|
@@
-102,13
+102,38
if [ "$BUILD_KERNEL" = true ] ; then
|
|
102
|
102
|
#Switch to KERNELSRC_DIR so we can use set_kernel_config
|
|
103
|
103
|
cd "${KERNEL_DIR}" || exit
|
|
104
|
104
|
|
|
|
105
|
# Enable RPI POE HAT fan
|
|
|
106
|
if [ "$KERNEL_POEHAT" = true ]; then
|
|
|
107
|
set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m
|
|
|
108
|
fi
|
|
|
109
|
|
|
|
110
|
# Enable per-interface network priority control
|
|
|
111
|
# (for systemd-nspawn)
|
|
|
112
|
if [ "$KERNEL_NSPAN" = true ]; then
|
|
|
113
|
set_kernel_config CONFIG_CGROUP_NET_PRIO y
|
|
|
114
|
fi
|
|
|
115
|
|
|
|
116
|
# Compile in BTRFS
|
|
|
117
|
if [ "$KERNEL_BTRFS" = true ]; then
|
|
|
118
|
set_kernel_config CONFIG_BTRFS_FS y
|
|
|
119
|
set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y
|
|
|
120
|
set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y
|
|
|
121
|
fi
|
|
|
122
|
|
|
|
123
|
# Diffie-Hellman operations on retained keys
|
|
|
124
|
# (required for >keyutils-1.6)
|
|
|
125
|
if [ "$KERNEL_DHKEY" = true ]; then
|
|
|
126
|
set_kernel_config CONFIG_KEY_DH_OPERATIONS y
|
|
|
127
|
fi
|
|
|
128
|
|
|
105
|
129
|
if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
|
|
|
130
|
# Mask this temporarily during switch to rpi-4.19.y
|
|
106
|
131
|
#Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
|
|
107
|
132
|
# use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
|
|
108
|
|
set_kernel_config CONFIG_MMC_BCM2835 n
|
|
109
|
|
set_kernel_config CONFIG_MMC_SDHCI_IPROC n
|
|
110
|
|
set_kernel_config CONFIG_USB_DWC2 n
|
|
111
|
|
sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
|
|
|
133
|
#set_kernel_config CONFIG_MMC_BCM2835 n
|
|
|
134
|
#set_kernel_config CONFIG_MMC_SDHCI_IPROC n
|
|
|
135
|
#set_kernel_config CONFIG_USB_DWC2 n
|
|
|
136
|
#sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
|
|
112
|
137
|
|
|
113
|
138
|
#VLAN got disabled without reason in arm64bit
|
|
114
|
139
|
set_kernel_config CONFIG_IPVLAN m
|
|
@@
-122,15
+147,234
if [ "$BUILD_KERNEL" = true ] ; then
|
|
122
|
147
|
set_kernel_config CONFIG_Z3FOLD y
|
|
123
|
148
|
set_kernel_config CONFIG_ZSMALLOC y
|
|
124
|
149
|
set_kernel_config CONFIG_PGTABLE_MAPPING y
|
|
125
|
|
set_kernel_config CONFIG_LZO_COMPRESS y
|
|
126
|
|
|
|
|
150
|
set_kernel_config CONFIG_LZO_COMPRESS y
|
|
127
|
151
|
fi
|
|
|
152
|
|
|
|
153
|
if [ RPI_MODEL = 4 ] ; then
|
|
|
154
|
# Following are set in current 32-bit LPAE kernel
|
|
|
155
|
set_kernel_config CONFIG_CGROUP_PIDS y
|
|
|
156
|
set_kernel_config CONFIG_NET_IPVTI m
|
|
|
157
|
set_kernel_config CONFIG_NF_TABLES_SET m
|
|
|
158
|
set_kernel_config CONFIG_NF_TABLES_INET y
|
|
|
159
|
set_kernel_config CONFIG_NF_TABLES_NETDEV y
|
|
|
160
|
set_kernel_config CONFIG_NF_FLOW_TABLE m
|
|
|
161
|
set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
|
|
|
162
|
set_kernel_config CONFIG_NFT_CONNLIMIT m
|
|
|
163
|
set_kernel_config CONFIG_NFT_TUNNEL m
|
|
|
164
|
set_kernel_config CONFIG_NFT_OBJREF m
|
|
|
165
|
set_kernel_config CONFIG_NFT_FIB_IPV4 m
