67 Commits (0eb193a14911f51049b4422fbdb089bdadadb0ed)
 

Author SHA1 Message Date
Adam Joseph 4a2a89d88a src/kernel: bump non-gru-kevin kernels for Linux wifi RCE
This bumps the kernel version on non-gru-kevin to 5.10.148, which
has fixes for the notorious Linux kernel wifi RCE exploits:
CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720.
2 years ago
Adam Joseph b70f108dce platform/kevin: bump kernel to version with wifi RCE fixes
This bumps the kernel version on gru-kevin to 5.10.148, which has
fixes for the notorious Linux kernel wifi RCE exploits:
CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720.

On all other platforms the ownerboot kernel is used only to kexec()
another long-lived kernel, and is therefore built without wifi
support and not vulnerable.

The gru-kevin laptop cannot use kexec() due to unfixable bugs in
mid-2010s versions of ARM's GICv3.

In some cases this bug can be worked around by having the
pre-kexec() kernel not fully initialize the GIC:

  https://lore.kernel.org/lkml/20180921195954.21574-1-marc.zyngier@arm.com/

Unfortunately this workaround leaves the gru-kevin's screen in a
glitchy state post-kexec() which makes the laptop mostly unusable.
2 years ago
Adam Joseph a6cd353a3e src/flashrom: allow nested regions 2 years ago
Adam Joseph 5ed3f4cf89 src/flashrom/0001...patch: reformat for git-am 2 years ago
Adam Joseph bd0335d03a doc/owner-controlled.md: format heading 2 years ago
Adam Joseph ef770e025e doc: remove unfinished footnote (mispush) 2 years ago
Adam Joseph c898388050 userspace: fix ordering typo 2 years ago
Adam Joseph e43f31656d userspace: overhaul 2 years ago
Adam Joseph 4711bd6676 userspace: remember to runHook 2 years ago
Adam Joseph 549cd6add0 initramfs: pass module list as a nix expression rather than a file 2 years ago
Adam Joseph 4c202a6d12 platform/kevin: factor out modules_{no}insmod as a let-block 2 years ago
Adam Joseph 4d5bfd8c48 eliminate CONFIG_LOCALVERSION; it adds complexity 2 years ago
Adam Joseph c15d149350 move userspace to top level to facilitate overriding 2 years ago
Adam Joseph ffdfb0fe19 initramfs: produce a single file in /nix/store rather than a directory 2 years ago
Adam Joseph 25f9d4e927 src/coreboot: fetch patches from upstream where possible 2 years ago
Adam Joseph a9c7c686e5 src/flashrom: add flashrom, including write-protect patch 2 years ago
Adam Joseph a07d0439f3 init 2 years ago