From 0636d1507ebfbd479ee2202e6d3ad898b9bd22f4 Mon Sep 17 00:00:00 2001
From: David P <megver83@parabola.nu>
Date: Thu, 20 Sep 2018 23:09:49 -0300
Subject: upgpkg: libre/linux-libre 4.18.9_gnu-1

Signed-off-by: David P <megver83@parabola.nu>
---
 ...to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 15 ++--
 .../0002-drm-i915-Increase-LSPCON-timeout.patch    | 50 -------------
 ...0003-HID-core-fix-grouping-by-application.patch | 81 ----------------------
 libre/linux-libre/PKGBUILD                         | 20 ++----
 libre/linux-libre/config.armv7h                    |  4 +-
 libre/linux-libre/config.i686                      | 20 ++++--
 libre/linux-libre/config.x86_64                    | 43 +++++++++---
 7 files changed, 65 insertions(+), 168 deletions(-)
 delete mode 100644 libre/linux-libre/0002-drm-i915-Increase-LSPCON-timeout.patch
 delete mode 100644 libre/linux-libre/0003-HID-core-fix-grouping-by-application.patch

diff --git a/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
index 785150403..e57df3b15 100644
--- a/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -1,8 +1,7 @@
-From 7e7b8d7a0e74d0d4c74abee0334a771458a3ed79 Mon Sep 17 00:00:00 2001
+From 1a47eb71988a919e811ce558f6f58855155c6218 Mon Sep 17 00:00:00 2001
 From: Serge Hallyn <serge.hallyn@canonical.com>
 Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by
- default
+Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default
 
 Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
 [bwh: Remove unneeded binary sysctl bits]
@@ -14,7 +13,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com>
  3 files changed, 30 insertions(+)
 
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 1b27babc4c78..a88dd3ccd31c 100644
+index 8ed48ca2cc43..e02823819ab7 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -103,6 +103,11 @@
@@ -29,7 +28,7 @@ index 1b27babc4c78..a88dd3ccd31c 100644
  
  /*
   * Minimum number of threads to boot the kernel
-@@ -1624,6 +1629,10 @@ static __latent_entropy struct task_struct *copy_process(
+@@ -1625,6 +1630,10 @@ static __latent_entropy struct task_struct *copy_process(
  	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
  		return ERR_PTR(-EINVAL);
  
@@ -40,7 +39,7 @@ index 1b27babc4c78..a88dd3ccd31c 100644
  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
-@@ -2420,6 +2429,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -2421,6 +2430,12 @@ int ksys_unshare(unsigned long unshare_flags)
  	if (unshare_flags & CLONE_NEWNS)
  		unshare_flags |= CLONE_FS;
  
@@ -84,7 +83,7 @@ index 2d9837c0aff4..eb5236c069fc 100644
  	{
  		.procname	= "tainted",
 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index c3d7583fcd21..6ee37e516869 100644
+index e5222b5fb4fe..c941a66e51d1 100644
 --- a/kernel/user_namespace.c
 +++ b/kernel/user_namespace.c
 @@ -26,6 +26,9 @@
@@ -98,5 +97,5 @@ index c3d7583fcd21..6ee37e516869 100644
  static DEFINE_MUTEX(userns_state_mutex);
  
