2016-01-05 14:22:43 +00:00
|
|
|
|
# WARNING/NOTE: whenever you want to add an option here you need to either
|
|
|
|
|
# * mark it as an optional one with `option`,
|
|
|
|
|
# * or make sure it works for all the versions in nixpkgs,
|
|
|
|
|
# * or check for which kernel versions it will work (using kernel
|
|
|
|
|
# changelog, google or whatever) and mark it with `whenOlder` or
|
|
|
|
|
# `whenAtLeast`.
|
|
|
|
|
# Then do test your change by building all the kernels (or at least
|
|
|
|
|
# their configs) in Nixpkgs or else you will guarantee lots and lots
|
|
|
|
|
# of pain to users trying to switch to an older kernel because of some
|
|
|
|
|
# hardware problems with a new one.
|
2015-03-24 21:34:54 +00:00
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# Configuration
|
2021-01-15 14:45:37 +00:00
|
|
|
|
{ lib, stdenv, version
|
2015-03-24 21:34:54 +00:00
|
|
|
|
|
2021-04-05 10:01:58 +00:00
|
|
|
|
, features ? {}
|
2016-01-05 14:22:43 +00:00
|
|
|
|
}:
|
|
|
|
|
|
2021-01-15 14:45:37 +00:00
|
|
|
|
with lib;
|
|
|
|
|
with lib.kernel;
|
|
|
|
|
with (lib.kernel.whenHelpers version);
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
|
|
|
|
|
|
2018-06-25 00:12:17 +00:00
|
|
|
|
# configuration items have to be part of a subattrs
|
2016-01-05 14:22:43 +00:00
|
|
|
|
flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested));
|
|
|
|
|
|
2019-11-11 06:57:30 +00:00
|
|
|
|
whenPlatformHasEBPFJit =
|
|
|
|
|
mkIf (stdenv.hostPlatform.isAarch32 ||
|
|
|
|
|
stdenv.hostPlatform.isAarch64 ||
|
|
|
|
|
stdenv.hostPlatform.isx86_64 ||
|
2022-04-10 08:59:20 +00:00
|
|
|
|
(stdenv.hostPlatform.isPower && stdenv.hostPlatform.is64bit) ||
|
2019-11-11 06:57:30 +00:00
|
|
|
|
(stdenv.hostPlatform.isMips && stdenv.hostPlatform.is64bit));
|
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
debug = {
|
2021-06-22 15:55:14 +00:00
|
|
|
|
# Necessary for BTF
|
2023-03-17 18:44:06 +00:00
|
|
|
|
DEBUG_INFO = yes;
|
2022-05-23 09:19:42 +00:00
|
|
|
|
DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = whenAtLeast "5.18" yes;
|
2022-07-09 01:29:40 +00:00
|
|
|
|
# Reduced debug info conflict with BTF and have been enabled in
|
|
|
|
|
# aarch64 defconfig since 5.13
|
|
|
|
|
DEBUG_INFO_REDUCED = whenAtLeast "5.13" (option no);
|
2022-07-11 01:14:06 +00:00
|
|
|
|
DEBUG_INFO_BTF = whenAtLeast "5.2" (option yes);
|
2022-07-14 09:11:55 +00:00
|
|
|
|
# Allow loading modules with mismatched BTFs
|
|
|
|
|
# FIXME: figure out how to actually make BTFs reproducible instead
|
|
|
|
|
# See https://github.com/NixOS/nixpkgs/pull/181456 for details.
|
|
|
|
|
MODULE_ALLOW_BTF_MISMATCH = whenAtLeast "5.18" (option yes);
|
2021-11-02 11:13:55 +00:00
|
|
|
|
BPF_LSM = whenAtLeast "5.7" (option yes);
|
2016-01-05 14:22:43 +00:00
|
|
|
|
DEBUG_KERNEL = yes;
|
|
|
|
|
DEBUG_DEVRES = no;
|
|
|
|
|
DYNAMIC_DEBUG = yes;
|
|
|
|
|
DEBUG_STACK_USAGE = no;
|
|
|
|
|
RCU_TORTURE_TEST = no;
|
|
|
|
|
SCHEDSTATS = no;
|
|
|
|
|
DETECT_HUNG_TASK = yes;
|
|
|
|
|
CRASH_DUMP = option no;
|
|
|
|
|
# Easier debugging of NFS issues.
|
2018-06-22 23:54:44 +00:00
|
|
|
|
SUNRPC_DEBUG = yes;
|
2019-09-24 10:55:46 +00:00
|
|
|
|
# Provide access to tunables like sched_migration_cost_ns
|
|
|
|
|
SCHED_DEBUG = yes;
|
2023-03-17 18:44:06 +00:00
|
|
|
|
|
|
|
|
|
GDB_SCRIPTS = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
power-management = {
|
|
|
|
|
CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
|
2022-02-11 12:54:45 +00:00
|
|
|
|
CPU_FREQ_GOV_SCHEDUTIL = yes;
|
2022-03-23 21:42:41 +00:00
|
|
|
|
PM_ADVANCED_DEBUG = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
PM_WAKELOCKS = yes;
|
2019-08-22 10:23:37 +00:00
|
|
|
|
POWERCAP = yes;
|
2023-01-08 10:18:48 +00:00
|
|
|
|
# ACPI Firmware Performance Data Table Support
|
2023-02-19 20:04:50 +00:00
|
|
|
|
ACPI_FPDT = whenAtLeast "5.12" (option yes);
|
2023-01-08 10:18:48 +00:00
|
|
|
|
# ACPI Heterogeneous Memory Attribute Table Support
|
2023-02-19 20:04:50 +00:00
|
|
|
|
ACPI_HMAT = whenAtLeast "5.2" (option yes);
|
2023-01-08 10:18:48 +00:00
|
|
|
|
# ACPI Platform Error Interface
|
2023-02-19 20:04:50 +00:00
|
|
|
|
ACPI_APEI = (option yes);
|
2023-01-08 10:18:48 +00:00
|
|
|
|
# APEI Generic Hardware Error Source
|
2023-02-19 20:04:50 +00:00
|
|
|
|
ACPI_APEI_GHES = (option yes);
|
2023-05-16 16:18:58 +00:00
|
|
|
|
|
|
|
|
|
# Enable lazy RCUs for power savings:
|
|
|
|
|
# https://lore.kernel.org/rcu/20221019225138.GA2499943@paulmck-ThinkPad-P17-Gen-1/
|
|
|
|
|
RCU_LAZY = whenAtLeast "6.2" yes;
|
2022-03-23 21:42:41 +00:00
|
|
|
|
} // optionalAttrs (stdenv.hostPlatform.isx86) {
|
|
|
|
|
INTEL_IDLE = yes;
|
2020-05-26 12:09:20 +00:00
|
|
|
|
INTEL_RAPL = whenAtLeast "5.3" module;
|
2022-03-23 21:42:41 +00:00
|
|
|
|
X86_INTEL_LPSS = yes;
|
|
|
|
|
X86_INTEL_PSTATE = yes;
|
2022-12-02 20:37:00 +00:00
|
|
|
|
X86_AMD_PSTATE = whenAtLeast "5.17" yes;
|
2023-01-08 10:18:48 +00:00
|
|
|
|
# Intel DPTF (Dynamic Platform and Thermal Framework) Support
|
|
|
|
|
ACPI_DPTF = whenAtLeast "5.10" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
external-firmware = {
|
|
|
|
|
# Support drivers that need external firmware.
|
|
|
|
|
STANDALONE = no;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
proc-config-gz = {
|
|
|
|
|
# Make /proc/config.gz available
|
|
|
|
|
IKCONFIG = yes;
|
|
|
|
|
IKCONFIG_PROC = yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
optimization = {
|
|
|
|
|
# Optimize with -O2, not -Os
|
|
|
|
|
CC_OPTIMIZE_FOR_SIZE = no;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
memtest = {
|
|
|
|
|
MEMTEST = yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Include the CFQ I/O scheduler in the kernel, rather than as a
|
|
|
|
|
# module, so that the initrd gets a good I/O scheduler.
|
|
|
|
|
scheduler = {
|
2019-01-07 12:57:32 +00:00
|
|
|
|
IOSCHED_CFQ = whenOlder "5.0" yes; # Removed in 5.0-RC1
|
2016-01-05 14:22:43 +00:00
|
|
|
|
BLK_CGROUP = yes; # required by CFQ"
|
2020-07-18 12:00:00 +00:00
|
|
|
|
BLK_CGROUP_IOLATENCY = whenAtLeast "4.19" yes;
|
|
|
|
|
BLK_CGROUP_IOCOST = whenAtLeast "5.4" yes;
|
2019-01-07 12:57:32 +00:00
|
|
|
|
IOSCHED_DEADLINE = whenOlder "5.0" yes; # Removed in 5.0-RC1
|
2022-11-19 02:48:31 +00:00
|
|
|
|
MQ_IOSCHED_DEADLINE = yes;
|
|
|
|
|
BFQ_GROUP_IOSCHED = yes;
|
|
|
|
|
MQ_IOSCHED_KYBER = yes;
|
|
|
|
|
IOSCHED_BFQ = module;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
2022-10-30 15:47:12 +00:00
|
|
|
|
|
|
|
|
|
timer = {
|
|
|
|
|
# Enable Full Dynticks System.
|
2022-11-02 22:02:43 +00:00
|
|
|
|
NO_HZ_FULL = mkIf stdenv.is64bit yes; # TODO: more precise condition?
|
2022-10-30 15:47:12 +00:00
|
|
|
|
};
|
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# Enable NUMA.
