nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

1042 lines
40 KiB
Nix
Raw Normal View History

# WARNING/NOTE: whenever you want to add an option here you need to either
# * mark it as an optional one with `option`,
# * or make sure it works for all the versions in nixpkgs,
# * or check for which kernel versions it will work (using kernel
# changelog, google or whatever) and mark it with `whenOlder` or
# `whenAtLeast`.
# Then do test your change by building all the kernels (or at least
# their configs) in Nixpkgs or else you will guarantee lots and lots
# of pain to users trying to switch to an older kernel because of some
# hardware problems with a new one.
# Configuration
2021-01-15 14:45:37 +00:00
{ lib, stdenv, version
, features ? {}
}:
2021-01-15 14:45:37 +00:00
with lib;
with lib.kernel;
with (lib.kernel.whenHelpers version);
let
2018-06-25 00:12:17 +00:00
# configuration items have to be part of a subattrs
flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested));
whenPlatformHasEBPFJit =
mkIf (stdenv.hostPlatform.isAarch32 ||
stdenv.hostPlatform.isAarch64 ||
stdenv.hostPlatform.isx86_64 ||
(stdenv.hostPlatform.isPower && stdenv.hostPlatform.is64bit) ||
(stdenv.hostPlatform.isMips && stdenv.hostPlatform.is64bit));
options = {
debug = {
# Necessary for BTF
DEBUG_INFO = yes;
DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = whenAtLeast "5.18" yes;
# Reduced debug info conflict with BTF and have been enabled in
# aarch64 defconfig since 5.13
DEBUG_INFO_REDUCED = whenAtLeast "5.13" (option no);
DEBUG_INFO_BTF = whenAtLeast "5.2" (option yes);
# Allow loading modules with mismatched BTFs
# FIXME: figure out how to actually make BTFs reproducible instead
# See https://github.com/NixOS/nixpkgs/pull/181456 for details.
MODULE_ALLOW_BTF_MISMATCH = whenAtLeast "5.18" (option yes);
BPF_LSM = whenAtLeast "5.7" (option yes);
DEBUG_KERNEL = yes;
DEBUG_DEVRES = no;
DYNAMIC_DEBUG = yes;
DEBUG_STACK_USAGE = no;
RCU_TORTURE_TEST = no;
SCHEDSTATS = no;
DETECT_HUNG_TASK = yes;
CRASH_DUMP = option no;
# Easier debugging of NFS issues.
SUNRPC_DEBUG = yes;
# Provide access to tunables like sched_migration_cost_ns
SCHED_DEBUG = yes;
GDB_SCRIPTS = yes;
};
power-management = {
CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
CPU_FREQ_GOV_SCHEDUTIL = yes;
PM_ADVANCED_DEBUG = yes;
PM_WAKELOCKS = yes;
POWERCAP = yes;
# ACPI Firmware Performance Data Table Support
2023-02-19 20:04:50 +00:00
ACPI_FPDT = whenAtLeast "5.12" (option yes);
# ACPI Heterogeneous Memory Attribute Table Support
2023-02-19 20:04:50 +00:00
ACPI_HMAT = whenAtLeast "5.2" (option yes);
# ACPI Platform Error Interface
2023-02-19 20:04:50 +00:00
ACPI_APEI = (option yes);
# APEI Generic Hardware Error Source
2023-02-19 20:04:50 +00:00
ACPI_APEI_GHES = (option yes);
# Enable lazy RCUs for power savings:
# https://lore.kernel.org/rcu/20221019225138.GA2499943@paulmck-ThinkPad-P17-Gen-1/
RCU_LAZY = whenAtLeast "6.2" yes;
} // optionalAttrs (stdenv.hostPlatform.isx86) {
INTEL_IDLE = yes;
INTEL_RAPL = whenAtLeast "5.3" module;
X86_INTEL_LPSS = yes;
X86_INTEL_PSTATE = yes;
X86_AMD_PSTATE = whenAtLeast "5.17" yes;
# Intel DPTF (Dynamic Platform and Thermal Framework) Support
ACPI_DPTF = whenAtLeast "5.10" yes;
};
external-firmware = {
# Support drivers that need external firmware.
STANDALONE = no;
};
proc-config-gz = {
# Make /proc/config.gz available
IKCONFIG = yes;
IKCONFIG_PROC = yes;
};
optimization = {
# Optimize with -O2, not -Os
CC_OPTIMIZE_FOR_SIZE = no;
};
memtest = {
MEMTEST = yes;
};
# Include the CFQ I/O scheduler in the kernel, rather than as a
# module, so that the initrd gets a good I/O scheduler.
scheduler = {
2019-01-07 12:57:32 +00:00
IOSCHED_CFQ = whenOlder "5.0" yes; # Removed in 5.0-RC1
BLK_CGROUP = yes; # required by CFQ"
BLK_CGROUP_IOLATENCY = whenAtLeast "4.19" yes;
BLK_CGROUP_IOCOST = whenAtLeast "5.4" yes;
2019-01-07 12:57:32 +00:00
IOSCHED_DEADLINE = whenOlder "5.0" yes; # Removed in 5.0-RC1
MQ_IOSCHED_DEADLINE = yes;
BFQ_GROUP_IOSCHED = yes;
MQ_IOSCHED_KYBER = yes;
IOSCHED_BFQ = module;
};
timer = {
# Enable Full Dynticks System.
NO_HZ_FULL = mkIf stdenv.is64bit yes; # TODO: more precise condition?
};
