2020-04-24 23:36:52 +00:00
# WARNING/NOTE: whenever you want to add an option here you need to either
# * mark it as an optional one with `option`,
# * or make sure it works for all the versions in nixpkgs,
# * or check for which kernel versions it will work (using kernel
# changelog, google or whatever) and mark it with `whenOlder` or
# `whenAtLeast`.
# Then do test your change by building all the kernels (or at least
# their configs) in Nixpkgs or else you will guarantee lots and lots
# of pain to users trying to switch to an older kernel because of some
# hardware problems with a new one.
# Configuration
2021-02-05 17:12:51 +00:00
{ lib , stdenv , version
2020-04-24 23:36:52 +00:00
2021-04-26 19:14:03 +00:00
, features ? { }
2020-04-24 23:36:52 +00:00
} :
2021-02-05 17:12:51 +00:00
with lib ;
with lib . kernel ;
with ( lib . kernel . whenHelpers version ) ;
2020-04-24 23:36:52 +00:00
let
# configuration items have to be part of a subattrs
2024-04-21 15:54:59 +00:00
flattenKConf = nested : mapAttrs ( name : values : if length values == 1 then head values else throw " d u p l i c a t e k e r n e l c o n f i g u r a t i o n o p t i o n : ${ name } " ) ( zipAttrs ( attrValues nested ) ) ;
2020-04-24 23:36:52 +00:00
whenPlatformHasEBPFJit =
mkIf ( stdenv . hostPlatform . isAarch32 ||
stdenv . hostPlatform . isAarch64 ||
stdenv . hostPlatform . isx86_64 ||
2022-06-16 17:23:12 +00:00
( stdenv . hostPlatform . isPower && stdenv . hostPlatform . is64bit ) ||
2020-04-24 23:36:52 +00:00
( stdenv . hostPlatform . isMips && stdenv . hostPlatform . is64bit ) ) ;
options = {
debug = {
2021-09-26 12:46:18 +00:00
# Necessary for BTF
2023-08-22 20:05:09 +00:00
DEBUG_INFO = mkMerge [
( whenOlder " 5 . 2 " ( if ( features . debug or false ) then yes else no ) )
( whenBetween " 5 . 2 " " 5 . 1 8 " yes )
] ;
2022-06-16 17:23:12 +00:00
DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = whenAtLeast " 5 . 1 8 " yes ;
2022-07-14 12:49:19 +00:00
# Reduced debug info conflict with BTF and have been enabled in
# aarch64 defconfig since 5.13
DEBUG_INFO_REDUCED = whenAtLeast " 5 . 1 3 " ( option no ) ;
DEBUG_INFO_BTF = whenAtLeast " 5 . 2 " ( option yes ) ;
2022-07-18 16:21:45 +00:00
# Allow loading modules with mismatched BTFs
# FIXME: figure out how to actually make BTFs reproducible instead
# See https://github.com/NixOS/nixpkgs/pull/181456 for details.
MODULE_ALLOW_BTF_MISMATCH = whenAtLeast " 5 . 1 8 " ( option yes ) ;
2021-12-06 16:07:01 +00:00
BPF_LSM = whenAtLeast " 5 . 7 " ( option yes ) ;
2020-04-24 23:36:52 +00:00
DEBUG_KERNEL = yes ;
DEBUG_DEVRES = no ;
DYNAMIC_DEBUG = yes ;
DEBUG_STACK_USAGE = no ;
RCU_TORTURE_TEST = no ;
2024-04-21 15:54:59 +00:00
SCHEDSTATS = yes ;
2020-04-24 23:36:52 +00:00
DETECT_HUNG_TASK = yes ;
CRASH_DUMP = option no ;
# Easier debugging of NFS issues.
SUNRPC_DEBUG = yes ;
# Provide access to tunables like sched_migration_cost_ns
SCHED_DEBUG = yes ;
2024-04-21 15:54:59 +00:00
# Count IRQ and steal CPU time separately
IRQ_TIME_ACCOUNTING = yes ;
PARAVIRT_TIME_ACCOUNTING = yes ;
# Enable CPU lockup detection
LOCKUP_DETECTOR = yes ;
SOFTLOCKUP_DETECTOR = yes ;
HARDLOCKUP_DETECTOR = yes ;
# Enable streaming logs to a remote device over a network
NETCONSOLE = module ;
NETCONSOLE_DYNAMIC = yes ;
# Export known printks in debugfs
PRINTK_INDEX = whenAtLeast " 5 . 1 5 " yes ;
2020-04-24 23:36:52 +00:00
} ;
power-management = {
2024-04-21 15:54:59 +00:00
CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes ;
2022-03-10 19:12:11 +00:00
CPU_FREQ_GOV_SCHEDUTIL = yes ;
2022-03-30 09:31:56 +00:00
PM_ADVANCED_DEBUG = yes ;
2020-04-24 23:36:52 +00:00
PM_WAKELOCKS = yes ;
POWERCAP = yes ;
2023-02-22 10:55:15 +00:00
# ACPI Firmware Performance Data Table Support
ACPI_FPDT = whenAtLeast " 5 . 1 2 " ( option yes ) ;
# ACPI Heterogeneous Memory Attribute Table Support
ACPI_HMAT = whenAtLeast " 5 . 2 " ( option yes ) ;
# ACPI Platform Error Interface
ACPI_APEI = ( option yes ) ;
# APEI Generic Hardware Error Source
ACPI_APEI_GHES = ( option yes ) ;
2023-05-24 13:37:59 +00:00
# Enable lazy RCUs for power savings:
# https://lore.kernel.org/rcu/20221019225138.GA2499943@paulmck-ThinkPad-P17-Gen-1/
# RCU_LAZY depends on RCU_NOCB_CPU depends on NO_HZ_FULL
# depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT,
# so we can't force-enable this
RCU_LAZY = whenAtLeast " 6 . 2 " ( option yes ) ;
2024-04-21 15:54:59 +00:00
# Auto suspend Bluetooth devices at idle
BT_HCIBTUSB_AUTOSUSPEND = yes ;
# Expose cpufreq stats in sysfs
CPU_FREQ_STAT = yes ;
# Enable CPU energy model for scheduling
ENERGY_MODEL = whenAtLeast " 5 . 0 " yes ;
# Enable thermal interface netlink API
THERMAL_NETLINK = whenAtLeast " 5 . 9 " yes ;
# Prefer power-efficient workqueue implementation to per-CPU workqueues,
# which is slightly slower, but improves battery life.
# This is opt-in per workqueue, and can be disabled globally with a kernel command line option.
WQ_POWER_EFFICIENT_DEFAULT = yes ;
# Default SATA link power management to "medium with device initiated PM"
# for some extra power savings.
SATA_MOBILE_LPM_POLICY = whenAtLeast " 5 . 1 8 " ( freeform " 3 " ) ;
# GPIO power management
POWER_RESET_GPIO = option yes ;
POWER_RESET_GPIO_RESTART = option yes ;
# Enable Pulse-Width-Modulation support, commonly used for fan and backlight.
PWM = yes ;
2022-03-30 09:31:56 +00:00
} // optionalAttrs ( stdenv . hostPlatform . isx86 ) {
INTEL_IDLE = yes ;
2020-06-18 07:06:33 +00:00
INTEL_RAPL = whenAtLeast " 5 . 3 " module ;
2022-03-30 09:31:56 +00:00
X86_INTEL_LPSS = yes ;
X86_INTEL_PSTATE = yes ;
2022-12-17 10:02:37 +00:00
X86_AMD_PSTATE = whenAtLeast " 5 . 1 7 " yes ;
2023-02-22 10:55:15 +00:00
# Intel DPTF (Dynamic Platform and Thermal Framework) Support
ACPI_DPTF = whenAtLeast " 5 . 1 0 " yes ;
2023-07-15 17:15:38 +00:00
# Required to bring up some Bay Trail devices properly
I2C = yes ;
I2C_DESIGNWARE_PLATFORM = yes ;
PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
INTEL_SOC_PMIC = whenAtLeast " 5 . 1 0 " yes ;
BYTCRC_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
CHTCRC_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
XPOWER_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
BXT_WC_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
INTEL_SOC_PMIC_CHTWC = whenAtLeast " 5 . 1 0 " yes ;
CHT_WC_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
INTEL_SOC_PMIC_CHTDC_TI = whenAtLeast " 5 . 1 0 " yes ;
CHT_DC_TI_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
MFD_TPS68470 = whenBetween " 5 . 1 0 " " 5 . 1 3 " yes ;
TPS68470_PMIC_OPREGION = whenAtLeast " 5 . 1 0 " yes ;
2024-04-21 15:54:59 +00:00
# Enable Intel thermal hardware feedback
INTEL_HFI_THERMAL = whenAtLeast " 5 . 1 8 " yes ;
2020-04-24 23:36:52 +00:00
} ;