|
|
|
|
|
numa = {
|
|
|
|
|
NUMA = option yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
NET = yes;
|
2020-02-29 22:57:43 +00:00
|
|
|
|
IP_ADVANCED_ROUTER = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
IP_PNP = no;
|
|
|
|
|
IP_VS_PROTO_TCP = yes;
|
|
|
|
|
IP_VS_PROTO_UDP = yes;
|
|
|
|
|
IP_VS_PROTO_ESP = yes;
|
|
|
|
|
IP_VS_PROTO_AH = yes;
|
2019-06-08 08:23:48 +00:00
|
|
|
|
IP_VS_IPV6 = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
IP_DCCP_CCID3 = no; # experimental
|
|
|
|
|
CLS_U32_PERF = yes;
|
|
|
|
|
CLS_U32_MARK = yes;
|
2019-11-11 06:57:30 +00:00
|
|
|
|
BPF_JIT = whenPlatformHasEBPFJit yes;
|
2020-06-12 06:52:09 +00:00
|
|
|
|
BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304
|
2019-11-11 06:57:30 +00:00
|
|
|
|
HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes;
|
|
|
|
|
BPF_STREAM_PARSER = whenAtLeast "4.19" yes;
|
|
|
|
|
XDP_SOCKETS = whenAtLeast "4.19" yes;
|
2020-05-26 12:09:20 +00:00
|
|
|
|
XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
WAN = yes;
|
2021-11-04 10:54:34 +00:00
|
|
|
|
TCP_CONG_ADVANCED = yes;
|
2020-02-23 17:45:29 +00:00
|
|
|
|
TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# Required by systemd per-cgroup firewalling
|
|
|
|
|
CGROUP_BPF = option yes;
|
|
|
|
|
CGROUP_NET_PRIO = yes; # Required by systemd
|
|
|
|
|
IP_ROUTE_VERBOSE = yes;
|
|
|
|
|
IP_MROUTE_MULTIPLE_TABLES = yes;
|
|
|
|
|
IP_MULTICAST = yes;
|
2020-02-29 22:57:43 +00:00
|
|
|
|
IP_MULTIPLE_TABLES = yes;
|
2020-11-16 12:02:48 +00:00
|
|
|
|
IPV6 = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
IPV6_ROUTER_PREF = yes;
|
|
|
|
|
IPV6_ROUTE_INFO = yes;
|
|
|
|
|
IPV6_OPTIMISTIC_DAD = yes;
|
|
|
|
|
IPV6_MULTIPLE_TABLES = yes;
|
|
|
|
|
IPV6_SUBTREES = yes;
|
|
|
|
|
IPV6_MROUTE = yes;
|
|
|
|
|
IPV6_MROUTE_MULTIPLE_TABLES = yes;
|
|
|
|
|
IPV6_PIMSM_V2 = yes;
|
2022-02-11 12:54:45 +00:00
|
|
|
|
IPV6_FOU_TUNNEL = module;
|
2022-11-19 02:48:31 +00:00
|
|
|
|
IPV6_SEG6_LWTUNNEL = yes;
|
|
|
|
|
IPV6_SEG6_HMAC = yes;
|
2021-03-25 04:54:30 +00:00
|
|
|
|
IPV6_SEG6_BPF = whenAtLeast "4.18" yes;
|
2022-02-11 12:54:45 +00:00
|
|
|
|
NET_CLS_BPF = module;
|
|
|
|
|
NET_ACT_BPF = module;
|
2019-09-01 00:24:38 +00:00
|
|
|
|
NET_SCHED = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
L2TP_V3 = yes;
|
|
|
|
|
L2TP_IP = module;
|
|
|
|
|
L2TP_ETH = module;
|
|
|
|
|
BRIDGE_VLAN_FILTERING = yes;
|
|
|
|
|
BONDING = module;
|
|
|
|
|
NET_L3_MASTER_DEV = option yes;
|
|
|
|
|
NET_FOU_IP_TUNNELS = option yes;
|
|
|
|
|
IP_NF_TARGET_REDIRECT = module;
|
|
|
|
|
|
|
|
|
|
PPP_MULTILINK = yes; # PPP multilink support
|
|
|
|
|
PPP_FILTER = yes;
|
|
|
|
|
|
|
|
|
|
# needed for iwd WPS support (wpa_supplicant replacement)
|
2022-02-11 12:54:45 +00:00
|
|
|
|
KEY_DH_OPERATIONS = yes;
|
2018-08-24 13:54:50 +00:00
|
|
|
|
|
|
|
|
|
# needed for nftables
|
2019-10-14 13:41:39 +00:00
|
|
|
|
# Networking Options
|
|
|
|
|
NETFILTER = yes;
|
|
|
|
|
NETFILTER_ADVANCED = yes;
|
|
|
|
|
# Core Netfilter Configuration
|
|
|
|
|
NF_CONNTRACK_ZONES = yes;
|
|
|
|
|
NF_CONNTRACK_EVENTS = yes;
|
|
|
|
|
NF_CONNTRACK_TIMEOUT = yes;
|
|
|
|
|
NF_CONNTRACK_TIMESTAMP = yes;
|
|
|
|
|
NETFILTER_NETLINK_GLUE_CT = yes;
|
2020-05-26 12:09:20 +00:00
|
|
|
|
NF_TABLES_INET = mkMerge [ (whenOlder "4.17" module)
|
|
|
|
|
(whenAtLeast "4.17" yes) ];
|
|
|
|
|
NF_TABLES_NETDEV = mkMerge [ (whenOlder "4.17" module)
|
|
|
|
|
(whenAtLeast "4.17" yes) ];
|
2021-01-17 16:21:56 +00:00
|
|
|
|
NFT_REJECT_NETDEV = whenAtLeast "5.11" module;
|
|
|
|
|
|
2019-10-14 13:41:39 +00:00
|
|
|
|
# IP: Netfilter Configuration
|
2020-05-26 12:09:20 +00:00
|
|
|
|
NF_TABLES_IPV4 = mkMerge [ (whenOlder "4.17" module)
|
|
|
|
|
(whenAtLeast "4.17" yes) ];
|
|
|
|
|
NF_TABLES_ARP = mkMerge [ (whenOlder "4.17" module)
|
|
|
|
|
(whenAtLeast "4.17" yes) ];
|
2019-10-14 13:41:39 +00:00
|
|
|
|
# IPv6: Netfilter Configuration
|
2020-05-26 12:09:20 +00:00
|
|
|
|
NF_TABLES_IPV6 = mkMerge [ (whenOlder "4.17" module)
|
|
|
|
|
(whenAtLeast "4.17" yes) ];
|
2019-10-14 13:41:39 +00:00
|
|
|
|
# Bridge Netfilter Configuration
|
|
|
|
|
NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes)
|
|
|
|
|
(whenAtLeast "5.3" module) ];
|
2019-09-24 19:52:42 +00:00
|
|
|
|
|
2020-04-13 01:36:15 +00:00
|
|
|
|
# needed for `dropwatch`
|
|
|
|
|
# Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450
|
|
|
|
|
NET_DROP_MONITOR = yes;
|
|
|
|
|
|
2019-09-24 19:52:42 +00:00
|
|
|
|
# needed for ss
|
2020-06-10 14:29:14 +00:00
|
|
|
|
# Use a lower priority to allow these options to be overridden in hardened/config.nix
|
|
|
|
|
INET_DIAG = mkDefault module;
|
|
|
|
|
INET_TCP_DIAG = mkDefault module;
|
|
|
|
|
INET_UDP_DIAG = mkDefault module;
|
2022-11-19 02:48:31 +00:00
|
|
|
|
INET_RAW_DIAG = mkDefault module;
|
2022-02-11 12:54:45 +00:00
|
|
|
|
INET_DIAG_DESTROY = mkDefault yes;
|
2021-01-07 00:49:23 +00:00
|
|
|
|
|
|
|
|
|
# enable multipath-tcp
|
|
|
|
|
MPTCP = whenAtLeast "5.6" yes;
|
|
|
|
|
MPTCP_IPV6 = whenAtLeast "5.6" yes;
|
2020-06-10 14:29:14 +00:00
|
|
|
|
INET_MPTCP_DIAG = whenAtLeast "5.9" (mkDefault module);
|
2021-11-22 09:34:00 +00:00
|
|
|
|
|
|
|
|
|
# Kernel TLS
|
2022-11-19 02:48:31 +00:00
|
|
|
|
TLS = module;
|
2021-11-22 09:34:00 +00:00
|
|
|
|
TLS_DEVICE = whenAtLeast "4.18" yes;
|
2021-06-05 20:40:13 +00:00
|
|
|
|
|
|
|
|
|
# infiniband
|
|
|
|
|
INFINIBAND = module;
|
|
|
|
|
INFINIBAND_IPOIB = module;
|
|
|
|
|
INFINIBAND_IPOIB_CM = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
wireless = {
|
|
|
|
|
CFG80211_WEXT = option yes; # Without it, ipw2200 drivers don't build
|
|
|
|
|
IPW2100_MONITOR = option yes; # support promiscuous mode
|
|
|
|
|
IPW2200_MONITOR = option yes; # support promiscuous mode
|
|
|
|
|
HOSTAP_FIRMWARE = option yes; # Support downloading firmware images with Host AP driver
|
|
|
|
|
HOSTAP_FIRMWARE_NVRAM = option yes;
|
|
|
|
|
ATH9K_PCI = option yes; # Detect Atheros AR9xxx cards on PCI(e) bus
|
|
|
|
|
ATH9K_AHB = option yes; # Ditto, AHB bus
|
2018-06-22 23:54:44 +00:00
|
|
|
|
B43_PHY_HT = option yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
BCMA_HOST_PCI = option yes;
|
2019-09-09 23:08:28 +00:00
|
|
|
|
RTW88 = whenAtLeast "5.2" module;
|
2020-06-15 15:10:00 +00:00
|
|
|
|
RTW88_8822BE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ];
|
|
|
|
|
RTW88_8822CE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ];
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fb = {
|
|
|
|
|
FB = yes;
|
|
|
|
|
FB_EFI = yes;
|
|
|
|
|
FB_NVIDIA_I2C = yes; # Enable DDC Support
|
|
|
|
|
FB_RIVA_I2C = yes;
|
|
|
|
|
FB_ATY_CT = yes; # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support
|
|
|
|
|
FB_ATY_GX = yes; # Mach64 GX support
|
|
|
|
|
FB_SAVAGE_I2C = yes;
|
|
|
|
|
FB_SAVAGE_ACCEL = yes;
|
|
|
|
|
FB_SIS_300 = yes;
|
|
|
|
|
FB_SIS_315 = yes;
|
|
|
|
|
FB_3DFX_ACCEL = yes;
|
|
|
|
|
FB_VESA = yes;
|
|
|
|
|
FRAMEBUFFER_CONSOLE = yes;
|
2020-05-17 17:30:11 +00:00
|
|
|
|
FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = whenAtLeast "4.19" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
FRAMEBUFFER_CONSOLE_ROTATION = yes;
|
2018-10-03 09:49:50 +00:00
|
|
|
|
FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes;
|
2021-10-17 17:06:35 +00:00
|
|
|
|
# On 5.14 this conflicts with FB_SIMPLE.
|
|
|
|
|
DRM_SIMPLEDRM = whenAtLeast "5.14" no;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
2023-01-11 14:16:36 +00:00
|
|
|
|
fonts = {
|
|
|
|
|
FONTS = yes;
|
|
|
|
|
# Default fonts enabled if FONTS is not set
|
|
|
|
|
FONT_8x8 = yes;
|
|
|
|
|
FONT_8x16 = yes;
|
|
|
|
|
# High DPI font
|
|
|
|
|
FONT_TER16x32 = whenAtLeast "5.0" yes;
|
|
|
|
|
};
|
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
video = {
|
linux: Disable DRM_LEGACY, NOUVEAU_LEGACY_CTX_SUPPORT
This currently gets enabled as generate-config.pl will enable all the
drivers below it as modules.
