From ffeb84fefa0d152a3593bf0c687ba583f5c7c15b Mon Sep 17 00:00:00 2001 From: Igor Pecovnik Date: Wed, 28 Feb 2024 09:28:54 +0100 Subject: [PATCH] Update kernel config for khadas 1s/vim4s so that HA works --- config/kernel/linux-meson-s4t7-legacy.config | 234 ++++++++++++------- 1 file changed, 150 insertions(+), 84 deletions(-) diff --git a/config/kernel/linux-meson-s4t7-legacy.config b/config/kernel/linux-meson-s4t7-legacy.config index 4ba2216c3e..6a387fbb49 100644 --- a/config/kernel/linux-meson-s4t7-legacy.config +++ b/config/kernel/linux-meson-s4t7-legacy.config @@ -153,6 +153,7 @@ CONFIG_RCU_NOCB_CPU=y # CONFIG_TASKS_TRACE_RCU_READ_MB is not set # end of RCU Subsystem +CONFIG_BUILD_BIN2C=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_IKHEADERS=y @@ -962,23 +963,22 @@ CONFIG_AF_UNIX_OOB=y CONFIG_UNIX_DIAG=m CONFIG_TLS=m CONFIG_TLS_DEVICE=y -# CONFIG_TLS_TOE is not set +CONFIG_TLS_TOE=y CONFIG_XFRM=y CONFIG_XFRM_OFFLOAD=y CONFIG_XFRM_ALGO=m CONFIG_XFRM_USER=m CONFIG_XFRM_INTERFACE=m -# CONFIG_XFRM_SUB_POLICY is not set -# CONFIG_XFRM_MIGRATE is not set +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y CONFIG_XFRM_STATISTICS=y CONFIG_XFRM_AH=m CONFIG_XFRM_ESP=m CONFIG_XFRM_IPCOMP=m CONFIG_NET_KEY=m -# CONFIG_NET_KEY_MIGRATE is not set +CONFIG_NET_KEY_MIGRATE=y CONFIG_XFRM_ESPINTCP=y -CONFIG_XDP_SOCKETS=y -CONFIG_XDP_SOCKETS_DIAG=m +# CONFIG_XDP_SOCKETS is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y @@ -987,10 +987,13 @@ CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_ROUTE_CLASSID=y -# CONFIG_IP_PNP is not set +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_IP_PNP_RARP=y CONFIG_NET_IPIP=m CONFIG_NET_IPGRE_DEMUX=m -CONFIG_NET_IP_TUNNEL=y +CONFIG_NET_IP_TUNNEL=m CONFIG_NET_IPGRE=m CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE_COMMON=y @@ -1000,7 +1003,7 @@ CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_SYN_COOKIES=y CONFIG_NET_IPVTI=m -CONFIG_NET_UDP_TUNNEL=y +CONFIG_NET_UDP_TUNNEL=m CONFIG_NET_FOU=m CONFIG_NET_FOU_IP_TUNNELS=y CONFIG_INET_AH=m @@ -1097,7 +1100,7 @@ CONFIG_NETFILTER_CONNCOUNT=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NF_CONNTRACK_ZONES=y -# CONFIG_NF_CONNTRACK_PROCFS is not set +CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_TIMEOUT=y CONFIG_NF_CONNTRACK_TIMESTAMP=y @@ -1152,7 +1155,7 @@ CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m CONFIG_NFT_FIB=m -# CONFIG_NFT_FIB_INET is not set +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m @@ -1161,7 +1164,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NF_DUP_NETDEV=m CONFIG_NFT_DUP_NETDEV=m CONFIG_NFT_FWD_NETDEV=m -# CONFIG_NFT_FIB_NETDEV is not set +CONFIG_NFT_FIB_NETDEV=m CONFIG_NFT_REJECT_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m @@ -1574,7 +1577,14 @@ CONFIG_NET_SCH_FQ_PIE=m CONFIG_NET_SCH_INGRESS=m CONFIG_NET_SCH_PLUG=m CONFIG_NET_SCH_ETS=m -# CONFIG_NET_SCH_DEFAULT is not set +CONFIG_NET_SCH_DEFAULT=y +# CONFIG_DEFAULT_FQ is not set +# CONFIG_DEFAULT_CODEL is not set +# CONFIG_DEFAULT_FQ_CODEL is not set +# CONFIG_DEFAULT_FQ_PIE