external-firmware = {
# Support drivers that need external firmware.
STANDALONE = no ;
} ;
proc-config-gz = {
# Make /proc/config.gz available
IKCONFIG = yes ;
IKCONFIG_PROC = yes ;
} ;
optimization = {
2024-01-13 08:15:51 +00:00
X86_GENERIC = mkIf ( stdenv . hostPlatform . system == " i 6 8 6 - l i n u x " ) yes ;
2020-04-24 23:36:52 +00:00
# Optimize with -O2, not -Os
CC_OPTIMIZE_FOR_SIZE = no ;
} ;
2023-07-15 17:15:38 +00:00
memory = {
DAMON = whenAtLeast " 5 . 1 5 " yes ;
DAMON_VADDR = whenAtLeast " 5 . 1 5 " yes ;
DAMON_PADDR = whenAtLeast " 5 . 1 6 " yes ;
DAMON_SYSFS = whenAtLeast " 5 . 1 8 " yes ;
2024-04-21 15:54:59 +00:00
DAMON_DBGFS = whenBetween " 5 . 1 5 " " 6 . 9 " yes ;
2023-07-15 17:15:38 +00:00
DAMON_RECLAIM = whenAtLeast " 5 . 1 6 " yes ;
DAMON_LRU_SORT = whenAtLeast " 6 . 0 " yes ;
2024-04-21 15:54:59 +00:00
# Support recovering from memory failures on systems with ECC and MCA recovery.
MEMORY_FAILURE = yes ;
# Collect ECC errors and retire pages that fail too often
RAS_CEC = yes ;
} // optionalAttrs ( stdenv . is32bit ) {
# Enable access to the full memory range (aka PAE) on 32-bit architectures
# This check isn't super accurate but it's close enough
HIGHMEM = option yes ;
BOUNCE = option yes ;
2023-07-15 17:15:38 +00:00
} ;
2020-04-24 23:36:52 +00:00
memtest = {
MEMTEST = yes ;
} ;
# Include the CFQ I/O scheduler in the kernel, rather than as a
# module, so that the initrd gets a good I/O scheduler.
scheduler = {
IOSCHED_CFQ = whenOlder " 5 . 0 " yes ; # Removed in 5.0-RC1
BLK_CGROUP = yes ; # required by CFQ"
2023-11-16 04:20:00 +00:00
BLK_CGROUP_IOLATENCY = yes ;
2020-08-20 17:08:02 +00:00
BLK_CGROUP_IOCOST = whenAtLeast " 5 . 4 " yes ;
2020-04-24 23:36:52 +00:00
IOSCHED_DEADLINE = whenOlder " 5 . 0 " yes ; # Removed in 5.0-RC1
2022-11-27 09:42:12 +00:00
MQ_IOSCHED_DEADLINE = yes ;
BFQ_GROUP_IOSCHED = yes ;
MQ_IOSCHED_KYBER = yes ;
IOSCHED_BFQ = module ;
2024-04-21 15:54:59 +00:00
# Enable CPU utilization clamping for RT tasks
UCLAMP_TASK = whenAtLeast " 5 . 3 " yes ;
UCLAMP_TASK_GROUP = whenAtLeast " 5 . 4 " yes ;
2020-04-24 23:36:52 +00:00
} ;
2022-11-02 22:02:43 +00:00
timer = {
# Enable Full Dynticks System.
2023-05-24 13:37:59 +00:00
# NO_HZ_FULL depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT
NO_HZ_FULL = mkIf stdenv . is64bit yes ;
2022-11-02 22:02:43 +00:00
} ;
2020-04-24 23:36:52 +00:00
# Enable NUMA.
numa = {
NUMA = option yes ;
2024-04-21 15:54:59 +00:00
NUMA_BALANCING = option yes ;
2020-04-24 23:36:52 +00:00
} ;
networking = {
NET = yes ;
IP_ADVANCED_ROUTER = yes ;
IP_PNP = no ;
2023-08-04 22:07:22 +00:00
IP_ROUTE_MULTIPATH = yes ;
2020-04-24 23:36:52 +00:00
IP_VS_PROTO_TCP = yes ;
IP_VS_PROTO_UDP = yes ;
IP_VS_PROTO_ESP = yes ;
IP_VS_PROTO_AH = yes ;
IP_VS_IPV6 = yes ;
IP_DCCP_CCID3 = no ; # experimental
CLS_U32_PERF = yes ;
CLS_U32_MARK = yes ;
BPF_JIT = whenPlatformHasEBPFJit yes ;
2020-06-18 07:06:33 +00:00
BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no ; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304
2020-04-24 23:36:52 +00:00
HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes ;
2023-11-16 04:20:00 +00:00
BPF_STREAM_PARSER = yes ;
XDP_SOCKETS = yes ;
2020-06-18 07:06:33 +00:00
XDP_SOCKETS_DIAG = whenAtLeast " 5 . 1 " yes ;
2020-04-24 23:36:52 +00:00
WAN = yes ;
2021-12-06 16:07:01 +00:00
TCP_CONG_ADVANCED = yes ;
2020-04-24 23:36:52 +00:00
TCP_CONG_CUBIC = yes ; # This is the default congestion control algorithm since 2.6.19
# Required by systemd per-cgroup firewalling
CGROUP_BPF = option yes ;
CGROUP_NET_PRIO = yes ; # Required by systemd
IP_ROUTE_VERBOSE = yes ;
IP_MROUTE_MULTIPLE_TABLES = yes ;
IP_MULTICAST = yes ;
IP_MULTIPLE_TABLES = yes ;
2020-11-19 00:13:47 +00:00
IPV6 = yes ;
2020-04-24 23:36:52 +00:00
IPV6_ROUTER_PREF = yes ;
IPV6_ROUTE_INFO = yes ;
IPV6_OPTIMISTIC_DAD = yes ;
IPV6_MULTIPLE_TABLES = yes ;
IPV6_SUBTREES = yes ;
IPV6_MROUTE = yes ;
IPV6_MROUTE_MULTIPLE_TABLES = yes ;
IPV6_PIMSM_V2 = yes ;
2022-03-10 19:12:11 +00:00
IPV6_FOU_TUNNEL = module ;
2022-11-27 09:42:12 +00:00
IPV6_SEG6_LWTUNNEL = yes ;
IPV6_SEG6_HMAC = yes ;
2023-11-16 04:20:00 +00:00
IPV6_SEG6_BPF = yes ;
2022-03-10 19:12:11 +00:00
NET_CLS_BPF = module ;
NET_ACT_BPF = module ;
2020-04-24 23:36:52 +00:00
NET_SCHED = yes ;
L2TP_V3 = yes ;
L2TP_IP = module ;
L2TP_ETH = module ;
BRIDGE_VLAN_FILTERING = yes ;
BONDING = module ;
NET_L3_MASTER_DEV = option yes ;
NET_FOU_IP_TUNNELS = option yes ;
IP_NF_TARGET_REDIRECT = module ;
PPP_MULTILINK = yes ; # PPP multilink support
PPP_FILTER = yes ;
# needed for iwd WPS support (wpa_supplicant replacement)
2022-03-10 19:12:11 +00:00
KEY_DH_OPERATIONS = yes ;
2020-04-24 23:36:52 +00:00
# needed for nftables
# Networking Options
NETFILTER = yes ;
NETFILTER_ADVANCED = yes ;
# Core Netfilter Configuration
NF_CONNTRACK_ZONES = yes ;
NF_CONNTRACK_EVENTS = yes ;
NF_CONNTRACK_TIMEOUT = yes ;
NF_CONNTRACK_TIMESTAMP = yes ;
NETFILTER_NETLINK_GLUE_CT = yes ;
2023-11-16 04:20:00 +00:00
NF_TABLES_INET = yes ;
NF_TABLES_NETDEV = yes ;
2021-02-19 19:06:45 +00:00
NFT_REJECT_NETDEV = whenAtLeast " 5 . 1 1 " module ;
2020-04-24 23:36:52 +00:00
# IP: Netfilter Configuration
2023-11-16 04:20:00 +00:00
NF_TABLES_IPV4 = yes ;
NF_TABLES_ARP = yes ;
2020-04-24 23:36:52 +00:00
# IPv6: Netfilter Configuration
2023-11-16 04:20:00 +00:00
NF_TABLES_IPV6 = yes ;
2020-04-24 23:36:52 +00:00
# Bridge Netfilter Configuration
2023-11-16 04:20:00 +00:00
NF_TABLES_BRIDGE = mkMerge [ ( whenOlder " 5 . 3 " yes )
2020-04-24 23:36:52 +00:00
( whenAtLeast " 5 . 3 " module ) ] ;
2024-04-21 15:54:59 +00:00
# Expose some debug info
NF_CONNTRACK_PROCFS = yes ;
NF_FLOW_TABLE_PROCFS = whenAtLeast " 6 . 0 " yes ;
2020-04-24 23:36:52 +00:00
# needed for `dropwatch`
# Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450
NET_DROP_MONITOR = yes ;
# needed for ss
2021-03-09 03:18:52 +00:00
# Use a lower priority to allow these options to be overridden in hardened/config.nix
INET_DIAG = mkDefault module ;
INET_TCP_DIAG = mkDefault module ;
INET_UDP_DIAG = mkDefault module ;
2022-11-27 09:42:12 +00:00
INET_RAW_DIAG = mkDefault module ;
2022-03-10 19:12:11 +00:00
INET_DIAG_DESTROY = mkDefault yes ;
2021-02-05 17:12:51 +00:00
# enable multipath-tcp
MPTCP = whenAtLeast " 5 . 6 " yes ;
MPTCP_IPV6 = whenAtLeast " 5 . 6 " yes ;
2021-03-09 03:18:52 +00:00
INET_MPTCP_DIAG = whenAtLeast " 5 . 9 " ( mkDefault module ) ;
2021-12-06 16:07:01 +00:00
# Kernel TLS
2022-11-27 09:42:12 +00:00
TLS = module ;
2023-11-16 04:20:00 +00:00
TLS_DEVICE = yes ;
2022-03-30 09:31:56 +00:00
# infiniband
INFINIBAND = module ;
INFINIBAND_IPOIB = module ;
INFINIBAND_IPOIB_CM = yes ;
2024-04-21 15:54:59 +00:00
# Enable debugfs for wireless drivers
CFG80211_DEBUGFS = yes ;
MAC80211_DEBUGFS = yes ;
2024-01-02 11:29:13 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) {
# Not enabled by default, hides modules behind it
NET_VENDOR_MEDIATEK = yes ;