# Enable NUMA.
numa = {
NUMA = option yes;
};
networking = {
NET = yes;
IP_ADVANCED_ROUTER = yes;
IP_PNP = no;
IP_VS_PROTO_TCP = yes;
IP_VS_PROTO_UDP = yes;
IP_VS_PROTO_ESP = yes;
IP_VS_PROTO_AH = yes;
IP_VS_IPV6 = yes;
IP_DCCP_CCID3 = no; # experimental
CLS_U32_PERF = yes;
CLS_U32_MARK = yes;
BPF_JIT = whenPlatformHasEBPFJit yes;
BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304
HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes;
BPF_STREAM_PARSER = whenAtLeast "4.19" yes;
XDP_SOCKETS = whenAtLeast "4.19" yes;
XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes;
WAN = yes;
TCP_CONG_ADVANCED = yes;
TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19
# Required by systemd per-cgroup firewalling
CGROUP_BPF = option yes;
CGROUP_NET_PRIO = yes; # Required by systemd
IP_ROUTE_VERBOSE = yes;
IP_MROUTE_MULTIPLE_TABLES = yes;
IP_MULTICAST = yes;
IP_MULTIPLE_TABLES = yes;
IPV6 = yes;
IPV6_ROUTER_PREF = yes;
IPV6_ROUTE_INFO = yes;
IPV6_OPTIMISTIC_DAD = yes;
IPV6_MULTIPLE_TABLES = yes;
IPV6_SUBTREES = yes;
IPV6_MROUTE = yes;
IPV6_MROUTE_MULTIPLE_TABLES = yes;
IPV6_PIMSM_V2 = yes;
IPV6_FOU_TUNNEL = module;
IPV6_SEG6_LWTUNNEL = yes;
IPV6_SEG6_HMAC = yes;
2021-03-25 04:54:30 +00:00
IPV6_SEG6_BPF = whenAtLeast "4.18" yes;
NET_CLS_BPF = module;
NET_ACT_BPF = module;
NET_SCHED = yes;
L2TP_V3 = yes;
L2TP_IP = module;
L2TP_ETH = module;
BRIDGE_VLAN_FILTERING = yes;
BONDING = module;
NET_L3_MASTER_DEV = option yes;
NET_FOU_IP_TUNNELS = option yes;
IP_NF_TARGET_REDIRECT = module;
PPP_MULTILINK = yes; # PPP multilink support
PPP_FILTER = yes;
# needed for iwd WPS support (wpa_supplicant replacement)
KEY_DH_OPERATIONS = yes;
# needed for nftables
2019-10-14 13:41:39 +00:00
# Networking Options
NETFILTER = yes;
NETFILTER_ADVANCED = yes;
# Core Netfilter Configuration
NF_CONNTRACK_ZONES = yes;
NF_CONNTRACK_EVENTS = yes;
NF_CONNTRACK_TIMEOUT = yes;
NF_CONNTRACK_TIMESTAMP = yes;
NETFILTER_NETLINK_GLUE_CT = yes;
NF_TABLES_INET = mkMerge [ (whenOlder "4.17" module)
(whenAtLeast "4.17" yes) ];
NF_TABLES_NETDEV = mkMerge [ (whenOlder "4.17" module)
(whenAtLeast "4.17" yes) ];
2021-01-17 16:21:56 +00:00
NFT_REJECT_NETDEV = whenAtLeast "5.11" module;
2019-10-14 13:41:39 +00:00
# IP: Netfilter Configuration
NF_TABLES_IPV4 = mkMerge [ (whenOlder "4.17" module)
(whenAtLeast "4.17" yes) ];
NF_TABLES_ARP = mkMerge [ (whenOlder "4.17" module)
(whenAtLeast "4.17" yes) ];
2019-10-14 13:41:39 +00:00
# IPv6: Netfilter Configuration
NF_TABLES_IPV6 = mkMerge [ (whenOlder "4.17" module)
(whenAtLeast "4.17" yes) ];
2019-10-14 13:41:39 +00:00
# Bridge Netfilter Configuration
NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes)
(whenAtLeast "5.3" module) ];
# needed for `dropwatch`
# Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450
NET_DROP_MONITOR = yes;
# needed for ss
# Use a lower priority to allow these options to be overridden in hardened/config.nix
INET_DIAG = mkDefault module;
INET_TCP_DIAG = mkDefault module;
INET_UDP_DIAG = mkDefault module;
INET_RAW_DIAG = mkDefault module;
INET_DIAG_DESTROY = mkDefault yes;
# enable multipath-tcp
MPTCP = whenAtLeast "5.6" yes;
MPTCP_IPV6 = whenAtLeast "5.6" yes;
INET_MPTCP_DIAG = whenAtLeast "5.9" (mkDefault module);
2021-11-22 09:34:00 +00:00
# Kernel TLS
TLS = module;
2021-11-22 09:34:00 +00:00
TLS_DEVICE = whenAtLeast "4.18" yes;
# infiniband
INFINIBAND = module;
INFINIBAND_IPOIB = module;
INFINIBAND_IPOIB_CM = yes;
};
wireless = {
CFG80211_WEXT = option yes; # Without it, ipw2200 drivers don't build
IPW2100_MONITOR = option yes; # support promiscuous mode
IPW2200_MONITOR = option yes; # support promiscuous mode
HOSTAP_FIRMWARE = option yes; # Support downloading firmware images with Host AP driver
HOSTAP_FIRMWARE_NVRAM = option yes;
ATH9K_PCI = option yes; # Detect Atheros AR9xxx cards on PCI(e) bus
ATH9K_AHB = option yes; # Ditto, AHB bus
B43_PHY_HT = option yes;
BCMA_HOST_PCI = option yes;
RTW88 = whenAtLeast "5.2" module;
2020-06-15 15:10:00 +00:00
RTW88_8822BE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ];
RTW88_8822CE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ];
};
fb = {
FB = yes;
FB_EFI = yes;
FB_NVIDIA_I2C = yes; # Enable DDC Support
FB_RIVA_I2C = yes;
FB_ATY_CT = yes; # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support
FB_ATY_GX = yes; # Mach64 GX support
FB_SAVAGE_I2C = yes;
FB_SAVAGE_ACCEL = yes;
FB_SIS_300 = yes;
FB_SIS_315 = yes;
FB_3DFX_ACCEL = yes;
FB_VESA = yes;
FRAMEBUFFER_CONSOLE = yes;
FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = whenAtLeast "4.19" yes;
FRAMEBUFFER_CONSOLE_ROTATION = yes;
FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes;
