diff options
author | Tim Steinbach <tim@nequissimus.com> | 2017-08-07 17:34:10 -0400 |
---|---|---|
committer | Tim Steinbach <tim@nequissimus.com> | 2017-08-07 17:34:10 -0400 |
commit | f46f98ad31e60d512732fb56c3230ab916a9f64b (patch) | |
tree | f1cad0de210c58db354205bf3cec070b9dcd2e5f /pkgs | |
parent | de1110b52a7a78821c765db34b9300f08d3871e9 (diff) | |
download | nixlib-f46f98ad31e60d512732fb56c3230ab916a9f64b.tar nixlib-f46f98ad31e60d512732fb56c3230ab916a9f64b.tar.gz nixlib-f46f98ad31e60d512732fb56c3230ab916a9f64b.tar.bz2 nixlib-f46f98ad31e60d512732fb56c3230ab916a9f64b.tar.lz nixlib-f46f98ad31e60d512732fb56c3230ab916a9f64b.tar.xz nixlib-f46f98ad31e60d512732fb56c3230ab916a9f64b.tar.zst nixlib-f46f98ad31e60d512732fb56c3230ab916a9f64b.zip |
Revert 0cf0d7186a5259ae59b852c109f31ab09af56cec
Order common kernel config by functionality See #27949
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 1079 |
1 files changed, 572 insertions, 507 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index c15839f7dfed..deb1d81775b3 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -3,14 +3,11 @@ WARNING/NOTE: whenever you want to add an option here you need to either - * make sure it works for all the versions in nixpkgs, + * mark it as an optional one with `?` suffix, + * or make sure it works for all the versions in nixpkgs, * or check for which kernel versions it will work (using kernel changelog, google or whatever) and mark it with `versionOlder` or - `versionAtLeast` - - This file has a fairly obvious structure, follow it! - Do not duplicate predicates, sort options alphabetically, comment if - the option's functionality is non-obvious. + `versionAtLeast`. Then do test your change by building all the kernels (or at least their configs) in Nixpkgs or else you will guarantee lots and lots @@ -24,636 +21,704 @@ with stdenv.lib; '' -# Globally applicable + # Compress kernel modules for a sizable disk space savings. + ${optionalString (versionAtLeast version "3.18") '' + MODULE_COMPRESS y + MODULE_COMPRESS_XZ y + ''} - 8139TOO_8129 y - 8139TOO_PIO n # PIO is slower - 9P_FS_POSIX_ACL y - 9P_FSCACHE y - ACCESSIBILITY y # Accessibility support - AIC79XX_DEBUG_ENABLE n - AIC7XXX_DEBUG_ENABLE n - AIC94XX_DEBUG n - ASYNC_RAID6_TEST n - ATH9K_AHB y # Ditto, AHB bus - ATH9K_PCI y # Detect Atheros AR9xxx cards on PCI(e) bus - ATOMIC64_SELFTEST n - AUXDISPLAY y # Auxiliary Display support - B43_PHY_HT y - BACKTRACE_SELF_TEST n + KERNEL_XZ y + + # Debugging. + DEBUG_KERNEL y + DYNAMIC_DEBUG y BACKTRACE_SELF_TEST n - BCMA_HOST_PCI y - BINFMT_MISC y - BINFMT_SCRIPT y # Our initrd init uses shebang scripts, so can't be modular. - BLK_CGROUP y # required by CFQ - BLK_DEV_INITRD y # Enable initrd support - BLK_DEV_INTEGRITY y - BLK_DEV_RAM y # Enable initrd support - BLK_DEV_THROTTLING y - BONDING m - BRCMFMAC_USB y - BRIDGE_VLAN_FILTERING y - BSD_PROCESS_ACCT_V3 y - BT_HCIUART_BCSP y - BT_HCIUART_H4 y # UART (H4) protocol support - BT_HCIUART_LL y - BT_RFCOMM_TTY y # RFCOMM TTY support - BTRFS_FS_POSIX_ACL y - CC_OPTIMIZE_FOR_SIZE n # Optimize with -O2 - CFG80211_WEXT y # Without it, ipw2200 drivers don't build - CFQ_GROUP_IOSCHED y - CGROUP_DEVICE y - CGROUPS y # used by systemd - CIFS_ACL y - CIFS_DFS_UPCALL y - CIFS_FSCACHE y - CIFS_POSIX y - CIFS_STATS y - CIFS_UPCALL y - CIFS_WEAK_PW_HASH y - CIFS_XATTR y - CLEANCACHE y - CLS_U32_MARK y - CLS_U32_PERF y - CONNECTOR y # PROC_EVENTS requires that the netlink connector is not built as a module - CPU_FREQ_DEFAULT_GOV_PERFORMANCE y - CRASH_DUMP n - CRC32_SELFTEST n - CRYPTO_TEST n DEBUG_DEVRES n - DEBUG_KERNEL y DEBUG_STACK_USAGE n DEBUG_STACKOVERFLOW n - DEFAULT_SECURITY_APPARMOR y + SCHEDSTATS n DETECT_HUNG_TASK y - DEVTMPFS y + + ${optionalString (versionOlder version "4.4") '' + CPU_NOTIFIER_ERROR_INJECT? n + ''} + + ${optionalString (versionOlder version "4.11") '' + TIMER_STATS y + DEBUG_NX_TEST n + ''} + + # Bump the maximum number of CPUs to support systems like EC2 x1.