diff options
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix')
-rw-r--r-- | nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix index 717fdaee72a5..b127ec9197cb 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix @@ -41,6 +41,7 @@ let (whenAtLeast "5.2" yes) ]; DEBUG_INFO_BTF = whenAtLeast "5.2" (option yes); + BPF_LSM = whenAtLeast "5.7" (option yes); DEBUG_KERNEL = yes; DEBUG_DEVRES = no; DYNAMIC_DEBUG = yes; @@ -129,6 +130,7 @@ let XDP_SOCKETS = whenAtLeast "4.19" yes; XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes; WAN = yes; + TCP_CONG_ADVANCED = yes; TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19 # Required by systemd per-cgroup firewalling CGROUP_BPF = option yes; @@ -212,6 +214,10 @@ let MPTCP = whenAtLeast "5.6" yes; MPTCP_IPV6 = whenAtLeast "5.6" yes; INET_MPTCP_DIAG = whenAtLeast "5.9" (mkDefault module); + + # Kernel TLS + TLS = whenAtLeast "4.13" module; + TLS_DEVICE = whenAtLeast "4.18" yes; }; wireless = { @@ -246,6 +252,8 @@ let FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = whenAtLeast "4.19" yes; FRAMEBUFFER_CONSOLE_ROTATION = yes; FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; + # On 5.14 this conflicts with FB_SIMPLE. + DRM_SIMPLEDRM = whenAtLeast "5.14" no; }; video = { @@ -410,7 +418,7 @@ let CIFS_POSIX = option yes; CIFS_FSCACHE = yes; CIFS_STATS = whenOlder "4.19" yes; - CIFS_WEAK_PW_HASH = yes; + CIFS_WEAK_PW_HASH = whenOlder "5.15" yes; CIFS_UPCALL = yes; CIFS_ACL = whenOlder "5.3" yes; CIFS_DFS_UPCALL = yes; @@ -465,6 +473,11 @@ let # Detect buffer overflows on the stack CC_STACKPROTECTOR_REGULAR = {optional = true; tristate = whenOlder "4.18" "y";}; + } // optionalAttrs stdenv.hostPlatform.isx86 { + # Enable Intel SGX + X86_SGX = whenAtLeast "5.11" yes; + # Allow KVM guests to load SGX enclaves + X86_SGX_KVM = whenAtLeast "5.13" yes; }; microcode = { @@ -745,10 +758,18 @@ let BSD_PROCESS_ACCT_V3 = yes; + SERIAL_DEV_BUS = whenAtLeast "4.11" yes; # enables support for serial devices + SERIAL_DEV_CTRL_TTYPORT = whenAtLeast "4.11" yes; # enables support for TTY serial devices + + BT_HCIBTUSB_MTK = whenAtLeast "5.3" yes; # MediaTek protocol support + BT_HCIUART_QCA = whenAtLeast "4.3" yes; # Qualcomm Atheros protocol support + BT_HCIUART_SERDEV = whenAtLeast "4.12" yes; # required by BT_HCIUART_QCA + BT_HCIUART = whenAtLeast "2.5.45" module; # required for BT devices with serial port interface (QCA6390) BT_HCIUART_BCSP = option yes; BT_HCIUART_H4 = option yes; # UART (H4) protocol support BT_HCIUART_LL = option yes; BT_RFCOMM_TTY = option yes; # RFCOMM TTY support + BT_QCA = whenAtLeast "4.3" module; # enables QCA6390 bluetooth CLEANCACHE = option yes; CRASH_DUMP = option no; @@ -756,6 +777,8 @@ let DVB_DYNAMIC_MINORS = option yes; # we use udev EFI_STUB = yes; # EFI bootloader in the bzImage itself + EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER = + whenAtLeast "5.8" yes; # initrd kernel parameter for EFI CGROUPS = yes; # used by systemd FHANDLE = yes; # used by systemd SECCOMP = yes; # used by systemd >= 231 @@ -800,6 +823,9 @@ let NET_FC = yes; # Fibre Channel driver support # GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks PINCTRL_BAYTRAIL = yes; + # GPIO for Braswell and Cherryview devices + # Needs to be built-in to for integrated keyboards to function properly + PINCTRL_CHERRYVIEW = yes; # 8 is default. Modern gpt tables on eMMC may go far beyond 8. MMC_BLOCK_MINORS = freeform "32"; @@ -854,6 +880,9 @@ let LIRC = mkMerge [ (whenOlder "4.16" module) (whenAtLeast "4.17" yes) ]; + SCHED_CORE = whenAtLeast "5.14" yes; + + FSL_MC_UAPI_SUPPORT = mkIf (stdenv.hostPlatform.system == "aarch64-linux") (whenAtLeast "5.12" yes); } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") { # Enable CPU/memory hotplug support # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot |