2016-01-05 14:22:43 +00:00
# WARNING/NOTE: whenever you want to add an option here you need to either
# * mark it as an optional one with `option`,
# * or make sure it works for all the versions in nixpkgs,
# * or check for which kernel versions it will work (using kernel
# changelog, google or whatever) and mark it with `whenOlder` or
# `whenAtLeast`.
# Then do test your change by building all the kernels (or at least
# their configs) in Nixpkgs or else you will guarantee lots and lots
# of pain to users trying to switch to an older kernel because of some
# hardware problems with a new one.
2015-03-24 21:34:54 +00:00
2016-01-05 14:22:43 +00:00
# Configuration
2021-01-15 14:45:37 +00:00
{ lib , stdenv , version
2015-03-24 21:34:54 +00:00
2021-04-05 10:01:58 +00:00
, features ? { }
2016-01-05 14:22:43 +00:00
} :
2021-01-15 14:45:37 +00:00
with lib ;
with lib . kernel ;
with ( lib . kernel . whenHelpers version ) ;
2016-01-05 14:22:43 +00:00
let
2018-06-25 00:12:17 +00:00
# configuration items have to be part of a subattrs
2016-01-05 14:22:43 +00:00
flattenKConf = nested : mapAttrs ( _ : head ) ( zipAttrs ( attrValues nested ) ) ;
2019-11-11 06:57:30 +00:00
whenPlatformHasEBPFJit =
mkIf ( stdenv . hostPlatform . isAarch32 ||
stdenv . hostPlatform . isAarch64 ||
stdenv . hostPlatform . isx86_64 ||
2022-04-10 08:59:20 +00:00
( stdenv . hostPlatform . isPower && stdenv . hostPlatform . is64bit ) ||
2019-11-11 06:57:30 +00:00
( stdenv . hostPlatform . isMips && stdenv . hostPlatform . is64bit ) ) ;
2016-01-05 14:22:43 +00:00
options = {
debug = {
2021-06-22 15:55:14 +00:00
# Necessary for BTF
2023-07-25 21:42:37 +00:00
DEBUG_INFO = mkMerge [
( whenOlder " 5 . 2 " ( if ( features . debug or false ) then yes else no ) )
( whenBetween " 5 . 2 " " 5 . 1 8 " yes )
] ;
2022-05-23 09:19:42 +00:00
DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = whenAtLeast " 5 . 1 8 " yes ;
2022-07-09 01:29:40 +00:00
# Reduced debug info conflict with BTF and have been enabled in
# aarch64 defconfig since 5.13
DEBUG_INFO_REDUCED = whenAtLeast " 5 . 1 3 " ( option no ) ;
2022-07-11 01:14:06 +00:00
DEBUG_INFO_BTF = whenAtLeast " 5 . 2 " ( option yes ) ;
2022-07-14 09:11:55 +00:00
# Allow loading modules with mismatched BTFs
# FIXME: figure out how to actually make BTFs reproducible instead
# See https://github.com/NixOS/nixpkgs/pull/181456 for details.
MODULE_ALLOW_BTF_MISMATCH = whenAtLeast " 5 . 1 8 " ( option yes ) ;
2021-11-02 11:13:55 +00:00
BPF_LSM = whenAtLeast " 5 . 7 " ( option yes ) ;
2016-01-05 14:22:43 +00:00
DEBUG_KERNEL = yes ;
DEBUG_DEVRES = no ;
DYNAMIC_DEBUG = yes ;
DEBUG_STACK_USAGE = no ;
RCU_TORTURE_TEST = no ;
SCHEDSTATS = no ;
DETECT_HUNG_TASK = yes ;
CRASH_DUMP = option no ;
# Easier debugging of NFS issues.
2018-06-22 23:54:44 +00:00
SUNRPC_DEBUG = yes ;
2019-09-24 10:55:46 +00:00
# Provide access to tunables like sched_migration_cost_ns
SCHED_DEBUG = yes ;
2016-01-05 14:22:43 +00:00
} ;
power-management = {
CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes ;
2022-02-11 12:54:45 +00:00
CPU_FREQ_GOV_SCHEDUTIL = yes ;
2022-03-23 21:42:41 +00:00
PM_ADVANCED_DEBUG = yes ;
2016-01-05 14:22:43 +00:00
PM_WAKELOCKS = yes ;
2019-08-22 10:23:37 +00:00
POWERCAP = yes ;
2023-01-08 10:18:48 +00:00
# ACPI Firmware Performance Data Table Support
2023-02-19 20:04:50 +00:00
ACPI_FPDT = whenAtLeast " 5 . 1 2 " ( option yes ) ;
2023-01-08 10:18:48 +00:00
# ACPI Heterogeneous Memory Attribute Table Support
2023-02-19 20:04:50 +00:00
ACPI_HMAT = whenAtLeast " 5 . 2 " ( option yes ) ;
2023-01-08 10:18:48 +00:00
# ACPI Platform Error Interface
2023-02-19 20:04:50 +00:00
ACPI_APEI = ( option yes ) ;
2023-01-08 10:18:48 +00:00
# APEI Generic Hardware Error Source
2023-02-19 20:04:50 +00:00
ACPI_APEI_GHES = ( option yes ) ;
2023-05-16 16:18:58 +00:00
# Enable lazy RCUs for power savings:
# https://lore.kernel.org/rcu/20221019225138.GA2499943@paulmck-ThinkPad-P17-Gen-1/
2023-05-18 13:30:49 +00:00
# RCU_LAZY depends on RCU_NOCB_CPU depends on NO_HZ_FULL
# depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT,
# so we can't force-enable this
RCU_LAZY = whenAtLeast " 6 . 2 " ( option yes ) ;
2022-03-23 21:42:41 +00:00
} // optionalAttrs ( stdenv . hostPlatform . isx86 ) {
INTEL_IDLE = yes ;
2020-05-26 12:09:20 +00:00
INTEL_RAPL = whenAtLeast " 5 . 3 " module ;
2022-03-23 21:42:41 +00:00
X86_INTEL_LPSS = yes ;
X86_INTEL_PSTATE = yes ;
2022-12-02 20:37:00 +00:00
X86_AMD_PSTATE = whenAtLeast " 5 . 1 7 " yes ;
2023-01-08 10:18:48 +00:00
# Intel DPTF (Dynamic Platform and Thermal Framework) Support
ACPI_DPTF = whenAtLeast " 5 . 1 0 " yes ;
2023-06-20 11:47:42 +00:00
# Required to bring up some Bay Trail devices properly
I2C = yes ;
I2C_DESIGNWARE_PLATFORM = yes ;
PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
INTEL_SOC_PMIC = whenAtLeast " 5 . 1 0 " yes ;
BYTCRC_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
CHTCRC_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
XPOWER_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
BXT_WC_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
INTEL_SOC_PMIC_CHTWC = whenAtLeast " 5 . 1 0 " yes ;
CHT_WC_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
INTEL_SOC_PMIC_CHTDC_TI = whenAtLeast " 5 . 1 0 " yes ;
CHT_DC_TI_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
2023-06-23 07:32:17 +00:00
MFD_TPS68470 = whenBetween " 5 . 1 0 " " 5 . 1 3 " yes ;
2023-06-20 11:47:42 +00:00
TPS68470_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
2016-01-05 14:22:43 +00:00
} ;
external-firmware = {
# Support drivers that need external firmware.
STANDALONE = no ;
} ;
proc-config-gz = {
# Make /proc/config.gz available
IKCONFIG = yes ;
IKCONFIG_PROC = yes ;
} ;
optimization = {
# Optimize with -O2, not -Os
CC_OPTIMIZE_FOR_SIZE = no ;
} ;
2023-06-20 12:03:02 +00:00
memory = {
DAMON = whenAtLeast " 5 . 1 5 " yes ;
DAMON_VADDR = whenAtLeast " 5 . 1 5 " yes ;
2023-06-23 07:32:38 +00:00
DAMON_PADDR = whenAtLeast " 5 . 1 6 " yes ;
DAMON_SYSFS = whenAtLeast " 5 . 1 8 " yes ;
2023-06-20 12:03:02 +00:00
DAMON_DBGFS = whenAtLeast " 5 . 1 5 " yes ;
2023-06-23 07:32:38 +00:00
DAMON_RECLAIM = whenAtLeast " 5 . 1 6 " yes ;
DAMON_LRU_SORT = whenAtLeast " 6 . 0 " yes ;
2023-06-20 12:03:02 +00:00
} ;
2016-01-05 14:22:43 +00:00
memtest = {
MEMTEST = yes ;
} ;
# Include the CFQ I/O scheduler in the kernel, rather than as a
# module, so that the initrd gets a good I/O scheduler.
scheduler = {
2019-01-07 12:57:32 +00:00
IOSCHED_CFQ = whenOlder " 5 . 0 " yes ; # Removed in 5.0-RC1
2016-01-05 14:22:43 +00:00
BLK_CGROUP = yes ; # required by CFQ"
2023-10-18 22:40:21 +00:00
BLK_CGROUP_IOLATENCY = yes ;
2020-07-18 12:00:00 +00:00
BLK_CGROUP_IOCOST = whenAtLeast " 5 . 4 " yes ;
2019-01-07 12:57:32 +00:00
IOSCHED_DEADLINE = whenOlder " 5 . 0 " yes ; # Removed in 5.0-RC1
2022-11-19 02:48:31 +00:00
MQ_IOSCHED_DEADLINE = yes ;
BFQ_GROUP_IOSCHED = yes ;
MQ_IOSCHED_KYBER = yes ;
IOSCHED_BFQ = module ;
2016-01-05 14:22:43 +00:00
} ;
