-
Notifications
You must be signed in to change notification settings - Fork 0
/
kconfigcheck.toml
357 lines (338 loc) · 10.8 KB
/
kconfigcheck.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
# pmaports CI and "pmbootstrap kconfig check" use this file to ensure our
# kernels have certain kernel config options set. Which categories are checked
# depends on options="pmb:kconfigcheck-…" in the linux APKBUILD. If no such
# option is set, see the default in ["category:default".">=0.0.0"."all"] below.
[aliases]
# Devices with options="pmb:kconfigcheck-community" in the device APKBUILD will
# check for the following categories. A CI check ensures that all devices in
# device/main and device/community dirs have this option. Devices in testing
# may also have "pmb:kconfigcheck-community", but it may be removed when
# modifying the required options and adjusting the devices in testing is too
# much effort. Device maintainers may fix it up afterwards and add it back.
community = [
"category:default",
"category:community_various",
"category:containers",
"category:debug",
"category:filesystems",
"category:input",
"category:iwd",
"category:libcamera",
"category:netboot",
"category:nftables",
"category:usb_gadgets",
"category:waydroid",
"category:wireguard",
"category:zram",
]
# Format for rule sections:
# ["category:<NAME>"."<KERNEL_VERSION>"."<ARCHITECTURES>"]
# Implemented value types:
# - boolean (e.g. 'ANDROID_PARANOID_NETWORK = false'):
# - false: disabled
# - true: enabled, either as module or built-in
# - list (e.g. 'ANDROID_BINDER_DEVICES = ["binder", "hwbinder"]'):
# - each element of the array must be contained in the kernel config string,
# in any order. The example above would accept the following in the config:
# CONFIG_ANDROID_BINDER_DEVICES="hwbinder,vndbinder,binder"
# - string (e.g. 'LSM = "lockdown,yama,loadpin,safesetid,integrity"'):
# - the value in the kernel config must be the same as the given string. Use
# this e.g. if the order of the elements is important.
# default: all devices must satisfy these
["category:default".">=0.0.0"."all"]
ANDROID_PARANOID_NETWORK = false
BLK_DEV_INITRD = true
CGROUPS = true
CRYPTO_AES = true
CRYPTO_XTS = true
DEVTMPFS = true
DM_CRYPT = true
INPUT_EVDEV = true
EXT4_FS = true
KINETO_GAN = false
PFT = false
SEC_RESTRICT_ROOTING = false
SYSVIPC = true
TMPFS_POSIX_ACL = true
USE_VFB = false
VT = true
["category:default".">=2.6.0"."all"]
BINFMT_ELF = true
["category:default".">=3.10.0"."all"]
BINFMT_SCRIPT = true
["category:default".">=4.0.0"."all"]
UEVENT_HELPER = true
USER_NS = true
["category:default"."<4.7.0"."all"]
DEVPTS_MULTIPLE_INSTANCES = true
["category:default"."<4.14.0"."all"]
SAMSUNG_TUI = false
TZDEV = false
["category:default"."<5.2.0"."armhf armv7 x86"]
LBDAF = true
["category:default".">=5.19.0"."all"]
FW_LOADER_COMPRESS_ZSTD = true
# waydroid: android compatibility layer
["category:waydroid".">=0.0.0"."all"]
ANDROID_BINDERFS = false
ANDROID_BINDER_DEVICES = ["binder", "hwbinder", "vndbinder"]
ANDROID_BINDER_IPC = true
ANDROID_BINDER_IPC_SELFTEST = false
BLK_DEV_LOOP = true
BPF_SYSCALL = true
BRIDGE = true
BRIDGE_VLAN_FILTERING = true
CGROUP_BPF = true
FUSE_FS = true
IP_NF_MANGLE = true
NETFILTER_XTABLES = true
NETFILTER_XT_MATCH_COMMENT = true
PSI = true
PSI_DEFAULT_DISABLED = false
SQUASHFS = true
SQUASHFS_XATTR = true
SQUASHFS_XZ = true
TMPFS_XATTR = true
TUN = true
VETH = true
VLAN_8021Q = true # prerequisite for bridge
["category:waydroid".">=3.5"."all"]
CROSS_MEMORY_ATTACH = true
["category:waydroid".">=4.20.0"."all"]
PSI = true # required by userspace OOM killer
PSI_DEFAULT_DISABLED = false
["category:waydroid"."<5.18"."all"]
ASHMEM = true
# iwd: modern inet wireless daemon
# Obtained from 'grep ADD_MISSING src/main.c' in iwd.git
["category:iwd".">=0.0.0"."all"]
ASYMMETRIC_KEY_TYPE = true
ASYMMETRIC_PUBLIC_KEY_SUBTYPE = true
CRYPTO_AES = true
CRYPTO_CBC = true
CRYPTO_CMAC = true
CRYPTO_DES = true
CRYPTO_ECB = true
CRYPTO_HMAC = true
CRYPTO_MD5 = true
CRYPTO_SHA1 = true
CRYPTO_SHA256 = true
CRYPTO_SHA512 = true
CRYPTO_USER_API_HASH = true
CRYPTO_USER_API_SKCIPHER = true
KEYS = true
KEY_DH_OPERATIONS = true
PKCS7_MESSAGE_PARSER = true
PKCS8_PRIVATE_KEY_PARSER = true
X509_CERTIFICATE_PARSER = true
RFKILL = true
# nftables: firewall, not related to nft scams
["category:nftables".">=3.13.0"."all"]
NETFILTER = true
NF_CONNTRACK = true
NF_TABLES = true
NF_TABLES_INET = true
NFT_CT = true
NFT_LOG = true
NFT_LIMIT = true
NFT_MASQ = true
NFT_NAT = true
NFT_REJECT = true
NF_TABLES_IPV4 = true
NF_REJECT_IPV4 = true
IP_NF_IPTABLES = true
IP_NF_FILTER = true
IP_NF_TARGET_REJECT = true
IP_NF_NAT = true
NF_TABLES_IPV6 = true
NF_REJECT_IPV6 = true
IP6_NF_IPTABLES = true
IP6_NF_FILTER = true
IP6_NF_TARGET_REJECT = true
IP6_NF_NAT = true
["category:nftables".">=3.13.0 <0.17"."all"]
