Linux/Tipps/Gentoo/Kernel: Unterschied zwischen den Versionen
→Crypto XTS support
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
Zeile 266: | Zeile 266: | ||
==Crypto XTS support == | ==Crypto XTS support == | ||
* CRYPTO_XTS: '''Cryptographic API -> XTS support''' = y | * CRYPTO_XTS: '''Cryptographic API -> XTS support''' = y | ||
== Microcode patches for Spectre == | |||
See also https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre and https://wiki.gentoo.org/wiki/Intel_microcode and https://www.heise.de/security/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-Linux-und-Windows-3994347.html. | |||
Check processor and microcode version (before and after changes): | |||
dmesg | grep microcode | |||
emerge --ask --noreplace sys-firmware/intel-microcode sys-apps/iucode_tool | |||
iucode_tool -S --write-earlyfw=/boot/early_ucode.cpio /lib/firmware/intel-ucode/* | |||
* CONFIG_BLK_DEV_INITRD: '''General setup -> Initial RAM filesystem and RAM disk (initramfs/initrd) support''' = y | |||
* CONFIG_MICROCODE: '''Processor type and features -> CPU microcode loading support''' = y | |||
* CONFIG_MICROCODE_INTEL: '''Processor type and features -> Intel microcode loading support''' = y | |||
Need newer genkernel for --microcode option: | |||
vi /etc/portage/package.keywords | |||
emerge --ask genkernel | |||
genkernel --microcode --kernel-config=.config --no-clean --makeopts=-j5 all |