2022-10-30 15:47:12 +00:00
timer = {
# Enable Full Dynticks System.
2023-05-18 13:30:49 +00:00
# NO_HZ_FULL depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT
NO_HZ_FULL = mkIf stdenv . is64bit yes ;
2022-10-30 15:47:12 +00:00
} ;
2016-01-05 14:22:43 +00:00
# Enable NUMA.
numa = {
NUMA = option yes ;
} ;
networking = {
NET = yes ;
2020-02-29 22:57:43 +00:00
IP_ADVANCED_ROUTER = yes ;
2016-01-05 14:22:43 +00:00
IP_PNP = no ;
2023-07-20 07:58:21 +00:00
IP_ROUTE_MULTIPATH = yes ;
2016-01-05 14:22:43 +00:00
IP_VS_PROTO_TCP = yes ;
IP_VS_PROTO_UDP = yes ;
IP_VS_PROTO_ESP = yes ;
IP_VS_PROTO_AH = yes ;
2019-06-08 08:23:48 +00:00
IP_VS_IPV6 = yes ;
2016-01-05 14:22:43 +00:00
IP_DCCP_CCID3 = no ; # experimental
CLS_U32_PERF = yes ;
CLS_U32_MARK = yes ;
2019-11-11 06:57:30 +00:00
BPF_JIT = whenPlatformHasEBPFJit yes ;
2020-06-12 06:52:09 +00:00
BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no ; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304
2019-11-11 06:57:30 +00:00
HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes ;
2023-10-18 22:40:21 +00:00
BPF_STREAM_PARSER = yes ;
XDP_SOCKETS = yes ;
2020-05-26 12:09:20 +00:00
XDP_SOCKETS_DIAG = whenAtLeast " 5 . 1 " yes ;
2016-01-05 14:22:43 +00:00
WAN = yes ;
2021-11-04 10:54:34 +00:00
TCP_CONG_ADVANCED = yes ;
2020-02-23 17:45:29 +00:00
TCP_CONG_CUBIC = yes ; # This is the default congestion control algorithm since 2.6.19
2016-01-05 14:22:43 +00:00
# Required by systemd per-cgroup firewalling
CGROUP_BPF = option yes ;
CGROUP_NET_PRIO = yes ; # Required by systemd
IP_ROUTE_VERBOSE = yes ;
IP_MROUTE_MULTIPLE_TABLES = yes ;
IP_MULTICAST = yes ;
2020-02-29 22:57:43 +00:00
IP_MULTIPLE_TABLES = yes ;
2020-11-16 12:02:48 +00:00
IPV6 = yes ;
2016-01-05 14:22:43 +00:00
IPV6_ROUTER_PREF = yes ;
IPV6_ROUTE_INFO = yes ;
IPV6_OPTIMISTIC_DAD = yes ;
IPV6_MULTIPLE_TABLES = yes ;
IPV6_SUBTREES = yes ;
IPV6_MROUTE = yes ;
IPV6_MROUTE_MULTIPLE_TABLES = yes ;
IPV6_PIMSM_V2 = yes ;
2022-02-11 12:54:45 +00:00
IPV6_FOU_TUNNEL = module ;
2022-11-19 02:48:31 +00:00
IPV6_SEG6_LWTUNNEL = yes ;
IPV6_SEG6_HMAC = yes ;
2023-10-18 22:40:21 +00:00
IPV6_SEG6_BPF = yes ;
2022-02-11 12:54:45 +00:00
NET_CLS_BPF = module ;
NET_ACT_BPF = module ;
2019-09-01 00:24:38 +00:00
NET_SCHED = yes ;
2016-01-05 14:22:43 +00:00
L2TP_V3 = yes ;
L2TP_IP = module ;
L2TP_ETH = module ;
BRIDGE_VLAN_FILTERING = yes ;
BONDING = module ;
NET_L3_MASTER_DEV = option yes ;
NET_FOU_IP_TUNNELS = option yes ;
IP_NF_TARGET_REDIRECT = module ;
PPP_MULTILINK = yes ; # PPP multilink support
PPP_FILTER = yes ;
# needed for iwd WPS support (wpa_supplicant replacement)
2022-02-11 12:54:45 +00:00
KEY_DH_OPERATIONS = yes ;
2018-08-24 13:54:50 +00:00
# needed for nftables
2019-10-14 13:41:39 +00:00
# Networking Options
NETFILTER = yes ;
NETFILTER_ADVANCED = yes ;
# Core Netfilter Configuration
NF_CONNTRACK_ZONES = yes ;
NF_CONNTRACK_EVENTS = yes ;
NF_CONNTRACK_TIMEOUT = yes ;
NF_CONNTRACK_TIMESTAMP = yes ;
NETFILTER_NETLINK_GLUE_CT = yes ;
2023-10-18 22:40:21 +00:00
NF_TABLES_INET = yes ;
NF_TABLES_NETDEV = yes ;
2021-01-17 16:21:56 +00:00
NFT_REJECT_NETDEV = whenAtLeast " 5 . 1 1 " module ;
2019-10-14 13:41:39 +00:00
# IP: Netfilter Configuration
2023-10-18 22:40:21 +00:00
NF_TABLES_IPV4 = yes ;
NF_TABLES_ARP = yes ;
2019-10-14 13:41:39 +00:00
# IPv6: Netfilter Configuration
2023-10-18 22:40:21 +00:00
NF_TABLES_IPV6 = yes ;
2019-10-14 13:41:39 +00:00
# Bridge Netfilter Configuration
2023-10-18 22:40:21 +00:00
NF_TABLES_BRIDGE = mkMerge [ ( whenOlder " 5 . 3 " yes )
2019-10-14 13:41:39 +00:00
( whenAtLeast " 5 . 3 " module ) ] ;
2019-09-24 19:52:42 +00:00
2020-04-13 01:36:15 +00:00
# needed for `dropwatch`
# Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450
NET_DROP_MONITOR = yes ;
2019-09-24 19:52:42 +00:00
# needed for ss
2020-06-10 14:29:14 +00:00
# Use a lower priority to allow these options to be overridden in hardened/config.nix
INET_DIAG = mkDefault module ;
INET_TCP_DIAG = mkDefault module ;
INET_UDP_DIAG = mkDefault module ;
2022-11-19 02:48:31 +00:00
INET_RAW_DIAG = mkDefault module ;
2022-02-11 12:54:45 +00:00
INET_DIAG_DESTROY = mkDefault yes ;
2021-01-07 00:49:23 +00:00
# enable multipath-tcp
MPTCP = whenAtLeast " 5 . 6 " yes ;
MPTCP_IPV6 = whenAtLeast " 5 . 6 " yes ;
2020-06-10 14:29:14 +00:00
INET_MPTCP_DIAG = whenAtLeast " 5 . 9 " ( mkDefault module ) ;
2021-11-22 09:34:00 +00:00
# Kernel TLS
2022-11-19 02:48:31 +00:00
TLS = module ;
2023-10-18 22:40:21 +00:00
TLS_DEVICE = yes ;
2021-06-05 20:40:13 +00:00
# infiniband
INFINIBAND = module ;
INFINIBAND_IPOIB = module ;
INFINIBAND_IPOIB_CM = yes ;
2023-11-25 14:00:49 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) {
# Not enabled by default, hides modules behind it
NET_VENDOR_MEDIATEK = yes ;
# Enable SoC interface for MT7915 module, required for MT798X.
MT7986_WMAC = whenBetween " 5 . 1 8 " " 6 . 6 " yes ;
MT798X_WMAC = whenAtLeast " 6 . 6 " yes ;
2016-01-05 14:22:43 +00:00
} ;
wireless = {
2023-06-25 16:15:45 +00:00
CFG80211_WEXT = option yes ; # Without it, ipw2200 drivers don't build
IPW2100_MONITOR = option yes ; # support promiscuous mode
IPW2200_MONITOR = option yes ; # support promiscuous mode
HOSTAP_FIRMWARE = option yes ; # Support downloading firmware images with Host AP driver
HOSTAP_FIRMWARE_NVRAM = option yes ;
ATH9K_PCI = option yes ; # Detect Atheros AR9xxx cards on PCI(e) bus
ATH9K_AHB = option yes ; # Ditto, AHB bus
# The description of this option makes it sound dangerous or even illegal
# But OpenWRT enables it by default: https://github.com/openwrt/openwrt/blob/master/package/kernel/mac80211/Makefile#L55
# At the time of writing (25-06-2023): this is only used in a "correct" way by ath drivers for initiating DFS radiation
# for "certified devices"
EXPERT = option yes ; # this is needed for offering the certification option
CFG80211_CERTIFICATION_ONUS = option yes ;
