kernel: enable CONFIG_CRYPTO_DH in aarch64 (#11409)

Add the dh kernel module (CONFIG_CRYPTO_DH) to the aarch64 kernel configuration. This is required for fips images, and is already present in the amd64 config, and has never been present in arm64.

SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec

@@ -7,7 +7,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-64k-signed-%{buildarch}
 Version:        6.6.57.1
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -105,6 +105,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Wed Jan 08 2025 Tobias Brick <[email protected]> - 6.6.57.1-8
+- Bump release to match kernel
+
 * Sun Dec 22 2024 Ankita Pareek <[email protected]> - 6.6.57.1-7
 - Bump release to match kernel
 

SPECS-SIGNED/kernel-signed/kernel-signed.spec

@@ -10,7 +10,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
 Version:        6.6.57.1
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Wed Jan 08 2025 Tobias Brick <[email protected]> - 6.6.57.1-8
+- Bump release to match kernel
+
 * Sun Dec 22 2024 Ankita Pareek <[email protected]> - 6.6.57.1-7
 - Bump release to match kernel
 

SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec

@@ -6,7 +6,7 @@
 Summary:        Signed Unified Kernel Image for %{buildarch} systems
 Name:           kernel-uki-signed-%{buildarch}
 Version:        6.6.57.1
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -68,6 +68,9 @@ popd
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Wed Jan 08 2025 Tobias Brick <[email protected]> - 6.6.57.1-8
+- Bump release to match kernel
+
 * Sun Dec 22 2024 Ankita Pareek <[email protected]> - 6.6.57.1-7
 - Bump release to match kernel
 

SPECS/kernel-64k/config_aarch64

@@ -10550,7 +10550,8 @@ CONFIG_CRYPTO_ENGINE=y
 # Public-key cryptography
 #
 CONFIG_CRYPTO_RSA=y
-# CONFIG_CRYPTO_DH is not set
+CONFIG_CRYPTO_DH=m
+# CONFIG_CRYPTO_DH_RFC7919_GROUPS is not set
 CONFIG_CRYPTO_ECC=m
 CONFIG_CRYPTO_ECDH=m
 # CONFIG_CRYPTO_ECDSA is not set

SPECS/kernel-64k/kernel-64k.signatures.json

@@ -1,7 +1,7 @@
 {
   "Signatures": {
     "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b",
-    "config_aarch64": "2e511edb6a5a6236c6f7307f070df422bd6032b1e572f8f44ef4134ecea7d5b7",
+    "config_aarch64": "3dccfc08577bfb554609e2fe6442e49a11164bc802694705c5f89e0a7d33eb37",
     "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985",
     "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98",
     "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",

SPECS/kernel-64k/kernel-64k.spec

@@ -25,7 +25,7 @@
 Summary:        Linux Kernel
 Name:           kernel-64k
 Version:        6.6.57.1
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -370,6 +370,10 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Wed Jan 08 2025 Tobias Brick <[email protected]> - 6.6.57.1-8
+- Enable dh kernel module (CONFIG_CRYPTO_DH) in aarch64
+- Bump release to match kernel
+
 * Sun Dec 22 2024 Ankita Pareek <[email protected]> - 6.6.57.1-7
 - Bump release to match kernel
 

SPECS/kernel-headers/kernel-headers.spec

@@ -14,7 +14,7 @@
 Summary:        Linux API header files
 Name:           kernel-headers
 Version:        6.6.57.1
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -75,6 +75,9 @@ done
 %endif
 
 %changelog
+* Wed Jan 08 2025 Tobias Brick <[email protected]> - 6.6.57.1-8
+- Bump release to match kernel
+
 * Sun Dec 22 2024 Ankita Pareek <[email protected]> - 6.6.57.1-7
 - Bump release to match kernel
 

