Upgrade kernels to 4.4.142+

[emkll]

Description

Spectre v4 fixes have been backported to 4.4.142. We should upgrade SecureDrop kernels to 4.4.142 or above.

User Research Evidence

Users like up to date software.

User Stories

As a SecureDrop admin, I would like to run up-to-date kernels.

[emkll]

Successfully built and did preliminary testing with 4.4.144 on hardware, and everything appears to be functioning correctly.

However, to obtain full mitigations against Spectre versions v3a and v4, CPU microcode updates [0] are also required, and are not yet available in Trusty [1].
Note that we currently do not have intel-microcode as a dependency on servers, as the January Spectre/Meltdown variants had kernel-level mitigations. The risk should be quite low, however, as these vulnerabilities require code execution on the hosts.

[0] : https://downloadcenter.intel.com/search?keyword=linux+microcode
[1] : https://launchpad.net/ubuntu/+source/intel-microcode

[emkll]

• 4.4.144 kernels have been uploaded to apt test
• Bump grsecurity kernel to 4.4.144 #3662 has been opened to merge the strings into develop
• Consider adding intel-microcode to the list of dependencies #3663 has been opened to track the inclusion of intel-microcode into the list of dependencies
• The 4.4.144 kernel config has been submitted in Update config for securedrop-grsec 4.4.144 ansible-role-grsecurity-build#39