399 lines
9.8 KiB
Plaintext
399 lines
9.8 KiB
Plaintext
CONFIG_LOGO_LINUX_CLUT224_FILE="drivers/video/logo/logo_gokrazy_clut224.ppm"
|
||
|
||
CONFIG_IPV6=y
|
||
# Compile in debug logging
|
||
# CONFIG_DYNAMIC_DEBUG=y
|
||
|
||
# Speed up boot and processing in general
|
||
CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
|
||
CONFIG_DEBUG_KERNEL=n
|
||
|
||
# Syn flood protection. Configurable in /proc
|
||
CONFIG_SYN_COOKIES=y
|
||
|
||
# I use btrfs
|
||
CONFIG_BTRFS_FS=y
|
||
CONFIG_BTRFS_FS_POSIX_ACL=y
|
||
|
||
# NTFS
|
||
CONFIG_NTFS3_FS=y
|
||
|
||
CONFIG_XFS_FS=y
|
||
CONFIG_BCACHE=y
|
||
|
||
# Energy efficiency over performance
|
||
CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
|
||
|
||
# For Squashfs (root file system):
|
||
CONFIG_SQUASHFS=y
|
||
CONFIG_SQUASHFS_FILE_CACHE=y
|
||
CONFIG_SQUASHFS_XATTR=y
|
||
CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y
|
||
CONFIG_SQUASHFS_ZSTD=y
|
||
CONFIG_SQUASHFS_ZLIB=y
|
||
CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
|
||
|
||
# Support video decoding
|
||
CONFIG_MEDIA_SUPPORT=y
|
||
CONFIG_VIDEO_ROCKCHIP_IEP=y
|
||
CONFIG_VIDEO_ROCKCHIP_VDEC=y
|
||
|
||
# I added the patch for it
|
||
CONFIG_CRYPTO_DEV_ROCKCHIP_TRNG=y
|
||
|
||
CONFIG_DRM=y
|
||
# For a console on HDMI:
|
||
# # TODO: the simpledrm driver just does not work for me. the ASRock logo never disappears from HDMI
|
||
# # [ 0.364059] [drm] Initialized simpledrm 1.0.0 20200625 for simple-framebuffer.0 on minor 0
|
||
# CONFIG_DRM_SIMPLEDRM=y
|
||
# CONFIG_X86_SYSFB=y
|
||
#
|
||
# Whereas with (working) efifb, I see:
|
||
# # [ 0.460084] efifb: probing for efifb
|
||
# # [ 0.460096] efifb: framebuffer at 0xe9000000, using 3072k, total 3072k
|
||
# # [ 0.460099] efifb: mode is 1024x768x32, linelength=4096, pages=1
|
||
# # [ 0.460101] efifb: scrolling: redraw
|
||
# # [ 0.460103] efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0
|
||
CONFIG_DRM_SIMPLEDRM=n
