pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / os-specific / linux / kernel / common-config.nix
at 23.05-pre 1012 lines 41 kB view raw
1# WARNING/NOTE: whenever you want to add an option here you need to either 2# * mark it as an optional one with `option`, 3# * or make sure it works for all the versions in nixpkgs, 4# * or check for which kernel versions it will work (using kernel 5# changelog, google or whatever) and mark it with `whenOlder` or 6# `whenAtLeast`. 7# Then do test your change by building all the kernels (or at least 8# their configs) in Nixpkgs or else you will guarantee lots and lots 9# of pain to users trying to switch to an older kernel because of some 10# hardware problems with a new one. 11 12# Configuration 13{ lib, stdenv, version 14 15, features ? {} 16}: 17 18with lib; 19with lib.kernel; 20with (lib.kernel.whenHelpers version); 21 22let 23 24 25 # configuration items have to be part of a subattrs 26 flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested)); 27 28 whenPlatformHasEBPFJit = 29 mkIf (stdenv.hostPlatform.isAarch32 || 30 stdenv.hostPlatform.isAarch64 || 31 stdenv.hostPlatform.isx86_64 || 32 (stdenv.hostPlatform.isPower && stdenv.hostPlatform.is64bit) || 33 (stdenv.hostPlatform.isMips && stdenv.hostPlatform.is64bit)); 34 35 options = { 36 37 debug = { 38 # Necessary for BTF 39 DEBUG_INFO = mkMerge [ 40 (whenOlder "5.2" (if (features.debug or false) then yes else no)) 41 (whenBetween "5.2" "5.18" yes) 42 ]; 43 DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = whenAtLeast "5.18" yes; 44 # Reduced debug info conflict with BTF and have been enabled in 45 # aarch64 defconfig since 5.13 46 DEBUG_INFO_REDUCED = whenAtLeast "5.13" (option no); 47 DEBUG_INFO_BTF = whenAtLeast "5.2" (option yes); 48 # Allow loading modules with mismatched BTFs 49 # FIXME: figure out how to actually make BTFs reproducible instead 50 # See https://github.com/NixOS/nixpkgs/pull/181456 for details. 51 MODULE_ALLOW_BTF_MISMATCH = whenAtLeast "5.18" (option yes); 52 BPF_LSM = whenAtLeast "5.7" (option yes); 53 DEBUG_KERNEL = yes; 54 DEBUG_DEVRES = no; 55 DYNAMIC_DEBUG = yes; 56 TIMER_STATS = whenOlder "4.11" yes; 57 DEBUG_NX_TEST = whenOlder "4.11" no; 58 DEBUG_STACK_USAGE = no; 59 DEBUG_STACKOVERFLOW = option no; 60 RCU_TORTURE_TEST = no; 61 SCHEDSTATS = no; 62 DETECT_HUNG_TASK = yes; 63 CRASH_DUMP = option no; 64 # Easier debugging of NFS issues. 65 SUNRPC_DEBUG = yes; 66 # Provide access to tunables like sched_migration_cost_ns 67 SCHED_DEBUG = yes; 68 }; 69 70 power-management = { 71 CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes; 72 CPU_FREQ_GOV_SCHEDUTIL = yes; 73 PM_ADVANCED_DEBUG = yes; 74 PM_WAKELOCKS = yes; 75 POWERCAP = yes; 76 } // optionalAttrs (stdenv.hostPlatform.isx86) { 77 INTEL_IDLE = yes; 78 INTEL_RAPL = whenAtLeast "5.3" module; 79 X86_INTEL_LPSS = yes; 80 X86_INTEL_PSTATE = yes; 81 X86_AMD_PSTATE = whenAtLeast "5.17" module; 82 }; 83 84 external-firmware = { 85 # Support drivers that need external firmware. 86 STANDALONE = no; 87 }; 88 89 proc-config-gz = { 90 # Make /proc/config.gz available 91 IKCONFIG = yes; 92 IKCONFIG_PROC = yes; 93 }; 94 95 optimization = { 96 # Optimize with -O2, not -Os 97 CC_OPTIMIZE_FOR_SIZE = no; 98 }; 99 100 memtest = { 101 MEMTEST = yes; 102 }; 103 104 # Include the CFQ I/O scheduler in the kernel, rather than as a 105 # module, so that the initrd gets a good I/O scheduler. 106 scheduler = { 107 IOSCHED_CFQ = whenOlder "5.0" yes; # Removed in 5.0-RC1 108 BLK_CGROUP = yes; # required by CFQ" 109 BLK_CGROUP_IOLATENCY = whenAtLeast "4.19" yes; 110 BLK_CGROUP_IOCOST = whenAtLeast "5.4" yes; 111 IOSCHED_DEADLINE = whenOlder "5.0" yes; # Removed in 5.0-RC1 112 MQ_IOSCHED_DEADLINE = whenAtLeast "4.11" yes; 113 BFQ_GROUP_IOSCHED = whenAtLeast "4.12" yes; 114 MQ_IOSCHED_KYBER = whenAtLeast "4.12" yes; 115 IOSCHED_BFQ = whenAtLeast "4.12" module; 116 }; 117 118 119 timer = { 120 # Enable Full Dynticks System. 121 NO_HZ_FULL = mkIf stdenv.is64bit yes; # TODO: more precise condition? 