310,6 +10310,10 @@
#
# Android
#
+CONFIG_ANDROID=y
+CONFIG_ANDROID_BINDER_IPC=m
+CONFIG_ANDROID_BINDERFS=n
+CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder"
# CONFIG_ANDROID_BINDER_IPC is not set
# end of Android