July 2023 Linux kernel update

freedomofpress / securedrop

GitHub repository for the SecureDrop whistleblower platform. Do not submit tips here!

https://securedrop.org/

Other

3.62k stars 687 forks source link

July 2023 Linux kernel update #6887

Closed legoktm closed 1 year ago

legoktm commented 1 year ago

Being done with coordination in https://github.com/freedomofpress/securedrop-workstation/issues/907.

Checklist

[x] Source tarball saved internally
[x] Uploaded to apt-test.freedom.press
[ ] Tested on recommended hardware (see below)
[ ] Uploaded to apt.freedom.press and released

Testing matrix

Instructions on testing procedure

To update to the new kernel, please use sudo apt-get update && sudo unattended-upgrades -d (not sudo apt-get upgrade) OR wait 24h for the automatic update to happen.

[x] NUC12 :
[x] NUC11:
[x] NUC10:
[ ] NUC8:
[x] NUC7:

legoktm commented 1 year ago

At https://github.com/freedomofpress/securedrop-apt-test/pull/199#issuecomment-1642888039 @rocodes wrote:

Tested on an older NUC: (NUC7i7DNHE): happy to report that kernel and metapackages install and system boot successfully; running meltdown checker produces expected results. LGTM

There is a firmware warning when installing the linux-image package (Missing firmware /lib/firmware/i915/skl_guc_62.0.0.bin for module i915) but it is a known issue present for several previous updates and does not affect installation. https://docs.kernel.org/gpu/i915.html

nathandyer commented 1 year ago

Testing on NUC12:

[x] uname -r: 5.15.120-1-grsec-securedrop
[x] sudo paxtest blackhat: Consistent results before and after kernel upgrade. "Return to function (memcpy)" is listed vulnerable (before and after), all others are not vulnerable/denied resources.
[x] spectre-meltdown-checker: Not vulnerable across the board

Looks great to me!