# DFS: "Dynamic Frequency Selection" is a spectrum-sharing mechanism that allows
# you to use certain interesting frequency when your local regulatory domain mandates it.
# ATH drivers hides the feature behind this option and makes hostapd works with DFS frequencies.
# OpenWRT enables it too: https://github.com/openwrt/openwrt/blob/master/package/kernel/mac80211/ath.mk#L42
ATH9K_DFS_CERTIFIED = option yes ;
ATH10K_DFS_CERTIFIED = option yes ;
B43_PHY_HT = option yes ;
BCMA_HOST_PCI = option yes ;
RTW88 = whenAtLeast " 5 . 2 " module ;
RTW88_8822BE = mkMerge [ ( whenBetween " 5 . 2 " " 5 . 8 " yes ) ( whenAtLeast " 5 . 8 " module ) ] ;
RTW88_8822CE = mkMerge [ ( whenBetween " 5 . 2 " " 5 . 8 " yes ) ( whenAtLeast " 5 . 8 " module ) ] ;
2016-01-05 14:22:43 +00:00
} ;
fb = {
FB = yes ;
FB_EFI = yes ;
FB_NVIDIA_I2C = yes ; # Enable DDC Support
FB_RIVA_I2C = yes ;
FB_ATY_CT = yes ; # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support
FB_ATY_GX = yes ; # Mach64 GX support
FB_SAVAGE_I2C = yes ;
FB_SAVAGE_ACCEL = yes ;
FB_SIS_300 = yes ;
FB_SIS_315 = yes ;
FB_3DFX_ACCEL = yes ;
FB_VESA = yes ;
FRAMEBUFFER_CONSOLE = yes ;
2023-10-18 22:40:21 +00:00
FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = yes ;
2016-01-05 14:22:43 +00:00
FRAMEBUFFER_CONSOLE_ROTATION = yes ;
2023-11-01 14:58:54 +00:00
FRAMEBUFFER_CONSOLE_DETECT_PRIMARY = yes ;
2018-10-03 09:49:50 +00:00
FB_GEODE = mkIf ( stdenv . hostPlatform . system == " i 6 8 6 - l i n u x " ) yes ;
2021-10-17 17:06:35 +00:00
# On 5.14 this conflicts with FB_SIMPLE.
DRM_SIMPLEDRM = whenAtLeast " 5 . 1 4 " no ;
2023-11-01 14:58:54 +00:00
DRM_FBDEV_EMULATION = yes ;
2016-01-05 14:22:43 +00:00
} ;
2023-01-11 14:16:36 +00:00
fonts = {
FONTS = yes ;
# Default fonts enabled if FONTS is not set
FONT_8x8 = yes ;
FONT_8x16 = yes ;
# High DPI font
FONT_TER16x32 = whenAtLeast " 5 . 0 " yes ;
} ;
2016-01-05 14:22:43 +00:00
video = {
linux: Disable DRM_LEGACY, NOUVEAU_LEGACY_CTX_SUPPORT
This currently gets enabled as generate-config.pl will enable all the
drivers below it as modules.
Is “not set” in [Arch][1], [Debian][2], [Fedora][3]. See also [summary
of setting from various distros in April 2020][4].
Recommended disabled by [CLIP OS][5] and per current [Kernel config
description][6]:
> bool "Enable legacy drivers (DANGEROUS)"
> Enable legacy DRI1 drivers. Those drivers expose unsafe and dangerous
> APIs to user-space, which can be used to circumvent access
> restrictions and other security measures. For backwards compatibility
> those drivers are still available, but their use is highly
> inadvisable and might harm your system.
>
> You are recommended to use the safe modeset-only drivers instead, and
> perform 3D emulation in user-space.
>
> Unless you have strong reasons to go rogue, say "N".
Also disable NOUVEAU_LEGACY_CTX_SUPPORT, as this does `select
DRM_LEGACY`. Per Kernel config docs:
>There was a version of the nouveau DDX that relied on legacy
> ctx ioctls not erroring out. But that was back in time a long
> ways, so offer a way to disable it now. For uapi compat with
> old nouveau ddx this should be on by default, but modern distros
> should consider turning it off.
and the [commit][7]:
> These driver functions contain several bugs and security holes. This
> change makes these functions optional can be turned on by a setting,
> they are turned off by default for modeset driver with the exception of
> the nouvea driver that may require them with an old version of libdrm.
Referenced earlier commit elaborates that
> libdrm_nouveau before 2.4.33 used contexts
Since nixpkgs here has a much newer version (2.4.33 is from March 2012),
should not be a concern.
NOUVEAU_LEGACY_CTX_SUPPORT is also “not set” in the linked Arch, Debian,
& Fedora configs.
[1]: https://github.com/archlinux/svntogit-packages/blob/66d72ee54afc604391b618fc3eecc43f29e479e8/trunk/config#L6637
[2]: https://salsa.debian.org/kernel-team/linux/-/blob/07731f5956cf29876a7abc13f4ecbdf4d9459592/debian/config/config#L713
[3]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_1528
[4]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/38#issuecomment-608639217
[5]: https://docs.clip-os.org/clipos/kernel.html#configuration
[6]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/Kconfig#n421
[7]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b30a43ac7132cdda833ac4b13dd1ebd35ace14b7
2022-08-27 21:10:06 +00:00
DRM_LEGACY = no ;
2023-03-10 20:15:17 +00:00
NOUVEAU_LEGACY_CTX_SUPPORT = whenBetween " 5 . 2 " " 6 . 3 " no ;
linux: Disable DRM_LEGACY, NOUVEAU_LEGACY_CTX_SUPPORT
This currently gets enabled as generate-config.pl will enable all the
drivers below it as modules.
Is “not set” in [Arch][1], [Debian][2], [Fedora][3]. See also [summary
of setting from various distros in April 2020][4].
Recommended disabled by [CLIP OS][5] and per current [Kernel config
description][6]:
> bool "Enable legacy drivers (DANGEROUS)"
> Enable legacy DRI1 drivers. Those drivers expose unsafe and dangerous
> APIs to user-space, which can be used to circumvent access
> restrictions and other security measures. For backwards compatibility
> those drivers are still available, but their use is highly
> inadvisable and might harm your system.
>
> You are recommended to use the safe modeset-only drivers instead, and
> perform 3D emulation in user-space.
>
> Unless you have strong reasons to go rogue, say "N".
Also disable NOUVEAU_LEGACY_CTX_SUPPORT, as this does `select
DRM_LEGACY`. Per Kernel config docs:
>There was a version of the nouveau DDX that relied on legacy
> ctx ioctls not erroring out. But that was back in time a long
> ways, so offer a way to disable it now. For uapi compat with
> old nouveau ddx this should be on by default, but modern distros
> should consider turning it off.
and the [commit][7]:
> These driver functions contain several bugs and security holes. This
> change makes these functions optional can be turned on by a setting,
> they are turned off by default for modeset driver with the exception of
> the nouvea driver that may require them with an old version of libdrm.
Referenced earlier commit elaborates that
> libdrm_nouveau before 2.4.33 used contexts
Since nixpkgs here has a much newer version (2.4.33 is from March 2012),
should not be a concern.
NOUVEAU_LEGACY_CTX_SUPPORT is also “not set” in the linked Arch, Debian,
& Fedora configs.