Is “not set” in [Arch][1], [Debian][2], [Fedora][3]. See also [summary
of setting from various distros in April 2020][4].
Recommended disabled by [CLIP OS][5] and per current [Kernel config
description][6]:
> bool "Enable legacy drivers (DANGEROUS)"
> Enable legacy DRI1 drivers. Those drivers expose unsafe and dangerous
> APIs to user-space, which can be used to circumvent access
> restrictions and other security measures. For backwards compatibility
> those drivers are still available, but their use is highly
> inadvisable and might harm your system.
>
> You are recommended to use the safe modeset-only drivers instead, and
> perform 3D emulation in user-space.
>
> Unless you have strong reasons to go rogue, say "N".
Also disable NOUVEAU_LEGACY_CTX_SUPPORT, as this does `select
DRM_LEGACY`. Per Kernel config docs:
>There was a version of the nouveau DDX that relied on legacy
> ctx ioctls not erroring out. But that was back in time a long
> ways, so offer a way to disable it now. For uapi compat with
> old nouveau ddx this should be on by default, but modern distros
> should consider turning it off.
and the [commit][7]:
> These driver functions contain several bugs and security holes. This
> change makes these functions optional can be turned on by a setting,
> they are turned off by default for modeset driver with the exception of
> the nouvea driver that may require them with an old version of libdrm.
Referenced earlier commit elaborates that
> libdrm_nouveau before 2.4.33 used contexts
Since nixpkgs here has a much newer version (2.4.33 is from March 2012),
should not be a concern.
NOUVEAU_LEGACY_CTX_SUPPORT is also “not set” in the linked Arch, Debian,
& Fedora configs.
[1]: https://github.com/archlinux/svntogit-packages/blob/66d72ee54afc604391b618fc3eecc43f29e479e8/trunk/config#L6637
[2]: https://salsa.debian.org/kernel-team/linux/-/blob/07731f5956cf29876a7abc13f4ecbdf4d9459592/debian/config/config#L713
[3]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_1528
[4]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/38#issuecomment-608639217
[5]: https://docs.clip-os.org/clipos/kernel.html#configuration
[6]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/Kconfig#n421
[7]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b30a43ac7132cdda833ac4b13dd1ebd35ace14b7
2022-08-27 21:10:06 +00:00
|
|
|
|
DRM_LEGACY = no;
|
2023-03-10 20:15:17 +00:00
|
|
|
|
NOUVEAU_LEGACY_CTX_SUPPORT = whenBetween "5.2" "6.3" no;
|
linux: Disable DRM_LEGACY, NOUVEAU_LEGACY_CTX_SUPPORT
This currently gets enabled as generate-config.pl will enable all the
drivers below it as modules.
Is “not set” in [Arch][1], [Debian][2], [Fedora][3]. See also [summary
of setting from various distros in April 2020][4].
Recommended disabled by [CLIP OS][5] and per current [Kernel config
description][6]:
> bool "Enable legacy drivers (DANGEROUS)"
> Enable legacy DRI1 drivers. Those drivers expose unsafe and dangerous
> APIs to user-space, which can be used to circumvent access
> restrictions and other security measures. For backwards compatibility
> those drivers are still available, but their use is highly
> inadvisable and might harm your system.
>
> You are recommended to use the safe modeset-only drivers instead, and
> perform 3D emulation in user-space.
>
> Unless you have strong reasons to go rogue, say "N".
Also disable NOUVEAU_LEGACY_CTX_SUPPORT, as this does `select
DRM_LEGACY`. Per Kernel config docs:
>There was a version of the nouveau DDX that relied on legacy
> ctx ioctls not erroring out. But that was back in time a long
> ways, so offer a way to disable it now. For uapi compat with
> old nouveau ddx this should be on by default, but modern distros
> should consider turning it off.
and the [commit][7]:
> These driver functions contain several bugs and security holes. This
> change makes these functions optional can be turned on by a setting,
> they are turned off by default for modeset driver with the exception of
> the nouvea driver that may require them with an old version of libdrm.
Referenced earlier commit elaborates that
> libdrm_nouveau before 2.4.33 used contexts
Since nixpkgs here has a much newer version (2.4.33 is from March 2012),
should not be a concern.
NOUVEAU_LEGACY_CTX_SUPPORT is also “not set” in the linked Arch, Debian,
& Fedora configs.
[1]: https://github.com/archlinux/svntogit-packages/blob/66d72ee54afc604391b618fc3eecc43f29e479e8/trunk/config#L6637
[2]: https://salsa.debian.org/kernel-team/linux/-/blob/07731f5956cf29876a7abc13f4ecbdf4d9459592/debian/config/config#L713
[3]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_1528
[4]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/38#issuecomment-608639217
[5]: https://docs.clip-os.org/clipos/kernel.html#configuration
[6]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/Kconfig#n421
[7]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b30a43ac7132cdda833ac4b13dd1ebd35ace14b7
2022-08-27 21:10:06 +00:00
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# Allow specifying custom EDID on the kernel command line
|
|
|
|
|
DRM_LOAD_EDID_FIRMWARE = yes;
|
|
|
|
|
VGA_SWITCHEROO = yes; # Hybrid graphics support
|
2021-03-24 14:03:46 +00:00
|
|
|
|
DRM_GMA500 = whenAtLeast "5.12" module;
|
2021-06-14 12:25:02 +00:00
|
|
|
|
DRM_GMA600 = whenOlder "5.13" yes;
|
2021-03-24 14:03:46 +00:00
|
|
|
|
DRM_GMA3600 = whenOlder "5.12" yes;
|
2023-02-02 20:54:46 +00:00
|
|
|
|
DRM_VMWGFX_FBCON = whenOlder "6.2" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# (experimental) amdgpu support for verde and newer chipsets
|
2022-02-11 12:54:45 +00:00
|
|
|
|
DRM_AMDGPU_SI = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# (stable) amdgpu support for bonaire and newer chipsets
|
2022-02-11 12:54:45 +00:00
|
|
|
|
DRM_AMDGPU_CIK = yes;
|
2019-08-06 22:29:54 +00:00
|
|
|
|
# Allow device firmware updates
|
2022-02-11 12:54:45 +00:00
|
|
|
|
DRM_DP_AUX_CHARDEV = yes;
|
2021-01-12 11:29:07 +00:00
|
|
|
|
# amdgpu display core (DC) support
|
|
|
|
|
DRM_AMD_DC_DCN1_0 = whenBetween "4.15" "5.6" yes;
|
|
|
|
|
DRM_AMD_DC_PRE_VEGA = whenBetween "4.15" "4.18" yes;
|
|
|
|
|
DRM_AMD_DC_DCN2_0 = whenBetween "5.3" "5.6" yes;
|
|
|
|
|
DRM_AMD_DC_DCN2_1 = whenBetween "5.4" "5.6" yes;
|
|
|
|
|
DRM_AMD_DC_DCN3_0 = whenBetween "5.9" "5.11" yes;
|
2023-05-08 17:56:21 +00:00
|
|
|
|
DRM_AMD_DC_DCN = whenBetween "5.11" "6.4" yes;
|
2023-05-14 13:11:58 +00:00
|
|
|
|
DRM_AMD_DC_FP = whenAtLeast "6.4" yes;
|
2023-05-08 17:56:21 +00:00
|
|
|
|
DRM_AMD_DC_HDCP = whenBetween "5.5" "6.4" yes;
|
2021-01-12 11:29:07 +00:00
|
|
|
|
DRM_AMD_DC_SI = whenAtLeast "5.10" yes;
|
2018-06-30 11:01:22 +00:00
|
|
|
|
} // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") {
|
|
|
|
|
# Intel GVT-g graphics virtualization supports 64-bit only
|
2016-01-05 14:22:43 +00:00
|
|
|
|
DRM_I915_GVT = whenAtLeast "4.16" yes;
|
|
|
|
|
DRM_I915_GVT_KVMGT = whenAtLeast "4.16" module;
|
2022-04-15 22:27:40 +00:00
|
|
|
|
# Enable Hyper-V Synthetic DRM Driver
|
|
|
|
|
DRM_HYPERV = whenAtLeast "5.14" module;
|
2022-06-10 09:20:50 +00:00
|
|
|
|
} // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") {
|
|
|
|
|
# enable HDMI-CEC on RPi boards
|
2022-11-19 02:48:31 +00:00
|
|
|
|
DRM_VC4_HDMI_CEC = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sound = {
|
|
|
|
|
SND_DYNAMIC_MINORS = yes;
|
|
|
|
|
SND_AC97_POWER_SAVE = yes; # AC97 Power-Saving Mode
|
|
|
|
|
SND_HDA_INPUT_BEEP = yes; # Support digital beep via input layer
|
|
|
|
|
SND_HDA_RECONFIG = yes; # Support reconfiguration of jack functions
|
|
|
|
|
# Support configuring jack functions via fw mechanism at boot
|
|
|
|
|
SND_HDA_PATCH_LOADER = yes;
|
2020-04-17 06:43:49 +00:00
|
|
|
|
SND_HDA_CODEC_CA0132_DSP = whenOlder "5.7" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon
|
2019-02-18 16:11:37 +00:00
|
|
|
|
SND_OSSEMUL = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
SND_USB_CAIAQ_INPUT = yes;
|
2020-04-29 03:34:41 +00:00
|
|
|
|
# Enable Sound Open Firmware support
|
|
|
|
|
} // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" &&
|
|
|
|
|
versionAtLeast version "5.5") {
|
2022-01-10 02:33:41 +00:00
|
|
|
|
SND_SOC_INTEL_SOUNDWIRE_SOF_MACH = whenAtLeast "5.10" module;
|
|
|
|
|
SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES = whenAtLeast "5.10" yes; # dep of SOF_MACH
|
2022-01-10 14:11:49 +00:00
|
|
|
|
SND_SOC_SOF_INTEL_SOUNDWIRE_LINK = whenBetween "5.10" "5.11" yes; # dep of SOF_MACH
|
2020-04-29 03:34:41 +00:00
|
|
|
|
SND_SOC_SOF_TOPLEVEL = yes;
|
|
|
|
|
SND_SOC_SOF_ACPI = module;
|
|
|
|
|
SND_SOC_SOF_PCI = module;
|
2021-03-24 14:03:46 +00:00
|
|
|
|