 -- 
-2.18.0
+2.19.0
 
diff --git a/libre/linux-libre/0002-drm-i915-Increase-LSPCON-timeout.patch b/libre/linux-libre/0002-drm-i915-Increase-LSPCON-timeout.patch
deleted file mode 100644
index 79860decc..000000000
--- a/libre/linux-libre/0002-drm-i915-Increase-LSPCON-timeout.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 01d91bc0dac1c22f60fb6d225dcacc7fa9ae2d56 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fredrik=20Sch=C3=B6n?= <fredrikschon@gmail.com>
-Date: Fri, 17 Aug 2018 22:07:28 +0200
-Subject: [PATCH 2/3] drm/i915: Increase LSPCON timeout
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-100 ms is not enough time for the LSPCON adapter on Intel NUC devices to
-settle. This causes dropped display modes at boot or screen reconfiguration.
-Empirical testing can reproduce the error up to a timeout of 190 ms. Basic
-boot and stress testing at 200 ms has not (yet) failed.
-
-Increase timeout to 400 ms to get some margin of error.
-
-Changes from v1:
-The initial suggestion of 1000 ms was lowered due to concerns about delaying
-valid timeout cases.
-Update patch metadata.
-
-Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107503
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1570392
-Fixes: 357c0ae9198a ("drm/i915/lspcon: Wait for expected LSPCON mode to settle")
-Cc: Shashank Sharma <shashank.sharma@intel.com>
-Cc: Imre Deak <imre.deak@intel.com>
-Cc: Jani Nikula <jani.nikula@intel.com>
-Cc: <stable@vger.kernel.org> # v4.11+
-Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
-Signed-off-by: Fredrik Schön <fredrik.schon@gmail.com>
-Reviewed-by: Shashank Sharma <shashank.sharma@intel.com>
----
- drivers/gpu/drm/i915/intel_lspcon.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/gpu/drm/i915/intel_lspcon.c b/drivers/gpu/drm/i915/intel_lspcon.c
-index 8ae8f42f430a..6b6758419fb3 100644
---- a/drivers/gpu/drm/i915/intel_lspcon.c
-+++ b/drivers/gpu/drm/i915/intel_lspcon.c
-@@ -74,7 +74,7 @@ static enum drm_lspcon_mode lspcon_wait_mode(struct intel_lspcon *lspcon,
- 	DRM_DEBUG_KMS("Waiting for LSPCON mode %s to settle\n",
- 		      lspcon_mode_name(mode));
- 
--	wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 100);
-+	wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 400);
- 	if (current_mode != mode)
- 		DRM_ERROR("LSPCON mode hasn't settled\n");
- 
--- 
-2.18.0
-
diff --git a/libre/linux-libre/0003-HID-core-fix-grouping-by-application.patch b/libre/linux-libre/0003-HID-core-fix-grouping-by-application.patch
deleted file mode 100644
index da196890f..000000000
--- a/libre/linux-libre/0003-HID-core-fix-grouping-by-application.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 20acb01da9443e3ca814bb5d17f01b3fea754010 Mon Sep 17 00:00:00 2001
-From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
-Date: Tue, 4 Sep 2018 15:31:14 +0200
-Subject: [PATCH 3/3] HID: core: fix grouping by application
-
-commit f07b3c1da92d ("HID: generic: create one input report per
-application type") was effectively the same as MULTI_INPUT:
-hidinput->report was never set, so hidinput_match_application()
-always returned null.
-
-Fix that by testing against the real application.
-
-Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT
-instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward
-compatibility on all non-Win8 touchscreens.
-
-link: https://bugzilla.kernel.org/show_bug.cgi?id=200847
-link: https://bugzilla.kernel.org/show_bug.cgi?id=200849
-link: https://bugs.archlinux.org/task/59699
-link: https://github.com/NixOS/nixpkgs/issues/45165
-
-Cc: stable@vger.kernel.org # v4.18+
-Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
----
- drivers/hid/hid-input.c      | 4 ++--
- drivers/hid/hid-multitouch.c | 3 +++
- include/linux/hid.h          | 1 +
- 3 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
-index ab93dd5927c3..a137d2835f32 100644
---- a/drivers/hid/hid-input.c
-+++ b/drivers/hid/hid-input.c
-@@ -1579,6 +1579,7 @@ static struct hid_input *hidinput_allocate(struct hid_device *hid,
- 	input_dev->dev.parent = &hid->dev;
- 
- 	hidinput->input = input_dev;
-+	hidinput->application = application;
- 	list_add_tail(&hidinput->list, &hid->inputs);
- 
- 	INIT_LIST_HEAD(&hidinput->reports);
-@@ -1674,8 +1675,7 @@ static struct hid_input *hidinput_match_application(struct hid_report *report)
- 	struct hid_input *hidinput;
- 
- 	list_for_each_entry(hidinput, &hid->inputs, list) {
--		if (hidinput->report &&
--		    hidinput->report->application == report->application)
-+		if (hidinput->application == report->application)
- 			return hidinput;
- 	}
- 
-diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
-index 45968f7970f8..1a987345692a 100644
---- a/drivers/hid/hid-multitouch.c
-+++ b/drivers/hid/hid-multitouch.c
-@@ -1476,6 +1476,9 @@ static int mt_probe(struct hid_device *hdev, const struct hid_device_id *id)
- 	 */
- 	hdev->quirks |= HID_QUIRK_INPUT_PER_APP;
- 
-+	if (id->group != HID_GROUP_MULTITOUCH_WIN_8)
-+		hdev->quirks |= HID_QUIRK_MULTI_INPUT;
-+
- 	timer_setup(&td->release_timer, mt_expired_timeout, 0);
- 
- 	ret = hid_parse(hdev);
-diff --git a/include/linux/hid.h b/include/linux/hid.h
-index 773bcb1d4044..5482dd6ae9ef 100644
---- a/include/linux/hid.h
-+++ b/include/linux/hid.h
-@@ -520,6 +520,7 @@ struct hid_input {
- 	const char *name;
- 	bool registered;
- 	struct list_head reports;	/* the list of reports */
-+	unsigned int application;	/* application usage for this input */
- };
- 
- enum hid_type {
--- 
-2.18.0
-
diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD
index 219d81732..c4b0cb121 100644
--- a/libre/linux-libre/PKGBUILD
+++ b/libre/linux-libre/PKGBUILD
@@ -12,7 +12,7 @@
 pkgbase=linux-libre         # Build stock kernel
 #pkgbase=linux-libre-custom # Build kernel with a different name
 _srcbasever=4.18-gnu
-_srcver=4.18.7-gnu
+_srcver=4.18.9-gnu
 
