From 60661dddae258de657d3d135096bd61877da000e Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 25 Feb 2017 15:08:29 +0100
Subject: [PATCH] kernel: update to 4.9.12

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 config/kernel/kernel.config.i586-ipfire     | 199 +++++++++++++++++---
 config/kernel/kernel.config.i586-ipfire-pae | 190 ++++++++++++++++---
 config/kernel/kernel.config.x86_64-ipfire   |  88 +++++----
 config/rootfiles/common/x86_64/linux        |  57 ++++++
 lfs/linux                                   |  13 +-
 5 files changed, 453 insertions(+), 94 deletions(-)

diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire
index c1862c195a..f32d1cbfd8 100644
--- a/config/kernel/kernel.config.i586-ipfire
+++ b/config/kernel/kernel.config.i586-ipfire
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.9.10-ipfire Kernel Configuration
+# Linux/x86 4.9.12 Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -73,7 +73,6 @@ CONFIG_POSIX_MQUEUE=y
 CONFIG_POSIX_MQUEUE_SYSCTL=y
 CONFIG_CROSS_MEMORY_ATTACH=y
 CONFIG_FHANDLE=y
-CONFIG_USELIB=y
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
 CONFIG_AUDITSYSCALL=y
@@ -157,7 +156,6 @@ CONFIG_CGROUP_DEVICE=y
 CONFIG_CGROUP_CPUACCT=y
 CONFIG_CGROUP_PERF=y
 # CONFIG_CGROUP_DEBUG is not set
-# CONFIG_CHECKPOINT_RESTORE is not set
 CONFIG_NAMESPACES=y
 CONFIG_UTS_NS=y
 CONFIG_IPC_NS=y
@@ -208,7 +206,6 @@ CONFIG_EVENTFD=y
 CONFIG_SHMEM=y
 CONFIG_AIO=y
 CONFIG_ADVISE_SYSCALLS=y
-# CONFIG_USERFAULTFD is not set
 CONFIG_PCI_QUIRKS=y
 CONFIG_MEMBARRIER=y
 CONFIG_EMBEDDED=y
@@ -249,7 +246,6 @@ CONFIG_HAVE_NMI=y
 CONFIG_HAVE_ARCH_TRACEHOOK=y
 CONFIG_HAVE_DMA_CONTIGUOUS=y
 CONFIG_GENERIC_SMP_IDLE_THREAD=y
-CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
 CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
 CONFIG_HAVE_CLK=y
 CONFIG_HAVE_DMA_API_DEBUG=y
@@ -479,7 +475,6 @@ CONFIG_PERF_EVENTS_INTEL_CSTATE=y
 CONFIG_PERF_EVENTS_AMD_POWER=m
 # CONFIG_X86_LEGACY_VM86 is not set
 # CONFIG_VM86 is not set
-# CONFIG_X86_16BIT is not set
 CONFIG_TOSHIBA=m
 CONFIG_I8K=m
 # CONFIG_X86_REBOOTFIXUPS is not set
@@ -499,10 +494,11 @@ CONFIG_VMSPLIT_3G=y
 # CONFIG_VMSPLIT_1G is not set
 CONFIG_PAGE_OFFSET=0xC0000000
 CONFIG_HIGHMEM=y
+CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
 CONFIG_ARCH_FLATMEM_ENABLE=y
 CONFIG_ARCH_SPARSEMEM_ENABLE=y
 CONFIG_ARCH_SELECT_MEMORY_MODEL=y
-CONFIG_ILLEGAL_POINTER_VALUE=0
+CONFIG_ILLEGAL_POINTER_VALUE=0xfffff000
 CONFIG_SELECT_MEMORY_MODEL=y
 CONFIG_FLATMEM_MANUAL=y
 # CONFIG_SPARSEMEM_MANUAL is not set
@@ -519,7 +515,7 @@ CONFIG_MEMORY_BALLOON=y
 CONFIG_BALLOON_COMPACTION=y
 CONFIG_COMPACTION=y
 CONFIG_MIGRATION=y
-# CONFIG_PHYS_ADDR_T_64BIT is not set
+CONFIG_PHYS_ADDR_T_64BIT=y
 CONFIG_BOUNCE=y
 CONFIG_VIRT_TO_BUS=y
 CONFIG_MMU_NOTIFIER=y
@@ -527,7 +523,6 @@ CONFIG_KSM=y
 CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
 CONFIG_MEMORY_FAILURE=y
-CONFIG_HWPOISON_INJECT=y
 CONFIG_TRANSPARENT_HUGEPAGE=y
 CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
 # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set
@@ -542,6 +537,7 @@ CONFIG_GENERIC_EARLY_IOREMAP=y
 CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y
 # CONFIG_IDLE_PAGE_TRACKING is not set
 CONFIG_FRAME_VECTOR=y
+# CONFIG_X86_PMEM_LEGACY is not set
 CONFIG_HIGHPTE=y
 CONFIG_X86_CHECK_BIOS_CORRUPTION=y
 CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
@@ -569,15 +565,14 @@ CONFIG_SCHED_HRTICK=y
 CONFIG_CRASH_DUMP=y
 CONFIG_PHYSICAL_START=0x400000
 CONFIG_RELOCATABLE=y
-CONFIG_RANDOMIZE_BASE=y
 CONFIG_X86_NEED_RELOCS=y
 CONFIG_PHYSICAL_ALIGN=0x400000
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set
-# CONFIG_COMPAT_VDSO is not set
 # CONFIG_CMDLINE_BOOL is not set
 CONFIG_MODIFY_LDT_SYSCALL=y
+CONFIG_DEFAULT_MODIFY_LDT_SYSCALL=y
 CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
 
