pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / os-specific / linux / kernel / common-config.nix
at 23.11-beta 1061 lines 42 kB view raw
1# WARNING/NOTE: whenever you want to add an option here you need to either 2# * mark it as an optional one with `option`, 3# * or make sure it works for all the versions in nixpkgs, 4# * or check for which kernel versions it will work (using kernel 5# changelog, google or whatever) and mark it with `whenOlder` or 6# `whenAtLeast`. 7# Then do test your change by building all the kernels (or at least 8# their configs) in Nixpkgs or else you will guarantee lots and lots 9# of pain to users trying to switch to an older kernel because of some 10# hardware problems with a new one. 11 12# Configuration 13{ lib, stdenv, version 14 15, features ? {} 16}: 17 18with lib; 19with lib.kernel; 20with (lib.kernel.whenHelpers version); 21 22let 23 24 25 # configuration items have to be part of a subattrs 26 flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested)); 27 28 whenPlatformHasEBPFJit = 29 mkIf (stdenv.hostPlatform.isAarch32 || 30 stdenv.hostPlatform.isAarch64 || 31 stdenv.hostPlatform.isx86_64 || 32 (stdenv.hostPlatform.isPower && stdenv.hostPlatform.is64bit) || 33 (stdenv.hostPlatform.isMips && stdenv.hostPlatform.is64bit)); 34 35 options = { 36 37 debug = { 38 # Necessary for BTF 39 DEBUG_INFO = mkMerge [ 40 (whenOlder "5.2" (if (features.debug or false) then yes else no)) 41 (whenBetween "5.2" "5.18" yes) 42 ]; 43 DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = whenAtLeast "5.18" yes; 44 # Reduced debug info conflict with BTF and have been enabled in 45 # aarch64 defconfig since 5.13 46 DEBUG_INFO_REDUCED = whenAtLeast "5.13" (option no); 47 DEBUG_INFO_BTF = whenAtLeast "5.2" (option yes); 48 # Allow loading modules with mismatched BTFs 49 # FIXME: figure out how to actually make BTFs reproducible instead 50 # See https://github.com/NixOS/nixpkgs/pull/181456 for details. 51 MODULE_ALLOW_BTF_MISMATCH = whenAtLeast "5.18" (option yes); 52 BPF_LSM = whenAtLeast "5.7" (option yes); 53 DEBUG_KERNEL = yes; 54 DEBUG_DEVRES = no; 55 DYNAMIC_DEBUG = yes; 56 DEBUG_STACK_USAGE = no; 57 RCU_TORTURE_TEST = no; 58 SCHEDSTATS = no; 59 DETECT_HUNG_TASK = yes; 60 CRASH_DUMP = option no; 61 # Easier debugging of NFS issues. 62 SUNRPC_DEBUG = yes; 63 # Provide access to tunables like sched_migration_cost_ns 64 SCHED_DEBUG = yes; 65 }; 66 67 power-management = { 68 CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes; 69 CPU_FREQ_GOV_SCHEDUTIL = yes; 70 PM_ADVANCED_DEBUG = yes; 71 PM_WAKELOCKS = yes; 72 POWERCAP = yes; 73 # ACPI Firmware Performance Data Table Support 74 ACPI_FPDT = whenAtLeast "5.12" (option yes); 75 # ACPI Heterogeneous Memory Attribute Table Support 76 ACPI_HMAT = whenAtLeast "5.2" (option yes); 77 # ACPI Platform Error Interface 78 ACPI_APEI = (option yes); 79 # APEI Generic Hardware Error Source 80 ACPI_APEI_GHES = (option yes); 81 82 # Enable lazy RCUs for power savings: 83 # https://lore.kernel.org/rcu/20221019225138.GA2499943@paulmck-ThinkPad-P17-Gen-1/ 84 # RCU_LAZY depends on RCU_NOCB_CPU depends on NO_HZ_FULL 85 # depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT, 86 # so we can't force-enable this 87 RCU_LAZY = whenAtLeast "6.2" (option yes); 88 } // optionalAttrs (stdenv.hostPlatform.isx86) { 89 INTEL_IDLE = yes; 90 INTEL_RAPL = whenAtLeast "5.3" module; 91 X86_INTEL_LPSS = yes; 92 X86_INTEL_PSTATE = yes; 93 X86_AMD_PSTATE = whenAtLeast "5.17" yes; 94 # Intel DPTF (Dynamic Platform and Thermal Framework) Support 95 ACPI_DPTF = whenAtLeast "5.10" yes; 96 97 # Required to bring up some Bay Trail devices properly 98 I2C = yes; 99 I2C_DESIGNWARE_PLATFORM = yes; 100 PMIC_OPREGION = whenAtLeast "5.10" yes; 101 INTEL_SOC_PMIC = whenAtLeast "5.10" yes; 102 BYTCRC_PMIC_OPREGION = whenAtLeast "5.10" yes; 103 CHTCRC_PMIC_OPREGION = whenAtLeast "5.10" yes; 104 XPOWER_PMIC_OPREGION = whenAtLeast "5.10" yes; 105 BXT_WC_PMIC_OPREGION = whenAtLeast "5.10" yes; 106 INTEL_SOC_PMIC_CHTWC = whenAtLeast "5.10" yes; 107 CHT_WC_PMIC_OPREGION = whenAtLeast "5.10" yes; 108 INTEL_SOC_PMIC_CHTDC_TI = whenAtLeast "5.10" yes; 109 CHT_DC_TI_PMIC_OPREGION = whenAtLeast "5.10" yes; 110 MFD_TPS68470 = whenBetween "5.10" "5.13" yes; 111 TPS68470_PMIC_OPREGION = whenAtLeast "5.10" yes; 112 }; 113 114 external-firmware = { 115 # Support drivers that need external firmware. 