When enabled this does:
This option enables the integrity subsystem, which is comprised of a number of
different components including the Integrity Measurement Architecture (IMA),
Extended Verification Module (EVM), IMA-appraisal extension, digital signature
verification extension and audit measurement log support.
We do not support secure-boot thus we do not need keyrings.
Enabling this would do:
Enable auditing infrastructure that can be used with another kernel subsystem,
such as SELinux (which requires this for logging of avc messages output). System
call auditing is include on architectures which support it.
We have no SELinux.
When enabled this addditional feature does:
Enables additional kernel features in a sake of checkpoint/restore. In
particular it adds auxiliary prctl codes to setup process text, data and heap
segment sizes, and a few additional /proc filesystem entries.
This reverts commit 78c43c2078e292ac9b53d2d6a41a47466d283914.
Unfortunately we must revert the Kernel upgrade as there are two problematic
issues. One which is the break of ABI functionality with parted [1] and second
the internal cryptop API [2] which removed required literals for the build of
Intel QAT acceleration.
In the two weeks running 5.8 we still learned a lot - we experienced a
performance improvement of ~30% when doing NAT @ > 10GBit/s and also utilizing
the build in updated drivers for Intel NICs and WireGuard.
We are looking forward to the release of this years LTS kernel and we hope to
ship this in the final 1.3 release.
1: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.8.y&id=692d062655
2: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.5.y&id=d63007eb95
... Kernel is appended a + to the version string when there are locally
modified files - which we have. This is prevented by the existence of the
.scmversion file.
This reverts commit 8b520c63ac705aa2c35579ebfbc053b5b6a1bccb.
CI tests also use parallel ATA interfaces in QAEmu - we probably should keep it
for "poor" virtualisation.
* 'kernel-5.8' of github.com:c-po/vyos-build:
Kernel: T2843: drop parallel ATA support
Kernel: T2843: enable Multipath TCP support
Kernel: T2843: enable APU2 LEDs and front button
Kernel: T2843: upgrade Kernel to v5.8.5
WireGuard: T2842: switch to binary package from buster-backports
