Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Aluciani:new_config_file (teest under qemu over 6.1.8 kernel bump branch) #1817

Draft
wants to merge 14 commits into
base: master
Choose a base branch
from

Conversation

tlaurion
Copy link
Collaborator

@tlaurion tlaurion commented Oct 20, 2024

Superseeds #1816 with documentation in commit logs from "Oct 20, 2024" at https://github.com/linuxboot/heads/pull/1817/commits

@aluciani: please review commit logs and challenge directly as comments under nv41 shared linux config file with ns50 at https://github.com/linuxboot/heads/pull/1817/files/0ef67e1e87d31d59c9886b75c6d5daaa42bd626e#diff-782b88c1e0e03988fb8336bd99c65310869be9f3c1e3a88a1be57bcd5ab7c4e8


Putting as draft. Here too: not ready for merge. Commitss could be cherry-picked on top of #1803 from which ithis PR is based on top of.

Also add Makefile helper to move from tested to unmaintained

Done by:
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-hotp-legacy board.move_tested_to_unmaintained
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-legacy board.move_tested_to_unmaintained
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-legacy-flash board.move_tested_to_unmaintained
git difftool -d
git add .circleci/config.yml boards/x230-hotp-legacy/x230-hotp-legacy.config boards/x230-legacy-flash/x230-legacy-flash.config boards/x230-legacy/x230-legacy.config unmaintained_boards/UNMAINTAINED_x230-hotp-legacy/ unmaintained_boards/UNMAINTAINED_x230-legacy-flash/ unmaintained_boards/UNMAINTAINED_x230-legacy/
git commit --signoff -m

Signed-off-by: Thierry Laurion <[email protected]>
…place to see new defconfig settings saved in oldconfig and compare with librems

Diff with librem:
index 6a61e18083..70590d5b1b 100644
--- a/config/linux-x230-maximized.config
+++ b/config/linux-x230-maximized.config
@@ -110,13 +110,11 @@ CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
 # CONFIG_BPF_JIT is not set
 # end of BPF subsystem

-CONFIG_PREEMPT_BUILD=y
+CONFIG_PREEMPT_NONE_BUILD=y
 CONFIG_PREEMPT_NONE=y
 # CONFIG_PREEMPT_VOLUNTARY is not set
 # CONFIG_PREEMPT is not set
-CONFIG_PREEMPT_COUNT=y
-CONFIG_PREEMPTION=y
-CONFIG_PREEMPT_DYNAMIC=y
+# CONFIG_PREEMPT_DYNAMIC is not set
 # CONFIG_SCHED_CORE is not set

