Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b / . / config / Config-kernel.in
blob: 3a1c4539df0a1108e5481bb21329eca690eddcf5 [file] [log] [blame]
# SPDX-License-Identifier: GPL-2.0-only
#
# Copyright (C) 2006-2014 OpenWrt.org
config KERNEL_BUILD_USER
string "Custom Kernel Build User Name"
default "builder" if BUILDBOT
default ""
help
Sets the Kernel build user string, which for example will be returned
by 'uname -a' on running systems.
If not set, uses system user at build time.
config KERNEL_BUILD_DOMAIN
string "Custom Kernel Build Domain Name"
default "buildhost" if BUILDBOT
default ""
help
Sets the Kernel build domain string, which for example will be
returned by 'uname -a' on running systems.
If not set, uses system hostname at build time.
config KERNEL_PRINTK
bool "Enable support for printk"
default y
config KERNEL_SWAP
bool "Support for paging of anonymous memory (swap)"
default y if !SMALL_FLASH
config KERNEL_PROC_STRIPPED
bool "Strip non-essential /proc functionality to reduce code size"
default y if SMALL_FLASH
config KERNEL_DEBUG_FS
bool "Compile the kernel with debug filesystem enabled"
default y
help
debugfs is a virtual file system that kernel developers use to put
debugging files into. Enable this option to be able to read and
write to these files. Many common debugging facilities, such as
ftrace, require the existence of debugfs.
config KERNEL_MIPS_FP_SUPPORT
bool
default y if TARGET_pistachio
config KERNEL_ARM_PMU
bool
default y if TARGET_armsr_armv8
depends on (arm || aarch64)
config KERNEL_ARM_PMUV3
bool
default y if TARGET_armsr_armv8
depends on (arm_v7 || aarch64) && LINUX_6_6
config KERNEL_RISCV_PMU
bool
select KERNEL_RISCV_PMU_SBI
depends on riscv64
config KERNEL_RISCV_PMU_SBI
bool
depends on riscv64
config KERNEL_X86_VSYSCALL_EMULATION
bool "Enable vsyscall emulation"
depends on x86_64
help
This enables emulation of the legacy vsyscall page. Disabling
it is roughly equivalent to booting with vsyscall=none, except
that it will also disable the helpful warning if a program
tries to use a vsyscall. With this option set to N, offending
programs will just segfault, citing addresses of the form
0xffffffffff600?00.
This option is required by many programs built before 2013, and
care should be used even with newer programs if set to N.
Disabling this option saves about 7K of kernel size and
possibly 4K of additional runtime pagetable memory.
config KERNEL_PERF_EVENTS
bool "Compile the kernel with performance events and counters"
select KERNEL_ARM_PMU if (arm || aarch64)
select KERNEL_ARM_PMUV3 if (arm_v7 || aarch64) && LINUX_6_6
select KERNEL_RISCV_PMU if riscv64
config KERNEL_PROFILING
bool "Compile the kernel with profiling enabled"
select KERNEL_PERF_EVENTS
help
Enable the extended profiling support mechanisms used by profilers such
as OProfile.
config KERNEL_RPI_AXIPERF
bool "Compile the kernel with RaspberryPi AXI Performance monitors"
default y
depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
config KERNEL_UBSAN
bool "Compile the kernel with undefined behaviour sanity checker"
help
This option enables undefined behaviour sanity checker
Compile-time instrumentation is used to detect various undefined
behaviours in runtime. Various types of checks may be enabled
via boot parameter ubsan_handle
(see: Documentation/dev-tools/ubsan.rst).
config KERNEL_UBSAN_SANITIZE_ALL
bool "Enable instrumentation for the entire kernel"
depends on KERNEL_UBSAN
default y
help
This option activates instrumentation for the entire kernel.
If you don't enable this option, you have to explicitly specify
UBSAN_SANITIZE := y for the files/directories you want to check for UB.
Enabling this option will get kernel image size increased
significantly.
config KERNEL_UBSAN_ALIGNMENT
bool "Enable checking of pointers alignment"
depends on KERNEL_UBSAN
help
This option enables detection of unaligned memory accesses.
Enabling this option on architectures that support unaligned
accesses may produce a lot of false positives.
config KERNEL_UBSAN_BOUNDS
bool "Perform array index bounds checking"
depends on KERNEL_UBSAN
help
This option enables detection of directly indexed out of bounds array
accesses, where the array size is known at compile time. Note that
this does not protect array overflows via bad calls to the
{str,mem}*cpy() family of functions (that is addressed by
FORTIFY_SOURCE).
config KERNEL_UBSAN_NULL
bool "Enable checking of null pointers"
depends on KERNEL_UBSAN
help
This option enables detection of memory accesses via a
null pointer.
config KERNEL_UBSAN_TRAP
bool "On Sanitizer warnings, abort the running kernel code"
depends on KERNEL_UBSAN
help
Building kernels with Sanitizer features enabled tends to grow the
kernel size by around 5%, due to adding all the debugging text on
failure paths. To avoid this, Sanitizer instrumentation can just
issue a trap. This reduces the kernel size overhead but turns all
warnings (including potentially harmless conditions) into full
exceptions that abort the running kernel code (regardless of context,
locks held, etc), which may destabilize the system. For some system
builders this is an acceptable trade-off.
config KERNEL_KASAN
bool "Compile the kernel with KASan: runtime memory debugger"
select KERNEL_SLUB_DEBUG
depends on (x86_64 || aarch64 || arm || powerpc || riscv64)
help
Enables kernel address sanitizer - runtime memory debugger,
designed to find out-of-bounds accesses and use-after-free bugs.
This is strictly a debugging feature and it requires a gcc version
of 4.9.2 or later. Detection of out of bounds accesses to stack or
global variables requires gcc 5.0 or later.
This feature consumes about 1/8 of available memory and brings about
~x3 performance slowdown.
For better error detection enable CONFIG_STACKTRACE.
Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
(the resulting kernel does not boot).
config KERNEL_KASAN_VMALLOC
bool "Back mappings in vmalloc space with real shadow memory"
depends on KERNEL_KASAN
help
By default, the shadow region for vmalloc space is the read-only
zero page. This means that KASAN cannot detect errors involving
vmalloc space.
Enabling this option will hook in to vmap/vmalloc and back those
mappings with real shadow memory allocated on demand. This allows
for KASAN to detect more sorts of errors (and to support vmapped
stacks), but at the cost of higher memory usage.
This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
depend on that in here, so it is possible that enabling this
will have no effect.
if KERNEL_KASAN
choice
prompt "KASAN mode"
depends on KERNEL_KASAN
default KERNEL_KASAN_GENERIC
help
KASAN has three modes:
1. Generic KASAN (supported by many architectures, enabled with
CONFIG_KASAN_GENERIC, similar to userspace ASan),
2. Software Tag-Based KASAN (arm64 only, based on software memory
tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace
HWASan), and
3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory
tagging, enabled with CONFIG_KASAN_HW_TAGS).
config KERNEL_KASAN_GENERIC
bool "Generic KASAN"
select KERNEL_SLUB_DEBUG
help
Enables Generic KASAN.
Consumes about 1/8th of available memory at kernel start and adds an
overhead of ~50% for dynamic allocations.
The performance slowdown is ~x3.
config KERNEL_KASAN_SW_TAGS
bool "Software Tag-Based KASAN"
depends on aarch64
select KERNEL_SLUB_DEBUG
help
Enables Software Tag-Based KASAN.
Supported only on arm64 CPUs and relies on Top Byte Ignore.
Consumes about 1/16th of available memory at kernel start and
add an overhead of ~20% for dynamic allocations.
