From db2fd142507c9436d26963429ef777ff1ac470e2 Mon Sep 17 00:00:00 2001 From: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com> Date: Wed, 8 Jan 2025 14:50:23 -0800 Subject: [PATCH] kernel: enable CONFIG_CRYPTO_DH in aarch64 (#11409) Add the dh kernel module (CONFIG_CRYPTO_DH) to the aarch64 kernel configuration. This is required for fips images, and is already present in the amd64 config, and has never been present in arm64. --- SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec | 5 ++++- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 5 ++++- SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec | 5 ++++- SPECS/kernel-64k/config_aarch64 | 3 ++- SPECS/kernel-64k/kernel-64k.signatures.json | 2 +- SPECS/kernel-64k/kernel-64k.spec | 6 +++++- SPECS/kernel-headers/kernel-headers.spec | 5 ++++- SPECS/kernel/config_aarch64 | 3 ++- SPECS/kernel/kernel-uki.spec | 5 ++++- SPECS/kernel/kernel.signatures.json | 2 +- SPECS/kernel/kernel.spec | 5 ++++- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 2 +- toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 2 +- toolkit/resources/manifests/package/toolchain_aarch64.txt | 2 +- toolkit/resources/manifests/package/toolchain_x86_64.txt | 4 ++-- 15 files changed, 40 insertions(+), 16 deletions(-) diff --git a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec index 993e94dfb6f..c268b01c49c 100644 --- a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec +++ b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec @@ -7,7 +7,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-64k-signed-%{buildarch} Version: 6.6.57.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -105,6 +105,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %exclude /module_info.ld %changelog +* Wed Jan 08 2025 Tobias Brick - 6.6.57.1-8 +- Bump release to match kernel + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 51bf71bb822..d6fedb6e483 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -10,7 +10,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} Version: 6.6.57.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %exclude /module_info.ld %changelog +* Wed Jan 08 2025 Tobias Brick - 6.6.57.1-8 +- Bump release to match kernel + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec index bcf7c0c4cb1..7b3f9812e02 100644 --- a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec +++ b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec @@ -6,7 +6,7 @@ Summary: Signed Unified Kernel Image for %{buildarch} systems Name: kernel-uki-signed-%{buildarch} Version: 6.6.57.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -68,6 +68,9 @@ popd /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi %changelog +* Wed Jan 08 2025 Tobias Brick - 6.6.57.1-8 +- Bump release to match kernel + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS/kernel-64k/config_aarch64 b/SPECS/kernel-64k/config_aarch64 index f9ea766b12b..f247059a92a 100644 --- a/SPECS/kernel-64k/config_aarch64 +++ b/SPECS/kernel-64k/config_aarch64 @@ -10550,7 +10550,8 @@ CONFIG_CRYPTO_ENGINE=y # Public-key cryptography # CONFIG_CRYPTO_RSA=y -# CONFIG_CRYPTO_DH is not set +CONFIG_CRYPTO_DH=m +# CONFIG_CRYPTO_DH_RFC7919_GROUPS is not set CONFIG_CRYPTO_ECC=m CONFIG_CRYPTO_ECDH=m # CONFIG_CRYPTO_ECDSA is not set diff --git a/SPECS/kernel-64k/kernel-64k.signatures.json b/SPECS/kernel-64k/kernel-64k.signatures.json index a935b60e887..e21cf0dd337 100644 --- a/SPECS/kernel-64k/kernel-64k.signatures.json +++ b/SPECS/kernel-64k/kernel-64k.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", - "config_aarch64": "2e511edb6a5a6236c6f7307f070df422bd6032b1e572f8f44ef4134ecea7d5b7", + "config_aarch64": "3dccfc08577bfb554609e2fe6442e49a11164bc802694705c5f89e0a7d33eb37", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", diff --git a/SPECS/kernel-64k/kernel-64k.spec b/SPECS/kernel-64k/kernel-64k.spec index ff0277bfec8..305101a417b 100644 --- a/SPECS/kernel-64k/kernel-64k.spec +++ b/SPECS/kernel-64k/kernel-64k.spec @@ -25,7 +25,7 @@ Summary: Linux Kernel Name: kernel-64k Version: 6.6.57.