# On 5.14 this conflicts with FB_SIMPLE.
DRM_SIMPLEDRM = whenAtLeast "5.14" no;
};
fonts = {
FONTS = yes;
# Default fonts enabled if FONTS is not set
FONT_8x8 = yes;
FONT_8x16 = yes;
# High DPI font
FONT_TER16x32 = whenAtLeast "5.0" yes;
};
video = {
linux: Disable DRM_LEGACY, NOUVEAU_LEGACY_CTX_SUPPORT This currently gets enabled as generate-config.pl will enable all the drivers below it as modules. Is “not set” in [Arch][1], [Debian][2], [Fedora][3]. See also [summary of setting from various distros in April 2020][4]. Recommended disabled by [CLIP OS][5] and per current [Kernel config description][6]: > bool "Enable legacy drivers (DANGEROUS)" > Enable legacy DRI1 drivers. Those drivers expose unsafe and dangerous > APIs to user-space, which can be used to circumvent access > restrictions and other security measures. For backwards compatibility > those drivers are still available, but their use is highly > inadvisable and might harm your system. > > You are recommended to use the safe modeset-only drivers instead, and > perform 3D emulation in user-space. > > Unless you have strong reasons to go rogue, say "N". Also disable NOUVEAU_LEGACY_CTX_SUPPORT, as this does `select DRM_LEGACY`. Per Kernel config docs: >There was a version of the nouveau DDX that relied on legacy > ctx ioctls not erroring out. But that was back in time a long > ways, so offer a way to disable it now. For uapi compat with > old nouveau ddx this should be on by default, but modern distros > should consider turning it off. and the [commit][7]: > These driver functions contain several bugs and security holes. This > change makes these functions optional can be turned on by a setting, > they are turned off by default for modeset driver with the exception of > the nouvea driver that may require them with an old version of libdrm. Referenced earlier commit elaborates that > libdrm_nouveau before 2.4.33 used contexts Since nixpkgs here has a much newer version (2.4.33 is from March 2012), should not be a concern. NOUVEAU_LEGACY_CTX_SUPPORT is also “not set” in the linked Arch, Debian, & Fedora configs. [1]: https://github.com/archlinux/svntogit-packages/blob/66d72ee54afc604391b618fc3eecc43f29e479e8/trunk/config#L6637 [2]: https://salsa.debian.org/kernel-team/linux/-/blob/07731f5956cf29876a7abc13f4ecbdf4d9459592/debian/config/config#L713 [3]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_1528 [4]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/38#issuecomment-608639217 [5]: https://docs.clip-os.org/clipos/kernel.html#configuration [6]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/Kconfig#n421 [7]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b30a43ac7132cdda833ac4b13dd1ebd35ace14b7
2022-08-27 21:10:06 +00:00
DRM_LEGACY = no;
2023-03-10 20:15:17 +00:00
NOUVEAU_LEGACY_CTX_SUPPORT = whenBetween "5.2" "6.3" no;
linux: Disable DRM_LEGACY, NOUVEAU_LEGACY_CTX_SUPPORT This currently gets enabled as generate-config.pl will enable all the drivers below it as modules. Is “not set” in [Arch][1], [Debian][2], [Fedora][3]. See also [summary of setting from various distros in April 2020][4]. Recommended disabled by [CLIP OS][5] and per current [Kernel config description][6]: > bool "Enable legacy drivers (DANGEROUS)" > Enable legacy DRI1 drivers. Those drivers expose unsafe and dangerous > APIs to user-space, which can be used to circumvent access > restrictions and other security measures. For backwards compatibility > those drivers are still available, but their use is highly > inadvisable and might harm your system. > > You are recommended to use the safe modeset-only drivers instead, and > perform 3D emulation in user-space. > > Unless you have strong reasons to go rogue, say "N". Also disable NOUVEAU_LEGACY_CTX_SUPPORT, as this does `select DRM_LEGACY`. Per Kernel config docs: >There was a version of the nouveau DDX that relied on legacy > ctx ioctls not erroring out. But that was back in time a long > ways, so offer a way to disable it now. For uapi compat with > old nouveau ddx this should be on by default, but modern distros > should consider turning it off. and the [commit][7]: > These driver functions contain several bugs and security holes. This > change makes these functions optional can be turned on by a setting, > they are turned off by default for modeset driver with the exception of > the nouvea driver that may require them with an old version of libdrm. Referenced earlier commit elaborates that > libdrm_nouveau before 2.4.33 used contexts Since nixpkgs here has a much newer version (2.4.33 is from March 2012), should not be a concern. NOUVEAU_LEGACY_CTX_SUPPORT is also “not set” in the linked Arch, Debian, & Fedora configs. [1]: https://github.com/archlinux/svntogit-packages/blob/66d72ee54afc604391b618fc3eecc43f29e479e8/trunk/config#L6637 [2]: https://salsa.debian.org/kernel-team/linux/-/blob/07731f5956cf29876a7abc13f4ecbdf4d9459592/debian/config/config#L713 [3]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_1528 [4]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/38#issuecomment-608639217 [5]: https://docs.clip-os.org/clipos/kernel.html#configuration [6]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/Kconfig#n421 [7]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b30a43ac7132cdda833ac4b13dd1ebd35ace14b7
2022-08-27 21:10:06 +00:00
# Allow specifying custom EDID on the kernel command line
DRM_LOAD_EDID_FIRMWARE = yes;
VGA_SWITCHEROO = yes; # Hybrid graphics support
DRM_GMA500 = whenAtLeast "5.12" module;
2021-06-14 12:25:02 +00:00
DRM_GMA600 = whenOlder "5.13" yes;
DRM_GMA3600 = whenOlder "5.12" yes;
DRM_VMWGFX_FBCON = whenOlder "6.2" yes;
# (experimental) amdgpu support for verde and newer chipsets
DRM_AMDGPU_SI = yes;
# (stable) amdgpu support for bonaire and newer chipsets
DRM_AMDGPU_CIK = yes;
# Allow device firmware updates
DRM_DP_AUX_CHARDEV = yes;
# amdgpu display core (DC) support
DRM_AMD_DC_DCN1_0 = whenBetween "4.15" "5.6" yes;
DRM_AMD_DC_PRE_VEGA = whenBetween "4.15" "4.18" yes;
DRM_AMD_DC_DCN2_0 = whenBetween "5.3" "5.6" yes;
DRM_AMD_DC_DCN2_1 = whenBetween "5.4" "5.6" yes;
DRM_AMD_DC_DCN3_0 = whenBetween "5.9" "5.11" yes;
2023-05-08 17:56:21 +00:00
DRM_AMD_DC_DCN = whenBetween "5.11" "6.4" yes;
DRM_AMD_DC_FP = whenAtLeast "6.4" yes;
2023-05-08 17:56:21 +00:00
DRM_AMD_DC_HDCP = whenBetween "5.5" "6.4" yes;
DRM_AMD_DC_SI = whenAtLeast "5.10" yes;
2018-06-30 11:01:22 +00:00
} // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") {