* + # instances and Xeon Phi. + ${optionalString (stdenv.system == "x86_64-linux" || stdenv.system == "aarch64-linux") '' + NR_CPUS 384 + ''} + + # Unix domain sockets. + UNIX y + + # Power management. + ${optionalString (versionOlder version "3.19") '' + PM_RUNTIME y + ''} + PM_ADVANCED_DEBUG y + ${optionalString (versionAtLeast version "3.11") '' + X86_INTEL_LPSS y + ''} + ${optionalString (versionAtLeast version "3.10") '' + X86_INTEL_PSTATE y + ''} + INTEL_IDLE y + CPU_FREQ_DEFAULT_GOV_PERFORMANCE y + ${optionalString (versionOlder version "3.10") '' + USB_SUSPEND y + ''} + PM_WAKELOCKS y + + # Support drivers that need external firmware. + STANDALONE n + + # Make /proc/config.gz available. + IKCONFIG y + IKCONFIG_PROC y + + # Optimize with -O2, not -Os. + CC_OPTIMIZE_FOR_SIZE n + + # Enable the kernel's built-in memory tester. + MEMTEST y + + # Include the CFQ I/O scheduler in the kernel, rather than as a + # module, so that the initrd gets a good I/O scheduler. + IOSCHED_CFQ y + BLK_CGROUP y # required by CFQ + IOSCHED_DEADLINE y + ${optionalString (versionAtLeast version "4.11") '' + MQ_IOSCHED_DEADLINE y + ''} + ${optionalString (versionAtLeast version "4.12") '' + BFQ_GROUP_IOSCHED y + MQ_IOSCHED_KYBER y + IOSCHED_BFQ m + ''} + + # Enable NUMA. + NUMA? y + + # Disable some expensive (?) features. + PM_TRACE_RTC n + + # Enable initrd support. + BLK_DEV_RAM y + BLK_DEV_INITRD y + + # Enable various subsystems. + ACCESSIBILITY y # Accessibility support + AUXDISPLAY y # Auxiliary Display support DONGLE y # Serial dongle support - DRM_GMA3600 y - DRM_GMA600 y - DRM_LOAD_EDID_FIRMWARE y - DVB_DYNAMIC_MINORS y # we use udev - EFI_STUB y # EFI bootloader in the bzImage itself - EXT2_FS_POSIX_ACL y - EXT2_FS_SECURITY y - EXT2_FS_XATTR y - EXT3_FS_POSIX_ACL y - EXT3_FS_SECURITY y - EXT4_FS_POSIX_ACL y - EXT4_FS_SECURITY y - F2FS_FS m - FANOTIFY y + HIPPI y + MTD_COMPLEX_MAPPINGS y # needed for many devices + SCSI_LOWLEVEL y # enable lots of SCSI devices + SCSI_LOWLEVEL_PCMCIA y + SCSI_SAS_ATA y # added to enable detection of hard drive + SPI y # needed for many devices + SPI_MASTER y + WAN y + + # Networking options. + NET y + IP_PNP n + ${optionalString (versionOlder version "3.13") '' + IPV6_PRIVACY y + ''} + NETFILTER y + NETFILTER_ADVANCED y + IP_ROUTE_VERBOSE y + IP_MROUTE_MULTIPLE_TABLES y + IP_VS_PROTO_TCP y + IP_VS_PROTO_UDP y + IP_VS_PROTO_ESP y + IP_VS_PROTO_AH y + IP_DCCP_CCID3 n # experimental + IP_MULTICAST y + IPV6_ROUTER_PREF y + IPV6_ROUTE_INFO y + IPV6_OPTIMISTIC_DAD y + IPV6_MULTIPLE_TABLES y + IPV6_SUBTREES y + IPV6_MROUTE y + IPV6_MROUTE_MULTIPLE_TABLES y + IPV6_PIMSM_V2 y + ${optionalString (versionAtLeast version "4.7") '' + IPV6_FOU_TUNNEL m + ''} + CLS_U32_PERF y + CLS_U32_MARK y + ${optionalString (stdenv.system == "x86_64-linux") '' + BPF_JIT y + ''} + ${optionalString (versionAtLeast version "4.4") '' + NET_CLS_BPF m + NET_ACT_BPF m + ''} + L2TP_V3 y + L2TP_IP m + L2TP_ETH m + BRIDGE_VLAN_FILTERING y + BONDING m + NET_L3_MASTER_DEV? y + NET_FOU_IP_TUNNELS? y + IP_NF_TARGET_REDIRECT m + + # Wireless networking. + CFG80211_WEXT? y # Without it, ipw2200 drivers don't build + IPW2100_MONITOR? y # support promiscuous mode + IPW2200_MONITOR? y # support promiscuous mode + HOSTAP_FIRMWARE? y # Support downloading firmware images with Host AP driver + HOSTAP_FIRMWARE_NVRAM? y + ATH9K_PCI? y # Detect Atheros AR9xxx cards on PCI(e) bus + ATH9K_AHB? y # Ditto, AHB bus + B43_PHY_HT? y + BCMA_HOST_PCI? y + + # Enable various FB devices. FB y - FB_3DFX_ACCEL y - FB_ATY_CT y # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support - FB_ATY_GX y # Mach64 GX support FB_EFI y FB_NVIDIA_I2C y # Enable DDC Support FB_RIVA_I2C y - FB_SAVAGE_ACCEL y + FB_ATY_CT y # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support + FB_ATY_GX y # Mach64 GX support FB_SAVAGE_I2C y + FB_SAVAGE_ACCEL y FB_SIS_300 y FB_SIS_315 y + FB_3DFX_ACCEL y FB_VESA y - FHANDLE y # used by systemd FRAMEBUFFER_CONSOLE y FRAMEBUFFER_CONSOLE_ROTATION y - FRONTSWAP y - FUSION y # Fusion MPT device support - HIPPI y - HOSTAP_FIRMWARE_NVRAM y - HOSTAP_FIRMWARE y # Support downloading firmware images with Host AP driver - HWMON y - HYPERVISOR_GUEST y - IDE n # deprecated IDE supportIRDA_ULTRA y # Ultra (connectionless) protocol - IKCONFIG y # Make /proc/config.gz available - IKCONFIG_PROC y # Make /proc/config.gz available - INTEL_IDLE y - INTERVAL_TREE_TEST n - IOSCHED_CFQ y # Include the CFQ I/O scheduler in the kernel, rather than as a module, so that the initrd gets a good I/O scheduler - IOSCHED_DEADLINE y - IP_DCCP_CCID3 n # experimental - IP_MROUTE_MULTIPLE_TABLES y - IP_MULTICAST y - IP_NF_TARGET_REDIRECT m - IP_PNP n - IP_ROUTE_VERBOSE y - IP_VS_PROTO_AH y - IP_VS_PROTO_ESP y - IP_VS_PROTO_TCP y - IP_VS_PROTO_UDP y - IPV6_MROUTE y - IPV6_MROUTE_MULTIPLE_TABLES y - IPV6_MULTIPLE_TABLES y - IPV6_OPTIMISTIC_DAD y - IPV6_PIMSM_V2 y - IPV6_ROUTE_INFO y - IPV6_ROUTER_PREF y - IPV6_SUBTREES y - IPW2100_MONITOR y # support promiscuous mode - IPW2200_MONITOR y # support promiscuous mode - JFS_POSIX_ACL y - JFS_SECURITY y - JOYSTICK_IFORCE_232 y # I-Force Serial joysticks and wheels - JOYSTICK_IFORCE_USB y # I-Force USB joysticks and wheels - JOYSTICK_XPAD_FF y # X-Box gamepad rumble support - JOYSTICK_XPAD_LEDS y # LED Support for Xbox360 controller 'BigX' LED - KERNEL_XZ y - KEXEC_JUMP y - KPROBES y - KSM y - KVM_ASYNC_PF y - KVM_GUEST y - KVM_MMIO y - L2TP_ETH m - L2TP_IP m - L2TP_V3 y - LDM_PARTITION y # Windows Logical Disk Manager (Dynamic Disk) support - LOGIRUMBLEPAD2_FF y # Logitech Rumblepad 2 force feedback - LOGO n # not needed - MEDIA_ATTACH y - MEDIA_CAMERA_SUPPORT y - MEDIA_DIGITAL_TV_SUPPORT y - MEDIA_RC_SUPPORT y - MEDIA_USB_SUPPORT y - MEGARAID_NEWGEN y - MEMCG y - MEMCG_SWAP y - MEMTEST y # Enable the kernel's built-in memory tester - MICROCODE y - MICROCODE_AMD y - MICROCODE_INTEL y - MMC_BLOCK_MINORS 32 # 8 is default. Modern gpt tables on eMMC may go far beyond 8. - MOUSE_PS2_ELANTECH y # Elantech PS/2 protocol extension - MTD_COMPLEX_MAPPINGS y # needed for many devices - MTD_TESTS n - MTRR_SANITIZER y - NAMESPACES y # Required by 'unshare' used by 'nixos-install' - NET y - NET_FC y # Fibre Channel driver support - NETFILTER y - NETFILTER_ADVANCED y - NFS_FSCACHE y - NFS_SWAP y - NFS_V3_ACL y - NFSD_V2_ACL y - NFSD_V3 y - NFSD_V3_ACL y - NFSD_V4 y - NLS y - NLS_CODEPAGE_437 m # VFAT default for the codepage= mount option - NLS_DEFAULT utf8 - NLS_ISO8859_1 m # VFAT default for the iocharset= mount option - NLS_UTF8 m - NOTIFIER_ERROR_INJECTION n - NUMA y - OCFS2_DEBUG_MASKLOG n - PARAVIRT_SPINLOCKS y - PARAVIRT y - PM_ADVANCED_DEBUG y - PM_TRACE_RTC n # Disable some expensive () features - PM_WAKELOCKS y - POSIX_MQUEUE y - PPP_FILTER y - PPP_MULTILINK y # PPP multilink support - PROC_EVENTS y - RBTREE_TEST n - RC_DEVICES y # Enable IR devices - RCU_TORTURE_TEST n - REGULATOR y # Voltage and Current Regulator Support - REISERFS_FS_POSIX_ACL y - REISERFS_FS_SECURITY y - REISERFS_FS_XATTR y - RT_GROUP_SCHED n - RT2800USB_RT55XX y - SCHED_AUTOGROUP y - SCHEDSTATS n - SCSI_LOGGING y # SCSI logging facility - SCSI_LOWLEVEL y # enable lots of SCSI devices - SCSI_LOWLEVEL_PCMCIA y - SCSI_SAS_ATA y # added to enable detection of hard drive - SECCOMP y # used by systemd >= 231 - SECCOMP_FILTER y # ditto - SECURITY_APPARMOR y - SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default - SERIAL_8250 y # 8250/16550 and compatible serial support - SLIP_COMPRESSED y # CSLIP compressed headers - SLIP_SMART y - SND_AC97_POWER_SAVE y # AC97 Power-Saving Mode + ${optionalString (stdenv.system == "i686-linux") '' + FB_GEODE y + ''} + + # Video configuration. + # Enable KMS for devices whose X.org driver supports it. + ${optionalString (versionOlder version "4.3" && !