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -370,6 +370,10 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Wed Jan 08 2025 Tobias Brick - 6.6.57.1-8 +- Enable dh kernel module (CONFIG_CRYPTO_DH) in aarch64 +- Bump release to match kernel + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index 96cebd1e25c..2da0b15486e 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -14,7 +14,7 @@ Summary: Linux API header files Name: kernel-headers Version: 6.6.57.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -75,6 +75,9 @@ done %endif %changelog +* Wed Jan 08 2025 Tobias Brick - 6.6.57.1-8 +- Bump release to match kernel + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index e0d99388788..93fca8df27d 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -10560,7 +10560,8 @@ CONFIG_CRYPTO_ENGINE=y # Public-key cryptography # CONFIG_CRYPTO_RSA=y -# CONFIG_CRYPTO_DH is not set +CONFIG_CRYPTO_DH=m +# CONFIG_CRYPTO_DH_RFC7919_GROUPS is not set CONFIG_CRYPTO_ECC=m CONFIG_CRYPTO_ECDH=m # CONFIG_CRYPTO_ECDSA is not set diff --git a/SPECS/kernel/kernel-uki.spec b/SPECS/kernel/kernel-uki.spec index 3c928626a97..acaa48645f7 100644 --- a/SPECS/kernel/kernel-uki.spec +++ b/SPECS/kernel/kernel-uki.spec @@ -13,7 +13,7 @@ Summary: Unified Kernel Image Name: kernel-uki Version: 6.6.57.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -70,6 +70,9 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi %changelog +* Wed Jan 08 2025 Tobias Brick - 6.6.57.1-8 +- Bump release to match kernel + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index eda9fcf8ddd..0e370626996 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -2,7 +2,7 @@ "Signatures": { "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", "config": "651f9cab61a3eb370f7e6451d2115cce2c5f137f5d7e5f28234b5d07bf841d0f", - "config_aarch64": "bfb4b4344045354a2ba518d11ae81fe5e3d45e9b11253ca2e199792543a9d624", + "config_aarch64": "4ac69b47706f3d3b5f884aaa2d749bfe86dbda71f600b08bcfdf5c885fec7d2a", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index 6533a6d2545..c276a1611cf 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -30,7 +30,7 @@ Summary: Linux Kernel Name: kernel Version: 6.6.57.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -424,6 +424,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Wed Jan 08 2025 Tobias Brick - 6.6.57.1-8 +- Enable dh kernel module (CONFIG_CRYPTO_DH) in aarch64 + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Enable CONFIG_INTEL_TDX_GUEST and CONFIG_TDX_GUEST_DRIVER diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 68985884f26..1852ea8d221 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-21.azl3.aarch64.rpm -kernel-headers-6.6.57.1-7.azl3.noarch.rpm +kernel-headers-6.6.57.1-8.azl3.noarch.rpm glibc-2.38-8.azl3.aarch64.rpm glibc-devel-2.38-8.azl3.aarch64.rpm glibc-i18n-2.38-8.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index d7bf3caeb7a..5b0489f766c 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-21.azl3.x86_64.rpm -kernel-headers-6.6.57.1-7.azl3.noarch.rpm +kernel-headers-6.6.57.1-8.azl3.noarch.rpm glibc-2.38-8.azl3.x86_64.rpm glibc-devel-2.38-8.azl3.x86_64.rpm glibc-i18n-2.38-8.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index c8a14aeaf25..f3f481bc74d 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -156,7 +156,7 @@ intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.aarch64.rpm kbd-debuginfo-2.2.0-2.azl3.aarch64.rpm -kernel-headers-6.6.57.1-7.azl3.noarch.rpm +kernel-headers-6.6.57.1-8.azl3.noarch.rpm kmod-30-1.azl3.aarch64.rpm kmod-debuginfo-30-1.azl3.aarch64.rpm kmod-devel-30-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 06043454bd9..cc6a5502db3 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -163,8 +163,8 @@ intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.x86_64.rpm kbd-debuginfo-2.2.0-2.azl3.x86_64.rpm -kernel-cross-headers-6.6.57.1-7.azl3.noarch.rpm -kernel-headers-6.6.57.1-7.azl3.noarch.rpm +kernel-cross-headers-6.6.57.1-8.azl3.noarch.rpm +kernel-headers-6.6.57.1-8.azl3.noarch.rpm kmod-30-1.azl3.x86_64.rpm kmod-debuginfo-30-1.azl3.x86_64.rpm kmod-devel-30-1.azl3.x86_64.rpm