# Intel GVT-g graphics virtualization supports 64-bit only
DRM_I915_GVT = whenAtLeast "4.16" yes;
DRM_I915_GVT_KVMGT = whenAtLeast "4.16" module;
2022-04-15 22:27:40 +00:00
# Enable Hyper-V Synthetic DRM Driver
DRM_HYPERV = whenAtLeast "5.14" module;
} // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") {
# enable HDMI-CEC on RPi boards
DRM_VC4_HDMI_CEC = yes;
};
sound = {
SND_DYNAMIC_MINORS = yes;
SND_AC97_POWER_SAVE = yes; # AC97 Power-Saving Mode
SND_HDA_INPUT_BEEP = yes; # Support digital beep via input layer
SND_HDA_RECONFIG = yes; # Support reconfiguration of jack functions
# Support configuring jack functions via fw mechanism at boot
SND_HDA_PATCH_LOADER = yes;
SND_HDA_CODEC_CA0132_DSP = whenOlder "5.7" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon
2019-02-18 16:11:37 +00:00
SND_OSSEMUL = yes;
SND_USB_CAIAQ_INPUT = yes;
# Enable Sound Open Firmware support
} // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" &&
versionAtLeast version "5.5") {
SND_SOC_INTEL_SOUNDWIRE_SOF_MACH = whenAtLeast "5.10" module;
SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES = whenAtLeast "5.10" yes; # dep of SOF_MACH
SND_SOC_SOF_INTEL_SOUNDWIRE_LINK = whenBetween "5.10" "5.11" yes; # dep of SOF_MACH
SND_SOC_SOF_TOPLEVEL = yes;
SND_SOC_SOF_ACPI = module;
SND_SOC_SOF_PCI = module;
SND_SOC_SOF_APOLLOLAKE = whenAtLeast "5.12" module;
SND_SOC_SOF_APOLLOLAKE_SUPPORT = whenOlder "5.12" yes;
SND_SOC_SOF_CANNONLAKE = whenAtLeast "5.12" module;
SND_SOC_SOF_CANNONLAKE_SUPPORT = whenOlder "5.12" yes;
SND_SOC_SOF_COFFEELAKE = whenAtLeast "5.12" module;
SND_SOC_SOF_COFFEELAKE_SUPPORT = whenOlder "5.12" yes;
SND_SOC_SOF_COMETLAKE = whenAtLeast "5.12" module;
2020-07-10 14:23:46 +00:00
SND_SOC_SOF_COMETLAKE_H_SUPPORT = whenOlder "5.8" yes;
SND_SOC_SOF_COMETLAKE_LP_SUPPORT = whenOlder "5.12" yes;
SND_SOC_SOF_ELKHARTLAKE = whenAtLeast "5.12" module;
SND_SOC_SOF_ELKHARTLAKE_SUPPORT = whenOlder "5.12" yes;
SND_SOC_SOF_GEMINILAKE = whenAtLeast "5.12" module;
SND_SOC_SOF_GEMINILAKE_SUPPORT = whenOlder "5.12" yes;
SND_SOC_SOF_HDA_AUDIO_CODEC = yes;
SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = whenOlder "5.7" yes;
SND_SOC_SOF_HDA_LINK = yes;
SND_SOC_SOF_ICELAKE = whenAtLeast "5.12" module;
SND_SOC_SOF_ICELAKE_SUPPORT = whenOlder "5.12" yes;
SND_SOC_SOF_INTEL_TOPLEVEL = yes;
SND_SOC_SOF_JASPERLAKE = whenAtLeast "5.12" module;
SND_SOC_SOF_JASPERLAKE_SUPPORT = whenOlder "5.12" yes;
SND_SOC_SOF_MERRIFIELD = whenAtLeast "5.12" module;
SND_SOC_SOF_MERRIFIELD_SUPPORT = whenOlder "5.12" yes;
SND_SOC_SOF_TIGERLAKE = whenAtLeast "5.12" module;
SND_SOC_SOF_TIGERLAKE_SUPPORT = whenOlder "5.12" yes;
};
usb-serial = {
USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver
} // optionalAttrs (versionOlder version "4.16") {
2018-06-30 11:05:29 +00:00
# Include firmware for various USB serial devices.
# Only applicable for kernels below 4.16, after that no firmware is shipped in the kernel tree.
USB_SERIAL_KEYSPAN_MPR = yes;
USB_SERIAL_KEYSPAN_USA28 = yes;
USB_SERIAL_KEYSPAN_USA28X = yes;
USB_SERIAL_KEYSPAN_USA28XA = yes;
USB_SERIAL_KEYSPAN_USA28XB = yes;
USB_SERIAL_KEYSPAN_USA19 = yes;
USB_SERIAL_KEYSPAN_USA18X = yes;
USB_SERIAL_KEYSPAN_USA19W = yes;
USB_SERIAL_KEYSPAN_USA19QW = yes;
USB_SERIAL_KEYSPAN_USA19QI = yes;
USB_SERIAL_KEYSPAN_USA49W = yes;
USB_SERIAL_KEYSPAN_USA49WLC = yes;
};
usb = {
USB_DEBUG = { optional = true; tristate = whenOlder "4.18" "n";};
USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators
USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling
USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies)
};
# Filesystem options - in particular, enable extended attributes and
# ACLs for all filesystems that support them.
filesystem = {
FANOTIFY = yes;
FANOTIFY_ACCESS_PERMISSIONS = yes;
TMPFS = yes;
TMPFS_POSIX_ACL = yes;
FS_ENCRYPTION = if (versionAtLeast version "5.1") then yes else option module;
EXT2_FS_XATTR = yes;
EXT2_FS_POSIX_ACL = yes;
EXT2_FS_SECURITY = yes;
EXT3_FS_POSIX_ACL = yes;
EXT3_FS_SECURITY = yes;
EXT4_FS_POSIX_ACL = yes;
EXT4_FS_SECURITY = yes;
EXT4_ENCRYPTION = whenOlder "5.1" yes;
NTFS_FS = whenAtLeast "5.15" no;
NTFS3_LZX_XPRESS = whenAtLeast "5.15" yes;
NTFS3_FS_POSIX_ACL = whenAtLeast "5.15" yes;
REISERFS_FS_XATTR = option yes;
REISERFS_FS_POSIX_ACL = option yes;
REISERFS_FS_SECURITY = option yes;
JFS_POSIX_ACL = option yes;
JFS_SECURITY = option yes;
XFS_QUOTA = option yes;
XFS_POSIX_ACL = option yes;
XFS_RT = option yes; # XFS Realtime subvolume support
2022-10-12 18:10:07 +00:00
XFS_ONLINE_SCRUB = option yes;
OCFS2_DEBUG_MASKLOG = option no;
BTRFS_FS_POSIX_ACL = yes;
UBIFS_FS_ADVANCED_COMPR = option yes;
F2FS_FS = module;
F2FS_FS_SECURITY = option yes;
F2FS_FS_ENCRYPTION = whenOlder "5.1" yes;
F2FS_FS_COMPRESSION = whenAtLeast "5.6" yes;
UDF_FS = module;
NFSD_V2_ACL = whenOlder "6.2" yes;
NFSD_V3 = whenOlder "5.18" yes;
NFSD_V3_ACL = yes;
NFSD_V4 = yes;
NFSD_V4_SECURITY_LABEL = yes;
NFS_FSCACHE = yes;
NFS_SWAP = yes;
NFS_V3_ACL = yes;
NFS_V4_1 = yes; # NFSv4.1 client support
NFS_V4_2 = yes;
NFS_V4_SECURITY_LABEL = yes;
CIFS_XATTR = yes;
CIFS_POSIX = option yes;
CIFS_FSCACHE = yes;
2018-08-27 01:50:19 +00:00
CIFS_STATS = whenOlder "4.19" yes;
2021-10-21 19:27:44 +00:00
CIFS_WEAK_PW_HASH = whenOlder "5.15" yes;
CIFS_UPCALL = yes;
CIFS_ACL = whenOlder "5.3" yes;
CIFS_DFS_UPCALL = yes;
CEPH_FSCACHE = yes;
CEPH_FS_POSIX_ACL = yes;
SQUASHFS_FILE_DIRECT = yes;
SQUASHFS_DECOMP_MULTI_PERCPU = whenOlder "6.2" yes;
SQUASHFS_XATTR = yes;
SQUASHFS_ZLIB = yes;
SQUASHFS_LZO = yes;
SQUASHFS_XZ = yes;
SQUASHFS_LZ4 = yes;
SQUASHFS_ZSTD = yes;
# Native Language Support modules, needed by some filesystems
NLS = yes;
NLS_DEFAULT = freeform "utf8";
NLS_UTF8 = module;
2018-06-30 11:05:29 +00:00
NLS_CODEPAGE_437 = module; # VFAT default for the codepage= mount option
NLS_ISO8859_1 = module; # VFAT default for the iocharset= mount option
2022-02-18 01:26:55 +00:00
# Needed to use the installation iso image. Not included in all defconfigs (e.g. arm64)
ISO9660_FS = module;
DEVTMPFS = yes;
UNICODE = whenAtLeast "5.2" yes; # Casefolding support for filesystems
};
security = {
FORTIFY_SOURCE = option yes;
2022-01-10 20:44:59 +00:00
2022-01-09 19:41:33 +00:00
# https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
DEBUG_LIST = yes;
HARDENED_USERCOPY = yes;
RANDOMIZE_BASE = option yes;
STRICT_DEVMEM = mkDefault yes; # Filter access to /dev/mem
IO_STRICT_DEVMEM = mkDefault yes;
SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default
# Prevent processes from ptracing non-children processes
SECURITY_YAMA = option yes;