116 STANDALONE = no; 117 }; 118 119 proc-config-gz = { 120 # Make /proc/config.gz available 121 IKCONFIG = yes; 122 IKCONFIG_PROC = yes; 123 }; 124 125 optimization = { 126 # Optimize with -O2, not -Os 127 CC_OPTIMIZE_FOR_SIZE = no; 128 }; 129 130 memory = { 131 DAMON = whenAtLeast "5.15" yes; 132 DAMON_VADDR = whenAtLeast "5.15" yes; 133 DAMON_PADDR = whenAtLeast "5.16" yes; 134 DAMON_SYSFS = whenAtLeast "5.18" yes; 135 DAMON_DBGFS = whenAtLeast "5.15" yes; 136 DAMON_RECLAIM = whenAtLeast "5.16" yes; 137 DAMON_LRU_SORT = whenAtLeast "6.0" yes; 138 }; 139 140 memtest = { 141 MEMTEST = yes; 142 }; 143 144 # Include the CFQ I/O scheduler in the kernel, rather than as a 145 # module, so that the initrd gets a good I/O scheduler. 146 scheduler = { 147 IOSCHED_CFQ = whenOlder "5.0" yes; # Removed in 5.0-RC1 148 BLK_CGROUP = yes; # required by CFQ" 149 BLK_CGROUP_IOLATENCY = yes; 150 BLK_CGROUP_IOCOST = whenAtLeast "5.4" yes; 151 IOSCHED_DEADLINE = whenOlder "5.0" yes; # Removed in 5.0-RC1 152 MQ_IOSCHED_DEADLINE = yes; 153 BFQ_GROUP_IOSCHED = yes; 154 MQ_IOSCHED_KYBER = yes; 155 IOSCHED_BFQ = module; 156 }; 157 158 159 timer = { 160 # Enable Full Dynticks System. 161 # NO_HZ_FULL depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT 162 NO_HZ_FULL = mkIf stdenv.is64bit yes; 163 }; 164 165 # Enable NUMA. 166 numa = { 167 NUMA = option yes; 168 }; 169 170 networking = { 171 NET = yes; 172 IP_ADVANCED_ROUTER = yes; 173 IP_PNP = no; 174 IP_ROUTE_MULTIPATH = yes; 175 IP_VS_PROTO_TCP = yes; 176 IP_VS_PROTO_UDP = yes; 177 IP_VS_PROTO_ESP = yes; 178 IP_VS_PROTO_AH = yes; 179 IP_VS_IPV6 = yes; 180 IP_DCCP_CCID3 = no; # experimental 181 CLS_U32_PERF = yes; 182 CLS_U32_MARK = yes; 183 BPF_JIT = whenPlatformHasEBPFJit yes; 184 BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304 185 HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes; 186 BPF_STREAM_PARSER = yes; 187 XDP_SOCKETS = yes; 188 XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes; 189 WAN = yes; 190 TCP_CONG_ADVANCED = yes; 191 TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19 192 # Required by systemd per-cgroup firewalling 193 CGROUP_BPF = option yes; 194 CGROUP_NET_PRIO = yes; # Required by systemd 195 IP_ROUTE_VERBOSE = yes; 196 IP_MROUTE_MULTIPLE_TABLES = yes; 197 IP_MULTICAST = yes; 198 IP_MULTIPLE_TABLES = yes; 199 IPV6 = yes; 200 IPV6_ROUTER_PREF = yes; 201 IPV6_ROUTE_INFO = yes; 202 IPV6_OPTIMISTIC_DAD = yes; 203 IPV6_MULTIPLE_TABLES = yes; 204 IPV6_SUBTREES = yes; 205 IPV6_MROUTE = yes; 206 IPV6_MROUTE_MULTIPLE_TABLES = yes; 207 IPV6_PIMSM_V2 = yes; 208 IPV6_FOU_TUNNEL = module; 209 IPV6_SEG6_LWTUNNEL = yes; 210 IPV6_SEG6_HMAC = yes; 211 IPV6_SEG6_BPF = yes; 212 NET_CLS_BPF = module; 213 NET_ACT_BPF = module; 214 NET_SCHED = yes; 215 L2TP_V3 = yes; 216 L2TP_IP = module; 217 L2TP_ETH = module; 218 BRIDGE_VLAN_FILTERING = yes; 219 BONDING = module; 220 NET_L3_MASTER_DEV = option yes; 221 NET_FOU_IP_TUNNELS = option yes; 222 IP_NF_TARGET_REDIRECT = module; 223 224 PPP_MULTILINK = yes; # PPP multilink support 225 PPP_FILTER = yes; 226 227 # needed for iwd WPS support (wpa_supplicant replacement) 228 KEY_DH_OPERATIONS = yes; 229 230 # needed for nftables 231 # Networking Options 232 NETFILTER = yes; 233 NETFILTER_ADVANCED = yes; 234 # Core Netfilter Configuration 235 NF_CONNTRACK_ZONES = yes; 236 NF_CONNTRACK_EVENTS = yes; 237 NF_CONNTRACK_TIMEOUT = yes; 238 NF_CONNTRACK_TIMESTAMP = yes; 239 NETFILTER_NETLINK_GLUE_CT = yes; 240 NF_TABLES_INET = yes; 241 NF_TABLES_NETDEV = yes; 242 NFT_REJECT_NETDEV = whenAtLeast "5.11" module; 243 244 # IP: Netfilter Configuration 245 NF_TABLES_IPV4 = yes; 246 NF_TABLES_ARP = yes; 247 # IPv6: Netfilter Configuration 248 NF_TABLES_IPV6 = yes; 249 # Bridge Netfilter Configuration 250 NF_TABLES_BRIDGE = mkMerge [ (whenOlder "5.3" yes) 251 (whenAtLeast "5.3" module) ]; 252 253 # needed for `dropwatch` 254 # Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450 255 NET_DROP_MONITOR = yes; 256 257 # needed for ss 258 # Use a lower priority to allow these options to be overridden in hardened/config.nix 259 INET_DIAG = mkDefault module; 260 INET_TCP_DIAG = mkDefault module; 261 INET_UDP_DIAG = mkDefault module; 262 INET_RAW_DIAG = mkDefault module; 263 INET_DIAG_DESTROY = mkDefault yes; 264 265 # enable multipath-tcp 266 MPTCP = whenAtLeast "5.6" yes; 267 MPTCP_IPV6 = whenAtLeast "5.6" yes; 268 INET_MPTCP_DIAG = whenAtLeast "5.9" (mkDefault module); 269 270 # Kernel TLS 271 TLS = module; 272 TLS_DEVICE = yes; 273 274 # infiniband 275 INFINIBAND = module; 276 INFINIBAND_IPOIB = module; 277 INFINIBAND_IPOIB_CM = yes; 278 }; 279 280 wireless = { 281 CFG80211_WEXT = option yes; # Without it, ipw2200 drivers don't build 282 IPW2100_MONITOR = option yes; # support promiscuous mode 283 IPW2200_MONITOR = option yes; # support promiscuous mode 284 HOSTAP_FIRMWARE = option