 #
@@ -134,7 +132,6 @@ CONFIG_TICK_CPU_ACCOUNTING=y
 # RCU Subsystem
 #
 CONFIG_TREE_RCU=y
-CONFIG_PREEMPT_RCU=y
 # CONFIG_RCU_EXPERT is not set
 CONFIG_SRCU=y
 CONFIG_TREE_SRCU=y
@@ -166,7 +163,7 @@ CONFIG_ARCH_SUPPORTS_INT128=y
 # CONFIG_CHECKPOINT_RESTORE is not set
 # CONFIG_SCHED_AUTOGROUP is not set
 # CONFIG_SYSFS_DEPRECATED is not set
-CONFIG_RELAY=y
+# CONFIG_RELAY is not set
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_INITRAMFS_SOURCE="@BLOB_DIR@/dev.cpio"
 CONFIG_INITRAMFS_ROOT_UID=0
@@ -181,7 +178,7 @@ CONFIG_RD_XZ=y
 CONFIG_INITRAMFS_COMPRESSION_XZ=y
 # CONFIG_INITRAMFS_COMPRESSION_NONE is not set
 # CONFIG_BOOT_CONFIG is not set
-CONFIG_INITRAMFS_PRESERVE_MTIME=y
+# CONFIG_INITRAMFS_PRESERVE_MTIME is not set
 # CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set
 CONFIG_CC_OPTIMIZE_FOR_SIZE=y
 CONFIG_LD_ORPHAN_WARN=y
@@ -211,7 +208,7 @@ CONFIG_IO_URING=y
 CONFIG_MEMBARRIER=y
 # CONFIG_KALLSYMS is not set
 CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
-# CONFIG_KCMP is not set
+CONFIG_KCMP=y
 # CONFIG_RSEQ is not set
 CONFIG_EMBEDDED=y
 CONFIG_HAVE_PERF_EVENTS=y
@@ -302,14 +299,14 @@ CONFIG_BOOT_VESA_SUPPORT=y
 CONFIG_NR_CPUS_RANGE_BEGIN=2
 CONFIG_NR_CPUS_RANGE_END=512
 CONFIG_NR_CPUS_DEFAULT=64
-CONFIG_NR_CPUS=64
+CONFIG_NR_CPUS=32
 CONFIG_SCHED_CLUSTER=y
 CONFIG_SCHED_SMT=y
 CONFIG_SCHED_MC=y
 CONFIG_SCHED_MC_PRIO=y
 CONFIG_X86_LOCAL_APIC=y
 CONFIG_X86_IO_APIC=y
-CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
+# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
 CONFIG_X86_MCE=y
 # CONFIG_X86_MCELOG_LEGACY is not set
 CONFIG_X86_MCE_INTEL=y
@@ -338,7 +335,7 @@ CONFIG_X86_PMEM_LEGACY_DEVICE=y
 CONFIG_X86_PMEM_LEGACY=y
 # CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
 # CONFIG_MTRR is not set
-# CONFIG_X86_UMIP is not set
+CONFIG_X86_UMIP=y
 CONFIG_CC_HAS_IBT=y
 # CONFIG_X86_KERNEL_IBT is not set
 # CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set
@@ -358,8 +355,13 @@ CONFIG_ARCH_HAS_KEXEC_PURGATORY=y
 # CONFIG_KEXEC_SIG is not set
 # CONFIG_CRASH_DUMP is not set
 CONFIG_PHYSICAL_START=0x1000000
-# CONFIG_RELOCATABLE is not set
+CONFIG_RELOCATABLE=y
+CONFIG_RANDOMIZE_BASE=y
+CONFIG_X86_NEED_RELOCS=y
 CONFIG_PHYSICAL_ALIGN=0x1000000
+CONFIG_DYNAMIC_MEMORY_LAYOUT=y
+CONFIG_RANDOMIZE_MEMORY=y
+CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set
@@ -373,9 +375,8 @@ CONFIG_HAVE_LIVEPATCH=y

 CONFIG_CC_HAS_RETURN_THUNK=y
 CONFIG_SPECULATION_MITIGATIONS=y
-# CONFIG_PAGE_TABLE_ISOLATION is not set
-CONFIG_RETPOLINE=y
-CONFIG_RETHUNK=y
+CONFIG_PAGE_TABLE_ISOLATION=y
+# CONFIG_RETPOLINE is not set
 CONFIG_CPU_IBRS_ENTRY=y
 CONFIG_ARCH_HAS_ADD_PAGES=y
 CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y
@@ -678,7 +679,11 @@ CONFIG_MQ_IOSCHED_DEADLINE=y
 # CONFIG_IOSCHED_BFQ is not set
 # end of IO Schedulers

