diff --git a/tools/packaging/kernel/configs/fragments/common/confidential_containers/cryptsetup.conf b/tools/packaging/kernel/configs/fragments/common/confidential_containers/cryptsetup.conf index a3e04e9b17..dae3142f1b 100644 --- a/tools/packaging/kernel/configs/fragments/common/confidential_containers/cryptsetup.conf +++ b/tools/packaging/kernel/configs/fragments/common/confidential_containers/cryptsetup.conf @@ -12,7 +12,6 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y CONFIG_CRYPTO_USER=y CONFIG_CRYPTO_NULL=y -CONFIG_CRYPTO_NULL2=y CONFIG_CRYPTO_CRYPTD=y CONFIG_CRYPTO_AUTHENC=y CONFIG_CRYPTO_CBC=y diff --git a/tools/packaging/kernel/configs/fragments/common/hotplug.conf b/tools/packaging/kernel/configs/fragments/common/hotplug.conf index af84a24d72..c179970316 100644 --- a/tools/packaging/kernel/configs/fragments/common/hotplug.conf +++ b/tools/packaging/kernel/configs/fragments/common/hotplug.conf @@ -9,3 +9,6 @@ CONFIG_PCIEPORTBUS=y # Define hotplugs to be online immediately. Speeds things up, and makes things # work smoother on some arch's. CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y + +# Linux v6.14+ dropped MEMORY_HOTPLUG_DEFAULT_ONLINE. The equivalent is: +CONFIG_MHP_DEFAULT_ONLINE_TYPE_ONLINE_AUTO=y diff --git a/tools/packaging/kernel/configs/fragments/whitelist.conf b/tools/packaging/kernel/configs/fragments/whitelist.conf index 2ddf89e98c..195ac78154 100644 --- a/tools/packaging/kernel/configs/fragments/whitelist.conf +++ b/tools/packaging/kernel/configs/fragments/whitelist.conf @@ -39,3 +39,5 @@ CONFIG_MITIGATION_PAGE_TABLE_ISOLATION CONFIG_VFIO_AP CONFIG_VFIO_MDEV CONFIG_BLK_DEV_WRITE_MOUNTED +CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE +CONFIG_MHP_DEFAULT_ONLINE_TYPE_ONLINE_AUTO diff --git a/tools/packaging/kernel/configs/fragments/x86_64/confidential/fips.conf b/tools/packaging/kernel/configs/fragments/x86_64/confidential/fips.conf new file mode 100644 index 0000000000..d3985544c1 --- /dev/null +++ b/tools/packaging/kernel/configs/fragments/x86_64/confidential/fips.conf @@ -0,0 +1,7 @@ +# To keep CRYPTO_FIPS enabled, the following dependencies +# are needed. This is done for confidential guest build +# target only since it's needed by v6.16+ kernels. Move +# to a common fragment once non-confidential guest kernels +# follow. +CONFIG_CRYPTO_SELFTESTS=y +CONFIG_EXPERT=y diff --git a/tools/packaging/kernel/configs/fragments/x86_64/crypto.conf b/tools/packaging/kernel/configs/fragments/x86_64/crypto.conf index 5cd7070f3b..a7d97ca5de 100644 --- a/tools/packaging/kernel/configs/fragments/x86_64/crypto.conf +++ b/tools/packaging/kernel/configs/fragments/x86_64/crypto.conf @@ -1,3 +1,2 @@ # x86 cryptographic instructions to improve AES encryption and SHA256 hashing. -CONFIG_CRYPTO_SHA256_SSSE3=y CONFIG_CRYPTO_AES_NI_INTEL=y diff --git a/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf b/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf index b0b4dfa10e..c7c0e7ca29 100644 --- a/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf +++ b/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf @@ -7,6 +7,5 @@ CONFIG_INTEL_TDX_GUEST=y CONFIG_OF=y CONFIG_TDX_GUEST_DRIVER=y CONFIG_VIRT_DRIVERS=y -CONFIG_X86_5LEVEL=y CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y CONFIG_X86_PLATFORM_DEVICES=y diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version index a76256037d..9386c220a1 100644 --- a/tools/packaging/kernel/kata_config_version +++ b/tools/packaging/kernel/kata_config_version @@ -1 +1 @@ -160 +161 diff --git a/tools/packaging/kernel/patches/6.16.x/no_patches.txt b/tools/packaging/kernel/patches/6.16.x/no_patches.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/versions.yaml b/versions.yaml index 18af53c4ae..cae5a8c366 100644 --- a/versions.yaml +++ b/versions.yaml @@ -200,7 +200,7 @@ assets: confidential: description: "Linux kernel with x86_64 TEEs (SNP and TDX) support" url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/" - version: "v6.12.36" + version: "v6.16" kernel-arm-experimental: description: "Linux kernel with cpu/mem hotplug support on arm64"