Commit Graph

9 Commits

Author SHA1 Message Date
Hauke Mehrtens
46af22de16 kernel: Remove CONFIG_COMPAT
This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.

This reduces the attack surface on such systems and should also save
some memory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-11 17:15:41 +02:00
Hauke Mehrtens
32eb66881c kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.

This should prevent the kernel from reading code from user space in
kernel context.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-11 17:15:41 +02:00
Tomasz Maciej Nowak
2e5a0b81ec mvebu: sysupgrade: sdcard: keep user added partitons
Currently sysupgrade overwrites whole disk and destroys partitions added
by user. Sync the sysupgrade code with the one present in x86 target to
remedy this behaviour.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 16:31:10 +02:00
Tomasz Maciej Nowak
727c3df5bb mvebu: shrink amount of packages and reorganize them
Since most of devices using SD card image to boot, use ext4 as boot
files system we can drop fat fs related packages. Also move packages
which are added repeatedly across subtargets to their default packages,
with droping the ones that are enabled in target kernel configugation.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 16:31:10 +02:00
Hauke Mehrtens
3d945f5706 mvebu: Refresh kernel configuration
This refreshes the current kernel configuration to remove unneeded
options, add some automatically added ones and reorders them. The normal
build did this automatically, so the builds already used this
configuration.

CONFIG_HW_RANDOM_OMAP is explicitly activated for the cortexa72
subtarget because it has an inside-secure,safexcel-eip76 IP core.

This was done with this command on the cortexa9 subtarget:
	make kernel_oldconfig
and this one on the other subtargets:
	make kernel_oldconfig CONFIG_TARGET=subtarget

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-26 15:11:39 +01:00
Tomasz Maciej Nowak
9f6c4ba25c mvebu: move HARDEN_BRANCH_PREDICTOR to common config
This symbol is enabled in all subtargets, move it to common kernel
config.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Acked-by: Rosen Penev <rosenp@gmail.com>
2019-01-27 00:16:14 +01:00
Stijn Tintel
77e3e706ce kernel: add missing ARM64_SSBD symbol
In 4.14.57, a new symbol for Spectre v4 mitigation was introduced for
ARM64. Add this symbol to all ARM64 targets using kernel 4.14.

This mitigates CVE-2018-3639 on ARM64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-07-31 12:22:11 +03:00
Mathias Kresin
3877550114 arm64: enable harden branch predictor
Enable the harden branch predictor for arm64 as it is recommend.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-27 21:34:18 +02:00
Tomasz Maciej Nowak
584d7c53bd mvebu: new subtarget cortex A53
This commit introduces new subtarget for Marvell EBU Armada Cortex A53
processor based devices.

The first device is Globalscale ESPRESSObin. Some hardware specs:

SoC: Marvell Armada 3700LP (88F3720) dual core ARM Cortex A53
     processor up to 1.2GHz
RAM: 512MB, 1GB or 2GB DDR3
Storage: SATA interface
         µSD card slot with footprint for an optional 4GB EMMC
         4MB SPI NOR flash for bootloader
Ethernet: Topaz Networking Switch (88E6341) with 3x GbE ports
Connectors: USB 3.0
            USB 2.0
            µUSB port connected to PL2303SA (USB to serial bridge
            controller) for UART access
Expansion: 2x 46-pin GPIO headers for accessories and shields with
           I2C, GPIOs, PWM, UART, SPI, MMC, etc
           MiniPCIe slot
Misc: Reset button, JTAG interface

Currently booting only from µSD card is supported.
The boards depending on date of dispatch can come with various U-Boot
versions. For the newest version 2017.03-armada-17.10 no manual
intervention should be needed to boot OpenWrt image. For the older ones
it's necessary to modify default U-Boot environment:

 1. Interrupt boot process to run U-Boot command line,

 2. Run following commands:
    (for version 2017.03-armada-17.06 and 2017.03-armada-17.08)
     setenv bootcmd "load mmc 0:1 0x4d00000 boot.scr; source 0x4d00000"
     saveenv

    (for version 2015.01-armada-17.02 and 2015.01-armada-17.04)
     setenv bootargs "console=ttyMV0,115200 root=/dev/mmcblk0p2 rw rootwait"
     setenv bootcmd "ext4load mmc 0:1 ${fdt_addr} armada-3720-espressobin.dtb; ext4load mmc 0:1 ${kernel_addr} Image; booti ${kernel_addr} - ${fdt_addr}"
     saveenv

 3. Poweroff, insert SD card with OpenWrt image, boot and enjoy.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-03-10 01:15:22 +01:00