May potentially introduce problems related to pointer casting and
comparison, as it embeds a tag into the top byte of each pointer.
config KERNEL_KASAN_HW_TAGS
bool "Hardware Tag-Based KASAN"
depends on aarch64
select KERNEL_SLUB_DEBUG
select KERNEL_ARM64_MTE
help
Enables Hardware Tag-Based KASAN.
Supported only on arm64 CPUs starting from ARMv8.5 and relies on
Memory Tagging Extension and Top Byte Ignore.
Consumes about 1/32nd of available memory.
May potentially introduce problems related to pointer casting and
comparison, as it embeds a tag into the top byte of each pointer.
endchoice
config KERNEL_ARM64_MTE
def_bool n
endif
choice
prompt "Instrumentation type"
depends on KERNEL_KASAN
depends on !KERNEL_KASAN_HW_TAGS
default KERNEL_KASAN_OUTLINE
config KERNEL_KASAN_OUTLINE
bool "Outline instrumentation"
help
Before every memory access compiler insert function call
__asan_load*/__asan_store*. These functions performs check
of shadow memory. This is slower than inline instrumentation,
however it doesn't bloat size of kernel's .text section so
much as inline does.
config KERNEL_KASAN_INLINE
bool "Inline instrumentation"
help
Compiler directly inserts code checking shadow memory before
memory accesses. This is faster than outline (in some workloads
it gives about x2 boost over outline instrumentation), but
make kernel's .text size much bigger.
This requires a gcc version of 5.0 or later.
endchoice
config KERNEL_KCOV
bool "Compile the kernel with code coverage for fuzzing"
select KERNEL_DEBUG_FS
help
KCOV exposes kernel code coverage information in a form suitable
for coverage-guided fuzzing (randomized testing).
If RANDOMIZE_BASE is enabled, PC values will not be stable across
different machines and across reboots. If you need stable PC values,
disable RANDOMIZE_BASE.
For more details, see Documentation/kcov.txt.
config KERNEL_KCOV_ENABLE_COMPARISONS
bool "Enable comparison operands collection by KCOV"
depends on KERNEL_KCOV
help
KCOV also exposes operands of every comparison in the instrumented
code along with operand sizes and PCs of the comparison instructions.
These operands can be used by fuzzing engines to improve the quality
of fuzzing coverage.
config KERNEL_KCOV_INSTRUMENT_ALL
bool "Instrument all code by default"
depends on KERNEL_KCOV
default y if KERNEL_KCOV
help
If you are doing generic system call fuzzing (like e.g. syzkaller),
then you will want to instrument the whole kernel and you should
say y here. If you are doing more targeted fuzzing (like e.g.
filesystem fuzzing with AFL) then you will want to enable coverage
for more specific subsets of files, and should say n here.
config KERNEL_TASKSTATS
bool "Compile the kernel with task resource/io statistics and accounting"
help
Enable the collection and publishing of task/io statistics and
accounting. Enable this option to enable i/o monitoring in system
monitors.
if KERNEL_TASKSTATS
config KERNEL_TASK_DELAY_ACCT
def_bool y
config KERNEL_TASK_IO_ACCOUNTING
def_bool y
config KERNEL_TASK_XACCT
def_bool y
endif
config KERNEL_PSI
bool "Compile the kernel with pressure stall information tracking"
help
Collect metrics that indicate how overcommitted the CPU, memory,
and IO capacity are in the system.
If you say Y here, the kernel will create /proc/pressure/ with the
pressure statistics files cpu, memory, and io. These will indicate
the share of walltime in which some or all tasks in the system are
delayed due to contention of the respective resource.
In kernels with cgroup support, cgroups (cgroup2 only) will
have cpu.pressure, memory.pressure, and io.pressure files,
which aggregate pressure stalls for the grouped tasks only.
For more details see Documentation/accounting/psi.rst.
Say N if unsure.
config KERNEL_KALLSYMS
bool "Compile the kernel with symbol table information"
default y if !SMALL_FLASH
help
This will give you more information in stack traces from kernel oopses.
config KERNEL_FTRACE
bool "Compile the kernel with tracing support"
depends on !TARGET_uml
config KERNEL_FTRACE_SYSCALLS
bool "Trace system calls"
depends on KERNEL_FTRACE
config KERNEL_ENABLE_DEFAULT_TRACERS
bool "Trace process context switches and events"
depends on KERNEL_FTRACE
config KERNEL_FUNCTION_TRACER
bool "Function tracer"
depends on KERNEL_FTRACE
config KERNEL_FUNCTION_GRAPH_TRACER
bool "Function graph tracer"
depends on KERNEL_FUNCTION_TRACER
config KERNEL_DYNAMIC_FTRACE
bool "Enable/disable function tracing dynamically"
depends on KERNEL_FUNCTION_TRACER
config KERNEL_FUNCTION_PROFILER
bool "Function profiler"
depends on KERNEL_FUNCTION_TRACER
config KERNEL_IRQSOFF_TRACER
bool "Interrupts-off Latency Tracer"
depends on KERNEL_FTRACE
help
This option measures the time spent in irqs-off critical
sections, with microsecond accuracy.
The default measurement method is a maximum search, which is
disabled by default and can be runtime (re-)started
via:
echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
(Note that kernel size and overhead increase with this option
enabled. This option and the preempt-off timing option can be
used together or separately.)
config KERNEL_PREEMPT_TRACER
bool "Preemption-off Latency Tracer"
depends on KERNEL_FTRACE
help
This option measures the time spent in preemption-off critical
sections, with microsecond accuracy.
The default measurement method is a maximum search, which is
disabled by default and can be runtime (re-)started
via:
echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
(Note that kernel size and overhead increase with this option
enabled. This option and the irqs-off timing option can be
used together or separately.)
config KERNEL_HIST_TRIGGERS
bool "Histogram triggers"
depends on KERNEL_FTRACE
help
Hist triggers allow one or more arbitrary trace event fields to be
aggregated into hash tables and dumped to stdout by reading a
debugfs/tracefs file. They're useful for gathering quick and dirty
(though precise) summaries of event activity as an initial guide for
further investigation using more advanced tools.
Inter-event tracing of quantities such as latencies is also
supported using hist triggers under this option.
config KERNEL_DEBUG_KERNEL
bool
config KERNEL_DEBUG_INFO
bool "Compile the kernel with debug information"
default y if !SMALL_FLASH
select KERNEL_DEBUG_KERNEL
help
This will compile your kernel and modules with debug information.
config KERNEL_DEBUG_INFO_BTF
bool "Enable additional BTF type information"
depends on !HOST_OS_MACOS
depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
select DWARVES
help
Generate BPF Type Format (BTF) information from DWARF debug info.
Turning this on expects presence of pahole tool, which will convert
DWARF type info into equivalent deduplicated BTF type info.
Required to run BPF CO-RE applications.
config KERNEL_DEBUG_INFO_BTF_MODULES
def_bool y
depends on KERNEL_DEBUG_INFO_BTF
config KERNEL_MODULE_ALLOW_BTF_MISMATCH
bool "Allow loading modules with non-matching BTF type info"
depends on KERNEL_DEBUG_INFO_BTF_MODULES
help
For modules whose split BTF does not match vmlinux, load without
BTF rather than refusing to load. The default behavior with
module BTF enabled is to reject modules with such mismatches;
this option will still load module BTF where possible but ignore
it when a mismatch is found.
config KERNEL_DEBUG_INFO_REDUCED
bool "Reduce debugging information"
default n
depends on KERNEL_DEBUG_INFO
help
If you say Y here gcc is instructed to generate less debugging
information for structure types. This means that tools that
need full debugging information (like kgdb or systemtap) won't
be happy. But if you merely need debugging information to
resolve line numbers there is no loss. Advantage is that
build directory object sizes shrink dramatically over a full
DEBUG_INFO build and compile times are reduced too.
