Fixes wrong CPU vulnerability output:
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation:Vulnerable: Unprivileged eBPF enabled
It's enabled but CONFIG_BPF_UNPRIV_DEFAULT_OFF being unset causes the warning.
This warning happens on ARM32 and ARM64 devices.
Edited with:
find -name "*.config" -exec sed -i 's/# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set/CONFIG_BPF_UNPRIV_DEFAULT_OFF=y/g' '{}' ;
CONFIG_BPF_UNPRIV_DEFAULT_OFF is a Linux kernel build-time hardening option that disables unprivileged use of the bpf() syscall (and thus unprivileged eBPF loading) by default by setting kernel.unprivileged_bpf_disabled=2 at boot. With this default, only privileged processes (e.g., with CAP_SYS_ADMIN / CAP_BPF, depending on kernel) can load eBPF unless an administrator explicitly relaxes it. [1], [2]
Operational behavior you should know
kernel.unprivileged_bpf_disabled semantics (as documented in the kernel sysctl docs/patch):
0: unprivileged bpf() allowed
1: unprivileged bpf() blocked and cannot be re-enabled until reboot (no transition back to 0 while running)
2: unprivileged bpf() blocked but admin can later switch to 0 or 1 if needed
If CONFIG_BPF_UNPRIV_DEFAULT_OFF=y, the default becomes 2 instead of 0. [2]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
For "reasons" extlinux provides a more stable boot.
Remove aw859a-wifi.service:
The service modprobes sprdwl_ng later in the boot process. Which
is not required. Just enabling it in modules-load.d will suffice.
I believe the reasoning for this service was to prevent a crash
which occurs if sprdwl_ng loads before cpufreq_dt. To prevent
the crash we will set in the defconfig CONFIG_CPUFREQ_DT=y.
Signed-off-by: Patrick Yavitz <pyavitz@gmail.com>
- it's not a legacy. it's just an old LTS
- config
- from last 6.12 rewrite back when 6.12 was current: eaac082190
- plus enablements from 6.19 (mostly rtw wifi et al)
- since no boards enable it, it should have zero impact on CI etc
- but still allows to build it by specifying `BRANCH=oldlts`
* Jetson Nano: retire automatic images generation - they don't work
* Cubox-i: move it to the EOS as it doesn't boot anymore and since old.
* Odroid M2: promote the board to standard support
* Orangepi3 LTS: Promote back to the supported list
- tested on actual hardware
- small fixes for:
- LEDs (new names; was wrong also in v2025.10 and previous)
- remove duplicate enablement of CONFIG_CMD_USB_MASS_STORAGE
- comment about lower USB3 port not working due share with OTG/UMS
micro-usb port that is enabled
Enable AMD Display Controller support for AMD Radeon GPUs on UEFI systems.
Add custom_kernel_config__enable_amd_dc() to uefi_common.inc with the
following kernel options for all UEFI boards except cloud:
- DRM_AMD_DC: AMD Display Controller
- DRM_AMD_DC_DCN: Display Core Next support
- DRM_AMD_DC_DSC_SUPPORT: Display Stream Compression
Provides proper display engine support for AMD graphics cards on x86,
arm64, and loong64 UEFI platforms.
Signed-off-by: Igor Pecovnik <igor@armbian.com>
- Change BOOTCONFIG from rk3506b to rk3506j variant
- Update btrfs patch to target correct defconfig
- Add OPTEE image support for secure boot functionality