# Enable SoC interface for MT7915 module, required for MT798X.
MT7986_WMAC = whenBetween " 5 . 1 8 " " 6 . 6 " yes ;
MT798X_WMAC = whenAtLeast " 6 . 6 " yes ;
2020-04-24 23:36:52 +00:00
} ;
wireless = {
2023-08-04 22:07:22 +00:00
CFG80211_WEXT = option yes ; # Without it, ipw2200 drivers don't build
IPW2100_MONITOR = option yes ; # support promiscuous mode
IPW2200_MONITOR = option yes ; # support promiscuous mode
2024-04-21 15:54:59 +00:00
HOSTAP_FIRMWARE = whenOlder " 6 . 8 " ( option yes ) ; # Support downloading firmware images with Host AP driver
HOSTAP_FIRMWARE_NVRAM = whenOlder " 6 . 8 " ( option yes ) ;
2024-02-29 20:09:43 +00:00
MAC80211_MESH = option yes ; # Enable 802.11s (mesh networking) support
2023-08-04 22:07:22 +00:00
ATH9K_PCI = option yes ; # Detect Atheros AR9xxx cards on PCI(e) bus
ATH9K_AHB = option yes ; # Ditto, AHB bus
# The description of this option makes it sound dangerous or even illegal
# But OpenWRT enables it by default: https://github.com/openwrt/openwrt/blob/master/package/kernel/mac80211/Makefile#L55
# At the time of writing (25-06-2023): this is only used in a "correct" way by ath drivers for initiating DFS radiation
# for "certified devices"
EXPERT = option yes ; # this is needed for offering the certification option
2024-01-13 08:15:51 +00:00
RFKILL_INPUT = option yes ; # counteract an undesired effect of setting EXPERT
2023-08-04 22:07:22 +00:00
CFG80211_CERTIFICATION_ONUS = option yes ;
# DFS: "Dynamic Frequency Selection" is a spectrum-sharing mechanism that allows
# you to use certain interesting frequency when your local regulatory domain mandates it.
# ATH drivers hides the feature behind this option and makes hostapd works with DFS frequencies.
# OpenWRT enables it too: https://github.com/openwrt/openwrt/blob/master/package/kernel/mac80211/ath.mk#L42
ATH9K_DFS_CERTIFIED = option yes ;
ATH10K_DFS_CERTIFIED = option yes ;
B43_PHY_HT = option yes ;
BCMA_HOST_PCI = option yes ;
RTW88 = whenAtLeast " 5 . 2 " module ;
RTW88_8822BE = mkMerge [ ( whenBetween " 5 . 2 " " 5 . 8 " yes ) ( whenAtLeast " 5 . 8 " module ) ] ;
RTW88_8822CE = mkMerge [ ( whenBetween " 5 . 2 " " 5 . 8 " yes ) ( whenAtLeast " 5 . 8 " module ) ] ;
2020-04-24 23:36:52 +00:00
} ;
fb = {
FB = yes ;
FB_EFI = yes ;
FB_NVIDIA_I2C = yes ; # Enable DDC Support
FB_RIVA_I2C = yes ;
FB_ATY_CT = yes ; # Mach64 CT/VT/GT/LT (incl. 3D RAGE) support
FB_ATY_GX = yes ; # Mach64 GX support
FB_SAVAGE_I2C = yes ;
FB_SAVAGE_ACCEL = yes ;
FB_SIS_300 = yes ;
FB_SIS_315 = yes ;
FB_3DFX_ACCEL = yes ;
FB_VESA = yes ;
FRAMEBUFFER_CONSOLE = yes ;
2023-11-16 04:20:00 +00:00
FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = yes ;
2020-04-24 23:36:52 +00:00
FRAMEBUFFER_CONSOLE_ROTATION = yes ;
2023-11-16 04:20:00 +00:00
FRAMEBUFFER_CONSOLE_DETECT_PRIMARY = yes ;
2020-04-24 23:36:52 +00:00
FB_GEODE = mkIf ( stdenv . hostPlatform . system == " i 6 8 6 - l i n u x " ) yes ;
2024-04-21 15:54:59 +00:00
# Use simplefb on older kernels where we don't have simpledrm (enabled below)
FB_SIMPLE = whenOlder " 5 . 1 5 " yes ;
2023-11-16 04:20:00 +00:00
DRM_FBDEV_EMULATION = yes ;
2020-04-24 23:36:52 +00:00
} ;
2023-03-24 00:07:29 +00:00
fonts = {
FONTS = yes ;
# Default fonts enabled if FONTS is not set
FONT_8x8 = yes ;
FONT_8x16 = yes ;
# High DPI font
FONT_TER16x32 = whenAtLeast " 5 . 0 " yes ;
} ;
2024-04-21 15:54:59 +00:00
video = let
whenHasDevicePrivate = mkIf ( ! stdenv . isx86_32 && versionAtLeast version " 5 . 1 " ) ;
in {
# compile in DRM so simpledrm can load before initrd if necessary
AGP = yes ;
DRM = yes ;
2024-01-25 14:12:00 +00:00
DRM_LEGACY = whenOlder " 6 . 8 " no ;
2024-04-21 15:54:59 +00:00
2023-03-15 16:39:30 +00:00
NOUVEAU_LEGACY_CTX_SUPPORT = whenBetween " 5 . 2 " " 6 . 3 " no ;
2022-09-14 18:05:37 +00:00
2024-04-21 15:54:59 +00:00
# Enable simpledrm and use it for generic framebuffer
# Technically added in 5.14, but adding more complex configuration is not worth it
DRM_SIMPLEDRM = whenAtLeast " 5 . 1 5 " yes ;
SYSFB_SIMPLEFB = whenAtLeast " 5 . 1 5 " yes ;
2020-04-24 23:36:52 +00:00
# Allow specifying custom EDID on the kernel command line
DRM_LOAD_EDID_FIRMWARE = yes ;
VGA_SWITCHEROO = yes ; # Hybrid graphics support
2021-03-20 04:20:00 +00:00
DRM_GMA500 = whenAtLeast " 5 . 1 2 " module ;
2021-06-28 23:13:55 +00:00
DRM_GMA600 = whenOlder " 5 . 1 3 " yes ;
2021-03-20 04:20:00 +00:00
DRM_GMA3600 = whenOlder " 5 . 1 2 " yes ;
2023-02-09 11:40:11 +00:00
DRM_VMWGFX_FBCON = whenOlder " 6 . 2 " yes ;
2020-04-24 23:36:52 +00:00
# (experimental) amdgpu support for verde and newer chipsets
2022-03-10 19:12:11 +00:00
DRM_AMDGPU_SI = yes ;
2020-04-24 23:36:52 +00:00
# (stable) amdgpu support for bonaire and newer chipsets
2022-03-10 19:12:11 +00:00
DRM_AMDGPU_CIK = yes ;
2020-09-25 04:45:31 +00:00
# Allow device firmware updates
2022-03-10 19:12:11 +00:00
DRM_DP_AUX_CHARDEV = yes ;
2021-03-09 03:18:52 +00:00
# amdgpu display core (DC) support
2023-11-16 04:20:00 +00:00
DRM_AMD_DC_DCN1_0 = whenOlder " 5 . 6 " yes ;
2021-03-09 03:18:52 +00:00
DRM_AMD_DC_DCN2_0 = whenBetween " 5 . 3 " " 5 . 6 " yes ;
DRM_AMD_DC_DCN2_1 = whenBetween " 5 . 4 " " 5 . 6 " yes ;
DRM_AMD_DC_DCN3_0 = whenBetween " 5 . 9 " " 5 . 1 1 " yes ;
2023-05-24 13:37:59 +00:00
DRM_AMD_DC_DCN = whenBetween " 5 . 1 1 " " 6 . 4 " yes ;
DRM_AMD_DC_FP = whenAtLeast " 6 . 4 " yes ;
DRM_AMD_DC_HDCP = whenBetween " 5 . 5 " " 6 . 4 " yes ;
2021-03-09 03:18:52 +00:00
DRM_AMD_DC_SI = whenAtLeast " 5 . 1 0 " yes ;
2024-04-21 15:54:59 +00:00
# Enable AMD Audio Coprocessor support for HDMI outputs
DRM_AMD_ACP = yes ;
# Enable AMD secure display when available
DRM_AMD_SECURE_DISPLAY = whenAtLeast " 5 . 1 3 " yes ;
# Enable new firmware (and by extension NVK) for compatible hardware on Nouveau
DRM_NOUVEAU_GSP_DEFAULT = whenAtLeast " 6 . 8 " yes ;
# Enable Nouveau shared virtual memory (used by OpenCL)
DEVICE_PRIVATE = whenHasDevicePrivate yes ;
DRM_NOUVEAU_SVM = whenHasDevicePrivate yes ;
# Enable HDMI-CEC receiver support
RC_CORE = yes ;
MEDIA_CEC_RC = whenAtLeast " 5 . 1 0 " yes ;
# Enable CEC over DisplayPort
DRM_DP_CEC = yes ;
2020-04-24 23:36:52 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " ) {
# Intel GVT-g graphics virtualization supports 64-bit only
2023-11-16 04:20:00 +00:00
DRM_I915_GVT = yes ;
DRM_I915_GVT_KVMGT = module ;
2022-12-17 10:02:37 +00:00
# Enable Hyper-V Synthetic DRM Driver
DRM_HYPERV = whenAtLeast " 5 . 1 4 " module ;
2022-06-16 17:23:12 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) {
# enable HDMI-CEC on RPi boards
2022-11-27 09:42:12 +00:00
DRM_VC4_HDMI_CEC = yes ;
2020-04-24 23:36:52 +00:00
} ;