(features.chromiumos or false)) '' + DRM_I915_KMS y + ''} + # Allow specifying custom EDID on the kernel command line + DRM_LOAD_EDID_FIRMWARE y + VGA_SWITCHEROO y # Hybrid graphics support + DRM_GMA600 y + DRM_GMA3600 y + ${optionalString (versionAtLeast version "4.5" && (versionOlder version "4.9")) '' + DRM_AMD_POWERPLAY y # necessary for amdgpu polaris support + ''} + ${optionalString (versionAtLeast version "4.9") '' + DRM_AMDGPU_SI y # (experimental) amdgpu support for verde and newer chipsets + DRM_AMDGPU_CIK y # (stable) amdgpu support for bonaire and newer chipsets + ''} + + # Sound. SND_DYNAMIC_MINORS y + SND_AC97_POWER_SAVE y # AC97 Power-Saving Mode SND_HDA_INPUT_BEEP y # Support digital beep via input layer - SND_HDA_PATCH_LOADER y # Support configuring jack functions via fw mechanism at boot SND_HDA_RECONFIG y # Support reconfiguration of jack functions + SND_HDA_PATCH_LOADER y # Support configuring jack functions via fw mechanism at boot SND_USB_CAIAQ_INPUT y - SPI y # needed for many devices - SPI_MASTER y - SQUASHFS_LZO y - SQUASHFS_XATTR y - SQUASHFS_XZ y - SQUASHFS_ZLIB y - STAGING y - STANDALONE n # Support drivers that need external firmware. - STRICT_DEVMEM y # Filter access to /dev/mem - TEST_KSTRTOX n - TEST_LIST_SORT n - TEST_STRING_HELPERS n - THERMAL_HWMON y # Hardware monitoring support - TMPFS y - TMPFS_POSIX_ACL y - TRANSPARENT_HUGEPAGE_ALWAYS n - TRANSPARENT_HUGEPAGE_MADVISE y - TRANSPARENT_HUGEPAGE y - UBIFS_FS_ADVANCED_COMPR y - UDF_FS m - UNIX y - USB_EHCI_ROOT_HUB_TT y # Root Hub Transaction Translators - USB_EHCI_TT_NEWSCHED y # Improved transaction translator scheduling + ${optionalString (versionOlder version "4.12") '' + PSS_MIXER y # Enable PSS mixer (Beethoven ADSP-16 and other compatible) + ''} + + # USB serial devices. USB_SERIAL_GENERIC y # USB Generic Serial Driver USB_SERIAL_KEYSPAN_MPR y # include firmware for various USB serial devices - USB_SERIAL_KEYSPAN_USA18X y - USB_SERIAL_KEYSPAN_USA19 y - USB_SERIAL_KEYSPAN_USA19QI y - USB_SERIAL_KEYSPAN_USA19QW y - USB_SERIAL_KEYSPAN_USA19W y USB_SERIAL_KEYSPAN_USA28 y USB_SERIAL_KEYSPAN_USA28X y USB_SERIAL_KEYSPAN_USA28XA y USB_SERIAL_KEYSPAN_USA28XB y + USB_SERIAL_KEYSPAN_USA19 y + USB_SERIAL_KEYSPAN_USA18X y + USB_SERIAL_KEYSPAN_USA19W y + USB_SERIAL_KEYSPAN_USA19QW y + USB_SERIAL_KEYSPAN_USA19QI y USB_SERIAL_KEYSPAN_USA49W y USB_SERIAL_KEYSPAN_USA49WLC y - VGA_SWITCHEROO y # Hybrid graphics support - VIRT_DRIVERS y - WAN y - X86_CHECK_BIOS_CORRUPTION y - X86_MCE y - XFS_POSIX_ACL y - XFS_QUOTA y - XFS_RT y # XFS Realtime subvolume support - XZ_DEC_TEST n - ZRAM m - -# Architecture dependent - ${optionalString (stdenv.isx86_64 || stdenv.isi686) '' - XEN y - XEN_DOM0 y - ${optionalString ((versionAtLeast version "3.18") && (features.xen_dom0 or false)) '' - HVC_XEN_FRONTEND y - HVC_XEN y - PCI_XEN y - SWIOTLB_XEN y - XEN_BACKEND y - XEN_BALLOON_MEMORY_HOTPLUG y - XEN_BALLOON y - XEN_EFI y - XEN_HAVE_PVMMU y - XEN_MCE_LOG y - XEN_PVH y - XEN_PVHVM y - XEN_SAVE_RESTORE y - XEN_SCRUB_PAGES y - XEN_SELFBALLOONING y - XEN_STUB y - XEN_SYS_HYPERVISOR y - XEN_TMEM y - ''} - ''} - - ${optionalString (!stdenv.is64bit) '' - HIGHMEM64G y # We need 64 GB (PAE) support for Xen guest support. - ''} - - ${optionalString (stdenv.is64bit) '' - IRQ_REMAP y - VFIO_PCI_VGA y - X86_X2APIC y - ''} - - ${optionalString (stdenv.system == "i686-linux") '' - FB_GEODE y - ''} - - ${optionalString (stdenv.system == "x86_64-linux") '' - BPF_JIT y - ''} - - ${optionalString (stdenv.system == "x86_64-linux" || stdenv.system == "aarch64-linux") '' - NR_CPUS 384 + # Filesystem options - in particular, enable extended attributes and + # ACLs for all filesystems that support them. + FANOTIFY y + TMPFS y + TMPFS_POSIX_ACL y + ${optionalString (versionAtLeast version "4.9") '' + FS_ENCRYPTION? m ''} - -# Kernel version dependent - - ${optionalString (versionAtLeast version "3.3" && versionOlder version "3.13") '' - AUDIT_LOGINUID_IMMUTABLE y + EXT2_FS_XATTR y + EXT2_FS_POSIX_ACL y + EXT2_FS_SECURITY y + ${optionalString (versionOlder version "4.0") '' + EXT2_FS_XIP y # Ext2 execute in place support ''} - - ${optionalString (versionOlder version "3.10") '' - ARM_KPROBES_TEST n - CPU_NOTIFIER_ERROR_INJECT n - EFI_TEST n - RCU_PERF_TEST n - TEST_ASYNC_DRIVER_PROBE n - TEST_BITMAP n - TEST_HASH n - TEST_UUID n - USB_SUSPEND y + EXT3_FS_POSIX_ACL y + EXT3_FS_SECURITY y + EXT4_FS_POSIX_ACL y + EXT4_ENCRYPTION? ${if versionOlder version "4.8" then "m" else "y"} + EXT4_FS_SECURITY y + REISERFS_FS_XATTR? y + REISERFS_FS_POSIX_ACL? y + REISERFS_FS_SECURITY? y + JFS_POSIX_ACL? y + JFS_SECURITY? y + XFS_QUOTA? y + XFS_POSIX_ACL? y + XFS_RT? y # XFS Realtime subvolume support + OCFS2_DEBUG_MASKLOG? n + BTRFS_FS_POSIX_ACL y + UBIFS_FS_ADVANCED_COMPR? y + F2FS_FS m + F2FS_FS_SECURITY? y + F2FS_FS_ENCRYPTION? y + UDF_FS m + ${optionalString (versionAtLeast version "4.0" && versionOlder version "4.6") '' + NFSD_PNFS y ''} - - ${optionalString (versionAtLeast version "3.10") '' - X86_INTEL_PSTATE y + NFSD_V2_ACL y + NFSD_V3 y + NFSD_V3_ACL y + NFSD_V4 y + ${optionalString (versionAtLeast version "3.11") '' + NFSD_V4_SECURITY_LABEL y ''} - + NFS_FSCACHE y + NFS_SWAP y + NFS_V3_ACL y ${optionalString (versionAtLeast version "3.11") '' NFS_V4_1 y # NFSv4.1 client support NFS_V4_2 y NFS_V4_SECURITY_LABEL y - NFSD_V4_SECURITY_LABEL y - PINCTRL_BAYTRAIL y # GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks - X86_INTEL_LPSS y - - ${optionalString (versionOlder version "4.4") '' - MICROCODE_AMD_EARLY y - MICROCODE_EARLY y - MICROCODE_INTEL_EARLY y - ''} ''} - + CIFS_XATTR y + CIFS_POSIX y + CIFS_FSCACHE y + CIFS_STATS y + CIFS_WEAK_PW_HASH y + CIFS_UPCALL y + CIFS_ACL y + CIFS_DFS_UPCALL y + ${optionalString (versionOlder version "4.13") '' + CIFS_SMB2 y + ''} ${optionalString (versionAtLeast version "3.12") '' CEPH_FSCACHE y - HOTPLUG_PCI_ACPI y # PCI hotplug using ACPI - HOTPLUG_PCI_PCIE y # PCI-Expresscard hotplug support - USER_NS y # Support for user namespaces ''} - - ${optionalString (versionOlder version "3.13") '' - IPV6_PRIVACY y + ${optionalString (versionAtLeast version "3.14") '' + CEPH_FS_POSIX_ACL y ''} - ${optionalString (versionAtLeast version "3.13") '' - KVM_VFIO y - SQUASHFS_DECOMP_MULTI_PERCPU y SQUASHFS_FILE_DIRECT y + SQUASHFS_DECOMP_MULTI_PERCPU y ''} - - ${optionalString (versionOlder version "3.14") '' - CC_STACKPROTECTOR y # Detect buffer overflows on the stack + SQUASHFS_XATTR y + SQUASHFS_ZLIB y + SQUASHFS_LZO y + SQUASHFS_XZ y + ${optionalString (versionAtLeast version "3.19") '' + SQUASHFS_LZ4 y ''} - ${optionalString (versionAtLeast version "3.14") '' - CC_STACKPROTECTOR_REGULAR y # Detect buffer overflows on the stack - CEPH_FS_POSIX_ACL y + # Native Language Support modules, needed by some filesystems + NLS y + NLS_DEFAULT utf8 + NLS_UTF8 m + NLS_CODEPAGE_437 m # VFAT default for the codepage= mount option + NLS_ISO8859_1 m # VFAT default for the iocharset= mount option + + # Runtime security tests + ${optionalString (versionOlder version "4.11") '' + DEBUG_SET_MODULE_RONX? y # Detect writes to read-only module pages ''} - ${optionalString (versionOlder version "3.15") '' - USB_DEBUG n + # Security related features. + RANDOMIZE_BASE? y + STRICT_DEVMEM y # Filter access to /dev/mem + SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default + SECURITY_YAMA? y # Prevent processes from ptracing non-children processes + DEVKMEM n # Disable /dev/kmem + ${if versionOlder version "3.14" then '' + CC_STACKPROTECTOR? y # Detect buffer overflows on the stack + '' else '' + CC_STACKPROTECTOR_REGULAR? y + ''} + ${optionalString (versionAtLeast version "3.12") '' + USER_NS y # Support for user namespaces ''} - ${optionalString (versionAtLeast version "3.15") '' - UEVENT_HELPER n + # AppArmor support + SECURITY_APPARMOR y + DEFAULT_SECURITY_APPARMOR y - ${optionalString (versionOlder version "4.8") '' - MLX4_EN_VXLAN y - ''} + # Microcode loading support + MICROCODE y + MICROCODE_INTEL y + MICROCODE_AMD y + ${optionalString (versionAtLeast version "3.11" && versionOlder version "4.4") '' + MICROCODE_EARLY y + MICROCODE_INTEL_EARLY y + MICROCODE_AMD_EARLY y ''} - ${optionalString (versionOlder version "3.18") '' - ZSMALLOC y + # Misc. options. + 8139TOO_8129 y + 8139TOO_PIO n # PIO is slower + AIC79XX_DEBUG_ENABLE n + AIC7XXX_DEBUG_ENABLE n + AIC94XX_DEBUG n + ${optionalString (versionAtLeast version "3.3" && versionOlder version "3.13") '' + AUDIT_LOGINUID_IMMUTABLE y ''} - - ${optionalString (versionAtLeast version "3.18") '' - MODULE_COMPRESS y # Compress kernel modules for a sizable disk space savings - MODULE_COMPRESS_XZ y - ZSMALLOC m + ${optionalString (versionOlder version "4.4") '' + B43_PCMCIA? y ''} - - ${optionalString (versionOlder version "3.19") '' - PM_RUNTIME y # Power management + BLK_DEV_INITRD y + BLK_DEV_INTEGRITY y + BSD_PROCESS_ACCT_V3 y + BT_HCIUART_BCSP? y + BT_HCIUART_H4? y # UART (H4) protocol support + BT_HCIUART_LL? y + BT_RFCOMM_TTY? y # RFCOMM TTY support + CLEANCACHE? y + CRASH_DUMP? n + DVB_DYNAMIC_MINORS? y # we use udev + EFI_STUB y # EFI bootloader in the bzImage itself + CGROUPS y # used by systemd + FHANDLE y # used by systemd + SECCOMP y # used by systemd >= 231 + SECCOMP_FILTER y # ditto + POSIX_MQUEUE y + FRONTSWAP y + FUSION y # Fusion MPT device support + IDE n # deprecated IDE support + ${optionalString (versionAtLeast version "4.3") '' + IDLE_PAGE_TRACKING y ''} - - ${optionalString (versionAtLeast version "3.19") '' - SQUASHFS_LZ4 y + IRDA_ULTRA y # Ultra (connectionless) protocol + JOYSTICK_IFORCE_232? y # I-Force Serial joysticks and wheels + JOYSTICK_IFORCE_USB? y # I-Force USB joysticks and wheels + JOYSTICK_XPAD_FF? y # X-Box gamepad rumble support + JOYSTICK_XPAD_LEDS? y # LED Support for Xbox360 controller 'BigX' LED + KEXEC_FILE? y + KEXEC_JUMP? y + LDM_PARTITION y # Windows Logical Disk Manager (Dynamic Disk) support + LOGIRUMBLEPAD2_FF y # Logitech Rumblepad 2 force feedback + LOGO n # not needed + MEDIA_ATTACH y + MEGARAID_NEWGEN y + ${optionalString (versionAtLeast version "3.15" && versionOlder version "4.8") '' + MLX4_EN_VXLAN y ''} - - ${optionalString (versionOlder version "4.0") '' - EXT2_FS_XIP y # Ext2 execute in place support + ${optionalString (versionOlder version "4.9") '' + MODVERSIONS y ''} - - ${optionalString (versionAtLeast version "4.0") '' - KVM_GENERIC_DIRTYLOG_READ_PROTECT y - - ${optionalString (versionOlder version "4.6") '' - NFSD_PNFS y - ''} - - ${optionalString (versionOlder version "4.12") '' - KVM_COMPAT y - ''} + MOUSE_PS2_ELANTECH y # Elantech PS/2 protocol extension + MTRR_SANITIZER y + NET_FC y # Fibre Channel driver support + ${optionalString (versionAtLeast version "3.11") '' + PINCTRL_BAYTRAIL y # GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks + ''} + MMC_BLOCK_MINORS 32 # 8 is default. Modern gpt tables on eMMC may go far beyond 8. + PPP_MULTILINK y # PPP multilink support + PPP_FILTER y + REGULATOR y # Voltage and Current Regulator Support + RC_DEVICES? y # Enable IR devices + RT2800USB_RT55XX y + SCHED_AUTOGROUP y + SCSI_LOGGING y # SCSI logging facility + SERIAL_8250 y # 8250/16550 and compatible serial support + SLIP_COMPRESSED y # CSLIP compressed headers + SLIP_SMART y + HWMON y + THERMAL_HWMON y # Hardware monitoring support + ${optionalString (versionAtLeast version "3.15") '' + UEVENT_HELPER n + ''} + ${optionalString (versionOlder version "3.15") '' + USB_DEBUG? n + ''} + USB_EHCI_ROOT_HUB_TT y # Root Hub Transaction Translators + USB_EHCI_TT_NEWSCHED y # Improved transaction translator scheduling + ${optionalString (versionAtLeast version "4.3") '' + USERFAULTFD y ''} + X86_CHECK_BIOS_CORRUPTION y + X86_MCE y - ${optionalString (versionOlder version "4.3" && !(features.chromiumos or false)) '' - DRM_I915_KMS y + ${optionalString (versionAtLeast version "3.12") '' + HOTPLUG_PCI_ACPI y # PCI hotplug using ACPI + HOTPLUG_PCI_PCIE y # PCI-Expresscard hotplug support ''} + + # Linux containers. + NAMESPACES? y # Required by 'unshare' used by 'nixos-install' + RT_GROUP_SCHED n + CGROUP_DEVICE? y + MEMCG y + MEMCG_SWAP y + ${optionalString (versionOlder version "4.7") "DEVPTS_MULTIPLE_INSTANCES y"} + BLK_DEV_THROTTLING y + CFQ_GROUP_IOSCHED y ${optionalString (versionAtLeast version "4.3") '' CGROUP_PIDS y - IDLE_PAGE_TRACKING y - - ${optionalString (!features.grsecurity or false) '' - USERFAULTFD y - ''} ''} - ${optionalString (versionOlder version "4.4") '' - B43_PCMCIA y - ''} + # Enable staging drivers. These are somewhat experimental, but + # they generally don't hurt. + STAGING y - ${optionalString (versionAtLeast version "4.4") '' - BPF_SYSCALL y - BRCMFMAC_PCIE y - F2FS_FS_ENCRYPTION y - F2FS_FS_SECURITY y - FW_LOADER_USER_HELPER_FALLBACK n - GLOB_SELFTEST n - KEXEC_FILE y - LNET_SELFTEST n - LOCK_TORTURE_TEST n - NET_ACT_BPF m - NET_CLS_BPF m - NET_FOU_IP_TUNNELS y - NET_L3_MASTER_DEV y - PERCPU_TEST n - TEST_BPF n - TEST_FIRMWARE n - TEST_HEXDUMP n - TEST_PRINTF n - TEST_RHASHTABLE n - TEST_STATIC_KEYS n - TEST_UDELAY n - TEST_USER_COPY n - ZBUD y - ZSWAP y - - ${optionalString (versionOlder version "4.13") '' - TEST_LKM n - ''} + # PROC_EVENTS requires that the netlink connector is not built + # as a module. This is required by libcgroup's cgrulesengd. + CONNECTOR y + PROC_EVENTS y - ${optionalString (!features.grsecurity or false) '' - BPF_EVENTS y - RANDOMIZE_BASE y - ''} - ''} + # Tracing. + FTRACE y + KPROBES y + FUNCTION_TRACER y + FTRACE_SYSCALLS y + SCHED_TRACER y + STACK_TRACER y - ${optionalString (versionAtLeast version "4.5" && (versionOlder version "4.9")) '' - DRM_AMD_POWERPLAY y # necessary for amdgpu polaris support + ${if versionOlder version "4.11" then '' + UPROBE_EVENT? y + '' else '' + UPROBE_EVENTS? y ''} - ${optionalString (versionOlder version "4.7") '' - DEVPTS_MULTIPLE_INSTANCES y # Linux containers + ${optionalString (versionAtLeast version "4.4") '' + BPF_SYSCALL y + BPF_EVENTS y ''} + FUNCTION_PROFILER y + RING_BUFFER_BENCHMARK n - ${optionalString (versionAtLeast version "4.7") '' - IPV6_FOU_TUNNEL m - ''} + # Devtmpfs support. + DEVTMPFS y + + # Easier debugging of NFS issues. + SUNRPC_DEBUG y + # Virtualisation. + PARAVIRT? y + HYPERVISOR_GUEST y + PARAVIRT_SPINLOCKS? y ${optionalString (versionOlder version "4.8") '' KVM_APIC_ARCHITECTURE y - - ${optionalString (versionAtLeast version "4.4") '' - EXT4_ENCRYPTION m + ''} + KVM_ASYNC_PF y + ${optionalString ((versionAtLeast version "4.0") && (versionOlder version "4.12")) '' + KVM_COMPAT? y + ''} + ${optionalString (versionOlder version "4.12") '' + KVM_DEVICE_ASSIGNMENT? y + ''} + ${optionalString (versionAtLeast version "4.0") '' + KVM_GENERIC_DIRTYLOG_READ_PROTECT y + ''} + KVM_GUEST y + KVM_MMIO y + ${optionalString (versionAtLeast version "3.13") '' + KVM_VFIO y + ''} + ${optionalString (stdenv.isx86_64 || stdenv.isi686) '' + XEN? y + XEN_DOM0? y + ${optionalString ((versionAtLeast version "3.18") && (features.xen_dom0 or false)) '' + PCI_XEN? y + HVC_XEN? y + HVC_XEN_FRONTEND? y + XEN_SYS_HYPERVISOR? y + SWIOTLB_XEN? y + XEN_BACKEND? y + XEN_BALLOON? y + XEN_BALLOON_MEMORY_HOTPLUG? y + XEN_EFI? y + XEN_HAVE_PVMMU? y + XEN_MCE_LOG? y + XEN_PVH? y + XEN_PVHVM? y + XEN_SAVE_RESTORE? y + XEN_SCRUB_PAGES? y + XEN_SELFBALLOONING? y + XEN_STUB? y + XEN_TMEM? y ''} ''} - - ${optionalString (versionAtLeast version "4.8") '' - EXT4_ENCRYPTION y + KSM y + ${optionalString (!stdenv.is64bit) '' + HIGHMEM64G? y # We need 64 GB (PAE) support for Xen guest support. ''} + ${optionalString (stdenv.is64bit) '' + VFIO_PCI_VGA y + ''} + VIRT_DRIVERS y - ${optionalString (versionAtLeast version "4.9") '' - DRM_AMDGPU_CIK y # (stable) amdgpu support for bonaire and newer chipsets - DRM_AMDGPU_SI y # (experimental) amdgpu support for verde and newer chipsets - FS_ENCRYPTION m - MODVERSIONS y + # Media support. + MEDIA_DIGITAL_TV_SUPPORT y + MEDIA_CAMERA_SUPPORT y + MEDIA_RC_SUPPORT y + MEDIA_USB_SUPPORT y + ${optionalString (!(features.chromiumos or false)) '' + MEDIA_PCI_SUPPORT y ''} - ${optionalString (versionOlder version "4.11") '' - DEBUG_NX_TEST n - TIMER_STATS y - UPROBE_EVENT y + # Our initrd init uses shebang scripts, so can't be modular. + BINFMT_SCRIPT y - ${optionalString (!features.grsecurity or false) '' - DEBUG_SET_MODULE_RONX y # Detect writes to read-only module pages - ''} - ''} + # For systemd-binfmt + BINFMT_MISC? y - ${optionalString (versionAtLeast version "4.11") '' - DRM_DEBUG_MM_SELFTEST n - MQ_IOSCHED_DEADLINE y - TEST_PARMAN n - TEST_SORT n - UPROBE_EVENTS y - WW_MUTEX_SELFTEST n - ''} + # Enable the 9P cache to speed up NixOS VM tests. + 9P_FSCACHE? y + 9P_FS_POSIX_ACL? y - ${optionalString (versionOlder version "4.12") '' - KVM_DEVICE_ASSIGNMENT y - PSS_MIXER y # Enable PSS mixer (Beethoven ADSP-16 and other compatible) - ''} + # Enable