Conversation
mgsharm
force-pushed
the
kernel-6-18
branch
5 times, most recently
from
abeb8e1 to
8ab2924
Compare
packages/kernel-6.18/1001-Makefile-add-prepare-target-for-external-modules.patch
Show resolved
Hide resolved
| From ad5267161a6294f3dc5b64319a85ca435a3058d5 Mon Sep 17 00:00:00 2001 | ||
| From: Ben Cressey <bcressey@amazon.com> | ||
| Date: Tue, 18 Oct 2022 22:24:52 +0000 | ||
| Subject: [PATCH] initramfs: unlink INITRAMFS_FORCE from CMDLINE_{EXTEND,FORCE} | ||
|
|
||
| The motivation given in cff75e0b6fe83 for tying INITRAMFS_FORCE to | ||
| either of CMDLINE_{EXTEND,FORCE} was that these options imply an | ||
| inflexible bootloader, and that overriding the initramfs image would | ||
| also only be necessary for inflexible bootloaders. | ||
|
|
||
| However, with the advent of Boot Config support, distributions that do | ||
| not normally use an initramfs may still want to allow an "initrd" to be | ||
| passed by the bootloader in order to accept boot configuration data. In | ||
| such cases, the CMDLINE_{EXTEND,FORCE} options are not desired because | ||
| the bootloader is actually expected to control the kernel command line. | ||
|
|
||
| Unlinking the INITRAMFS_FORCE config option allows Boot Config data to | ||
| be passed by the bootloader while still preventing an unexpected | ||
| initramfs from overriding the built-in initramfs (if any). | ||
|
|
||
| Signed-off-by: Ben Cressey <bcressey@amazon.com> | ||
| Signed-off-by: Gaurav Sharma <mgsharm@amazon.com> |
There was a problem hiding this comment.
This patch doesn't seem to have had any changes.
You don't need to add your sign-off if the patch applied cleanly and you didn't have to modify anything. If you do change something, it lets people know to blame you instead of me if the change was bad.
There was a problem hiding this comment.
Will update other patches as well.
| # compress arm64 kernels | ||
| CONFIG_EFI_ZBOOT=y |
There was a problem hiding this comment.
You've removed these lines - why?
# ARM64-specific crypto acceleration
CONFIG_CRYPTO_SHA2_ARM64_CE=y
CONFIG_CRYPTO_SHA512_ARM64_CE=y
What can we replace them with to assert that hardware-accelerated SHA-2 is still available for both aarch64 and x86_64? This is significant for dm-verity performance.
There was a problem hiding this comment.
These config symbols no longer exist in kernel 6.18. They were removed as part of Architecture-optimized SHA-256 library API refactoring (merged for 6.18), which converts arch-optimized SHA implementations from crypto_shash to the library API. The hardware-accelerated SHA is now provided through CONFIG_CRYPTO_LIB_SHA256_ARCH and CONFIG_CRYPTO_LIB_SHA512_ARCH, defined in lib/crypto/Kconfig with default y for ARM64. These are already present in config-full-bottlerocket-aarch64 — no explicit setting is needed in the arch-specific config file.
| # Architecture-specific configurations for x86_64 | ||
|
|
||
| # x86_64-specific EFI support | ||
| CONFIG_EFI_MIXED=y |
There was a problem hiding this comment.
You've removed these lines - why?
# x86_64-specific crypto acceleration
CONFIG_CRYPTO_SHA256_SSSE3=y
CONFIG_CRYPTO_SHA512_SSSE3=y
There was a problem hiding this comment.
Same as the aarch64 case — these config symbols no longer exist in kernel 6.18. They were removed as part of the same refactoring. The replacements CONFIG_CRYPTO_LIB_SHA256_ARCH and CONFIG_CRYPTO_LIB_SHA512_ARCH are defined in lib/crypto/Kconfig with default y for X86_64, and are already present in config-full-bottlerocket-x86_64.
| sha1 | ||
| sha224 | ||
| sha256 | ||
| sha384 |
There was a problem hiding this comment.
How did you generate these files? The commit message would be a reasonable place to document that.
