Upgrade the Linux kernel to get KPTI

Originally created by @intrigeri on #14976 (Redmine)

We’ve currently frozen it to 4.13.10-1. It’s likely that security issues are fixed in sid until Tails 3.4.

If we upgrade to Linux 4.14 we may have to pin the AppArmor feature set to an older one (likely 4.13’s) but beware of kernel bugs wrt. feature set pinning, e.g. https://bugs.debian.org/883703.

Feature Branch: feature/14976-linux-4.14+force-all-tests, feature/14976-linux-4.14-devel+force-all-tests

Attachments

kernel-panic.png

Related issues

Related to #15000 (closed)
Related to #15148 (closed)
Blocked by #14999 (closed)
Blocks #13245 (closed)

Edited May 21, 2020 by intrigeri

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information