transparent support for huge pages. + TRANSPARENT_HUGEPAGE? y + TRANSPARENT_HUGEPAGE_ALWAYS? n + TRANSPARENT_HUGEPAGE_MADVISE? y - ${optionalString (versionAtLeast version "4.12") '' - BFQ_GROUP_IOSCHED y - IOSCHED_BFQ m - MQ_IOSCHED_KYBER y + # zram support (e.g for in-memory compressed swap). + ZRAM m + ZSWAP? y + ZBUD? y + ${optionalString (versionOlder version "3.18") '' + ZSMALLOC y ''} - - ${optionalString (versionOlder version "4.13") '' - CIFS_SMB2 y + ${optionalString (versionAtLeast version "3.18") '' + ZSMALLOC m ''} - ${optionalString (versionAtLeast version "4.13") '' - TEST_LKM m + # Enable PCIe and USB for the brcmfmac driver + BRCMFMAC_USB? y + BRCMFMAC_PCIE? y + + # Support x2APIC (which requires IRQ remapping). + ${optionalString (stdenv.system == "x86_64-linux") '' + X86_X2APIC y + IRQ_REMAP y ''} -# Feature dependent + # Disable the firmware helper fallback, udev doesn't implement it any more + FW_LOADER_USER_HELPER_FALLBACK? n - ${optionalString (!features.grsecurity or false) '' - DEVKMEM n # Disable /dev/kmem - DYNAMIC_DEBUG y - FTRACE y - FTRACE_SYSCALLS y - FUNCTION_PROFILER y - FUNCTION_TRACER y - RING_BUFFER_BENCHMARK n - SCHED_TRACER y - SECURITY_YAMA y # Prevent processes from ptracing non-children processes - STACK_TRACER y - SUNRPC_DEBUG y # Easier debugging of NFS issues + # Disable various self-test modules that have no use in a production system + ${optionalString (versionOlder version "4.4") '' + ARM_KPROBES_TEST? n + ''} + + ASYNC_RAID6_TEST? n + ATOMIC64_SELFTEST? n + BACKTRACE_SELF_TEST? n + CRC32_SELFTEST? n + CRYPTO_TEST? n + GLOB_SELFTEST? n + INTERVAL_TREE_TEST? n + LNET_SELFTEST? n + LOCK_TORTURE_TEST? n + MTD_TESTS? n + NOTIFIER_ERROR_INJECTION? n + PERCPU_TEST? n + RBTREE_TEST? n + RCU_TORTURE_TEST? n + TEST_BPF? n + TEST_FIRMWARE? n + TEST_HEXDUMP? n + TEST_KSTRTOX? n + TEST_LIST_SORT? n + TEST_LKM? n + TEST_PRINTF? n + TEST_RHASHTABLE? n + TEST_STATIC_KEYS? n + TEST_STRING_HELPERS? n + TEST_UDELAY? n + TEST_USER_COPY? n + XZ_DEC_TEST? n + + ${optionalString (versionOlder version "4.4") '' + EFI_TEST? n + RCU_PERF_TEST? n + TEST_ASYNC_DRIVER_PROBE? n + TEST_BITMAP? n + TEST_HASH? n + TEST_UUID? n ''} - ${optionalString (!(features.chromiumos or false)) '' - MEDIA_PCI_SUPPORT y + ${optionalString (versionAtLeast version "4.11") '' + DRM_DEBUG_MM_SELFTEST? n + TEST_PARMAN? n + TEST_SORT? n + WW_MUTEX_SELFTEST? n ''} # ChromiumOS support ${optionalString (features.chromiumos or false) '' - ANDROID_PARANOID_NETWORK n - BLK_DEV_DM y - CHARGER_CROS_USB_PD y CHROME_PLATFORMS y - CPU_FREQ_GOV_INTERACTIVE n - CPU_FREQ_STAT y - DM_BOOTCACHE n - DM_VERITY n - DRM_VGEM n - I2C y - INPUT_KEYRESET n - IPV6 y - IPV6_VTI n - MEDIA_SUBDRV_AUTOSELECT n - MFD_CROS_EC y - MFD_CROS_EC_DEV y - MFD_CROS_EC_LPC y + VGA_SWITCHEROO n MMC_SDHCI_PXAV2 n NET_IPVTI n + IPV6_VTI n REGULATOR_FIXED_VOLTAGE n TPS6105X n - UID_CPUTIME n - VGA_SWITCHEROO n + CPU_FREQ_STAT y + IPV6 y + MFD_CROS_EC y + MFD_CROS_EC_LPC y + MFD_CROS_EC_DEV y + CHARGER_CROS_USB_PD y + I2C y + MEDIA_SUBDRV_AUTOSELECT n VIDEO_IR_I2C n + BLK_DEV_DM y + ANDROID_PARANOID_NETWORK n + DM_VERITY n + DRM_VGEM n + CPU_FREQ_GOV_INTERACTIVE n + INPUT_KEYRESET n + DM_BOOTCACHE n + UID_CPUTIME n ${optionalString (versionAtLeast version "3.18") '' - BCMDHD n - CHROMEOS_OF_FIRMWARE y CPUFREQ_DT n - DRM_POWERVR_ROGUE n EXTCON_CROS_EC n + DRM_POWERVR_ROGUE n + CHROMEOS_OF_FIRMWARE y TEST_RHASHTABLE n + BCMDHD n TRUSTY n ''} ${optionalString (versionOlder version "3.18") '' + MALI_MIDGARD n + DVB_USB_DIB0700 n + DVB_USB_DW2102 n + DVB_USB_PCTV452E n + DVB_USB_TTUSB2 n DVB_USB_AF9015 n DVB_USB_AF9035 n DVB_USB_ANYSEE n DVB_USB_AZ6007 n - DVB_USB_DIB0700 n - DVB_USB_DW2102 n DVB_USB_IT913X n DVB_USB_LME2510 n - DVB_USB_PCTV452E n DVB_USB_RTL28XXU n - DVB_USB_TTUSB2 n - MALI_MIDGARD n - SPEAKUP n - USB_DWC2 n - USB_GADGET n - USB_GSPCA n USB_S2255 n VIDEO_EM28XX n VIDEO_TM6000 n + USB_DWC2 n + USB_GSPCA n + SPEAKUP n XO15_EBOOK n + USB_GADGET n ''} ''} -# Extra configuration - ${kernelPlatform.kernelExtraConfig or ""} ${extraConfig} '' |