Only works with newer gcc versions.
config KERNEL_FRAME_WARN
int
range 0 8192
default 1280 if KERNEL_KASAN && !ARCH_64BIT
default 1024 if !ARCH_64BIT
default 2048 if ARCH_64BIT
help
Tell the compiler to warn at build time for stack frames larger than this.
Setting this too low will cause a lot of warnings.
Setting it to 0 disables the warning.
# KERNEL_DEBUG_LL symbols must have the default value set as otherwise
# KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected
# which means that buildroot wont override the DEBUG_LL symbols in target
# kernel configurations and lead to devices that dont have working console
config KERNEL_DEBUG_LL_UART_NONE
bool
default n
depends on arm
config KERNEL_DEBUG_LL
bool
default n
depends on arm
select KERNEL_DEBUG_LL_UART_NONE
help
ARM low level debugging.
config KERNEL_DEBUG_VIRTUAL
bool "Compile the kernel with VM translations debugging"
select KERNEL_DEBUG_KERNEL
help
Enable checks sanity checks to catch invalid uses of
virt_to_phys()/phys_to_virt() against the non-linear address space.
config KERNEL_DYNAMIC_DEBUG
bool "Compile the kernel with dynamic printk"
select KERNEL_DEBUG_FS
help
Compiles debug level messages into the kernel, which would not
otherwise be available at runtime. These messages can then be
enabled/disabled based on various levels of scope - per source file,
function, module, format string, and line number. This mechanism
implicitly compiles in all pr_debug() and dev_dbg() calls, which
enlarges the kernel text size by about 2%.
config KERNEL_EARLY_PRINTK
bool "Compile the kernel with early printk"
default y if TARGET_bcm53xx
depends on arm
select KERNEL_DEBUG_KERNEL
select KERNEL_DEBUG_LL if arm
help
Compile the kernel with early printk support. This is only useful for
debugging purposes to send messages over the serial console in early boot.
Enable this to debug early boot problems.
config KERNEL_KPROBES
bool "Compile the kernel with kprobes support"
select KERNEL_FTRACE
select KERNEL_PERF_EVENTS
help
Compiles the kernel with KPROBES support, which allows you to trap
at almost any kernel address and execute a callback function.
register_kprobe() establishes a probepoint and specifies the
callback. Kprobes is useful for kernel debugging, non-intrusive
instrumentation and testing.
If in doubt, say "N".
config KERNEL_KPROBE_EVENTS
bool
default y if KERNEL_KPROBES
config KERNEL_BPF_EVENTS
bool "Compile the kernel with BPF event support"
select KERNEL_KPROBES
help
Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
for sending data from BPF programs to user-space for post-processing
or logging.
config KERNEL_PROBE_EVENTS_BTF_ARGS
bool "Support BTF function arguments for probe events"
depends on KERNEL_DEBUG_INFO_BTF && KERNEL_KPROBE_EVENTS && LINUX_6_6
config KERNEL_BPF_KPROBE_OVERRIDE
bool
depends on KERNEL_KPROBES
default n
config KERNEL_AIO
bool "Compile the kernel with asynchronous IO support"
default y if !SMALL_FLASH
config KERNEL_IO_URING
bool "Compile the kernel with io_uring support"
depends on !SMALL_FLASH
default y if (x86_64 || aarch64)
config KERNEL_FHANDLE
bool "Compile the kernel with support for fhandle syscalls"
default y if !SMALL_FLASH
config KERNEL_FANOTIFY
bool "Compile the kernel with modern file notification support"
default y if !SMALL_FLASH
config KERNEL_BLK_DEV_BSG
bool "Compile the kernel with SCSI generic v4 support for any block device"
config KERNEL_TRANSPARENT_HUGEPAGE
bool
choice
prompt "Transparent Hugepage Support sysfs defaults"
depends on KERNEL_TRANSPARENT_HUGEPAGE
default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
bool "always"
config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
bool "madvise"
endchoice
config KERNEL_HUGETLBFS
bool
config KERNEL_HUGETLB_PAGE
bool "Compile the kernel with HugeTLB support"
select KERNEL_TRANSPARENT_HUGEPAGE
select KERNEL_HUGETLBFS
config KERNEL_MAGIC_SYSRQ
bool "Compile the kernel with SysRq support"
default y
config KERNEL_DEBUG_PINCTRL
bool "Compile the kernel with pinctrl debugging"
select KERNEL_DEBUG_KERNEL
config KERNEL_DEBUG_GPIO
bool "Compile the kernel with gpio debugging"
select KERNEL_DEBUG_KERNEL
config KERNEL_COREDUMP
bool
config KERNEL_ELF_CORE
bool "Enable process core dump support"
select KERNEL_COREDUMP
default y if !SMALL_FLASH
config KERNEL_PROVE_LOCKING
bool "Enable kernel lock checking"
select KERNEL_DEBUG_KERNEL
config KERNEL_SOFTLOCKUP_DETECTOR
bool "Compile the kernel with detect Soft Lockups"
depends on KERNEL_DEBUG_KERNEL
help
Say Y here to enable the kernel to act as a watchdog to detect
soft lockups.
Softlockups are bugs that cause the kernel to loop in kernel
mode for more than 20 seconds, without giving other tasks a
chance to run. The current stack trace is displayed upon
detection and the system will stay locked up.
config KERNEL_HARDLOCKUP_DETECTOR
bool "Compile the kernel with detect Hard Lockups"
depends on KERNEL_DEBUG_KERNEL
help
Say Y here to enable the kernel to act as a watchdog to detect
hard lockups.
Hardlockups are bugs that cause the CPU to loop in kernel mode
for more than 10 seconds, without letting other interrupts have a
chance to run. The current stack trace is displayed upon detection
and the system will stay locked up.
config KERNEL_DETECT_HUNG_TASK
bool "Compile the kernel with detect Hung Tasks"
depends on KERNEL_DEBUG_KERNEL
default KERNEL_SOFTLOCKUP_DETECTOR
help
Say Y here to enable the kernel to detect "hung tasks",
which are bugs that cause the task to be stuck in
uninterruptible "D" state indefinitely.
When a hung task is detected, the kernel will print the
current stack trace (which you should report), but the
task will stay in uninterruptible state. If lockdep is
enabled then all held locks will also be reported. This
feature has negligible overhead.
config KERNEL_WQ_WATCHDOG
bool "Compile the kernel with detect Workqueue Stalls"
depends on KERNEL_DEBUG_KERNEL
help
Say Y here to enable stall detection on workqueues. If a
worker pool doesn't make forward progress on a pending work
item for over a given amount of time, 30s by default, a
warning message is printed along with dump of workqueue
state. This can be configured through kernel parameter
"workqueue.watchdog_thresh" and its sysfs counterpart.
config KERNEL_DEBUG_ATOMIC_SLEEP
bool "Compile the kernel with sleep inside atomic section checking"
depends on KERNEL_DEBUG_KERNEL
help
If you say Y here, various routines which may sleep will become very
noisy if they are called inside atomic sections: when a spinlock is
held, inside an rcu read side critical section, inside preempt disabled
sections, inside an interrupt, etc...
config KERNEL_DEBUG_VM
bool "Compile the kernel with debug VM"
depends on KERNEL_DEBUG_KERNEL
help
Enable this to turn on extended checks in the virtual-memory system
that may impact performance.