is not set +# CONFIG_DEFAULT_SFQ is not set +CONFIG_DEFAULT_PFIFO_FAST=y +CONFIG_DEFAULT_NET_SCH="pfifo_fast" # # Classification @@ -1643,6 +1653,7 @@ CONFIG_BATMAN_ADV_MCAST=y CONFIG_OPENVSWITCH=m CONFIG_OPENVSWITCH_GRE=m CONFIG_OPENVSWITCH_VXLAN=m +CONFIG_OPENVSWITCH_GENEVE=m CONFIG_VSOCKETS=m CONFIG_VSOCKETS_DIAG=m CONFIG_VSOCKETS_LOOPBACK=m @@ -1917,7 +1928,7 @@ CONFIG_NET_SELFTESTS=y CONFIG_NET_SOCK_MSG=y CONFIG_NET_DEVLINK=y CONFIG_PAGE_POOL=y -CONFIG_FAILOVER=m +CONFIG_FAILOVER=y CONFIG_ETHTOOL_NETLINK=y # @@ -2450,44 +2461,64 @@ CONFIG_DM_USER=y CONFIG_NETDEVICES=y CONFIG_MII=y CONFIG_NET_CORE=y -# CONFIG_BONDING is not set -CONFIG_DUMMY=y -CONFIG_WIREGUARD=y +CONFIG_BONDING=m +CONFIG_DUMMY=m +CONFIG_WIREGUARD=m # CONFIG_WIREGUARD_DEBUG is not set -# CONFIG_EQUALIZER is not set +CONFIG_EQUALIZER=m # CONFIG_NET_FC is not set CONFIG_IFB=m -# CONFIG_NET_TEAM is not set -CONFIG_MACVLAN=y -# CONFIG_MACVTAP is not set +CONFIG_NET_TEAM=m +CONFIG_NET_TEAM_MODE_BROADCAST=m +CONFIG_NET_TEAM_MODE_ROUNDROBIN=m +CONFIG_NET_TEAM_MODE_RANDOM=m +CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m +CONFIG_NET_TEAM_MODE_LOADBALANCE=m +CONFIG_MACVLAN=m +CONFIG_MACVTAP=m CONFIG_IPVLAN_L3S=y -CONFIG_IPVLAN=y -# CONFIG_IPVTAP is not set -CONFIG_VXLAN=y -# CONFIG_GENEVE is not set -# CONFIG_BAREUDP is not set -# CONFIG_GTP is not set -CONFIG_MACSEC=y -# CONFIG_NETCONSOLE is not set +CONFIG_IPVLAN=m +CONFIG_IPVTAP=m +CONFIG_VXLAN=m +CONFIG_GENEVE=m +CONFIG_BAREUDP=m +CONFIG_GTP=m +CONFIG_MACSEC=m +CONFIG_NETCONSOLE=m +CONFIG_NETCONSOLE_DYNAMIC=y +CONFIG_NETPOLL=y +CONFIG_NET_POLL_CONTROLLER=y CONFIG_TUN=y -# CONFIG_TUN_VNET_CROSS_LE is not set -CONFIG_VETH=y -# CONFIG_VIRTIO_NET is not set -# CONFIG_NLMON is not set -# CONFIG_NET_VRF is not set -# CONFIG_VSOCKMON is not set +CONFIG_TAP=m +CONFIG_TUN_VNET_CROSS_LE=y +CONFIG_VETH=m +CONFIG_VIRTIO_NET=y +CONFIG_NLMON=m +CONFIG_NET_VRF=m # CONFIG_ARCNET is not set CONFIG_ATM_DRIVERS=y -# CONFIG_ATM_DUMMY is not set -# CONFIG_ATM_TCP is not set -# CONFIG_ATM_LANAI is not set -# CONFIG_ATM_ENI is not set -# CONFIG_ATM_NICSTAR is not set -# CONFIG_ATM_IDT77252 is not set -# CONFIG_ATM_IA is not set -# CONFIG_ATM_FORE200E is not set -# CONFIG_ATM_HE is not set -# CONFIG_ATM_SOLOS is not set +CONFIG_ATM_DUMMY=m +CONFIG_ATM_TCP=m +CONFIG_ATM_LANAI=m +CONFIG_ATM_ENI=m +# CONFIG_ATM_ENI_DEBUG is not set +# CONFIG_ATM_ENI_TUNE_BURST is not set +CONFIG_ATM_NICSTAR=m +# CONFIG_ATM_NICSTAR_USE_SUNI is not set +# CONFIG_ATM_NICSTAR_USE_IDT77105 is not set +CONFIG_ATM_IDT77252=m +# CONFIG_ATM_IDT77252_DEBUG is not set +# CONFIG_ATM_IDT77252_RCV_ALL is not set +CONFIG_ATM_IDT77252_USE_SUNI=y +CONFIG_ATM_IA=m +# CONFIG_ATM_IA_DEBUG is not set +CONFIG_ATM_FORE200E=m +# CONFIG_ATM_FORE200E_USE_TASKLET is not set +CONFIG_ATM_FORE200E_TX_RETRY=16 +CONFIG_ATM_FORE200E_DEBUG=0 +CONFIG_ATM_HE=m +# CONFIG_ATM_HE_USE_SUNI is not set +CONFIG_ATM_SOLOS=m # CONFIG_CAIF_DRIVERS is not set # @@ -2572,6 +2603,7 @@ CONFIG_CHELSIO_T4=m # CONFIG_CHELSIO_T4VF is not set CONFIG_CHELSIO_LIB=m