[1]: https://github.com/archlinux/svntogit-packages/blob/66d72ee54afc604391b618fc3eecc43f29e479e8/trunk/config#L6637
[2]: https://salsa.debian.org/kernel-team/linux/-/blob/07731f5956cf29876a7abc13f4ecbdf4d9459592/debian/config/config#L713
[3]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_1528
[4]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/38#issuecomment-608639217
[5]: https://docs.clip-os.org/clipos/kernel.html#configuration
[6]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/Kconfig#n421
[7]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b30a43ac7132cdda833ac4b13dd1ebd35ace14b7
2022-08-27 21:10:06 +00:00
2016-01-05 14:22:43 +00:00
# Allow specifying custom EDID on the kernel command line
DRM_LOAD_EDID_FIRMWARE = yes ;
VGA_SWITCHEROO = yes ; # Hybrid graphics support
2021-03-24 14:03:46 +00:00
DRM_GMA500 = whenAtLeast " 5 . 1 2 " module ;
2021-06-14 12:25:02 +00:00
DRM_GMA600 = whenOlder " 5 . 1 3 " yes ;
2021-03-24 14:03:46 +00:00
DRM_GMA3600 = whenOlder " 5 . 1 2 " yes ;
2023-02-02 20:54:46 +00:00
DRM_VMWGFX_FBCON = whenOlder " 6 . 2 " yes ;
2016-01-05 14:22:43 +00:00
# (experimental) amdgpu support for verde and newer chipsets
2022-02-11 12:54:45 +00:00
DRM_AMDGPU_SI = yes ;
2016-01-05 14:22:43 +00:00
# (stable) amdgpu support for bonaire and newer chipsets
2022-02-11 12:54:45 +00:00
DRM_AMDGPU_CIK = yes ;
2019-08-06 22:29:54 +00:00
# Allow device firmware updates
2022-02-11 12:54:45 +00:00
DRM_DP_AUX_CHARDEV = yes ;
2021-01-12 11:29:07 +00:00
# amdgpu display core (DC) support
2023-10-18 22:40:21 +00:00
DRM_AMD_DC_DCN1_0 = whenOlder " 5 . 6 " yes ;
2021-01-12 11:29:07 +00:00
DRM_AMD_DC_DCN2_0 = whenBetween " 5 . 3 " " 5 . 6 " yes ;
DRM_AMD_DC_DCN2_1 = whenBetween " 5 . 4 " " 5 . 6 " yes ;
DRM_AMD_DC_DCN3_0 = whenBetween " 5 . 9 " " 5 . 1 1 " yes ;
2023-05-08 17:56:21 +00:00
DRM_AMD_DC_DCN = whenBetween " 5 . 1 1 " " 6 . 4 " yes ;
2023-05-14 13:11:58 +00:00
DRM_AMD_DC_FP = whenAtLeast " 6 . 4 " yes ;
2023-05-08 17:56:21 +00:00
DRM_AMD_DC_HDCP = whenBetween " 5 . 5 " " 6 . 4 " yes ;
2021-01-12 11:29:07 +00:00
DRM_AMD_DC_SI = whenAtLeast " 5 . 1 0 " yes ;
2018-06-30 11:01:22 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " ) {
# Intel GVT-g graphics virtualization supports 64-bit only
2023-10-18 22:40:21 +00:00
DRM_I915_GVT = yes ;
DRM_I915_GVT_KVMGT = module ;
2022-04-15 22:27:40 +00:00
# Enable Hyper-V Synthetic DRM Driver
DRM_HYPERV = whenAtLeast " 5 . 1 4 " module ;
2022-06-10 09:20:50 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) {
# enable HDMI-CEC on RPi boards
2022-11-19 02:48:31 +00:00
DRM_VC4_HDMI_CEC = yes ;
2016-01-05 14:22:43 +00:00
} ;
sound = {
SND_DYNAMIC_MINORS = yes ;
SND_AC97_POWER_SAVE = yes ; # AC97 Power-Saving Mode
SND_HDA_INPUT_BEEP = yes ; # Support digital beep via input layer
SND_HDA_RECONFIG = yes ; # Support reconfiguration of jack functions
# Support configuring jack functions via fw mechanism at boot
SND_HDA_PATCH_LOADER = yes ;
2020-04-17 06:43:49 +00:00
SND_HDA_CODEC_CA0132_DSP = whenOlder " 5 . 7 " yes ; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon
2019-02-18 16:11:37 +00:00
SND_OSSEMUL = yes ;
2016-01-05 14:22:43 +00:00
SND_USB_CAIAQ_INPUT = yes ;
2020-04-29 03:34:41 +00:00
# Enable Sound Open Firmware support
} // optionalAttrs ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " &&
versionAtLeast version " 5 . 5 " ) {
2022-01-10 02:33:41 +00:00
SND_SOC_INTEL_SOUNDWIRE_SOF_MACH = whenAtLeast " 5 . 1 0 " module ;
SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES = whenAtLeast " 5 . 1 0 " yes ; # dep of SOF_MACH
2022-01-10 14:11:49 +00:00
SND_SOC_SOF_INTEL_SOUNDWIRE_LINK = whenBetween " 5 . 1 0 " " 5 . 1 1 " yes ; # dep of SOF_MACH
2020-04-29 03:34:41 +00:00
SND_SOC_SOF_TOPLEVEL = yes ;
SND_SOC_SOF_ACPI = module ;
SND_SOC_SOF_PCI = module ;
2021-03-24 14:03:46 +00:00
SND_SOC_SOF_APOLLOLAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_APOLLOLAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_CANNONLAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_CANNONLAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_COFFEELAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_COFFEELAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_COMETLAKE = whenAtLeast " 5 . 1 2 " module ;
2020-07-10 14:23:46 +00:00
SND_SOC_SOF_COMETLAKE_H_SUPPORT = whenOlder " 5 . 8 " yes ;
2021-03-24 14:03:46 +00:00
SND_SOC_SOF_COMETLAKE_LP_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_ELKHARTLAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_ELKHARTLAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_GEMINILAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_GEMINILAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
2020-04-29 03:34:41 +00:00
SND_SOC_SOF_HDA_AUDIO_CODEC = yes ;
2020-06-10 12:07:15 +00:00
SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = whenOlder " 5 . 7 " yes ;
2020-04-29 03:34:41 +00:00
SND_SOC_SOF_HDA_LINK = yes ;
2021-03-24 14:03:46 +00:00
SND_SOC_SOF_ICELAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_ICELAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
2020-04-29 03:34:41 +00:00
SND_SOC_SOF_INTEL_TOPLEVEL = yes ;
2021-03-24 14:03:46 +00:00
SND_SOC_SOF_JASPERLAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_JASPERLAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_MERRIFIELD = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_MERRIFIELD_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_TIGERLAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_TIGERLAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
2016-01-05 14:22:43 +00:00
} ;
usb-serial = {
USB_SERIAL_GENERIC = yes ; # USB Generic Serial Driver
} ;
usb = {
USB_EHCI_ROOT_HUB_TT = yes ; # Root Hub Transaction Translators
USB_EHCI_TT_NEWSCHED = yes ; # Improved transaction translator scheduling
2019-06-14 22:15:12 +00:00
USB_HIDDEV = yes ; #
2016-01-05 14:22:43 +00:00
} ;
# Filesystem options - in particular, enable extended attributes and
# ACLs for all filesystems that support them.
filesystem = {
2022-03-15 17:43:54 +00:00
FANOTIFY = yes ;
FANOTIFY_ACCESS_PERMISSIONS = yes ;
2016-01-05 14:22:43 +00:00
TMPFS = yes ;
TMPFS_POSIX_ACL = yes ;
2022-10-23 16:28:32 +00:00
FS_ENCRYPTION = if ( versionAtLeast version " 5 . 1 " ) then yes else option module ;
2016-01-05 14:22:43 +00:00
EXT2_FS_XATTR = yes ;
EXT2_FS_POSIX_ACL = yes ;
EXT2_FS_SECURITY = yes ;
EXT3_FS_POSIX_ACL = yes ;
EXT3_FS_SECURITY = yes ;
EXT4_FS_POSIX_ACL = yes ;
EXT4_FS_SECURITY = yes ;
2022-03-19 23:04:51 +00:00
EXT4_ENCRYPTION = whenOlder " 5 . 1 " yes ;
2016-01-05 14:22:43 +00:00
2022-08-09 20:43:56 +00:00
NTFS_FS = whenAtLeast " 5 . 1 5 " no ;
NTFS3_LZX_XPRESS = whenAtLeast " 5 . 1 5 " yes ;
NTFS3_FS_POSIX_ACL = whenAtLeast " 5 . 1 5 " yes ;
2016-01-05 14:22:43 +00:00
REISERFS_FS_XATTR = option yes ;
REISERFS_FS_POSIX_ACL = option yes ;
REISERFS_FS_SECURITY = option yes ;
JFS_POSIX_ACL = option yes ;
JFS_SECURITY = option yes ;
XFS_QUOTA = option yes ;
XFS_POSIX_ACL = option yes ;
XFS_RT = option yes ; # XFS Realtime subvolume support
2022-10-12 18:10:07 +00:00
XFS_ONLINE_SCRUB = option yes ;
2016-01-05 14:22:43 +00:00
OCFS2_DEBUG_MASKLOG = option no ;
BTRFS_FS_POSIX_ACL = yes ;
UBIFS_FS_ADVANCED_COMPR = option yes ;
F2FS_FS = module ;
F2FS_FS_SECURITY = option yes ;
2022-03-19 23:04:51 +00:00
F2FS_FS_ENCRYPTION = whenOlder " 5 . 1 " yes ;
2021-01-22 21:35:34 +00:00
F2FS_FS_COMPRESSION = whenAtLeast " 5 . 6 " yes ;
2016-01-05 14:22:43 +00:00
UDF_FS = module ;
2023-02-02 20:54:46 +00:00
NFSD_V2_ACL = whenOlder " 6 . 2 " yes ;
2022-05-23 09:19:42 +00:00
NFSD_V3 = whenOlder " 5 . 1 8 " yes ;
2016-01-05 14:22:43 +00:00
NFSD_V3_ACL = yes ;
NFSD_V4 = yes ;
2018-06-22 23:54:44 +00:00
NFSD_V4_SECURITY_LABEL = yes ;
2016-01-05 14:22:43 +00:00
NFS_FSCACHE = yes ;
2018-06-22 23:54:44 +00:00
NFS_SWAP = yes ;
2016-01-05 14:22:43 +00:00
NFS_V3_ACL = yes ;
2018-06-22 23:54:44 +00:00
NFS_V4_1 = yes ; # NFSv4.1 client support
NFS_V4_2 = yes ;
NFS_V4_SECURITY_LABEL = yes ;
2016-01-05 14:22:43 +00:00
CIFS_XATTR = yes ;
2018-12-21 14:10:17 +00:00
CIFS_POSIX = option yes ;
2016-01-05 14:22:43 +00:00
CIFS_FSCACHE = yes ;
2021-10-21 19:27:44 +00:00
CIFS_WEAK_PW_HASH = whenOlder " 5 . 1 5 " yes ;
2016-01-05 14:22:43 +00:00
CIFS_UPCALL = yes ;
2020-05-26 12:09:20 +00:00
CIFS_ACL = whenOlder " 5 . 3 " yes ;
2016-01-05 14:22:43 +00:00
CIFS_DFS_UPCALL = yes ;
2018-06-22 23:54:44 +00:00
CEPH_FSCACHE = yes ;
CEPH_FS_POSIX_ACL = yes ;
2016-01-05 14:22:43 +00:00
2018-06-22 23:54:44 +00:00
SQUASHFS_FILE_DIRECT = yes ;
2023-02-02 20:54:46 +00:00
SQUASHFS_DECOMP_MULTI_PERCPU = whenOlder " 6 . 2 " yes ;
2016-01-05 14:22:43 +00:00
SQUASHFS_XATTR = yes ;
SQUASHFS_ZLIB = yes ;
SQUASHFS_LZO = yes ;
SQUASHFS_XZ = yes ;
2018-06-22 23:54:44 +00:00
SQUASHFS_LZ4 = yes ;
2022-11-19 02:48:31 +00:00
SQUASHFS_ZSTD = yes ;
2016-01-05 14:22:43 +00:00
# Native Language Support modules, needed by some filesystems
2018-06-22 23:54:44 +00:00
NLS = yes ;
2018-10-03 09:49:50 +00:00
NLS_DEFAULT = freeform " u t f 8 " ;
2018-06-22 23:54:44 +00:00
NLS_UTF8 = module ;
2018-06-30 11:05:29 +00:00
NLS_CODEPAGE_437 = module ; # VFAT default for the codepage= mount option
NLS_ISO8859_1 = module ; # VFAT default for the iocharset= mount option
2016-01-05 14:22:43 +00:00
2022-02-18 01:26:55 +00:00
# Needed to use the installation iso image. Not included in all defconfigs (e.g. arm64)
ISO9660_FS = module ;
2016-01-05 14:22:43 +00:00
DEVTMPFS = yes ;
2021-01-29 12:38:41 +00:00
UNICODE = whenAtLeast " 5 . 2 " yes ; # Casefolding support for filesystems
2016-01-05 14:22:43 +00:00
} ;
security = {
2022-11-19 02:48:31 +00:00
FORTIFY_SOURCE = option yes ;
2022-01-10 20:44:59 +00:00
2022-01-09 19:41:33 +00:00
# https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
DEBUG_LIST = yes ;
2022-08-27 15:40:23 +00:00
HARDENED_USERCOPY = yes ;
2016-01-05 14:22:43 +00:00
RANDOMIZE_BASE = option yes ;
2022-01-10 20:45:21 +00:00
STRICT_DEVMEM = mkDefault yes ; # Filter access to /dev/mem
2022-02-11 12:54:45 +00:00
IO_STRICT_DEVMEM = mkDefault yes ;
2020-05-26 12:09:20 +00:00
SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder " 5 . 1 " ( freeform " 0 " ) ; # Disable SELinux by default
2016-01-05 14:22:43 +00:00
# Prevent processes from ptracing non-children processes
SECURITY_YAMA = option yes ;