SND_SOC_SOF_APOLLOLAKE = whenAtLeast "5.12" module;
|
|
|
|
|
SND_SOC_SOF_APOLLOLAKE_SUPPORT = whenOlder "5.12" yes;
|
|
|
|
|
SND_SOC_SOF_CANNONLAKE = whenAtLeast "5.12" module;
|
|
|
|
|
SND_SOC_SOF_CANNONLAKE_SUPPORT = whenOlder "5.12" yes;
|
|
|
|
|
SND_SOC_SOF_COFFEELAKE = whenAtLeast "5.12" module;
|
|
|
|
|
SND_SOC_SOF_COFFEELAKE_SUPPORT = whenOlder "5.12" yes;
|
|
|
|
|
SND_SOC_SOF_COMETLAKE = whenAtLeast "5.12" module;
|
2020-07-10 14:23:46 +00:00
|
|
|
|
SND_SOC_SOF_COMETLAKE_H_SUPPORT = whenOlder "5.8" yes;
|
2021-03-24 14:03:46 +00:00
|
|
|
|
SND_SOC_SOF_COMETLAKE_LP_SUPPORT = whenOlder "5.12" yes;
|
|
|
|
|
SND_SOC_SOF_ELKHARTLAKE = whenAtLeast "5.12" module;
|
|
|
|
|
SND_SOC_SOF_ELKHARTLAKE_SUPPORT = whenOlder "5.12" yes;
|
|
|
|
|
SND_SOC_SOF_GEMINILAKE = whenAtLeast "5.12" module;
|
|
|
|
|
SND_SOC_SOF_GEMINILAKE_SUPPORT = whenOlder "5.12" yes;
|
2020-04-29 03:34:41 +00:00
|
|
|
|
SND_SOC_SOF_HDA_AUDIO_CODEC = yes;
|
2020-06-10 12:07:15 +00:00
|
|
|
|
SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = whenOlder "5.7" yes;
|
2020-04-29 03:34:41 +00:00
|
|
|
|
SND_SOC_SOF_HDA_LINK = yes;
|
2021-03-24 14:03:46 +00:00
|
|
|
|
SND_SOC_SOF_ICELAKE = whenAtLeast "5.12" module;
|
|
|
|
|
SND_SOC_SOF_ICELAKE_SUPPORT = whenOlder "5.12" yes;
|
2020-04-29 03:34:41 +00:00
|
|
|
|
SND_SOC_SOF_INTEL_TOPLEVEL = yes;
|
2021-03-24 14:03:46 +00:00
|
|
|
|
SND_SOC_SOF_JASPERLAKE = whenAtLeast "5.12" module;
|
|
|
|
|
SND_SOC_SOF_JASPERLAKE_SUPPORT = whenOlder "5.12" yes;
|
|
|
|
|
SND_SOC_SOF_MERRIFIELD = whenAtLeast "5.12" module;
|
|
|
|
|
SND_SOC_SOF_MERRIFIELD_SUPPORT = whenOlder "5.12" yes;
|
|
|
|
|
SND_SOC_SOF_TIGERLAKE = whenAtLeast "5.12" module;
|
|
|
|
|
SND_SOC_SOF_TIGERLAKE_SUPPORT = whenOlder "5.12" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
usb-serial = {
|
|
|
|
|
USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver
|
|
|
|
|
} // optionalAttrs (versionOlder version "4.16") {
|
2018-06-30 11:05:29 +00:00
|
|
|
|
# Include firmware for various USB serial devices.
|
|
|
|
|
# Only applicable for kernels below 4.16, after that no firmware is shipped in the kernel tree.
|
2018-06-22 23:54:44 +00:00
|
|
|
|
USB_SERIAL_KEYSPAN_MPR = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
USB_SERIAL_KEYSPAN_USA28 = yes;
|
|
|
|
|
USB_SERIAL_KEYSPAN_USA28X = yes;
|
|
|
|
|
USB_SERIAL_KEYSPAN_USA28XA = yes;
|
|
|
|
|
USB_SERIAL_KEYSPAN_USA28XB = yes;
|
|
|
|
|
USB_SERIAL_KEYSPAN_USA19 = yes;
|
|
|
|
|
USB_SERIAL_KEYSPAN_USA18X = yes;
|
|
|
|
|
USB_SERIAL_KEYSPAN_USA19W = yes;
|
|
|
|
|
USB_SERIAL_KEYSPAN_USA19QW = yes;
|
|
|
|
|
USB_SERIAL_KEYSPAN_USA19QI = yes;
|
|
|
|
|
USB_SERIAL_KEYSPAN_USA49W = yes;
|
|
|
|
|
USB_SERIAL_KEYSPAN_USA49WLC = yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
usb = {
|
2018-10-03 09:49:50 +00:00
|
|
|
|
USB_DEBUG = { optional = true; tristate = whenOlder "4.18" "n";};
|
2016-01-05 14:22:43 +00:00
|
|
|
|
USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators
|
|
|
|
|
USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling
|
2019-06-14 22:15:12 +00:00
|
|
|
|
USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies)
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Filesystem options - in particular, enable extended attributes and
|
|
|
|
|
# ACLs for all filesystems that support them.
|
|
|
|
|
filesystem = {
|
2022-03-15 17:43:54 +00:00
|
|
|
|
FANOTIFY = yes;
|
|
|
|
|
FANOTIFY_ACCESS_PERMISSIONS = yes;
|
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
TMPFS = yes;
|
|
|
|
|
TMPFS_POSIX_ACL = yes;
|
2022-10-23 16:28:32 +00:00
|
|
|
|
FS_ENCRYPTION = if (versionAtLeast version "5.1") then yes else option module;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
EXT2_FS_XATTR = yes;
|
|
|
|
|
EXT2_FS_POSIX_ACL = yes;
|
|
|
|
|
EXT2_FS_SECURITY = yes;
|
|
|
|
|
|
|
|
|
|
EXT3_FS_POSIX_ACL = yes;
|
|
|
|
|
EXT3_FS_SECURITY = yes;
|
|
|
|
|
|
|
|
|
|
EXT4_FS_POSIX_ACL = yes;
|
|
|
|
|
EXT4_FS_SECURITY = yes;
|
2022-03-19 23:04:51 +00:00
|
|
|
|
EXT4_ENCRYPTION = whenOlder "5.1" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2022-08-09 20:43:56 +00:00
|
|
|
|
NTFS_FS = whenAtLeast "5.15" no;
|
|
|
|
|
NTFS3_LZX_XPRESS = whenAtLeast "5.15" yes;
|
|
|
|
|
NTFS3_FS_POSIX_ACL = whenAtLeast "5.15" yes;
|
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
REISERFS_FS_XATTR = option yes;
|
|
|
|
|
REISERFS_FS_POSIX_ACL = option yes;
|
|
|
|
|
REISERFS_FS_SECURITY = option yes;
|
|
|
|
|
|
|
|
|
|
JFS_POSIX_ACL = option yes;
|
|
|
|
|
JFS_SECURITY = option yes;
|
|
|
|
|
|
|
|
|
|
XFS_QUOTA = option yes;
|
|
|
|
|
XFS_POSIX_ACL = option yes;
|
|
|
|
|
XFS_RT = option yes; # XFS Realtime subvolume support
|
2022-10-12 18:10:07 +00:00
|
|
|
|
XFS_ONLINE_SCRUB = option yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
OCFS2_DEBUG_MASKLOG = option no;
|
|
|
|
|
|
|
|
|
|
BTRFS_FS_POSIX_ACL = yes;
|
|
|
|
|
|
|
|
|
|
UBIFS_FS_ADVANCED_COMPR = option yes;
|
|
|
|
|
|
|
|
|
|
F2FS_FS = module;
|
|
|
|
|
F2FS_FS_SECURITY = option yes;
|
2022-03-19 23:04:51 +00:00
|
|
|
|
F2FS_FS_ENCRYPTION = whenOlder "5.1" yes;
|
2021-01-22 21:35:34 +00:00
|
|
|
|
F2FS_FS_COMPRESSION = whenAtLeast "5.6" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
UDF_FS = module;
|
|
|
|
|
|
2023-02-02 20:54:46 +00:00
|
|
|
|
NFSD_V2_ACL = whenOlder "6.2" yes;
|
2022-05-23 09:19:42 +00:00
|
|
|
|
NFSD_V3 = whenOlder "5.18" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
NFSD_V3_ACL = yes;
|
|
|
|
|
NFSD_V4 = yes;
|
2018-06-22 23:54:44 +00:00
|
|
|
|
NFSD_V4_SECURITY_LABEL = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
NFS_FSCACHE = yes;
|
2018-06-22 23:54:44 +00:00
|
|
|
|
NFS_SWAP = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
NFS_V3_ACL = yes;
|
2018-06-22 23:54:44 +00:00
|
|
|
|
NFS_V4_1 = yes; # NFSv4.1 client support
|
|
|
|
|
NFS_V4_2 = yes;
|
|
|
|
|
NFS_V4_SECURITY_LABEL = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
CIFS_XATTR = yes;
|
2018-12-21 14:10:17 +00:00
|
|
|
|
CIFS_POSIX = option yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
CIFS_FSCACHE = yes;
|
2018-08-27 01:50:19 +00:00
|
|
|
|
CIFS_STATS = whenOlder "4.19" yes;
|
2021-10-21 19:27:44 +00:00
|
|
|
|
CIFS_WEAK_PW_HASH = whenOlder "5.15" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
CIFS_UPCALL = yes;
|
2020-05-26 12:09:20 +00:00
|
|
|
|
CIFS_ACL = whenOlder "5.3" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
CIFS_DFS_UPCALL = yes;
|
|
|
|
|
|
2018-06-22 23:54:44 +00:00
|
|
|
|
CEPH_FSCACHE = yes;
|
|
|
|
|
CEPH_FS_POSIX_ACL = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2018-06-22 23:54:44 +00:00
|
|
|
|
SQUASHFS_FILE_DIRECT = yes;
|
2023-02-02 20:54:46 +00:00
|
|
|
|
SQUASHFS_DECOMP_MULTI_PERCPU = whenOlder "6.2" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
SQUASHFS_XATTR = yes;
|
|
|
|
|
SQUASHFS_ZLIB = yes;
|
|
|
|
|
SQUASHFS_LZO = yes;
|
|
|
|
|
SQUASHFS_XZ = yes;
|
2018-06-22 23:54:44 +00:00
|
|
|
|
SQUASHFS_LZ4 = yes;
|
2022-11-19 02:48:31 +00:00
|
|
|
|
SQUASHFS_ZSTD = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
# Native Language Support modules, needed by some filesystems
|
2018-06-22 23:54:44 +00:00
|
|
|
|
NLS = yes;
|
2018-10-03 09:49:50 +00:00
|
|
|
|
NLS_DEFAULT = freeform "utf8";
|
2018-06-22 23:54:44 +00:00
|
|
|
|
NLS_UTF8 = module;
|
2018-06-30 11:05:29 +00:00
|
|
|
|
NLS_CODEPAGE_437 = module; # VFAT default for the codepage= mount option
|
|
|
|
|
NLS_ISO8859_1 = module; # VFAT default for the iocharset= mount option
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2022-02-18 01:26:55 +00:00
|
|
|
|
# Needed to use the installation iso image. Not included in all defconfigs (e.g. arm64)
|
|
|
|
|
ISO9660_FS = module;
|
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
DEVTMPFS = yes;
|
2021-01-29 12:38:41 +00:00
|
|
|
|
|
|
|
|
|
UNICODE = whenAtLeast "5.2" yes; # Casefolding support for filesystems
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
security = {
|
2022-11-19 02:48:31 +00:00
|
|
|
|
FORTIFY_SOURCE = option yes;
|
2022-01-10 20:44:59 +00:00
|
|
|
|
|
2022-01-09 19:41:33 +00:00
|
|
|
|
# https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
|
|
|
|
|
DEBUG_LIST = yes;
|
2022-08-27 15:40:23 +00:00
|
|
|
|
HARDENED_USERCOPY = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
RANDOMIZE_BASE = option yes;
|
2022-01-10 20:45:21 +00:00
|
|
|
|
STRICT_DEVMEM = mkDefault yes; # Filter access to /dev/mem
|
2022-02-11 12:54:45 +00:00
|
|
|
|
IO_STRICT_DEVMEM = mkDefault yes;
|
2020-05-26 12:09:20 +00:00
|
|
|
|
SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# Prevent processes from ptracing non-children processes
|
|
|
|
|
SECURITY_YAMA = option yes;