|
|
|
166
|
set_kernel_config CONFIG_NFT_FIB_IPV6 m
|
|
|
167
|
set_kernel_config CONFIG_NFT_FIB_INET m
|
|
|
168
|
set_kernel_config CONFIG_NFT_SOCKET m
|
|
|
169
|
set_kernel_config CONFIG_NFT_OSF m
|
|
|
170
|
set_kernel_config CONFIG_NFT_TPROXY m
|
|
|
171
|
set_kernel_config CONFIG_NF_DUP_NETDEV m
|
|
|
172
|
set_kernel_config CONFIG_NFT_DUP_NETDEV m
|
|
|
173
|
set_kernel_config CONFIG_NFT_FWD_NETDEV m
|
|
|
174
|
set_kernel_config CONFIG_NFT_FIB_NETDEV m
|
|
|
175
|
set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
|
|
|
176
|
set_kernel_config CONFIG_NF_FLOW_TABLE m
|
|
|
177
|
set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
|
|
|
178
|
set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
|
|
|
179
|
set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
|
|
|
180
|
set_kernel_config CONFIG_NFT_MASQ_IPV6 m
|
|
|
181
|
set_kernel_config CONFIG_NFT_REDIR_IPV6 m
|
|
|
182
|
set_kernel_config CONFIG_NFT_REJECT_IPV6 m
|
|
|
183
|
set_kernel_config CONFIG_NFT_DUP_IPV6 m
|
|
|
184
|
set_kernel_config CONFIG_NFT_FIB_IPV6 m
|
|
|
185
|
set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
|
|
|
186
|
set_kernel_config CONFIG_NF_TABLES_BRIDGE m
|
|
|
187
|
set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
|
|
|
188
|
set_kernel_config CONFIG_NF_LOG_BRIDGE m
|
|
|
189
|
set_kernel_config CONFIG_MT76_CORE m
|
|
|
190
|
set_kernel_config CONFIG_MT76_LEDS m
|
|
|
191
|
set_kernel_config CONFIG_MT76_USB m
|
|
|
192
|
set_kernel_config CONFIG_MT76x2_COMMON m
|
|
|
193
|
set_kernel_config CONFIG_MT76x0U m
|
|
|
194
|
set_kernel_config CONFIG_MT76x2U m
|
|
|
195
|
set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
|
|
|
196
|
set_kernel_config CONFIG_BCM_VC_SM m
|
|
|
197
|
set_kernel_config CONFIG_BCM2835_SMI_DEV m
|
|
|
198
|
set_kernel_config CONFIG_RPIVID_MEM m
|
|
|
199
|
set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
|
|
|
200
|
set_kernel_config CONFIG_TCG_TPM m
|
|
|
201
|
set_kernel_config CONFIG_HW_RANDOM_TPM y
|
|
|
202
|
set_kernel_config CONFIG_TCG_TIS m
|
|
|
203
|
set_kernel_config CONFIG_TCG_TIS_SPI m
|
|
|
204
|
set_kernel_config CONFIG_I2C_MUX m
|
|
|
205
|
set_kernel_config CONFIG_I2C_MUX_GPMUX m
|
|
|
206
|
set_kernel_config CONFIG_I2C_MUX_PCA954x m
|
|
|
207
|
set_kernel_config CONFIG_SPI_GPIO m
|
|
|
208
|
set_kernel_config CONFIG_BATTERY_MAX17040 m
|
|
|
209
|
set_kernel_config CONFIG_SENSORS_GPIO_FAN m
|
|
|
210
|
set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
|
|
|
211
|
set_kernel_config CONFIG_BCM2835_THERMAL y
|
|
|
212
|
set_kernel_config CONFIG_RC_CORE y
|
|
|
213
|
set_kernel_config CONFIG_RC_MAP y
|
|
|
214
|
set_kernel_config CONFIG_LIRC y
|
|
|
215
|
set_kernel_config CONFIG_RC_DECODERS y
|
|
|
216
|
set_kernel_config CONFIG_IR_NEC_DECODER m
|
|
|
217
|
set_kernel_config CONFIG_IR_RC5_DECODER m
|
|
|
218
|
set_kernel_config CONFIG_IR_RC6_DECODER m
|
|
|
219
|
set_kernel_config CONFIG_IR_JVC_DECODER m
|
|
|
220
|
set_kernel_config CONFIG_IR_SONY_DECODER m
|
|
|
221
|
set_kernel_config CONFIG_IR_SANYO_DECODER m