 #
@@ -631,6 +626,7 @@ CONFIG_ACPI_HED=y
 CONFIG_ACPI_CUSTOM_METHOD=m
 # CONFIG_ACPI_BGRT is not set
 # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
+# CONFIG_ACPI_NFIT is not set
 CONFIG_HAVE_ACPI_APEI=y
 CONFIG_HAVE_ACPI_APEI_NMI=y
 CONFIG_ACPI_APEI=y
@@ -810,7 +806,6 @@ CONFIG_ELFCORE=y
 CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
 CONFIG_BINFMT_SCRIPT=y
 CONFIG_HAVE_AOUT=y
-CONFIG_BINFMT_AOUT=y
 CONFIG_BINFMT_MISC=y
 CONFIG_COREDUMP=y
 CONFIG_HAVE_ATOMIC_IOMAP=y
@@ -5993,6 +5988,7 @@ CONFIG_RAS=y
 # Android
 #
 # CONFIG_ANDROID is not set
+# CONFIG_LIBNVDIMM is not set
 # CONFIG_DEV_DAX is not set
 CONFIG_NVMEM=m
 # CONFIG_STM is not set
@@ -6136,9 +6132,7 @@ CONFIG_FAT_DEFAULT_IOCHARSET="ascii"
 #
 CONFIG_PROC_FS=y
 # CONFIG_PROC_KCORE is not set
-CONFIG_PROC_VMCORE=y
 CONFIG_PROC_SYSCTL=y
-CONFIG_PROC_PAGE_MONITOR=y
 # CONFIG_PROC_CHILDREN is not set
 CONFIG_KERNFS=y
 CONFIG_SYSFS=y
@@ -6331,7 +6325,6 @@ CONFIG_DEBUG_KERNEL=y
 # Memory Debugging
 #
 CONFIG_PAGE_EXTENSION=y
-# CONFIG_DEBUG_PAGEALLOC is not set
 CONFIG_PAGE_POISONING=y
 # CONFIG_PAGE_POISONING_NO_SANITY is not set
 CONFIG_PAGE_POISONING_ZERO=y
@@ -6411,7 +6404,6 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=60
 # CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set
 # CONFIG_NOTIFIER_ERROR_INJECTION is not set
 # CONFIG_FAULT_INJECTION is not set
-# CONFIG_LATENCYTOP is not set
 CONFIG_USER_STACKTRACE_SUPPORT=y
 CONFIG_NOP_TRACER=y
 CONFIG_HAVE_FUNCTION_TRACER=y
@@ -6477,7 +6469,6 @@ CONFIG_TRACING_EVENTS_GPIO=y
 # CONFIG_TEST_UUID is not set
 # CONFIG_TEST_RHASHTABLE is not set
 # CONFIG_TEST_HASH is not set
-# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
 # CONFIG_DMA_API_DEBUG is not set
 # CONFIG_TEST_LKM is not set
 # CONFIG_TEST_USER_COPY is not set
@@ -6499,12 +6490,10 @@ CONFIG_STRICT_DEVMEM=y
 CONFIG_EARLY_PRINTK=y
 # CONFIG_EARLY_PRINTK_DBGP is not set
 CONFIG_EARLY_PRINTK_EFI=y
-CONFIG_X86_PTDUMP_CORE=y
+# CONFIG_X86_PTDUMP_CORE is not set
 # CONFIG_X86_PTDUMP is not set
 # CONFIG_EFI_PGT_DUMP is not set
 CONFIG_DEBUG_RODATA_TEST=y
-CONFIG_DEBUG_WX=y
-# CONFIG_DEBUG_SET_MODULE_RONX is not set
 CONFIG_DEBUG_NX_TEST=m
 CONFIG_DOUBLEFAULT=y
 # CONFIG_DEBUG_TLBFLUSH is not set
@@ -6531,6 +6520,171 @@ CONFIG_OPTIMIZE_INLINING=y
 #
 # Security options
 #
+
+#
+# Grsecurity
+#
+CONFIG_ARCH_TRACK_EXEC_LIMIT=y
+CONFIG_GRKERNSEC=y
+# CONFIG_GRKERNSEC_CONFIG_AUTO is not set
+CONFIG_GRKERNSEC_CONFIG_CUSTOM=y
+
+#
+# Customize Configuration
+#
+
+#
+# PaX
+#
+CONFIG_PAX=y
+
+#
+# PaX Control
+#
+# CONFIG_PAX_SOFTMODE is not set
+CONFIG_PAX_EI_PAX=y
+CONFIG_PAX_PT_PAX_FLAGS=y
+# CONFIG_PAX_XATTR_PAX_FLAGS is not set
+# CONFIG_PAX_NO_ACL_FLAGS is not set
+CONFIG_PAX_HAVE_ACL_FLAGS=y
+# CONFIG_PAX_HOOK_ACL_FLAGS is not set
+
+#
+# Non-executable pages
+#
+CONFIG_PAX_NOEXEC=y
+CONFIG_PAX_PAGEEXEC=y
+CONFIG_PAX_SEGMEXEC=y
+CONFIG_PAX_EMUTRAMP=y
+CONFIG_PAX_MPROTECT=y
+# CONFIG_PAX_MPROTECT_COMPAT is not set
+CONFIG_PAX_ELFRELOCS=y
+# CONFIG_PAX_KERNEXEC is not set
+
+#
+# Address Space Layout Randomization
+#
+CONFIG_PAX_ASLR=y
+CONFIG_PAX_RANDKSTACK=y
+CONFIG_PAX_RANDUSTACK=y
+CONFIG_PAX_RANDMMAP=y
+
+#
+# Miscellaneous hardening features
+#
+CONFIG_PAX_MEMORY_SANITIZE=y
+CONFIG_PAX_MEMORY_STACKLEAK=y
+CONFIG_PAX_MEMORY_STRUCTLEAK=y
+# CONFIG_PAX_MEMORY_UDEREF is not set
+CONFIG_PAX_REFCOUNT=y
+CONFIG_PAX_USERCOPY=y
+# CONFIG_PAX_USERCOPY_DEBUG is not set
+# CONFIG_PAX_SIZE_OVERFLOW is not set
+CONFIG_PAX_INITIFY=y
+CONFIG_HAVE_PAX_INITIFY_INIT_EXIT=y
+# CONFIG_PAX_INITIFY_VERBOSE is not set
+CONFIG_PAX_LATENT_ENTROPY=y
+
+#
+# Memory Protections
+#
+# CONFIG_GRKERNSEC_KMEM is not set
+CONFIG_GRKERNSEC_VM86=y
+# CONFIG_GRKERNSEC_IO is not set
+CONFIG_GRKERNSEC_BPF_HARDEN=y
+# CONFIG_GRKERNSEC_PERF_HARDEN is not set
+CONFIG_GRKERNSEC_RAND_THREADSTACK=y
+CONFIG_GRKERNSEC_PROC_MEMMAP=y
+CONFIG_GRKERNSEC_BRUTE=y
+CONFIG_GRKERNSEC_MODHARDEN=y
+CONFIG_GRKERNSEC_HIDESYM=y
+# CONFIG_GRKERNSEC_RANDSTRUCT is not set
+CONFIG_GRKERNSEC_KERN_LOCKOUT=y
+
+#
+# Role Based Access Control Options
+#
+CONFIG_GRKERNSEC_NO_RBAC=y
+# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
+CONFIG_GRKERNSEC_ACL_MAXTRIES=3
+CONFIG_GRKERNSEC_ACL_TIMEOUT=30
+
+#
+# Filesystem Protections
+#
+# CONFIG_GRKERNSEC_PROC is not set
+CONFIG_GRKERNSEC_LINK=y
+# CONFIG_GRKERNSEC_SYMLINKOWN is not set
+CONFIG_GRKERNSEC_FIFO=y
+# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
+# CONFIG_GRKERNSEC_ROFS is not set
+CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
+CONFIG_GRKERNSEC_CHROOT=y
+# CONFIG_GRKERNSEC_CHROOT_MOUNT is not set
+CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
+CONFIG_GRKERNSEC_CHROOT_PIVOT=y
+CONFIG_GRKERNSEC_CHROOT_CHDIR=y
+# CONFIG_GRKERNSEC_CHROOT_CHMOD is not set
+CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
+# CONFIG_GRKERNSEC_CHROOT_MKNOD is not set
+CONFIG_GRKERNSEC_CHROOT_SHMAT=y
+CONFIG_GRKERNSEC_CHROOT_UNIX=y
+CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
+CONFIG_GRKERNSEC_CHROOT_NICE=y
+CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
+# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
+CONFIG_GRKERNSEC_CHROOT_INITRD=y
+
+#
+# Kernel Auditing
+#
+# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
+# CONFIG_GRKERNSEC_EXECLOG is not set
+CONFIG_GRKERNSEC_RESLOG=y
+# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
+# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
+# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
+# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
+CONFIG_GRKERNSEC_SIGNAL=y
+CONFIG_GRKERNSEC_FORKFAIL=y
+# CONFIG_GRKERNSEC_TIME is not set
+CONFIG_GRKERNSEC_PROC_IPADDR=y
+# CONFIG_GRKERNSEC_RWXMAP_LOG is not set
+
+#
+# Executable Protections
+#
+CONFIG_GRKERNSEC_DMESG=y
+CONFIG_GRKERNSEC_HARDEN_PTRACE=y
+CONFIG_GRKERNSEC_PTRACE_READEXEC=y
+CONFIG_GRKERNSEC_SETXID=y
+CONFIG_GRKERNSEC_HARDEN_IPC=y
+CONFIG_GRKERNSEC_HARDEN_TTY=y
+# CONFIG_GRKERNSEC_TPE is not set
+
+#
+# Network Protections
+#
+CONFIG_GRKERNSEC_BLACKHOLE=y
+CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
+# CONFIG_GRKERNSEC_SOCKET is not set
+
+#
+# Physical Protections
+#
+# CONFIG_GRKERNSEC_DENYUSB is not set
+
+#
+# Sysctl Support
+#
+# CONFIG_GRKERNSEC_SYSCTL is not set
+
+#
+# Logging Options
+#
+CONFIG_GRKERNSEC_FLOODTIME=10
+CONFIG_GRKERNSEC_FLOODBURST=6
 CONFIG_KEYS=y
 # CONFIG_PERSISTENT_KEYRINGS is not set
 # CONFIG_BIG_KEYS is not set
@@ -6540,19 +6694,16 @@ CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY=y
 # CONFIG_SECURITYFS is not set
 CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_NETWORK_XFRM=y
+# CONFIG_SECURITY_NETWORK_XFRM is not set
 # CONFIG_SECURITY_PATH is not set
 # CONFIG_INTEL_TXT is not set
-CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY=y
-# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 # CONFIG_SECURITY_SELINUX is not set
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
 # CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_YAMA is not set
 CONFIG_INTEGRITY=y
 # CONFIG_INTEGRITY_SIGNATURE is not set
 CONFIG_INTEGRITY_AUDIT=y
diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae
index ca62cca8d7..4059638e95 100644
--- a/config/kernel/kernel.config.i586-ipfire-pae
+++ b/config/kernel/kernel.config.i586-ipfire-pae
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.9.10-ipfire Kernel Configuration
+# Linux/x86 4.9.12 Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -73,7 +73,6 @@ CONFIG_POSIX_MQUEUE=y
 CONFIG_POSIX_MQUEUE_SYSCTL=y
 CONFIG_CROSS_MEMORY_ATTACH=y
 CONFIG_FHANDLE=y
-CONFIG_USELIB=y
 CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
 CONFIG_AUDITSYSCALL=y
@@ -157,7 +156,6 @@ CONFIG_CGROUP_DEVICE=y
 CONFIG_CGROUP_CPUACCT=y
 CONFIG_CGROUP_PERF=y
 # CONFIG_CGROUP_DEBUG is not set
-# CONFIG_CHECKPOINT_RESTORE is not set
 CONFIG_NAMESPACES=y
 CONFIG_UTS_NS=y
 CONFIG_IPC_NS=y
@@ -208,7 +206,6 @@ CONFIG_EVENTFD=y
 CONFIG_SHMEM=y
 CONFIG_AIO=y
 CONFIG_ADVISE_SYSCALLS=y
-# CONFIG_USERFAULTFD is not set
 CONFIG_PCI_QUIRKS=y
 CONFIG_MEMBARRIER=y
 CONFIG_EMBEDDED=y
@@ -249,7 +246,6 @@ CONFIG_HAVE_NMI=y
 CONFIG_HAVE_ARCH_TRACEHOOK=y
 CONFIG_HAVE_DMA_CONTIGUOUS=y
 CONFIG_GENERIC_SMP_IDLE_THREAD=y
-CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
 CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
 CONFIG_HAVE_CLK=y
 CONFIG_HAVE_DMA_API_DEBUG=y
@@ -443,6 +439,7 @@ CONFIG_X86_GENERIC=y
 CONFIG_X86_INTERNODE_CACHE_SHIFT=6
 CONFIG_X86_L1_CACHE_SHIFT=6
 # CONFIG_X86_PPRO_FENCE is not set
+CONFIG_X86_ALIGNMENT_16=y
 CONFIG_X86_INTEL_USERCOPY=y
 CONFIG_X86_USE_PPRO_CHECKSUM=y
 CONFIG_X86_TSC=y
@@ -488,7 +485,6 @@ CONFIG_PERF_EVENTS_INTEL_CSTATE=y
 CONFIG_PERF_EVENTS_AMD_POWER=m
 # CONFIG_X86_LEGACY_VM86 is not set
 # CONFIG_VM86 is not set
-# CONFIG_X86_16BIT is not set
 CONFIG_TOSHIBA=m
 CONFIG_I8K=m
 # CONFIG_X86_REBOOTFIXUPS is not set
@@ -513,7 +509,7 @@ CONFIG_ARCH_DMA_ADDR_T_64BIT=y
 CONFIG_ARCH_FLATMEM_ENABLE=y
 CONFIG_ARCH_SPARSEMEM_ENABLE=y
 CONFIG_ARCH_SELECT_MEMORY_MODEL=y
-CONFIG_ILLEGAL_POINTER_VALUE=0
+CONFIG_ILLEGAL_POINTER_VALUE=0xfffff000
 CONFIG_SELECT_MEMORY_MODEL=y
 CONFIG_FLATMEM_MANUAL=y
 # CONFIG_SPARSEMEM_MANUAL is not set
@@ -539,7 +535,6 @@ CONFIG_KSM=y
 CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
 CONFIG_MEMORY_FAILURE=y
-CONFIG_HWPOISON_INJECT=y
 CONFIG_TRANSPARENT_HUGEPAGE=y
 CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
 # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set
@@ -583,15 +578,14 @@ CONFIG_SCHED_HRTICK=y
 CONFIG_CRASH_DUMP=y
 CONFIG_PHYSICAL_START=0x400000
 CONFIG_RELOCATABLE=y
-CONFIG_RANDOMIZE_BASE=y
 CONFIG_X86_NEED_RELOCS=y
 CONFIG_PHYSICAL_ALIGN=0x400000
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set
-# CONFIG_COMPAT_VDSO is not set
 # CONFIG_CMDLINE_BOOL is not set
 CONFIG_MODIFY_LDT_SYSCALL=y
+CONFIG_DEFAULT_MODIFY_LDT_SYSCALL=y
 CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
 