2024-01-25 14:12:00 +00:00
# Enables Rust support in the Linux kernel. This is currently not enabled by default, because it occasionally requires
# patching the Linux kernel for the specific Rust toolchain in nixpkgs. These patches usually take a bit
# of time to appear and this would hold up Linux kernel and Rust toolchain updates.
#
# Once Rust in the kernel has more users, we can reconsider enabling it by default.
rust = optionalAttrs ( ( features . rust or false ) && versionAtLeast version " 6 . 7 " ) {
RUST = yes ;
GCC_PLUGINS = no ;
} ;
2020-04-24 23:36:52 +00:00
sound = {
SND_DYNAMIC_MINORS = yes ;
SND_AC97_POWER_SAVE = yes ; # AC97 Power-Saving Mode
2024-04-21 15:54:59 +00:00
# 10s for the idle timeout, Fedora does 1, Arch does 10.
# The kernel says we should do 10.
# Read: https://docs.kernel.org/sound/designs/powersave.html
SND_AC97_POWER_SAVE_DEFAULT = freeform " 1 0 " ;
SND_HDA_POWER_SAVE_DEFAULT = freeform " 1 0 " ;
2020-04-24 23:36:52 +00:00
SND_HDA_INPUT_BEEP = yes ; # Support digital beep via input layer
SND_HDA_RECONFIG = yes ; # Support reconfiguration of jack functions
# Support configuring jack functions via fw mechanism at boot
SND_HDA_PATCH_LOADER = yes ;
2020-07-18 16:06:22 +00:00
SND_HDA_CODEC_CA0132_DSP = whenOlder " 5 . 7 " yes ; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon
2020-04-24 23:36:52 +00:00
SND_OSSEMUL = yes ;
SND_USB_CAIAQ_INPUT = yes ;
2024-04-21 15:54:59 +00:00
SND_USB_AUDIO_MIDI_V2 = whenAtLeast " 6 . 5 " yes ;
2020-05-15 21:57:56 +00:00
# Enable Sound Open Firmware support
} // optionalAttrs ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " &&
versionAtLeast version " 5 . 5 " ) {
2022-01-13 20:06:32 +00:00
SND_SOC_INTEL_SOUNDWIRE_SOF_MACH = whenAtLeast " 5 . 1 0 " module ;
SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES = whenAtLeast " 5 . 1 0 " yes ; # dep of SOF_MACH
SND_SOC_SOF_INTEL_SOUNDWIRE_LINK = whenBetween " 5 . 1 0 " " 5 . 1 1 " yes ; # dep of SOF_MACH
2020-05-15 21:57:56 +00:00
SND_SOC_SOF_TOPLEVEL = yes ;
SND_SOC_SOF_ACPI = module ;
SND_SOC_SOF_PCI = module ;
2021-03-20 04:20:00 +00:00
SND_SOC_SOF_APOLLOLAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_APOLLOLAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_CANNONLAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_CANNONLAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_COFFEELAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_COFFEELAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_COMETLAKE = whenAtLeast " 5 . 1 2 " module ;
2020-07-18 16:06:22 +00:00
SND_SOC_SOF_COMETLAKE_H_SUPPORT = whenOlder " 5 . 8 " yes ;
2021-03-20 04:20:00 +00:00
SND_SOC_SOF_COMETLAKE_LP_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_ELKHARTLAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_ELKHARTLAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_GEMINILAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_GEMINILAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
2020-05-15 21:57:56 +00:00
SND_SOC_SOF_HDA_AUDIO_CODEC = yes ;
2020-06-18 07:06:33 +00:00
SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = whenOlder " 5 . 7 " yes ;
2020-05-15 21:57:56 +00:00
SND_SOC_SOF_HDA_LINK = yes ;
2021-03-20 04:20:00 +00:00
SND_SOC_SOF_ICELAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_ICELAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
2020-05-15 21:57:56 +00:00
SND_SOC_SOF_INTEL_TOPLEVEL = yes ;
2021-03-20 04:20:00 +00:00
SND_SOC_SOF_JASPERLAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_JASPERLAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_MERRIFIELD = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_MERRIFIELD_SUPPORT = whenOlder " 5 . 1 2 " yes ;
SND_SOC_SOF_TIGERLAKE = whenAtLeast " 5 . 1 2 " module ;
SND_SOC_SOF_TIGERLAKE_SUPPORT = whenOlder " 5 . 1 2 " yes ;
2020-04-24 23:36:52 +00:00
} ;
usb = {
2024-04-21 15:54:59 +00:00
USB = yes ; # compile USB core into kernel, so we can use USB_SERIAL_CONSOLE before modules
2020-04-24 23:36:52 +00:00
USB_EHCI_ROOT_HUB_TT = yes ; # Root Hub Transaction Translators
USB_EHCI_TT_NEWSCHED = yes ; # Improved transaction translator scheduling
USB_HIDDEV = yes ; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies)
2024-04-21 15:54:59 +00:00
# default to dual role mode
USB_DWC2_DUAL_ROLE = yes ;
USB_DWC3_DUAL_ROLE = yes ;
} ;
usb-serial = {
USB_SERIAL = yes ;
USB_SERIAL_GENERIC = yes ; # USB Generic Serial Driver
USB_SERIAL_CONSOLE = yes ; # Allow using USB serial adapter as console
U_SERIAL_CONSOLE = whenAtLeast " 5 . 1 0 " yes ; # Allow using USB gadget as console
2020-04-24 23:36:52 +00:00
} ;
# Filesystem options - in particular, enable extended attributes and
# ACLs for all filesystems that support them.
filesystem = {
2022-11-21 17:40:18 +00:00
FANOTIFY = yes ;
FANOTIFY_ACCESS_PERMISSIONS = yes ;
2020-04-24 23:36:52 +00:00
TMPFS = yes ;
TMPFS_POSIX_ACL = yes ;
2022-12-17 10:02:37 +00:00
FS_ENCRYPTION = if ( versionAtLeast version " 5 . 1 " ) then yes else option module ;
2020-04-24 23:36:52 +00:00
EXT2_FS_XATTR = yes ;
EXT2_FS_POSIX_ACL = yes ;
EXT2_FS_SECURITY = yes ;
EXT3_FS_POSIX_ACL = yes ;
EXT3_FS_SECURITY = yes ;
EXT4_FS_POSIX_ACL = yes ;
EXT4_FS_SECURITY = yes ;
2022-11-27 09:42:12 +00:00
EXT4_ENCRYPTION = whenOlder " 5 . 1 " yes ;
2020-04-24 23:36:52 +00:00
2024-04-21 15:54:59 +00:00
NTFS_FS = whenBetween " 5 . 1 5 " " 6 . 9 " no ;
2022-09-09 14:08:57 +00:00
NTFS3_LZX_XPRESS = whenAtLeast " 5 . 1 5 " yes ;
NTFS3_FS_POSIX_ACL = whenAtLeast " 5 . 1 5 " yes ;
2020-04-24 23:36:52 +00:00
REISERFS_FS_XATTR = option yes ;
REISERFS_FS_POSIX_ACL = option yes ;
REISERFS_FS_SECURITY = option yes ;
JFS_POSIX_ACL = option yes ;
JFS_SECURITY = option yes ;
XFS_QUOTA = option yes ;
XFS_POSIX_ACL = option yes ;
XFS_RT = option yes ; # XFS Realtime subvolume support
2022-10-30 15:09:59 +00:00
XFS_ONLINE_SCRUB = option yes ;
2020-04-24 23:36:52 +00:00
OCFS2_DEBUG_MASKLOG = option no ;
BTRFS_FS_POSIX_ACL = yes ;
2024-01-13 08:15:51 +00:00
BCACHEFS_QUOTA = whenAtLeast " 6 . 7 " ( option yes ) ;
BCACHEFS_POSIX_ACL = whenAtLeast " 6 . 7 " ( option yes ) ;
2020-04-24 23:36:52 +00:00
UBIFS_FS_ADVANCED_COMPR = option yes ;
F2FS_FS = module ;
F2FS_FS_SECURITY = option yes ;
2022-11-27 09:42:12 +00:00
F2FS_FS_ENCRYPTION = whenOlder " 5 . 1 " yes ;
2021-02-19 19:06:45 +00:00
F2FS_FS_COMPRESSION = whenAtLeast " 5 . 6 " yes ;
2020-04-24 23:36:52 +00:00