-CONFIG_UNINLINE_SPIN_UNLOCK=y
+CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
+CONFIG_INLINE_READ_UNLOCK=y
+CONFIG_INLINE_READ_UNLOCK_IRQ=y
+CONFIG_INLINE_WRITE_UNLOCK=y
+CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
 CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
 CONFIG_MUTEX_SPIN_ON_OWNER=y
 CONFIG_RWSEM_SPIN_ON_OWNER=y
@@ -791,7 +796,7 @@ CONFIG_INET=y
 # CONFIG_IP_PNP is not set
 # CONFIG_NET_IPIP is not set
 # CONFIG_NET_IPGRE_DEMUX is not set
-CONFIG_SYN_COOKIES=y
+# CONFIG_SYN_COOKIES is not set
 # CONFIG_NET_IPVTI is not set
 # CONFIG_NET_FOU is not set
 # CONFIG_INET_AH is not set
@@ -880,7 +885,11 @@ CONFIG_HAVE_PCI=y
 CONFIG_PCI=y
 CONFIG_PCI_DOMAINS=y
 # CONFIG_PCIEPORTBUS is not set
-# CONFIG_PCIEASPM is not set
+CONFIG_PCIEASPM=y
+CONFIG_PCIEASPM_DEFAULT=y
+# CONFIG_PCIEASPM_POWERSAVE is not set
+# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set
+# CONFIG_PCIEASPM_PERFORMANCE is not set
 # CONFIG_PCIE_PTM is not set
 CONFIG_PCI_MSI=y
 CONFIG_PCI_MSI_IRQ_DOMAIN=y
@@ -997,16 +1006,11 @@ CONFIG_DMA_SHARED_BUFFER=y
 # CONFIG_DMIID is not set
 # CONFIG_DMI_SYSFS is not set
 CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
+# CONFIG_ISCSI_IBFT is not set
 # CONFIG_FW_CFG_SYSFS is not set
 CONFIG_SYSFB=y
-# CONFIG_SYSFB_SIMPLEFB is not set
-CONFIG_GOOGLE_FIRMWARE=y
-# CONFIG_GOOGLE_SMI is not set
-CONFIG_GOOGLE_COREBOOT_TABLE=y
-CONFIG_GOOGLE_MEMCONSOLE=y
-CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY=y
-CONFIG_GOOGLE_MEMCONSOLE_COREBOOT=y
-# CONFIG_GOOGLE_VPD is not set
+CONFIG_SYSFB_SIMPLEFB=y
+# CONFIG_GOOGLE_FIRMWARE is not set

 #
 # EFI (Extensible Firmware Interface) Support
@@ -1063,30 +1067,24 @@ CONFIG_BLK_DEV_RAM_SIZE=65536
 #
 # NVME Support
 #
-# CONFIG_BLK_DEV_NVME is not set
+CONFIG_NVME_CORE=y
+CONFIG_BLK_DEV_NVME=y
+# CONFIG_NVME_MULTIPATH is not set
+# CONFIG_NVME_VERBOSE_ERRORS is not set
 # CONFIG_NVME_FC is not set
 # CONFIG_NVME_TCP is not set
+# CONFIG_NVME_AUTH is not set
 # end of NVME Support

 #
 # Misc devices
 #
-# CONFIG_AD525X_DPOT is not set
 # CONFIG_DUMMY_IRQ is not set
 # CONFIG_IBM_ASM is not set
 # CONFIG_PHANTOM is not set
 # CONFIG_TIFM_CORE is not set
-# CONFIG_ICS932S401 is not set
 # CONFIG_ENCLOSURE_SERVICES is not set
 # CONFIG_HP_ILO is not set
-# CONFIG_APDS9802ALS is not set
-# CONFIG_ISL29003 is not set
-# CONFIG_ISL29020 is not set
-# CONFIG_SENSORS_TSL2550 is not set
-# CONFIG_SENSORS_BH1770 is not set
-# CONFIG_SENSORS_APDS990X is not set
-# CONFIG_HMC6352 is not set
-# CONFIG_DS1682 is not set
 # CONFIG_SRAM is not set
 # CONFIG_DW_XDATA_PCIE is not set
 # CONFIG_PCI_ENDPOINT_TEST is not set
@@ -1096,12 +1094,7 @@ CONFIG_BLK_DEV_RAM_SIZE=65536
 #
 # EEPROM support
 #
-# CONFIG_EEPROM_AT24 is not set
-# CONFIG_EEPROM_LEGACY is not set
-# CONFIG_EEPROM_MAX6875 is not set
 # CONFIG_EEPROM_93CX6 is not set
-# CONFIG_EEPROM_IDT_89HPESX is not set
-# CONFIG_EEPROM_EE1004 is not set
 # end of EEPROM support

 # CONFIG_CB710_CORE is not set
@@ -1111,11 +1104,12 @@ CONFIG_BLK_DEV_RAM_SIZE=65536
 #
 # end of Texas Instruments shared transport line discipline