 #
@@ -827,7 +821,6 @@ CONFIG_ELFCORE=y
 CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
 CONFIG_BINFMT_SCRIPT=y
 CONFIG_HAVE_AOUT=y
-CONFIG_BINFMT_AOUT=y
 CONFIG_BINFMT_MISC=y
 CONFIG_COREDUMP=y
 CONFIG_HAVE_ATOMIC_IOMAP=y
@@ -6145,9 +6138,7 @@ CONFIG_FAT_DEFAULT_IOCHARSET="ascii"
 #
 CONFIG_PROC_FS=y
 # CONFIG_PROC_KCORE is not set
-CONFIG_PROC_VMCORE=y
 CONFIG_PROC_SYSCTL=y
-CONFIG_PROC_PAGE_MONITOR=y
 # CONFIG_PROC_CHILDREN is not set
 CONFIG_KERNFS=y
 CONFIG_SYSFS=y
@@ -6340,7 +6331,6 @@ CONFIG_DEBUG_KERNEL=y
 # Memory Debugging
 #
 CONFIG_PAGE_EXTENSION=y
-# CONFIG_DEBUG_PAGEALLOC is not set
 CONFIG_PAGE_POISONING=y
 # CONFIG_PAGE_POISONING_NO_SANITY is not set
 CONFIG_PAGE_POISONING_ZERO=y
@@ -6420,7 +6410,6 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=60
 # CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set
 # CONFIG_NOTIFIER_ERROR_INJECTION is not set
 # CONFIG_FAULT_INJECTION is not set
-# CONFIG_LATENCYTOP is not set
 CONFIG_USER_STACKTRACE_SUPPORT=y
 CONFIG_NOP_TRACER=y
 CONFIG_HAVE_FUNCTION_TRACER=y
@@ -6486,7 +6475,6 @@ CONFIG_TRACING_EVENTS_GPIO=y
 # CONFIG_TEST_UUID is not set
 # CONFIG_TEST_RHASHTABLE is not set
 # CONFIG_TEST_HASH is not set
-# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
 # CONFIG_DMA_API_DEBUG is not set
 # CONFIG_TEST_LKM is not set
 # CONFIG_TEST_USER_COPY is not set
@@ -6508,12 +6496,10 @@ CONFIG_STRICT_DEVMEM=y
 CONFIG_EARLY_PRINTK=y
 # CONFIG_EARLY_PRINTK_DBGP is not set
 CONFIG_EARLY_PRINTK_EFI=y
-CONFIG_X86_PTDUMP_CORE=y
+# CONFIG_X86_PTDUMP_CORE is not set
 # CONFIG_X86_PTDUMP is not set
 # CONFIG_EFI_PGT_DUMP is not set
 CONFIG_DEBUG_RODATA_TEST=y
-CONFIG_DEBUG_WX=y
-# CONFIG_DEBUG_SET_MODULE_RONX is not set
 CONFIG_DEBUG_NX_TEST=m
 CONFIG_DOUBLEFAULT=y
 # CONFIG_DEBUG_TLBFLUSH is not set
@@ -6540,6 +6526,169 @@ CONFIG_OPTIMIZE_INLINING=y
 #
 # Security options
 #
+
+#
+# Grsecurity
+#
+CONFIG_ARCH_TRACK_EXEC_LIMIT=y
+CONFIG_GRKERNSEC=y
+# CONFIG_GRKERNSEC_CONFIG_AUTO is not set
+CONFIG_GRKERNSEC_CONFIG_CUSTOM=y
+
+#
+# Customize Configuration
+#
+
+#
+# PaX
+#
+CONFIG_PAX=y
+
+#
+# PaX Control
+#
+# CONFIG_PAX_SOFTMODE is not set
+CONFIG_PAX_EI_PAX=y
+CONFIG_PAX_PT_PAX_FLAGS=y
+# CONFIG_PAX_XATTR_PAX_FLAGS is not set
+# CONFIG_PAX_NO_ACL_FLAGS is not set
+CONFIG_PAX_HAVE_ACL_FLAGS=y
+# CONFIG_PAX_HOOK_ACL_FLAGS is not set
+
+#
+# Non-executable pages
+#
+CONFIG_PAX_NOEXEC=y
+CONFIG_PAX_PAGEEXEC=y
+CONFIG_PAX_SEGMEXEC=y
+CONFIG_PAX_EMUTRAMP=y
+CONFIG_PAX_MPROTECT=y
+# CONFIG_PAX_MPROTECT_COMPAT is not set
+CONFIG_PAX_ELFRELOCS=y
+
+#
+# Address Space Layout Randomization
+#
+CONFIG_PAX_ASLR=y
+CONFIG_PAX_RANDKSTACK=y
+CONFIG_PAX_RANDUSTACK=y
+CONFIG_PAX_RANDMMAP=y
+
+#
+# Miscellaneous hardening features
+#
+CONFIG_PAX_MEMORY_SANITIZE=y
+CONFIG_PAX_MEMORY_STACKLEAK=y
+CONFIG_PAX_MEMORY_STRUCTLEAK=y
+CONFIG_PAX_REFCOUNT=y
+CONFIG_PAX_USERCOPY=y
+# CONFIG_PAX_USERCOPY_DEBUG is not set
+# CONFIG_PAX_SIZE_OVERFLOW is not set
+CONFIG_PAX_INITIFY=y
+CONFIG_HAVE_PAX_INITIFY_INIT_EXIT=y
+# CONFIG_PAX_INITIFY_VERBOSE is not set
+CONFIG_PAX_LATENT_ENTROPY=y
+
+#
+# Memory Protections
+#
+# CONFIG_GRKERNSEC_KMEM is not set
+CONFIG_GRKERNSEC_VM86=y
+# CONFIG_GRKERNSEC_IO is not set
+CONFIG_GRKERNSEC_BPF_HARDEN=y
+# CONFIG_GRKERNSEC_PERF_HARDEN is not set
+CONFIG_GRKERNSEC_RAND_THREADSTACK=y
+CONFIG_GRKERNSEC_PROC_MEMMAP=y
+CONFIG_GRKERNSEC_BRUTE=y
+CONFIG_GRKERNSEC_MODHARDEN=y
+CONFIG_GRKERNSEC_HIDESYM=y
+# CONFIG_GRKERNSEC_RANDSTRUCT is not set
+CONFIG_GRKERNSEC_KERN_LOCKOUT=y
+
+#
+# Role Based Access Control Options
+#
+CONFIG_GRKERNSEC_NO_RBAC=y
+# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
+CONFIG_GRKERNSEC_ACL_MAXTRIES=3
+CONFIG_GRKERNSEC_ACL_TIMEOUT=30
+
+#
+# Filesystem Protections
+#
+# CONFIG_GRKERNSEC_PROC is not set
+CONFIG_GRKERNSEC_LINK=y
+# CONFIG_GRKERNSEC_SYMLINKOWN is not set
+CONFIG_GRKERNSEC_FIFO=y
+# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
+# CONFIG_GRKERNSEC_ROFS is not set
+CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
+CONFIG_GRKERNSEC_CHROOT=y
+# CONFIG_GRKERNSEC_CHROOT_MOUNT is not set
+CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
+CONFIG_GRKERNSEC_CHROOT_PIVOT=y
+CONFIG_GRKERNSEC_CHROOT_CHDIR=y
+# CONFIG_GRKERNSEC_CHROOT_CHMOD is not set
+CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
+# CONFIG_GRKERNSEC_CHROOT_MKNOD is not set
+CONFIG_GRKERNSEC_CHROOT_SHMAT=y
+CONFIG_GRKERNSEC_CHROOT_UNIX=y
+CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
+CONFIG_GRKERNSEC_CHROOT_NICE=y
+CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
+# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
+CONFIG_GRKERNSEC_CHROOT_INITRD=y
+
+#
+# Kernel Auditing
+#
+# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
+# CONFIG_GRKERNSEC_EXECLOG is not set
+CONFIG_GRKERNSEC_RESLOG=y
+# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
+# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
+# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
+# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
+CONFIG_GRKERNSEC_SIGNAL=y
+CONFIG_GRKERNSEC_FORKFAIL=y
+# CONFIG_GRKERNSEC_TIME is not set
+CONFIG_GRKERNSEC_PROC_IPADDR=y
+# CONFIG_GRKERNSEC_RWXMAP_LOG is not set
+
+#
+# Executable Protections
+#
+CONFIG_GRKERNSEC_DMESG=y
+CONFIG_GRKERNSEC_HARDEN_PTRACE=y
+CONFIG_GRKERNSEC_PTRACE_READEXEC=y
+CONFIG_GRKERNSEC_SETXID=y
+CONFIG_GRKERNSEC_HARDEN_IPC=y
+CONFIG_GRKERNSEC_HARDEN_TTY=y
+# CONFIG_GRKERNSEC_TPE is not set
+
+#
+# Network Protections
+#
+CONFIG_GRKERNSEC_BLACKHOLE=y
+CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
+# CONFIG_GRKERNSEC_SOCKET is not set
+
+#
+# Physical Protections
+#
+# CONFIG_GRKERNSEC_DENYUSB is not set
+
+#
+# Sysctl Support
+#
+# CONFIG_GRKERNSEC_SYSCTL is not set
+
+#
+# Logging Options
+#
+CONFIG_GRKERNSEC_FLOODTIME=10
+CONFIG_GRKERNSEC_FLOODBURST=6
 CONFIG_KEYS=y
 # CONFIG_PERSISTENT_KEYRINGS is not set
 # CONFIG_BIG_KEYS is not set
@@ -6552,16 +6701,13 @@ CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_NETWORK_XFRM is not set
 # CONFIG_SECURITY_PATH is not set
 # CONFIG_INTEL_TXT is not set
-CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY=y
-# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 # CONFIG_SECURITY_SELINUX is not set
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
 # CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_YAMA is not set
 CONFIG_INTEGRITY=y
 # CONFIG_INTEGRITY_SIGNATURE is not set
 CONFIG_INTEGRITY_AUDIT=y
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index b953a03b09..8fe3fadd6e 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.9.8 Kernel Configuration
+# Linux/x86 4.9.12-ipfire Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -323,7 +323,7 @@ CONFIG_MODVERSIONS=y
 CONFIG_MODULE_SRCVERSION_ALL=y
 # CONFIG_MODULE_SIG is not set
 # CONFIG_MODULE_COMPRESS is not set
-CONFIG_TRIM_UNUSED_KSYMS=y
+# CONFIG_TRIM_UNUSED_KSYMS is not set
 CONFIG_MODULES_TREE_LOOKUP=y
 CONFIG_BLOCK=y
 CONFIG_BLK_DEV_BSG=y
@@ -372,6 +372,7 @@ CONFIG_DEFAULT_CFQ=y
 CONFIG_DEFAULT_IOSCHED="cfq"
 CONFIG_PREEMPT_NOTIFIERS=y
 CONFIG_PADATA=y
+CONFIG_ASN1=m
 CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
 CONFIG_INLINE_READ_UNLOCK=y
 CONFIG_INLINE_READ_UNLOCK_IRQ=y
@@ -1446,8 +1447,8 @@ CONFIG_BT_HCIUART_MRVL=y
 CONFIG_BT_HCIBCM203X=m
 CONFIG_BT_HCIBPA10X=m
 CONFIG_BT_HCIBFUSB=m
-# CONFIG_BT_HCIDTL1 is not set
-# CONFIG_BT_HCIBT3C is not set
+CONFIG_BT_HCIDTL1=m
+CONFIG_BT_HCIBT3C=m
 CONFIG_BT_HCIBLUECARD=m
 CONFIG_BT_HCIBTUART=m
 CONFIG_BT_HCIVHCI=m
@@ -2215,7 +2216,8 @@ CONFIG_NET_VENDOR_MELLANOX=y
 CONFIG_MLX4_EN=m
 CONFIG_MLX4_CORE=m
 CONFIG_MLX4_DEBUG=y
-# CONFIG_MLX5_CORE is not set
+CONFIG_MLX5_CORE=m
+CONFIG_MLX5_CORE_EN=y
 CONFIG_MLXSW_CORE=m
 CONFIG_MLXSW_CORE_HWMON=y
 CONFIG_MLXSW_PCI=m
@@ -2261,7 +2263,7 @@ CONFIG_ATP=m
 CONFIG_8139CP=m
 CONFIG_8139TOO=m
 # CONFIG_8139TOO_PIO is not set
-# CONFIG_8139TOO_TUNE_TWISTER is not set
+CONFIG_8139TOO_TUNE_TWISTER=y
 CONFIG_8139TOO_8129=y
 # CONFIG_8139_OLD_RX_RESET is not set
 CONFIG_R8169=m
@@ -2318,7 +2320,7 @@ CONFIG_NET_VENDOR_XIRCOM=y
 CONFIG_PCMCIA_XIRC2PS=m
 # CONFIG_FDDI is not set
 # CONFIG_HIPPI is not set
-# CONFIG_NET_SB1000 is not set
+CONFIG_NET_SB1000=m
 CONFIG_PHYLIB=y
 CONFIG_SWPHY=y
 