2021-08-12 12:07:12 +00:00
# The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes.
# This does not have any effect if a program does not support it
SECURITY_LANDLOCK = whenAtLeast "5.13" yes;
2021-06-14 12:25:02 +00:00
DEVKMEM = whenOlder "5.13" no; # Disable /dev/kmem
USER_NS = yes; # Support for user namespaces
SECURITY_APPARMOR = yes;
DEFAULT_SECURITY_APPARMOR = yes;
RANDOM_TRUST_CPU = whenOlder "6.2" (whenAtLeast "4.19" yes); # allow RDRAND to seed the RNG
RANDOM_TRUST_BOOTLOADER = whenOlder "6.2" (whenAtLeast "5.4" yes); # allow the bootloader to seed the RNG
MODULE_SIG = no; # r13y, generates a random key during build and bakes it in
# Depends on MODULE_SIG and only really helps when you sign your modules
# and enforce signatures which we don't do by default.
SECURITY_LOCKDOWN_LSM = whenAtLeast "5.4" no;
# provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis
PERSISTENT_KEYRINGS = yes;
# enable temporary caching of the last request_key() result
KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes;
} // optionalAttrs (!stdenv.hostPlatform.isAarch32) {
# Detect buffer overflows on the stack
CC_STACKPROTECTOR_REGULAR = {optional = true; tristate = whenOlder "4.18" "y";};
} // optionalAttrs stdenv.hostPlatform.isx86_64 {
# Enable Intel SGX
X86_SGX = whenAtLeast "5.11" yes;
# Allow KVM guests to load SGX enclaves
X86_SGX_KVM = whenAtLeast "5.13" yes;
# AMD Cryptographic Coprocessor (CCP)
CRYPTO_DEV_CCP = yes;
# AMD SME
AMD_MEM_ENCRYPT = yes;
# AMD SEV and AMD SEV-SE
KVM_AMD_SEV = whenAtLeast "4.16" yes;
# AMD SEV-SNP
SEV_GUEST = whenAtLeast "5.19" module;
};
microcode = {
MICROCODE = yes;
MICROCODE_INTEL = yes;
MICROCODE_AMD = yes;
# Write Back Throttling
# https://lwn.net/Articles/682582/
# https://bugzilla.kernel.org/show_bug.cgi?id=12309#c655
BLK_WBT = yes;
2019-01-07 12:57:32 +00:00
BLK_WBT_SQ = whenOlder "5.0" yes; # Removed in 5.0-RC1
BLK_WBT_MQ = yes;
};
container = {
NAMESPACES = yes; # Required by 'unshare' used by 'nixos-install'
RT_GROUP_SCHED = no;
CGROUP_DEVICE = yes;
CGROUP_HUGETLB = yes;
CGROUP_PERF = yes;
CGROUP_RDMA = yes;
MEMCG = yes;
MEMCG_SWAP = whenOlder "6.1" yes;
BLK_DEV_THROTTLING = yes;
2019-01-07 12:57:32 +00:00
CFQ_GROUP_IOSCHED = whenOlder "5.0" yes; # Removed in 5.0-RC1
CGROUP_PIDS = yes;
};
staging = {
# Enable staging drivers. These are somewhat experimental, but
# they generally don't hurt.
STAGING = yes;
};
proc-events = {
# PROC_EVENTS requires that the netlink connector is not built
# as a module. This is required by libcgroup's cgrulesengd.
CONNECTOR = yes;
PROC_EVENTS = yes;
};
tracing = {
FTRACE = yes;
KPROBES = yes;
FUNCTION_TRACER = yes;
FTRACE_SYSCALLS = yes;
SCHED_TRACER = yes;
STACK_TRACER = yes;
UPROBE_EVENTS = option yes;
BPF_SYSCALL = yes;
BPF_UNPRIV_DEFAULT_OFF = whenBetween "5.10" "5.16" yes;
BPF_EVENTS = yes;
FUNCTION_PROFILER = yes;
RING_BUFFER_BENCHMARK = no;
};
virtualisation = {
PARAVIRT = option yes;
HYPERVISOR_GUEST = yes;
PARAVIRT_SPINLOCKS = option yes;
KVM_ASYNC_PF = yes;
KVM_GENERIC_DIRTYLOG_READ_PROTECT = yes;
KVM_GUEST = yes;
KVM_MMIO = yes;
KVM_VFIO = yes;
KSM = yes;
VIRT_DRIVERS = yes;
2021-04-01 18:32:45 +00:00
# We need 64 GB (PAE) support for Xen guest support
HIGHMEM64G = { optional = true; tristate = mkIf (!stdenv.is64bit) "y";};
VFIO_PCI_VGA = mkIf stdenv.is64bit yes;
# VirtualBox guest drivers in the kernel conflict with the ones in the
# official additions package and prevent the vboxsf module from loading,
# so disable them for now.
VBOXGUEST = option no;
DRM_VBOXVIDEO = option no;
XEN = option yes;
XEN_DOM0 = option yes;
PCI_XEN = option yes;
HVC_XEN = option yes;
HVC_XEN_FRONTEND = option yes;
XEN_SYS_HYPERVISOR = option yes;
SWIOTLB_XEN = option yes;
XEN_BACKEND = option yes;
XEN_BALLOON = option yes;
XEN_BALLOON_MEMORY_HOTPLUG = option yes;
XEN_EFI = option yes;
XEN_HAVE_PVMMU = option yes;
XEN_MCE_LOG = option yes;
XEN_PVH = option yes;
XEN_PVHVM = option yes;
XEN_SAVE_RESTORE = option yes;
XEN_SCRUB_PAGES = whenOlder "4.19" yes;
XEN_SELFBALLOONING = whenOlder "5.3" yes;
# Enable device detection on virtio-mmio hypervisors
VIRTIO_MMIO_CMDLINE_DEVICES = yes;
};
media = {
MEDIA_DIGITAL_TV_SUPPORT = yes;
MEDIA_CAMERA_SUPPORT = yes;
2019-01-07 12:57:32 +00:00
MEDIA_CONTROLLER = yes;
MEDIA_PCI_SUPPORT = yes;
MEDIA_USB_SUPPORT = yes;
MEDIA_ANALOG_TV_SUPPORT = yes;
VIDEO_STK1160_COMMON = module;
};