122 }; 123 124 # Enable NUMA. 125 numa = { 126 NUMA = option yes; 127 }; 128 129 networking = { 130 NET = yes; 131 IP_ADVANCED_ROUTER = yes; 132 IP_PNP = no; 133 IP_VS_PROTO_TCP = yes; 134 IP_VS_PROTO_UDP = yes; 135 IP_VS_PROTO_ESP = yes; 136 IP_VS_PROTO_AH = yes; 137 IP_VS_IPV6 = yes; 138 IP_DCCP_CCID3 = no; # experimental 139 CLS_U32_PERF = yes; 140 CLS_U32_MARK = yes; 141 BPF_JIT = whenPlatformHasEBPFJit yes; 142 BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304 143 HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes; 144 BPF_STREAM_PARSER = whenAtLeast "4.19" yes; 145 XDP_SOCKETS = whenAtLeast "4.19" yes; 146 XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes; 147 WAN = yes; 148 TCP_CONG_ADVANCED = yes; 149 TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19 150 # Required by systemd per-cgroup firewalling 151 CGROUP_BPF = option yes; 152 CGROUP_NET_PRIO = yes; # Required by systemd 153 IP_ROUTE_VERBOSE = yes; 154 IP_MROUTE_MULTIPLE_TABLES = yes; 155 IP_MULTICAST = yes; 156 IP_MULTIPLE_TABLES = yes; 157 IPV6 = yes; 158 IPV6_ROUTER_PREF = yes; 159 IPV6_ROUTE_INFO = yes; 160 IPV6_OPTIMISTIC_DAD = yes; 161 IPV6_MULTIPLE_TABLES = yes; 162 IPV6_SUBTREES = yes; 163 IPV6_MROUTE = yes; 164 IPV6_MROUTE_MULTIPLE_TABLES = yes; 165 IPV6_PIMSM_V2 = yes; 166 IPV6_FOU_TUNNEL = module; 167 IPV6_SEG6_LWTUNNEL = whenAtLeast "4.10" yes; 168 IPV6_SEG6_HMAC = whenAtLeast "4.10" yes; 169 IPV6_SEG6_BPF = whenAtLeast "4.18" yes; 170 NET_CLS_BPF = module; 171 NET_ACT_BPF = module; 172 NET_SCHED = yes; 173 L2TP_V3 = yes; 174 L2TP_IP = module; 175 L2TP_ETH = module; 176 BRIDGE_VLAN_FILTERING = yes; 177 BONDING = module; 178 NET_L3_MASTER_DEV = option yes; 179 NET_FOU_IP_TUNNELS = option yes; 180 IP_NF_TARGET_REDIRECT = module; 181 182 PPP_MULTILINK = yes; # PPP multilink support 183 PPP_FILTER = yes; 184 185 # needed for iwd WPS support (wpa_supplicant replacement) 186 KEY_DH_OPERATIONS = yes; 187 188 # needed for nftables 189 # Networking Options 190 NETFILTER = yes; 191 NETFILTER_ADVANCED = yes; 192 # Core Netfilter Configuration 193 NF_CONNTRACK_ZONES = yes; 194 NF_CONNTRACK_EVENTS = yes; 195 NF_CONNTRACK_TIMEOUT = yes; 196 NF_CONNTRACK_TIMESTAMP = yes; 197 NETFILTER_NETLINK_GLUE_CT = yes; 198 NF_TABLES_INET = mkMerge [ (whenOlder "4.17" module) 199 (whenAtLeast "4.17" yes) ]; 200 NF_TABLES_NETDEV = mkMerge [ (whenOlder "4.17" module) 201 (whenAtLeast "4.17" yes) ]; 202 NFT_REJECT_NETDEV = whenAtLeast "5.11" module; 203 204 # IP: Netfilter Configuration 205 NF_TABLES_IPV4 = mkMerge [ (whenOlder "4.17" module) 206 (whenAtLeast "4.17" yes) ]; 207 NF_TABLES_ARP = mkMerge [ (whenOlder "4.17" module) 208 (whenAtLeast "4.17" yes) ]; 209 # IPv6: Netfilter Configuration 210 NF_TABLES_IPV6 = mkMerge [ (whenOlder "4.17" module) 211 (whenAtLeast "4.17" yes) ]; 212 # Bridge Netfilter Configuration 213 NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes) 214 (whenAtLeast "5.3" module) ]; 215 216 # needed for `dropwatch` 217 # Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450 218 NET_DROP_MONITOR = yes; 219 220 # needed for ss 221 # Use a lower priority to allow these options to be overridden in hardened/config.nix 222 INET_DIAG = mkDefault module; 223 INET_TCP_DIAG = mkDefault module; 224 INET_UDP_DIAG = mkDefault module; 225 INET_RAW_DIAG = whenAtLeast "4.14" (mkDefault module); 226 INET_DIAG_DESTROY = mkDefault yes; 227 228 # enable multipath-tcp 229 MPTCP = whenAtLeast "5.6" yes; 230 MPTCP_IPV6 = whenAtLeast "5.6" yes; 231 INET_MPTCP_DIAG = whenAtLeast "5.9" (mkDefault module); 232 233 # Kernel TLS 234 TLS = whenAtLeast "4.13" module; 235 TLS_DEVICE = whenAtLeast "4.18" yes; 236 237 # infiniband 238 INFINIBAND = module; 239 INFINIBAND_IPOIB = module; 240 INFINIBAND_IPOIB_CM = yes; 241 }; 242 243 wireless = { 244 CFG80211_WEXT = option yes; # Without it, ipw2200 drivers don't build 245 IPW2100_MONITOR = option yes; # support promiscuous mode 246 IPW2200_MONITOR = option yes; # support promiscuous mode 247 HOSTAP_FIRMWARE = option yes; # Support downloading firmware images with Host AP driver 248 HOSTAP_FIRMWARE_NVRAM = option yes; 249 ATH9K_PCI = option yes; # Detect Atheros AR9xxx cards on PCI(e) bus 250 ATH9K_AHB = option yes; # Ditto, AHB bus 251 B43_PHY_HT = option yes; 252 BCMA_HOST_PCI = option yes; 253 RTW88 = whenAtLeast "5.2" module; 254 RTW88_8822BE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ]; 255 RTW88_8822CE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ]; 256 }; 257 258 fb = { 259 FB = yes; 260 FB_EFI = yes; 261 FB_NVIDIA_I2C = yes; # Enable DDC Support 262 FB_RIVA_I2C = yes; 263 FB_ATY_CT = yes; # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support 264 FB_ATY_GX = yes; # Mach64 GX support 265 FB_SAVAGE_I2C = yes; 266 FB_SAVAGE_ACCEL = yes; 267 FB_SIS_300 = yes; 268 FB_SIS_315 = yes; 269 FB_3DFX_ACCEL = yes; 270 FB_VESA = yes; 271 FRAMEBUFFER_CONSOLE = yes; 272 FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = whenAtLeast "4.19" yes; 273 FRAMEBUFFER_CONSOLE_ROTATION = yes; 274 FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; 275 # On 5.14 this conflicts with FB_SIMPLE. 