yes; # Support downloading firmware images with Host AP driver 285 HOSTAP_FIRMWARE_NVRAM = option yes; 286 ATH9K_PCI = option yes; # Detect Atheros AR9xxx cards on PCI(e) bus 287 ATH9K_AHB = option yes; # Ditto, AHB bus 288 # The description of this option makes it sound dangerous or even illegal 289 # But OpenWRT enables it by default: https://github.com/openwrt/openwrt/blob/master/package/kernel/mac80211/Makefile#L55 290 # At the time of writing (25-06-2023): this is only used in a "correct" way by ath drivers for initiating DFS radiation 291 # for "certified devices" 292 EXPERT = option yes; # this is needed for offering the certification option 293 CFG80211_CERTIFICATION_ONUS = option yes; 294 # DFS: "Dynamic Frequency Selection" is a spectrum-sharing mechanism that allows 295 # you to use certain interesting frequency when your local regulatory domain mandates it. 296 # ATH drivers hides the feature behind this option and makes hostapd works with DFS frequencies. 297 # OpenWRT enables it too: https://github.com/openwrt/openwrt/blob/master/package/kernel/mac80211/ath.mk#L42 298 ATH9K_DFS_CERTIFIED = option yes; 299 ATH10K_DFS_CERTIFIED = option yes; 300 B43_PHY_HT = option yes; 301 BCMA_HOST_PCI = option yes; 302 RTW88 = whenAtLeast "5.2" module; 303 RTW88_8822BE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ]; 304 RTW88_8822CE = mkMerge [ (whenBetween "5.2" "5.8" yes) (whenAtLeast "5.8" module) ]; 305 }; 306 307 fb = { 308 FB = yes; 309 FB_EFI = yes; 310 FB_NVIDIA_I2C = yes; # Enable DDC Support 311 FB_RIVA_I2C = yes; 312 FB_ATY_CT = yes; # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support 313 FB_ATY_GX = yes; # Mach64 GX support 314 FB_SAVAGE_I2C = yes; 315 FB_SAVAGE_ACCEL = yes; 316 FB_SIS_300 = yes; 317 FB_SIS_315 = yes; 318 FB_3DFX_ACCEL = yes; 319 FB_VESA = yes; 320 FRAMEBUFFER_CONSOLE = yes; 321 FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = yes; 322 FRAMEBUFFER_CONSOLE_ROTATION = yes; 323 FRAMEBUFFER_CONSOLE_DETECT_PRIMARY = yes; 324 FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; 325 # On 5.14 this conflicts with FB_SIMPLE. 326 DRM_SIMPLEDRM = whenAtLeast "5.14" no; 327 DRM_FBDEV_EMULATION = yes; 328 }; 329 330 fonts = { 331 FONTS = yes; 332 # Default fonts enabled if FONTS is not set 333 FONT_8x8 = yes; 334 FONT_8x16 = yes; 335 # High DPI font 336 FONT_TER16x32 = whenAtLeast "5.0" yes; 337 }; 338 339 video = { 340 DRM_LEGACY = no; 341 NOUVEAU_LEGACY_CTX_SUPPORT = whenBetween "5.2" "6.3" no; 342 343 # Allow specifying custom EDID on the kernel command line 344 DRM_LOAD_EDID_FIRMWARE = yes; 345 VGA_SWITCHEROO = yes; # Hybrid graphics support 346 DRM_GMA500 = whenAtLeast "5.12" module; 347 DRM_GMA600 = whenOlder "5.13" yes; 348 DRM_GMA3600 = whenOlder "5.12" yes; 349 DRM_VMWGFX_FBCON = whenOlder "6.2" yes; 350 # (experimental) amdgpu support for verde and newer chipsets 351 DRM_AMDGPU_SI = yes; 352 # (stable) amdgpu support for bonaire and newer chipsets 353 DRM_AMDGPU_CIK = yes; 354 # Allow device firmware updates 355 DRM_DP_AUX_CHARDEV = yes; 356 # amdgpu display core (DC) support 357 DRM_AMD_DC_DCN1_0 = whenOlder "5.6" yes; 358 DRM_AMD_DC_DCN2_0 = whenBetween "5.3" "5.6" yes; 359 DRM_AMD_DC_DCN2_1 = whenBetween "5.4" "5.6" yes; 360 DRM_AMD_DC_DCN3_0 = whenBetween "5.9" "5.11" yes; 361 DRM_AMD_DC_DCN = whenBetween "5.11" "6.4" yes; 362 DRM_AMD_DC_FP = whenAtLeast "6.4" yes; 363 DRM_AMD_DC_HDCP = whenBetween "5.5" "6.4" yes; 364 DRM_AMD_DC_SI = whenAtLeast "5.10" yes; 365 } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { 366 # Intel GVT-g graphics virtualization supports 64-bit only 367 DRM_I915_GVT = yes; 368 DRM_I915_GVT_KVMGT = module; 369 # Enable Hyper-V Synthetic DRM Driver 370 DRM_HYPERV = whenAtLeast "5.14" module; 371 } // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") { 372 # enable HDMI-CEC on RPi boards 373 DRM_VC4_HDMI_CEC = yes; 374 }; 375 376 sound = { 377 SND_DYNAMIC_MINORS = yes; 378 SND_AC97_POWER_SAVE = yes; # AC97 Power-Saving Mode 379 SND_HDA_INPUT_BEEP = yes; # Support digital beep via input layer 380 SND_HDA_RECONFIG = yes; # Support reconfiguration of jack functions 381 # Support configuring jack functions via fw mechanism at boot 382 SND_HDA_PATCH_LOADER = yes; 383 SND_HDA_CODEC_CA0132_DSP = whenOlder "5.7" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon 384 SND_OSSEMUL = yes; 385 SND_USB_CAIAQ_INPUT = yes; 386 # Enable Sound Open Firmware support 387 } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" && 388 versionAtLeast version "5.5") { 389 SND_SOC_INTEL_SOUNDWIRE_SOF_MACH = whenAtLeast "5.10" module; 390 SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES = whenAtLeast "5.10" yes; # dep of SOF_MACH 391 SND_SOC_SOF_INTEL_SOUNDWIRE_LINK = whenBetween "5.10" "5.11" yes; # dep of SOF_MACH 392 SND_SOC_SOF_TOPLEVEL = yes; 393 SND_SOC_SOF_ACPI = module; 394 SND_SOC_SOF_PCI = module; 395 SND_SOC_SOF_APOLLOLAKE = whenAtLeast "5.12" module; 396 SND_SOC_SOF_APOLLOLAKE_SUPPORT = whenOlder "5.12" yes; 397 SND_SOC_SOF_CANNONLAKE = whenAtLeast "5.12" module; 398 SND_SOC_SOF_CANNONLAKE_SUPPORT = whenOlder "5.12" yes; 399 SND_SOC_SOF_COFFEELAKE = whenAtLeast "5.12" module; 400 SND_SOC_SOF_COFFEELAKE_SUPPORT = whenOlder "5.12" yes; 401 SND_SOC_SOF_COMETLAKE = whenAtLeast "5.12" module; 402 SND_SOC_SOF_COMETLAKE_H_SUPPORT = whenOlder "5.8" yes; 403 SND_SOC_SOF_COMETLAKE_LP_SUPPORT = whenOlder "5.12" yes; 404 SND_SOC_SOF_ELKHARTLAKE = whenAtLeast "5.12" module; 405 SND_SOC_SOF_ELKHARTLAKE_SUPPORT = whenOlder "5.12" yes; 406 SND_SOC_SOF_GEMINILAKE = whenAtLeast "5.12" module; 407 SND_SOC_SOF_GEMINILAKE_SUPPORT = whenOlder "5.12" yes; 408 SND_SOC_SOF_HDA_AUDIO_CODEC = yes; 409 SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = whenOlder "5.7" yes; 410 SND_SOC_SOF_HDA_LINK = yes; 411 SND_SOC_SOF_ICELAKE = whenAtLeast "5.12" module; 412 SND_SOC_SOF_ICELAKE_SUPPORT = whenOlder "5.12" yes; 413 SND_SOC_SOF_INTEL_TOPLEVEL = yes; 414 SND_SOC_SOF_JASPERLAKE = whenAtLeast "5.12" module; 415 SND_SOC_SOF_JASPERLAKE_SUPPORT = whenOlder "5.12" yes; 416 SND_SOC_SOF_MERRIFIELD = whenAtLeast "5.12" module; 417 SND_SOC_SOF_MERRIFIELD_SUPPORT = whenOlder "5.12" yes; 418 SND_SOC_SOF_TIGERLAKE = whenAtLeast "5.12" module; 419 SND_SOC_SOF_TIGERLAKE_SUPPORT = whenOlder "5.12" yes; 420 }; 421 422 usb-serial = { 423 USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver 424 }; 425 426 usb = { 427 USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators 428 USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling 429 USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies) 430 }; 431 432 # Filesystem options - in particular, enable extended attributes and 433 # ACLs for all filesystems that support them. 434 filesystem = { 435 FANOTIFY = yes; 436 FANOTIFY_ACCESS_PERMISSIONS = yes; 437 438 TMPFS = yes; 439 TMPFS_POSIX_ACL = yes; 440 FS_ENCRYPTION = if (versionAtLeast version "5.1") then yes else option module; 441 442 EXT2_FS_XATTR = yes; 443 EXT2_FS_POSIX_ACL = yes; 444 EXT2_FS_SECURITY = yes; 445 446 EXT3_FS_POSIX_ACL = yes; 447 EXT3_FS_SECURITY = yes; 448 449 EXT4_FS_POSIX_ACL = yes; 450 EXT4_FS_SECURITY = yes; 451 EXT4_ENCRYPTION = whenOlder "5.1" yes; 452 453 NTFS_FS = whenAtLeast "5.15" no; 454 NTFS3_LZX_XPRESS = whenAtLeast "5.15" yes; 455 NTFS3_FS_POSIX_ACL = whenAtLeast "5.15" yes; 456 457 REISERFS_FS_XATTR = option yes; 458 REISERFS_FS_POSIX_ACL = option yes; 459 REISERFS_FS_SECURITY = option yes; 460 461 JFS_POSIX_ACL = option yes; 462 JFS_SECURITY = option yes; 463 464 XFS_QUOTA = option yes; 465 XFS_POSIX_ACL = option yes; 466 XFS_RT = option yes; # XFS Realtime subvolume support 467 XFS_ONLINE_SCRUB = option yes; 468 469 OCFS2_DEBUG_MASKLOG = option no; 470 471 BTRFS_FS_POSIX_ACL = yes; 472 473 UBIFS_FS_ADVANCED_COMPR = option yes; 474 475 F2FS_FS = module; 476 F2FS_FS_SECURITY = option yes; 477 F2FS_FS_ENCRYPTION = whenOlder "5.1" yes; 478 F2FS_FS_COMPRESSION = whenAtLeast "5.6" yes; 479 UDF_FS = module; 480 481 NFSD_V2_ACL = whenOlder "6.2" yes; 482 NFSD_V3 = whenOlder "5.18" yes; 483 NFSD_V3_ACL = yes; 484 NFSD_V4 = yes; 485 NFSD_V4_SECURITY_LABEL = yes; 486 487 NFS_FSCACHE = yes; 488 NFS_SWAP = yes; 489 NFS_V3_ACL = yes; 490 NFS_V4_1 = yes; # NFSv4.1 client support 491 NFS_V4_2 = yes; 492 NFS_V4_SECURITY_LABEL = yes; 493 494 CIFS_XATTR = yes; 495 CIFS_POSIX = option yes; 496 CIFS_FSCACHE = yes; 497 CIFS_WEAK_PW_HASH = whenOlder "5.15" yes; 498 CIFS_UPCALL = yes; 499 CIFS_ACL = whenOlder "5.3" yes; 500 CIFS_DFS_UPCALL = yes; 501 502 CEPH_FSCACHE = yes; 503 CEPH_FS_POSIX_ACL = yes; 504 505 SQUASHFS_FILE_DIRECT = yes; 506 SQUASHFS_DECOMP_MULTI_PERCPU = whenOlder "6.2" yes; 507 SQUASHFS_XATTR = yes; 508 SQUASHFS_ZLIB = yes; 509 SQUASHFS_LZO = yes; 510 SQUASHFS_XZ = yes; 511 SQUASHFS_LZ4 = yes; 512 SQUASHFS_ZSTD = yes; 513 514 # Native Language Support modules, needed by some filesystems 515 NLS = yes; 516 NLS_DEFAULT = freeform "utf8"; 517 NLS_UTF8 = module; 518 NLS_CODEPAGE_437 = module; # VFAT default for the codepage= mount option 519 NLS_ISO8859_1 = module; # VFAT default for the iocharset= mount option 520 521 # Needed to use the installation iso image. Not included in all defconfigs (e.g. arm64) 522 ISO9660_FS = module; 523 524 DEVTMPFS = yes; 525 526 UNICODE = whenAtLeast "5.2" yes; # Casefolding support for filesystems 527 }; 528 529 security = { 530 FORTIFY_SOURCE = option yes; 531 532 # https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html 533 DEBUG_LIST = yes; 534 HARDENED_USERCOPY = yes; 535 RANDOMIZE_BASE = option yes; 536 STRICT_DEVMEM = mkDefault yes; # Filter access to /dev/mem 537 IO_STRICT_DEVMEM = mkDefault yes; 538 SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default 539 # Prevent processes from ptracing non-children processes 540 SECURITY_YAMA = option yes; 541 # The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. 