|
||
CONFIG_X86_SYSFB=n
|
||
CONFIG_FB=y
|
||
CONFIG_FB_EFI=y
|
||
CONFIG_FB_SIMPLE=y
|
||
CONFIG_DRM_FBDEV_EMULATION=y
|
||
CONFIG_FRAMEBUFFER_CONSOLE=y
|
||
|
||
# For FUSE (for cpu(1)):
|
||
CONFIG_FUSE_FS=y
|
||
|
||
# For using github.com/vishvananda/netlink
|
||
CONFIG_NETFILTER_NETLINK_QUEUE=y
|
||
CONFIG_XFRM_USER=y
|
||
|
||
# Enable the RK3588 CPU
|
||
CONFIG_ARCH_ROCKCHIP=y
|
||
CONFIG_CPU_RK3588=y
|
||
|
||
# Enable all the ROCKCHIP options TODO are some of these even used???
|
||
CONFIG_CRYPTO_DEV_ROCKCHIP2=y
|
||
CONFIG_CRYPTO_DEV_ROCKCHIP=y
|
||
CONFIG_HW_RANDOM_ROCKCHIP=y
|
||
CONFIG_MFD_RK8XX_I2C=y
|
||
CONFIG_MFD_RK8XX_SPI=y
|
||
CONFIG_MMC_DW_ROCKCHIP=y
|
||
CONFIG_NVMEM_ROCKCHIP_EFUSE=y
|
||
CONFIG_NVMEM_ROCKCHIP_OTP=y
|
||
CONFIG_PCIE_ROCKCHIP_HOST=y
|
||
CONFIG_PHY_ROCKCHIP_DP=y
|
||
CONFIG_PHY_ROCKCHIP_DPHY_RX0=y
|
||
CONFIG_PHY_ROCKCHIP_EMMC=y
|
||
CONFIG_PHY_ROCKCHIP_INNO_CSIDPHY=y
|
||
CONFIG_PHY_ROCKCHIP_INNO_DSIDPHY=y
|
||
CONFIG_PHY_ROCKCHIP_INNO_HDMI=y
|
||
CONFIG_PHY_ROCKCHIP_INNO_USB2=y
|
||
CONFIG_PHY_ROCKCHIP_NANENG_COMBO_PHY=y
|
||
CONFIG_PHY_ROCKCHIP_PCIE=y
|
||
CONFIG_PHY_ROCKCHIP_SAMSUNG_HDPTX=y
|
||
CONFIG_PHY_ROCKCHIP_SNPS_PCIE3=y
|
||
CONFIG_PHY_ROCKCHIP_TYPEC=y
|
||
CONFIG_PHY_ROCKCHIP_USB=y
|
||
CONFIG_PHY_ROCKCHIP_USBDP=y
|
||
CONFIG_PWM_ROCKCHIP=y
|
||
CONFIG_ROCKCHIP_IODOMAIN=y
|
||
CONFIG_ROCKCHIP_IOMMU=y
|
||
CONFIG_ROCKCHIP_MBOX=y
|
||
CONFIG_ROCKCHIP_PHY=y
|
||
CONFIG_ROCKCHIP_PM_DOMAINS=y
|
||
CONFIG_ROCKCHIP_THERMAL=y
|
||
CONFIG_SPI_ROCKCHIP=y
|
||
CONFIG_SPI_ROCKCHIP_SFC=y
|
||
CONFIG_VIDEO_ROCKCHIP_VDEC2=y
|
||
|
||
# Rockchip MMC
|
||
CONFIG_MMC_DW=y
|
||
CONFIG_MMC_DW_ROCKCHIP=y
|
||
# Fan control?
|
||
CONFIG_REGULATOR_FAN53555=y
|
||
CONFIG_REGULATOR_FAN53200=y
|
||
|
||
# Not Needed???
|
||
CONFIG_RTC_DRV_RK808=y
|
||
# CM3588 RTC driver
|
||
CONFIG_RTC_DRV_HYM8563=y
|
||
|
||
# Shouldn't this be done elsewhere?
|
||
CONFIG_CMDLINE="console=ttyAMA0"
