Unify hardening flag names to SEC.

portage/env/gcc-nolto-nopie.conf

@@ -13,12 +13,12 @@ RANLIB="ranlib"
 
 # Flags.
 ## Hardening flags.
-C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
+C_SEC="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
-LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
+LD_SEC="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
 
 ## Common flags.
-CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_HARDENING}"
+CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_SEC}"
-CXXFLAGS="-march=znver1 -O2 -pipe ${C_HARDENING}"
+CXXFLAGS="-march=znver1 -O2 -pipe ${C_SEC}"
 
 ## Linker flags.
-LDFLAGS="-Wl,-O2 ${LD_HARDENING}"
+LDFLAGS="-Wl,-O2 ${LD_SEC}"

portage/env/gcc-nolto.conf

@@ -13,12 +13,12 @@ RANLIB="ranlib"
 
 # Flags.
 ## Hardening flags.
-C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
+C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
-LD_HARDENING="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
+LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
 
 ## Common flags.
-CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_HARDENING}"
+CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_SEC}"
-CXXFLAGS="-march=znver1 -O2 -pipe ${C_HARDENING}"
+CXXFLAGS="-march=znver1 -O2 -pipe ${C_SEC}"
 
 ## Linker flags.
-LDFLAGS="-Wl,-O2 ${LD_HARDENING}"
+LDFLAGS="-Wl,-O2 ${LD_SEC}"

portage/env/gcc-nopie.conf

@@ -13,12 +13,12 @@ RANLIB="ranlib"
 
 # Flags.
 ## Hardening flags.
-C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
+C_SEC="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
-LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
+LD_SEC="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
 
 ## Common flags.
-CFLAGS="-march=znver1 -O2 -pipe -flto=4 -U__gnu_linux__ ${C_HARDENING}"
+CFLAGS="-march=znver1 -O2 -pipe -flto=4 -U__gnu_linux__ ${C_SEC}"
-CXXFLAGS="-march=znver1 -O2 -pipe -flto=4 ${C_HARDENING}"
+CXXFLAGS="-march=znver1 -O2 -pipe -flto=4 ${C_SEC}"
 
 ## Linker flags.
-LDFLAGS="-Wl,-O2 ${LD_HARDENING}"
+LDFLAGS="-Wl,-O2 ${LD_SEC}"

portage/env/gcc.conf

@@ -13,12 +13,12 @@ RANLIB="ranlib"
 
 # Flags.
 ## Hardening flags.
-C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
+C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
-LD_HARDENING="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
+LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
 
 ## Common flags.
-CFLAGS="-march=znver1 -O2 -pipe -flto=4 -U__gnu_linux__ ${C_HARDENING}"
+CFLAGS="-march=znver1 -O2 -pipe -flto=4 -U__gnu_linux__ ${C_SEC}"
-CXXFLAGS="-march=znver1 -O2 -pipe -flto=4 ${C_HARDENING}"
+CXXFLAGS="-march=znver1 -O2 -pipe -flto=4 ${C_SEC}"
 
 ## Linker flags.
-LDFLAGS="-Wl,-O2 ${LD_HARDENING}"
+LDFLAGS="-Wl,-O2 ${LD_SEC}"

portage/env/nolto-nopie.conf

@@ -20,12 +20,12 @@ OBJDUMP="llvm-objdump"
 
 # Flags.
 ## Hardening flags.
-C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
+C_SEC="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
-LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
+LD_SEC="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
 
 ## Common flags.
-CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_HARDENING}"
+CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_SEC}"
-CXXFLAGS="-march=znver1 -O2 -pipe ${C_HARDENING}"
+CXXFLAGS="-march=znver1 -O2 -pipe ${C_SEC}"
 
 ## Linker flags.
-LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_HARDENING}"
+LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_SEC}"

portage/env/nolto.conf

@@ -20,12 +20,12 @@ OBJDUMP="llvm-objdump"
 
 # Flags.
 ## Hardening flags.
-C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
+C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
-LD_HARDENING="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
+LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
 
 ## Common flags.
-CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_HARDENING}"
+CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_SEC}"
-CXXFLAGS="-march=znver1 -O2 -pipe ${C_HARDENING}"
+CXXFLAGS="-march=znver1 -O2 -pipe ${C_SEC}"
 
 ## Linker flags.
-LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_HARDENING}"
+LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_SEC}"

portage/env/nopie.conf

@@ -20,12 +20,12 @@ OBJDUMP="llvm-objdump"
 
 # Flags.
 ## Hardening flags.
-C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
+C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
-LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
+LD_SEC="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
 
 ## Common flags.
-CFLAGS="-march=znver1 -O2 -pipe -flto=full -U__gnu_linux__ ${C_HARDENING}"
+CFLAGS="-march=znver1 -O2 -pipe -flto=full -U__gnu_linux__ ${C_SEC}"
-CXXFLAGS="-march=znver1 -O2 -pipe -flto=full ${C_HARDENING}"
+CXXFLAGS="-march=znver1 -O2 -pipe -flto=full ${C_SEC}"
 