|
|
|
222
|
set_kernel_config CONFIG_IR_SHARP_DECODER m
|
|
|
223
|
set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
|
|
|
224
|
set_kernel_config CONFIG_IR_XMP_DECODER m
|
|
|
225
|
set_kernel_config CONFIG_IR_IMON_DECODER m
|
|
|
226
|
set_kernel_config CONFIG_RC_DEVICES y
|
|
|
227
|
set_kernel_config CONFIG_RC_ATI_REMOTE m
|
|
|
228
|
set_kernel_config CONFIG_IR_IMON m
|
|
|
229
|
set_kernel_config CONFIG_IR_MCEUSB m
|
|
|
230
|
set_kernel_config CONFIG_IR_REDRAT3 m
|
|
|
231
|
set_kernel_config CONFIG_IR_STREAMZAP m
|
|
|
232
|
set_kernel_config CONFIG_IR_IGUANA m
|
|
|
233
|
set_kernel_config CONFIG_IR_TTUSBIR m
|
|
|
234
|
set_kernel_config CONFIG_RC_LOOPBACK m
|
|
|
235
|
set_kernel_config CONFIG_IR_GPIO_CIR m
|
|
|
236
|
set_kernel_config CONFIG_IR_GPIO_TX m
|
|
|
237
|
set_kernel_config CONFIG_IR_PWM_TX m
|
|
|
238
|
set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
|
|
|
239
|
set_kernel_config CONFIG_VIDEO_AU0828_RC y
|
|
|
240
|
set_kernel_config CONFIG_VIDEO_CX231XX m
|
|
|
241
|
set_kernel_config CONFIG_VIDEO_CX231XX_RC y
|
|
|
242
|
set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
|
|
|
243
|
set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
|
|
|
244
|
set_kernel_config CONFIG_VIDEO_TM6000 m
|
|
|
245
|
set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
|
|
|
246
|
set_kernel_config CONFIG_VIDEO_TM6000_DVB m
|
|
|
247
|
set_kernel_config CONFIG_DVB_USB m
|
|
|
248
|
set_kernel_config CONFIG_DVB_USB_DIB3000MC m
|
|
|
249
|
set_kernel_config CONFIG_DVB_USB_A800 m
|
|
|
250
|
set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
|
|
|
251
|
set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
|
|
|
252
|
set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
|
|
|
253
|
set_kernel_config CONFIG_DVB_USB_DIB0700 m
|
|
|
254
|
set_kernel_config CONFIG_DVB_USB_UMT_010 m
|
|
|
255
|
set_kernel_config CONFIG_DVB_USB_CXUSB m
|
|
|
256
|
set_kernel_config CONFIG_DVB_USB_M920X m
|
|
|
257
|
set_kernel_config CONFIG_DVB_USB_DIGITV m
|
|
|
258
|
set_kernel_config CONFIG_DVB_USB_VP7045 m
|
|
|
259
|
set_kernel_config CONFIG_DVB_USB_VP702X m
|
|
|
260
|
set_kernel_config CONFIG_DVB_USB_GP8PSK m
|
|
|
261
|
set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
|
|
|
262
|
set_kernel_config CONFIG_DVB_USB_TTUSB2 m
|
|
|
263
|
set_kernel_config CONFIG_DVB_USB_DTT200U m
|
|
|
264
|
set_kernel_config CONFIG_DVB_USB_OPERA1 m
|
|
|
265
|
set_kernel_config CONFIG_DVB_USB_AF9005 m
|
|
|
266
|
set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
|
|
|
267
|
set_kernel_config CONFIG_DVB_USB_PCTV452E m
|
|
|
268
|
set_kernel_config CONFIG_DVB_USB_DW2102 m
|
|
|
269
|
set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
|
|
|
270
|
set_kernel_config CONFIG_DVB_USB_DTV5100 m
|
|
|
271
|
set_kernel_config CONFIG_DVB_USB_AZ6027 m
|
|
|
272
|
set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
|
|
|
273
|
set_kernel_config CONFIG_DVB_USB_AF9015 m
|
|
|
274
|
set_kernel_config CONFIG_DVB_USB_LME2510 m
|
|
|
275
|