If unsure, say N.
config KERNEL_PRINTK_TIME
bool "Enable printk timestamps"
default y
config KERNEL_SLUB_DEBUG
bool "Enable SLUB debugging support"
help
This enables various debugging features:
- Accepts "slub_debug" kernel parameter
- Provides caches debugging options (e.g. tracing, validating)
- Adds /sys/kernel/slab/ attrs for reading amounts of *objects*
- Enables /proc/slabinfo support
- Prints info when running out of memory
Enabling this can result in a significant increase of code size.
config KERNEL_SLUB_DEBUG_ON
depends on KERNEL_SLUB_DEBUG
bool "Boot kernel with basic caches debugging enabled"
help
This enables by default sanity_checks, red_zone, poison and store_user
debugging options for all caches.
config KERNEL_SLABINFO
select KERNEL_SLUB_DEBUG
select KERNEL_SLUB_DEBUG_ON
bool "Enable /proc slab debug info"
config KERNEL_PROC_PAGE_MONITOR
bool "Enable /proc page monitoring"
config KERNEL_RELAY
bool
config KERNEL_KEXEC
bool "Enable kexec support"
config KERNEL_PROC_VMCORE
bool
config KERNEL_PROC_KCORE
bool
config KERNEL_CRASH_DUMP
depends on i386 || x86_64 || arm || armeb
select KERNEL_KEXEC
select KERNEL_PROC_VMCORE
select KERNEL_PROC_KCORE
bool "Enable support for kexec crashdump"
default y
config USE_RFKILL
bool "Enable rfkill support"
default RFKILL_SUPPORT
config USE_SPARSE
bool "Enable sparse check during kernel build"
config KERNEL_DEVTMPFS
bool "Compile the kernel with device tmpfs enabled"
help
devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
devices nodes for all registered devices to simplify boot, but leaves more
complex tasks to userspace (e.g. udev).
if KERNEL_DEVTMPFS
config KERNEL_DEVTMPFS_MOUNT
bool "Automatically mount devtmpfs after root filesystem is mounted"
endif
config KERNEL_KEYS
bool "Enable kernel access key retention support"
default !SMALL_FLASH
config KERNEL_PERSISTENT_KEYRINGS
bool "Enable kernel persistent keyrings"
depends on KERNEL_KEYS
config KERNEL_KEYS_REQUEST_CACHE
bool "Enable temporary caching of the last request_key() result"
depends on KERNEL_KEYS
config KERNEL_BIG_KEYS
bool "Enable large payload keys on kernel keyrings"
depends on KERNEL_KEYS
#
# CGROUP support symbols
#
config KERNEL_CGROUPS
bool "Enable kernel cgroups"
default y if !SMALL_FLASH
if KERNEL_CGROUPS
config KERNEL_CGROUP_DEBUG
bool "Example debug cgroup subsystem"
help
This option enables a simple cgroup subsystem that
exports useful debugging information about the cgroups
framework.
config KERNEL_FREEZER
bool
config KERNEL_CGROUP_FREEZER
bool "legacy Freezer cgroup subsystem"
select KERNEL_FREEZER
help
Provides a way to freeze and unfreeze all tasks in a
cgroup.
(legacy cgroup1-only controller, in cgroup2 freezer
is integrated in the Memory controller)
config KERNEL_CGROUP_DEVICE
bool "legacy Device controller for cgroups"
help
Provides a cgroup implementing whitelists for devices which
a process in the cgroup can mknod or open.
(legacy cgroup1-only controller)
config KERNEL_CGROUP_HUGETLB
bool "HugeTLB controller"
select KERNEL_HUGETLB_PAGE
config KERNEL_CGROUP_PIDS
bool "PIDs cgroup subsystem"
default y
help
Provides enforcement of process number limits in the scope of a
cgroup.
config KERNEL_CGROUP_RDMA
bool "RDMA controller for cgroups"
default y
config KERNEL_CGROUP_BPF
bool "Support for eBPF programs attached to cgroups"
default y
config KERNEL_CPUSETS
bool "Cpuset support"
default y
help
This option will let you create and manage CPUSETs which
allow dynamically partitioning a system into sets of CPUs and
Memory Nodes and assigning tasks to run only within those sets.
This is primarily useful on large SMP or NUMA systems.
config KERNEL_PROC_PID_CPUSET
bool "Include legacy /proc/<pid>/cpuset file"
depends on KERNEL_CPUSETS
config KERNEL_CGROUP_CPUACCT
bool "Simple CPU accounting cgroup subsystem"
default y
help
Provides a simple Resource Controller for monitoring the
total CPU consumed by the tasks in a cgroup.
config KERNEL_RESOURCE_COUNTERS
bool "Resource counters"
default y
help
This option enables controller independent resource accounting
infrastructure that works with cgroups.
config KERNEL_MM_OWNER
bool
default y if KERNEL_MEMCG
config KERNEL_MEMCG
bool "Memory Resource Controller for Control Groups"
default y
select KERNEL_FREEZER
depends on KERNEL_RESOURCE_COUNTERS
help
Provides a memory resource controller that manages both anonymous
memory and page cache. (See Documentation/cgroups/memory.txt)
Note that setting this option increases fixed memory overhead
associated with each page of memory in the system. By this,
20(40)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory
usage tracking struct at boot. Total amount of this is printed out
at boot.
Only enable when you're ok with these tradeoffs and really
sure you need the memory resource controller. Even when you enable
this, you can set "cgroup_disable=memory" at your boot option to
disable memory resource controller and you can avoid overheads
(but lose benefits of memory resource controller).
This config option also selects MM_OWNER config option, which
could in turn add some fork/exit overhead.
config KERNEL_MEMCG_SWAP
bool "Memory Resource Controller Swap Extension"
default y
depends on KERNEL_MEMCG
help
Add swap management feature to memory resource controller. When you
enable this, you can limit mem+swap usage per cgroup. In other words,
when you disable this, memory resource controller has no cares to
usage of swap...a process can exhaust all of the swap. This extension
is useful when you want to avoid exhaustion swap but this itself
adds more overheads and consumes memory for remembering information.
Especially if you use 32bit system or small memory system, please
be careful about enabling this. When memory resource controller
is disabled by boot option, this will be automatically disabled and
there will be no overhead from this. Even when you set this config=y,
if boot option "swapaccount=0" is set, swap will not be accounted.
Now, memory usage of swap_cgroup is 2 bytes per entry. If swap page
size is 4096bytes, 512k per 1Gbytes of swap.
config KERNEL_MEMCG_SWAP_ENABLED
bool "Memory Resource Controller Swap Extension enabled by default"
depends on KERNEL_MEMCG_SWAP
help
Memory Resource Controller Swap Extension comes with its price in
a bigger memory consumption. General purpose distribution kernels
which want to enable the feature but keep it disabled by default
and let the user enable it by swapaccount boot command line
parameter should have this option unselected.
Those who want to have the feature enabled by default should
select this option (if, for some reason, they need to disable it,
then swapaccount=0 does the trick).
config KERNEL_MEMCG_KMEM
bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
default y
depends on KERNEL_MEMCG
help
The Kernel Memory extension for Memory Resource Controller can limit
the amount of memory used by kernel objects in the system. Those are
fundamentally different from the entities handled by the standard
Memory Controller, which are page-based, and can be swapped. Users of
the kmem extension can use it to guarantee that no group of processes
will ever exhaust kernel resources alone.
config KERNEL_CGROUP_PERF
bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
select KERNEL_PERF_EVENTS
help
This option extends the per-cpu mode to restrict monitoring to
threads which belong to the cgroup specified and run on the
designated cpu.
menuconfig KERNEL_CGROUP_SCHED
bool "Group CPU scheduler"
default y
help
This feature lets CPU scheduler recognize task groups and control CPU
bandwidth allocation to such task groups. It uses cgroups to group
tasks.
if KERNEL_CGROUP_SCHED
config KERNEL_FAIR_GROUP_SCHED
bool "Group scheduling for SCHED_OTHER"
default y
config KERNEL_CFS_BANDWIDTH
bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
default y
depends on KERNEL_FAIR_GROUP_SCHED
help
This option allows users to define CPU bandwidth rates (limits) for
tasks running within the fair group scheduler. Groups with no limit
set are considered to be unconstrained and will run with no
restriction.