276 DRM_SIMPLEDRM = whenAtLeast "5.14" no; 277 }; 278 279 video = { 280 DRM_LEGACY = no; 281 NOUVEAU_LEGACY_CTX_SUPPORT = whenAtLeast "5.2" no; 282 283 # Allow specifying custom EDID on the kernel command line 284 DRM_LOAD_EDID_FIRMWARE = yes; 285 VGA_SWITCHEROO = yes; # Hybrid graphics support 286 DRM_GMA500 = whenAtLeast "5.12" module; 287 DRM_GMA600 = whenOlder "5.13" yes; 288 DRM_GMA3600 = whenOlder "5.12" yes; 289 DRM_VMWGFX_FBCON = yes; 290 # (experimental) amdgpu support for verde and newer chipsets 291 DRM_AMDGPU_SI = yes; 292 # (stable) amdgpu support for bonaire and newer chipsets 293 DRM_AMDGPU_CIK = yes; 294 # Allow device firmware updates 295 DRM_DP_AUX_CHARDEV = yes; 296 # amdgpu display core (DC) support 297 DRM_AMD_DC_DCN1_0 = whenBetween "4.15" "5.6" yes; 298 DRM_AMD_DC_PRE_VEGA = whenBetween "4.15" "4.18" yes; 299 DRM_AMD_DC_DCN2_0 = whenBetween "5.3" "5.6" yes; 300 DRM_AMD_DC_DCN2_1 = whenBetween "5.4" "5.6" yes; 301 DRM_AMD_DC_DCN3_0 = whenBetween "5.9" "5.11" yes; 302 DRM_AMD_DC_DCN = whenAtLeast "5.11" yes; 303 DRM_AMD_DC_HDCP = whenAtLeast "5.5" yes; 304 DRM_AMD_DC_SI = whenAtLeast "5.10" yes; 305 } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { 306 # Intel GVT-g graphics virtualization supports 64-bit only 307 DRM_I915_GVT = whenAtLeast "4.16" yes; 308 DRM_I915_GVT_KVMGT = whenAtLeast "4.16" module; 309 } // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") { 310 # enable HDMI-CEC on RPi boards 311 DRM_VC4_HDMI_CEC = whenAtLeast "4.14" yes; 312 }; 313 314 sound = { 315 SND_DYNAMIC_MINORS = yes; 316 SND_AC97_POWER_SAVE = yes; # AC97 Power-Saving Mode 317 SND_HDA_INPUT_BEEP = yes; # Support digital beep via input layer 318 SND_HDA_RECONFIG = yes; # Support reconfiguration of jack functions 319 # Support configuring jack functions via fw mechanism at boot 320 SND_HDA_PATCH_LOADER = yes; 321 SND_HDA_CODEC_CA0132_DSP = whenOlder "5.7" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon 322 SND_OSSEMUL = yes; 323 SND_USB_CAIAQ_INPUT = yes; 324 # Enable PSS mixer (Beethoven ADSP-16 and other compatible) 325 PSS_MIXER = whenOlder "4.12" yes; 326 # Enable Sound Open Firmware support 327 } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" && 328 versionAtLeast version "5.5") { 329 SND_SOC_INTEL_SOUNDWIRE_SOF_MACH = whenAtLeast "5.10" module; 330 SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES = whenAtLeast "5.10" yes; # dep of SOF_MACH 331 SND_SOC_SOF_INTEL_SOUNDWIRE_LINK = whenBetween "5.10" "5.11" yes; # dep of SOF_MACH 332 SND_SOC_SOF_TOPLEVEL = yes; 333 SND_SOC_SOF_ACPI = module; 334 SND_SOC_SOF_PCI = module; 335 SND_SOC_SOF_APOLLOLAKE = whenAtLeast "5.12" module; 336 SND_SOC_SOF_APOLLOLAKE_SUPPORT = whenOlder "5.12" yes; 337 SND_SOC_SOF_CANNONLAKE = whenAtLeast "5.12" module; 338 SND_SOC_SOF_CANNONLAKE_SUPPORT = whenOlder "5.12" yes; 339 SND_SOC_SOF_COFFEELAKE = whenAtLeast "5.12" module; 340 SND_SOC_SOF_COFFEELAKE_SUPPORT = whenOlder "5.12" yes; 341 SND_SOC_SOF_COMETLAKE = whenAtLeast "5.12" module; 342 SND_SOC_SOF_COMETLAKE_H_SUPPORT = whenOlder "5.8" yes; 343 SND_SOC_SOF_COMETLAKE_LP_SUPPORT = whenOlder "5.12" yes; 344 SND_SOC_SOF_ELKHARTLAKE = whenAtLeast "5.12" module; 345 SND_SOC_SOF_ELKHARTLAKE_SUPPORT = whenOlder "5.12" yes; 346 SND_SOC_SOF_GEMINILAKE = whenAtLeast "5.12" module; 347 SND_SOC_SOF_GEMINILAKE_SUPPORT = whenOlder "5.12" yes; 348 SND_SOC_SOF_HDA_AUDIO_CODEC = yes; 349 SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = whenOlder "5.7" yes; 350 SND_SOC_SOF_HDA_LINK = yes; 351 SND_SOC_SOF_ICELAKE = whenAtLeast "5.12" module; 352 SND_SOC_SOF_ICELAKE_SUPPORT = whenOlder "5.12" yes; 353 SND_SOC_SOF_INTEL_TOPLEVEL = yes; 354 SND_SOC_SOF_JASPERLAKE = whenAtLeast "5.12" module; 355 SND_SOC_SOF_JASPERLAKE_SUPPORT = whenOlder "5.12" yes; 356 SND_SOC_SOF_MERRIFIELD = whenAtLeast "5.12" module; 357 SND_SOC_SOF_MERRIFIELD_SUPPORT = whenOlder "5.12" yes; 358 SND_SOC_SOF_TIGERLAKE = whenAtLeast "5.12" module; 359 SND_SOC_SOF_TIGERLAKE_SUPPORT = whenOlder "5.12" yes; 360 }; 361 362 usb-serial = { 363 USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver 364 } // optionalAttrs (versionOlder version "4.16") { 365 # Include firmware for various USB serial devices. 