UDF_FS = module ;
2024-04-21 15:54:59 +00:00
NFSD_V2_ACL = whenOlder " 5 . 1 5 " yes ;
NFSD_V3 = whenOlder " 5 . 1 5 " yes ;
2020-04-24 23:36:52 +00:00
NFSD_V3_ACL = yes ;
NFSD_V4 = yes ;
NFSD_V4_SECURITY_LABEL = yes ;
NFS_FSCACHE = yes ;
NFS_SWAP = yes ;
NFS_V3_ACL = yes ;
NFS_V4_1 = yes ; # NFSv4.1 client support
NFS_V4_2 = yes ;
NFS_V4_SECURITY_LABEL = yes ;
CIFS_XATTR = yes ;
CIFS_POSIX = option yes ;
CIFS_FSCACHE = yes ;
2021-10-28 06:52:43 +00:00
CIFS_WEAK_PW_HASH = whenOlder " 5 . 1 5 " yes ;
2020-04-24 23:36:52 +00:00
CIFS_UPCALL = yes ;
2020-06-18 07:06:33 +00:00
CIFS_ACL = whenOlder " 5 . 3 " yes ;
2020-04-24 23:36:52 +00:00
CIFS_DFS_UPCALL = yes ;
CEPH_FSCACHE = yes ;
CEPH_FS_POSIX_ACL = yes ;
SQUASHFS_FILE_DIRECT = yes ;
2023-02-09 11:40:11 +00:00
SQUASHFS_DECOMP_MULTI_PERCPU = whenOlder " 6 . 2 " yes ;
2024-04-21 15:54:59 +00:00
SQUASHFS_CHOICE_DECOMP_BY_MOUNT = whenAtLeast " 6 . 2 " yes ;
2020-04-24 23:36:52 +00:00
SQUASHFS_XATTR = yes ;
SQUASHFS_ZLIB = yes ;
SQUASHFS_LZO = yes ;
SQUASHFS_XZ = yes ;
SQUASHFS_LZ4 = yes ;
2022-11-27 09:42:12 +00:00
SQUASHFS_ZSTD = yes ;
2020-04-24 23:36:52 +00:00
# Native Language Support modules, needed by some filesystems
NLS = yes ;
NLS_DEFAULT = freeform " u t f 8 " ;
NLS_UTF8 = module ;
NLS_CODEPAGE_437 = module ; # VFAT default for the codepage= mount option
NLS_ISO8859_1 = module ; # VFAT default for the iocharset= mount option
2022-04-15 01:41:22 +00:00
# Needed to use the installation iso image. Not included in all defconfigs (e.g. arm64)
ISO9660_FS = module ;
2020-04-24 23:36:52 +00:00
DEVTMPFS = yes ;
2021-03-09 03:18:52 +00:00
UNICODE = whenAtLeast " 5 . 2 " yes ; # Casefolding support for filesystems
2020-04-24 23:36:52 +00:00
} ;
security = {
2022-11-27 09:42:12 +00:00
FORTIFY_SOURCE = option yes ;
2022-02-10 20:34:41 +00:00
2022-01-13 20:06:32 +00:00
# https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
DEBUG_LIST = yes ;
2022-10-21 18:38:19 +00:00
HARDENED_USERCOPY = yes ;
2020-04-24 23:36:52 +00:00
RANDOMIZE_BASE = option yes ;
2022-01-13 20:06:32 +00:00
STRICT_DEVMEM = mkDefault yes ; # Filter access to /dev/mem
2022-03-10 19:12:11 +00:00
IO_STRICT_DEVMEM = mkDefault yes ;
2020-06-18 07:06:33 +00:00
SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder " 5 . 1 " ( freeform " 0 " ) ; # Disable SELinux by default
2020-04-24 23:36:52 +00:00
# Prevent processes from ptracing non-children processes
SECURITY_YAMA = option yes ;
2022-01-19 23:45:15 +00:00
# The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes.
# This does not have any effect if a program does not support it
SECURITY_LANDLOCK = whenAtLeast " 5 . 1 3 " yes ;
2021-06-28 23:13:55 +00:00
DEVKMEM = whenOlder " 5 . 1 3 " no ; # Disable /dev/kmem
2020-04-24 23:36:52 +00:00
USER_NS = yes ; # Support for user namespaces
SECURITY_APPARMOR = yes ;
DEFAULT_SECURITY_APPARMOR = yes ;
2023-11-16 04:20:00 +00:00
RANDOM_TRUST_CPU = whenOlder " 6 . 2 " yes ; # allow RDRAND to seed the RNG
2023-02-09 11:40:11 +00:00
RANDOM_TRUST_BOOTLOADER = whenOlder " 6 . 2 " ( whenAtLeast " 5 . 4 " yes ) ; # allow the bootloader to seed the RNG
2021-03-09 03:18:52 +00:00
2021-01-15 22:18:51 +00:00
MODULE_SIG = no ; # r13y, generates a random key during build and bakes it in
# Depends on MODULE_SIG and only really helps when you sign your modules
# and enforce signatures which we don't do by default.
2022-11-27 09:42:12 +00:00
SECURITY_LOCKDOWN_LSM = whenAtLeast " 5 . 4 " no ;
2022-10-21 18:38:19 +00:00
# provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis
PERSISTENT_KEYRINGS = yes ;
# enable temporary caching of the last request_key() result
KEYS_REQUEST_CACHE = whenAtLeast " 5 . 3 " yes ;
2023-11-16 04:20:00 +00:00
# randomized slab caches
RANDOM_KMALLOC_CACHES = whenAtLeast " 6 . 6 " yes ;
# NIST SP800-90A DRBG modes - enabled by most distributions
# and required by some out-of-tree modules (ShuffleCake)
# This does not include the NSA-backdoored Dual-EC mode from the same NIST publication.
CRYPTO_DRBG_HASH = yes ;
CRYPTO_DRBG_CTR = yes ;
2020-04-24 23:36:52 +00:00
2024-04-21 15:54:59 +00:00
# Enable KFENCE
# See: https://docs.kernel.org/dev-tools/kfence.html
KFENCE = whenAtLeast " 5 . 1 2 " yes ;
# Enable support for page poisoning. Still needs to be enabled on the command line to actually work.
PAGE_POISONING = yes ;
# Enable stack smashing protections in schedule()
# See: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v4.8&id=0d9e26329b0c9263d4d9e0422d80a0e73268c52f
SCHED_STACK_END_CHECK = yes ;
2022-01-07 04:07:37 +00:00
} // optionalAttrs stdenv . hostPlatform . isx86_64 {
2021-12-26 17:43:05 +00:00
# Enable Intel SGX
X86_SGX = whenAtLeast " 5 . 1 1 " yes ;
# Allow KVM guests to load SGX enclaves
X86_SGX_KVM = whenAtLeast " 5 . 1 3 " yes ;
2022-12-17 10:02:37 +00:00
# AMD Cryptographic Coprocessor (CCP)
CRYPTO_DEV_CCP = yes ;
# AMD SME
AMD_MEM_ENCRYPT = yes ;
# AMD SEV and AMD SEV-SE
2023-11-16 04:20:00 +00:00
KVM_AMD_SEV = yes ;
2022-12-17 10:02:37 +00:00
# AMD SEV-SNP
SEV_GUEST = whenAtLeast " 5 . 1 9 " module ;
2023-11-16 04:20:00 +00:00
# Shadow stacks
X86_USER_SHADOW_STACK = whenAtLeast " 6 . 6 " yes ;
2024-04-21 15:54:59 +00:00
# Mitigate straight line speculation at the cost of some file size
SLS = whenBetween " 5 . 1 7 " " 6 . 9 " yes ;
MITIGATION_SLS = whenAtLeast " 6 . 9 " yes ;
2020-04-24 23:36:52 +00:00
} ;
microcode = {
MICROCODE = yes ;
2023-10-09 19:29:22 +00:00
MICROCODE_INTEL = whenOlder " 6 . 6 " yes ;
MICROCODE_AMD = whenOlder " 6 . 6 " yes ;
2020-04-24 23:36:52 +00:00
# Write Back Throttling
# https://lwn.net/Articles/682582/
# https://bugzilla.kernel.org/show_bug.cgi?id=12309#c655
BLK_WBT = yes ;
BLK_WBT_SQ = whenOlder " 5 . 0 " yes ; # Removed in 5.0-RC1
BLK_WBT_MQ = yes ;
} ;
container = {
NAMESPACES = yes ; # Required by 'unshare' used by 'nixos-install'
RT_GROUP_SCHED = no ;
CGROUP_DEVICE = yes ;
CGROUP_HUGETLB = yes ;
CGROUP_PERF = yes ;
2022-11-27 09:42:12 +00:00
CGROUP_RDMA = yes ;
2020-04-24 23:36:52 +00:00
MEMCG = yes ;
2022-11-02 22:02:43 +00:00
MEMCG_SWAP = whenOlder " 6 . 1 " yes ;
2020-04-24 23:36:52 +00:00
BLK_DEV_THROTTLING = yes ;
CFQ_GROUP_IOSCHED = whenOlder " 5 . 0 " yes ; # Removed in 5.0-RC1
2022-03-10 19:12:11 +00:00
CGROUP_PIDS = yes ;
2020-04-24 23:36:52 +00:00
} ;
staging = {
# Enable staging drivers. These are somewhat experimental, but
# they generally don't hurt.
STAGING = yes ;
} ;
