Editing Fedora28 kernel hardening, general installation, rpm building
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
<big>WIP</big> | <big>WIP</big> | ||
This a post of a sum of generalized ideas for kernel hardening, rpm building, and kernel building on CUH-1215A possibly other CUH-12XX | |||
this information is 100% untested to a fully working degree, the RPMs are functional there are other issues for me to load bzImage either | |||
with an embedded initramfs.img direclty embedded in the kernel as a cpio.gz and confusion in trying to modify main.c in the "Payload" | |||
(PS4-Linux-Loader) here to point to the right files to boot Fedora 28, | |||
experimental RPMs, including source RPM for the kernel itself, | |||
these are non-working RPMs as untested to fully boot, I have posted a working PS4-Linux-Loader from | |||
here tried to modify it for 720p changing the resolution from 1920x1080 to 1280x720 for my PS4 which CUH-1215A | |||
the screen goes to a speckled black and white like loss of reception pressing CRTL-ALT-F1 or CRTL-ALT-F2, F3, F4 | |||
switching ttys shows the login screen, | |||
other issues, with vsync from the tty i tried to work around by installing "gdm", service gdm restart, then switching | |||
to a different tty seemed to bring the vsync back | |||
also enabled in the RPMs are SMAC, apparmor, aside from default SELinux, SLAB memory protection, packect injection support | |||
via a kernel module, overflow protection from common exploits | |||
-> in "Security in the main 'make menuconfig' | |||
VFIO, PCI-PASS no-IOMMU disabled | |||
KVM, IOMMU v2 | |||
IBM Calargy, | |||
AMD IOMMU GART BASED, | |||
XEN | |||
Hyper-V | |||
filesystem support for NTFS, HFS, | |||
iPhone Ethernet tethering via USB as a network device | |||
xHCI USB 3.0 | |||
USB-c type connectors | |||
GPUs are changed from a max of 64 to 256, | |||
there is the max limit on CPUs, in the kernel possibly for a node type system, | |||
wifi mesh networking, | |||
a whole host of other tweaks. | |||
https://github.com/valentinbreiz/PS4-Linux-Loader/blob/master/source/main.c#L158 | |||
https://github.com/valentinbreiz/PS4-Linux-Loader | |||
https://drive.google.com/drive/u/0/folders/1L2oykE70DgQqHPf0F-6-NSgiTkOhCZfP | |||
* |-- bzImage | |||
|-- initramfs.cpio.gz | |||
|-- kernel-4.14.40+-1.src.rpm | |||
|-- kernel-4.14.40+-1.x86_64.rpm | |||
|-- kernel-devel-4.14.40+-1.x86_64.rpm | |||
|-- kernel-headers-4.14.40+-1.x86_64.rpm | |||
`-- PS4-Linux-Loader-5.05.720p.bin | |||
Line 86: | Line 85: | ||
void usbthing() | |||
<br />{ | <br />{ | ||
Line 276: | Line 275: | ||
dnf build-dep kernel | dnf build-dep kernel | ||
cd ps4-linux | |||
cp -rf config | |||
optional @EOF be sure to adjust embedded initramfs with the kernel as necessary or as a seperate initramfs | |||
cp ps4-custom-kernel.config to .config | |||
make menuconfig | make menuconfig | ||
Line 286: | Line 286: | ||
pulled from another site for decompressing / compressing the initramfs.img | |||
to extract initramfs.img to folder for kernel embedded compile | |||
lsinitrd initramfs.img | lsinitrd initramfs.img | ||
mkdir initramfs-extract | mkdir initramfs-extract | ||
this full path directory is specified in the kernel config, via make menuconfig to embed the initramfs as part of the | |||
kernel with make bzImage | |||
cd initramfs-extract | cd initramfs-extract | ||
Line 303: | Line 303: | ||
cd .. | cd .. | ||
(back in ps4-linux top level folder) | |||
make -j8 bzImage | |||
make -j8 rpm | |||
exit (to exit the chroot environment) | |||
remove mount points | |||
umount /mnt/ps4/dev | umount /mnt/ps4/dev | ||
Line 5,044: | Line 5,042: | ||
<br /> | <br /> | ||
<br /> | <br /> | ||