366 # Only applicable for kernels below 4.16, after that no firmware is shipped in the kernel tree. 367 USB_SERIAL_KEYSPAN_MPR = yes; 368 USB_SERIAL_KEYSPAN_USA28 = yes; 369 USB_SERIAL_KEYSPAN_USA28X = yes; 370 USB_SERIAL_KEYSPAN_USA28XA = yes; 371 USB_SERIAL_KEYSPAN_USA28XB = yes; 372 USB_SERIAL_KEYSPAN_USA19 = yes; 373 USB_SERIAL_KEYSPAN_USA18X = yes; 374 USB_SERIAL_KEYSPAN_USA19W = yes; 375 USB_SERIAL_KEYSPAN_USA19QW = yes; 376 USB_SERIAL_KEYSPAN_USA19QI = yes; 377 USB_SERIAL_KEYSPAN_USA49W = yes; 378 USB_SERIAL_KEYSPAN_USA49WLC = yes; 379 }; 380 381 usb = { 382 USB_DEBUG = { optional = true; tristate = whenOlder "4.18" "n";}; 383 USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators 384 USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling 385 USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies) 386 }; 387 388 # Filesystem options - in particular, enable extended attributes and 389 # ACLs for all filesystems that support them. 390 filesystem = { 391 FANOTIFY = yes; 392 FANOTIFY_ACCESS_PERMISSIONS = yes; 393 394 TMPFS = yes; 395 TMPFS_POSIX_ACL = yes; 396 FS_ENCRYPTION = if (versionAtLeast version "5.1") then yes else whenAtLeast "4.9" (option module); 397 398 EXT2_FS_XATTR = yes; 399 EXT2_FS_POSIX_ACL = yes; 400 EXT2_FS_SECURITY = yes; 401 402 EXT3_FS_POSIX_ACL = yes; 403 EXT3_FS_SECURITY = yes; 404 405 EXT4_FS_POSIX_ACL = yes; 406 EXT4_FS_SECURITY = yes; 407 EXT4_ENCRYPTION = option yes; 408 409 NTFS_FS = whenAtLeast "5.15" no; 410 NTFS3_LZX_XPRESS = whenAtLeast "5.15" yes; 411 NTFS3_FS_POSIX_ACL = whenAtLeast "5.15" yes; 412 413 REISERFS_FS_XATTR = option yes; 414 REISERFS_FS_POSIX_ACL = option yes; 415 REISERFS_FS_SECURITY = option yes; 416 417 JFS_POSIX_ACL = option yes; 418 JFS_SECURITY = option yes; 419 420 XFS_QUOTA = option yes; 421 XFS_POSIX_ACL = option yes; 422 XFS_RT = option yes; # XFS Realtime subvolume support 423 XFS_ONLINE_SCRUB = option yes; 424 425 OCFS2_DEBUG_MASKLOG = option no; 426 427 BTRFS_FS_POSIX_ACL = yes; 428 429 UBIFS_FS_ADVANCED_COMPR = option yes; 430 431 F2FS_FS = module; 432 F2FS_FS_SECURITY = option yes; 433 F2FS_FS_ENCRYPTION = option yes; 434 F2FS_FS_COMPRESSION = whenAtLeast "5.6" yes; 435 UDF_FS = module; 436 437 NFSD_V2_ACL = yes; 438 NFSD_V3 = whenOlder "5.18" yes; 439 NFSD_V3_ACL = yes; 440 NFSD_V4 = yes; 441 NFSD_V4_SECURITY_LABEL = yes; 442 443 NFS_FSCACHE = yes; 444 NFS_SWAP = yes; 445 NFS_V3_ACL = yes; 446 NFS_V4_1 = yes; # NFSv4.1 client support 447 NFS_V4_2 = yes; 448 NFS_V4_SECURITY_LABEL = yes; 449 450 CIFS_XATTR = yes; 451 CIFS_POSIX = option yes; 452 CIFS_FSCACHE = yes; 453 CIFS_STATS = whenOlder "4.19" yes; 454 CIFS_WEAK_PW_HASH = whenOlder "5.15" yes; 455 CIFS_UPCALL = yes; 456 CIFS_ACL = whenOlder "5.3" yes; 457 CIFS_DFS_UPCALL = yes; 458 CIFS_SMB2 = whenOlder "4.13" yes; 459 460 CEPH_FSCACHE = yes; 461 CEPH_FS_POSIX_ACL = yes; 462 463 SQUASHFS_FILE_DIRECT = yes; 464 SQUASHFS_DECOMP_MULTI_PERCPU = yes; 465 SQUASHFS_XATTR = yes; 466 SQUASHFS_ZLIB = yes; 467 SQUASHFS_LZO = yes; 468 SQUASHFS_XZ = yes; 469 SQUASHFS_LZ4 = yes; 470 SQUASHFS_ZSTD = whenAtLeast "4.14" yes; 471 472 # Native Language Support modules, needed by some filesystems 473 NLS = yes; 474 NLS_DEFAULT = freeform "utf8"; 475 NLS_UTF8 = module; 476 NLS_CODEPAGE_437 = module; # VFAT default for the codepage= mount option 477 NLS_ISO8859_1 = module; # VFAT default for the iocharset= mount option 478 479 # Needed to use the installation iso image. Not included in all defconfigs (e.g. arm64) 480 ISO9660_FS = module; 481 482 DEVTMPFS = yes; 483 484 UNICODE = whenAtLeast "5.2" yes; # Casefolding support for filesystems 485 }; 486 487 security = { 488 FORTIFY_SOURCE = whenAtLeast "4.13" (option yes); 489 490 # https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html 491 DEBUG_LIST = yes; 492 # Detect writes to read-only module pages 493 DEBUG_SET_MODULE_RONX = whenOlder "4.11" (option yes); 494 HARDENED_USERCOPY = yes; 495 RANDOMIZE_BASE = option yes; 496 STRICT_DEVMEM = mkDefault yes; # Filter access to /dev/mem 497 IO_STRICT_DEVMEM = mkDefault yes; 498 SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default 499 # Prevent processes from ptracing non-children processes 500 SECURITY_YAMA = option yes; 501 # The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. 