 _replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
 _replacesoldkernels=() # '%' gets replaced with _kernelname
@@ -22,7 +22,7 @@ _srcname=linux-${_srcbasever%-*}
 _archpkgver=${_srcver%-*}
 pkgver=${_srcver//-/_}
 pkgrel=1
-rcnrel=armv7-x7
+rcnrel=armv7-x9
 arch=(i686 x86_64 armv7h)
 url="https://linux-libre.fsfla.org/"
 license=(GPL2)
@@ -60,8 +60,6 @@ source=(
   '0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch'
   '0002-fix-Atmel-maXTouch-touchscreen-support.patch'
   '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch'
-  '0002-drm-i915-Increase-LSPCON-timeout.patch'
-  '0003-HID-core-fix-grouping-by-application.patch'
 )
 validpgpkeys=(
   '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva
@@ -69,7 +67,7 @@ validpgpkeys=(
 )
 sha512sums=('0c221c6e84eb5bc270ef79454bf407079daed84534afb1d449d40fa46e42868a471d3063016a4eb3f68d42879e18ee314ab30716116805fee35b5084b23df2a9'
             'SKIP'
-            'eb6ac128ed56fa9a499e32939d71d2c4f3afa3c064882c34222c6ac23e2ea0f323155a400525e007093ff9313045c677fbc2f9487d42fd4c3b23a09d8454991f'
+            '72486a515539b2420daa6fb41c41f5994dbc4572bdacd80f75fb965398b6e12ed06c491ddab263adc36c5d48da52e1b5cf1145f4f808665dffc64ba16bfc90d4'
             'SKIP'
             '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
             'SKIP'
@@ -77,9 +75,9 @@ sha512sums=('0c221c6e84eb5bc270ef79454bf407079daed84534afb1d449d40fa46e42868a471
             'SKIP'
             '7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78'
             'SKIP'
-            '5c1f95ba72d2aec9eb482fbf2e81fe73ec0120a3706e4e3fa6aba213a200e9c93a154dd553fa5360744cb4ce2988080097cde2877321cab83e6e9059fcddbcd8'
-            'dfac046facda1850ea56f37640c970155397fc3b539a4a9e27a8c931fb0fa0166d0be32b5200e56a0794cdd3e91cfa1b8ef1a2c1a89165df5676585f4cb77459'
-            'cca223c088cb100d478de6ec1be7a15bfa390cd750a68517b27ed7469efcb52bff653bff8651cd08dfa2d52be863fe82e4542806dd901f4815e948beadc0248a'
+            '022d0fa19f0550140161253dd362a9f23fc88276965f0ab9dea3c8e1ff15d2878f71c1a3efafda113ffd632bcaab90d143b301b221c8a1180be0fe11139880ff'
+            'c8da5520813bce50806fab22b433e53b614ead2e9d757a0e2847d542b0d0aac0ce80357cc63afcea3c37fc7530f385e6cd65f931c73d4331877f6012396ce032'
+            '6d80dd0352e2e99b6537adeb6d077004aa4d5c8c832efd80fd2c9e36d9fa3c75e3190d22678644e856e422862d226a8fac2a65c558454602c5da98a267a437f2'
             '7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a'
             '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44'
             '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf'
@@ -101,9 +99,7 @@ sha512sums=('0c221c6e84eb5bc270ef79454bf407079daed84534afb1d449d40fa46e42868a471
             '073c48fea2989334451b9020e8151c0385b07affcb2bc5f778fd5f9d2d8182e40dcd04edde4d53648c1ed8cea4721afc04267a72e429be3612d2f77f5d0fd459'
             '02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af'
             'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168'
-            'd7e50acea0a21dc4c65d0ac093192e02ed995a6110f714b1f8a3c60c44a4d4da09ffbf90bcf20ce2e285b4f58f3972957e30b26c57e233c483ce049177fdfb13'
-            '15254ce2163c296f4823b3cfea31f68d4d9f0da3cc8c1aff7ec8d6d957fb1f437b39c4b7737056ba86d2405a8a5fd407bd7c2ff6d273089499daac0630b2bf0e'
-            '559fe854b46bcb4967d01f97dcc98c9c5ea52a3a3fa70ea6b19d78f0c5b19598d058a82e33006b7b6afd54cf7e073c8622d4a59eac24151685b5ec20dad1eace')
+            '78b8020105e7aafb84f32de6a7fb12b5dcb466f1d36d5188d78064d3d11a2a996a7ea4c7f9ba8a927fb9e4bbbfc6ac2913d03aa8b8257d8a771a93b7b8658092')
 