See tip/Documentation/scheduler/sched-bwc.txt for more information.
config KERNEL_RT_GROUP_SCHED
bool "Group scheduling for SCHED_RR/FIFO"
default y
help
This feature lets you explicitly allocate real CPU bandwidth
to task groups. If enabled, it will also make it impossible to
schedule realtime tasks for non-root users until you allocate
realtime bandwidth for them.
endif
config KERNEL_BLK_CGROUP
bool "Block IO controller"
default y
help
Generic block IO controller cgroup interface. This is the common
cgroup interface which should be used by various IO controlling
policies.
Currently, CFQ IO scheduler uses it to recognize task groups and
control disk bandwidth allocation (proportional time slice allocation)
to such task groups. It is also used by bio throttling logic in
block layer to implement upper limit in IO rates on a device.
This option only enables generic Block IO controller infrastructure.
One needs to also enable actual IO controlling logic/policy. For
enabling proportional weight division of disk bandwidth in CFQ, set
CONFIG_CFQ_GROUP_IOSCHED=y; for enabling throttling policy, set
CONFIG_BLK_DEV_THROTTLING=y.
if KERNEL_BLK_CGROUP
config KERNEL_CFQ_GROUP_IOSCHED
bool "Proportional weight of disk bandwidth in CFQ"
config KERNEL_BLK_DEV_THROTTLING
bool "Enable throttling policy"
default y
config KERNEL_BLK_DEV_THROTTLING_LOW
bool "Block throttling .low limit interface support (EXPERIMENTAL)"
depends on KERNEL_BLK_DEV_THROTTLING
endif
config KERNEL_DEBUG_BLK_CGROUP
bool "Enable Block IO controller debugging"
depends on KERNEL_BLK_CGROUP
help
Enable some debugging help. Currently it exports additional stat
files in a cgroup which can be useful for debugging.
config KERNEL_NET_CLS_CGROUP
bool "legacy Control Group Classifier"
config KERNEL_CGROUP_NET_CLASSID
bool "legacy Network classid cgroup"
config KERNEL_CGROUP_NET_PRIO
bool "legacy Network priority cgroup"
endif
#
# Namespace support symbols
#
config KERNEL_NAMESPACES
bool "Enable kernel namespaces"
default y if !SMALL_FLASH
if KERNEL_NAMESPACES
config KERNEL_UTS_NS
bool "UTS namespace"
default y
help
In this namespace, tasks see different info provided
with the uname() system call.
config KERNEL_IPC_NS
bool "IPC namespace"
default y
help
In this namespace, tasks work with IPC ids which correspond to
different IPC objects in different namespaces.
config KERNEL_USER_NS
bool "User namespace (EXPERIMENTAL)"
default y
help
This allows containers, i.e. vservers, to use user namespaces
to provide different user info for different servers.
config KERNEL_PID_NS
bool "PID Namespaces"
default y
help
Support process id namespaces. This allows having multiple
processes with the same pid as long as they are in different
pid namespaces. This is a building block of containers.
config KERNEL_NET_NS
bool "Network namespace"
default y
help
Allow user space to create what appear to be multiple instances
of the network stack.
endif
config KERNEL_DEVPTS_MULTIPLE_INSTANCES
bool "Support multiple instances of devpts"
default y if !SMALL_FLASH
help
Enable support for multiple instances of devpts filesystem.
If you want to have isolated PTY namespaces (eg: in containers),
say Y here. Otherwise, say N. If enabled, each mount of devpts
filesystem with the '-o newinstance' option will create an
independent PTY namespace.
config KERNEL_POSIX_MQUEUE
bool "POSIX Message Queues"
default y if !SMALL_FLASH
help
POSIX variant of message queues is a part of IPC. In POSIX message
queues every message has a priority which decides about succession
of receiving it by a process. If you want to compile and run
programs written e.g. for Solaris with use of its POSIX message
queues (functions mq_*) say Y here.
POSIX message queues are visible as a filesystem called 'mqueue'
and can be mounted somewhere if you want to do filesystem
operations on message queues.
config KERNEL_SECCOMP_FILTER
bool
default y if !SMALL_FLASH
config KERNEL_SECCOMP
bool "Enable seccomp support"
depends on !(TARGET_uml)
select KERNEL_SECCOMP_FILTER
default y if !SMALL_FLASH
help
Build kernel with support for seccomp.
#
# IPv4 configuration
#
config KERNEL_IP_MROUTE
bool "Enable IPv4 multicast routing"
default y
help
Multicast routing requires a multicast routing daemon in
addition to kernel support.
if KERNEL_IP_MROUTE
config KERNEL_IP_MROUTE_MULTIPLE_TABLES
def_bool y
config KERNEL_IP_PIMSM_V1
def_bool y
config KERNEL_IP_PIMSM_V2
def_bool y
endif
#
# IPv6 configuration
#
config KERNEL_IPV6
def_bool IPV6
if KERNEL_IPV6
config KERNEL_IPV6_MULTIPLE_TABLES
def_bool y
config KERNEL_IPV6_SUBTREES
def_bool y
config KERNEL_IPV6_MROUTE
bool "Enable IPv6 multicast routing"
default y
help
Multicast routing requires a multicast routing daemon in
addition to kernel support.
if KERNEL_IPV6_MROUTE
config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
def_bool y
config KERNEL_IPV6_PIMSM_V2
def_bool y
endif
config KERNEL_IPV6_SEG6_LWTUNNEL
bool "Enable support for lightweight tunnels"
default y if !SMALL_FLASH
help
Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
config KERNEL_LWTUNNEL_BPF
def_bool n
endif
#
# Miscellaneous network configuration
#
config KERNEL_NET_L3_MASTER_DEV
bool "L3 Master device support"
default y if !SMALL_FLASH
help
This module provides glue between core networking code and device
drivers to support L3 master devices like VRF.
Increases the compressed kernel size by ~4kB (as of Linux 6.6).
config KERNEL_XDP_SOCKETS
bool "XDP sockets support"
help
XDP sockets allows a channel between XDP programs and
userspace applications.
config KERNEL_PAGE_POOL
def_bool n
config KERNEL_PAGE_POOL_STATS
bool "Page pool stats support"
depends on KERNEL_PAGE_POOL
config KERNEL_NF_CONNTRACK_TIMEOUT
bool "Per-connection connection tracking timeout"
default y if !SMALL_FLASH
help
Select this option to enable support for per-connection conntrack timeouts.
Increases the (uncompressed) size of nf_conntrack.ko by ~8kB.
#
# NFS related symbols
#
config KERNEL_IP_PNP
bool "Compile the kernel with rootfs on NFS"
help
If you want to make your kernel boot off a NFS server as root
filesystem, select Y here.
if KERNEL_IP_PNP
config KERNEL_IP_PNP_DHCP
def_bool y
config KERNEL_IP_PNP_BOOTP
def_bool n
config KERNEL_IP_PNP_RARP
def_bool n
config KERNEL_NFS_FS
def_bool y
config KERNEL_NFS_V2
def_bool y
config KERNEL_NFS_V3
def_bool y
config KERNEL_ROOT_NFS
def_bool y
endif
config KERNEL_BTRFS_FS
bool "Compile the kernel with built-in BTRFS support"
help
Say Y here if you want to make the kernel to be able to boot off a
BTRFS partition.
menu "Filesystem ACL and attr support options"
config USE_FS_ACL_ATTR
bool "Use filesystem ACL and attr support by default"
help
Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
for kernel and packages, except tmpfs, flash filesystems,
and old NFS. Also enable userspace extended attribute support
by default. (OpenWrt already has an expection it will be
present in the kernel).