NFT_COUNTER = true
# containers: lxc, docker, etc.
["category:containers".">=0.0.0"."all"]
NAMESPACES = true
NET_NS = true
PID_NS = true
IPC_NS = true
UTS_NS = true
CGROUPS = true
CGROUP_CPUACCT = true
CGROUP_DEVICE = true
CGROUP_FREEZER = true
CGROUP_SCHED = true
CPUSETS = true
KEYS = true
VETH = true
BRIDGE = true # (also needed for waydroid)
BRIDGE_NETFILTER = true
IP_NF_FILTER = true
IP_NF_TARGET_MASQUERADE = true
NETFILTER_XT_MATCH_ADDRTYPE = true
NETFILTER_XT_MATCH_CONNTRACK = true
NETFILTER_XT_MATCH_IPVS = true
NETFILTER_XT_MARK = true
NETFILTER_XT_TARGET_CHECKSUM = true # Needed for lxc
IP_NF_NAT = true
NF_NAT = true
POSIX_MQUEUE = true
BLK_DEV_DM = true # Storage Drivers
DUMMY = true # Network Drivers
# USER_NS = true # This is already in pmOS kconfig check
BLK_CGROUP = true # Optional section
BLK_DEV_THROTTLING = true # Optional section
CGROUP_PERF = true # Optional section
NET_CLS_CGROUP = true # Optional section
FAIR_GROUP_SCHED = true # Optional section
IP_NF_TARGET_REDIRECT = true # Optional section
IP_VS = true # Optional section
IP_VS_NFCT = true # Optional section
IP_VS_PROTO_TCP = true # Optional section
IP_VS_PROTO_UDP = true # Optional section
IP_VS_RR = true # Optional section
# EXT4_FS = true # This is already in pmOS kconfig check
EXT4_FS_POSIX_ACL = true # Optional section
EXT4_FS_SECURITY = true # Optional section
["category:containers".">=3.2"."all"]
CFS_BANDWIDTH = true # Optional section
["category:containers".">=3.3"."all"]
CHECKPOINT_RESTORE = true # Needed for lxc
["category:containers".">=3.6"."all"]
MEMCG = true
DM_THIN_PROVISIONING = true # Storage Drivers
SWAP = true
["category:containers".">=3.6"."x86 x64_64"]
HUGETLB_PAGE = true
CGROUP_HUGETLB = true # Optional section
["category:containers".">=3.6 <6.1_rc1"."all"]
MEMCG_SWAP = true
["category:containers".">=3.7 <5.0"."all"]
NF_NAT_IPV4 = true # Needed for lxc
NF_NAT_IPV6 = true # Needed for lxc
["category:containers".">=3.7"."all"]
VXLAN = true # Network Drivers
IP6_NF_TARGET_MASQUERADE = true # Needed for lxc
["category:containers".">=3.9"."all"]
BRIDGE_VLAN_FILTERING = true # Network Drivers (also for waydroid)
MACVLAN = true # Network Drivers
["category:containers".">=3.13"."all"]
NFT_COMPAT = true
["category:containers".">=3.14"."all"]
CGROUP_NET_PRIO = true # Optional section
["category:containers".">=3.18"."all"]
OVERLAY_FS = true # Storage Drivers
["category:containers".">=3.19"."all"]
IPVLAN = true # Network Drivers
SECCOMP = true # Optional section
["category:containers".">=4.4"."all"]
CGROUP_PIDS = true # Optional section
# zram: RAM disk with on-the-fly compression
["category:zram".">=3.14.0"."all"]
ZRAM = true
ZSMALLOC = true
CRYPTO_LZ4 = true
LZ4_COMPRESS = true
SWAP = true
# netboot: https://postmarketos.org/netboot
["category:netboot".">=0.0.0"."all"]
BLK_DEV_NBD = true
# wireguard: VPN software, also includes options for wg-quick
["category:wireguard".">=5.6_rc1"."all"]
WIREGUARD = true
IP_ADVANCED_ROUTER = true
IP_MULTIPLE_TABLES = true
IPV6_MULTIPLE_TABLES = true
NF_TABLES = true
NF_TABLES_IPV4 = true
NF_TABLES_IPV6 = true
NFT_CT = true
NFT_FIB = true
NFT_FIB_IPV4 = true
NFT_FIB_IPV6 = true