 ## Linker flags.
-LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_HARDENING}"
+LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_SEC}"

portage/env/werror.conf

@@ -20,12 +20,12 @@ OBJDUMP="llvm-objdump"
 
 # Flags.
 ## Hardening flags.
-C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
+C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
-LD_HARDENING="-Wl,-z,now -Wl,-z,relro -pie -Wl,--strip-all"
+LD_SEC="-Wl,-z,now -Wl,-z,relro -pie -Wl,--strip-all"
 
 ## Common flags.
-CFLAGS="-march=znver1 -O1 -pipe -flto=full -Wno-error -U__gnu_linux__ ${C_HARDENING}"
+CFLAGS="-march=znver1 -O1 -pipe -flto=full -Wno-error -U__gnu_linux__ ${C_SEC}"
-CXXFLAGS="-march=znver1 -O1 -pipe -flto=full ${C_HARDENING}"
+CXXFLAGS="-march=znver1 -O1 -pipe -flto=full ${C_SEC}"
 
 ## Linker flags.
-LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_HARDENING}"
+LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_SEC}"

portage/savedconfig/sys-kernel/._cfg0000_linux-firmware-20220815

@@ -0,0 +1,85 @@
+# Remove files that shall not be installed from this list.
+amd/amd_sev_fam17h_model0xh.sbin
+amd/amd_sev_fam17h_model3xh.sbin
+amd-ucode/microcode_amd.bin
+amd-ucode/microcode_amd_fam17h.bin
+amdgpu/raven_asd.bin
+amdgpu/raven_ce.bin
+amdgpu/raven_gpu_info.bin
+amdgpu/raven_me.bin
+amdgpu/raven_mec.bin
+amdgpu/raven_mec2.bin
+amdgpu/raven_pfp.bin
+amdgpu/raven_rlc.bin
+amdgpu/raven_sdma.bin
+amdgpu/raven_vcn.bin
+amdgpu/raven_dmcu.bin
+amdgpu/raven_kicker_rlc.bin
+amdgpu/raven_ta.bin
+amdgpu/picasso_asd.bin
+amdgpu/picasso_ce.bin
+amdgpu/picasso_gpu_info.bin
+amdgpu/picasso_me.bin
+amdgpu/picasso_mec.bin
+amdgpu/picasso_mec2.bin
+amdgpu/picasso_pfp.bin
+amdgpu/picasso_rlc.bin
+amdgpu/picasso_rlc_am4.bin
+amdgpu/picasso_sdma.bin
+amdgpu/picasso_vcn.bin
+amdgpu/picasso_ta.bin
+amdgpu/raven2_asd.bin
+amdgpu/raven2_ce.bin
+amdgpu/raven2_gpu_info.bin
+amdgpu/raven2_me.bin
+amdgpu/raven2_mec.bin
+amdgpu/raven2_mec2.bin
+amdgpu/raven2_pfp.bin
+amdgpu/raven2_rlc.bin
+amdgpu/raven2_sdma.bin
+amdgpu/raven2_vcn.bin
+amdgpu/raven2_ta.bin
+amdgpu/gc_10_3_7_mec2.bin
+amdgpu/gc_10_3_7_pfp.bin
+amdgpu/gc_10_3_7_rlc.bin
+amdgpu/dcn_3_1_6_dmcub.bin
+amdgpu/psp_13_0_8_asd.bin
+amdgpu/psp_13_0_8_ta.bin
+amdgpu/psp_13_0_8_toc.bin
+amdgpu/sdma_5_2_7.bin
+ar5523.bin
+ar7010.fw
+ar7010_1_1.fw
+ar9170-1.fw
+ar9170-2.fw
+ar9271.fw
+atusb/atusb-0.2.dfu
+atusb/atusb-0.3.dfu
+atusb/rzusb-0.3.bin
+inside-secure/eip197_minifw/ipue.bin
+inside-secure/eip197_minifw/ifpp.bin
+rt2561.bin
+rt2561s.bin
+rt2661.bin
+rt2860.bin
+rt2870.bin
+rt3070.bin
+rt3071.bin
+rt3090.bin
+rt3290.bin
+rt73.bin
+rtl_nic/rtl8168d-1.fw
+rtl_nic/rtl8168d-2.fw
+rtl_nic/rtl8168e-1.fw
+rtl_nic/rtl8168e-2.fw
+rtl_nic/rtl8168e-3.fw
+rtl_nic/rtl8168f-1.fw
+rtl_nic/rtl8168f-2.fw
+rtl_nic/rtl8411-1.fw
+rtl_nic/rtl8411-2.fw
+rtl_nic/rtl8168g-1.fw
+rtl_nic/rtl8168g-2.fw
+rtl_nic/rtl8168g-3.fw
+rtl_nic/rtl8168h-1.fw
+rtl_nic/rtl8168h-2.fw
+rtl_nic/rtl8168fp-3.fw