set_kernel_config CONFIG_DVB_USB_RTL28XXU m
|
|
|
276
|
set_kernel_config CONFIG_VIDEO_EM28XX_RC m
|
|
|
277
|
set_kernel_config CONFIG_SMS_SIANO_RC m
|
|
|
278
|
set_kernel_config CONFIG_VIDEO_IR_I2C m
|
|
|
279
|
set_kernel_config CONFIG_VIDEO_ADV7180 m
|
|
|
280
|
set_kernel_config CONFIG_VIDEO_TC358743 m
|
|
|
281
|
set_kernel_config CONFIG_VIDEO_OV5647 m
|
|
|
282
|
set_kernel_config CONFIG_DVB_M88DS3103 m
|
|
|
283
|
set_kernel_config CONFIG_DVB_AF9013 m
|
|
|
284
|
set_kernel_config CONFIG_DVB_RTL2830 m
|
|
|
285
|
set_kernel_config CONFIG_DVB_RTL2832 m
|
|
|
286
|
set_kernel_config CONFIG_DVB_SI2168 m
|
|
|
287
|
set_kernel_config CONFIG_DVB_GP8PSK_FE m
|
|
|
288
|
set_kernel_config CONFIG_DVB_USB m
|
|
|
289
|
set_kernel_config CONFIG_DVB_LGDT3306A m
|
|
|
290
|
set_kernel_config CONFIG_FB_SIMPLE y
|
|
|
291
|
set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
|
|
|
292
|
set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
|
|
|
293
|
set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
|
|
|
294
|
set_kernel_config CONFIG_SND_SOC_AD193X m
|
|
|
295
|
set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
|
|
|
296
|
set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
|
|
|
297
|
set_kernel_config CONFIG_SND_SOC_CS4265 m
|
|
|
298
|
set_kernel_config CONFIG_SND_SOC_DA7213 m
|
|
|
299
|
set_kernel_config CONFIG_SND_SOC_ICS43432 m
|
|
|
300
|
set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
|
|
|
301
|
set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
|
|
|
302
|
set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
|
|
|
303
|
set_kernel_config CONFIG_HID_BIGBEN_FF m
|
|
|
304
|
#set_kernel_config CONFIG_USB_XHCI_PLATFORM y
|
|
|
305
|
set_kernel_config CONFIG_USB_TMC m
|
|
|
306
|
set_kernel_config CONFIG_USB_UAS y
|
|
|
307
|
set_kernel_config CONFIG_USBIP_VUDC m
|
|
|
308
|
set_kernel_config CONFIG_USB_CONFIGFS m
|
|
|
309
|
set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
|
|
|
310
|
set_kernel_config CONFIG_USB_CONFIGFS_ACM y
|
|
|
311
|
set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
|
|
|
312
|
set_kernel_config CONFIG_USB_CONFIGFS_NCM y
|
|
|
313
|
set_kernel_config CONFIG_USB_CONFIGFS_ECM y
|
|
|
314
|
set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
|
|
|
315
|
set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
|
|
|
316
|
set_kernel_config CONFIG_USB_CONFIGFS_EEM y
|
|
|
317
|
set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
|
|
|
318
|
set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
|
|
|
319
|
set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
|
|
|
320
|
set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
|
|
|
321
|
set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
|
|
|
322
|
set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
|
|
|
323
|
set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
|
|
|
324
|
set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
|
|
|
325
|
set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
|
|
|
326
|