config KERNEL_FS_POSIX_ACL
bool "Enable POSIX ACL support"
default y if USE_FS_ACL_ATTR
config KERNEL_BTRFS_FS_POSIX_ACL
bool "Enable POSIX ACL for BtrFS Filesystems"
select KERNEL_FS_POSIX_ACL
default y if USE_FS_ACL_ATTR
config KERNEL_EXT4_FS_POSIX_ACL
bool "Enable POSIX ACL for Ext4 Filesystems"
select KERNEL_FS_POSIX_ACL
default y if USE_FS_ACL_ATTR
config KERNEL_F2FS_FS_POSIX_ACL
bool "Enable POSIX ACL for F2FS Filesystems"
select KERNEL_FS_POSIX_ACL
config KERNEL_JFFS2_FS_POSIX_ACL
bool "Enable POSIX ACL for JFFS2 Filesystems"
select KERNEL_FS_POSIX_ACL
config KERNEL_TMPFS_POSIX_ACL
bool "Enable POSIX ACL for TMPFS Filesystems"
select KERNEL_FS_POSIX_ACL
config KERNEL_CIFS_ACL
bool "Enable CIFS ACLs"
select KERNEL_FS_POSIX_ACL
default y if USE_FS_ACL_ATTR
config KERNEL_HFS_FS_POSIX_ACL
bool "Enable POSIX ACL for HFS Filesystems"
select KERNEL_FS_POSIX_ACL
default y if USE_FS_ACL_ATTR
config KERNEL_HFSPLUS_FS_POSIX_ACL
bool "Enable POSIX ACL for HFS+ Filesystems"
select KERNEL_FS_POSIX_ACL
default y if USE_FS_ACL_ATTR
config KERNEL_NFS_ACL_SUPPORT
bool "Enable ACLs for NFS"
default y if USE_FS_ACL_ATTR
config KERNEL_NFS_V3_ACL_SUPPORT
bool "Enable ACLs for NFSv3"
config KERNEL_NFSD_V2_ACL_SUPPORT
bool "Enable ACLs for NFSDv2"
config KERNEL_NFSD_V3_ACL_SUPPORT
bool "Enable ACLs for NFSDv3"
config KERNEL_REISER_FS_POSIX_ACL
bool "Enable POSIX ACLs for ReiserFS"
select KERNEL_FS_POSIX_ACL
default y if USE_FS_ACL_ATTR
config KERNEL_XFS_POSIX_ACL
bool "Enable POSIX ACLs for XFS"
select KERNEL_FS_POSIX_ACL
default y if USE_FS_ACL_ATTR
config KERNEL_JFS_POSIX_ACL
bool "Enable POSIX ACLs for JFS"
select KERNEL_FS_POSIX_ACL
default y if USE_FS_ACL_ATTR
endmenu
config KERNEL_DEVMEM
bool "/dev/mem virtual device support"
help
Say Y here if you want to support the /dev/mem device.
The /dev/mem device is used to access areas of physical
memory.
config KERNEL_DEVKMEM
bool "/dev/kmem virtual device support"
help
Say Y here if you want to support the /dev/kmem device. The
/dev/kmem device is rarely used, but can be used for certain
kind of kernel debugging operations.
config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
int "Number of squashfs fragments cached"
default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
default 3
config KERNEL_SQUASHFS_XATTR
bool "Squashfs XATTR support"
#
# compile optimization setting
#
choice
prompt "Compiler optimization level"
default KERNEL_CC_OPTIMIZE_FOR_SIZE if SMALL_FLASH
config KERNEL_CC_OPTIMIZE_FOR_PERFORMANCE
bool "Optimize for performance"
help
This is the default optimization level for the kernel, building
with the "-O2" compiler flag for best performance and most
helpful compile-time warnings.
config KERNEL_CC_OPTIMIZE_FOR_SIZE
bool "Optimize for size"
help
Enabling this option will pass "-Os" instead of "-O2" to
your compiler resulting in a smaller kernel.
endchoice
config KERNEL_AUDIT
bool "Auditing support"
config KERNEL_SECURITY
bool "Enable different security models"
config KERNEL_SECURITY_NETWORK
bool "Socket and Networking Security Hooks"
select KERNEL_SECURITY
config KERNEL_SECURITY_SELINUX
bool "NSA SELinux Support"
select KERNEL_SECURITY_NETWORK
select KERNEL_AUDIT
config KERNEL_SECURITY_SELINUX_BOOTPARAM
bool "NSA SELinux boot parameter"
depends on KERNEL_SECURITY_SELINUX
default y
config KERNEL_SECURITY_SELINUX_DISABLE
bool "NSA SELinux runtime disable"
depends on KERNEL_SECURITY_SELINUX
config KERNEL_SECURITY_SELINUX_DEVELOP
bool "NSA SELinux Development Support"
depends on KERNEL_SECURITY_SELINUX
default y
config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
int
depends on KERNEL_SECURITY_SELINUX
default 9
config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
int
depends on KERNEL_SECURITY_SELINUX
default 256
config KERNEL_LSM
string
default "lockdown,yama,loadpin,safesetid,integrity,selinux"
depends on KERNEL_SECURITY_SELINUX
config KERNEL_EXT4_FS_SECURITY
bool "Ext4 Security Labels"
config KERNEL_F2FS_FS_SECURITY
bool "F2FS Security Labels"
config KERNEL_UBIFS_FS_SECURITY
bool "UBIFS Security Labels"
config KERNEL_JFFS2_FS_SECURITY
bool "JFFS2 Security Labels"
config KERNEL_WERROR
bool "Compile the kernel with warnings as errors"
help
A kernel build should not cause any compiler warnings, and this
enables the '-Werror' (for C) and '-Dwarnings' (for Rust) flags
to enforce that rule by default. Certain warnings from other tools
such as the linker may be upgraded to errors with this option as
well.
However, if you have a new (or very old) compiler or linker with odd
and unusual warnings, or you have some architecture with problems,
you may need to disable this config option in order to
successfully build the kernel.
