Upgraded kernel config / created config for 5.15 / updated steps

2025-04-01 19:55:40 -04:00 · 2022-10-27 16:01:46 +00:00 · 2022-10-27 16:01:46 +00:00 · 7f37c1ba58
commit 7f37c1ba58
parent 78a45c02a1
3 changed files with 7694 additions and 40 deletions
--- a/5.10-hardened.config
+++ b/5.10-hardened.config
@ -1,16 +1,16 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.10.115-hardened1 Kernel Configuration
+# Linux/x86 5.10.145-hardened1 Kernel Configuration
 #
-CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.1 20220127 (Red Hat 11.2.1-9)"
+CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.2.1 20201203"
 CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=110201
-CONFIG_LD_VERSION=237000000
+CONFIG_GCC_VERSION=100201
+CONFIG_LD_VERSION=235010000
 CONFIG_CLANG_VERSION=0
 CONFIG_LLD_VERSION=0
 CONFIG_CC_CAN_LINK=y
+CONFIG_CC_CAN_LINK_STATIC=y
 CONFIG_CC_HAS_ASM_GOTO=y
-CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
 CONFIG_CC_HAS_ASM_INLINE=y
 CONFIG_IRQ_WORK=y
 CONFIG_BUILDTIME_TABLE_SORT=y
@ -313,7 +313,6 @@ CONFIG_X86_FEATURE_NAMES=y
 CONFIG_X86_X2APIC=y
 CONFIG_X86_MPPARSE=y
 # CONFIG_GOLDFISH is not set
-CONFIG_RETPOLINE=y
 CONFIG_X86_CPU_RESCTRL=y
 # CONFIG_X86_EXTENDED_PLATFORM is not set
 CONFIG_X86_INTEL_LPSS=y
@ -457,6 +456,8 @@ CONFIG_LEGACY_VSYSCALL_NONE=y
 CONFIG_HAVE_LIVEPATCH=y
 # end of Processor type and features

+CONFIG_CC_HAS_RETURN_THUNK=y
+# CONFIG_SPECULATION_MITIGATIONS is not set
 CONFIG_ARCH_HAS_ADD_PAGES=y
 CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
 CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
@ -3033,10 +3034,9 @@ CONFIG_TCG_TIS_ST33ZP24_SPI=m
 CONFIG_TELCLOCK=m
 CONFIG_XILLYBUS=m
 CONFIG_XILLYBUS_PCIE=m
-# end of Character devices
-
 # CONFIG_RANDOM_TRUST_CPU is not set
 # CONFIG_RANDOM_TRUST_BOOTLOADER is not set
+# end of Character devices

 #
 # I2C support
@ -6766,7 +6766,6 @@ CONFIG_SECURITY_TIOCSTI_RESTRICT=y
 CONFIG_SECURITY=y
 CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
-CONFIG_PAGE_TABLE_ISOLATION=y
 # CONFIG_SECURITY_NETWORK_XFRM is not set
 CONFIG_SECURITY_PATH=y
 CONFIG_INTEL_TXT=y
@ -7024,28 +7023,6 @@ CONFIG_CRYPTO_USER_API_AEAD=m
 CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y
 # CONFIG_CRYPTO_STATS is not set
 CONFIG_CRYPTO_HASH_INFO=y
-
-#
-# Crypto library routines
-#
-CONFIG_CRYPTO_LIB_AES=y
-CONFIG_CRYPTO_LIB_ARC4=m
-CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y
-CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y
-CONFIG_CRYPTO_LIB_BLAKE2S=y
-CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y
-CONFIG_CRYPTO_LIB_CHACHA_GENERIC=y
-CONFIG_CRYPTO_LIB_CHACHA=y
-CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=y
-CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=y
-CONFIG_CRYPTO_LIB_CURVE25519=y
-CONFIG_CRYPTO_LIB_DES=m
-CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11
-CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y
-CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y
-CONFIG_CRYPTO_LIB_POLY1305=y
-CONFIG_CRYPTO_LIB_CHACHA20POLY1305=y
-CONFIG_CRYPTO_LIB_SHA256=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_DEV_PADLOCK=m
 CONFIG_CRYPTO_DEV_PADLOCK_AES=m
@ -7111,6 +7088,30 @@ CONFIG_GENERIC_IOMAP=y
 CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
 CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
 CONFIG_ARCH_USE_SYM_ANNOTATIONS=y
+
+#
+# Crypto library routines
+#
+CONFIG_CRYPTO_LIB_AES=y
+CONFIG_CRYPTO_LIB_ARC4=m
+CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y
+CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y
+CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y
+CONFIG_CRYPTO_LIB_CHACHA_GENERIC=y
+CONFIG_CRYPTO_LIB_CHACHA=y
+CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=y
+CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=y
+CONFIG_CRYPTO_LIB_CURVE25519=y
+CONFIG_CRYPTO_LIB_DES=m
+CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11
+CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y
+CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y
+CONFIG_CRYPTO_LIB_POLY1305=y
+CONFIG_CRYPTO_LIB_CHACHA20POLY1305=y
+CONFIG_CRYPTO_LIB_SHA256=y
+# end of Crypto library routines
+
+CONFIG_LIB_MEMNEQ=y
 CONFIG_CRC_CCITT=m
 CONFIG_CRC16=m
 CONFIG_CRC_T10DIF=y
@ -7268,8 +7269,6 @@ CONFIG_HAVE_ARCH_KGDB=y
 CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
 # CONFIG_UBSAN is not set
 CONFIG_HAVE_ARCH_KCSAN=y
-CONFIG_HAVE_KCSAN_COMPILER=y
-# CONFIG_KCSAN is not set
 # end of Generic Kernel Debugging Instruments