|
||
|
||
# This is what friendlyelec has
|
||
CONFIG_HZ_300=y
|
||
|
||
# Quad core CPU
|
||
CONFIG_NR_CPUS=8
|
||
|
||
# Power button
|
||
CONFIG_PINCTRL_RK805=y
|
||
CONFIG_INPUT_RK805_PWRKEY=y
|
||
|
||
# Needed to ensure DWMAC_ROCKCHIP is built, which is needed for Ethernet..... probabl
|
||
CONFIG_STMMAC_ETH=y
|
||
CONFIG_STMMAC_PLATFORM=y
|
||
CONFIG_DWMAC_GENERIC=y
|
||
CONFIG_DWMAC_ROCKCHIP=y
|
||
|
||
# cm3588 ethernet driver
|
||
CONFIG_REALTEK_PHY=y
|
||
CONFIG_R8169=y
|
||
CONFIG_R8169_LEDS=y
|
||
|
||
# Try to enable HDMI out
|
||
CONFIG_DRM_ROCKCHIP=y
|
||
CONFIG_ROCKCHIP_VOP2=y
|
||
CONFIG_ROCKCHIP_DW_HDMI=y
|
||
CONFIG_ROCKCHIP_DW_HDMI_QP=y
|
||
CONFIG_DRM_PANTHOR=y
|
||
# Needed for V4L
|
||
CONFIG_MEDIA_SUPPORT=y
|
||
CONFIG_MEDIA_PLATFORM_SUPPORT=y
|
||
CONFIG_MEDIA_PLATFORM_DRIVERS=y
|
||
CONFIG_V4L_PLATFORM_DRIVERS=y
|
||
CONFIG_V4L_MEM2MEM_DRIVERS=y
|
||
CONFIG_VIDEO_ROCKCHIP_VDEC=y
|
||
CONFIG_VIDEO_ROCKCHIP_RGA=y
|
||
CONFIG_VIDEO_HANTRO=y
|
||
CONFIG_VIDEO_HANTRO_ROCKCHIP=y
|
||
|
||
#Maybe needed
|
||
CONFIG_VIDEO_MUX=y
|
||
CONFIG_VIDEO_ROCKCHIP_ISP1=y
|
||
CONFIG_VIDEO_ROCKCHIP_IEP=y
|
||
|
||
# USB Stuff??
|
||
CONFIG_TYPEC=y
|
||
CONFIG_USB_DWC3_ULPI=y
|
||
CONFIG_USB_DWC3_DUAL_ROLE=y
|
||
|
||
# Possibly used for gpu acceleration
|
||
CONFIG_DMABUF_HEAPS=y
|
||
CONFIG_DMABUF_HEAPS_SYSTEM=y
|
||
CONFIG_DMABUF_HEAPS_CMA=y
|
||
|
||
|
||
# Try to enable sound
|
||
CONFIG_SND_SOC_RT5616=y
|
||
|
||
# For podman:
|
||
|
||
CONFIG_OVERLAY_FS=y
|
||
CONFIG_VETH=y
|
||
CONFIG_CGROUP_PIDS=y
|
||
CONFIG_BRIDGE=y
|
||
CONFIG_IP6_NF_IPTABLES=y
|
||
CONFIG_IP_NF_IPTABLES=y
|
||
CONFIG_IP_NF_NAT=y
|
||
CONFIG_IP_NF_TARGET_MASQUERADE=y
|
||
CONFIG_NETFILTER=y
|
||
CONFIG_NETFILTER_ADVANCED=y
|
||
CONFIG_NETFILTER_XT_MARK=y
|
||
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
|
||
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
|
||
CONFIG_NETFILTER_XTABLES=y
|
||
CONFIG_NF_CONNTRACK=y
|
||
CONFIG_NF_CONNTRACK_SECMARK=y
|
||
CONFIG_NF_CT_NETLINK=y
|
||
CONFIG_NF_FLOW_TABLE=y
|
||
CONFIG_NF_FLOW_TABLE_INET=y
|
||
CONFIG_NF_LOG_SYSLOG=y
|
||
CONFIG_NF_MASQUERADE=y
|
||
CONFIG_NF_NAT=y
|
||
CONFIG_NF_NAT_IPV4=y
|
||
CONFIG_NF_NAT_MASQUERADE=y
|
||
CONFIG_NF_NAT_MASQUERADE_IPV4=y
|
||
CONFIG_NF_NAT_REDIRECT=y
|
||
CONFIG_NF_TABLES=y
|
||
CONFIG_NF_TABLES_INET=y
|
||
CONFIG_NF_TABLES_IPV4=y
|
||
CONFIG_NF_TABLES_IPV6=y
|
||
CONFIG_NF_TABLES_NETDEV=y
|
||
CONFIG_NFT_CHAIN_NAT_IPV4=y
|
||
CONFIG_NFT_CHAIN_ROUTE_IPV4=y
|
||
CONFIG_NFT_CHAIN_ROUTE_IPV6=y
|
||
CONFIG_NFT_COMPAT=y
|
||
CONFIG_NFT_COUNTER=y
|
||
CONFIG_NFT_CT=y
|
||
CONFIG_NFT_DUP_IPV4=y
|
||
CONFIG_NFT_DUP_IPV6=y
|
||
CONFIG_NFT_EXTHDR=y
|
||
CONFIG_NFT_FIB_INET=y