config KERNEL_ENABLE_AUDIO
bool
config KERNEL_DISABLE_AUDIO
bool
config KERNEL_LINUX_ALSA_SSP_CONTROLLER_ENABLE
bool
config KERNEL_LINUX_ALSA_SSP_CONTROLLER_DISABLE
bool
config KERNEL_CODEC_PM812
bool
config KERNEL_CODEC_PM805
bool
config KERNEL_CODEC_NAU8810
bool
config KERNEL_CODEC_ALC5616
bool
config KERNEL_CODEC_NONE
bool
config KERNEL_CODEC_I2S_MASTER
bool
config KERNEL_CODEC_I2S_SLAVE
bool
config KERNEL_CODEC_PCM_MASTER
bool
config KERNEL_CODEC_PCM_SLAVE
bool
config KERNEL_CODEC_PCM_NB
bool
config KERNEL_CODEC_PCM_WB
bool
config KERNEL_CODEC_PCM_32KHz
bool
config KERNEL_CODEC_PCM_48KHz
bool
config KERNEL_MISLIC_LE9643
bool
config KERNEL_MISLIC_LE9653
bool
config KERNEL_MISLIC_NONE
bool
config KERNEL_PROSLIC_SI3217X
bool
config KERNEL_PROSLIC_SI3218X
bool
config KERNEL_PROSLIC_NONE
bool
config KERNEL_MODEM_AUDIO_CONTROLLER_GSSP
bool
config KERNEL_MODEM_AUDIO_CONTROLLER_SSPA
bool
config KERNEL_MODEM_AUDIO_INTERNAL_CODEC
bool
config KERNEL_DXSLIC_DXS101
bool
config KERNEL_DXSLIC_NONE
bool
config KERNEL_SECURITY_NETWORK_XFRM
bool
default n
config XFRM_USER
tristate
default m
config KERNEL_MD
bool "Multiple devices driver support (RAID and LVM)"
config KERNEL_BLK_DEV_DM
bool "Device mapper support"
depends on KERNEL_MD
config KERNEL_DM_VERITY
bool "Verity target support"
depends on KERNEL_BLK_DEV_DM
config KERNEL_DM_CRYPT
bool "Crypt target support"
depends on KERNEL_BLK_DEV_DM
config KERNEL_DM_INIT
bool "DM \"dm-mod.create=\" parameter support"
depends on KERNEL_BLK_DEV_DM
config KERNEL_BLK_DEV_MD
bool
depends on KERNEL_MD
default n
config KERNEL_DM_DEBUG_BLOCK_MANAGER_LOCKING
bool
default n
config KERNEL_DM_SNAPSHOT
tristate
depends on KERNEL_BLK_DEV_DM
default n
config KERNEL_DM_VERITY_VERIFY_ROOTHASH_SIG
bool
depends on KERNEL_DM_VERITY
default n
config KERNEL_DM_VERITY_FEC
bool
depends on KERNEL_DM_VERITY
default n
config KERNEL_DM_BOW
tristate
depends on KERNEL_BLK_DEV_DM
default n
config KERNEL_DM_USER
tristate
depends on KERNEL_BLK_DEV_DM
config KERNEL_TEE
bool "Trusted Execution Environment support"
depends on (arm && TEE_OS)
config KERNEL_OPTEE
bool "OP-TEE"
depends on KERNEL_TEE
config KERNEL_OPTEE_SHM_NUM_PRIV_PAGES
int "Private Shared Memory Pages"
default 1
depends on KERNEL_OPTEE
config KERNEL_HW_RANDOM_OPTEE
bool
default n
config KERNEL_ASR_DSDS
bool "Enable DSDS in Linux kernel"
default n
config KERNEL_ASR_OPTEE_VIRTUAL_UART
bool "ASR forwarding Secure OS log to Linux kernel"
default n
depends on KERNEL_OPTEE
config KERNEL_ASR_OPTEE_LOG_LEVEL
bool "OPTEE log level in secure os"
default n
depends on KERNEL_OPTEE
config KERNEL_HW_RANDOM_ASR
bool
default n
config KERNEL_CRYPTO_USER_API
bool
default n
config KERNEL_CRYPTO
bool
default n
config KERNEL_CRYPTO_USER_API_SKCIPHER
bool
default n
config KERNEL_CRYPTO_USER_API_HASH
bool
default n
config KERNEL_IMA
bool
depends on SECURE_IMA
config KERNEL_IMA_TRUSTED_KEYRING
bool
default n
config KERNEL_IMA_BLACKLIST_KEYRING
bool
default n
config KERNEL_INTEGRITY
bool
depends on SECURE_IMA
config KERNEL_INTEGRITY_AUDIT
bool
depends on (KERNEL_INTEGRITY && KERNEL_AUDIT)
config KERNEL_IMA_APPRAISE
bool
depends on SECURE_IMA
config KERNEL_IMA_APPRAISE_BOOTPARAM
bool
depends on SECURE_IMA
config KERNEL_IMA_READ_POLICY
bool
default n
config KERNEL_IMA_WRITE_POLICY
bool
default n
choice
prompt "Default template"
default KERNEL_IMA_NG_TEMPLATE
depends on KERNEL_IMA
config KERNEL_IMA_TEMPLATE
bool "ima"
config KERNEL_IMA_NG_TEMPLATE
bool "ima-ng (default)"
config KERNEL_IMA_SIG_TEMPLATE
bool "ima-sig"
endchoice
config KERNEL_IMA_DEFAULT_TEMPLATE
string
depends on KERNEL_IMA
default "ima" if KERNEL_IMA_TEMPLATE
default "ima-ng" if KERNEL_IMA_NG_TEMPLATE
default "ima-sig" if KERNEL_IMA_SIG_TEMPLATE
choice
prompt "Default integrity hash algorithm"
default KERNEL_IMA_DEFAULT_HASH_SHA1
depends on KERNEL_IMA
config KERNEL_IMA_DEFAULT_HASH_SHA1
bool "SHA1 (default)"
config KERNEL_IMA_DEFAULT_HASH_SHA256
bool "SHA256"
depends on !KERNEL_IMA_TEMPLATE
endchoice
config KERNEL_IMA_DEFAULT_HASH
string
depends on KERNEL_IMA
default "sha1" if KERNEL_IMA_DEFAULT_HASH_SHA1
default "sha256" if KERNEL_IMA_DEFAULT_HASH_SHA256
config KERNEL_AB_SYSTEM
bool
depends on AB_SYSTEM
config KERNEL_ASR_SDTIM
bool
default n
config KERNEL_INTEGRITY_SIGNATURE
bool
depends on SECURE_IMA
config KERNEL_SIGNATURE
tristate
depends on KERNEL_INTEGRITY_SIGNATURE
config KERNEL_SYSTEM_TRUSTED_KEYRING
bool
default n
config KERNEL_INTEGRITY_ASYMMETRIC_KEYS
bool
depends on KERNEL_EVM
default n
config KERNEL_INTEGRITY_TRUSTED_KEYRING
bool
depends on KERNEL_INTEGRITY_ASYMMETRIC_KEYS
default n
config KERNEL_EVM_LOAD_X509
bool
default n
config KERNEL_IMA_APPRAISE_BUILD_POLICY
bool
default n
config KERNEL_IMA_ARCH_POLICY
bool "Enable loading an IMA architecture specific policy"
default n
config KERNEL_IMA_APPRAISE_MODSIG
bool "Support module-style signatures for appraisal"
default n
config KERNEL_QSPINAND_64M
bool
default n
config KERNEL_STRICT_KERNEL_RWX
bool "Make kernel text and rodata read-only"
default n
help
If this is set, kernel text and rodata memory will be made read-only,
and non-text memory will be made non-executable. This provides
protection against certain security exploits (e.g. executing the heap
or modifying text)
These features are considered standard security practice these days.
You should say Y here in almost all cases.