2021-08-12 12:07:12 +00:00
# The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes.
# This does not have any effect if a program does not support it
SECURITY_LANDLOCK = whenAtLeast " 5 . 1 3 " yes ;
2021-06-14 12:25:02 +00:00
DEVKMEM = whenOlder " 5 . 1 3 " no ; # Disable /dev/kmem
2016-01-05 14:22:43 +00:00
2018-06-22 23:54:44 +00:00
USER_NS = yes ; # Support for user namespaces
2016-01-05 14:22:43 +00:00
SECURITY_APPARMOR = yes ;
DEFAULT_SECURITY_APPARMOR = yes ;
2023-10-18 22:40:21 +00:00
RANDOM_TRUST_CPU = whenOlder " 6 . 2 " yes ; # allow RDRAND to seed the RNG
2023-02-02 20:54:46 +00:00
RANDOM_TRUST_BOOTLOADER = whenOlder " 6 . 2 " ( whenAtLeast " 5 . 4 " yes ) ; # allow the bootloader to seed the RNG
2021-02-24 04:35:03 +00:00
2020-12-23 06:33:25 +00:00
MODULE_SIG = no ; # r13y, generates a random key during build and bakes it in
# Depends on MODULE_SIG and only really helps when you sign your modules
# and enforce signatures which we don't do by default.
2022-03-19 23:04:51 +00:00
SECURITY_LOCKDOWN_LSM = whenAtLeast " 5 . 4 " no ;
2022-08-02 07:03:56 +00:00
# provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis
PERSISTENT_KEYRINGS = yes ;
# enable temporary caching of the last request_key() result
KEYS_REQUEST_CACHE = whenAtLeast " 5 . 3 " yes ;
2023-10-30 08:11:15 +00:00
# randomized slab caches
RANDOM_KMALLOC_CACHES = whenAtLeast " 6 . 6 " yes ;
2023-11-04 04:08:09 +00:00
# NIST SP800-90A DRBG modes - enabled by most distributions
# and required by some out-of-tree modules (ShuffleCake)
# This does not include the NSA-backdoored Dual-EC mode from the same NIST publication.
CRYPTO_DRBG_HASH = yes ;
CRYPTO_DRBG_CTR = yes ;
2022-01-04 23:19:09 +00:00
} // optionalAttrs stdenv . hostPlatform . isx86_64 {
2021-11-29 07:03:26 +00:00
# Enable Intel SGX
X86_SGX = whenAtLeast " 5 . 1 1 " yes ;
# Allow KVM guests to load SGX enclaves
X86_SGX_KVM = whenAtLeast " 5 . 1 3 " yes ;
2022-12-01 10:32:45 +00:00
# AMD Cryptographic Coprocessor (CCP)
CRYPTO_DEV_CCP = yes ;
# AMD SME
AMD_MEM_ENCRYPT = yes ;
# AMD SEV and AMD SEV-SE
2023-10-18 22:40:21 +00:00
KVM_AMD_SEV = yes ;
2022-12-01 10:32:45 +00:00
# AMD SEV-SNP
SEV_GUEST = whenAtLeast " 5 . 1 9 " module ;
2023-10-30 08:11:15 +00:00
# Shadow stacks
X86_USER_SHADOW_STACK = whenAtLeast " 6 . 6 " yes ;
2016-01-05 14:22:43 +00:00
} ;
microcode = {
MICROCODE = yes ;
2023-09-11 10:25:02 +00:00
MICROCODE_INTEL = whenOlder " 6 . 6 " yes ;
MICROCODE_AMD = whenOlder " 6 . 6 " yes ;
2016-01-05 14:22:43 +00:00
# Write Back Throttling
# https://lwn.net/Articles/682582/
# https://bugzilla.kernel.org/show_bug.cgi?id=12309#c655
BLK_WBT = yes ;
2019-01-07 12:57:32 +00:00
BLK_WBT_SQ = whenOlder " 5 . 0 " yes ; # Removed in 5.0-RC1
2016-01-05 14:22:43 +00:00
BLK_WBT_MQ = yes ;
} ;
container = {
2018-11-13 01:13:00 +00:00
NAMESPACES = yes ; # Required by 'unshare' used by 'nixos-install'
2016-01-05 14:22:43 +00:00
RT_GROUP_SCHED = no ;
2018-11-13 01:13:00 +00:00
CGROUP_DEVICE = yes ;
CGROUP_HUGETLB = yes ;
CGROUP_PERF = yes ;
2022-11-19 02:48:31 +00:00
CGROUP_RDMA = yes ;
2016-01-05 14:22:43 +00:00
2018-06-22 23:54:44 +00:00
MEMCG = yes ;
2022-10-31 13:21:39 +00:00
MEMCG_SWAP = whenOlder " 6 . 1 " yes ;
2016-01-05 14:22:43 +00:00
BLK_DEV_THROTTLING = yes ;
2019-01-07 12:57:32 +00:00
CFQ_GROUP_IOSCHED = whenOlder " 5 . 0 " yes ; # Removed in 5.0-RC1
2022-02-11 12:54:45 +00:00
CGROUP_PIDS = yes ;
2016-01-05 14:22:43 +00:00
} ;
staging = {
# Enable staging drivers. These are somewhat experimental, but
# they generally don't hurt.
STAGING = yes ;
} ;