502 # This does not have any effect if a program does not support it 503 SECURITY_LANDLOCK = whenAtLeast "5.13" yes; 504 DEVKMEM = whenOlder "5.13" no; # Disable /dev/kmem 505 506 USER_NS = yes; # Support for user namespaces 507 508 SECURITY_APPARMOR = yes; 509 DEFAULT_SECURITY_APPARMOR = yes; 510 511 RANDOM_TRUST_CPU = whenAtLeast "4.19" yes; # allow RDRAND to seed the RNG 512 RANDOM_TRUST_BOOTLOADER = whenAtLeast "5.4" yes; # allow the bootloader to seed the RNG 513 514 MODULE_SIG = no; # r13y, generates a random key during build and bakes it in 515 # Depends on MODULE_SIG and only really helps when you sign your modules 516 # and enforce signatures which we don't do by default. 517 SECURITY_LOCKDOWN_LSM = option no; 518 519 # provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis 520 PERSISTENT_KEYRINGS = yes; 521 # enable temporary caching of the last request_key() result 522 KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; 523 } // optionalAttrs (!stdenv.hostPlatform.isAarch32) { 524 525 # Detect buffer overflows on the stack 526 CC_STACKPROTECTOR_REGULAR = {optional = true; tristate = whenOlder "4.18" "y";}; 527 } // optionalAttrs stdenv.hostPlatform.isx86_64 { 528 # Enable Intel SGX 529 X86_SGX = whenAtLeast "5.11" yes; 530 # Allow KVM guests to load SGX enclaves 531 X86_SGX_KVM = whenAtLeast "5.13" yes; 532 }; 533 534 microcode = { 535 MICROCODE = yes; 536 MICROCODE_INTEL = yes; 537 MICROCODE_AMD = yes; 538 } // optionalAttrs (versionAtLeast version "4.10") { 539 # Write Back Throttling 540 # https://lwn.net/Articles/682582/ 541 # https://bugzilla.kernel.org/show_bug.cgi?id=12309#c655 542 BLK_WBT = yes; 543 BLK_WBT_SQ = whenOlder "5.0" yes; # Removed in 5.0-RC1 544 BLK_WBT_MQ = yes; 545 }; 546 547 container = { 548 NAMESPACES = yes; # Required by 'unshare' used by 'nixos-install' 549 RT_GROUP_SCHED = no; 550 CGROUP_DEVICE = yes; 551 CGROUP_HUGETLB = yes; 552 CGROUP_PERF = yes; 553 CGROUP_RDMA = whenAtLeast "4.11" yes; 554 555 MEMCG = yes; 556 MEMCG_SWAP = whenOlder "6.1" yes; 557 558 BLK_DEV_THROTTLING = yes; 559 CFQ_GROUP_IOSCHED = whenOlder "5.0" yes; # Removed in 5.0-RC1 560 CGROUP_PIDS = yes; 561 }; 562 563 staging = { 564 # Enable staging drivers. These are somewhat experimental, but 565 # they generally don't hurt. 566 STAGING = yes; 567 }; 568 569 proc-events = { 570 # PROC_EVENTS requires that the netlink connector is not built 571 # as a module. This is required by libcgroup's cgrulesengd. 572 CONNECTOR = yes; 573 PROC_EVENTS = yes; 574 }; 575 576 tracing = { 577 FTRACE = yes; 578 KPROBES = yes; 579 FUNCTION_TRACER = yes; 580 FTRACE_SYSCALLS = yes; 581 SCHED_TRACER = yes; 582 STACK_TRACER = yes; 583 UPROBE_EVENT = { optional = true; tristate = whenOlder "4.11" "y";}; 584 UPROBE_EVENTS = { optional = true; tristate = whenAtLeast "4.11" "y";}; 585 BPF_SYSCALL = yes; 586 BPF_UNPRIV_DEFAULT_OFF = whenBetween "5.10" "5.16" yes; 587 BPF_EVENTS = yes; 588 FUNCTION_PROFILER = yes; 589 RING_BUFFER_BENCHMARK = no; 590 }; 591 592 virtualisation = { 593 PARAVIRT = option yes; 594 595 HYPERVISOR_GUEST = yes; 596 PARAVIRT_SPINLOCKS = option yes; 597 598 KVM_ASYNC_PF = yes; 599 KVM_COMPAT = whenOlder "4.12" (option yes); 600 KVM_DEVICE_ASSIGNMENT = whenOlder "4.12" (option yes); 601 KVM_GENERIC_DIRTYLOG_READ_PROTECT = yes; 602 KVM_GUEST = yes; 603 KVM_MMIO = yes; 604 KVM_VFIO = yes; 605 KSM = yes; 606 VIRT_DRIVERS = yes; 607 # We need 64 GB (PAE) support for Xen guest support 608 HIGHMEM64G = { optional = true; tristate = mkIf (!stdenv.is64bit) "y";}; 609 610 VFIO_PCI_VGA = mkIf stdenv.is64bit yes; 611 612 # VirtualBox guest drivers in the kernel conflict with the ones in the 613 # official additions package and prevent the vboxsf module from loading, 614 # so disable them for now. 615 VBOXGUEST = option no; 616 DRM_VBOXVIDEO = option no; 617 618 XEN = option yes; 619 XEN_DOM0 = option yes; 620 PCI_XEN = option yes; 621 HVC_XEN = option yes; 622 HVC_XEN_FRONTEND = option yes; 623 XEN_SYS_HYPERVISOR = option yes; 624 SWIOTLB_XEN = option yes; 625 XEN_BACKEND = option yes; 626 XEN_BALLOON = option yes; 627 XEN_BALLOON_MEMORY_HOTPLUG = option yes; 628 XEN_EFI = option yes; 629 XEN_HAVE_PVMMU = option yes; 630 XEN_MCE_LOG = option yes; 631 XEN_PVH = option yes; 632 XEN_PVHVM = option yes; 633 XEN_SAVE_RESTORE = option yes; 634 XEN_SCRUB_PAGES = option yes; 635 XEN_SELFBALLOONING = option yes; 636 XEN_STUB = option yes; 637 XEN_TMEM = option yes; 638 }; 639 640 media = { 641 MEDIA_DIGITAL_TV_SUPPORT = yes; 642 MEDIA_CAMERA_SUPPORT = yes; 643 MEDIA_RC_SUPPORT = whenOlder "4.14" yes; 644 MEDIA_CONTROLLER = yes; 645 MEDIA_PCI_SUPPORT = yes; 646 MEDIA_USB_SUPPORT = yes; 647 MEDIA_ANALOG_TV_SUPPORT = yes; 648 VIDEO_STK1160_COMMON = module; 649 VIDEO_STK1160_AC97 = whenOlder "4.11" yes; 650 }; 651 652 "9p" = { 653 # Enable the 9P cache to speed up NixOS VM tests. 