|
||
CONFIG_NFT_FIB_IPV4=y
|
||
CONFIG_NFT_FIB_IPV6=y
|
||
CONFIG_NFT_FIB_NETDEV=y
|
||
CONFIG_NFT_HASH=y
|
||
CONFIG_NFT_LIMIT=y
|
||
CONFIG_NFT_LOG=y
|
||
CONFIG_NFT_MASQ=y
|
||
CONFIG_NFT_MASQ_IPV4=y
|
||
CONFIG_NFT_META=y
|
||
CONFIG_NFT_NAT=y
|
||
CONFIG_NFT_OBJREF=y
|
||
CONFIG_NFT_PAYLOAD=y
|
||
CONFIG_NFT_RBTREE=y
|
||
CONFIG_NFT_REDIR=y
|
||
CONFIG_NFT_REJECT=y
|
||
CONFIG_NFT_REJECT_INET=y
|
||
CONFIG_NFT_REJECT_IPV4=y
|
||
CONFIG_NFT_REJECT_NETDEV=y
|
||
|
||
# Explicitly disable nftables helper modules to prevent NAT slipstreaming attacks:
|
||
# https://samy.pl/slipstream/
|
||
CONFIG_NF_CONNTRACK_AMANDA=n
|
||
CONFIG_NF_CONNTRACK_FTP=n
|
||
CONFIG_NF_CONNTRACK_H323=n
|
||
CONFIG_NF_CONNTRACK_IRC=n
|
||
CONFIG_NF_CONNTRACK_NETBIOS_NS=n
|
||
CONFIG_NF_CONNTRACK_SNMP=n
|
||
CONFIG_NF_CONNTRACK_PPTP=n
|
||
CONFIG_NF_CONNTRACK_SANE=n
|
||
CONFIG_NF_CONNTRACK_SIP=n
|
||
CONFIG_NF_CONNTRACK_TFTP=n
|
||
|
||
# For using USB mass storage
|
||
CONFIG_USB_EHCI_HCD=y
|
||
CONFIG_USB_XHCI_HCD=y
|
||
CONFIG_USB_DEVICEFS=y
|
||
CONFIG_USB_STORAGE=y
|
||
|
||
# For NVMe storage
|
||
CONFIG_NVME_CORE=y
|
||
CONFIG_BLK_DEV_NVME=y
|
||
CONFIG_NVME_MULTIPATH=y
|
||
CONFIG_NVME_HWMON=y
|
||
CONFIG_NVME_TARGET_PASSTHRU=y
|
||
|
||
|
||
# For /proc/config.gz
|
||
CONFIG_IKCONFIG=y
|
||
CONFIG_IKCONFIG_PROC=y
|
||
|
||
# For kexec
|
||
CONFIG_KEXEC_FILE=y
|
||
|
||
|
||
# For WireGuard
|
||
CONFIG_NET_UDP_TUNNEL=y
|
||
CONFIG_WIREGUARD=y
|
||
|
||
# For traffic shaping using tc:
|
||
CONFIG_NET_SCH_TBF=y
|
||
|
||
# For measuring CPU temperature:
|
||
CONFIG_SENSORS_K10TEMP=y
|
||
|
||
# For iproute2’s ss(8):
|
||
# CONFIG_INET_DIAG=y
|
||
# CONFIG_UNIX_DIAG=y
|
||
# CONFIG_PACKET_DIAG=y # ss
|
||
|
||
# For macvlan ethernet devices:
|
||
CONFIG_MACVLAN=y
|
||
|
||
# For virtio drivers (for qemu):
|
||
#CONFIG_VIRTIO_PCI=y
|
||
#CONFIG_VIRTIO_BALLOON=y
|
||
#CONFIG_VIRTIO_BLK=y
|
||
#CONFIG_VIRTIO_NET=y
|
||
#CONFIG_VIRTIO=y
|
||
#CONFIG_VIRTIO_RING=y
|
||
# For watchdog within qemu:
|
||
#CONFIG_I6300ESB_WDT=y
|
||
|
||
# For running KVM-accelerated qemu VMs:
|
||
#CONFIG_KVM=y
|
||
#CONFIG_KVM_INTEL=y
|
||
#CONFIG_KVM_AMD=y
|
||
#CONFIG_KVM_AMD_SEV=y
|
||
|
||
# For bridge ethernet devices:
|
||
CONFIG_BRIDGE=y
|
||
|
||
# Include hardware interrupt CPU usage in /proc/stat CPU time reporting:
|
||
CONFIG_IRQ_TIME_ACCOUNTING=y
|
||
|
||
# For tun devices, see https://www.kernel.org/doc/Documentation/networking/tuntap.txt
|
||
CONFIG_TUN=y
|
||
|
||
# For runc:
|
||
CONFIG_BPF_SYSCALL=y
|
||
CONFIG_CGROUP_FREEZER=y
|
||
CONFIG_CGROUP_BPF=y
|
||
CONFIG_SOCK_CGROUP_DATA=y
|
||
CONFIG_NET_SOCK_MSG=y
|
||
|
||
|
||
# Enable TCP BBR as default congestion control
|