proc-events = {
# PROC_EVENTS requires that the netlink connector is not built
# as a module. This is required by libcgroup's cgrulesengd.
CONNECTOR = yes ;
PROC_EVENTS = yes ;
} ;
tracing = {
FTRACE = yes ;
KPROBES = yes ;
FUNCTION_TRACER = yes ;
FTRACE_SYSCALLS = yes ;
SCHED_TRACER = yes ;
STACK_TRACER = yes ;
2022-11-19 02:48:31 +00:00
UPROBE_EVENTS = option yes ;
2022-02-11 12:54:45 +00:00
BPF_SYSCALL = yes ;
2022-03-21 01:19:07 +00:00
BPF_UNPRIV_DEFAULT_OFF = whenBetween " 5 . 1 0 " " 5 . 1 6 " yes ;
2022-02-11 12:54:45 +00:00
BPF_EVENTS = yes ;
2016-01-05 14:22:43 +00:00
FUNCTION_PROFILER = yes ;
RING_BUFFER_BENCHMARK = no ;
} ;
2023-06-20 12:09:54 +00:00
perf = {
# enable AMD Zen branch sampling if available
PERF_EVENTS_AMD_BRS = whenAtLeast " 5 . 1 9 " ( option yes ) ;
} ;
2016-01-05 14:22:43 +00:00
virtualisation = {
PARAVIRT = option yes ;
2021-04-05 10:01:58 +00:00
HYPERVISOR_GUEST = yes ;
2016-01-05 14:22:43 +00:00
PARAVIRT_SPINLOCKS = option yes ;
KVM_ASYNC_PF = yes ;
2022-02-11 12:54:45 +00:00
KVM_GENERIC_DIRTYLOG_READ_PROTECT = yes ;
2021-04-05 10:01:58 +00:00
KVM_GUEST = yes ;
2016-01-05 14:22:43 +00:00
KVM_MMIO = yes ;
2018-06-22 23:54:44 +00:00
KVM_VFIO = yes ;
2016-01-05 14:22:43 +00:00
KSM = yes ;
VIRT_DRIVERS = yes ;
2021-04-01 18:32:45 +00:00
# We need 64 GB (PAE) support for Xen guest support
2018-10-03 09:49:50 +00:00
HIGHMEM64G = { optional = true ; tristate = mkIf ( ! stdenv . is64bit ) " y " ; } ;
2016-01-05 14:22:43 +00:00
2018-10-03 09:49:50 +00:00
VFIO_PCI_VGA = mkIf stdenv . is64bit yes ;
2016-01-05 14:22:43 +00:00
2019-05-04 19:13:26 +00:00
# VirtualBox guest drivers in the kernel conflict with the ones in the
# official additions package and prevent the vboxsf module from loading,
# so disable them for now.
VBOXGUEST = option no ;
DRM_VBOXVIDEO = option no ;
2021-04-01 17:30:29 +00:00
XEN = option yes ;
XEN_DOM0 = option yes ;
2016-01-05 14:22:43 +00:00
PCI_XEN = option yes ;
HVC_XEN = option yes ;
HVC_XEN_FRONTEND = option yes ;
XEN_SYS_HYPERVISOR = option yes ;
SWIOTLB_XEN = option yes ;
XEN_BACKEND = option yes ;
XEN_BALLOON = option yes ;
XEN_BALLOON_MEMORY_HOTPLUG = option yes ;
XEN_EFI = option yes ;
XEN_HAVE_PVMMU = option yes ;
XEN_MCE_LOG = option yes ;
XEN_PVH = option yes ;
XEN_PVHVM = option yes ;
XEN_SAVE_RESTORE = option yes ;
2022-03-19 23:04:51 +00:00
XEN_SELFBALLOONING = whenOlder " 5 . 3 " yes ;
2023-02-27 21:39:23 +00:00
# Enable device detection on virtio-mmio hypervisors
VIRTIO_MMIO_CMDLINE_DEVICES = yes ;
2021-04-01 17:30:29 +00:00
} ;
2016-01-05 14:22:43 +00:00
media = {
MEDIA_DIGITAL_TV_SUPPORT = yes ;
MEDIA_CAMERA_SUPPORT = yes ;
2019-01-07 12:57:32 +00:00
MEDIA_CONTROLLER = yes ;
2016-01-05 14:22:43 +00:00
MEDIA_PCI_SUPPORT = yes ;
MEDIA_USB_SUPPORT = yes ;
MEDIA_ANALOG_TV_SUPPORT = yes ;
2023-07-19 13:07:09 +00:00
VIDEO_STK1160_COMMON = whenOlder " 6 . 5 " module ;
2016-01-05 14:22:43 +00:00
} ;
" 9 p " = {
# Enable the 9P cache to speed up NixOS VM tests.
" 9 P _ F S C A C H E " = option yes ;
" 9 P _ F S _ P O S I X _ A C L " = option yes ;
} ;
huge-page = {
TRANSPARENT_HUGEPAGE = option yes ;
TRANSPARENT_HUGEPAGE_ALWAYS = option no ;
TRANSPARENT_HUGEPAGE_MADVISE = option yes ;
} ;
zram = {
2023-05-16 17:05:33 +00:00
ZRAM = module ;
ZRAM_WRITEBACK = option yes ;
ZSWAP = option yes ;
2023-06-14 10:49:13 +00:00
ZPOOL = yes ;
2023-05-16 17:05:33 +00:00
ZBUD = option yes ;
2016-01-05 14:22:43 +00:00
} ;
brcmfmac = {
# Enable PCIe and USB for the brcmfmac driver
BRCMFMAC_USB = option yes ;
BRCMFMAC_PCIE = option yes ;
} ;
# Support x2APIC (which requires IRQ remapping)
2018-08-20 19:11:29 +00:00
x2apic = optionalAttrs ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " ) {
2016-01-05 14:22:43 +00:00
X86_X2APIC = yes ;
IRQ_REMAP = yes ;
} ;
2018-06-30 11:05:29 +00:00
# Disable various self-test modules that have no use in a production system
2016-01-05 14:22:43 +00:00
tests = {
# This menu disables all/most of them on >= 4.16
RUNTIME_TESTING_MENU = option no ;
} // {
CRC32_SELFTEST = option no ;
CRYPTO_TEST = option no ;
EFI_TEST = option no ;
GLOB_SELFTEST = option no ;
LOCK_TORTURE_TEST = option no ;
MTD_TESTS = option no ;
NOTIFIER_ERROR_INJECTION = option no ;
2022-10-23 16:28:32 +00:00
RCU_PERF_TEST = whenOlder " 5 . 9 " no ;
2022-03-19 23:04:51 +00:00
RCU_SCALE_TEST = whenAtLeast " 5 . 1 0 " no ;
2016-01-05 14:22:43 +00:00
RCU_TORTURE_TEST = option no ;
TEST_ASYNC_DRIVER_PROBE = option no ;
WW_MUTEX_SELFTEST = option no ;
XZ_DEC_TEST = option no ;
2019-05-08 17:40:39 +00:00
} ;
2023-10-18 22:40:21 +00:00
criu = {
2021-02-15 21:48:12 +00:00
# Unconditionally enabled, because it is required for CRIU and
# it provides the kcmp() system call that Mesa depends on.
CHECKPOINT_RESTORE = yes ;
2023-10-18 22:40:21 +00:00
} ;
2016-01-05 14:22:43 +00:00
2021-04-03 08:46:30 +00:00
misc = let
# Use zstd for kernel compression if 64-bit and newer than 5.9, otherwise xz.
# i686 issues: https://github.com/NixOS/nixpkgs/pull/117961#issuecomment-812106375
useZstd = stdenv . buildPlatform . is64bit && versionAtLeast version " 5 . 9 " ;
in {
KERNEL_XZ = mkIf ( ! useZstd ) yes ;
KERNEL_ZSTD = mkIf useZstd yes ;
2019-09-05 15:22:13 +00:00
HID_BATTERY_STRENGTH = yes ;
2020-05-02 12:06:43 +00:00
# enabled by default in x86_64 but not arm64, so we do that here
HIDRAW = yes ;
2020-06-11 10:41:59 +00:00
HID_ACRUX_FF = yes ;
DRAGONRISE_FF = yes ;
2022-01-24 10:01:59 +00:00
GREENASIA_FF = yes ;
2020-06-11 10:41:59 +00:00
HOLTEK_FF = yes ;
2022-11-19 02:48:31 +00:00
JOYSTICK_PSXPAD_SPI_FF = yes ;
2022-01-24 10:01:59 +00:00
LOGIG940_FF = yes ;
NINTENDO_FF = whenAtLeast " 5 . 1 6 " yes ;
PLAYSTATION_FF = whenAtLeast " 5 . 1 2 " yes ;
2020-06-11 10:41:59 +00:00
SONY_FF = yes ;
SMARTJOYPLUS_FF = yes ;
THRUSTMASTER_FF = yes ;
ZEROPLUS_FF = yes ;
2021-06-14 12:25:02 +00:00
MODULE_COMPRESS = whenOlder " 5 . 1 3 " yes ;
2018-06-22 23:54:44 +00:00
MODULE_COMPRESS_XZ = yes ;
2020-12-12 04:56:33 +00:00
2020-04-05 03:18:36 +00:00
SYSVIPC = yes ; # System-V IPC
2020-05-10 21:34:19 +00:00
AIO = yes ; # POSIX asynchronous I/O
2018-06-22 23:54:44 +00:00
UNIX = yes ; # Unix domain sockets.
2016-01-05 14:22:43 +00:00
2018-06-22 23:54:44 +00:00
MD = yes ; # Device mapper (RAID, LVM, etc.)
2016-01-05 14:22:43 +00:00
# Enable initrd support.
BLK_DEV_INITRD = yes ;
PM_TRACE_RTC = no ; # Disable some expensive (?) features.