@@ -3713,7 +3715,7 @@ CONFIG_IR_XMP_DECODER=m
 CONFIG_RC_DEVICES=y
 CONFIG_RC_ATI_REMOTE=m
 CONFIG_IR_ENE=m
-# CONFIG_IR_HIX5HD2 is not set
+CONFIG_IR_HIX5HD2=m
 CONFIG_IR_IMON=m
 CONFIG_IR_MCEUSB=m
 CONFIG_IR_ITE_CIR=m
@@ -5297,7 +5299,7 @@ CONFIG_XEN_TMEM=m
 CONFIG_XEN_PCIDEV_BACKEND=m
 CONFIG_XEN_PRIVCMD=m
 CONFIG_XEN_ACPI_PROCESSOR=m
-# CONFIG_XEN_MCE_LOG is not set
+CONFIG_XEN_MCE_LOG=y
 CONFIG_XEN_HAVE_PVMMU=y
 CONFIG_XEN_EFI=y
 CONFIG_XEN_AUTO_XLATE=y
@@ -5308,10 +5310,11 @@ CONFIG_STAGING=y
 CONFIG_SLICOSS=m
 # CONFIG_PRISM2_USB is not set
 # CONFIG_COMEDI is not set
-# CONFIG_RTL8192U is not set
+CONFIG_RTL8192U=m
 # CONFIG_RTLLIB is not set
-# CONFIG_R8712U is not set
-# CONFIG_R8188EU is not set
+CONFIG_R8712U=m
+CONFIG_R8188EU=m
+CONFIG_88EU_AP_MODE=y
 # CONFIG_RTS5208 is not set
 # CONFIG_VT6655 is not set
 # CONFIG_VT6656 is not set
@@ -6536,7 +6539,7 @@ CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY=y
 CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_NETWORK_XFRM=y
+# CONFIG_SECURITY_NETWORK_XFRM is not set
 # CONFIG_SECURITY_PATH is not set
 # CONFIG_INTEL_TXT is not set
 CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
@@ -6576,13 +6579,15 @@ CONFIG_CRYPTO_RNG=y
 CONFIG_CRYPTO_RNG2=y
 CONFIG_CRYPTO_RNG_DEFAULT=y
 CONFIG_CRYPTO_AKCIPHER2=y
+CONFIG_CRYPTO_AKCIPHER=m
 CONFIG_CRYPTO_KPP2=y
-# CONFIG_CRYPTO_RSA is not set
-# CONFIG_CRYPTO_DH is not set
-# CONFIG_CRYPTO_ECDH is not set
+CONFIG_CRYPTO_KPP=m
+CONFIG_CRYPTO_RSA=m
+CONFIG_CRYPTO_DH=m
+CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_MANAGER=y
 CONFIG_CRYPTO_MANAGER2=y
-# CONFIG_CRYPTO_USER is not set
+CONFIG_CRYPTO_USER=m
 # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
 CONFIG_CRYPTO_GF128MUL=y
 CONFIG_CRYPTO_NULL=y
@@ -6590,7 +6595,7 @@ CONFIG_CRYPTO_NULL2=y
 CONFIG_CRYPTO_PCRYPT=m
 CONFIG_CRYPTO_WORKQUEUE=y
 CONFIG_CRYPTO_CRYPTD=y
-# CONFIG_CRYPTO_MCRYPTD is not set
+CONFIG_CRYPTO_MCRYPTD=m
 CONFIG_CRYPTO_AUTHENC=m
 CONFIG_CRYPTO_TEST=m
 CONFIG_CRYPTO_ABLK_HELPER=y
@@ -6601,7 +6606,7 @@ CONFIG_CRYPTO_GLUE_HELPER_X86=y
 #
 CONFIG_CRYPTO_CCM=m
 CONFIG_CRYPTO_GCM=m
-# CONFIG_CRYPTO_CHACHA20POLY1305 is not set
+CONFIG_CRYPTO_CHACHA20POLY1305=m
 CONFIG_CRYPTO_SEQIV=y
 CONFIG_CRYPTO_ECHAINIV=m
 