|
2021-08-12 12:07:12 +00:00
|
|
|
|
# The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes.
|
|
|
|
|
# This does not have any effect if a program does not support it
|
|
|
|
|
SECURITY_LANDLOCK = whenAtLeast "5.13" yes;
|
2021-06-14 12:25:02 +00:00
|
|
|
|
DEVKMEM = whenOlder "5.13" no; # Disable /dev/kmem
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2018-06-22 23:54:44 +00:00
|
|
|
|
USER_NS = yes; # Support for user namespaces
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
SECURITY_APPARMOR = yes;
|
|
|
|
|
DEFAULT_SECURITY_APPARMOR = yes;
|
|
|
|
|
|
2023-02-02 20:54:46 +00:00
|
|
|
|
RANDOM_TRUST_CPU = whenOlder "6.2" (whenAtLeast "4.19" yes); # allow RDRAND to seed the RNG
|
|
|
|
|
RANDOM_TRUST_BOOTLOADER = whenOlder "6.2" (whenAtLeast "5.4" yes); # allow the bootloader to seed the RNG
|
2021-02-24 04:35:03 +00:00
|
|
|
|
|
2020-12-23 06:33:25 +00:00
|
|
|
|
MODULE_SIG = no; # r13y, generates a random key during build and bakes it in
|
|
|
|
|
# Depends on MODULE_SIG and only really helps when you sign your modules
|
|
|
|
|
# and enforce signatures which we don't do by default.
|
2022-03-19 23:04:51 +00:00
|
|
|
|
SECURITY_LOCKDOWN_LSM = whenAtLeast "5.4" no;
|
2022-08-02 07:03:56 +00:00
|
|
|
|
|
|
|
|
|
# provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis
|
|
|
|
|
PERSISTENT_KEYRINGS = yes;
|
|
|
|
|
# enable temporary caching of the last request_key() result
|
|
|
|
|
KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
} // optionalAttrs (!stdenv.hostPlatform.isAarch32) {
|
|
|
|
|
|
|
|
|
|
# Detect buffer overflows on the stack
|
2018-10-03 09:49:50 +00:00
|
|
|
|
CC_STACKPROTECTOR_REGULAR = {optional = true; tristate = whenOlder "4.18" "y";};
|
2022-01-04 23:19:09 +00:00
|
|
|
|
} // optionalAttrs stdenv.hostPlatform.isx86_64 {
|
2021-11-29 07:03:26 +00:00
|
|
|
|
# Enable Intel SGX
|
|
|
|
|
X86_SGX = whenAtLeast "5.11" yes;
|
|
|
|
|
# Allow KVM guests to load SGX enclaves
|
|
|
|
|
X86_SGX_KVM = whenAtLeast "5.13" yes;
|
2022-12-01 10:32:45 +00:00
|
|
|
|
|
|
|
|
|
# AMD Cryptographic Coprocessor (CCP)
|
|
|
|
|
CRYPTO_DEV_CCP = yes;
|
|
|
|
|
# AMD SME
|
|
|
|
|
AMD_MEM_ENCRYPT = yes;
|
|
|
|
|
# AMD SEV and AMD SEV-SE
|
|
|
|
|
KVM_AMD_SEV = whenAtLeast "4.16" yes;
|
|
|
|
|
# AMD SEV-SNP
|
|
|
|
|
SEV_GUEST = whenAtLeast "5.19" module;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
microcode = {
|
|
|
|
|
MICROCODE = yes;
|
|
|
|
|
MICROCODE_INTEL = yes;
|
|
|
|
|
MICROCODE_AMD = yes;
|
|
|
|
|
# Write Back Throttling
|
|
|
|
|
# https://lwn.net/Articles/682582/
|
|
|
|
|
# https://bugzilla.kernel.org/show_bug.cgi?id=12309#c655
|
|
|
|
|
BLK_WBT = yes;
|
2019-01-07 12:57:32 +00:00
|
|
|
|
BLK_WBT_SQ = whenOlder "5.0" yes; # Removed in 5.0-RC1
|
2016-01-05 14:22:43 +00:00
|
|
|
|
BLK_WBT_MQ = yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
container = {
|
2018-11-13 01:13:00 +00:00
|
|
|
|
NAMESPACES = yes; # Required by 'unshare' used by 'nixos-install'
|
2016-01-05 14:22:43 +00:00
|
|
|
|
RT_GROUP_SCHED = no;
|
2018-11-13 01:13:00 +00:00
|
|
|
|
CGROUP_DEVICE = yes;
|
|
|
|
|
CGROUP_HUGETLB = yes;
|
|
|
|
|
CGROUP_PERF = yes;
|
2022-11-19 02:48:31 +00:00
|
|
|
|
CGROUP_RDMA = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2018-06-22 23:54:44 +00:00
|
|
|
|
MEMCG = yes;
|
2022-10-31 13:21:39 +00:00
|
|
|
|
MEMCG_SWAP = whenOlder "6.1" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
BLK_DEV_THROTTLING = yes;
|
2019-01-07 12:57:32 +00:00
|
|
|
|
CFQ_GROUP_IOSCHED = whenOlder "5.0" yes; # Removed in 5.0-RC1
|
2022-02-11 12:54:45 +00:00
|
|
|
|
CGROUP_PIDS = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
staging = {
|
|
|
|
|
# Enable staging drivers. These are somewhat experimental, but
|
|
|
|
|
# they generally don't hurt.
|
|
|
|
|
STAGING = yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
proc-events = {
|
|
|
|
|
# PROC_EVENTS requires that the netlink connector is not built
|
|
|
|
|
# as a module. This is required by libcgroup's cgrulesengd.
|
|
|
|
|
CONNECTOR = yes;
|
|
|
|
|
PROC_EVENTS = yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
tracing = {
|
|
|
|
|
FTRACE = yes;
|
|
|
|
|
KPROBES = yes;
|
|
|
|
|
FUNCTION_TRACER = yes;
|
|
|
|
|
FTRACE_SYSCALLS = yes;
|
|
|
|
|
SCHED_TRACER = yes;
|
|
|
|
|
STACK_TRACER = yes;
|
2022-11-19 02:48:31 +00:00
|
|
|
|
UPROBE_EVENTS = option yes;
|
2022-02-11 12:54:45 +00:00
|
|
|
|
BPF_SYSCALL = yes;
|
2022-03-21 01:19:07 +00:00
|
|
|
|
BPF_UNPRIV_DEFAULT_OFF = whenBetween "5.10" "5.16" yes;
|
2022-02-11 12:54:45 +00:00
|
|
|
|
BPF_EVENTS = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
FUNCTION_PROFILER = yes;
|
|
|
|
|
RING_BUFFER_BENCHMARK = no;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation = {
|
|
|
|
|
PARAVIRT = option yes;
|
|
|
|
|
|
2021-04-05 10:01:58 +00:00
|
|
|
|
HYPERVISOR_GUEST = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
PARAVIRT_SPINLOCKS = option yes;
|
|
|
|
|
|
|
|
|
|
KVM_ASYNC_PF = yes;
|
2022-02-11 12:54:45 +00:00
|
|
|
|
KVM_GENERIC_DIRTYLOG_READ_PROTECT = yes;
|
2021-04-05 10:01:58 +00:00
|
|
|
|
KVM_GUEST = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
KVM_MMIO = yes;
|
2018-06-22 23:54:44 +00:00
|
|
|
|
KVM_VFIO = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
KSM = yes;
|
|
|
|
|
VIRT_DRIVERS = yes;
|
2021-04-01 18:32:45 +00:00
|
|
|
|
# We need 64 GB (PAE) support for Xen guest support
|
2018-10-03 09:49:50 +00:00
|
|
|
|
HIGHMEM64G = { optional = true; tristate = mkIf (!stdenv.is64bit) "y";};
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2018-10-03 09:49:50 +00:00
|
|
|
|
VFIO_PCI_VGA = mkIf stdenv.is64bit yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2019-05-04 19:13:26 +00:00