ACCESSIBILITY = yes ; # Accessibility support
AUXDISPLAY = yes ; # Auxiliary Display support
HIPPI = yes ;
MTD_COMPLEX_MAPPINGS = yes ; # needed for many devices
SCSI_LOWLEVEL = yes ; # enable lots of SCSI devices
SCSI_LOWLEVEL_PCMCIA = yes ;
SCSI_SAS_ATA = yes ; # added to enable detection of hard drive
SPI = yes ; # needed for many devices
SPI_MASTER = yes ;
" 8 1 3 9 T O O _ 8 1 2 9 " = yes ;
" 8 1 3 9 T O O _ P I O " = no ; # PIO is slower
AIC79XX_DEBUG_ENABLE = no ;
AIC7XXX_DEBUG_ENABLE = no ;
AIC94XX_DEBUG = no ;
BLK_DEV_INTEGRITY = yes ;
2022-11-19 02:48:31 +00:00
BLK_SED_OPAL = yes ;
2019-02-21 12:05:43 +00:00
2016-01-05 14:22:43 +00:00
BSD_PROCESS_ACCT_V3 = yes ;
2022-11-19 02:48:31 +00:00
SERIAL_DEV_BUS = yes ; # enables support for serial devices
SERIAL_DEV_CTRL_TTYPORT = yes ; # enables support for TTY serial devices
2021-11-03 05:09:53 +00:00
2021-11-14 00:13:34 +00:00
BT_HCIBTUSB_MTK = whenAtLeast " 5 . 3 " yes ; # MediaTek protocol support
2022-02-11 12:54:45 +00:00
BT_HCIUART_QCA = yes ; # Qualcomm Atheros protocol support
2022-11-19 02:48:31 +00:00
BT_HCIUART_SERDEV = yes ; # required by BT_HCIUART_QCA
2022-02-11 12:54:45 +00:00
BT_HCIUART = module ; # required for BT devices with serial port interface (QCA6390)
2016-01-05 14:22:43 +00:00
BT_HCIUART_BCSP = option yes ;
BT_HCIUART_H4 = option yes ; # UART (H4) protocol support
BT_HCIUART_LL = option yes ;
2018-06-22 23:54:44 +00:00
BT_RFCOMM_TTY = option yes ; # RFCOMM TTY support
2022-02-11 12:54:45 +00:00
BT_QCA = module ; # enables QCA6390 bluetooth
2016-01-05 14:22:43 +00:00
2022-03-23 22:45:14 +00:00
# Removed on 5.17 as it was unused
# upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a4ee518185e902758191d968600399f3bc2be31
CLEANCACHE = whenOlder " 5 . 1 7 " ( option yes ) ;
2018-06-22 23:54:44 +00:00
CRASH_DUMP = option no ;
2016-01-05 14:22:43 +00:00
2023-09-17 13:19:23 +00:00
FSCACHE_STATS = yes ;
2016-01-05 14:22:43 +00:00
DVB_DYNAMIC_MINORS = option yes ; # we use udev
2018-06-22 23:54:44 +00:00
EFI_STUB = yes ; # EFI bootloader in the bzImage itself
2021-10-05 08:39:07 +00:00
EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER =
2023-02-02 20:54:46 +00:00
whenOlder " 6 . 2 " ( whenAtLeast " 5 . 8 " yes ) ; # initrd kernel parameter for EFI
2018-06-22 23:54:44 +00:00
CGROUPS = yes ; # used by systemd
FHANDLE = yes ; # used by systemd
SECCOMP = yes ; # used by systemd >= 231
SECCOMP_FILTER = yes ; # ditto
POSIX_MQUEUE = yes ;
2023-09-11 10:25:02 +00:00
FRONTSWAP = whenOlder " 6 . 6 " yes ;
2018-06-22 23:54:44 +00:00
FUSION = yes ; # Fusion MPT device support
2021-08-02 18:50:35 +00:00
IDE = whenOlder " 5 . 1 4 " no ; # deprecated IDE support, removed in 5.14
2018-06-22 23:54:44 +00:00
IDLE_PAGE_TRACKING = yes ;
2016-01-05 14:22:43 +00:00
2019-08-20 18:54:37 +00:00
JOYSTICK_IFORCE_232 = { optional = true ; tristate = whenOlder " 5 . 3 " " y " ; } ; # I-Force Serial joysticks and wheels
JOYSTICK_IFORCE_USB = { optional = true ; tristate = whenOlder " 5 . 3 " " y " ; } ; # I-Force USB joysticks and wheels
2016-01-05 14:22:43 +00:00
JOYSTICK_XPAD_FF = option yes ; # X-Box gamepad rumble support
JOYSTICK_XPAD_LEDS = option yes ; # LED Support for Xbox360 controller 'BigX' LED
2019-10-23 13:03:16 +00:00
KEYBOARD_APPLESPI = whenAtLeast " 5 . 3 " module ;
2016-01-05 14:22:43 +00:00
KEXEC_FILE = option yes ;
KEXEC_JUMP = option yes ;
2020-05-26 12:09:20 +00:00
PARTITION_ADVANCED = yes ; # Needed for LDM_PARTITION
2016-01-05 14:22:43 +00:00
# Windows Logical Disk Manager (Dynamic Disk) support
2020-05-26 12:09:20 +00:00
LDM_PARTITION = yes ;
2016-01-05 14:22:43 +00:00
LOGIRUMBLEPAD2_FF = yes ; # Logitech Rumblepad 2 force feedback
LOGO = no ; # not needed
MEDIA_ATTACH = yes ;
MEGARAID_NEWGEN = yes ;
2018-10-30 16:29:37 +00:00
MLX5_CORE_EN = option yes ;
2016-01-05 14:22:43 +00:00
2023-10-18 22:40:21 +00:00
NVME_MULTIPATH = yes ;
2021-03-10 17:40:30 +00:00
2019-02-22 17:19:36 +00:00
PSI = whenAtLeast " 4 . 2 0 " yes ;
2020-05-23 02:35:19 +00:00
MOUSE_ELAN_I2C_SMBUS = yes ;
2016-01-05 14:22:43 +00:00
MOUSE_PS2_ELANTECH = yes ; # Elantech PS/2 protocol extension
2021-07-20 19:41:36 +00:00
MOUSE_PS2_VMMOUSE = yes ;
2016-01-05 14:22:43 +00:00
MTRR_SANITIZER = yes ;
NET_FC = yes ; # Fibre Channel driver support
2022-08-08 14:28:05 +00:00
# Needed for touchpads to work on some AMD laptops
2022-08-09 00:42:45 +00:00
PINCTRL_AMD = whenAtLeast " 5 . 1 9 " yes ;
2016-01-05 14:22:43 +00:00
# GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks
2018-06-22 23:54:44 +00:00
PINCTRL_BAYTRAIL = yes ;
2021-10-27 23:36:36 +00:00
# GPIO for Braswell and Cherryview devices
# Needs to be built-in to for integrated keyboards to function properly
PINCTRL_CHERRYVIEW = yes ;
2016-01-05 14:22:43 +00:00
# 8 is default. Modern gpt tables on eMMC may go far beyond 8.
2018-10-03 09:49:50 +00:00
MMC_BLOCK_MINORS = freeform " 3 2 " ;
2016-01-05 14:22:43 +00:00
REGULATOR = yes ; # Voltage and Current Regulator Support
2018-06-22 23:54:44 +00:00
RC_DEVICES = option yes ; # Enable IR devices
2023-03-27 23:52:45 +00:00
RC_DECODERS = option yes ; # Required for IR devices to work
2016-01-05 14:22:43 +00:00
RT2800USB_RT53XX = yes ;
2018-06-22 23:54:44 +00:00
RT2800USB_RT55XX = yes ;
2016-01-05 14:22:43 +00:00
SCHED_AUTOGROUP = yes ;
CFS_BANDWIDTH = yes ;
SCSI_LOGGING = yes ; # SCSI logging facility
SERIAL_8250 = yes ; # 8250/16550 and compatible serial support
2022-11-19 02:48:31 +00:00
SLAB_FREELIST_HARDENED = yes ;
SLAB_FREELIST_RANDOM = yes ;
2022-08-27 17:45:26 +00:00
2016-01-05 14:22:43 +00:00
SLIP_COMPRESSED = yes ; # CSLIP compressed headers
SLIP_SMART = yes ;
HWMON = yes ;
THERMAL_HWMON = yes ; # Hardware monitoring support
2020-02-03 17:08:45 +00:00
NVME_HWMON = whenAtLeast " 5 . 5 " yes ; # NVMe drives temperature reporting
2018-06-22 23:54:44 +00:00
UEVENT_HELPER = no ;
2016-01-05 14:22:43 +00:00
2018-06-22 23:54:44 +00:00
USERFAULTFD = yes ;
2016-01-05 14:22:43 +00:00
X86_CHECK_BIOS_CORRUPTION = yes ;
X86_MCE = yes ;