proc-events = {
# PROC_EVENTS requires that the netlink connector is not built
# as a module. This is required by libcgroup's cgrulesengd.
CONNECTOR = yes ;
PROC_EVENTS = yes ;
} ;
tracing = {
FTRACE = yes ;
KPROBES = yes ;
FUNCTION_TRACER = yes ;
FTRACE_SYSCALLS = yes ;
SCHED_TRACER = yes ;
STACK_TRACER = yes ;
2022-11-27 09:42:12 +00:00
UPROBE_EVENTS = option yes ;
2022-03-10 19:12:11 +00:00
BPF_SYSCALL = yes ;
2022-03-30 09:31:56 +00:00
BPF_UNPRIV_DEFAULT_OFF = whenBetween " 5 . 1 0 " " 5 . 1 6 " yes ;
2022-03-10 19:12:11 +00:00
BPF_EVENTS = yes ;
2020-04-24 23:36:52 +00:00
FUNCTION_PROFILER = yes ;
RING_BUFFER_BENCHMARK = no ;
} ;
2023-07-15 17:15:38 +00:00
perf = {
# enable AMD Zen branch sampling if available
PERF_EVENTS_AMD_BRS = whenAtLeast " 5 . 1 9 " ( option yes ) ;
} ;
2020-04-24 23:36:52 +00:00
virtualisation = {
PARAVIRT = option yes ;
2021-04-26 19:14:03 +00:00
HYPERVISOR_GUEST = yes ;
2020-04-24 23:36:52 +00:00
PARAVIRT_SPINLOCKS = option yes ;
KVM_ASYNC_PF = yes ;
2022-03-10 19:12:11 +00:00
KVM_GENERIC_DIRTYLOG_READ_PROTECT = yes ;
2021-04-26 19:14:03 +00:00
KVM_GUEST = yes ;
2020-04-24 23:36:52 +00:00
KVM_MMIO = yes ;
KVM_VFIO = yes ;
KSM = yes ;
VIRT_DRIVERS = yes ;
2021-04-05 15:23:46 +00:00
# We need 64 GB (PAE) support for Xen guest support
2020-04-24 23:36:52 +00:00
HIGHMEM64G = { optional = true ; tristate = mkIf ( ! stdenv . is64bit ) " y " ; } ;
VFIO_PCI_VGA = mkIf stdenv . is64bit yes ;
2024-01-13 08:15:51 +00:00
UDMABUF = whenAtLeast " 4 . 2 0 " yes ;
2020-04-24 23:36:52 +00:00
# VirtualBox guest drivers in the kernel conflict with the ones in the
# official additions package and prevent the vboxsf module from loading,
# so disable them for now.
VBOXGUEST = option no ;
DRM_VBOXVIDEO = option no ;
2024-01-25 14:12:00 +00:00
XEN = option yes ;
XEN_DOM0 = option yes ;
PCI_XEN = option yes ;
HVC_XEN = option yes ;
HVC_XEN_FRONTEND = option yes ;
XEN_SYS_HYPERVISOR = option yes ;
SWIOTLB_XEN = option yes ;
XEN_BACKEND = option yes ;
XEN_BALLOON = option yes ;
XEN_BALLOON_MEMORY_HOTPLUG = option yes ;
XEN_EFI = option yes ;
XEN_HAVE_PVMMU = option yes ;
XEN_MCE_LOG = option yes ;
XEN_PVH = option yes ;
XEN_PVHVM = option yes ;
XEN_SAVE_RESTORE = option yes ;
XEN_SELFBALLOONING = whenOlder " 5 . 3 " yes ;
2023-03-04 12:14:45 +00:00
# Enable device detection on virtio-mmio hypervisors
VIRTIO_MMIO_CMDLINE_DEVICES = yes ;
2021-04-26 19:14:03 +00:00
} ;
2020-04-24 23:36:52 +00:00
media = {
MEDIA_DIGITAL_TV_SUPPORT = yes ;
MEDIA_CAMERA_SUPPORT = yes ;
MEDIA_CONTROLLER = yes ;
MEDIA_PCI_SUPPORT = yes ;
MEDIA_USB_SUPPORT = yes ;
MEDIA_ANALOG_TV_SUPPORT = yes ;
2023-08-04 22:07:22 +00:00
VIDEO_STK1160_COMMON = whenOlder " 6 . 5 " module ;
2020-04-24 23:36:52 +00:00
} ;
" 9 p " = {
# Enable the 9P cache to speed up NixOS VM tests.
" 9 P _ F S C A C H E " = option yes ;
" 9 P _ F S _ P O S I X _ A C L " = option yes ;
} ;
huge-page = {
TRANSPARENT_HUGEPAGE = option yes ;
TRANSPARENT_HUGEPAGE_ALWAYS = option no ;
TRANSPARENT_HUGEPAGE_MADVISE = option yes ;
} ;
zram = {
2024-04-21 15:54:59 +00:00
ZRAM = module ;
ZRAM_WRITEBACK = option yes ;
ZRAM_MULTI_COMP = whenAtLeast " 6 . 2 " yes ;
ZSWAP = option yes ;
ZPOOL = yes ;
ZBUD = option yes ;
2020-04-24 23:36:52 +00:00
} ;
brcmfmac = {
# Enable PCIe and USB for the brcmfmac driver
BRCMFMAC_USB = option yes ;
BRCMFMAC_PCIE = option yes ;
} ;
# Support x2APIC (which requires IRQ remapping)
x2apic = optionalAttrs ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " ) {
X86_X2APIC = yes ;
IRQ_REMAP = yes ;
} ;
# Disable various self-test modules that have no use in a production system
tests = {
# This menu disables all/most of them on >= 4.16
RUNTIME_TESTING_MENU = option no ;
} // {
CRC32_SELFTEST = option no ;
CRYPTO_TEST = option no ;
EFI_TEST = option no ;
GLOB_SELFTEST = option no ;
LOCK_TORTURE_TEST = option no ;
MTD_TESTS = option no ;
NOTIFIER_ERROR_INJECTION = option no ;
2022-12-17 10:02:37 +00:00
RCU_PERF_TEST = whenOlder " 5 . 9 " no ;
2022-11-27 09:42:12 +00:00
RCU_SCALE_TEST = whenAtLeast " 5 . 1 0 " no ;
2020-04-24 23:36:52 +00:00
TEST_ASYNC_DRIVER_PROBE = option no ;
WW_MUTEX_SELFTEST = option no ;
XZ_DEC_TEST = option no ;
} ;
2023-11-16 04:20:00 +00:00
criu = {
2021-03-09 03:18:52 +00:00
# Unconditionally enabled, because it is required for CRIU and
# it provides the kcmp() system call that Mesa depends on.
CHECKPOINT_RESTORE = yes ;
2024-04-21 15:54:59 +00:00
# Allows soft-dirty tracking on pages, used by CRIU.
# See https://docs.kernel.org/admin-guide/mm/soft-dirty.html
MEM_SOFT_DIRTY = mkIf ( ! stdenv . isx86_32 ) yes ;
2023-11-16 04:20:00 +00:00
} ;
2020-04-24 23:36:52 +00:00
2021-04-05 15:23:46 +00:00
misc = let
# Use zstd for kernel compression if 64-bit and newer than 5.9, otherwise xz.
# i686 issues: https://github.com/NixOS/nixpkgs/pull/117961#issuecomment-812106375
useZstd = stdenv . buildPlatform . is64bit && versionAtLeast version " 5 . 9 " ;
in {
KERNEL_XZ = mkIf ( ! useZstd ) yes ;
KERNEL_ZSTD = mkIf useZstd yes ;
2020-04-24 23:36:52 +00:00
HID_BATTERY_STRENGTH = yes ;
2020-05-03 17:38:23 +00:00
# enabled by default in x86_64 but not arm64, so we do that here
HIDRAW = yes ;
2024-04-21 15:54:59 +00:00
# Enable loading HID fixups as eBPF from userspace
HID_BPF = whenAtLeast " 6 . 3 " yes ;
2020-06-15 15:56:04 +00:00
HID_ACRUX_FF = yes ;
DRAGONRISE_FF = yes ;
2022-03-30 09:31:56 +00:00
GREENASIA_FF = yes ;
2020-06-15 15:56:04 +00:00
HOLTEK_FF = yes ;
2022-11-27 09:42:12 +00:00
JOYSTICK_PSXPAD_SPI_FF = yes ;
2022-03-30 09:31:56 +00:00
LOGIG940_FF = yes ;
NINTENDO_FF = whenAtLeast " 5 . 1 6 " yes ;
PLAYSTATION_FF = whenAtLeast " 5 . 1 2 " yes ;
2020-06-15 15:56:04 +00:00
SONY_FF = yes ;
SMARTJOYPLUS_FF = yes ;
THRUSTMASTER_FF = yes ;
ZEROPLUS_FF = yes ;
2021-06-28 23:13:55 +00:00
MODULE_COMPRESS = whenOlder " 5 . 1 3 " yes ;
2020-04-24 23:36:52 +00:00
MODULE_COMPRESS_XZ = yes ;
2021-01-15 22:18:51 +00:00
2020-04-24 23:36:52 +00:00
SYSVIPC = yes ; # System-V IPC
2020-06-18 07:06:33 +00:00
AIO = yes ; # POSIX asynchronous I/O
2020-04-24 23:36:52 +00:00
UNIX = yes ; # Unix domain sockets.
MD = yes ; # Device mapper (RAID, LVM, etc.)
# Enable initrd support.
BLK_DEV_INITRD = yes ;
2024-04-21 15:54:59 +00:00
# Allows debugging systems that get stuck during suspend/resume
PM_TRACE = yes ;
PM_TRACE_RTC = yes ;
2020-04-24 23:36:52 +00:00
ACCESSIBILITY = yes ; # Accessibility support
AUXDISPLAY = yes ; # Auxiliary Display support
HIPPI = yes ;
MTD_COMPLEX_MAPPINGS = yes ; # needed for many devices
SCSI_LOWLEVEL = yes ; # enable lots of SCSI devices
SCSI_LOWLEVEL_PCMCIA = yes ;
SCSI_SAS_ATA = yes ; # added to enable detection of hard drive
SPI = yes ; # needed for many devices
SPI_MASTER = yes ;
" 8 1 3 9 T O O _ 8 1 2 9 " = yes ;
" 8 1 3 9 T O O _ P I O " = no ; # PIO is slower
AIC79XX_DEBUG_ENABLE = no ;
AIC7XXX_DEBUG_ENABLE = no ;
AIC94XX_DEBUG = no ;
BLK_DEV_INTEGRITY = yes ;
2024-04-21 15:54:59 +00:00
BLK_DEV_ZONED = yes ;
2020-04-24 23:36:52 +00:00
2022-11-27 09:42:12 +00:00
BLK_SED_OPAL = yes ;
2020-04-24 23:36:52 +00:00
2024-04-21 15:54:59 +00:00
# Enable support for block layer inline encryption
BLK_INLINE_ENCRYPTION = whenAtLeast " 5 . 8 " yes ;
# ...but fall back to CPU encryption if unavailable
BLK_INLINE_ENCRYPTION_FALLBACK = whenAtLeast " 5 . 8 " yes ;
2020-04-24 23:36:52 +00:00
BSD_PROCESS_ACCT_V3 = yes ;
2022-11-27 09:42:12 +00:00
SERIAL_DEV_BUS = yes ; # enables support for serial devices
SERIAL_DEV_CTRL_TTYPORT = yes ; # enables support for TTY serial devices
2021-12-06 16:07:01 +00:00
BT_HCIBTUSB_MTK = whenAtLeast " 5 . 3 " yes ; # MediaTek protocol support
2022-03-10 19:12:11 +00:00
BT_HCIUART_QCA = yes ; # Qualcomm Atheros protocol support
2022-11-27 09:42:12 +00:00
BT_HCIUART_SERDEV = yes ; # required by BT_HCIUART_QCA
2022-03-10 19:12:11 +00:00
BT_HCIUART = module ; # required for BT devices with serial port interface (QCA6390)
2020-04-24 23:36:52 +00:00
BT_HCIUART_BCSP = option yes ;
BT_HCIUART_H4 = option yes ; # UART (H4) protocol support
BT_HCIUART_LL = option yes ;
BT_RFCOMM_TTY = option yes ; # RFCOMM TTY support
2022-03-10 19:12:11 +00:00
BT_QCA = module ; # enables QCA6390 bluetooth
2020-04-24 23:36:52 +00:00
2022-03-30 09:31:56 +00:00
# Removed on 5.17 as it was unused
# upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a4ee518185e902758191d968600399f3bc2be31
CLEANCACHE = whenOlder " 5 . 1 7 " ( option yes ) ;
2020-04-24 23:36:52 +00:00
2023-11-16 04:20:00 +00:00
FSCACHE_STATS = yes ;
2020-04-24 23:36:52 +00:00
DVB_DYNAMIC_MINORS = option yes ; # we use udev
EFI_STUB = yes ; # EFI bootloader in the bzImage itself
2021-12-06 16:07:01 +00:00
EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER =
2023-02-09 11:40:11 +00:00
whenOlder " 6 . 2 " ( whenAtLeast " 5 . 8 " yes ) ; # initrd kernel parameter for EFI
2020-04-24 23:36:52 +00:00
CGROUPS = yes ; # used by systemd
FHANDLE = yes ; # used by systemd
SECCOMP = yes ; # used by systemd >= 231
SECCOMP_FILTER = yes ; # ditto
POSIX_MQUEUE = yes ;
2023-10-09 19:29:22 +00:00
FRONTSWAP = whenOlder " 6 . 6 " yes ;
2020-04-24 23:36:52 +00:00
FUSION = yes ; # Fusion MPT device support
2021-08-05 21:33:18 +00:00
IDE = whenOlder " 5 . 1 4 " no ; # deprecated IDE support, removed in 5.14
2020-04-24 23:36:52 +00:00
IDLE_PAGE_TRACKING = yes ;
JOYSTICK_IFORCE_232 = { optional = true ; tristate = whenOlder " 5 . 3 " " y " ; } ; # I-Force Serial joysticks and wheels
JOYSTICK_IFORCE_USB = { optional = true ; tristate = whenOlder " 5 . 3 " " y " ; } ; # I-Force USB joysticks and wheels
JOYSTICK_XPAD_FF = option yes ; # X-Box gamepad rumble support
JOYSTICK_XPAD_LEDS = option yes ; # LED Support for Xbox360 controller 'BigX' LED
KEYBOARD_APPLESPI = whenAtLeast " 5 . 3 " module ;
KEXEC_FILE = option yes ;
KEXEC_JUMP = option yes ;
2020-06-18 07:06:33 +00:00
PARTITION_ADVANCED = yes ; # Needed for LDM_PARTITION
2020-04-24 23:36:52 +00:00
# Windows Logical Disk Manager (Dynamic Disk) support
LDM_PARTITION = yes ;
LOGIRUMBLEPAD2_FF = yes ; # Logitech Rumblepad 2 force feedback
LOGO = no ; # not needed
MEDIA_ATTACH = yes ;
MEGARAID_NEWGEN = yes ;
MLX5_CORE_EN = option yes ;
2023-11-16 04:20:00 +00:00
NVME_MULTIPATH = yes ;
2021-03-12 07:09:13 +00:00
2024-04-21 15:54:59 +00:00
NVME_AUTH = mkMerge [
( whenBetween " 6 . 0 " " 6 . 7 " yes )
( whenAtLeast " 6 . 7 " module )
] ;
NVME_HOST_AUTH = whenAtLeast " 6 . 7 " yes ;
NVME_TCP_TLS = whenAtLeast " 6 . 7 " yes ;
NVME_TARGET = module ;
NVME_TARGET_PASSTHRU = whenAtLeast " 5 . 9 " yes ;
NVME_TARGET_AUTH = whenAtLeast " 6 . 0 " yes ;
NVME_TARGET_TCP_TLS = whenAtLeast " 6 . 7 " yes ;
PCI_P2PDMA = mkIf ( stdenv . hostPlatform . is64bit && versionAtLeast version " 4 . 2 0 " ) yes ;
2020-04-24 23:36:52 +00:00
PSI = whenAtLeast " 4 . 2 0 " yes ;
2020-06-18 07:06:33 +00:00
MOUSE_ELAN_I2C_SMBUS = yes ;
2020-04-24 23:36:52 +00:00
MOUSE_PS2_ELANTECH = yes ; # Elantech PS/2 protocol extension
2021-08-22 07:53:02 +00:00
MOUSE_PS2_VMMOUSE = yes ;
2020-04-24 23:36:52 +00:00
MTRR_SANITIZER = yes ;
NET_FC = yes ; # Fibre Channel driver support
2022-08-12 12:06:08 +00:00
# Needed for touchpads to work on some AMD laptops
PINCTRL_AMD = whenAtLeast " 5 . 1 9 " yes ;
2020-04-24 23:36:52 +00:00
# GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks
PINCTRL_BAYTRAIL = yes ;
2021-12-06 16:07:01 +00:00
# GPIO for Braswell and Cherryview devices
# Needs to be built-in to for integrated keyboards to function properly
PINCTRL_CHERRYVIEW = yes ;
2020-04-24 23:36:52 +00:00
# 8 is default. Modern gpt tables on eMMC may go far beyond 8.
MMC_BLOCK_MINORS = freeform " 3 2 " ;
REGULATOR = yes ; # Voltage and Current Regulator Support
RC_DEVICES = option yes ; # Enable IR devices
2023-04-29 16:46:19 +00:00
RC_DECODERS = option yes ; # Required for IR devices to work
2020-04-24 23:36:52 +00:00
RT2800USB_RT53XX = yes ;
RT2800USB_RT55XX = yes ;
SCHED_AUTOGROUP = yes ;
CFS_BANDWIDTH = yes ;
SCSI_LOGGING = yes ; # SCSI logging facility
SERIAL_8250 = yes ; # 8250/16550 and compatible serial support
2022-11-27 09:42:12 +00:00
SLAB_FREELIST_HARDENED = yes ;
SLAB_FREELIST_RANDOM = yes ;
2022-09-09 14:08:57 +00:00
2020-04-24 23:36:52 +00:00
SLIP_COMPRESSED = yes ; # CSLIP compressed headers
SLIP_SMART = yes ;
HWMON = yes ;
THERMAL_HWMON = yes ; # Hardware monitoring support
NVME_HWMON = whenAtLeast " 5 . 5 " yes ; # NVMe drives temperature reporting
UEVENT_HELPER = no ;
USERFAULTFD = yes ;
X86_CHECK_BIOS_CORRUPTION = yes ;
X86_MCE = yes ;