542 # This does not have any effect if a program does not support it 543 SECURITY_LANDLOCK = whenAtLeast "5.13" yes; 544 DEVKMEM = whenOlder "5.13" no; # Disable /dev/kmem 545 546 USER_NS = yes; # Support for user namespaces 547 548 SECURITY_APPARMOR = yes; 549 DEFAULT_SECURITY_APPARMOR = yes; 550 551 RANDOM_TRUST_CPU = whenOlder "6.2" yes; # allow RDRAND to seed the RNG 552 RANDOM_TRUST_BOOTLOADER = whenOlder "6.2" (whenAtLeast "5.4" yes); # allow the bootloader to seed the RNG 553 554 MODULE_SIG = no; # r13y, generates a random key during build and bakes it in 555 # Depends on MODULE_SIG and only really helps when you sign your modules 556 # and enforce signatures which we don't do by default. 557 SECURITY_LOCKDOWN_LSM = whenAtLeast "5.4" no; 558 559 # provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis 560 PERSISTENT_KEYRINGS = yes; 561 # enable temporary caching of the last request_key() result 562 KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; 563 # randomized slab caches 564 RANDOM_KMALLOC_CACHES = whenAtLeast "6.6" yes; 565 566 # NIST SP800-90A DRBG modes - enabled by most distributions 567 # and required by some out-of-tree modules (ShuffleCake) 568 # This does not include the NSA-backdoored Dual-EC mode from the same NIST publication. 569 CRYPTO_DRBG_HASH = yes; 570 CRYPTO_DRBG_CTR = yes; 571 572 } // optionalAttrs stdenv.hostPlatform.isx86_64 { 573 # Enable Intel SGX 574 X86_SGX = whenAtLeast "5.11" yes; 575 # Allow KVM guests to load SGX enclaves 576 X86_SGX_KVM = whenAtLeast "5.13" yes; 577 578 # AMD Cryptographic Coprocessor (CCP) 579 CRYPTO_DEV_CCP = yes; 580 # AMD SME 581 AMD_MEM_ENCRYPT = yes; 582 # AMD SEV and AMD SEV-SE 583 KVM_AMD_SEV = yes; 584 # AMD SEV-SNP 585 SEV_GUEST = whenAtLeast "5.19" module; 586 # Shadow stacks 587 X86_USER_SHADOW_STACK = whenAtLeast "6.6" yes; 588 }; 589 590 microcode = { 591 MICROCODE = yes; 592 MICROCODE_INTEL = whenOlder "6.6" yes; 593 MICROCODE_AMD = whenOlder "6.6" yes; 594 # Write Back Throttling 595 # https://lwn.net/Articles/682582/ 596 # https://bugzilla.kernel.org/show_bug.cgi?id=12309#c655 597 BLK_WBT = yes; 598 BLK_WBT_SQ = whenOlder "5.0" yes; # Removed in 5.0-RC1 599 BLK_WBT_MQ = yes; 600 }; 601 602 container = { 603 NAMESPACES = yes; # Required by 'unshare' used by 'nixos-install' 604 RT_GROUP_SCHED = no; 605 CGROUP_DEVICE = yes; 606 CGROUP_HUGETLB = yes; 607 CGROUP_PERF = yes; 608 CGROUP_RDMA = yes; 609 610 MEMCG = yes; 611 MEMCG_SWAP = whenOlder "6.1" yes; 612 613 BLK_DEV_THROTTLING = yes; 614 CFQ_GROUP_IOSCHED = whenOlder "5.0" yes; # Removed in 5.0-RC1 615 CGROUP_PIDS = yes; 616 }; 617 618 staging = { 619 # Enable staging drivers. These are somewhat experimental, but 620 # they generally don't hurt. 621 STAGING = yes; 622 }; 623 624 proc-events = { 625 # PROC_EVENTS requires that the netlink connector is not built 626 # as a module. This is required by libcgroup's cgrulesengd. 627 CONNECTOR = yes; 628 PROC_EVENTS = yes; 629 }; 630 631 tracing = { 632 FTRACE = yes; 633 KPROBES = yes; 634 FUNCTION_TRACER = yes; 635 FTRACE_SYSCALLS = yes; 636 SCHED_TRACER = yes; 637 STACK_TRACER = yes; 638 UPROBE_EVENTS = option yes; 639 BPF_SYSCALL = yes; 640 BPF_UNPRIV_DEFAULT_OFF = whenBetween "5.10" "5.16" yes; 641 BPF_EVENTS = yes; 642 FUNCTION_PROFILER = yes; 643 RING_BUFFER_BENCHMARK = no; 644 }; 645 646 perf = { 647 # enable AMD Zen branch sampling if available 648 PERF_EVENTS_AMD_BRS = whenAtLeast "5.19" (option yes); 649 }; 650 651 virtualisation = { 652 PARAVIRT = option yes; 653 654 HYPERVISOR_GUEST = yes; 655 PARAVIRT_SPINLOCKS = option yes; 656 657 KVM_ASYNC_PF = yes; 658 KVM_GENERIC_DIRTYLOG_READ_PROTECT = yes; 659 KVM_GUEST = yes; 660 KVM_MMIO = yes; 661 KVM_VFIO = yes; 662 KSM = yes; 663 VIRT_DRIVERS = yes; 664 # We need 64 GB (PAE) support for Xen guest support 665 HIGHMEM64G = { optional = true; tristate = mkIf (!stdenv.is64bit) "y";}; 666 667 VFIO_PCI_VGA = mkIf stdenv.is64bit yes; 668 669 # VirtualBox guest drivers in the kernel conflict with the ones in the 670 # official