654 "9P_FSCACHE" = option yes; 655 "9P_FS_POSIX_ACL" = option yes; 656 }; 657 658 huge-page = { 659 TRANSPARENT_HUGEPAGE = option yes; 660 TRANSPARENT_HUGEPAGE_ALWAYS = option no; 661 TRANSPARENT_HUGEPAGE_MADVISE = option yes; 662 }; 663 664 zram = { 665 ZRAM = module; 666 ZSWAP = option yes; 667 ZBUD = option yes; 668 ZSMALLOC = module; 669 }; 670 671 brcmfmac = { 672 # Enable PCIe and USB for the brcmfmac driver 673 BRCMFMAC_USB = option yes; 674 BRCMFMAC_PCIE = option yes; 675 }; 676 677 # Support x2APIC (which requires IRQ remapping) 678 x2apic = optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { 679 X86_X2APIC = yes; 680 IRQ_REMAP = yes; 681 }; 682 683 # Disable various self-test modules that have no use in a production system 684 tests = { 685 # This menu disables all/most of them on >= 4.16 686 RUNTIME_TESTING_MENU = option no; 687 } // optionalAttrs (versionOlder version "4.16") { 688 # For older kernels, painstakingly disable each symbol. 689 ARM_KPROBES_TEST = option no; 690 ASYNC_RAID6_TEST = option no; 691 ATOMIC64_SELFTEST = option no; 692 BACKTRACE_SELF_TEST = option no; 693 INTERVAL_TREE_TEST = option no; 694 PERCPU_TEST = option no; 695 RBTREE_TEST = option no; 696 TEST_BITMAP = option no; 697 TEST_BPF = option no; 698 TEST_FIRMWARE = option no; 699 TEST_HASH = option no; 700 TEST_HEXDUMP = option no; 701 TEST_KMOD = option no; 702 TEST_KSTRTOX = option no; 703 TEST_LIST_SORT = option no; 704 TEST_LKM = option no; 705 TEST_PARMAN = option no; 706 TEST_PRINTF = option no; 707 TEST_RHASHTABLE = option no; 708 TEST_SORT = option no; 709 TEST_STATIC_KEYS = option no; 710 TEST_STRING_HELPERS = option no; 711 TEST_UDELAY = option no; 712 TEST_USER_COPY = option no; 713 TEST_UUID = option no; 714 } // { 715 CRC32_SELFTEST = option no; 716 CRYPTO_TEST = option no; 717 EFI_TEST = option no; 718 GLOB_SELFTEST = option no; 719 DRM_DEBUG_MM_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";}; 720 LNET_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";}; 721 LOCK_TORTURE_TEST = option no; 722 MTD_TESTS = option no; 723 NOTIFIER_ERROR_INJECTION = option no; 724 RCU_PERF_TEST = option no; 725 RCU_TORTURE_TEST = option no; 726 TEST_ASYNC_DRIVER_PROBE = option no; 727 WW_MUTEX_SELFTEST = option no; 728 XZ_DEC_TEST = option no; 729 }; 730 731 criu = if (versionAtLeast version "4.19") then { 732 # Unconditionally enabled, because it is required for CRIU and 733 # it provides the kcmp() system call that Mesa depends on. 734 CHECKPOINT_RESTORE = yes; 735 } else optionalAttrs (features.criu or false) ({ 736 # For older kernels, CHECKPOINT_RESTORE is hidden behind EXPERT. 737 EXPERT = yes; 738 CHECKPOINT_RESTORE = yes; 739 } // optionalAttrs (features.criu_revert_expert or true) { 740 RFKILL_INPUT = option yes; 741 HID_PICOLCD_FB = option yes; 742 HID_PICOLCD_BACKLIGHT = option yes; 743 HID_PICOLCD_LCD = option yes; 744 HID_PICOLCD_LEDS = option yes; 745 HID_PICOLCD_CIR = option yes; 746 DEBUG_MEMORY_INIT = option yes; 747 }); 748 749 misc = let 750 # Use zstd for kernel compression if 64-bit and newer than 5.9, otherwise xz. 751 # i686 issues: https://github.com/NixOS/nixpkgs/pull/117961#issuecomment-812106375 752 useZstd = stdenv.buildPlatform.is64bit && versionAtLeast version "5.9"; 753 in { 754 KERNEL_XZ = mkIf (!useZstd) yes; 755 KERNEL_ZSTD = mkIf useZstd yes; 756 757 HID_BATTERY_STRENGTH = yes; 758 # enabled by default in x86_64 but not arm64, so we do that here 759 HIDRAW = yes; 760 761 HID_ACRUX_FF = yes; 762 DRAGONRISE_FF = yes; 763 GREENASIA_FF = yes; 764 HOLTEK_FF = yes; 765 JOYSTICK_PSXPAD_SPI_FF = whenAtLeast "4.14" yes; 766 LOGIG940_FF = yes; 767 NINTENDO_FF = whenAtLeast "5.16" yes; 768 PLAYSTATION_FF = whenAtLeast "5.12" yes; 769 SONY_FF = yes; 770 SMARTJOYPLUS_FF = yes; 771 THRUSTMASTER_FF = yes; 772 ZEROPLUS_FF = yes; 773 774 MODULE_COMPRESS = whenOlder "5.13" yes; 775 MODULE_COMPRESS_XZ = yes; 776 777 SYSVIPC = yes; # System-V IPC 778 779 AIO = yes; # POSIX asynchronous I/O 780 781 UNIX = yes; # Unix domain sockets. 