2020-11-30 08:33:03 +00:00
RAS = yes ; # Needed for EDAC support
2020-04-24 23:36:52 +00:00
# Our initrd init uses shebang scripts, so can't be modular.
BINFMT_SCRIPT = yes ;
# For systemd-binfmt
BINFMT_MISC = option yes ;
# Disable the firmware helper fallback, udev doesn't implement it any more
FW_LOADER_USER_HELPER_FALLBACK = option no ;
2024-04-21 15:54:59 +00:00
FW_LOADER_COMPRESS = whenAtLeast " 5 . 3 " yes ;
2022-05-18 14:49:53 +00:00
2020-04-24 23:36:52 +00:00
HOTPLUG_PCI_ACPI = yes ; # PCI hotplug using ACPI
HOTPLUG_PCI_PCIE = yes ; # PCI-Expresscard hotplug support
# Enable AMD's ROCm GPU compute stack
2020-06-18 07:06:33 +00:00
HSA_AMD = mkIf stdenv . hostPlatform . is64bit ( whenAtLeast " 4 . 2 0 " yes ) ;
ZONE_DEVICE = mkIf stdenv . hostPlatform . is64bit ( whenAtLeast " 5 . 3 " yes ) ;
2020-04-24 23:36:52 +00:00
HMM_MIRROR = whenAtLeast " 5 . 3 " yes ;
DRM_AMDGPU_USERPTR = whenAtLeast " 5 . 3 " yes ;
PREEMPT = no ;
PREEMPT_VOLUNTARY = yes ;
X86_AMD_PLATFORM_DEVICE = yes ;
2021-07-14 22:03:04 +00:00
X86_PLATFORM_DRIVERS_DELL = whenAtLeast " 5 . 1 2 " yes ;
2023-10-09 19:29:22 +00:00
X86_PLATFORM_DRIVERS_HP = whenAtLeast " 6 . 1 " yes ;
2020-04-24 23:36:52 +00:00
2023-11-16 04:20:00 +00:00
LIRC = yes ;
2021-08-05 21:33:18 +00:00
2021-12-06 16:07:01 +00:00
SCHED_CORE = whenAtLeast " 5 . 1 4 " yes ;
2022-12-28 21:21:41 +00:00
LRU_GEN = whenAtLeast " 6 . 1 " yes ;
LRU_GEN_ENABLED = whenAtLeast " 6 . 1 " yes ;
2021-12-24 04:21:11 +00:00
FSL_MC_UAPI_SUPPORT = mkIf ( stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) ( whenAtLeast " 5 . 1 2 " yes ) ;
2022-01-13 20:06:32 +00:00
2022-08-12 12:06:08 +00:00
ASHMEM = { optional = true ; tristate = whenBetween " 5 . 0 " " 5 . 1 8 " " y " ; } ;
2023-03-30 22:05:00 +00:00
ANDROID = { optional = true ; tristate = whenBetween " 5 . 0 " " 5 . 1 9 " " y " ; } ;
2022-01-13 20:06:32 +00:00
ANDROID_BINDER_IPC = { optional = true ; tristate = whenAtLeast " 5 . 0 " " y " ; } ;
ANDROID_BINDERFS = { optional = true ; tristate = whenAtLeast " 5 . 0 " " y " ; } ;
ANDROID_BINDER_DEVICES = { optional = true ; freeform = whenAtLeast " 5 . 0 " " b i n d e r , h w b i n d e r , v n d b i n d e r " ; } ;
2022-04-15 01:41:22 +00:00
TASKSTATS = yes ;
TASK_DELAY_ACCT = yes ;
TASK_XACCT = yes ;
TASK_IO_ACCOUNTING = yes ;
2022-06-26 10:26:21 +00:00
# Fresh toolchains frequently break -Werror build for minor issues.
WERROR = whenAtLeast " 5 . 1 5 " no ;
2023-08-10 07:59:29 +00:00
# > CONFIG_KUNIT should not be enabled in a production environment. Enabling KUnit disables Kernel Address-Space Layout Randomization (KASLR), and tests may affect the state of the kernel in ways not suitable for production.
# https://www.kernel.org/doc/html/latest/dev-tools/kunit/start.html
2023-08-22 20:05:09 +00:00
KUNIT = whenAtLeast " 5 . 5 " no ;
2024-01-13 08:15:51 +00:00
# Set system time from RTC on startup and resume
RTC_HCTOSYS = option yes ;
2024-04-21 15:54:59 +00:00
# Expose watchdog information in sysfs
WATCHDOG_SYSFS = yes ;
# Enable generic kernel watch queues
# See https://docs.kernel.org/core-api/watch_queue.html
WATCH_QUEUE = whenAtLeast " 5 . 8 " yes ;
2020-04-24 23:36:52 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " || stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) {
# Enable CPU/memory hotplug support
# Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot
ACPI_HOTPLUG_CPU = yes ;
ACPI_HOTPLUG_MEMORY = yes ;
MEMORY_HOTPLUG = yes ;
MEMORY_HOTREMOVE = yes ;
HOTPLUG_CPU = yes ;
MIGRATION = yes ;
SPARSEMEM = yes ;
# Bump the maximum number of CPUs to support systems like EC2 x1.*
# instances and Xeon Phi.
NR_CPUS = freeform " 3 8 4 " ;
2024-02-29 20:09:43 +00:00
# Enable LEDS to display link-state status of PHY devices (i.e. eth lan/wan interfaces)
LED_TRIGGER_PHY = whenAtLeast " 4 . 1 0 " yes ;
2021-05-20 23:08:51 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " a r m v 7 l - l i n u x " || stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) {
2020-04-24 23:36:52 +00:00
# Enables support for the Allwinner Display Engine 2.0
2022-11-27 09:42:12 +00:00
SUN8I_DE2_CCU = yes ;
2020-04-24 23:36:52 +00:00
# See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647
2020-06-18 07:06:33 +00:00
CRYPTO_AEGIS128_SIMD = whenAtLeast " 5 . 4 " no ;
2021-01-05 17:05:55 +00:00
# Distros should configure the default as a kernel option.
# We previously defined it on the kernel command line as cma=
# The kernel command line will override a platform-specific configuration from its device tree.
# https://github.com/torvalds/linux/blob/856deb866d16e29bd65952e0289066f6078af773/kernel/dma/contiguous.c#L35-L44
CMA_SIZE_MBYTES = freeform " 3 2 " ;
2021-05-20 23:08:51 +00:00
2024-04-21 15:54:59 +00:00
# Add debug interfaces for CMA
CMA_DEBUGFS = yes ;
CMA_SYSFS = yes ;
2021-05-20 23:08:51 +00:00
2023-11-16 04:20:00 +00:00
# https://docs.kernel.org/arch/arm/mem_alignment.html
# tldr:
# when buggy userspace code emits illegal misaligned LDM, STM,
# LDRD and STRDs, the instructions trap, are caught, and then
# are emulated by the kernel.
#
# This is the default on armv7l, anyway, but it is explicitly
# enabled here for the sake of providing context for the
# aarch64 compat option which follows.
ALIGNMENT_TRAP = mkIf ( stdenv . hostPlatform . system == " a r m v 7 l - l i n u x " ) yes ;
# https://patchwork.kernel.org/project/linux-arm-kernel/patch/20220701135322.3025321-1-ardb@kernel.org/
# tldr:
# when encountering alignment faults under aarch64, this option
# makes the kernel attempt to handle the fault by doing the
# same style of misaligned emulation that is performed under
# armv7l (see above option).
#
# This minimizes the potential for aarch32 userspace to behave
# differently when run under aarch64 kernels compared to when
# it is run under an aarch32 kernel.
COMPAT_ALIGNMENT_FIXUPS = mkIf ( stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) ( whenAtLeast " 6 . 1 " yes ) ;
2021-09-18 10:52:07 +00:00
} // optionalAttrs ( versionAtLeast version " 5 . 4 " && ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " || stdenv . hostPlatform . system == " a a r c h 6 4 - l i n u x " ) ) {
# Required for various hardware features on Chrome OS devices
CHROME_PLATFORMS = yes ;
CHROMEOS_TBMC = module ;
CROS_EC = module ;
CROS_EC_I2C = module ;
CROS_EC_SPI = module ;
CROS_EC_LPC = module ;
CROS_EC_ISHTP = module ;
CROS_KBD_LED_BACKLIGHT = module ;
2023-05-24 13:37:59 +00:00
TCG_TIS_SPI_CR50 = whenAtLeast " 5 . 5 " yes ;
2021-09-18 10:52:07 +00:00
} // optionalAttrs ( versionAtLeast version " 5 . 4 " && stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " ) {
CHROMEOS_LAPTOP = module ;
CHROMEOS_PSTORE = module ;
2024-04-21 15:54:59 +00:00
} // optionalAttrs ( stdenv . hostPlatform . system == " x 8 6 _ 6 4 - l i n u x " ) {
# Enable x86 resource control
X86_CPU_RESCTRL = whenAtLeast " 5 . 0 " yes ;
# Enable TSX on CPUs where it's not vulnerable
X86_INTEL_TSX_MODE_AUTO = yes ;
# Enable AMD Wi-Fi RF band mitigations
# See https://cateee.net/lkddb/web-lkddb/AMD_WBRF.html
AMD_WBRF = whenAtLeast " 6 . 8 " yes ;
# Enable Intel Turbo Boost Max 3.0
INTEL_TURBO_MAX_3 = yes ;
} ;
accel = {
# Build DRM accelerator devices
DRM_ACCEL = whenAtLeast " 6 . 2 " yes ;
2020-04-24 23:36:52 +00:00
} ;
} ;
in
flattenKConf options