mgsharm
force-pushed
the
kernel-6-18
branch
6 times, most recently
from
30757de to
f8988d1
Compare
Add kernel-6.18 package based on AL2023 SRPM kernel6.18-6.18.8-9.213. Includes spec, kernel configs, microcode config, bootconfig, GPG key, and workspace/kit Cargo.toml entries. Signed-off-by: Gaurav Sharma <mgsharm@amazon.com>
Add Bottlerocket-specific patches for kernel 6.18, carried forward
from 6.12:
- 1001: Makefile prepare target for external modules (adjusted for 6.18)
- 1002: Revert hiding tools/ build targets from external module builds
- 1003: Unlink INITRAMFS_FORCE from CMDLINE_{EXTEND,FORCE}
- 1004: Increase default max_dgram_qlen to 512
- 1005: Select DRM prerequisites for GPU drivers (adjusted for 6.18)
- 1006: Don't measure kernel command line into PCR8
Signed-off-by: Gaurav Sharma <mgsharm@amazon.com>
Add NVIDIA R580 (580.126.09) kernel module package for 6.18, based on kmod-6.12-nvidia-r580. Includes Tesla, Grid, and open GPU module variants with associated services and configuration files. Signed-off-by: Gaurav Sharma <mgsharm@amazon.com>
Add Neuron driver support for kernel 6.18, based on kernel-6.12. Includes SRPM discovery scripts, module loading services for inf1 and latest hardware, and configuration files. Signed-off-by: Gaurav Sharma <mgsharm@amazon.com>
Add EFA (Elastic Fabric Adapter) kernel module package for 6.18, based on kmod-6.12-efa. Includes spec, CMake overlay, module loading service, and workspace/kit Cargo.toml entries. Signed-off-by: Gaurav Sharma <mgsharm@amazon.com>
Add VMware bootconfig and corresponding spec entries for kernel 6.18, based on kernel-6.12. Signed-off-by: Gaurav Sharma <mgsharm@amazon.com>
Add FIPS module lists and check-fips-modules drop-in template for kernel 6.18. Lists were derived from kernel-6.12 fipsmodules, removing modules that no longer exist due to the crypto library restructuring (e.g. sha2-ce, sha256-ssse3 replaced by CRYPTO_LIB_SHA*_ARCH). FIPS certification is not yet available for this kernel; the fips image feature is blocked via Conflicts in the spec. Signed-off-by: Gaurav Sharma <mgsharm@amazon.com>
2 participants
Issue number:
Closes #382
Description of changes:
Commit 1: Add kernel-6.18 package
packages/kernel-6.18/with spec, kernel configs, bootconfig, and GPG keyconfig-microcode-6-18for x86_64 microcode supportlatest-kernel-full-config.shto handle kernel 6.18Commit 2: Add Bottlerocket patches for kernel 6.18
Patches carried forward and regenerated from kernel-6.12:
Patches dropped (not applicable to 6.18):
Commit 3: Add kmod-6.18-nvidia-r580 package
Commit 4: Add neuron driver support for kernel 6.18
struct mempoolrename conflict with kernel 6.18'sinclude/linux/mempool.hMODULE_IMPORT_NSmacro to use string argument for kernel 6.13+ (inf1 driver only)Commit 5: Add kmod-6.18-efa package
Commit 6: Add VMware bootconfig support for kernel 6.18
Commit 7: Add FIPS support for kernel 6.18
FIPS module list changes from kernel 6.12
Several arch-specific crypto implementations were refactored into built-in library code in kernel 6.18 and no longer register as loadable modules.
x86_64 (42 → 38 modules)
aarch64 (50 → 44 modules)
The config mappings and module counts all check out.
Testing done:
Details
bash-5.2# systemctl status load-efa-modules.service ● load-efa-modules.service - Load EFA modules Loaded: loaded (/x86_64-bottlerocket-linux-gnu/sys-root/usr/lib/systemd/system/load-efa-modules.service; enabled; preset: enabled) Drop-In: /x86_64-bottlerocket-linux-gnu/sys-root/usr/lib/systemd/system/service.d └─00-aws-config.conf Active: active (exited) since Thu 2026-03-05 22:22:06 UTC; 5min ago Invocation: f7adc04a938349ad87ee9a6433fe9f6e Main PID: 13693 (code=exited, status=0/SUCCESS) Mem peak: 2.4M CPU: 21ms Mar 05 22:22:06 localhost systemd[1]: Starting Load EFA modules... Mar 05 22:22:06 localhost systemd[1]: Finished Load EFA modules. bash-5.2# lspci | grep EFA 10:1b.0 Ethernet controller: Amazon.com, Inc. Elastic Fabric Adapter (EFA) bash-5.2# modinfo efa filename: /lib/modules/6.18.8/updates/drivers/amazon/net/efa/efa.ko description: Elastic Fabric Adapter (EFA) license: Dual BSD/GPL author: Amazon.com, Inc. or its affiliates softdep: pre: ib_uverbs version: 3.0.0g srcversion: 07789AC73F98EF744EDAD6F alias: pci:v00001D0Fd0000EFA3sv*sd*bc*sc*i* alias: pci:v00001D0Fd0000EFA2sv*sd*bc*sc*i* alias: pci:v00001D0Fd0000EFA1sv*sd*bc*sc*i* alias: pci:v00001D0Fd0000EFA0sv*sd*bc*sc*i* depends: ib_uverbs,ib_core name: efa retpoline: Y vermagic: 6.18.8 SMP preempt mod_unload modversions bash-5.2# systemctl list-units | grep load-efa-modules.service load-efa-modules.service loaded active exited Load EFA modulesTerms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.