additions package and prevent the vboxsf module from loading, 671 # so disable them for now. 672 VBOXGUEST = option no; 673 DRM_VBOXVIDEO = option no; 674 675 XEN = option yes; 676 XEN_DOM0 = option yes; 677 PCI_XEN = option yes; 678 HVC_XEN = option yes; 679 HVC_XEN_FRONTEND = option yes; 680 XEN_SYS_HYPERVISOR = option yes; 681 SWIOTLB_XEN = option yes; 682 XEN_BACKEND = option yes; 683 XEN_BALLOON = option yes; 684 XEN_BALLOON_MEMORY_HOTPLUG = option yes; 685 XEN_EFI = option yes; 686 XEN_HAVE_PVMMU = option yes; 687 XEN_MCE_LOG = option yes; 688 XEN_PVH = option yes; 689 XEN_PVHVM = option yes; 690 XEN_SAVE_RESTORE = option yes; 691 XEN_SELFBALLOONING = whenOlder "5.3" yes; 692 693 # Enable device detection on virtio-mmio hypervisors 694 VIRTIO_MMIO_CMDLINE_DEVICES = yes; 695 }; 696 697 media = { 698 MEDIA_DIGITAL_TV_SUPPORT = yes; 699 MEDIA_CAMERA_SUPPORT = yes; 700 MEDIA_CONTROLLER = yes; 701 MEDIA_PCI_SUPPORT = yes; 702 MEDIA_USB_SUPPORT = yes; 703 MEDIA_ANALOG_TV_SUPPORT = yes; 704 VIDEO_STK1160_COMMON = whenOlder "6.5" module; 705 }; 706 707 "9p" = { 708 # Enable the 9P cache to speed up NixOS VM tests. 709 "9P_FSCACHE" = option yes; 710 "9P_FS_POSIX_ACL" = option yes; 711 }; 712 713 huge-page = { 714 TRANSPARENT_HUGEPAGE = option yes; 715 TRANSPARENT_HUGEPAGE_ALWAYS = option no; 716 TRANSPARENT_HUGEPAGE_MADVISE = option yes; 717 }; 718 719 zram = { 720 ZRAM = module; 721 ZRAM_WRITEBACK = option yes; 722 ZSWAP = option yes; 723 ZPOOL = yes; 724 ZBUD = option yes; 725 }; 726 727 brcmfmac = { 728 # Enable PCIe and USB for the brcmfmac driver 729 BRCMFMAC_USB = option yes; 730 BRCMFMAC_PCIE = option yes; 731 }; 732 733 # Support x2APIC (which requires IRQ remapping) 734 x2apic = optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { 735 X86_X2APIC = yes; 736 IRQ_REMAP = yes; 737 }; 738 739 # Disable various self-test modules that have no use in a production system 740 tests = { 741 # This menu disables all/most of them on >= 4.16 742 RUNTIME_TESTING_MENU = option no; 743 } // { 744 CRC32_SELFTEST = option no; 745 CRYPTO_TEST = option no; 746 EFI_TEST = option no; 747 GLOB_SELFTEST = option no; 748 LOCK_TORTURE_TEST = option no; 749 MTD_TESTS = option no; 750 NOTIFIER_ERROR_INJECTION = option no; 751 RCU_PERF_TEST = whenOlder "5.9" no; 752 RCU_SCALE_TEST = whenAtLeast "5.10" no; 753 RCU_TORTURE_TEST = option no; 754 TEST_ASYNC_DRIVER_PROBE = option no; 755 WW_MUTEX_SELFTEST = option no; 756 XZ_DEC_TEST = option no; 757 }; 758 759 criu = { 760 # Unconditionally enabled, because it is required for CRIU and 761 # it provides the kcmp() system call that Mesa depends on. 762 CHECKPOINT_RESTORE = yes; 763 }; 764 765 misc = let 766 # Use zstd for kernel compression if 64-bit and newer than 5.9, otherwise xz. 767 # i686 issues: https://github.com/NixOS/nixpkgs/pull/117961#issuecomment-812106375 768 useZstd = stdenv.buildPlatform.is64bit && versionAtLeast version "5.9"; 769 in { 770 KERNEL_XZ = mkIf (!useZstd) yes; 771 KERNEL_ZSTD = mkIf useZstd yes; 772 773 HID_BATTERY_STRENGTH = yes; 774 # enabled by default in x86_64 but not arm64, so we do that here 775 HIDRAW = yes; 776 777 HID_ACRUX_FF = yes; 778 DRAGONRISE_FF = yes; 779 GREENASIA_FF = yes; 780 HOLTEK_FF = yes; 781 JOYSTICK_PSXPAD_SPI_FF = yes; 782 LOGIG940_FF = yes; 783 NINTENDO_FF = whenAtLeast "5.16" yes; 784 PLAYSTATION_FF = whenAtLeast "5.12" yes; 785 SONY_FF = yes; 786 SMARTJOYPLUS_FF = yes; 787 THRUSTMASTER_FF = yes; 788 ZEROPLUS_FF = yes; 789 790 MODULE_COMPRESS = whenOlder "5.13" yes; 791 MODULE_COMPRESS_XZ = yes; 792 793 SYSVIPC = yes; # System-V IPC 794 795 AIO = yes; # POSIX asynchronous I/O 796 797 UNIX = yes; # Unix domain sockets. 798 799 MD = yes; # Device mapper (RAID, LVM, etc.) 800 801 # Enable initrd support. 802 BLK_DEV_INITRD = yes; 803 804 PM_TRACE_RTC = no; # Disable some expensive (?) features. 805 ACCESSIBILITY = yes; # Accessibility support 806 AUXDISPLAY = yes; # Auxiliary Display support 807 HIPPI = yes; 808 MTD_COMPLEX_MAPPINGS = yes; # needed for many devices 809 810 SCSI_LOWLEVEL = yes; # enable lots of SCSI devices 811 SCSI_LOWLEVEL_PCMCIA = yes; 812 SCSI_SAS_ATA = yes; # added to enable detection of hard drive 813 814 SPI = yes; # needed for many devices 815 SPI_MASTER = yes; 816 817 "8139TOO_8129" = yes; 818 "8139TOO_PIO" = no; # PIO is slower 819 820 AIC79XX_DEBUG_ENABLE = no; 821 AIC7XXX_DEBUG_ENABLE = no; 822 AIC94XX_DEBUG = no; 823 824 BLK_DEV_INTEGRITY = yes; 825 826 BLK_SED_OPAL = yes; 827 828 BSD_PROCESS_ACCT_V3 = yes; 829 830 SERIAL_DEV_BUS = yes; # enables support for serial devices 831 SERIAL_DEV_CTRL_TTYPORT = yes; # enables support for TTY