NF_CONNTRACK_MARK = true
# filesystems
["category:filesystems".">=0.0.0"."all"]
BTRFS_FS = true
EXFAT_FS = true
EXT4_FS = true
F2FS_FS = true
UDF_FS = true
XFS_FS = true
# usb_gadgets
["category:usb_gadgets".">=0.0.0"."all"]
# disable legacy gadgets
USB_ETH = false
USB_FUNCTIONFS = false
USB_MASS_STORAGE = false
USB_G_SERIAL = false
# enable configfs gadgets
USB_CONFIGFS_ACM = true # Serial gadget for debug-shell
USB_CONFIGFS_MASS_STORAGE = true # Mass storage gadget for debug-shell
USB_CONFIGFS_NCM = true # USB networking via NCM
USB_CONFIGFS_RNDIS = true # USB networking via RNDIS (legacy)
# community_various: Various options that were not categorized properly due to
# inflexibility of previous kconfigcheck related code. We should move these to
# proper categories above and/or invent new categories with meaningful names.
# >> Do not add more here!! <<
["category:community_various".">=0.0.0"."all"]
BINFMT_MISC = true # register binary formats
CIFS = true # mount SMB shares
LEDS_TRIGGER_PATTERN = true # feedbackd
LEDS_TRIGGER_TIMER = true # hfd-service
NETFILTER_XT_MATCH_MARK = true # e.g. HashiCorp Nomad
NETFILTER_XT_MATCH_MULTIPORT = true # e.g. HashiCorp Nomad
NETFILTER_XT_MATCH_STATISTIC = true # kube-proxy
NETFILTER_XT_MATCH_TCPMSS = true # change MTU e.g. for Wireguard
NETFILTER_XT_TARGET_TCPMSS = true # change MTU e.g. for Wireguard
# TODO = Depends on SUSPEND which is not enabled for some devices
# PM_WAKELOCKS = true # Sxmo
UCLAMP_TASK = true # Scheduler hints
UCLAMP_TASK_GROUP = true # Scheduler hints
RT_GROUP_SCHED = false # https://gitlab.com/postmarketOS/pmaports/-/issues/2652
DM_INTEGRITY = true # Device-mapper integrity target
# uefi: proper modern booting
["category:uefi".">=0.0.0"."all"]
EFI_STUB = true
EFI = true
DMI = true
EFI_ESRT = true
EFI_VARS_PSTORE = true
EFI_RUNTIME_WRAPPERS = true
VFAT_FS = true
NLS_ASCII = true
["category:uefi".">=0.0.0"."x86_64"]
EFI_MIXED = true
["category:uefi".">=0.0.0"."aarch64 armv7"]
EFI_GENERIC_STUB = true
EFI_PARAMS_FROM_FDT = true
["category:uefi".">=6.1.0"."aarch64"]
# Required EFI booting compressed kernels on this arch
EFI_ZBOOT = true
["category:libcamera".">=0.0.0"."aarch64"]
UDMABUF = true
["category:input".">=0.0.0"."all"]
BT_HIDP = true # Bluetooth HID
HIDRAW = true # /dev/hidraw* support
INPUT_UINPUT = true # buffyboard
JOYSTICK_XPAD = true # Xbox controller
JOYSTICK_XPAD_FF = true # Xbox controller force-feedback
JOYSTICK_XPAD_LEDS = true # Xbox controller LEDs
UHID = true # User-space HID, e.g. Bluetooth
USB_ANNOUNCE_NEW_DEVICES = true # dmesg messages when connecting device
USB_HIDDEV = true # /dev/usb/hiddevX support
USB_PRINTER = true # printers
["category:usb".">=0.0.0"."all"]
DRM_UDL = true # DisplayLink - connecting displays via USB
SND_USB_AUDIO = true # USB audio devices
USB_SERIAL_CP210X = true # USB serial console
USB_STORAGE = true # USB mass storage devices
USB_RTL8152 = true # USB Ethernet
["category:debug".">=0.0.0"."all"]
DYNAMIC_DEBUG = true # Enable debug dynamically
DYNAMIC_FTRACE = true # Enable function tracing dynamically
# librem5: Specific to the Purism Librem 5
["category:librem5".">=0.0.0"."aarch64"]
RS9116_FLASH_MODE = false