SPECS/kernel/config_aarch64

@@ -10560,7 +10560,8 @@ CONFIG_CRYPTO_ENGINE=y
 # Public-key cryptography
 #
 CONFIG_CRYPTO_RSA=y
-# CONFIG_CRYPTO_DH is not set
+CONFIG_CRYPTO_DH=m
+# CONFIG_CRYPTO_DH_RFC7919_GROUPS is not set
 CONFIG_CRYPTO_ECC=m
 CONFIG_CRYPTO_ECDH=m
 # CONFIG_CRYPTO_ECDSA is not set

SPECS/kernel/kernel-uki.spec

@@ -13,7 +13,7 @@
 Summary:        Unified Kernel Image
 Name:           kernel-uki
 Version:        6.6.57.1
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -70,6 +70,9 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Wed Jan 08 2025 Tobias Brick <[email protected]> - 6.6.57.1-8
+- Bump release to match kernel
+
 * Sun Dec 22 2024 Ankita Pareek <[email protected]> - 6.6.57.1-7
 - Bump release to match kernel
 

SPECS/kernel/kernel.signatures.json

@@ -2,7 +2,7 @@
   "Signatures": {
     "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b",
     "config": "651f9cab61a3eb370f7e6451d2115cce2c5f137f5d7e5f28234b5d07bf841d0f",
-    "config_aarch64": "bfb4b4344045354a2ba518d11ae81fe5e3d45e9b11253ca2e199792543a9d624",
+    "config_aarch64": "4ac69b47706f3d3b5f884aaa2d749bfe86dbda71f600b08bcfdf5c885fec7d2a",
     "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985",
     "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98",
     "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",

SPECS/kernel/kernel.spec

@@ -30,7 +30,7 @@
 Summary:        Linux Kernel
 Name:           kernel
 Version:        6.6.57.1
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -424,6 +424,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Wed Jan 08 2025 Tobias Brick <[email protected]> - 6.6.57.1-8
+- Enable dh kernel module (CONFIG_CRYPTO_DH) in aarch64
+
 * Sun Dec 22 2024 Ankita Pareek <[email protected]> - 6.6.57.1-7
 - Enable CONFIG_INTEL_TDX_GUEST and CONFIG_TDX_GUEST_DRIVER
 

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -1,5 +1,5 @@
 filesystem-1.1-21.azl3.aarch64.rpm
-kernel-headers-6.6.57.1-7.azl3.noarch.rpm
+kernel-headers-6.6.57.1-8.azl3.noarch.rpm
 glibc-2.38-8.azl3.aarch64.rpm
 glibc-devel-2.38-8.azl3.aarch64.rpm
 glibc-i18n-2.38-8.azl3.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -1,5 +1,5 @@
 filesystem-1.1-21.azl3.x86_64.rpm
-kernel-headers-6.6.57.1-7.azl3.noarch.rpm
+kernel-headers-6.6.57.1-8.azl3.noarch.rpm
 glibc-2.38-8.azl3.x86_64.rpm
 glibc-devel-2.38-8.azl3.x86_64.rpm
 glibc-i18n-2.38-8.azl3.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -156,7 +156,7 @@ intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.aarch64.rpm
 kbd-debuginfo-2.2.0-2.azl3.aarch64.rpm
-kernel-headers-6.6.57.1-7.azl3.noarch.rpm
+kernel-headers-6.6.57.1-8.azl3.noarch.rpm
 kmod-30-1.azl3.aarch64.rpm
 kmod-debuginfo-30-1.azl3.aarch64.rpm
 kmod-devel-30-1.azl3.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -163,8 +163,8 @@ intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.x86_64.rpm
 kbd-debuginfo-2.2.0-2.azl3.x86_64.rpm
-kernel-cross-headers-6.6.57.1-7.azl3.noarch.rpm
-kernel-headers-6.6.57.1-7.azl3.noarch.rpm
+kernel-cross-headers-6.6.57.1-8.azl3.noarch.rpm
+kernel-headers-6.6.57.1-8.azl3.noarch.rpm
 kmod-30-1.azl3.x86_64.rpm
 kmod-debuginfo-30-1.azl3.x86_64.rpm
 kmod-devel-30-1.azl3.x86_64.rpm