-# CONFIG_SENSORS_LIS3_I2C is not set
-# CONFIG_ALTERA_STAPL is not set
-CONFIG_INTEL_MEI=m
-CONFIG_INTEL_MEI_ME=m
-CONFIG_INTEL_MEI_TXE=m
+#
+# Altera FPGA firmware download module (requires I2C)
+#
+# CONFIG_INTEL_MEI is not set
+# CONFIG_INTEL_MEI_ME is not set
+# CONFIG_INTEL_MEI_TXE is not set
 # CONFIG_VMWARE_VMCI is not set
 # CONFIG_GENWQE is not set
 # CONFIG_ECHO is not set
@@ -1162,14 +1156,64 @@ CONFIG_SCSI_ISCSI_ATTRS=y
 # CONFIG_SCSI_SRP_ATTRS is not set
 # end of SCSI Transports

-# CONFIG_SCSI_LOWLEVEL is not set
+CONFIG_SCSI_LOWLEVEL=y
+CONFIG_ISCSI_TCP=y
+# CONFIG_ISCSI_BOOT_SYSFS is not set
+# CONFIG_SCSI_CXGB3_ISCSI is not set
+# CONFIG_SCSI_CXGB4_ISCSI is not set
+# CONFIG_SCSI_BNX2_ISCSI is not set
+# CONFIG_BE2ISCSI is not set
+# CONFIG_BLK_DEV_3W_XXXX_RAID is not set
+# CONFIG_SCSI_HPSA is not set
+# CONFIG_SCSI_3W_9XXX is not set
+# CONFIG_SCSI_3W_SAS is not set
+# CONFIG_SCSI_ACARD is not set
+# CONFIG_SCSI_AACRAID is not set
+# CONFIG_SCSI_AIC7XXX is not set
+# CONFIG_SCSI_AIC79XX is not set
+# CONFIG_SCSI_AIC94XX is not set
+# CONFIG_SCSI_MVSAS is not set
+# CONFIG_SCSI_MVUMI is not set
+# CONFIG_SCSI_ADVANSYS is not set
+# CONFIG_SCSI_ARCMSR is not set
+# CONFIG_SCSI_ESAS2R is not set
+# CONFIG_MEGARAID_NEWGEN is not set
+# CONFIG_MEGARAID_LEGACY is not set
+# CONFIG_MEGARAID_SAS is not set
+# CONFIG_SCSI_MPT3SAS is not set
+# CONFIG_SCSI_MPT2SAS is not set
+# CONFIG_SCSI_MPI3MR is not set
+# CONFIG_SCSI_SMARTPQI is not set
+# CONFIG_SCSI_HPTIOP is not set
+# CONFIG_SCSI_BUSLOGIC is not set
+# CONFIG_SCSI_MYRB is not set
+# CONFIG_SCSI_MYRS is not set
+# CONFIG_VMWARE_PVSCSI is not set
+# CONFIG_SCSI_SNIC is not set
+# CONFIG_SCSI_DMX3191D is not set
+# CONFIG_SCSI_FDOMAIN_PCI is not set
+# CONFIG_SCSI_ISCI is not set
+# CONFIG_SCSI_IPS is not set
+# CONFIG_SCSI_INITIO is not set
+# CONFIG_SCSI_INIA100 is not set
+# CONFIG_SCSI_STEX is not set
+# CONFIG_SCSI_SYM53C8XX_2 is not set
+# CONFIG_SCSI_IPR is not set
+# CONFIG_SCSI_QLOGIC_1280 is not set
+# CONFIG_SCSI_QLA_ISCSI is not set
+# CONFIG_SCSI_DC395x is not set
+# CONFIG_SCSI_AM53C974 is not set
+# CONFIG_SCSI_WD719X is not set
+# CONFIG_SCSI_DEBUG is not set
+# CONFIG_SCSI_PMCRAID is not set
+# CONFIG_SCSI_PM8001 is not set
 # CONFIG_SCSI_DH is not set
 # end of SCSI device support