serial devices 832 833 BT_HCIBTUSB_MTK = whenAtLeast "5.3" yes; # MediaTek protocol support 834 BT_HCIUART_QCA = yes; # Qualcomm Atheros protocol support 835 BT_HCIUART_SERDEV = yes; # required by BT_HCIUART_QCA 836 BT_HCIUART = module; # required for BT devices with serial port interface (QCA6390) 837 BT_HCIUART_BCSP = option yes; 838 BT_HCIUART_H4 = option yes; # UART (H4) protocol support 839 BT_HCIUART_LL = option yes; 840 BT_RFCOMM_TTY = option yes; # RFCOMM TTY support 841 BT_QCA = module; # enables QCA6390 bluetooth 842 843 # Removed on 5.17 as it was unused 844 # upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a4ee518185e902758191d968600399f3bc2be31 845 CLEANCACHE = whenOlder "5.17" (option yes); 846 CRASH_DUMP = option no; 847 848 FSCACHE_STATS = yes; 849 850 DVB_DYNAMIC_MINORS = option yes; # we use udev 851 852 EFI_STUB = yes; # EFI bootloader in the bzImage itself 853 EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER = 854 whenOlder "6.2" (whenAtLeast "5.8" yes); # initrd kernel parameter for EFI 855 CGROUPS = yes; # used by systemd 856 FHANDLE = yes; # used by systemd 857 SECCOMP = yes; # used by systemd >= 231 858 SECCOMP_FILTER = yes; # ditto 859 POSIX_MQUEUE = yes; 860 FRONTSWAP = whenOlder "6.6" yes; 861 FUSION = yes; # Fusion MPT device support 862 IDE = whenOlder "5.14" no; # deprecated IDE support, removed in 5.14 863 IDLE_PAGE_TRACKING = yes; 864 865 JOYSTICK_IFORCE_232 = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force Serial joysticks and wheels 866 JOYSTICK_IFORCE_USB = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force USB joysticks and wheels 867 JOYSTICK_XPAD_FF = option yes; # X-Box gamepad rumble support 868 JOYSTICK_XPAD_LEDS = option yes; # LED Support for Xbox360 controller 'BigX' LED 869 870 KEYBOARD_APPLESPI = whenAtLeast "5.3" module; 871 872 KEXEC_FILE = option yes; 873 KEXEC_JUMP = option yes; 874 875 PARTITION_ADVANCED = yes; # Needed for LDM_PARTITION 876 # Windows Logical Disk Manager (Dynamic Disk) support 877 LDM_PARTITION = yes; 878 LOGIRUMBLEPAD2_FF = yes; # Logitech Rumblepad 2 force feedback 879 LOGO = no; # not needed 880 MEDIA_ATTACH = yes; 881 MEGARAID_NEWGEN = yes; 882 883 MLX5_CORE_EN = option yes; 884 885 NVME_MULTIPATH = yes; 886 887 PSI = whenAtLeast "4.20" yes; 888 889 MOUSE_ELAN_I2C_SMBUS = yes; 890 MOUSE_PS2_ELANTECH = yes; # Elantech PS/2 protocol extension 891 MOUSE_PS2_VMMOUSE = yes; 892 MTRR_SANITIZER = yes; 893 NET_FC = yes; # Fibre Channel driver support 894 # Needed for touchpads to work on some AMD laptops 895 PINCTRL_AMD = whenAtLeast "5.19" yes; 896 # GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks 897 PINCTRL_BAYTRAIL = yes; 898 # GPIO for Braswell and Cherryview devices 899 # Needs to be built-in to for integrated keyboards to function properly 900 PINCTRL_CHERRYVIEW = yes; 901 # 8 is default. Modern gpt tables on eMMC may go far beyond 8. 902 MMC_BLOCK_MINORS = freeform "32"; 903 904 REGULATOR = yes; # Voltage and Current Regulator Support 905 RC_DEVICES = option yes; # Enable IR devices 906 RC_DECODERS = option yes; # Required for IR devices to work 907 908 RT2800USB_RT53XX = yes; 909 RT2800USB_RT55XX = yes; 910 911 SCHED_AUTOGROUP = yes; 912 CFS_BANDWIDTH = yes; 913 914 SCSI_LOGGING = yes; # SCSI logging facility 915 SERIAL_8250 = yes; # 8250/16550 and compatible serial support 916 917 SLAB_FREELIST_HARDENED = yes; 918 SLAB_FREELIST_RANDOM = yes; 919 920 SLIP_COMPRESSED = yes; # CSLIP compressed headers 921 SLIP_SMART = yes; 922 923 HWMON = yes; 924 THERMAL_HWMON = yes; # Hardware monitoring support 925 NVME_HWMON = whenAtLeast "5.5" yes; # NVMe drives temperature reporting 926 UEVENT_HELPER = no; 927 928 USERFAULTFD = yes; 929 X86_CHECK_BIOS_CORRUPTION = yes; 930 X86_MCE = yes; 931 932 RAS = yes; # Needed for EDAC support 933 934 # Our initrd init uses shebang scripts, so can't be modular. 935 BINFMT_SCRIPT = yes; 936 # For systemd-binfmt 937 BINFMT_MISC = option yes; 938 939 # Disable the firmware helper fallback, udev doesn't implement it any more 940 FW_LOADER_USER_HELPER_FALLBACK = option no; 941 942 FW_LOADER_COMPRESS = option yes; 943 944 HOTPLUG_PCI_ACPI = yes; # PCI hotplug using ACPI 945 HOTPLUG_PCI_PCIE = yes; # PCI-Expresscard hotplug support 946 947 # Enable AMD's ROCm GPU compute stack 948 HSA_AMD = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "4.20" yes); 949 ZONE_DEVICE = mkIf stdenv.hostPlatform.is64bit (whenAtLeast "5.3" yes); 950 HMM_MIRROR = whenAtLeast "5.3" yes; 951 DRM_AMDGPU_USERPTR = whenAtLeast "5.3" yes; 952 953 PREEMPT = no; 954 PREEMPT_VOLUNTARY = yes; 955 956 X86_AMD_PLATFORM_DEVICE = yes; 