On 04/18/2017 01:35 PM, Marek Marczykowski-Górecki wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi, > > Have anyone tried running Kernel 4.9.x on Qubes 3.2 (both dom0 and VM)? > Any problems noticed? I'm considering pushing it to testing repository and > then to stable, but since handling kernel downgrades (if something goes > wrong) with dnf is tricky, I'd like to collect some feedback first. > There have been a lot of changes since the current 4.4.x... > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJY9mqKAAoJENuP0xzK19csm7IH/3GCQZYPUxCiSECFRaUePbY2 > 9b8GF1b93nPAd0ZN4Get4TJH8fDKvjzpUQXNC9a63qPpokgFvpunFVwNl62HxAAf > b9qK47t1+r5IpZzWOWUsTcjwIgk13N3+B4oWtN89MsPyDQAoyT5EdixadYB8k80t > LLPZgRaDvgew9Pg9r8CMpg8KSdveN9Z4KbFCnt28E+WFIZqeJdiOtSrCc347nPPL > g+7QQxz7niDU8hgUkD21HED4Fd7pFxrTK/E4BdRgXajDAeAkvO2wuYI6iCkparun > 1cpTARVyb4gBhcH4qzmadVK8fAZcDT1+TQSqpKazbGguoKrcrIrum2ebfa8MTIM= > =/aZv > -----END PGP SIGNATURE----- >
I can only speak from my experience, but I briefly ran 4.9 in dom0 before switching full time to 4.10 (both dom0 and vm). I didn't encounter any issues on my hardware that I've noticed (I initially worked off the stock Qubes 4.4 configuration (actually, it might have been from your devel-4.8 branch) but have since customized to my hardware by cutting out a lot of stuff), although I only have Intel hardware so I can't test what the experience is like on an AMD system. I also wasn't sure what options to enable in upgrading from 4.8-4.9 (and then to 4.10); I think I took most of the defaults, said 'no' to anything exotic that probably didn't apply to Qubes on x86_64, enabled anything new that looked like it had to do with kernel protection (mostly stuff with randomization and sanitation), and made modules out of any new USB or network drivers that might work under Qubes (and netfilter as well), but it would have been nice to have some guidance on the Qubes philosophy (if there is one) on what to enable in the kernel and what not to, at least from a security standpoint. The coldkernel project has switched to 4.9 since some time last year as Grsecurity only provides free patches for that branch now, so I assume that anyone that runs a coldkernel in their VM is using that. I did notice one person having an issue with installing it in a Qubes Debian VM, but he was running an AMD machine, and there's not enough sample cases for me to see if it's a 4.9 coldkernel on AMD (on Qubes?) issue, or a general 4.9 issue on AMD with Xen (I don't think it's an AMD CPU issue specifically since other distros are running 4.9 kernels so it's probably something to do with the combination of things). So regardless, more feedback from people with AMD cpus would be useful. For anyone that wants to test, I've got 4.9 and 4.10 branches on my GitHub: https://github.com/rtiangha/qubes-linux-kernel Feel free to edit the config files to suit your hardware/needs, especially if there are any drivers that are missing. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/od5qmr%24er%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