set_kernel_config CONFIG_LEDS_PCA963X m
|
|
|
327
|
set_kernel_config CONFIG_LEDS_IS31FL32XX m
|
|
|
328
|
set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
|
|
|
329
|
set_kernel_config CONFIG_RTC_DRV_RV3028 m
|
|
|
330
|
set_kernel_config CONFIG_AUXDISPLAY y
|
|
|
331
|
set_kernel_config CONFIG_HD44780 m
|
|
|
332
|
set_kernel_config CONFIG_FB_TFT_SH1106 m
|
|
|
333
|
set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
|
|
|
334
|
set_kernel_config CONFIG_BCM2835_POWER y
|
|
|
335
|
set_kernel_config CONFIG_INV_MPU6050_IIO m
|
|
|
336
|
set_kernel_config CONFIG_INV_MPU6050_I2C m
|
|
|
337
|
set_kernel_config CONFIG_SECURITYFS y
|
|
|
338
|
|
|
|
339
|
# Safer to build this in
|
|
|
340
|
set_kernel_config CONFIG_BINFMT_MISC y
|
|
|
341
|
|
|
|
342
|
# pulseaudio wants a buffer of at least this size
|
|
|
343
|
set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
|
|
|
344
|
|
|
|
345
|
# PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
|
|
|
346
|
# set the appropriate kernel configs unlocked by this PR
|
|
|
347
|
set_kernel_config CONFIG_ARCH_BCM y
|
|
|
348
|
set_kernel_config CONFIG_ARCH_BCM2835 y
|
|
|
349
|
set_kernel_config CONFIG_DRM_V3D m
|
|
|
350
|
set_kernel_config CONFIG_DRM_VC4 m
|
|
|
351
|
set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
|
|
|
352
|
|
|
|
353
|
# PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
|
|
|
354
|
# required by PR#3144; should already be applied, but just to be safe
|
|
|
355
|
set_kernel_config CONFIG_PCIE_BRCMSTB y
|
|
|
356
|
set_kernel_config CONFIG_BCM2835_MMC y
|
|
|
357
|
|
|
|
358
|
# Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
|
|
|
359
|
# http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
|
|
|
360
|
# during cloud-init setup at first boot. Without this the login accounts are not
|
|
|
361
|
# created and the user can not login.
|
|
|
362
|
set_kernel_config CONFIG_SQUASHFS y
|
|
|
363
|
|
|
|
364
|
# Ceph support for Block Device (RBD) and Filesystem (FS)
|
|
|
365
|
# https://docs.ceph.com/docs/master/
|
|
|
366
|
set_kernel_config CONFIG_CEPH_LIB m
|
|
|
367
|
set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
|
|
|
368
|
set_kernel_config CONFIG_CEPH_FS m
|
|
|
369
|
set_kernel_config CONFIG_CEPH_FSCACHE y
|
|
|
370
|
set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
|
|
|
371
|
set_kernel_config CONFIG_BLK_DEV_RBD m
|
|
128
|
372
|
|
|
129
|
373
|
# enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
|
|
130
|
374
|
if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
|
|
131
|
|
set_kernel_config CONFIG_HAVE_KVM y
|
|
132
|
|
set_kernel_config CONFIG_HIGH_RES_TIMERS y
|
|
133
|
|
set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
|
|
|
375
|
set_kernel_config CONFIG_HAVE_KVM y
|
|
|
376
|
set_kernel_config CONFIG_HIGH_RES_TIMERS y
|
|
|
377
|
set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
|
|
134
|
378
|
set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
|
|
135
|
379
|
set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
|
|
136
|
380
|
