From 87412a97e77810c86d511a53e83a18e2218f67db Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Thu, 21 Aug 2025 14:51:08 +0100 Subject: [PATCH] Revert "versions: update kernel-confidential to Linux v6.16.1" This reverts commit 412a384aadcb25a45ed89fb93f843de253986ace. --- .../common/confidential_containers/cryptsetup.conf | 1 + .../packaging/kernel/configs/fragments/common/hotplug.conf | 3 --- .../kernel/configs/fragments/s390/confidential/fips.conf | 7 ------- tools/packaging/kernel/configs/fragments/whitelist.conf | 3 --- .../kernel/configs/fragments/x86_64/confidential/fips.conf | 7 ------- .../packaging/kernel/configs/fragments/x86_64/crypto.conf | 1 + .../packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf | 1 + tools/packaging/kernel/kata_config_version | 2 +- tools/packaging/kernel/patches/6.16.x/no_patches.txt | 0 versions.yaml | 2 +- 10 files changed, 5 insertions(+), 22 deletions(-) delete mode 100644 tools/packaging/kernel/configs/fragments/s390/confidential/fips.conf delete mode 100644 tools/packaging/kernel/configs/fragments/x86_64/confidential/fips.conf delete mode 100644 tools/packaging/kernel/patches/6.16.x/no_patches.txt diff --git a/tools/packaging/kernel/configs/fragments/common/confidential_containers/cryptsetup.conf b/tools/packaging/kernel/configs/fragments/common/confidential_containers/cryptsetup.conf index dae3142f1b..a3e04e9b17 100644 --- a/tools/packaging/kernel/configs/fragments/common/confidential_containers/cryptsetup.conf +++ b/tools/packaging/kernel/configs/fragments/common/confidential_containers/cryptsetup.conf @@ -12,6 +12,7 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y CONFIG_CRYPTO_CRYPTD=y CONFIG_CRYPTO_AUTHENC=y CONFIG_CRYPTO_CBC=y diff --git a/tools/packaging/kernel/configs/fragments/common/hotplug.conf b/tools/packaging/kernel/configs/fragments/common/hotplug.conf index c179970316..af84a24d72 100644 --- a/tools/packaging/kernel/configs/fragments/common/hotplug.conf +++ b/tools/packaging/kernel/configs/fragments/common/hotplug.conf @@ -9,6 +9,3 @@ CONFIG_PCIEPORTBUS=y # Define hotplugs to be online immediately. Speeds things up, and makes things # work smoother on some arch's. CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y - -# Linux v6.14+ dropped MEMORY_HOTPLUG_DEFAULT_ONLINE. The equivalent is: -CONFIG_MHP_DEFAULT_ONLINE_TYPE_ONLINE_AUTO=y diff --git a/tools/packaging/kernel/configs/fragments/s390/confidential/fips.conf b/tools/packaging/kernel/configs/fragments/s390/confidential/fips.conf deleted file mode 100644 index d3985544c1..0000000000 --- a/tools/packaging/kernel/configs/fragments/s390/confidential/fips.conf +++ /dev/null @@ -1,7 +0,0 @@ -# To keep CRYPTO_FIPS enabled, the following dependencies -# are needed. This is done for confidential guest build -# target only since it's needed by v6.16+ kernels. Move -# to a common fragment once non-confidential guest kernels -# follow. -CONFIG_CRYPTO_SELFTESTS=y -CONFIG_EXPERT=y diff --git a/tools/packaging/kernel/configs/fragments/whitelist.conf b/tools/packaging/kernel/configs/fragments/whitelist.conf index c18a89c01a..2ddf89e98c 100644 --- a/tools/packaging/kernel/configs/fragments/whitelist.conf +++ b/tools/packaging/kernel/configs/fragments/whitelist.conf @@ -39,6 +39,3 @@ CONFIG_MITIGATION_PAGE_TABLE_ISOLATION CONFIG_VFIO_AP CONFIG_VFIO_MDEV CONFIG_BLK_DEV_WRITE_MOUNTED -CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE -CONFIG_MHP_DEFAULT_ONLINE_TYPE_ONLINE_AUTO -CONFIG_CRYPTO_CRC32_S390 diff --git a/tools/packaging/kernel/configs/fragments/x86_64/confidential/fips.conf b/tools/packaging/kernel/configs/fragments/x86_64/confidential/fips.conf deleted file mode 100644 index d3985544c1..0000000000 --- a/tools/packaging/kernel/configs/fragments/x86_64/confidential/fips.conf +++ /dev/null @@ -1,7 +0,0 @@ -# To keep CRYPTO_FIPS enabled, the following dependencies -# are needed. This is done for confidential guest build -# target only since it's needed by v6.16+ kernels. Move -# to a common fragment once non-confidential guest kernels -# follow. -CONFIG_CRYPTO_SELFTESTS=y -CONFIG_EXPERT=y diff --git a/tools/packaging/kernel/configs/fragments/x86_64/crypto.conf b/tools/packaging/kernel/configs/fragments/x86_64/crypto.conf index a7d97ca5de..5cd7070f3b 100644 --- a/tools/packaging/kernel/configs/fragments/x86_64/crypto.conf +++ b/tools/packaging/kernel/configs/fragments/x86_64/crypto.conf @@ -1,2 +1,3 @@ # x86 cryptographic instructions to improve AES encryption and SHA256 hashing. +CONFIG_CRYPTO_SHA256_SSSE3=y CONFIG_CRYPTO_AES_NI_INTEL=y diff --git a/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf b/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf index c7c0e7ca29..b0b4dfa10e 100644 --- a/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf +++ b/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf @@ -7,5 +7,6 @@ CONFIG_INTEL_TDX_GUEST=y CONFIG_OF=y CONFIG_TDX_GUEST_DRIVER=y CONFIG_VIRT_DRIVERS=y +CONFIG_X86_5LEVEL=y CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y CONFIG_X86_PLATFORM_DEVICES=y diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version index 0234b515ea..9386c220a1 100644 --- a/tools/packaging/kernel/kata_config_version +++ b/tools/packaging/kernel/kata_config_version @@ -1 +1 @@ -162 +161 diff --git a/tools/packaging/kernel/patches/6.16.x/no_patches.txt b/tools/packaging/kernel/patches/6.16.x/no_patches.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/versions.yaml b/versions.yaml index 4006d7311f..e094fce0bc 100644 --- a/versions.yaml +++ b/versions.yaml @@ -200,7 +200,7 @@ assets: confidential: description: "Linux kernel with x86_64 TEEs (SNP and TDX) support" url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/" - version: "v6.16.1" + version: "v6.12.42" kernel-arm-experimental: description: "Linux kernel with cpu/mem hotplug support on arm64"