"9p" = {
# Enable the 9P cache to speed up NixOS VM tests.
"9P_FSCACHE" = option yes;
"9P_FS_POSIX_ACL" = option yes;
};
huge-page = {
TRANSPARENT_HUGEPAGE = option yes;
TRANSPARENT_HUGEPAGE_ALWAYS = option no;
TRANSPARENT_HUGEPAGE_MADVISE = option yes;
};
zram = {
ZRAM = module;
ZRAM_WRITEBACK = option yes;
ZSWAP = option yes;
ZBUD = option yes;
ZSMALLOC = module;
};
brcmfmac = {
# Enable PCIe and USB for the brcmfmac driver
BRCMFMAC_USB = option yes;
BRCMFMAC_PCIE = option yes;
};
# Support x2APIC (which requires IRQ remapping)
x2apic = optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") {
X86_X2APIC = yes;
IRQ_REMAP = yes;
};
2018-06-30 11:05:29 +00:00
# Disable various self-test modules that have no use in a production system
tests = {
# This menu disables all/most of them on >= 4.16
RUNTIME_TESTING_MENU = option no;
} // optionalAttrs (versionOlder version "4.16") {
2018-06-30 11:05:29 +00:00
# For older kernels, painstakingly disable each symbol.
ARM_KPROBES_TEST = option no;
ASYNC_RAID6_TEST = option no;
ATOMIC64_SELFTEST = option no;
BACKTRACE_SELF_TEST = option no;
INTERVAL_TREE_TEST = option no;
PERCPU_TEST = option no;
RBTREE_TEST = option no;
TEST_BITMAP = option no;
TEST_BPF = option no;
TEST_FIRMWARE = option no;
TEST_HASH = option no;
TEST_HEXDUMP = option no;
TEST_KMOD = option no;
TEST_KSTRTOX = option no;
TEST_LIST_SORT = option no;
TEST_LKM = option no;
TEST_PARMAN = option no;
TEST_PRINTF = option no;
TEST_RHASHTABLE = option no;
TEST_SORT = option no;
TEST_STATIC_KEYS = option no;
TEST_STRING_HELPERS = option no;
TEST_UDELAY = option no;
TEST_USER_COPY = option no;
TEST_UUID = option no;
} // {
CRC32_SELFTEST = option no;
CRYPTO_TEST = option no;
EFI_TEST = option no;
GLOB_SELFTEST = option no;
DRM_DEBUG_MM_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";};
LNET_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";};
LOCK_TORTURE_TEST = option no;
MTD_TESTS = option no;
NOTIFIER_ERROR_INJECTION = option no;
RCU_PERF_TEST = whenOlder "5.9" no;
RCU_SCALE_TEST = whenAtLeast "5.10" no;
RCU_TORTURE_TEST = option no;
TEST_ASYNC_DRIVER_PROBE = option no;
WW_MUTEX_SELFTEST = option no;
XZ_DEC_TEST = option no;
};
criu = if (versionAtLeast version "4.19") then {
# Unconditionally enabled, because it is required for CRIU and
# it provides the kcmp() system call that Mesa depends on.
CHECKPOINT_RESTORE = yes;
} else optionalAttrs (features.criu or false) ({
# For older kernels, CHECKPOINT_RESTORE is hidden behind EXPERT.
EXPERT = yes;
CHECKPOINT_RESTORE = yes;
} // optionalAttrs (features.criu_revert_expert or true) {
RFKILL_INPUT = option yes;
HID_PICOLCD_FB = option yes;
HID_PICOLCD_BACKLIGHT = option yes;
HID_PICOLCD_LCD = option yes;
HID_PICOLCD_LEDS = option yes;
HID_PICOLCD_CIR = option yes;
DEBUG_MEMORY_INIT = option yes;
});
misc = let
# Use zstd for kernel compression if 64-bit and newer than 5.9, otherwise xz.
# i686 issues: https://github.com/NixOS/nixpkgs/pull/117961#issuecomment-812106375
useZstd = stdenv.buildPlatform.is64bit && versionAtLeast version "5.9";
in {
KERNEL_XZ = mkIf (!useZstd) yes;
KERNEL_ZSTD = mkIf useZstd yes;
2019-09-05 15:22:13 +00:00
HID_BATTERY_STRENGTH = yes;
2020-05-02 12:06:43 +00:00
# enabled by default in x86_64 but not arm64, so we do that here
HIDRAW = yes;
HID_ACRUX_FF = yes;
DRAGONRISE_FF = yes;
2022-01-24 10:01:59 +00:00
GREENASIA_FF = yes;
HOLTEK_FF = yes;
JOYSTICK_PSXPAD_SPI_FF = yes;
2022-01-24 10:01:59 +00:00
LOGIG940_FF = yes;
NINTENDO_FF = whenAtLeast "5.16" yes;
PLAYSTATION_FF = whenAtLeast "5.12" yes;
SONY_FF = yes;
SMARTJOYPLUS_FF = yes;
THRUSTMASTER_FF = yes;
ZEROPLUS_FF = yes;
2021-06-14 12:25:02 +00:00
MODULE_COMPRESS = whenOlder "5.13" yes;
MODULE_COMPRESS_XZ = yes;
2020-12-12 04:56:33 +00:00
SYSVIPC = yes; # System-V IPC
AIO = yes; # POSIX asynchronous I/O
UNIX = yes; # Unix domain sockets.
MD = yes; # Device mapper (RAID, LVM, etc.)
# Enable initrd support.
BLK_DEV_INITRD = yes;
PM_TRACE_RTC = no; # Disable some expensive (?) features.