set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
|
|
@@
-144,7
+388,7
if [ "$BUILD_KERNEL" = true ] ; then
|
|
144
|
388
|
set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
|
|
145
|
389
|
set_kernel_config CONFIG_KVM_MMIO y
|
|
146
|
390
|
set_kernel_config CONFIG_KVM_VFIO y
|
|
147
|
|
set_kernel_config CONFIG_KVM_MMU_AUDIT y
|
|
|
391
|
set_kernel_config CONFIG_KVM_MMU_AUDIT y
|
|
148
|
392
|
set_kernel_config CONFIG_VHOST m
|
|
149
|
393
|
set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
|
|
150
|
394
|
set_kernel_config CONFIG_VHOST_NET m
|
|
@@
-201,12
+445,6
if [ "$BUILD_KERNEL" = true ] ; then
|
|
201
|
445
|
set_kernel_config CONFIG_SECURITY_PATH y
|
|
202
|
446
|
set_kernel_config CONFIG_SECURITY_YAMA n
|
|
203
|
447
|
|
|
204
|
|
# New Options
|
|
205
|
|
if [ "$KERNEL_NF" = true ] ; then
|
|
206
|
|
set_kernel_config CONFIG_IP_NF_SECURITY m
|
|
207
|
|
set_kernel_config CONFIG_NETLABEL y
|
|
208
|
|
set_kernel_config CONFIG_IP6_NF_SECURITY m
|
|
209
|
|
fi
|
|
210
|
448
|
set_kernel_config CONFIG_SECURITY_SELINUX n
|
|
211
|
449
|
set_kernel_config CONFIG_SECURITY_SMACK n
|
|
212
|
450
|
set_kernel_config CONFIG_SECURITY_TOMOYO n
|
|
@@
-219,12
+457,11
if [ "$BUILD_KERNEL" = true ] ; then
|
|
219
|
457
|
set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
|
|
220
|
458
|
set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
|
|
221
|
459
|
set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
|
|
222
|
|
set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
|
|
223
|
460
|
set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
|
|
224
|
461
|
set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
|
|
225
|
462
|
set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
|
|
226
|
|
set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
|
|
227
|
|
set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
|
|
|
463
|
set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
|
|
|
464
|
set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
|
|
228
|
465
|
|
|
229
|
466
|
set_kernel_config CONFIG_ARM64_CRYPTO y
|
|
230
|
467
|
set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
|
|
@@
-241,11
+478,13
if [ "$BUILD_KERNEL" = true ] ; then
|
|
241
|
478
|
set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
|
|
242
|
479
|
set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
|
|
243
|
480
|
set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
|
|
244
|
|
set_kernel_config SYSTEM_TRUSTED_KEYS
|
|
245
|
481
|
fi
|
|
246
|
482
|
|
|
247
|
483
|
# Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
|
|
248
|
484
|
if [ "$KERNEL_NF" = true ] ; then
|
|
|
485
|
set_kernel_config CONFIG_IP_NF_SECURITY m
|
|
|
486
|
set_kernel_config CONFIG_NETLABEL y
|
|
|
487
|
set_kernel_config CONFIG_IP6_NF_SECURITY m
|
|
249
|
488
|
set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
|
|
250
|
489
|
set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
|
|
251
|
490
|
set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
|
