I accidentally checked in "ectool-patches-of-unclear-provenance.patch",
which was never used in any way by the build expressions.
This file contained my local patches to a very old version of
ectool, some of which came from Debian and some of which I wrote
myself. The `ectool.nix` expression uses a newer version of ectool,
which has upstreamed the relevant changes from Debian. So those
patches no longer need to be carried. The other patches delete
functionality which I don't need, but other people might, so those
patches won't be included in ownerboot.
Since a6cd35, ownerboot includes a patch to flashrom which allows
nested (but non-overlapping) fmap regions, so the flashrom.layout
file is no longer necessary.
ATF v1.6 on gru-kevin causes the laptop to reset itself instead of
waking up from suspend-to-ram. The cause of this problem is
something in the ~835 commits prior to the v1.6 release.
For now, let's simply use an older commit from upstream;
suspend-to-ram is pretty important for laptops.
TODO: git bisect and revert only the commits that cause this problem.
This bumps the kernel version on non-gru-kevin to 5.10.148, which
has fixes for the notorious Linux kernel wifi RCE exploits:
CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720.
This bumps the kernel version on gru-kevin to 5.10.148, which has
fixes for the notorious Linux kernel wifi RCE exploits:
CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720.
On all other platforms the ownerboot kernel is used only to kexec()
another long-lived kernel, and is therefore built without wifi
support and not vulnerable.
The gru-kevin laptop cannot use kexec() due to unfixable bugs in
mid-2010s versions of ARM's GICv3.
In some cases this bug can be worked around by having the
pre-kexec() kernel not fully initialize the GIC:
https://lore.kernel.org/lkml/20180921195954.21574-1-marc.zyngier@arm.com/
Unfortunately this workaround leaves the gru-kevin's screen in a
glitchy state post-kexec() which makes the laptop mostly unusable.