|
|
|
|
# VirtualBox guest drivers in the kernel conflict with the ones in the
|
|
|
|
|
# official additions package and prevent the vboxsf module from loading,
|
|
|
|
|
# so disable them for now.
|
|
|
|
|
VBOXGUEST = option no;
|
|
|
|
|
DRM_VBOXVIDEO = option no;
|
|
|
|
|
|
2021-04-01 17:30:29 +00:00
|
|
|
|
XEN = option yes;
|
|
|
|
|
XEN_DOM0 = option yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
PCI_XEN = option yes;
|
|
|
|
|
HVC_XEN = option yes;
|
|
|
|
|
HVC_XEN_FRONTEND = option yes;
|
|
|
|
|
XEN_SYS_HYPERVISOR = option yes;
|
|
|
|
|
SWIOTLB_XEN = option yes;
|
|
|
|
|
XEN_BACKEND = option yes;
|
|
|
|
|
XEN_BALLOON = option yes;
|
|
|
|
|
XEN_BALLOON_MEMORY_HOTPLUG = option yes;
|
|
|
|
|
XEN_EFI = option yes;
|
|
|
|
|
XEN_HAVE_PVMMU = option yes;
|
|
|
|
|
XEN_MCE_LOG = option yes;
|
|
|
|
|
XEN_PVH = option yes;
|
|
|
|
|
XEN_PVHVM = option yes;
|
|
|
|
|
XEN_SAVE_RESTORE = option yes;
|
2022-03-19 23:04:51 +00:00
|
|
|
|
XEN_SCRUB_PAGES = whenOlder "4.19" yes;
|
|
|
|
|
XEN_SELFBALLOONING = whenOlder "5.3" yes;
|
2023-02-27 21:39:23 +00:00
|
|
|
|
|
|
|
|
|
# Enable device detection on virtio-mmio hypervisors
|
|
|
|
|
VIRTIO_MMIO_CMDLINE_DEVICES = yes;
|
2021-04-01 17:30:29 +00:00
|
|
|
|
};
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
media = {
|
|
|
|
|
MEDIA_DIGITAL_TV_SUPPORT = yes;
|
|
|
|
|
MEDIA_CAMERA_SUPPORT = yes;
|
2019-01-07 12:57:32 +00:00
|
|
|
|
MEDIA_CONTROLLER = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
MEDIA_PCI_SUPPORT = yes;
|
|
|
|
|
MEDIA_USB_SUPPORT = yes;
|
|
|
|
|
MEDIA_ANALOG_TV_SUPPORT = yes;
|
|
|
|
|
VIDEO_STK1160_COMMON = module;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"9p" = {
|
|
|
|
|
# Enable the 9P cache to speed up NixOS VM tests.
|
|
|
|
|
"9P_FSCACHE" = option yes;
|
|
|
|
|
"9P_FS_POSIX_ACL" = option yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
huge-page = {
|
|
|
|
|
TRANSPARENT_HUGEPAGE = option yes;
|
|
|
|
|
TRANSPARENT_HUGEPAGE_ALWAYS = option no;
|
|
|
|
|
TRANSPARENT_HUGEPAGE_MADVISE = option yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
zram = {
|
2023-05-16 17:05:33 +00:00
|
|
|
|
ZRAM = module;
|
|
|
|
|
ZRAM_WRITEBACK = option yes;
|
|
|
|
|
ZSWAP = option yes;
|
|
|
|
|
ZBUD = option yes;
|
|
|
|
|
ZSMALLOC = module;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
brcmfmac = {
|
|
|
|
|
# Enable PCIe and USB for the brcmfmac driver
|
|
|
|
|
BRCMFMAC_USB = option yes;
|
|
|
|
|
BRCMFMAC_PCIE = option yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Support x2APIC (which requires IRQ remapping)
|
2018-08-20 19:11:29 +00:00
|
|
|
|
x2apic = optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") {
|
2016-01-05 14:22:43 +00:00
|
|
|
|
X86_X2APIC = yes;
|
|
|
|
|
IRQ_REMAP = yes;
|
|
|
|
|
};
|
|
|
|
|
|
2018-06-30 11:05:29 +00:00
|
|
|
|
# Disable various self-test modules that have no use in a production system
|
2016-01-05 14:22:43 +00:00
|
|
|
|
tests = {
|
|
|
|
|
# This menu disables all/most of them on >= 4.16
|
|
|
|
|
RUNTIME_TESTING_MENU = option no;
|
|
|
|
|
} // optionalAttrs (versionOlder version "4.16") {
|
2018-06-30 11:05:29 +00:00
|
|
|
|
# For older kernels, painstakingly disable each symbol.
|
2016-01-05 14:22:43 +00:00
|
|
|
|
ARM_KPROBES_TEST = option no;
|
|
|
|
|
ASYNC_RAID6_TEST = option no;
|
|
|
|
|
ATOMIC64_SELFTEST = option no;
|
|
|
|
|
BACKTRACE_SELF_TEST = option no;
|
|
|
|
|
INTERVAL_TREE_TEST = option no;
|
|
|
|
|
PERCPU_TEST = option no;
|
|
|
|
|
RBTREE_TEST = option no;
|
|
|
|
|
TEST_BITMAP = option no;
|
|
|
|
|
TEST_BPF = option no;
|
|
|
|
|
TEST_FIRMWARE = option no;
|
|
|
|
|
TEST_HASH = option no;
|
|
|
|
|
TEST_HEXDUMP = option no;
|
|
|
|
|
TEST_KMOD = option no;
|
|
|
|
|
TEST_KSTRTOX = option no;
|
|
|
|
|
TEST_LIST_SORT = option no;
|
|
|
|
|
TEST_LKM = option no;
|
|
|
|
|
TEST_PARMAN = option no;
|
|
|
|
|
TEST_PRINTF = option no;
|
|
|
|
|
TEST_RHASHTABLE = option no;
|
|
|
|
|
TEST_SORT = option no;
|
|
|
|
|
TEST_STATIC_KEYS = option no;
|
|
|
|
|
TEST_STRING_HELPERS = option no;
|
|
|
|
|
TEST_UDELAY = option no;
|
|
|
|
|
TEST_USER_COPY = option no;
|
|
|
|
|
TEST_UUID = option no;
|
|
|
|
|
} // {
|
|
|
|
|
CRC32_SELFTEST = option no;
|
|
|
|
|
CRYPTO_TEST = option no;
|
|
|
|
|
EFI_TEST = option no;
|
|
|
|
|
GLOB_SELFTEST = option no;
|
2018-10-03 09:49:50 +00:00
|
|
|
|
DRM_DEBUG_MM_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";};
|
|
|
|
|
LNET_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";};
|
2016-01-05 14:22:43 +00:00
|
|
|
|
LOCK_TORTURE_TEST = option no;
|
|
|
|
|
MTD_TESTS = option no;
|
|
|
|
|
NOTIFIER_ERROR_INJECTION = option no;
|
2022-10-23 16:28:32 +00:00
|
|
|
|
RCU_PERF_TEST = whenOlder "5.9" no;
|
2022-03-19 23:04:51 +00:00
|
|
|
|
RCU_SCALE_TEST = whenAtLeast "5.10" no;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
RCU_TORTURE_TEST = option no;
|
|
|
|
|
TEST_ASYNC_DRIVER_PROBE = option no;
|
|
|
|
|
WW_MUTEX_SELFTEST = option no;
|
|
|
|
|
XZ_DEC_TEST = option no;
|
2019-05-08 17:40:39 +00:00
|
|
|
|
};
|
|
|
|
|
|
2021-02-15 21:48:12 +00:00
|
|
|
|
criu = if (versionAtLeast version "4.19") then {
|
|
|
|
|
# Unconditionally enabled, because it is required for CRIU and
|
|
|
|
|
# it provides the kcmp() system call that Mesa depends on.
|
|
|
|
|
CHECKPOINT_RESTORE = yes;
|
|
|
|
|
} else optionalAttrs (features.criu or false) ({
|
|
|
|
|
# For older kernels, CHECKPOINT_RESTORE is hidden behind EXPERT.
|
2016-01-05 14:22:43 +00:00
|
|
|
|
EXPERT = yes;
|
|
|
|
|
CHECKPOINT_RESTORE = yes;
|
|
|
|
|
} // optionalAttrs (features.criu_revert_expert or true) {
|
|
|
|
|
RFKILL_INPUT = option yes;
|
|
|
|
|
HID_PICOLCD_FB = option yes;
|
|
|
|
|
HID_PICOLCD_BACKLIGHT = option yes;
|
|
|
|
|
HID_PICOLCD_LCD = option yes;
|
|
|
|
|
HID_PICOLCD_LEDS = option yes;
|
|
|
|
|
HID_PICOLCD_CIR = option yes;
|
|
|
|
|
DEBUG_MEMORY_INIT = option yes;
|
|
|
|
|
});
|
|
|
|
|
|
2021-04-03 08:46:30 +00:00
|
|
|
|
misc = let
|
|
|
|
|
# Use zstd for kernel compression if 64-bit and newer than 5.9, otherwise xz.
|
|
|
|
|
# i686 issues: https://github.com/NixOS/nixpkgs/pull/117961#issuecomment-812106375
|
|
|
|
|
useZstd = stdenv.buildPlatform.is64bit && versionAtLeast version "5.9";
|
|
|
|
|
in {
|
|
|
|
|
KERNEL_XZ = mkIf (!useZstd) yes;
|
|
|
|
|
KERNEL_ZSTD = mkIf useZstd yes;
|
|
|
|
|
|
2019-09-05 15:22:13 +00:00
|
|
|
|
HID_BATTERY_STRENGTH = yes;
|
2020-05-02 12:06:43 +00:00
|
|
|
|
# enabled by default in x86_64 but not arm64, so we do that here
|
|
|
|
|
HIDRAW = yes;
|
|
|
|
|
|
2020-06-11 10:41:59 +00:00
|
|
|
|
HID_ACRUX_FF = yes;
|
|
|
|
|
DRAGONRISE_FF = yes;
|
2022-01-24 10:01:59 +00:00
|
|
|
|
GREENASIA_FF = yes;
|
2020-06-11 10:41:59 +00:00
|
|
|
|
HOLTEK_FF = yes;
|
2022-11-19 02:48:31 +00:00
|
|
|
|
JOYSTICK_PSXPAD_SPI_FF = yes;
|
2022-01-24 10:01:59 +00:00
|
|
|
|
LOGIG940_FF = yes;
|
|
|
|
|
NINTENDO_FF = whenAtLeast "5.16" yes;
|
|
|
|
|
PLAYSTATION_FF = whenAtLeast "5.12" yes;
|
2020-06-11 10:41:59 +00:00
|
|
|
|
SONY_FF = yes;
|
|
|
|
|
SMARTJOYPLUS_FF = yes;
|
|
|
|
|
THRUSTMASTER_FF = yes;
|
|
|
|
|
ZEROPLUS_FF = yes;
|
|
|
|
|
|
2021-06-14 12:25:02 +00:00
|
|
|
|
MODULE_COMPRESS = whenOlder "5.13" yes;
|
2018-06-22 23:54:44 +00:00
|
|
|
|
MODULE_COMPRESS_XZ = yes;
|
2020-12-12 04:56:33 +00:00
|
|
|
|
|
2020-04-05 03:18:36 +00:00
|
|
|
|
SYSVIPC = yes; # System-V IPC
|
|
|
|
|
|
2020-05-10 21:34:19 +00:00
|
|
|
|
AIO = yes; # POSIX asynchronous I/O
|
|
|
|
|
|
2018-06-22 23:54:44 +00:00
|
|
|
|
UNIX = yes; # Unix domain sockets.