CONFIG_CHELSIO_INLINE_CRYPTO=y +# CONFIG_CRYPTO_DEV_CHELSIO_TLS is not set # CONFIG_CHELSIO_IPSEC_INLINE is not set # CONFIG_CHELSIO_TLS_DEVICE is not set CONFIG_NET_VENDOR_CISCO=y @@ -2937,7 +2969,7 @@ CONFIG_IEEE802154_DRIVERS=m # CONFIG_VMXNET3 is not set # CONFIG_NETDEVSIM is not set -# CONFIG_NET_FAILOVER is not set +CONFIG_NET_FAILOVER=y # CONFIG_ISDN is not set # @@ -5976,22 +6008,39 @@ CONFIG_UIO=y # CONFIG_UIO_NETX is not set # CONFIG_UIO_PRUSS is not set # CONFIG_UIO_MF624 is not set -# CONFIG_VFIO is not set -# CONFIG_VIRT_DRIVERS is not set +CONFIG_VFIO=y +CONFIG_VFIO_IOMMU_TYPE1=y +CONFIG_VFIO_VIRQFD=y +# CONFIG_VFIO_NOIOMMU is not set +CONFIG_VFIO_PCI_CORE=y +CONFIG_VFIO_PCI_MMAP=y +CONFIG_VFIO_PCI_INTX=y +CONFIG_VFIO_PCI=y +# CONFIG_VFIO_PLATFORM is not set +# CONFIG_VFIO_MDEV is not set +CONFIG_VIRT_DRIVERS=y CONFIG_VIRTIO=y +CONFIG_VIRTIO_PCI_LIB=y CONFIG_VIRTIO_MENU=y -# CONFIG_VIRTIO_PCI is not set +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_VDPA=m # CONFIG_VIRTIO_PMEM is not set -# CONFIG_VIRTIO_BALLOON is not set -# CONFIG_VIRTIO_INPUT is not set -# CONFIG_VIRTIO_MMIO is not set -# CONFIG_VIRTIO_DMA_SHARED_BUFFER is not set -# CONFIG_VDPA is not set +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_INPUT=m +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set +CONFIG_VIRTIO_DMA_SHARED_BUFFER=m +CONFIG_VDPA=m +CONFIG_VDPA_USER=m +CONFIG_IFCVF=m +CONFIG_VP_VDPA=m CONFIG_VHOST_IOTLB=m CONFIG_VHOST=m CONFIG_VHOST_MENU=y -# CONFIG_VHOST_NET is not set -CONFIG_VHOST_VSOCK=m +CONFIG_VHOST_NET=m +# CONFIG_VHOST_VSOCK is not set +CONFIG_VHOST_VDPA=m # CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set # @@ -6835,6 +6884,7 @@ CONFIG_ND_CLAIM=y CONFIG_ND_BTT=y CONFIG_BTT=y CONFIG_OF_PMEM=y +CONFIG_NVDIMM_KEYS=y CONFIG_DAX_DRIVER=y CONFIG_DAX=y # CONFIG_DEV_DAX is not set @@ -7751,10 +7801,14 @@ CONFIG_AMLOGIC_SND_SOC_AD82584F=m CONFIG_DCACHE_WORD_ACCESS=y CONFIG_VALIDATE_FS_PARSER=y CONFIG_FS_IOMAP=y -# CONFIG_EXT2_FS is not set -# CONFIG_EXT3_FS is not set +CONFIG_EXT2_FS=y +CONFIG_EXT2_FS_XATTR=y +CONFIG_EXT2_FS_POSIX_ACL=y +CONFIG_EXT2_FS_SECURITY=y +CONFIG_EXT3_FS=y +CONFIG_EXT3_FS_POSIX_ACL=y +CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT4_FS=y -CONFIG_EXT4_USE_FOR_EXT2=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set @@ -7879,7 +7933,7 @@ CONFIG_MSDOS_FS=m CONFIG_VFAT_FS=y CONFIG_FAT_DEFAULT_CODEPAGE=437 CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" -# CONFIG_FAT_DEFAULT_UTF8 is not set +CONFIG_FAT_DEFAULT_UTF8=y CONFIG_EXFAT_FS=m CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_NTFS_FS=m @@ -7904,7 +7958,7 @@ CONFIG_SYSFS=y CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_TMPFS_XATTR=y -CONFIG_TMPFS_INODE64=y +# CONFIG_TMPFS_INODE64 is not set CONFIG_ARCH_SUPPORTS_HUGETLBFS=y # CONFIG_HUGETLBFS is not set CONFIG_MEMFD_CREATE=y @@ -8055,7 +8109,7 @@ CONFIG_9P_FSCACHE=y CONFIG_9P_FS_POSIX_ACL=y CONFIG_9P_FS_SECURITY=y CONFIG_NLS=y -CONFIG_NLS_DEFAULT="iso8859-1" +CONFIG_NLS_DEFAULT="utf8" CONFIG_NLS_CODEPAGE_437=y