Zram needs CONFIG_ZRAM_WRITEBACK in order for writeback configuration
to work. Since there is even a NixOS option (zramSwap.writebackDevice)
for configuring writeback, it should be enabled.
Support for IR remotes was originally introduced in NixOS in 2013 with
[1]. This worked fine until 2018 with the release of Linux 4.16 which
contained [2], which removed the default-enable on the IR decoders.
This means that kernels since then build with RC_DEVICES enabled, but
RC_DECODERS disabled:
```
CONFIG_RC_DEVICES=y
```
This breaks IR remote support and also leads to the following error on
every bootup when such a device is present as devices have a default
keymap which uses a protocols decoder, but these decoders are not
available:
```
rc_core: Loaded IR protocol module ir-rc6-decoder, but protocol rc-6 still not available
```
Fix this by also enabling RC_DECODERS in the kernel configuration.
[1] b7ccfc258a
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22756ae7319b0afc2a80fbdec365a6976a1ad350
These are required to debug kernel modules. Since we're now able to
do that, there's another reason besides BTF to enable DEBUG_INFO, so
I've done that for pre-BTF kernel modules as well here.
For GDB to get configured correctly, vmlinux-gdb.py has to be two
directories up from scripts/gdb, and vmlinux has to be next to
vmlinux-gdb.py. The least invasive way to satisfy these constraints
is to make vmlinux a symlink, which GDB will resolve before looking
for vmlinux-gdb.py.
Tested both ways of getting the scripts into GDB that I know of:
gdb /nix/store/7n77ijlxkxr6d613h02lr707kvjx6j1k-linux-6.1.19-dev/vmlinux \
-iex 'add-auto-load-safe-path /nix/store/7n77ijlxkxr6d613h02lr707kvjx6j1k-linux-6.1.19-dev/lib/modules/6.1.19/build/vmlinux-gdb.py' \
-ex 'lx-version' \
-ex 'q'
gdb /nix/store/7n77ijlxkxr6d613h02lr707kvjx6j1k-linux-6.1.19-dev/vmlinux \
-ex 'source /nix/store/7n77ijlxkxr6d613h02lr707kvjx6j1k-linux-6.1.19-dev/lib/modules/6.1.19/build/vmlinux-gdb.py' \
-ex 'lx-version' \
-ex 'q'
Also tested that the strip changes don't result in meaningful output
size changes (there's some small variation due to BTF data not always
coming out the same size, which is unrelated), and built every kernel
I can on x86_64 to make sure I'm not relying on build system behaviour
specific to newer kernels.
Enables the following kernel config options for AMD CPUs on x86_64:
- `CRYPTO_DEV_CCP`: Enables offloading of crypto operations to AMD's
Cryptographic Coprocessor (CCP). Also required by `KVM_AMD_SEV`.
- `AMD_MEM_ENCRYPT`: Enables support for Secure Memory Encryption (SME).
Please note that `AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT` is not enabled;
yet, you you can enable memory encryption by passing `mem_encrypt=on`
as a kernal command line option.
- `KVM_AMD_SEV`: Enables launching Encrypted VMs (SEV) and Secure VMs
with Encrypted State (SEV-ES).
- `SEV_GUEST`: Enables support for AMD Secure Encrypted Virtualization
with Secure Nested Paging (SEV-SNP). Built as module.
Enabling these options is in line with other distros, e.g., Debian,
Fedora or Arch Linux.
CONFIG_NO_HZ_FULL=y should be set to enable the `nohz_full=` and
`rcu_nocbs=` options. These carry no additional performance penalty
compared to CONFIG_NO_HZ_IDLE and behaves like it by default,
but allows disabling the tick interrupts on cores for power or
performance reasons.
[Debian][1] also applied the change to all their kernels.
Like the Kernel says: "If you're a distro say Y."
[1]: f6aad27f05
PERSISTENT_KEYRINGS provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis.
KEYS_REQUEST_CACHE enable temporary caching of the last request_key() result.