This commit enables generation of `u-boot-rockchip-spi-sata.bin`.
Flashing this to SPI flash enables U-Boot to communicate with an
attached SATA m.2 SSD, thereby allowing booting directly from SPI flash
to SATA SSD.
CONFIG_ROCKCHIP_MINI_KERNEL implicitly sets
CONFIG_DTC_OMIT_DISABLED=y
CONFIG_DTC_OMIT_EMPTY=y
this causes bundled devicetree overlays which set nodes to "disabled" to become noop.
Disable these DTC_OMIT options to restore overlay disable functionality.
Kwiboo's `rk3506` branch is WIP / rebased often. Pin to commit hash while upstreaming work is underway.
Also revert (broken) changes that attempted to keep up with this branch.
Add opt-in extension that includes gcc/clang major.minor version in the
kernel artifact version string for cache invalidation when the toolchain
changes. Enable with ENABLE_EXTENSIONS="kernel-version-toolchain".
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace single-line version suffix assembly with an extensible two-array
approach: artifact_version_parts (associative, key=value) and
artifact_version_part_order (indexed, "NNNN-KEY" for sortable insertion).
Extensions can add, modify, or remove parts via the
artifact_kernel_version_parts hook. Keys starting with "_" are
internal-only and not prefixed in the output.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reduce kernel_config_modifying_hashes to last assignment per key before
hashing, so that overridden config options do not cause unnecessary
cache invalidation. Uses tac|sort to implement last-value-wins
deduplication.
Co-Authored-By: tabrisnet <tabrisnet@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes wrong CPU vulnerability output:
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation:Vulnerable: Unprivileged eBPF enabled
It's enabled but CONFIG_BPF_UNPRIV_DEFAULT_OFF being unset causes the warning.
This warning happens on ARM32 and ARM64 devices.
Edited with:
find -name "*.config" -exec sed -i 's/# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set/CONFIG_BPF_UNPRIV_DEFAULT_OFF=y/g' '{}' ;
CONFIG_BPF_UNPRIV_DEFAULT_OFF is a Linux kernel build-time hardening option that disables unprivileged use of the bpf() syscall (and thus unprivileged eBPF loading) by default by setting kernel.unprivileged_bpf_disabled=2 at boot. With this default, only privileged processes (e.g., with CAP_SYS_ADMIN / CAP_BPF, depending on kernel) can load eBPF unless an administrator explicitly relaxes it. [1], [2]
Operational behavior you should know
kernel.unprivileged_bpf_disabled semantics (as documented in the kernel sysctl docs/patch):
0: unprivileged bpf() allowed
1: unprivileged bpf() blocked and cannot be re-enabled until reboot (no transition back to 0 while running)
2: unprivileged bpf() blocked but admin can later switch to 0 or 1 if needed
If CONFIG_BPF_UNPRIV_DEFAULT_OFF=y, the default becomes 2 instead of 0. [2]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
For "reasons" extlinux provides a more stable boot.
Remove aw859a-wifi.service:
The service modprobes sprdwl_ng later in the boot process. Which
is not required. Just enabling it in modules-load.d will suffice.
I believe the reasoning for this service was to prevent a crash
which occurs if sprdwl_ng loads before cpufreq_dt. To prevent
the crash we will set in the defconfig CONFIG_CPUFREQ_DT=y.
Signed-off-by: Patrick Yavitz <pyavitz@gmail.com>