957 X86_PLATFORM_DRIVERS_DELL = whenAtLeast "5.12" yes; 958 X86_PLATFORM_DRIVERS_HP = whenAtLeast "6.1" yes; 959 960 LIRC = yes; 961 962 SCHED_CORE = whenAtLeast "5.14" yes; 963 964 LRU_GEN = whenAtLeast "6.1" yes; 965 LRU_GEN_ENABLED = whenAtLeast "6.1" yes; 966 967 FSL_MC_UAPI_SUPPORT = mkIf (stdenv.hostPlatform.system == "aarch64-linux") (whenAtLeast "5.12" yes); 968 969 ASHMEM = { optional = true; tristate = whenBetween "5.0" "5.18" "y";}; 970 ANDROID = { optional = true; tristate = whenBetween "5.0" "5.19" "y";}; 971 ANDROID_BINDER_IPC = { optional = true; tristate = whenAtLeast "5.0" "y";}; 972 ANDROID_BINDERFS = { optional = true; tristate = whenAtLeast "5.0" "y";}; 973 ANDROID_BINDER_DEVICES = { optional = true; freeform = whenAtLeast "5.0" "binder,hwbinder,vndbinder";}; 974 975 TASKSTATS = yes; 976 TASK_DELAY_ACCT = yes; 977 TASK_XACCT = yes; 978 TASK_IO_ACCOUNTING = yes; 979 980 # Fresh toolchains frequently break -Werror build for minor issues. 981 WERROR = whenAtLeast "5.15" no; 982 983 # > CONFIG_KUNIT should not be enabled in a production environment. Enabling KUnit disables Kernel Address-Space Layout Randomization (KASLR), and tests may affect the state of the kernel in ways not suitable for production. 984 # https://www.kernel.org/doc/html/latest/dev-tools/kunit/start.html 985 KUNIT = whenAtLeast "5.5" no; 986 } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") { 987 # Enable CPU/memory hotplug support 988 # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot 989 ACPI_HOTPLUG_CPU = yes; 990 ACPI_HOTPLUG_MEMORY = yes; 991 MEMORY_HOTPLUG = yes; 992 MEMORY_HOTREMOVE = yes; 993 HOTPLUG_CPU = yes; 994 MIGRATION = yes; 995 SPARSEMEM = yes; 996 997 # Bump the maximum number of CPUs to support systems like EC2 x1.* 998 # instances and Xeon Phi. 999 NR_CPUS = freeform "384"; 1000 } // optionalAttrs (stdenv.hostPlatform.system == "armv7l-linux" || stdenv.hostPlatform.system == "aarch64-linux") { 1001 # Enables support for the Allwinner Display Engine 2.0 1002 SUN8I_DE2_CCU = yes; 1003 1004 # See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647 1005 CRYPTO_AEGIS128_SIMD = whenAtLeast "5.4" no; 1006 1007 # Distros should configure the default as a kernel option. 1008 # We previously defined it on the kernel command line as cma= 1009 # The kernel command line will override a platform-specific configuration from its device tree. 1010 # https://github.com/torvalds/linux/blob/856deb866d16e29bd65952e0289066f6078af773/kernel/dma/contiguous.c#L35-L44 1011 CMA_SIZE_MBYTES = freeform "32"; 1012 1013 # Many ARM SBCs hand off a pre-configured framebuffer. 1014 # This always can can be replaced by the actual native driver. 1015 # Keeping it a built-in ensures it will be used if possible. 1016 FB_SIMPLE = yes; 1017 1018 # https://docs.kernel.org/arch/arm/mem_alignment.html 1019 # tldr: 1020 # when buggy userspace code emits illegal misaligned LDM, STM, 1021 # LDRD and STRDs, the instructions trap, are caught, and then 1022 # are emulated by the kernel. 1023 # 1024 # This is the default on armv7l, anyway, but it is explicitly 1025 # enabled here for the sake of providing context for the 1026 # aarch64 compat option which follows. 1027 ALIGNMENT_TRAP = mkIf (stdenv.hostPlatform.system == "armv7l-linux") yes; 1028 1029 # https://patchwork.kernel.org/project/linux-arm-kernel/patch/20220701135322.3025321-1-ardb@kernel.org/ 1030 # tldr: 1031 # when encountering alignment faults under aarch64, this option 1032 # makes the kernel attempt to handle the fault by doing the 1033 # same style of misaligned emulation that is performed under 1034 # armv7l (see above option). 1035 # 1036 # This minimizes the potential for aarch32 userspace to behave 1037 # differently when run under aarch64 kernels compared to when 1038 # it is run under an aarch32 kernel. 1039 COMPAT_ALIGNMENT_FIXUPS = mkIf (stdenv.hostPlatform.system == "aarch64-linux") (whenAtLeast "6.1" yes); 1040 } // optionalAttrs (versionAtLeast version "5.4" && (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux")) { 1041 # Required for various hardware features on Chrome OS devices 1042 CHROME_PLATFORMS = yes; 1043 CHROMEOS_TBMC = module; 1044 1045 CROS_EC = module; 1046 1047 CROS_EC_I2C = module; 1048 CROS_EC_SPI = module; 1049 CROS_EC_LPC = module; 1050 CROS_EC_ISHTP = module; 1051 1052 CROS_KBD_LED_BACKLIGHT = module; 1053 1054 TCG_TIS_SPI_CR50 = whenAtLeast "5.5" yes; 1055 } // optionalAttrs (versionAtLeast version "5.4" && stdenv.hostPlatform.system == "x86_64-linux") { 1056 CHROMEOS_LAPTOP = module; 1057 CHROMEOS_PSTORE = module; 1058 }; 1059 }; 1060in 1061 flattenKConf options