ACCESSIBILITY = yes; # Accessibility support
AUXDISPLAY = yes; # Auxiliary Display support
DONGLE = whenOlder "4.17" yes; # Serial dongle support
HIPPI = yes;
MTD_COMPLEX_MAPPINGS = yes; # needed for many devices
SCSI_LOWLEVEL = yes; # enable lots of SCSI devices
SCSI_LOWLEVEL_PCMCIA = yes;
SCSI_SAS_ATA = yes; # added to enable detection of hard drive
SPI = yes; # needed for many devices
SPI_MASTER = yes;
"8139TOO_8129" = yes;
"8139TOO_PIO" = no; # PIO is slower
AIC79XX_DEBUG_ENABLE = no;
AIC7XXX_DEBUG_ENABLE = no;
AIC94XX_DEBUG = no;
BLK_DEV_INTEGRITY = yes;
BLK_SED_OPAL = yes;
BSD_PROCESS_ACCT_V3 = yes;
SERIAL_DEV_BUS = yes; # enables support for serial devices
SERIAL_DEV_CTRL_TTYPORT = yes; # enables support for TTY serial devices
linux: Add kernel config required for QCA6390 bluetooth (XPS 9310) This commit aims to upstream some kernel config patches from the [xps 9310 module in the nixos-hardware repo][1]. These patches have been in use by at least a few community members for around 10 months and seem to consistently and successfully enable bluetooth support for XPS 9310 models that come with the QCA6390 connectivity chip. Without these patches, bluetooth will not work on the Dell XPS 9310 laptop models that come with the QCA6390. *Note that this isn't all XPS 9310 devices, but seems to be all devices shipped with 32GB RAM.* The motivation for upstreaming is pretty simple: currently we have to build the entire kernel every time we want to update it, which takes a good half hour at least on this little laptop :) The `whenAtLeast` version params were determined via the entries for each parameter found at https://cateee.net/lkddb (linked for each below). Added config parameters: - `BT_QCA` - provides the `btqca` module. https://cateee.net/lkddb/web-lkddb/BT_QCA.html - `BT_HCIUART_QCA` - required for QCA6390 bluetooth support. Requires `BT_HCIUART`, `BT_HCIUART_SERDEV` https://cateee.net/lkddb/web-lkddb/BT_HCIUART_QCA.html - `BT_HCIUART_SERDEV` Requires `SERIAL_DEV_BUS`, `BT_HCIUART` https://cateee.net/lkddb/web-lkddb/BT_HCIUART_SERDEV.html - `BT_HCIUART` Requires `SERIAL_DEV_BUS`, `TTY` https://cateee.net/lkddb/web-lkddb/BT_HCIUART.html - `SERIAL_DEV_CTRL_TTYPORT` Requires `TTY`, `SERIAL_DEV_BUS` != module https://cateee.net/lkddb/web-lkddb/SERIAL_DEV_CTRL_TTYPORT.html - `SERIAL_DEV_BUS` https://cateee.net/lkddb/web-lkddb/SERIAL_DEV_BUS.html Fwiw, these parameters are also set in [the default Arch config][2]. [1]: https://github.com/NixOS/nixos-hardware/blob/master/dell/xps/13-9310/default.nix [2]: https://github.com/archlinux/svntogit-packages/blob/packages/linux/trunk/config
2021-11-03 05:09:53 +00:00
BT_HCIBTUSB_MTK = whenAtLeast "5.3" yes; # MediaTek protocol support
BT_HCIUART_QCA = yes; # Qualcomm Atheros protocol support
BT_HCIUART_SERDEV = yes; # required by BT_HCIUART_QCA
BT_HCIUART = module; # required for BT devices with serial port interface (QCA6390)
BT_HCIUART_BCSP = option yes;
BT_HCIUART_H4 = option yes; # UART (H4) protocol support
BT_HCIUART_LL = option yes;
BT_RFCOMM_TTY = option yes; # RFCOMM TTY support
BT_QCA = module; # enables QCA6390 bluetooth
# Removed on 5.17 as it was unused
# upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a4ee518185e902758191d968600399f3bc2be31
CLEANCACHE = whenOlder "5.17" (option yes);
CRASH_DUMP = option no;
DVB_DYNAMIC_MINORS = option yes; # we use udev
EFI_STUB = yes; # EFI bootloader in the bzImage itself
EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER =
whenOlder "6.2" (whenAtLeast "5.8" yes); # initrd kernel parameter for EFI
CGROUPS = yes; # used by systemd
FHANDLE = yes; # used by systemd
SECCOMP = yes; # used by systemd >= 231
SECCOMP_FILTER = yes; # ditto
POSIX_MQUEUE = yes;
FRONTSWAP = yes;
FUSION = yes; # Fusion MPT device support
IDE = whenOlder "5.14" no; # deprecated IDE support, removed in 5.14
IDLE_PAGE_TRACKING = yes;
IRDA_ULTRA = whenOlder "4.17" yes; # Ultra (connectionless) protocol
2019-08-20 18:54:37 +00:00
JOYSTICK_IFORCE_232 = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force Serial joysticks and wheels
JOYSTICK_IFORCE_USB = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force USB joysticks and wheels
JOYSTICK_XPAD_FF = option yes; # X-Box gamepad rumble support
JOYSTICK_XPAD_LEDS = option yes; # LED Support for Xbox360 controller 'BigX' LED
KEYBOARD_APPLESPI = whenAtLeast "5.3" module;
KEXEC_FILE = option yes;
KEXEC_JUMP = option yes;
PARTITION_ADVANCED = yes; # Needed for LDM_PARTITION
# Windows Logical Disk Manager (Dynamic Disk) support
LDM_PARTITION = yes;
LOGIRUMBLEPAD2_FF = yes; # Logitech Rumblepad 2 force feedback
LOGO = no; # not needed
MEDIA_ATTACH = yes;
MEGARAID_NEWGEN = yes;
MLX5_CORE_EN = option yes;
NVME_MULTIPATH = whenAtLeast "4.15" yes;
PSI = whenAtLeast "4.20" yes;
MOUSE_ELAN_I2C_SMBUS = yes;
MOUSE_PS2_ELANTECH = yes; # Elantech PS/2 protocol extension
MOUSE_PS2_VMMOUSE = yes;
MTRR_SANITIZER = yes;
NET_FC = yes; # Fibre Channel driver support
2022-08-08 14:28:05 +00:00
# Needed for touchpads to work on some AMD laptops
PINCTRL_AMD = whenAtLeast "5.19" yes;
# GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks
PINCTRL_BAYTRAIL = yes;
# GPIO for Braswell and Cherryview devices
# Needs to be built-in to for integrated keyboards to function properly
PINCTRL_CHERRYVIEW = yes;
# 8 is default. Modern gpt tables on eMMC may go far beyond 8.
MMC_BLOCK_MINORS = freeform "32";
REGULATOR = yes; # Voltage and Current Regulator Support
RC_DEVICES = option yes; # Enable IR devices
RC_DECODERS = option yes; # Required for IR devices to work
RT2800USB_RT53XX = yes;
RT2800USB_RT55XX = yes;
SCHED_AUTOGROUP = yes;
CFS_BANDWIDTH = yes;
SCSI_LOGGING = yes; # SCSI logging facility
SERIAL_8250 = yes; # 8250/16550 and compatible serial support
SLAB_FREELIST_HARDENED = yes;
SLAB_FREELIST_RANDOM = yes;
SLIP_COMPRESSED = yes; # CSLIP compressed headers
SLIP_SMART = yes;
HWMON = yes;
THERMAL_HWMON = yes; # Hardware monitoring support
NVME_HWMON = whenAtLeast "5.5" yes; # NVMe drives temperature reporting
UEVENT_HELPER = no;
USERFAULTFD = yes;
X86_CHECK_BIOS_CORRUPTION = yes;
X86_MCE = yes;