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2018-06-22 23:54:44 +00:00
|
|
|
|
MD = yes; # Device mapper (RAID, LVM, etc.)
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
# Enable initrd support.
|
|
|
|
|
BLK_DEV_INITRD = yes;
|
|
|
|
|
|
|
|
|
|
PM_TRACE_RTC = no; # Disable some expensive (?) features.
|
|
|
|
|
ACCESSIBILITY = yes; # Accessibility support
|
|
|
|
|
AUXDISPLAY = yes; # Auxiliary Display support
|
|
|
|
|
DONGLE = whenOlder "4.17" yes; # Serial dongle support
|
|
|
|
|
HIPPI = yes;
|
|
|
|
|
MTD_COMPLEX_MAPPINGS = yes; # needed for many devices
|
|
|
|
|
|
|
|
|
|
SCSI_LOWLEVEL = yes; # enable lots of SCSI devices
|
|
|
|
|
SCSI_LOWLEVEL_PCMCIA = yes;
|
|
|
|
|
SCSI_SAS_ATA = yes; # added to enable detection of hard drive
|
|
|
|
|
|
|
|
|
|
SPI = yes; # needed for many devices
|
|
|
|
|
SPI_MASTER = yes;
|
|
|
|
|
|
|
|
|
|
"8139TOO_8129" = yes;
|
|
|
|
|
"8139TOO_PIO" = no; # PIO is slower
|
|
|
|
|
|
|
|
|
|
AIC79XX_DEBUG_ENABLE = no;
|
|
|
|
|
AIC7XXX_DEBUG_ENABLE = no;
|
|
|
|
|
AIC94XX_DEBUG = no;
|
|
|
|
|
|
|
|
|
|
BLK_DEV_INTEGRITY = yes;
|
|
|
|
|
|
2022-11-19 02:48:31 +00:00
|
|
|
|
BLK_SED_OPAL = yes;
|
2019-02-21 12:05:43 +00:00
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
BSD_PROCESS_ACCT_V3 = yes;
|
|
|
|
|
|
2022-11-19 02:48:31 +00:00
|
|
|
|
SERIAL_DEV_BUS = yes; # enables support for serial devices
|
|
|
|
|
SERIAL_DEV_CTRL_TTYPORT = yes; # enables support for TTY serial devices
|
2021-11-03 05:09:53 +00:00
|
|
|
|
|
2021-11-14 00:13:34 +00:00
|
|
|
|
BT_HCIBTUSB_MTK = whenAtLeast "5.3" yes; # MediaTek protocol support
|
2022-02-11 12:54:45 +00:00
|
|
|
|
BT_HCIUART_QCA = yes; # Qualcomm Atheros protocol support
|
2022-11-19 02:48:31 +00:00
|
|
|
|
BT_HCIUART_SERDEV = yes; # required by BT_HCIUART_QCA
|
2022-02-11 12:54:45 +00:00
|
|
|
|
BT_HCIUART = module; # required for BT devices with serial port interface (QCA6390)
|
2016-01-05 14:22:43 +00:00
|
|
|
|
BT_HCIUART_BCSP = option yes;
|
|
|
|
|
BT_HCIUART_H4 = option yes; # UART (H4) protocol support
|
|
|
|
|
BT_HCIUART_LL = option yes;
|
2018-06-22 23:54:44 +00:00
|
|
|
|
BT_RFCOMM_TTY = option yes; # RFCOMM TTY support
|
2022-02-11 12:54:45 +00:00
|
|
|
|
BT_QCA = module; # enables QCA6390 bluetooth
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2022-03-23 22:45:14 +00:00
|
|
|
|
# Removed on 5.17 as it was unused
|
|
|
|
|
# upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a4ee518185e902758191d968600399f3bc2be31
|
|
|
|
|
CLEANCACHE = whenOlder "5.17" (option yes);
|
2018-06-22 23:54:44 +00:00
|
|
|
|
CRASH_DUMP = option no;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
DVB_DYNAMIC_MINORS = option yes; # we use udev
|
|
|
|
|
|
2018-06-22 23:54:44 +00:00
|
|
|
|
EFI_STUB = yes; # EFI bootloader in the bzImage itself
|
2021-10-05 08:39:07 +00:00
|
|
|
|
EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER =
|
2023-02-02 20:54:46 +00:00
|
|
|
|
whenOlder "6.2" (whenAtLeast "5.8" yes); # initrd kernel parameter for EFI
|
2018-06-22 23:54:44 +00:00
|
|
|
|
CGROUPS = yes; # used by systemd
|
|
|
|
|
FHANDLE = yes; # used by systemd
|
|
|
|
|
SECCOMP = yes; # used by systemd >= 231
|
|
|
|
|
SECCOMP_FILTER = yes; # ditto
|
|
|
|
|
POSIX_MQUEUE = yes;
|
|
|
|
|
FRONTSWAP = yes;
|
|
|
|
|
FUSION = yes; # Fusion MPT device support
|
2021-08-02 18:50:35 +00:00
|
|
|
|
IDE = whenOlder "5.14" no; # deprecated IDE support, removed in 5.14
|
2018-06-22 23:54:44 +00:00
|
|
|
|
IDLE_PAGE_TRACKING = yes;
|
|
|
|
|
IRDA_ULTRA = whenOlder "4.17" yes; # Ultra (connectionless) protocol
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2019-08-20 18:54:37 +00:00
|
|
|
|
JOYSTICK_IFORCE_232 = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force Serial joysticks and wheels
|
|
|
|
|
JOYSTICK_IFORCE_USB = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force USB joysticks and wheels
|
2016-01-05 14:22:43 +00:00
|
|
|
|
JOYSTICK_XPAD_FF = option yes; # X-Box gamepad rumble support
|
|
|
|
|
JOYSTICK_XPAD_LEDS = option yes; # LED Support for Xbox360 controller 'BigX' LED
|
|
|
|
|
|
2019-10-23 13:03:16 +00:00
|
|
|
|
KEYBOARD_APPLESPI = whenAtLeast "5.3" module;
|
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
KEXEC_FILE = option yes;
|
|
|
|
|
KEXEC_JUMP = option yes;
|
|
|
|
|
|
2020-05-26 12:09:20 +00:00
|
|
|
|
PARTITION_ADVANCED = yes; # Needed for LDM_PARTITION
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# Windows Logical Disk Manager (Dynamic Disk) support
|
2020-05-26 12:09:20 +00:00
|
|
|
|
LDM_PARTITION = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
LOGIRUMBLEPAD2_FF = yes; # Logitech Rumblepad 2 force feedback
|
|
|
|
|
LOGO = no; # not needed
|
|
|
|
|
MEDIA_ATTACH = yes;
|
|
|
|
|
MEGARAID_NEWGEN = yes;
|
|
|
|
|
|
2018-10-30 16:29:37 +00:00
|
|
|
|
MLX5_CORE_EN = option yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2021-03-10 17:40:30 +00:00
|
|
|
|
NVME_MULTIPATH = whenAtLeast "4.15" yes;
|
|
|
|
|
|
2019-02-22 17:19:36 +00:00
|
|
|
|
PSI = whenAtLeast "4.20" yes;
|
|
|
|
|
|
2020-05-23 02:35:19 +00:00
|
|
|
|
MOUSE_ELAN_I2C_SMBUS = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
MOUSE_PS2_ELANTECH = yes; # Elantech PS/2 protocol extension
|
2021-07-20 19:41:36 +00:00
|
|
|
|
MOUSE_PS2_VMMOUSE = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
MTRR_SANITIZER = yes;
|
|
|
|
|
NET_FC = yes; # Fibre Channel driver support
|
2022-08-08 14:28:05 +00:00
|
|
|
|
# Needed for touchpads to work on some AMD laptops
|
2022-08-09 00:42:45 +00:00
|
|
|
|
PINCTRL_AMD = whenAtLeast "5.19" yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks
|
2018-06-22 23:54:44 +00:00
|
|
|
|
PINCTRL_BAYTRAIL = yes;
|
2021-10-27 23:36:36 +00:00
|
|
|
|
# GPIO for Braswell and Cherryview devices
|
|
|
|
|
# Needs to be built-in to for integrated keyboards to function properly
|
|
|
|
|
PINCTRL_CHERRYVIEW = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# 8 is default. Modern gpt tables on eMMC may go far beyond 8.
|
2018-10-03 09:49:50 +00:00
|
|
|
|
MMC_BLOCK_MINORS = freeform "32";
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
REGULATOR = yes; # Voltage and Current Regulator Support
|
2018-06-22 23:54:44 +00:00
|
|
|
|
RC_DEVICES = option yes; # Enable IR devices
|
2023-03-27 23:52:45 +00:00
|
|
|
|
RC_DECODERS = option yes; # Required for IR devices to work
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
RT2800USB_RT53XX = yes;
|
2018-06-22 23:54:44 +00:00
|
|
|
|
RT2800USB_RT55XX = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
SCHED_AUTOGROUP = yes;
|
|
|
|
|
CFS_BANDWIDTH = yes;
|
|
|
|
|
|
|
|
|
|
SCSI_LOGGING = yes; # SCSI logging facility
|
|
|
|
|
SERIAL_8250 = yes; # 8250/16550 and compatible serial support
|
|
|
|
|
|
2022-11-19 02:48:31 +00:00
|
|
|
|
SLAB_FREELIST_HARDENED = yes;
|
|
|
|
|
SLAB_FREELIST_RANDOM = yes;
|
2022-08-27 17:45:26 +00:00
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
SLIP_COMPRESSED = yes; # CSLIP compressed headers
|
|
|
|
|
SLIP_SMART = yes;
|
|
|
|
|
|
|
|
|
|
HWMON = yes;
|
|
|
|
|
THERMAL_HWMON = yes; # Hardware monitoring support
|
2020-02-03 17:08:45 +00:00
|
|
|
|
NVME_HWMON = whenAtLeast "5.5" yes; # NVMe drives temperature reporting
|
2018-06-22 23:54:44 +00:00
|
|
|
|
UEVENT_HELPER = no;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2018-06-22 23:54:44 +00:00
|
|
|
|
USERFAULTFD = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
X86_CHECK_BIOS_CORRUPTION = yes;
|
|
|
|
|
X86_MCE = yes;
|
|
|
|
|
|
2020-11-24 10:44:22 +00:00
|
|
|
|
RAS = yes; # Needed for EDAC support
|
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# Our initrd init uses shebang scripts, so can't be modular.