 _kernelname=${pkgbase#linux-libre}
 _replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}")
@@ -153,8 +149,6 @@ prepare() {
 
   # Arch's linux patches
   patch -p1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
-  patch -p1 -i ../0002-drm-i915-Increase-LSPCON-timeout.patch
-  patch -p1 -i ../0003-HID-core-fix-grouping-by-application.patch
 
   # maintain the TTY over USB disconnects
   # http://www.coreboot.org/EHCI_Gadget_Debug
diff --git a/libre/linux-libre/config.armv7h b/libre/linux-libre/config.armv7h
index 07ba28ed8..52de17f86 100644
--- a/libre/linux-libre/config.armv7h
+++ b/libre/linux-libre/config.armv7h
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.18.7-gnu Kernel Configuration
+# Linux/arm 4.18.9-gnu Kernel Configuration
 #
 
 #
@@ -57,7 +57,7 @@ CONFIG_SYSVIPC_SYSCTL=y
 CONFIG_POSIX_MQUEUE=y
 CONFIG_POSIX_MQUEUE_SYSCTL=y
 CONFIG_CROSS_MEMORY_ATTACH=y
-CONFIG_USELIB=y
+# CONFIG_USELIB is not set
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
 CONFIG_AUDITSYSCALL=y
diff --git a/libre/linux-libre/config.i686 b/libre/linux-libre/config.i686
index 56c339af0..28773f886 100644
--- a/libre/linux-libre/config.i686
+++ b/libre/linux-libre/config.i686
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.18.7-gnu Kernel Configuration
+# Linux/x86 4.18.9-gnu Kernel Configuration
 #
 
 #
@@ -1121,14 +1121,14 @@ CONFIG_NF_NAT_REDIRECT=y
 CONFIG_NETFILTER_SYNPROXY=m
 CONFIG_NF_OSF=m
 CONFIG_NF_TABLES=m
-# CONFIG_NF_TABLES_SET is not set
+CONFIG_NF_TABLES_SET=m
 CONFIG_NF_TABLES_INET=y
 CONFIG_NF_TABLES_NETDEV=y
 CONFIG_NFT_NUMGEN=m
 CONFIG_NFT_CT=m
 CONFIG_NFT_FLOW_OFFLOAD=m
 CONFIG_NFT_COUNTER=m
-# CONFIG_NFT_CONNLIMIT is not set
+CONFIG_NFT_CONNLIMIT=m
 CONFIG_NFT_LOG=m
 CONFIG_NFT_LIMIT=m
 CONFIG_NFT_MASQ=m
@@ -1143,7 +1143,7 @@ CONFIG_NFT_COMPAT=m
 CONFIG_NFT_HASH=m
 CONFIG_NFT_FIB=m
 CONFIG_NFT_FIB_INET=m
-# CONFIG_NFT_SOCKET is not set
+CONFIG_NFT_SOCKET=m
 CONFIG_NF_DUP_NETDEV=m
 CONFIG_NFT_DUP_NETDEV=m
 CONFIG_NFT_FWD_NETDEV=m
@@ -5884,7 +5884,13 @@ CONFIG_TINYDRM_MI0283QT=m
 CONFIG_TINYDRM_REPAPER=m
 CONFIG_TINYDRM_ST7586=m
 CONFIG_TINYDRM_ST7735R=m
-# CONFIG_DRM_LEGACY is not set
+CONFIG_DRM_LEGACY=y
+# CONFIG_DRM_TDFX is not set
+# CONFIG_DRM_R128 is not set
+# CONFIG_DRM_MGA is not set
+# CONFIG_DRM_SIS is not set
+# CONFIG_DRM_VIA is not set
+CONFIG_DRM_SAVAGE=m
 CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y
 