782 783 MD = yes; # Device mapper (RAID, LVM, etc.) 784 785 # Enable initrd support. 786 BLK_DEV_INITRD = yes; 787 788 PM_TRACE_RTC = no; # Disable some expensive (?) features. 789 ACCESSIBILITY = yes; # Accessibility support 790 AUXDISPLAY = yes; # Auxiliary Display support 791 DONGLE = whenOlder "4.17" yes; # Serial dongle support 792 HIPPI = yes; 793 MTD_COMPLEX_MAPPINGS = yes; # needed for many devices 794 795 SCSI_LOWLEVEL = yes; # enable lots of SCSI devices 796 SCSI_LOWLEVEL_PCMCIA = yes; 797 SCSI_SAS_ATA = yes; # added to enable detection of hard drive 798 799 SPI = yes; # needed for many devices 800 SPI_MASTER = yes; 801 802 "8139TOO_8129" = yes; 803 "8139TOO_PIO" = no; # PIO is slower 804 805 AIC79XX_DEBUG_ENABLE = no; 806 AIC7XXX_DEBUG_ENABLE = no; 807 AIC94XX_DEBUG = no; 808 809 BLK_DEV_INTEGRITY = yes; 810 811 BLK_SED_OPAL = whenAtLeast "4.14" yes; 812 813 BSD_PROCESS_ACCT_V3 = yes; 814 815 SERIAL_DEV_BUS = whenAtLeast "4.11" yes; # enables support for serial devices 816 SERIAL_DEV_CTRL_TTYPORT = whenAtLeast "4.11" yes; # enables support for TTY serial devices 817 818 BT_HCIBTUSB_MTK = whenAtLeast "5.3" yes; # MediaTek protocol support 819 BT_HCIUART_QCA = yes; # Qualcomm Atheros protocol support 820 BT_HCIUART_SERDEV = whenAtLeast "4.12" yes; # required by BT_HCIUART_QCA 821 BT_HCIUART = module; # required for BT devices with serial port interface (QCA6390) 822 BT_HCIUART_BCSP = option yes; 823 BT_HCIUART_H4 = option yes; # UART (H4) protocol support 824 BT_HCIUART_LL = option yes; 825 BT_RFCOMM_TTY = option yes; # RFCOMM TTY support 826 BT_QCA = module; # enables QCA6390 bluetooth 827 828 # Removed on 5.17 as it was unused 829 # upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a4ee518185e902758191d968600399f3bc2be31 830 CLEANCACHE = whenOlder "5.17" (option yes); 831 CRASH_DUMP = option no; 832 833 DVB_DYNAMIC_MINORS = option yes; # we use udev 834 835 EFI_STUB = yes; # EFI bootloader in the bzImage itself 836 EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER = 837 whenAtLeast "5.8" yes; # initrd kernel parameter for EFI 838 CGROUPS = yes; # used by systemd 839 FHANDLE = yes; # used by systemd 840 SECCOMP = yes; # used by systemd >= 231 841 SECCOMP_FILTER = yes; # ditto 842 POSIX_MQUEUE = yes; 843 FRONTSWAP = yes; 844 FUSION = yes; # Fusion MPT device support 845 IDE = whenOlder "5.14" no; # deprecated IDE support, removed in 5.14 846 IDLE_PAGE_TRACKING = yes; 847 IRDA_ULTRA = whenOlder "4.17" yes; # Ultra (connectionless) protocol 848 849 JOYSTICK_IFORCE_232 = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force Serial joysticks and wheels 850 JOYSTICK_IFORCE_USB = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force USB joysticks and wheels 851 JOYSTICK_XPAD_FF = option yes; # X-Box gamepad rumble support 852 JOYSTICK_XPAD_LEDS = option yes; # LED Support for Xbox360 controller 'BigX' LED 853 854 KEYBOARD_APPLESPI = whenAtLeast "5.3" module; 855 856 KEXEC_FILE = option yes; 857 KEXEC_JUMP = option yes; 858 859 PARTITION_ADVANCED = yes; # Needed for LDM_PARTITION 860 # Windows Logical Disk Manager (Dynamic Disk) support 861 LDM_PARTITION = yes; 862 LOGIRUMBLEPAD2_FF = yes; # Logitech Rumblepad 2 force feedback 863 LOGO = no; # not needed 864 MEDIA_ATTACH = yes; 865 MEGARAID_NEWGEN = yes; 866 867 MLX5_CORE_EN = option yes; 868 869 NVME_MULTIPATH = whenAtLeast "4.15" yes; 870 871 PSI = whenAtLeast "4.20" yes; 872 873 MOUSE_ELAN_I2C_SMBUS = yes; 874 MOUSE_PS2_ELANTECH = yes; # Elantech PS/2 protocol extension 875 MOUSE_PS2_VMMOUSE = yes; 876 MTRR_SANITIZER = yes; 877 NET_FC = yes; # Fibre Channel driver support 878 # Needed for touchpads to work on some AMD laptops 879 PINCTRL_AMD = whenAtLeast "5.19" yes; 880 # GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks 881 PINCTRL_BAYTRAIL = yes; 882 # GPIO for Braswell and Cherryview devices 883 # Needs to be built-in to for integrated keyboards to function properly 884 PINCTRL_CHERRYVIEW = yes; 885 # 8 is default. Modern gpt tables on eMMC may go far beyond 8. 