||
CONFIG_TCP_CONG_BBR=y
|
||
CONFIG_DEFAULT_BBR=y
|
||
CONFIG_DEFAULT_TCP_CONG="bbr"
|
||
|
||
# Linux 6.1:
|
||
# In file included from <command-line>:0:0:
|
||
# drivers/gpu/drm/i915/i915_sw_fence_work.c: In function 'dma_fence_work_init':
|
||
# drivers/gpu/drm/i915/i915_sw_fence.h:57:20: error: the comparison will always evaluate as 'false' for the address of 'fence_notify' will never be NULL [-Werror=address]
|
||
# BUILD_BUG_ON((fn) == NULL); \
|
||
# ^
|
||
# ././include/linux/compiler_types.h:337:9: note: in definition of macro '__compiletime_assert'
|
||
# if (!(condition)) \
|
||
# ^~~~~~~~~
|
||
# ././include/linux/compiler_types.h:357:2: note: in expansion of macro '_compiletime_assert'
|
||
# _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
|
||
# ^~~~~~~~~~~~~~~~~~~
|
||
# ./include/linux/build_bug.h:39:37: note: in expansion of macro 'compiletime_assert'
|
||
# #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
|
||
# ^~~~~~~~~~~~~~~~~~
|
||
# ./include/linux/build_bug.h:50:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
|
||
# BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
|
||
# ^~~~~~~~~~~~~~~~
|
||
# drivers/gpu/drm/i915/i915_sw_fence.h:57:2: note: in expansion of macro 'BUILD_BUG_ON'
|
||
# BUILD_BUG_ON((fn) == NULL); \
|
||
# ^~~~~~~~~~~~
|
||
# drivers/gpu/drm/i915/i915_sw_fence_work.c:89:2: note: in expansion of macro 'i915_sw_fence_init'
|
||
# i915_sw_fence_init(&f->chain, fence_notify);
|
||
# ^~~~~~~~~~~~~~~~~~
|
||
# cc1: all warnings being treated as errors
|
||
# make[5]: *** [drivers/gpu/drm/i915/i915_sw_fence_work.o] Error 1
|
||
# make[4]: *** [drivers/gpu/drm/i915] Error 2
|
||
# make[3]: *** [drivers/gpu/drm] Error 2
|
||
CONFIG_WERROR=n
|
||
|
||
# Enable zstd compression to stay below 15 MB, which is the size of Extended Memory.
|
||
# This is relevant to keep the kernel booting with the minimal MBR loader we use.
|
||
CONFIG_KERNEL_ZSTD=y
|
||
|
||
# For qemu -M microvm quick boots:
|
||
#CONFIG_VIRTIO_MMIO=y
|
||
|
||
# Relevant for rk3588????
|
||
# CONFIG_HW_RANDOM_VIRTIO=y
|
||
# CONFIG_XEN_VIRTIO=y
|
||
# CONFIG_VIRTIO_IOMMU=y
|
||
|
||
# for easy sandboxing with go-landlock
|
||
CONFIG_SECURITY_LANDLOCK=y
|
||
|
||
# ???????
|
||
CONFIG_IPV6_MULTIPLE_TABLES=y
|
||
CONFIG_NF_SOCKET_IPV6=y
|
||
CONFIG_NETLINK_DIAG=y
|
||
CONFIG_INET_DIAG_DESTROY=y
|
||
|
||
# Serial port drivers
|
||
CONFIG_SERIAL_CORE=y
|
||
CONFIG_SERIAL_CORE_CONSOLE=y
|
||
CONFIG_SERIAL_8250=y
|
||
CONFIG_SERIAL_8250_DW=y
|
||
CONFIG_SERIAL_8250_CONSOLE=y
|
||
CONFIG_MKISS=y
|
||
CONFIG_6PACK=y
|
||
CONFIG_BPQETHER=y
|
||
CONFIG_BAYCOM_SER_FDX=y
|
||
CONFIG_BAYCOM_SER_HDX=y
|
||
CONFIG_YAM=y
|