|
2018-06-22 23:54:44 +00:00
|
|
|
|
BINFMT_SCRIPT = yes;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# For systemd-binfmt
|
|
|
|
|
BINFMT_MISC = option yes;
|
|
|
|
|
|
|
|
|
|
# Disable the firmware helper fallback, udev doesn't implement it any more
|
|
|
|
|
FW_LOADER_USER_HELPER_FALLBACK = option no;
|
|
|
|
|
|
2022-05-12 15:21:04 +00:00
|
|
|
|
FW_LOADER_COMPRESS = option yes;
|
|
|
|
|
|
2018-06-22 23:54:44 +00:00
|
|
|
|
HOTPLUG_PCI_ACPI = yes; # PCI hotplug using ACPI
|
|
|
|
|
HOTPLUG_PCI_PCIE = yes; # PCI-Expresscard hotplug support
|
2016-01-05 14:22:43 +00:00
|
|
|
|
|
2019-03-18 02:28:25 +00:00
|
|
|
|
# Enable AMD's ROCm GPU compute stack
|
2020-06-12 06:52:09 +00:00
|
|
|
|
HSA_AMD = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "4.20" yes);
|
|
|
|
|
ZONE_DEVICE = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "5.3" yes);
|
2019-12-07 16:06:42 +00:00
|
|
|
|
HMM_MIRROR = whenAtLeast "5.3" yes;
|
|
|
|
|
DRM_AMDGPU_USERPTR = whenAtLeast "5.3" yes;
|
2019-03-18 02:28:25 +00:00
|
|
|
|
|
2019-05-08 17:42:24 +00:00
|
|
|
|
PREEMPT = no;
|
|
|
|
|
PREEMPT_VOLUNTARY = yes;
|
2019-10-14 10:40:35 +00:00
|
|
|
|
|
2019-09-08 14:22:27 +00:00
|
|
|
|
X86_AMD_PLATFORM_DEVICE = yes;
|
2021-06-23 13:30:09 +00:00
|
|
|
|
X86_PLATFORM_DRIVERS_DELL = whenAtLeast "5.12" yes;
|
2019-05-08 17:42:24 +00:00
|
|
|
|
|
2021-06-23 14:41:35 +00:00
|
|
|
|
LIRC = mkMerge [ (whenOlder "4.16" module) (whenAtLeast "4.17" yes) ];
|
|
|
|
|
|
2021-11-13 06:29:51 +00:00
|
|
|
|
SCHED_CORE = whenAtLeast "5.14" yes;
|
|
|
|
|
|
2022-12-09 21:35:36 +00:00
|
|
|
|
LRU_GEN = whenAtLeast "6.1" yes;
|
2022-12-09 21:35:51 +00:00
|
|
|
|
LRU_GEN_ENABLED = whenAtLeast "6.1" yes;
|
2022-12-09 21:35:36 +00:00
|
|
|
|
|
2021-12-17 23:05:49 +00:00
|
|
|
|
FSL_MC_UAPI_SUPPORT = mkIf (stdenv.hostPlatform.system == "aarch64-linux") (whenAtLeast "5.12" yes);
|
2021-12-25 22:16:26 +00:00
|
|
|
|
|
2022-07-07 12:24:33 +00:00
|
|
|
|
ASHMEM = { optional = true; tristate = whenBetween "5.0" "5.18" "y";};
|
2023-03-29 05:21:45 +00:00
|
|
|
|
ANDROID = { optional = true; tristate = whenBetween "5.0" "5.19" "y";};
|
2020-11-01 06:08:13 +00:00
|
|
|
|
ANDROID_BINDER_IPC = { optional = true; tristate = whenAtLeast "5.0" "y";};
|
|
|
|
|
ANDROID_BINDERFS = { optional = true; tristate = whenAtLeast "5.0" "y";};
|
|
|
|
|
ANDROID_BINDER_DEVICES = { optional = true; freeform = whenAtLeast "5.0" "binder,hwbinder,vndbinder";};
|
linux: enable TASKSTATS, TASK_XACCT, TASK_DELAY_ACCT and TASK_IO_ACCOUNTING
iotop needs TASKSTATS, TASK_DELAY_ACCT, TASK_XACCT and
TASK_IO_ACCOUNTING to work. For x86_64, all these options are enabled
by upstream[1]. For aarch64, however, only TASK_XACCT and
TASK_IO_ACCOUNTING are enabled by upstream[2].
This patch enables all these four options for aarch64, which have been
enabled by many other distributions, e.g. debian[3], fedora[4],
rhel[5] and gentoo[6].
I tried to only enable TASKSTATS and TASK_DELAY_ACCT since the other
two options are enabled by upstream, but it turns out that it's
necessary to explicitly enable all four options. I do not figure out
the reason though.
Additionally, given that debian enables these four options for all
arch[3], I think it's safe for us to do the same thing.
[1]: https://github.com/torvalds/linux/blob/56e337f2cf1326323844927a04e9dbce9a244835/arch/x86/configs/x86_64_defconfig#L8-L11
[2]: https://github.com/torvalds/linux/blob/56e337f2cf1326323844927a04e9dbce9a244835/arch/arm64/configs/defconfig#L10-L11
[3]: https://salsa.debian.org/kernel-team/linux/-/blob/da6ddc7d8f1a95980d9a1c499fe58066cfe1986b/debian/config/config#L6356-6359
[4]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-aarch64-fedora.config#_7398
[5]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-aarch64-rhel.config#_5885
[6]: https://github.com/gentoo/gentoo/blob/b839fccce25d49df2fcfe5ed184b557796b0d6bd/sys-kernel/gentoo-kernel/gentoo-kernel-5.15.29.ebuild#L27
2022-03-17 09:45:40 +00:00
|
|
|
|
|
|
|
|
|
TASKSTATS = yes;
|
|
|
|
|
TASK_DELAY_ACCT = yes;
|
|
|
|
|
TASK_XACCT = yes;
|
|
|
|
|
TASK_IO_ACCOUNTING = yes;
|
2022-05-30 06:15:14 +00:00
|
|
|
|
|
|
|
|
|
# Fresh toolchains frequently break -Werror build for minor issues.
|
|
|
|
|
WERROR = whenAtLeast "5.15" no;
|
2019-01-19 18:19:28 +00:00
|
|
|
|
} // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") {
|
2019-07-22 17:22:16 +00:00
|
|
|
|
# Enable CPU/memory hotplug support
|
|
|
|
|
# Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot
|
|
|
|
|
ACPI_HOTPLUG_CPU = yes;
|
2019-01-16 19:58:08 +00:00
|
|
|
|
ACPI_HOTPLUG_MEMORY = yes;
|
|
|
|
|
MEMORY_HOTPLUG = yes;
|
|
|
|
|
MEMORY_HOTREMOVE = yes;
|
2019-07-22 17:22:16 +00:00
|
|
|
|
HOTPLUG_CPU = yes;
|
2019-01-16 19:58:08 +00:00
|
|
|
|
MIGRATION = yes;
|
|
|
|
|
SPARSEMEM = yes;
|
|
|
|
|
|
2016-01-05 14:22:43 +00:00
|
|
|
|
# Bump the maximum number of CPUs to support systems like EC2 x1.*
|
|
|
|
|
# instances and Xeon Phi.
|
2018-10-03 09:49:50 +00:00
|
|
|
|
NR_CPUS = freeform "384";
|
2021-05-01 20:59:15 +00:00
|
|
|
|
} // optionalAttrs (stdenv.hostPlatform.system == "armv7l-linux" || stdenv.hostPlatform.system == "aarch64-linux") {
|
2019-06-11 01:31:20 +00:00
|
|
|
|
# Enables support for the Allwinner Display Engine 2.0
|
2022-11-19 02:48:31 +00:00
|
|
|
|
SUN8I_DE2_CCU = yes;
|
2019-11-28 14:20:15 +00:00
|
|
|
|
|
|
|
|
|
# See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647
|
2020-05-26 12:09:20 +00:00
|
|
|
|
CRYPTO_AEGIS128_SIMD = whenAtLeast "5.4" no;
|
2020-09-14 03:26:21 +00:00
|
|
|
|
|
|
|
|
|
# Distros should configure the default as a kernel option.
|
|
|
|
|
# We previously defined it on the kernel command line as cma=
|
|
|
|
|
# The kernel command line will override a platform-specific configuration from its device tree.
|
|
|
|
|
# https://github.com/torvalds/linux/blob/856deb866d16e29bd65952e0289066f6078af773/kernel/dma/contiguous.c#L35-L44
|
|
|
|
|
CMA_SIZE_MBYTES = freeform "32";
|
2021-04-19 20:23:11 +00:00
|
|
|
|
|
|
|
|
|
# Many ARM SBCs hand off a pre-configured framebuffer.
|
|
|
|
|
# This always can can be replaced by the actual native driver.
|
|
|
|
|
# Keeping it a built-in ensures it will be used if possible.
|
|
|
|
|
FB_SIMPLE = yes;
|
2021-05-01 20:59:15 +00:00
|
|
|
|
|
2021-07-18 17:52:04 +00:00
|
|
|
|
} // optionalAttrs (versionAtLeast version "5.4" && (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux")) {
|
|
|
|
|
# Required for various hardware features on Chrome OS devices
|
|
|
|
|
CHROME_PLATFORMS = yes;
|
|
|
|
|
CHROMEOS_TBMC = module;
|
|
|
|
|
|
|
|
|
|
CROS_EC = module;
|
|
|
|
|
|
|
|
|
|
CROS_EC_I2C = module;
|
|
|
|
|
CROS_EC_SPI = module;
|
|
|
|
|
CROS_EC_LPC = module;
|
|
|
|
|
CROS_EC_ISHTP = module;
|
|
|
|
|
|
|
|
|
|
CROS_KBD_LED_BACKLIGHT = module;
|
2023-04-24 02:30:36 +00:00
|
|
|
|
|
|
|
|
|
TCG_TIS_SPI_CR50 = whenAtLeast "5.5" yes;
|
2021-07-18 17:52:04 +00:00
|
|
|
|
} // optionalAttrs (versionAtLeast version "5.4" && stdenv.hostPlatform.system == "x86_64-linux") {
|
|
|
|
|
CHROMEOS_LAPTOP = module;
|
|
|
|
|
CHROMEOS_PSTORE = module;
|
2016-01-05 14:22:43 +00:00
|
|
|
|
};
|
|
|
|
|
};
|
2018-10-03 09:49:50 +00:00
|
|
|
|
in
|
|
|
|
|
flattenKConf options
|