CONFIG_NLS_CODEPAGE_737=y CONFIG_NLS_CODEPAGE_775=y @@ -8116,54 +8170,66 @@ CONFIG_IO_WQ=y # Security options # CONFIG_KEYS=y -# CONFIG_KEYS_REQUEST_CACHE is not set -# CONFIG_PERSISTENT_KEYRINGS is not set +CONFIG_KEYS_REQUEST_CACHE=y +CONFIG_PERSISTENT_KEYRINGS=y # CONFIG_BIG_KEYS is not set -# CONFIG_ENCRYPTED_KEYS is not set -# CONFIG_KEY_DH_OPERATIONS is not set +CONFIG_ENCRYPTED_KEYS=y +CONFIG_KEY_DH_OPERATIONS=y # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y -# CONFIG_SECURITY_NETWORK_XFRM is not set +CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y -CONFIG_LSM_MMAP_MIN_ADDR=32768 +CONFIG_LSM_MMAP_MIN_ADDR=0 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y -# CONFIG_HARDENED_USERCOPY_FALLBACK is not set +CONFIG_HARDENED_USERCOPY_FALLBACK=y # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set -# CONFIG_FORTIFY_SOURCE is not set -CONFIG_STATIC_USERMODEHELPER=y -CONFIG_STATIC_USERMODEHELPER_PATH="" +CONFIG_FORTIFY_SOURCE=y +# CONFIG_STATIC_USERMODEHELPER is not set CONFIG_SECURITY_SELINUX=y -# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set +CONFIG_SECURITY_SELINUX_BOOTPARAM=y # CONFIG_SECURITY_SELINUX_DISABLE is not set CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 -# CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_SMACK=y +# CONFIG_SECURITY_SMACK_BRINGUP is not set +CONFIG_SECURITY_SMACK_NETFILTER=y +CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y +CONFIG_SECURITY_TOMOYO=y +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y # CONFIG_SECURITY_APPARMOR_DEBUG is not set # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_YAMA is not set -# CONFIG_SECURITY_SAFESETID is not set +CONFIG_SECURITY_YAMA=y +CONFIG_SECURITY_SAFESETID=y # CONFIG_SECURITY_LOCKDOWN_LSM is not set # CONFIG_SECURITY_LANDLOCK is not set CONFIG_INTEGRITY=y -# CONFIG_INTEGRITY_SIGNATURE is not set +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_IMA is not set # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set # CONFIG_EVM is not set -CONFIG_DEFAULT_SECURITY_SELINUX=y -# CONFIG_DEFAULT_SECURITY_APPARMOR is not set +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_SMACK is not set +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set +CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf" +CONFIG_LSM="lockdown,yama,integrity,apparmor" # # Kernel hardening options @@ -8226,7 +8292,7 @@ CONFIG_CRYPTO_ENGINE=y # Public-key cryptography # CONFIG_CRYPTO_RSA=y -# CONFIG_CRYPTO_DH is not set +CONFIG_CRYPTO_DH=y CONFIG_CRYPTO_ECC=y CONFIG_CRYPTO_ECDH=y # CONFIG_CRYPTO_ECDSA is not set @@ -8506,6 +8572,7 @@ CONFIG_NLATTR=y CONFIG_CLZ_TAB=y CONFIG_IRQ_POLL=y CONFIG_MPILIB=y +CONFIG_SIGNATURE=y CONFIG_LIBFDT=y CONFIG_OID_REGISTRY=y CONFIG_UCS2_STRING=y @@ -8758,7 +8825,6 @@ CONFIG_FTRACE=y # CONFIG_TRACER_SNAPSHOT is not set CONFIG_BRANCH_PROFILE_NONE=y # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set -# CONFIG_PROFILE_ALL_BRANCHES is not set # CONFIG_BLK_DEV_IO_TRACE is not set CONFIG_KPROBE_EVENTS=y CONFIG_UPROBE_EVENTS=y