 CONFIG_DEBUG_KERNEL=y
--- a/5.15-hardened.config
+++ b/5.15-hardened.config
--- a/README.md
+++ b/README.md
@ -1,16 +1,17 @@
 ### Install dependencies
- `xbps-install -Sy make gcc xz elfutils elfutils-devel flex ncurses-devel openssl openssl-devel argp-standalone gcc-ada mpc libmpc-devel gmp-devel`
+- `xbps-install -Sy make gcc xz elfutils elfutils-devel flex ncurses-devel openssl openssl-devel argp-standalone gcc-ada mpc libmpc-devel gmp-devel perl`

 ### Steps to create
 - `cd /usr/src/`
- `/usr/bin/curl --verbose --tlsv1.3 --proto =https -L -O --url "https://github.com/anthraxx/linux-hardened/archive/refs/tags/5.10.<latest_version>-hardened1.tar.gz"`
- `tar -xvf 5.10.<latest_version>-hardened1.tar.gz`
- `cd 5.10.<latest_version>-hardened1`
+- `wget https://git.arrr.cloud/whichdoc/plague-kernel/-/raw/main/5.10-hardened.config -o linux-hardened-"$KVER"/.config`
+- `/usr/bin/curl --verbose --tlsv1.3 --proto =https -L -O --url "https://github.com/anthraxx/linux-hardened/archive/refs/tags/5.10."$KVER"-hardened1.tar.gz"`
+- `tar -xvf 5.10."$KVER"-hardened1.tar.gz`
+- `cd 5.10."$KVER"-hardened1`
 - `make oldconfig`
 - `make menuconfig` # (if any changes are required)
- `make --jobs=4` # start compiling
+- `make --jobs=4` # start compiling with your number of allocated threads
 - `make modules_install` # create /lib/modules/$kver
- `cp ./arch/x86_64/boot/bzImage /boot/vmlinuz-5.10.<latest_version>-hardened1_1 && dracut --kver 5.10.<latest_version>-hardened1_1 --force`
+- `cp ./arch/x86_64/boot/bzImage /boot/vmlinuz-5.10."$KVER"-hardened1_1 && dracut --kver 5.10."$KVER"-hardened1_1 --force`
 - `grub-mkconfig -o /boot/grub/grub.cfg`
 - `xbps-reconfigure -fa`

@ -18,7 +19,7 @@
 - Built into PlagueOS installer

 ### Troubleshooting:
- `lsinitrd -v /boot/initramfs-5.10.<latest_version>-hardened1_1.img`
+- `lsinitrd -v /boot/initramfs-5.10."$KVER"-hardened1_1.img`

 #### Additional Resources:
 - https://www.kernel.org/doc/html/v5.10/