 #
@@ -5939,7 +5945,9 @@ CONFIG_FB_I810_I2C=y
 # CONFIG_FB_ATY128 is not set
 # CONFIG_FB_ATY is not set
 # CONFIG_FB_S3 is not set
-# CONFIG_FB_SAVAGE is not set
+CONFIG_FB_SAVAGE=m
+CONFIG_FB_SAVAGE_I2C=y
+CONFIG_FB_SAVAGE_ACCEL=y
 # CONFIG_FB_SIS is not set
 # CONFIG_FB_VIA is not set
 # CONFIG_FB_NEOMAGIC is not set
diff --git a/libre/linux-libre/config.x86_64 b/libre/linux-libre/config.x86_64
index 029d47c94..6664f03f7 100644
--- a/libre/linux-libre/config.x86_64
+++ b/libre/linux-libre/config.x86_64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.18.6-gnu Kernel Configuration
+# Linux/x86 4.18.9-gnu Kernel Configuration
 #
 
 #
@@ -381,7 +381,15 @@ CONFIG_MODULE_UNLOAD=y
 CONFIG_MODULE_FORCE_UNLOAD=y
 CONFIG_MODVERSIONS=y
 CONFIG_MODULE_SRCVERSION_ALL=y
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+# CONFIG_MODULE_SIG_FORCE is not set
+CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG_SHA1 is not set
+# CONFIG_MODULE_SIG_SHA224 is not set
+# CONFIG_MODULE_SIG_SHA256 is not set
+# CONFIG_MODULE_SIG_SHA384 is not set
+CONFIG_MODULE_SIG_SHA512=y
+CONFIG_MODULE_SIG_HASH="sha512"
 CONFIG_MODULE_COMPRESS=y
 # CONFIG_MODULE_COMPRESS_GZIP is not set
 CONFIG_MODULE_COMPRESS_XZ=y
@@ -9111,9 +9119,10 @@ CONFIG_EARLY_PRINTK=y
 # CONFIG_EARLY_PRINTK_DBGP is not set
 CONFIG_EARLY_PRINTK_EFI=y
 # CONFIG_EARLY_PRINTK_USB_XDBC is not set
+CONFIG_X86_PTDUMP_CORE=y
 # CONFIG_X86_PTDUMP is not set
 # CONFIG_EFI_PGT_DUMP is not set
-# CONFIG_DEBUG_WX is not set
+CONFIG_DEBUG_WX=y
 CONFIG_DOUBLEFAULT=y
 # CONFIG_DEBUG_TLBFLUSH is not set
 # CONFIG_IOMMU_DEBUG is not set
@@ -9158,19 +9167,36 @@ CONFIG_SECURITY_INFINIBAND=y
 CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_PATH=y
 # CONFIG_INTEL_TXT is not set
+CONFIG_LSM_MMAP_MIN_ADDR=65536
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY_FALLBACK=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
-# CONFIG_SECURITY_SELINUX is not set
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
+# CONFIG_SECURITY_SELINUX_DISABLE is not set
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
-# CONFIG_SECURITY_APPARMOR is not set
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_APPARMOR_HASH=y
+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+# CONFIG_SECURITY_APPARMOR_DEBUG is not set
 # CONFIG_SECURITY_LOADPIN is not set
 CONFIG_SECURITY_YAMA=y
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY=y
+# CONFIG_INTEGRITY_SIGNATURE is not set
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_IMA is not set
+# CONFIG_EVM is not set
+# CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
 CONFIG_DEFAULT_SECURITY=""
 CONFIG_XOR_BLOCKS=m
@@ -9290,7 +9316,7 @@ CONFIG_CRYPTO_SHA1_MB=m
 CONFIG_CRYPTO_SHA256_MB=m
 CONFIG_CRYPTO_SHA512_MB=m
 CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA512=m
+CONFIG_CRYPTO_SHA512=y
 CONFIG_CRYPTO_SHA3=m
 CONFIG_CRYPTO_SM3=m
 CONFIG_CRYPTO_TGR192=m
@@ -9331,7 +9357,7 @@ CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
 CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
 CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
 CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
+# CONFIG_CRYPTO_SPECK is not set
 CONFIG_CRYPTO_TEA=m
 CONFIG_CRYPTO_TWOFISH=m
 CONFIG_CRYPTO_TWOFISH_COMMON=m
@@ -9398,6 +9424,7 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y
 #
 # Certificates for signature checking
 #
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
-- 
cgit v1.2.3