@@ -6615,7 +6620,7 @@ CONFIG_CRYPTO_ECB=y
 CONFIG_CRYPTO_LRW=y
 CONFIG_CRYPTO_PCBC=m
 CONFIG_CRYPTO_XTS=y
-# CONFIG_CRYPTO_KEYWRAP is not set
+CONFIG_CRYPTO_KEYWRAP=m
 
 #
 # Hash modes
@@ -6635,8 +6640,8 @@ CONFIG_CRYPTO_CRC32_PCLMUL=m
 CONFIG_CRYPTO_CRCT10DIF=y
 CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
 CONFIG_CRYPTO_GHASH=m
-# CONFIG_CRYPTO_POLY1305 is not set
-# CONFIG_CRYPTO_POLY1305_X86_64 is not set
+CONFIG_CRYPTO_POLY1305=m
+CONFIG_CRYPTO_POLY1305_X86_64=m
 CONFIG_CRYPTO_MD4=m
 CONFIG_CRYPTO_MD5=y
 CONFIG_CRYPTO_MICHAEL_MIC=m
@@ -6648,12 +6653,12 @@ CONFIG_CRYPTO_SHA1=m
 CONFIG_CRYPTO_SHA1_SSSE3=m
 CONFIG_CRYPTO_SHA256_SSSE3=m
 CONFIG_CRYPTO_SHA512_SSSE3=m
-# CONFIG_CRYPTO_SHA1_MB is not set
-# CONFIG_CRYPTO_SHA256_MB is not set
-# CONFIG_CRYPTO_SHA512_MB is not set
+CONFIG_CRYPTO_SHA1_MB=m
+CONFIG_CRYPTO_SHA256_MB=m
+CONFIG_CRYPTO_SHA512_MB=m
 CONFIG_CRYPTO_SHA256=y
 CONFIG_CRYPTO_SHA512=m
-# CONFIG_CRYPTO_SHA3 is not set
+CONFIG_CRYPTO_SHA3=m
 CONFIG_CRYPTO_TGR192=m
 CONFIG_CRYPTO_WP512=m
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
@@ -6679,13 +6684,13 @@ CONFIG_CRYPTO_CAST5_AVX_X86_64=m
 CONFIG_CRYPTO_CAST6=m
 CONFIG_CRYPTO_CAST6_AVX_X86_64=m
 CONFIG_CRYPTO_DES=m
-# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set
+CONFIG_CRYPTO_DES3_EDE_X86_64=m
 CONFIG_CRYPTO_FCRYPT=m
 CONFIG_CRYPTO_KHAZAD=m
 CONFIG_CRYPTO_SALSA20=m
 CONFIG_CRYPTO_SALSA20_X86_64=m
-# CONFIG_CRYPTO_CHACHA20 is not set
-# CONFIG_CRYPTO_CHACHA20_X86_64 is not set
+CONFIG_CRYPTO_CHACHA20=m
+CONFIG_CRYPTO_CHACHA20_X86_64=m
 CONFIG_CRYPTO_SEED=m
 CONFIG_CRYPTO_SERPENT=m
 CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
@@ -6720,20 +6725,23 @@ CONFIG_CRYPTO_JITTERENTROPY=y
 CONFIG_CRYPTO_USER_API=y
 CONFIG_CRYPTO_USER_API_HASH=y
 CONFIG_CRYPTO_USER_API_SKCIPHER=y
-# CONFIG_CRYPTO_USER_API_RNG is not set
-# CONFIG_CRYPTO_USER_API_AEAD is not set
+CONFIG_CRYPTO_USER_API_RNG=m
+CONFIG_CRYPTO_USER_API_AEAD=m
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_DEV_PADLOCK=m
 CONFIG_CRYPTO_DEV_PADLOCK_AES=m
 CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
-# CONFIG_CRYPTO_DEV_CCP is not set
-# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set
-# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set
-# CONFIG_CRYPTO_DEV_QAT_C62X is not set
-# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set
-# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set
-# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set
-# CONFIG_CRYPTO_DEV_CHELSIO is not set
+CONFIG_CRYPTO_DEV_CCP=y
+CONFIG_CRYPTO_DEV_CCP_DD=m
+CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
+CONFIG_CRYPTO_DEV_QAT=m
+CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
+CONFIG_CRYPTO_DEV_QAT_C3XXX=m
+CONFIG_CRYPTO_DEV_QAT_C62X=m
+CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
+CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m
+CONFIG_CRYPTO_DEV_QAT_C62XVF=m
+CONFIG_CRYPTO_DEV_CHELSIO=m
 # CONFIG_ASYMMETRIC_KEY_TYPE is not set
 
