Nouveau wants 3.0 Kernel

jbiggs12 · n00b Joined: 09 Mar 2012 Posts: 29

I'm setting my install up with a hardened kernel (Grsecurity) and from what I've heard it doesn't like Nvidia's binary driver very much, so I went with nouveau. The trouble is, it wants a 3.0 kernel, and Grsecurity only has stable kernel release 2.6.32. I'm fairly sure that nouveau has been around for a while before 3.0 was released; is there any way that I can get nouveau going with 2.6.32?

Thanks.

cach0rr0 · Posted: Mon Mar 12, 2012 4:16 am Post subject:

there should be a stable hardened-sources kernel clear up to 3.2.2, so I'm not understanding entirely, maybe I have my wires crossed (?)

2.6.32 nouveau would have been very shaky

it is technically possible to get nvidia-drivers working with hardened, but a whole heap of stuff has to be disabled in the kernel config
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

jbiggs12 · n00b Joined: 09 Mar 2012 Posts: 29

cach0rr0 · Posted: Mon Mar 12, 2012 4:56 am Post subject:

a specific guide, no, and i dont want to over-promise as pax/grsec are always changing quickly enough that some new feature may be introduced that will yet again break compatibility with the nvidia binary driver. Not going to sugar coat it, binary nvidia driver under hardened can be a pain. Just wanted to point out that it IS possible, but "possible" can also mean "doable if you dont mind a fair level of annoyance"

just bits of info on the forums really, e.g. these examples:

https://forums.gentoo.org/viewtopic-t-892274-start-0.html
https://forums.gentoo.org/viewtopic-t-889948-postdays-0-postorder-asc-start-0.html (interesting bits start on page 2)

using nouveau under hardened is certainly less painful, which brings me to: any particular reason for wanting/needing 2.6.32 and not a newer hardened kernel? Especially as part of the reason for going the hardened route is proactively preventing various vulns, and later revisions of hardened may not be prey to things earlier versions are.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

chithanh · Posted: Mon Mar 12, 2012 9:55 am Post subject:

Nouveau is included in the kernel since 2.6.33. If you are talking about x11-base/nouveau-drm, this provides an out-of-tree build of more recent nouveau code and you should only use this if you know that you need it.

jbiggs12 · n00b Joined: 09 Mar 2012 Posts: 29

It's mostly because Grsecurity only has a stable release for the 2.6.32 kernel. I'm not sure how stable their "test" release is for 3.2.9, seeing as the last commit date for the download was last night at 21:30.

chithanh · Posted: Mon Mar 12, 2012 4:33 pm Post subject:

If you want a grsecurity patched kernel, I suggest that you emerge hardened-sources.

Gentoo64 · n00b Joined: 21 Oct 2011 Posts: 52 Location: ::

I got Nvidia binary working on latest unstable hardened-sources by using quarks overlay for nvidia drivers, then you have to add x11-drivers/nvidia-drivers to /etc/portage/package.unmask

Then you can add -video_cards_nvidia to /etc/portage/profile/package.mask (and -vdpau, -cuda whatever else you need)

You need to disable couple things in hardened-sources, KERNEXEC I think prevents the module from loading

Then you need to add stuff like -opengl to packages like cairo or pretty much everything fails to run. Theres other stuff that needs adjusting to get proper functionality. It really isn't worth all the effort imo as the binary apparently is a security risk in itself, you need to disable security stuff for it to run, and you never get the full functionality a non-hardened gentoo install would give you anyway.

Nouveau is the obvious choice as it just works, and you know you won't have to keep messing with stuff to get it going, plus you get nice full res console