2020-11-24 10:44:22 +00:00
RAS = yes ; # Needed for EDAC support
2016-01-05 14:22:43 +00:00
# Our initrd init uses shebang scripts, so can't be modular.
2018-06-22 23:54:44 +00:00
BINFMT_SCRIPT = yes ;
2016-01-05 14:22:43 +00:00
# For systemd-binfmt
BINFMT_MISC = option yes ;
# Disable the firmware helper fallback, udev doesn't implement it any more
FW_LOADER_USER_HELPER_FALLBACK = option no ;
2022-05-12 15:21:04 +00:00
FW_LOADER_COMPRESS = option yes ;
2018-06-22 23:54:44 +00:00
HOTPLUG_PCI_ACPI = yes ; # PCI hotplug using ACPI
HOTPLUG_PCI_PCIE = yes ; # PCI-Expresscard hotplug support
2016-01-05 14:22:43 +00:00
2019-03-18 02:28:25 +00:00
# Enable AMD's ROCm GPU compute stack
2020-06-12 06:52:09 +00:00
HSA_AMD = mkIf stdenv . hostPlatform . is64bit ( whenAtLeast " 4 . 2 0 " yes ) ;
ZONE_DEVICE = mkIf stdenv . hostPlatform . is64bit ( whenAtLeast " 5 . 3 " yes ) ;
2019-12-07 16:06:42 +00:00
HMM_MIRROR = whenAtLeast " 5 . 3 " yes ;
DRM_AMDGPU_USERPTR = whenAtLeast " 5 . 3 " yes ;
2019-03-18 02:28:25 +00:00
2019-05-08 17:42:24 +00:00
PREEMPT = no ;
PREEMPT_VOLUNTARY = yes ;
2019-10-14 10:40:35 +00:00
2019-09-08 14:22:27 +00:00
X86_AMD_PLATFORM_DEVICE = yes ;
2021-06-23 13:30:09 +00:00
X86_PLATFORM_DRIVERS_DELL = whenAtLeast " 5 . 1 2 " yes ;
2023-09-16 12:54:08 +00:00
X86_PLATFORM_DRIVERS_HP = whenAtLeast " 6 . 1 " yes ;
2019-05-08 17:42:24 +00:00
2023-10-18 22:40:21 +00:00
LIRC = yes ;
2021-06-23 14:41:35 +00:00
2021-11-13 06:29:51 +00:00
SCHED_CORE = whenAtLeast " 5 . 1 4 " yes ;
2022-12-09 21:35:36 +00:00
LRU_GEN = whenAtLeast " 6 . 1 " yes ;
2022-12-09 21:35:51 +00:00
LRU_GEN_ENABLED = whenAtLeast " 6 . 1 " yes ;
2022-12-09 21:35:36 +00:00
2021-12-17 23:05:49 +00:00
FSL_MC_UAPI_SUPPORT = mkIf ( stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) ( whenAtLeast " 5 . 1 2 " yes ) ;
2021-12-25 22:16:26 +00:00
2022-07-07 12:24:33 +00:00
ASHMEM = { optional = true ; tristate = whenBetween " 5 . 0 " " 5 . 1 8 " " y " ; } ;
2023-03-29 05:21:45 +00:00
ANDROID = { optional = true ; tristate = whenBetween " 5 . 0 " " 5 . 1 9 " " y " ; } ;
2020-11-01 06:08:13 +00:00
ANDROID_BINDER_IPC = { optional = true ; tristate = whenAtLeast " 5 . 0 " " y " ; } ;
ANDROID_BINDERFS = { optional = true ; tristate = whenAtLeast " 5 . 0 " " y " ; } ;
ANDROID_BINDER_DEVICES = { optional = true ; freeform = whenAtLeast " 5 . 0 " " b i n d e r , h w b i n d e r , v n d b i n d e r " ; } ;
linux: enable TASKSTATS, TASK_XACCT, TASK_DELAY_ACCT and TASK_IO_ACCOUNTING
iotop needs TASKSTATS, TASK_DELAY_ACCT, TASK_XACCT and
TASK_IO_ACCOUNTING to work. For x86_64, all these options are enabled
by upstream[1]. For aarch64, however, only TASK_XACCT and
TASK_IO_ACCOUNTING are enabled by upstream[2].
This patch enables all these four options for aarch64, which have been
enabled by many other distributions, e.g. debian[3], fedora[4],
rhel[5] and gentoo[6].
I tried to only enable TASKSTATS and TASK_DELAY_ACCT since the other
two options are enabled by upstream, but it turns out that it's
necessary to explicitly enable all four options. I do not figure out
the reason though.
Additionally, given that debian enables these four options for all
arch[3], I think it's safe for us to do the same thing.
[1]: https://github.com/torvalds/linux/blob/56e337f2cf1326323844927a04e9dbce9a244835/arch/x86/configs/x86_64_defconfig#L8-L11
[2]: https://github.com/torvalds/linux/blob/56e337f2cf1326323844927a04e9dbce9a244835/arch/arm64/configs/defconfig#L10-L11
[3]: https://salsa.debian.org/kernel-team/linux/-/blob/da6ddc7d8f1a95980d9a1c499fe58066cfe1986b/debian/config/config#L6356-6359
[4]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-aarch64-fedora.config#_7398
[5]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-aarch64-rhel.config#_5885
[6]: https://github.com/gentoo/gentoo/blob/b839fccce25d49df2fcfe5ed184b557796b0d6bd/sys-kernel/gentoo-kernel/gentoo-kernel-5.15.29.ebuild#L27
2022-03-17 09:45:40 +00:00
TASKSTATS = yes ;
TASK_DELAY_ACCT = yes ;
TASK_XACCT = yes ;
TASK_IO_ACCOUNTING = yes ;
2022-05-30 06:15:14 +00:00
# Fresh toolchains frequently break -Werror build for minor issues.
WERROR = whenAtLeast " 5 . 1 5 " no ;
2023-08-09 07:54:07 +00:00
# > CONFIG_KUNIT should not be enabled in a production environment. Enabling KUnit disables Kernel Address-Space Layout Randomization (KASLR), and tests may affect the state of the kernel in ways not suitable for production.
# https://www.kernel.org/doc/html/latest/dev-tools/kunit/start.html
2023-08-12 07:10:06 +00:00
KUNIT = whenAtLeast " 5 . 5 " no ;
2019-01-19 18:19:28 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " || stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) {
2019-07-22 17:22:16 +00:00
# Enable CPU/memory hotplug support
# Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot
ACPI_HOTPLUG_CPU = yes ;
2019-01-16 19:58:08 +00:00
ACPI_HOTPLUG_MEMORY = yes ;
MEMORY_HOTPLUG = yes ;
MEMORY_HOTREMOVE = yes ;
2019-07-22 17:22:16 +00:00
HOTPLUG_CPU = yes ;
2019-01-16 19:58:08 +00:00
MIGRATION = yes ;
SPARSEMEM = yes ;
2016-01-05 14:22:43 +00:00
# Bump the maximum number of CPUs to support systems like EC2 x1.*
# instances and Xeon Phi.
2018-10-03 09:49:50 +00:00
NR_CPUS = freeform " 3 8 4 " ;
2021-05-01 20:59:15 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " a r m v 7 l - l i n u x " || stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) {
2019-06-11 01:31:20 +00:00
# Enables support for the Allwinner Display Engine 2.0
2022-11-19 02:48:31 +00:00
SUN8I_DE2_CCU = yes ;
2019-11-28 14:20:15 +00:00
# See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647
2020-05-26 12:09:20 +00:00
CRYPTO_AEGIS128_SIMD = whenAtLeast " 5 . 4 " no ;
2020-09-14 03:26:21 +00:00
# Distros should configure the default as a kernel option.
# We previously defined it on the kernel command line as cma=
# The kernel command line will override a platform-specific configuration from its device tree.
# https://github.com/torvalds/linux/blob/856deb866d16e29bd65952e0289066f6078af773/kernel/dma/contiguous.c#L35-L44
CMA_SIZE_MBYTES = freeform " 3 2 " ;
2021-04-19 20:23:11 +00:00
# Many ARM SBCs hand off a pre-configured framebuffer.
# This always can can be replaced by the actual native driver.
# Keeping it a built-in ensures it will be used if possible.
FB_SIMPLE = yes ;
2021-05-01 20:59:15 +00:00
2023-09-18 04:14:09 +00:00
# https://docs.kernel.org/arch/arm/mem_alignment.html
# tldr:
# when buggy userspace code emits illegal misaligned LDM, STM,
# LDRD and STRDs, the instructions trap, are caught, and then
# are emulated by the kernel.
#
# This is the default on armv7l, anyway, but it is explicitly
# enabled here for the sake of providing context for the
# aarch64 compat option which follows.
ALIGNMENT_TRAP = mkIf ( stdenv . hostPlatform . system == " a r m v 7 l - l i n u x " ) yes ;
# https://patchwork.kernel.org/project/linux-arm-kernel/patch/20220701135322.3025321-1-ardb@kernel.org/
# tldr:
# when encountering alignment faults under aarch64, this option
# makes the kernel attempt to handle the fault by doing the
# same style of misaligned emulation that is performed under
# armv7l (see above option).
#
# This minimizes the potential for aarch32 userspace to behave
# differently when run under aarch64 kernels compared to when
# it is run under an aarch32 kernel.
COMPAT_ALIGNMENT_FIXUPS = mkIf ( stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) ( whenAtLeast " 6 . 1 " yes ) ;
2021-07-18 17:52:04 +00:00
} // optionalAttrs ( versionAtLeast version " 5 . 4 " && ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " || stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) ) {
# Required for various hardware features on Chrome OS devices
CHROME_PLATFORMS = yes ;
CHROMEOS_TBMC = module ;
CROS_EC = module ;
CROS_EC_I2C = module ;
CROS_EC_SPI = module ;
CROS_EC_LPC = module ;
CROS_EC_ISHTP = module ;
CROS_KBD_LED_BACKLIGHT = module ;
2023-04-24 02:30:36 +00:00
TCG_TIS_SPI_CR50 = whenAtLeast " 5 . 5 " yes ;
2021-07-18 17:52:04 +00:00
} // optionalAttrs ( versionAtLeast version " 5 . 4 " && stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " ) {
CHROMEOS_LAPTOP = module ;
CHROMEOS_PSTORE = module ;
2016-01-05 14:22:43 +00:00
} ;
} ;
2018-10-03 09:49:50 +00:00
in
flattenKConf options