RAS = yes; # Needed for EDAC support
# Our initrd init uses shebang scripts, so can't be modular.
BINFMT_SCRIPT = yes;
# For systemd-binfmt
BINFMT_MISC = option yes;
# Disable the firmware helper fallback, udev doesn't implement it any more
FW_LOADER_USER_HELPER_FALLBACK = option no;
FW_LOADER_COMPRESS = option yes;
HOTPLUG_PCI_ACPI = yes; # PCI hotplug using ACPI
HOTPLUG_PCI_PCIE = yes; # PCI-Expresscard hotplug support
# Enable AMD's ROCm GPU compute stack
HSA_AMD = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "4.20" yes);
ZONE_DEVICE = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "5.3" yes);
HMM_MIRROR = whenAtLeast "5.3" yes;
DRM_AMDGPU_USERPTR = whenAtLeast "5.3" yes;
PREEMPT = no;
PREEMPT_VOLUNTARY = yes;
X86_AMD_PLATFORM_DEVICE = yes;
X86_PLATFORM_DRIVERS_DELL = whenAtLeast "5.12" yes;
2021-06-23 14:41:35 +00:00
LIRC = mkMerge [ (whenOlder "4.16" module) (whenAtLeast "4.17" yes) ];
SCHED_CORE = whenAtLeast "5.14" yes;
LRU_GEN = whenAtLeast "6.1" yes;
2022-12-09 21:35:51 +00:00
LRU_GEN_ENABLED = whenAtLeast "6.1" yes;
2021-12-17 23:05:49 +00:00
FSL_MC_UAPI_SUPPORT = mkIf (stdenv.hostPlatform.system == "aarch64-linux") (whenAtLeast "5.12" yes);
ASHMEM = { optional = true; tristate = whenBetween "5.0" "5.18" "y";};
ANDROID = { optional = true; tristate = whenBetween "5.0" "5.19" "y";};
ANDROID_BINDER_IPC = { optional = true; tristate = whenAtLeast "5.0" "y";};
ANDROID_BINDERFS = { optional = true; tristate = whenAtLeast "5.0" "y";};
ANDROID_BINDER_DEVICES = { optional = true; freeform = whenAtLeast "5.0" "binder,hwbinder,vndbinder";};
linux: enable TASKSTATS, TASK_XACCT, TASK_DELAY_ACCT and TASK_IO_ACCOUNTING iotop needs TASKSTATS, TASK_DELAY_ACCT, TASK_XACCT and TASK_IO_ACCOUNTING to work. For x86_64, all these options are enabled by upstream[1]. For aarch64, however, only TASK_XACCT and TASK_IO_ACCOUNTING are enabled by upstream[2]. This patch enables all these four options for aarch64, which have been enabled by many other distributions, e.g. debian[3], fedora[4], rhel[5] and gentoo[6]. I tried to only enable TASKSTATS and TASK_DELAY_ACCT since the other two options are enabled by upstream, but it turns out that it's necessary to explicitly enable all four options. I do not figure out the reason though. Additionally, given that debian enables these four options for all arch[3], I think it's safe for us to do the same thing. [1]: https://github.com/torvalds/linux/blob/56e337f2cf1326323844927a04e9dbce9a244835/arch/x86/configs/x86_64_defconfig#L8-L11 [2]: https://github.com/torvalds/linux/blob/56e337f2cf1326323844927a04e9dbce9a244835/arch/arm64/configs/defconfig#L10-L11 [3]: https://salsa.debian.org/kernel-team/linux/-/blob/da6ddc7d8f1a95980d9a1c499fe58066cfe1986b/debian/config/config#L6356-6359 [4]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-aarch64-fedora.config#_7398 [5]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-aarch64-rhel.config#_5885 [6]: https://github.com/gentoo/gentoo/blob/b839fccce25d49df2fcfe5ed184b557796b0d6bd/sys-kernel/gentoo-kernel/gentoo-kernel-5.15.29.ebuild#L27
2022-03-17 09:45:40 +00:00
TASKSTATS = yes;
TASK_DELAY_ACCT = yes;
TASK_XACCT = yes;
TASK_IO_ACCOUNTING = yes;
# Fresh toolchains frequently break -Werror build for minor issues.
WERROR = whenAtLeast "5.15" no;
} // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") {
# Enable CPU/memory hotplug support
# Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot
ACPI_HOTPLUG_CPU = yes;
2019-01-16 19:58:08 +00:00
ACPI_HOTPLUG_MEMORY = yes;
MEMORY_HOTPLUG = yes;
MEMORY_HOTREMOVE = yes;
HOTPLUG_CPU = yes;
2019-01-16 19:58:08 +00:00
MIGRATION = yes;
SPARSEMEM = yes;
# Bump the maximum number of CPUs to support systems like EC2 x1.*
# instances and Xeon Phi.
NR_CPUS = freeform "384";
} // optionalAttrs (stdenv.hostPlatform.system == "armv7l-linux" || stdenv.hostPlatform.system == "aarch64-linux") {
# Enables support for the Allwinner Display Engine 2.0
SUN8I_DE2_CCU = yes;
# See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647
CRYPTO_AEGIS128_SIMD = whenAtLeast "5.4" no;
# Distros should configure the default as a kernel option.
# We previously defined it on the kernel command line as cma=
# The kernel command line will override a platform-specific configuration from its device tree.
# https://github.com/torvalds/linux/blob/856deb866d16e29bd65952e0289066f6078af773/kernel/dma/contiguous.c#L35-L44
CMA_SIZE_MBYTES = freeform "32";
# Many ARM SBCs hand off a pre-configured framebuffer.
# This always can can be replaced by the actual native driver.
# Keeping it a built-in ensures it will be used if possible.
FB_SIMPLE = yes;
} // optionalAttrs (versionAtLeast version "5.4" && (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux")) {
# Required for various hardware features on Chrome OS devices
CHROME_PLATFORMS = yes;
CHROMEOS_TBMC = module;
CROS_EC = module;
CROS_EC_I2C = module;
CROS_EC_SPI = module;
CROS_EC_LPC = module;
CROS_EC_ISHTP = module;
CROS_KBD_LED_BACKLIGHT = module;
TCG_TIS_SPI_CR50 = whenAtLeast "5.5" yes;
} // optionalAttrs (versionAtLeast version "5.4" && stdenv.hostPlatform.system == "x86_64-linux") {
CHROMEOS_LAPTOP = module;
CHROMEOS_PSTORE = module;
};
};
in
flattenKConf options