886 MMC_BLOCK_MINORS = freeform "32"; 887 888 REGULATOR = yes; # Voltage and Current Regulator Support 889 RC_DEVICES = option yes; # Enable IR devices 890 891 RT2800USB_RT53XX = yes; 892 RT2800USB_RT55XX = yes; 893 894 SCHED_AUTOGROUP = yes; 895 CFS_BANDWIDTH = yes; 896 897 SCSI_LOGGING = yes; # SCSI logging facility 898 SERIAL_8250 = yes; # 8250/16550 and compatible serial support 899 900 SLAB_FREELIST_HARDENED = whenAtLeast "4.14" yes; 901 SLAB_FREELIST_RANDOM = whenAtLeast "4.10" yes; 902 903 SLIP_COMPRESSED = yes; # CSLIP compressed headers 904 SLIP_SMART = yes; 905 906 HWMON = yes; 907 THERMAL_HWMON = yes; # Hardware monitoring support 908 NVME_HWMON = whenAtLeast "5.5" yes; # NVMe drives temperature reporting 909 UEVENT_HELPER = no; 910 911 USERFAULTFD = yes; 912 X86_CHECK_BIOS_CORRUPTION = yes; 913 X86_MCE = yes; 914 915 RAS = yes; # Needed for EDAC support 916 917 # Our initrd init uses shebang scripts, so can't be modular. 918 BINFMT_SCRIPT = yes; 919 # For systemd-binfmt 920 BINFMT_MISC = option yes; 921 922 # Disable the firmware helper fallback, udev doesn't implement it any more 923 FW_LOADER_USER_HELPER_FALLBACK = option no; 924 925 FW_LOADER_COMPRESS = option yes; 926 927 HOTPLUG_PCI_ACPI = yes; # PCI hotplug using ACPI 928 HOTPLUG_PCI_PCIE = yes; # PCI-Expresscard hotplug support 929 930 # Enable AMD's ROCm GPU compute stack 931 HSA_AMD = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "4.20" yes); 932 ZONE_DEVICE = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "5.3" yes); 933 HMM_MIRROR = whenAtLeast "5.3" yes; 934 DRM_AMDGPU_USERPTR = whenAtLeast "5.3" yes; 935 936 PREEMPT = no; 937 PREEMPT_VOLUNTARY = yes; 938 939 X86_AMD_PLATFORM_DEVICE = yes; 940 X86_PLATFORM_DRIVERS_DELL = whenAtLeast "5.12" yes; 941 942 LIRC = mkMerge [ (whenOlder "4.16" module) (whenAtLeast "4.17" yes) ]; 943 944 SCHED_CORE = whenAtLeast "5.14" yes; 945 946 FSL_MC_UAPI_SUPPORT = mkIf (stdenv.hostPlatform.system == "aarch64-linux") (whenAtLeast "5.12" yes); 947 948 ASHMEM = { optional = true; tristate = whenBetween "5.0" "5.18" "y";}; 949 ANDROID = { optional = true; tristate = whenAtLeast "5.0" "y";}; 950 ANDROID_BINDER_IPC = { optional = true; tristate = whenAtLeast "5.0" "y";}; 951 ANDROID_BINDERFS = { optional = true; tristate = whenAtLeast "5.0" "y";}; 952 ANDROID_BINDER_DEVICES = { optional = true; freeform = whenAtLeast "5.0" "binder,hwbinder,vndbinder";}; 953 954 TASKSTATS = yes; 955 TASK_DELAY_ACCT = yes; 956 TASK_XACCT = yes; 957 TASK_IO_ACCOUNTING = yes; 958 959 # Fresh toolchains frequently break -Werror build for minor issues. 960 WERROR = whenAtLeast "5.15" no; 961 } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") { 962 # Enable CPU/memory hotplug support 963 # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot 964 ACPI_HOTPLUG_CPU = yes; 965 ACPI_HOTPLUG_MEMORY = yes; 966 MEMORY_HOTPLUG = yes; 967 MEMORY_HOTREMOVE = yes; 968 HOTPLUG_CPU = yes; 969 MIGRATION = yes; 970 SPARSEMEM = yes; 971 972 # Bump the maximum number of CPUs to support systems like EC2 x1.* 973 # instances and Xeon Phi. 974 NR_CPUS = freeform "384"; 975 } // optionalAttrs (stdenv.hostPlatform.system == "armv7l-linux" || stdenv.hostPlatform.system == "aarch64-linux") { 976 # Enables support for the Allwinner Display Engine 2.0 977 SUN8I_DE2_CCU = whenAtLeast "4.13" yes; 978 979 # See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647 980 CRYPTO_AEGIS128_SIMD = whenAtLeast "5.4" no; 981 982 # Distros should configure the default as a kernel option. 983 # We previously defined it on the kernel command line as cma= 984 # The kernel command line will override a platform-specific configuration from its device tree. 985 # https://github.com/torvalds/linux/blob/856deb866d16e29bd65952e0289066f6078af773/kernel/dma/contiguous.c#L35-L44 986 CMA_SIZE_MBYTES = freeform "32"; 987 988 # Many ARM SBCs hand off a pre-configured framebuffer. 989 # This always can can be replaced by the actual native driver. 990 # Keeping it a built-in ensures it will be used if possible. 991 FB_SIMPLE = yes; 992 993 } // optionalAttrs (versionAtLeast version "5.4" && (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux")) { 994 # Required for various hardware features on Chrome OS devices 995 CHROME_PLATFORMS = yes; 996 CHROMEOS_TBMC = module; 997 998 CROS_EC = module; 999 1000 CROS_EC_I2C = module; 1001 CROS_EC_SPI = module; 1002 CROS_EC_LPC = module; 1003 CROS_EC_ISHTP = module; 1004 1005 CROS_KBD_LED_BACKLIGHT = module; 1006 } // optionalAttrs (versionAtLeast version "5.4" && stdenv.hostPlatform.system == "x86_64-linux") { 1007 CHROMEOS_LAPTOP = module; 1008 CHROMEOS_PSTORE = module; 1009 }; 1010 }; 1011in 1012 flattenKConf options