 #
@@ -6834,9 +6842,11 @@ CONFIG_DQL=y
 CONFIG_GLOB=y
 # CONFIG_GLOB_SELFTEST is not set
 CONFIG_NLATTR=y
+CONFIG_CLZ_TAB=y
 CONFIG_CORDIC=m
 # CONFIG_DDR is not set
 CONFIG_IRQ_POLL=y
+CONFIG_MPILIB=m
 CONFIG_OID_REGISTRY=m
 CONFIG_UCS2_STRING=y
 CONFIG_FONT_SUPPORT=y
diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux
index 68c2a164dd..cd4ad87dea 100644
--- a/config/rootfiles/common/x86_64/linux
+++ b/config/rootfiles/common/x86_64/linux
@@ -17,15 +17,24 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/camellia-x86_64.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/cast5-avx-x86_64.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/cast6-avx-x86_64.ko
+#lib/modules/KVER-ipfire/kernel/arch/x86/crypto/chacha20-x86_64.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/crc32-pclmul.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/crct10dif-pclmul.ko
+#lib/modules/KVER-ipfire/kernel/arch/x86/crypto/des3_ede-x86_64.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/ghash-clmulni-intel.ko
+#lib/modules/KVER-ipfire/kernel/arch/x86/crypto/poly1305-x86_64.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/salsa20-x86_64.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/serpent-avx-x86_64.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/serpent-avx2.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/serpent-sse2-x86_64.ko
+#lib/modules/KVER-ipfire/kernel/arch/x86/crypto/sha1-mb
+#lib/modules/KVER-ipfire/kernel/arch/x86/crypto/sha1-mb/sha1-mb.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/sha1-ssse3.ko
+#lib/modules/KVER-ipfire/kernel/arch/x86/crypto/sha256-mb
+#lib/modules/KVER-ipfire/kernel/arch/x86/crypto/sha256-mb/sha256-mb.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/sha256-ssse3.ko
+#lib/modules/KVER-ipfire/kernel/arch/x86/crypto/sha512-mb
+#lib/modules/KVER-ipfire/kernel/arch/x86/crypto/sha512-mb/sha512-mb.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/sha512-ssse3.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/twofish-avx-x86_64.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/crypto/twofish-x86_64-3way.ko
@@ -42,6 +51,8 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/arch/x86/kvm/kvm-intel.ko
 #lib/modules/KVER-ipfire/kernel/arch/x86/kvm/kvm.ko
 #lib/modules/KVER-ipfire/kernel/crypto
+#lib/modules/KVER-ipfire/kernel/crypto/algif_aead.ko
+#lib/modules/KVER-ipfire/kernel/crypto/algif_rng.ko
 #lib/modules/KVER-ipfire/kernel/crypto/ansi_cprng.ko
 #lib/modules/KVER-ipfire/kernel/crypto/anubis.ko
 #lib/modules/KVER-ipfire/kernel/crypto/arc4.ko
@@ -61,30 +72,40 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/crypto/cast6_generic.ko
 #lib/modules/KVER-ipfire/kernel/crypto/cast_common.ko
 #lib/modules/KVER-ipfire/kernel/crypto/ccm.ko
+#lib/modules/KVER-ipfire/kernel/crypto/chacha20_generic.ko
+#lib/modules/KVER-ipfire/kernel/crypto/chacha20poly1305.ko
 #lib/modules/KVER-ipfire/kernel/crypto/cmac.ko
+#lib/modules/KVER-ipfire/kernel/crypto/crypto_user.ko
 #lib/modules/KVER-ipfire/kernel/crypto/cts.ko
 #lib/modules/KVER-ipfire/kernel/crypto/deflate.ko
 #lib/modules/KVER-ipfire/kernel/crypto/des_generic.ko
+#lib/modules/KVER-ipfire/kernel/crypto/dh_generic.ko
+#lib/modules/KVER-ipfire/kernel/crypto/ecdh_generic.ko
 #lib/modules/KVER-ipfire/kernel/crypto/echainiv.ko
 #lib/modules/KVER-ipfire/kernel/crypto/fcrypt.ko
 #lib/modules/KVER-ipfire/kernel/crypto/gcm.ko
 #lib/modules/KVER-ipfire/kernel/crypto/ghash-generic.ko
+#lib/modules/KVER-ipfire/kernel/crypto/keywrap.ko
 #lib/modules/KVER-ipfire/kernel/crypto/khazad.ko
 #lib/modules/KVER-ipfire/kernel/crypto/lz4.ko
 #lib/modules/KVER-ipfire/kernel/crypto/lz4hc.ko
 #lib/modules/KVER-ipfire/kernel/crypto/lzo.ko
+#lib/modules/KVER-ipfire/kernel/crypto/mcryptd.ko
 #lib/modules/KVER-ipfire/kernel/crypto/md4.ko
 #lib/modules/KVER-ipfire/kernel/crypto/michael_mic.ko
 #lib/modules/KVER-ipfire/kernel/crypto/pcbc.ko
 #lib/modules/KVER-ipfire/kernel/crypto/pcrypt.ko
+#lib/modules/KVER-ipfire/kernel/crypto/poly1305_generic.ko
 #lib/modules/KVER-ipfire/kernel/crypto/rmd128.ko
 #lib/modules/KVER-ipfire/kernel/crypto/rmd160.ko
 #lib/modules/KVER-ipfire/kernel/crypto/rmd256.ko
 #lib/modules/KVER-ipfire/kernel/crypto/rmd320.ko
+#lib/modules/KVER-ipfire/kernel/crypto/rsa_generic.ko
 #lib/modules/KVER-ipfire/kernel/crypto/salsa20_generic.ko
 #lib/modules/KVER-ipfire/kernel/crypto/seed.ko
 #lib/modules/KVER-ipfire/kernel/crypto/serpent_generic.ko
 #lib/modules/KVER-ipfire/kernel/crypto/sha1_generic.ko
+#lib/modules/KVER-ipfire/kernel/crypto/sha3_generic.ko
 #lib/modules/KVER-ipfire/kernel/crypto/sha512_generic.ko
 #lib/modules/KVER-ipfire/kernel/crypto/tcrypt.ko
 #lib/modules/KVER-ipfire/kernel/crypto/tea.ko
@@ -215,6 +236,7 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/bfusb.ko
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/bluecard_cs.ko
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/bpa10x.ko
+#lib/modules/KVER-ipfire/kernel/drivers/bluetooth/bt3c_cs.ko
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/btbcm.ko
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/btintel.ko
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/btmrvl.ko
@@ -225,6 +247,7 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/btuart_cs.ko
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/btusb.ko
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/btwilink.ko
+#lib/modules/KVER-ipfire/kernel/drivers/bluetooth/dtl1_cs.ko
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/hci_uart.ko
 #lib/modules/KVER-ipfire/kernel/drivers/bluetooth/hci_vhci.ko
 #lib/modules/KVER-ipfire/kernel/drivers/char
@@ -256,8 +279,28 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/drivers/cpufreq/powernow-k8.ko
 #lib/modules/KVER-ipfire/kernel/drivers/cpufreq/speedstep-lib.ko
 #lib/modules/KVER-ipfire/kernel/drivers/crypto
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/ccp
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/ccp/ccp-crypto.ko
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/ccp/ccp.ko
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/chelsio
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/chelsio/chcr.ko
 #lib/modules/KVER-ipfire/kernel/drivers/crypto/padlock-aes.ko
 #lib/modules/KVER-ipfire/kernel/drivers/crypto/padlock-sha.ko
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_c3xxx
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_c3xxx/qat_c3xxx.ko
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_c3xxxvf
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_c3xxxvf/qat_c3xxxvf.ko
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_c62x
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_c62x/qat_c62x.ko
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_c62xvf
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_c62xvf/qat_c62xvf.ko
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_common
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_common/intel_qat.ko
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_dh895xcc
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_dh895xcc/qat_dh895xcc.ko
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_dh895xccvf
+#lib/modules/KVER-ipfire/kernel/drivers/crypto/qat/qat_dh895xccvf/qat_dh895xccvf.ko
 #lib/modules/KVER-ipfire/kernel/drivers/dca
 #lib/modules/KVER-ipfire/kernel/drivers/dca/dca.ko
 #lib/modules/KVER-ipfire/kernel/drivers/devfreq
@@ -1008,6 +1051,7 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/drivers/media/rc/igorplugusb.ko
 #lib/modules/KVER-ipfire/kernel/drivers/media/rc/iguanair.ko
 #lib/modules/KVER-ipfire/kernel/drivers/media/rc/imon.ko
+#lib/modules/KVER-ipfire/kernel/drivers/media/rc/ir-hix5hd2.ko
 #lib/modules/KVER-ipfire/kernel/drivers/media/rc/ir-jvc-decoder.ko
 #lib/modules/KVER-ipfire/kernel/drivers/media/rc/ir-lirc-codec.ko
 #lib/modules/KVER-ipfire/kernel/drivers/media/rc/ir-mce_kbd-decoder.ko
@@ -1569,6 +1613,9 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/mellanox/mlx4
 #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/mellanox/mlx4/mlx4_core.ko
 #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/mellanox/mlx4/mlx4_en.ko
+#lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/mellanox/mlx5
+#lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/mellanox/mlx5/core
+#lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.ko
 #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/mellanox/mlxsw
 #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_core.ko
 #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_pci.ko
@@ -1716,6 +1763,7 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/drivers/net/ppp/pppoe.ko
 #lib/modules/KVER-ipfire/kernel/drivers/net/ppp/pppox.ko
 #lib/modules/KVER-ipfire/kernel/drivers/net/ppp/pptp.ko
+#lib/modules/KVER-ipfire/kernel/drivers/net/sb1000.ko
 #lib/modules/KVER-ipfire/kernel/drivers/net/slip
 #lib/modules/KVER-ipfire/kernel/drivers/net/slip/slhc.ko
 #lib/modules/KVER-ipfire/kernel/drivers/net/sungem_phy.ko
@@ -2200,6 +2248,12 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/drivers/staging/gdm724x
 #lib/modules/KVER-ipfire/kernel/drivers/staging/gdm724x/gdmtty.ko
 #lib/modules/KVER-ipfire/kernel/drivers/staging/gdm724x/gdmulte.ko
+#lib/modules/KVER-ipfire/kernel/drivers/staging/rtl8188eu
+#lib/modules/KVER-ipfire/kernel/drivers/staging/rtl8188eu/r8188eu.ko
+#lib/modules/KVER-ipfire/kernel/drivers/staging/rtl8192u
+#lib/modules/KVER-ipfire/kernel/drivers/staging/rtl8192u/r8192u_usb.ko
+#lib/modules/KVER-ipfire/kernel/drivers/staging/rtl8712
+#lib/modules/KVER-ipfire/kernel/drivers/staging/rtl8712/r8712u.ko
 #lib/modules/KVER-ipfire/kernel/drivers/staging/slicoss
 #lib/modules/KVER-ipfire/kernel/drivers/staging/slicoss/slicoss.ko
 #lib/modules/KVER-ipfire/kernel/drivers/thermal
@@ -2607,6 +2661,7 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/kernel/trace
 #lib/modules/KVER-ipfire/kernel/kernel/trace/ring_buffer_benchmark.ko
 #lib/modules/KVER-ipfire/kernel/lib
+#lib/modules/KVER-ipfire/kernel/lib/asn1_decoder.ko
 #lib/modules/KVER-ipfire/kernel/lib/cordic.ko
 #lib/modules/KVER-ipfire/kernel/lib/crc-itu-t.ko
 #lib/modules/KVER-ipfire/kernel/lib/crc7.ko
@@ -2615,6 +2670,8 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/lib/lz4
 #lib/modules/KVER-ipfire/kernel/lib/lz4/lz4_compress.ko
 #lib/modules/KVER-ipfire/kernel/lib/lz4/lz4hc_compress.ko
+#lib/modules/KVER-ipfire/kernel/lib/mpi
+#lib/modules/KVER-ipfire/kernel/lib/mpi/mpi.ko
 #lib/modules/KVER-ipfire/kernel/lib/oid_registry.ko
 #lib/modules/KVER-ipfire/kernel/lib/raid6
 #lib/modules/KVER-ipfire/kernel/lib/raid6/raid6_pq.ko
diff --git a/lfs/linux b/lfs/linux
index 28b34e1730..6f693097c4 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -24,11 +24,10 @@
 
