Raspi2-3_GenImage Commit - r644:f0a3f8f73363 · Collaboration Tremplin des Sciences

128

129

# enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453

129

# enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453

130

if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then

130

if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then

131

set_kernel_config CONFIG_HAVE_KVM y

132

set_kernel_config CONFIG_HIGH_RES_TIMERS y

131

set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y

133

set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y

132

set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y

134

set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y

133

set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y

135

set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y

142

set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y

144

set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y

143

set_kernel_config CONFIG_KVM_MMIO y

145

set_kernel_config CONFIG_KVM_MMIO y

144

set_kernel_config CONFIG_KVM_VFIO y

146

set_kernel_config CONFIG_KVM_VFIO y

147

set_kernel_config CONFIG_KVM_MMU_AUDIT y

145

set_kernel_config CONFIG_VHOST m

148

set_kernel_config CONFIG_VHOST m

146

set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y

149

set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y

147

set_kernel_config CONFIG_VHOST_NET m

150

set_kernel_config CONFIG_VHOST_NET m

148

set_kernel_config CONFIG_VIRTUALIZATION y

151

set_kernel_config CONFIG_VIRTUALIZATION y

149

152

set_kernel_config CONFIG_MMU_NOTIFIER y

150

set_kernel_config CONFIG_MMU_NOTIFIER y

153

151

154

set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y

152

# erratum

155

set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y

153

set_kernel_config ARM64_ERRATUM_834220 y

156

154

157

# erratum

155

# https://sourceforge.net/p/kvm/mailman/message/18440797/

158

set_kernel_config ARM64_ERRATUM_834220 y

156

set_kernel_config CONFIG_PREEMPT_NOTIFIERS y

159

# https://sourceforge.net/p/kvm/mailman/message/18440797/

157

fi

160

set_kernel_config CONFIG_PREEMPT_NOTIFIERS y

161

fi

158

162

159

# enable apparmor,integrity audit,

163

# enable apparmor,integrity audit,

160

if [ "$KERNEL_SECURITY" = true ] ; then

164

if [ "$KERNEL_SECURITY" = true ] ; then

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

                   # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
             	  if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
+            	set_kernel_config CONFIG_HAVE_KVM y
+            	set_kernel_config CONFIG_HIGH_RES_TIMERS y
             	set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
                     set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
                     set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
                     set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
                     set_kernel_config CONFIG_KVM_MMIO y
                     set_kernel_config CONFIG_KVM_VFIO y
+            	set_kernel_config CONFIG_KVM_MMU_AUDIT y
                     set_kernel_config CONFIG_VHOST m
                     set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
                     set_kernel_config CONFIG_VHOST_NET m
                     set_kernel_config CONFIG_VIRTUALIZATION y
+                    set_kernel_config CONFIG_MMU_NOTIFIER y
-            		set_kernel_config CONFIG_MMU_NOTIFIER y
+            	set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
-            		# erratum
+            	set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
-            		set_kernel_config ARM64_ERRATUM_834220 y
+            	# erratum
-            		# https://sourceforge.net/p/kvm/mailman/message/18440797/
+            	set_kernel_config ARM64_ERRATUM_834220 y
-            		set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
+            	# https://sourceforge.net/p/kvm/mailman/message/18440797/
-            	  fi
+            	set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
+              fi
                   # enable apparmor,integrity audit,
             	  if [ "$KERNEL_SECURITY" = true ] ; then