config KERNEL_EVM
bool "EVM support"
depends on SECURE_IMA
config KERNEL_CRYPTO_RNG
tristate "RNG"
depends on SECURE_IMA
config KERNEL_ENCRYPTED_KEYS
tristate "ENCRYPTED KEYS"
depends on SECURE_IMA
config KERNEL_TRUSTED_KEYS
tristate "TRUSTED KEYS"
depends on SECURE_IMA
config KERNEL_EVM_ADD_XATTRS
bool "Add additional EVM extended attributes at runtime"
depends on KERNEL_EVM
default n
config KERNEL_EVM_ATTR_FSUUID
bool "FSUUID (version 2)"
depends on KERNEL_EVM
default n
config KERNEL_ASYMMETRIC_TPM_KEY_SUBTYPE
tristate "Asymmetric TPM backed private key subtype"
depends on KERNEL_TRUSTED_KEYS
default n
config KERNEL_MEDIA_CAMERA_SUPPORT
bool
default n
config KERNEL_MEDIA_CONTROLLER
bool
default n
config KERNEL_MEDIA_SUPPORT
bool
default n
config KERNEL_V4L2_FWNODE
bool
default n
config KERNEL_VIDEOBUF2_CORE
bool
default n
config KERNEL_VIDEOBUF2_DMA_CONTIG
bool
default n
config KERNEL_VIDEOBUF2_MEMOPS
bool
default n
config KERNEL_VIDEOBUF2_V4L2
bool
default n
config KERNEL_VIDEOBUF2_VMALLOC
bool
default n
config KERNEL_VIDEO_DEV
bool
default n
config KERNEL_VIDEO_V4L2
bool
default n
config KERNEL_VIDEO_V4L2_I2C
bool
default n
config KERNEL_VIDEO_V4L2_SUBDEV_API
bool
default n
config KERNEL_VIDEO_GC032A
bool
default n
config KERNEL_ASR_CAMERA
bool
default n
select KERNEL_MEDIA_CAMERA_SUPPORT
select KERNEL_MEDIA_CONTROLLER
select KERNEL_MEDIA_SUPPORT
select KERNEL_V4L2_FWNODE
select KERNEL_VIDEOBUF2_CORE
select KERNEL_VIDEOBUF2_DMA_CONTIG
select KERNEL_VIDEOBUF2_MEMOPS
select KERNEL_VIDEOBUF2_V4L2
select KERNEL_VIDEOBUF2_VMALLOC
select KERNEL_VIDEO_DEV
select KERNEL_VIDEO_V4L2
select KERNEL_VIDEO_V4L2_I2C
select KERNEL_VIDEO_V4L2_SUBDEV_API
select KERNEL_VIDEO_GC032A
config KERNEL_VIDEO_GS1662
bool
default n
config KERNEL_VIDEO_IMX214
bool
default n
config KERNEL_VIDEO_IMX258
bool
default n
config KERNEL_VIDEO_IMX274
bool
default n
config KERNEL_VIDEO_IMX319
bool
default n
config KERNEL_VIDEO_IMX355
bool
default n
config KERNEL_VIDEO_LM3560
bool
default n
config KERNEL_VIDEO_LM3646
bool
default n
config KERNEL_VIDEO_M5MOLS
bool
default n
config KERNEL_VIDEO_MT9M001
bool
default n
config KERNEL_VIDEO_MT9M032
bool
default n
config KERNEL_VIDEO_MT9P031
bool
default n
config KERNEL_VIDEO_MT9T001
bool
default n
config KERNEL_VIDEO_MT9V032
bool
default n
config KERNEL_VIDEO_OV13858
bool
default n
config KERNEL_VIDEO_OV2680
bool
default n
config KERNEL_VIDEO_OV2685
bool
default n
config KERNEL_VIDEO_OV5640
bool
default n
config KERNEL_VIDEO_OV5645
bool
default n
config KERNEL_VIDEO_OV5647
bool
default n
config KERNEL_VIDEO_OV5670
bool
default n
config KERNEL_VIDEO_OV5675
bool
default n
config KERNEL_VIDEO_OV7251
bool
default n
config KERNEL_VIDEO_OV8856
bool
default n
config KERNEL_VIDEO_OV9650
bool
default n
config KERNEL_VIDEO_S5C73M3
bool
default n
config KERNEL_VIDEO_S5K4ECGX
bool
default n
config KERNEL_VIDEO_S5K5BAF
bool
default n
config KERNEL_VIDEO_S5K6A3
bool
default n
config KERNEL_VIDEO_S5K6AA
bool
default n
config KERNEL_VIDEO_SMIAPP
bool
default n
config KERNEL_VIDEO_ST_MIPID02
bool
default n
config KERNEL_VIDEO_TC358743
bool
default n
config KERNEL_VIDEO_TDA1997X
bool
default n
config KERNEL_VIDEO_DW9714
bool
default n
config KERNEL_VIDEO_DW9807_VCM
bool
default n
config KERNEL_VIDEO_ET8EK8
bool
default n
config KERNEL_VIDEO_AD5820
bool
default n
config KERNEL_VIDEO_AD9389B
bool
default n
config KERNEL_VIDEO_ADP1653
bool
default n
config KERNEL_VIDEO_ADV748X
bool
default n
config KERNEL_VIDEO_ADV7511
bool
default n
config KERNEL_VIDEO_ADV7604
bool
default n
config KERNEL_VIDEO_ADV7842
bool
default n
config KERNEL_VIDEO_AK7375
bool
default n
config KERNEL_V4L_PLATFORM_DRIVERS
bool
default n
config KERNEL_POSE
bool "ASR POS-E support"
select KERNEL_ASR_CAMERA
config KERNEL_POSL
bool "ASR POS-L support"
select KERNEL_ASR_CAMERA
config KERNEL_FB
bool
default n
config KERNEL_FB_SYS_FILLRECT
bool
default n
config KERNEL_FB_SYS_COPYAREA
bool
default n
config KERNEL_FB_SYS_IMAGEBLIT
bool
default n
config KERNEL_FB_SYS_FOPS
bool
default n
config KERNEL_FB_DEFERRED_IO
bool
default n
config KERNEL_FB_CFB_FILLRECT
bool
default n
config KERNEL_FB_CFB_COPYAREA
bool
default n
config KERNEL_FB_CFB_IMAGEBLIT
bool
default n
config KERNEL_PWM
bool
default n
config KERNEL_PWM_PXA
bool
default n
config KERNEL_PWM_SYSFS
bool
default n
config KERNEL_BACKLIGHT_CLASS_DEVICE
bool
default n
config KERNEL_BACKLIGHT_PWM
bool
default n
config KERNEL_INPUT_TOUCHSCREEN
bool
default n
config KERNEL_TOUCHSCREEN_EDT_FT5X06
bool
default n
config KERNEL_TOUCHSCREEN_PROPERTIES
bool
default n
config KERNEL_TOUCHSCREEN_ASR_TSC
bool
default n
config KERNEL_FB_ASR
bool "ASR framebuffer support"
depends on KERNEL_FB
default n
select KERNEL_FB_SYS_FILLRECT
select KERNEL_FB_SYS_COPYAREA
select KERNEL_FB_SYS_IMAGEBLIT
select KERNEL_FB_SYS_FOPS
select KERNEL_FB_DEFERRED_IO
select KERNEL_FB_CFB_FILLRECT
select KERNEL_FB_CFB_COPYAREA
select KERNEL_FB_CFB_IMAGEBLIT
help
Framebuffer support for ASR
choice
prompt "Select the LCD interface"
depends on KERNEL_FB_ASR
default KERNEL_FB_ASR_MIPI if LCDC_MIPI
default KERNEL_FB_ASR_SPI if LCDC_SPI
default KERNEL_FB_ASR_MCU
config KERNEL_FB_ASR_SPI
bool "SPI"
config KERNEL_FB_ASR_MCU
bool "MCU"
config KERNEL_FB_ASR_MIPI
bool "MIPI"
endchoice
config KERNEL_FB_SPI_LCD
bool "ASR SPI LCD framebuffer support"
depends on KERNEL_FB
default n
select KERNEL_FB_SYS_FILLRECT
select KERNEL_FB_SYS_COPYAREA
select KERNEL_FB_SYS_IMAGEBLIT
select KERNEL_FB_SYS_FOPS
select KERNEL_FB_DEFERRED_IO
select KERNEL_FB_CFB_FILLRECT
select KERNEL_FB_CFB_COPYAREA
select KERNEL_FB_CFB_IMAGEBLIT
select KERNEL_PWM
select KERNEL_PWM_PXA
select KERNEL_PWM_SYSFS
select KERNEL_BACKLIGHT_CLASS_DEVICE
select KERNEL_BACKLIGHT_PWM
help
SPI LCD Framebuffer support for ASR
choice
prompt "Select the LCD interface"
depends on KERNEL_FB_SPI_LCD
default KERNEL_SPI_LCD_ALL
default KERNEL_SPI_LCD_GC9102
default KERNEL_SPI_LCD_GC9106
default KERNEL_SPI_LCD_ST7735
default KERNEL_SPI_LCD_ST7789V
config KERNEL_SPI_LCD_ALL
bool "ALL"
config KERNEL_SPI_LCD_GC9102
bool "GC9102"
config KERNEL_SPI_LCD_GC9106
bool "GC9106"
config KERNEL_SPI_LCD_ST7735
bool "ST7735"
config KERNEL_SPI_LCD_ST7789V
bool "ST7789V"
endchoice