 include Config
 
-VER         = 4.9.11
+VER         = 4.9.12
 RPI_PATCHES = 3.14.79-grsec-ipfire1
 A7M_PATCHES = 3.14.79-grsec-ipfire1
-GRS_PATCHES = grsecurity-3.1-4.9.11-201702181444.patch.xz
-
+GRS_PATCHES = grsecurity-3.1-4.9.12-201702231830.patch.xz
 
 THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -83,11 +82,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz		= $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).
 arm7-multi-patches-$(A7M_PATCHES).patch.xz	= $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz
 $(GRS_PATCHES)					= $(URL_IPFIRE)/$(GRS_PATCHES)
 
-$(DL_FILE)_MD5					= 98761ce71c603199fe6fcce600c60772
+$(DL_FILE)_MD5					= 073dfb3a13bf5836ef2d66e24ccf2ceb
 rpi-patches-$(RPI_PATCHES).patch.xz_MD5		= a02a7fd54c642c1e3578a00ed22f54f8
 arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5	= 6c3b11e51caa278dbeacd1e23c2b171b
-$(GRS_PATCHES)_MD5				= 7403735960b9620276499251e7552511
-
+$(GRS_PATCHES)_MD5				= 6fb9c4bd02dd08d7c72b64149b1500c4
 
 install : $(TARGET)
 
@@ -130,12 +128,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
 
 ifneq "$(KCFG)" "-headers"
-ifneq "$(MACHINE)" "i586"
-
 	# Grsecurity-patches
 	cd $(DIR_APP) && xz -c -d $(DIR_DL)/$(GRS_PATCHES) | patch -Np1
 	cd $(DIR_APP) && rm localversion-grsec
-endif
 endif
 
 	# DVB Patches
-- 
2.39.2