Upgrade the Linux kernel to get KPTI

We’ve currently frozen it to 4.13.10-1. It’s likely that security issues are fixed in sid until Tails 3.4.

If we upgrade to Linux 4.14 we may have to pin the AppArmor feature set to an older one (likely 4.13’s) but beware of kernel bugs wrt. feature set pinning, e.g. https://bugs.debian.org/883703.

Feature Branch: feature/14976-linux-4.14+force-all-tests, feature/14976-linux-4.14-devel+force-all-tests

Attachments

Related issues

Related to #15000 (closed)
Related to #15148 (closed)
Blocked by #14999 (closed)
Blocks #13245 (closed)

Original created by @intrigeri on 14976 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information