This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux
Kernel and enforces module signing. This results in an additional security
layer where untrusted (unsigned) Kernel modules can no longer be loaded into
the live system.
NOTE: This commit will not work unless signing keys are present. Arbitrary
keys can be generated using instructions found in:
data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
Mellanox/NVIDIA NICs require Infiniband support for proper communication with
user space, which is used by tools like DPDK.
This commit enables Infiniband with user access support and adds it to
`mlx4`/`mlx5`.
TL;DR: systemd does not require the performance-sensitive bits of Linux control
groups enabled in the kernel. However, it does require some
non-performance-sensitive bits of the control group logic.
http://0pointer.de/blog/projects/cgroups-vs-cgroups.html
The only controllers required for VyOS to function are the memory and PID
controller required by the container feature. All other controlles can be
disabled.
With all the minor fixes applied to the Kernel, also options change - this
just syncs the previous config to the latest version with the new defaults
applied that slipped in during all those bugfixes.
This reverts commit 8aafa6834bdd3d8ea4518fd73189141e2de70c9e.
This increases Kernel build time to >6h ane enables features we do not
need, as this is not Desktop/Server but a router.
I added also additional expansion card with 2 Intel i211 NIC’s.
I want to utilize all 4 NIC’s, but I have an issue because only NIC on expansion cards are properly detected.
Jun 16 20:39:24 systemd[1]: Starting hostapd@wlan0.service - Access point and authentication server for Wi-Fi and Ethernet (wlan0)…
Jun 16 20:39:25 hostapd[7198]: rfkill: Cannot open RFKILL control device
Jun 16 20:39:25 hostapd[7198]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Jun 16 20:39:25 systemd[1]: Started hostapd@wlan0.service - Access point and authentication server for Wi-Fi and Ethernet (wlan0).
Seems RFKILL is missing, or could there be someting else?
The kernel 'vhost-net' options required for creating TAP devices
vpp# create tap
create tap: open '/dev/vhost-net': No such file or directory
vpp#
vpp# create tap id 1 host-if-name tap1
create tap: open '/dev/vhost-net': No such file or directory
vpp#