|
@@
-271,7
+510,6
if [ "$BUILD_KERNEL" = true ] ; then
|
|
271
|
510
|
set_kernel_config CONFIG_IP6_NF_NAT m
|
|
272
|
511
|
set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
|
|
273
|
512
|
set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
|
|
274
|
|
set_kernel_config CONFIG_IP_NF_SECURITY m
|
|
275
|
513
|
set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
|
|
276
|
514
|
set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
|
|
277
|
515
|
set_kernel_config CONFIG_IP_SET_HASH_IP m
|
|
@@
-351,28
+589,28
if [ "$BUILD_KERNEL" = true ] ; then
|
|
351
|
589
|
set_kernel_config CONFIG_NF_TABLES_IPV4 y
|
|
352
|
590
|
set_kernel_config CONFIG_NF_TABLES_IPV6 y
|
|
353
|
591
|
set_kernel_config CONFIG_NF_TABLES_NETDEV m
|
|
354
|
|
set_kernel_config CONFIG_NF_TABLES_SET m
|
|
355
|
|
set_kernel_config CONFIG_NF_TABLES_INET y
|
|
356
|
|
set_kernel_config CONFIG_NF_TABLES_NETDEV y
|
|
357
|
|
set_kernel_config CONFIG_NFT_CONNLIMIT m
|
|
358
|
|
set_kernel_config CONFIG_NFT_TUNNEL m
|
|
359
|
|
set_kernel_config CONFIG_NFT_SOCKET m
|
|
360
|
|
set_kernel_config CONFIG_NFT_TPROXY m
|
|
361
|
|
set_kernel_config CONFIG_NF_FLOW_TABLE m
|
|
362
|
|
set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
|
|
363
|
|
set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
|
|
364
|
|
set_kernel_config CONFIG_NF_TABLES_ARP y
|
|
365
|
|
set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
|
|
366
|
|
set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
|
|
367
|
|
set_kernel_config CONFIG_NF_TABLES_BRIDGE y
|
|
368
|
|
set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
|
|
369
|
|
set_kernel_config CONFIG_NFT_OSF m
|
|
|
592
|
set_kernel_config CONFIG_NF_TABLES_SET m
|
|
|
593
|
set_kernel_config CONFIG_NF_TABLES_INET y
|
|
|
594
|
set_kernel_config CONFIG_NF_TABLES_NETDEV y
|
|
|
595
|
set_kernel_config CONFIG_NFT_CONNLIMIT m
|
|
|
596
|
set_kernel_config CONFIG_NFT_TUNNEL m
|
|
|
597
|
set_kernel_config CONFIG_NFT_SOCKET m
|
|
|
598
|
set_kernel_config CONFIG_NFT_TPROXY m
|
|
|
599
|
set_kernel_config CONFIG_NF_FLOW_TABLE m
|
|
|
600
|
set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
|
|
|
601
|
set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
|
|
|
602
|
set_kernel_config CONFIG_NF_TABLES_ARP y
|
|
|
603
|
set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
|
|
|
604
|
set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
|
|
|
605
|
set_kernel_config CONFIG_NF_TABLES_BRIDGE y
|
|
|
606
|
set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
|
|
|
607
|
set_kernel_config CONFIG_NFT_OSF m
|
|
370
|
608
|
|
|
371
|
609
|
fi
|
|
372
|
610
|
|
|
373
|
611
|
# Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
|
|
374
|
612
|
if [ "$KERNEL_BPF" = true ] ; then
|
|
375
|
|
set_kernel_config CONFIG_BPF_SYSCALL y
|
|
|
613
|
set_kernel_config CONFIG_BPF_SYSCALL y
|
|
376
|
614
|
set_kernel_config CONFIG_BPF_EVENTS y
|
|
377
|
615
|
set_kernel_config CONFIG_BPF_STREAM_PARSER y
|
|
378
|
616
|
set_kernel_config CONFIG_CGROUP_BPF y
|