Skip to content

Commit

Permalink
fix: disable CONFIG_EFI_DISABLE_PCI_DMA option
Browse files Browse the repository at this point in the history
This effectively reverts #899 completely.

Fixes siderolabs/talos#8743

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
  • Loading branch information
smira committed May 16, 2024
1 parent 9ebfd1b commit f414bbd
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion kernel/build/config-amd64
Original file line number Diff line number Diff line change
Expand Up @@ -1984,7 +1984,7 @@ CONFIG_EFI_DEV_PATH_PARSER=y
CONFIG_APPLE_PROPERTIES=y
CONFIG_RESET_ATTACK_MITIGATION=y
# CONFIG_EFI_RCI2_TABLE is not set
CONFIG_EFI_DISABLE_PCI_DMA=y
# CONFIG_EFI_DISABLE_PCI_DMA is not set
CONFIG_EFI_EARLYCON=y
CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y
# CONFIG_EFI_DISABLE_RUNTIME is not set
Expand Down
2 changes: 1 addition & 1 deletion kernel/build/scripts/filter-hardened-check.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
'CONFIG_CFI_PERMISSIVE', # SideroLabs toolchain uses gcc, investigae more, see https://github.com/siderolabs/pkgs/issues/91
'CONFIG_SECURITY_SELINUX_DEVELOP', # SELinux enabled, but permissive unless enforcing=1. TODO: force enforcing mode when complete
'CONFIG_SPECULATION_MITIGATIONS', # Renamed in the kernel to 'CONFIG_CPU_MITIGATIONS'
'CONFIG_EFI_DISABLE_PCI_DMA', # enabling this breaks boot with no visible error messages to debug (https://github.com/siderolabs/talos/issues/8743)
}

"""
Expand All @@ -38,7 +39,6 @@
IGNORE_VIOLATIONS_BY_ARCH = {
'arm64': {
'CONFIG_ARM64_BTI_KERNEL', # can't seem to enable this, probably because we're using gcc, see https://github.com/siderolabs/pkgs/issues/918
'CONFIG_EFI_DISABLE_PCI_DMA', # for arm64, enabling this breaks boot with no visible error messages to debug.
},
'amd64': {},
}
Expand Down

0 comments on commit f414bbd

Please sign in to comment.