 CONFIG_ATA=y
 CONFIG_SATA_HOST=y
 CONFIG_PATA_TIMINGS=y
-CONFIG_ATA_VERBOSE_ERROR=y
+# CONFIG_ATA_VERBOSE_ERROR is not set
 CONFIG_ATA_FORCE=y
 CONFIG_ATA_ACPI=y
 CONFIG_SATA_PMP=y
@@ -1428,10 +1472,7 @@ CONFIG_INPUT_VIVALDIFMAP=y
 #
 # Userland interfaces
 #
-CONFIG_INPUT_MOUSEDEV=y
-# CONFIG_INPUT_MOUSEDEV_PSAUX is not set
-CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
-CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
+# CONFIG_INPUT_MOUSEDEV is not set
 # CONFIG_INPUT_JOYDEV is not set
 # CONFIG_INPUT_EVDEV is not set
 # CONFIG_INPUT_EVBUG is not set
@@ -1440,49 +1481,15 @@ CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
 # Input Device Drivers
 #
 CONFIG_INPUT_KEYBOARD=y
-# CONFIG_KEYBOARD_ADP5588 is not set
-# CONFIG_KEYBOARD_ADP5589 is not set
 CONFIG_KEYBOARD_ATKBD=y
-# CONFIG_KEYBOARD_QT1050 is not set
-# CONFIG_KEYBOARD_QT1070 is not set
-# CONFIG_KEYBOARD_QT2160 is not set
-# CONFIG_KEYBOARD_DLINK_DIR685 is not set
 # CONFIG_KEYBOARD_LKKBD is not set
-# CONFIG_KEYBOARD_TCA6416 is not set
-# CONFIG_KEYBOARD_TCA8418 is not set
-# CONFIG_KEYBOARD_LM8333 is not set
-# CONFIG_KEYBOARD_MAX7359 is not set
-# CONFIG_KEYBOARD_MCS is not set
-# CONFIG_KEYBOARD_MPR121 is not set
 # CONFIG_KEYBOARD_NEWTON is not set
 # CONFIG_KEYBOARD_OPENCORES is not set
 # CONFIG_KEYBOARD_SAMSUNG is not set
 # CONFIG_KEYBOARD_STOWAWAY is not set
 # CONFIG_KEYBOARD_SUNKBD is not set
 # CONFIG_KEYBOARD_XTKBD is not set
-# CONFIG_KEYBOARD_CYPRESS_SF is not set
-CONFIG_INPUT_MOUSE=y
-CONFIG_MOUSE_PS2=y
-# CONFIG_MOUSE_PS2_ALPS is not set
-# CONFIG_MOUSE_PS2_BYD is not set
-# CONFIG_MOUSE_PS2_LOGIPS2PP is not set
-CONFIG_MOUSE_PS2_SYNAPTICS=y
-# CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS is not set
-# CONFIG_MOUSE_PS2_CYPRESS is not set
-# CONFIG_MOUSE_PS2_LIFEBOOK is not set
-# CONFIG_MOUSE_PS2_TRACKPOINT is not set
-# CONFIG_MOUSE_PS2_ELANTECH is not set
-# CONFIG_MOUSE_PS2_SENTELIC is not set
-# CONFIG_MOUSE_PS2_TOUCHKIT is not set
-# CONFIG_MOUSE_PS2_FOCALTECH is not set
-# CONFIG_MOUSE_SERIAL is not set
-# CONFIG_MOUSE_APPLETOUCH is not set
-# CONFIG_MOUSE_BCM5974 is not set
-# CONFIG_MOUSE_CYAPA is not set
-# CONFIG_MOUSE_ELAN_I2C is not set
-# CONFIG_MOUSE_VSXXXAA is not set
-# CONFIG_MOUSE_SYNAPTICS_I2C is not set
-# CONFIG_MOUSE_SYNAPTICS_USB is not set
+# CONFIG_INPUT_MOUSE is not set
 # CONFIG_INPUT_JOYSTICK is not set
 # CONFIG_INPUT_TABLET is not set
 # CONFIG_INPUT_TOUCHSCREEN is not set
@@ -1519,7 +1526,7 @@ CONFIG_HW_CONSOLE=y
 CONFIG_VT_HW_CONSOLE_BINDING=y
 CONFIG_UNIX98_PTYS=y
 # CONFIG_LEGACY_PTYS is not set
-# CONFIG_LDISC_AUTOLOAD is not set
+CONFIG_LDISC_AUTOLOAD=y

 #
 # Serial drivers
@@ -1548,7 +1555,6 @@ CONFIG_SERIAL_CORE=y
 # CONFIG_SERIAL_JSM is not set
 # CONFIG_SERIAL_LANTIQ is not set
 # CONFIG_SERIAL_SCCNXP is not set
-# CONFIG_SERIAL_SC16IS7XX is not set
 # CONFIG_SERIAL_ALTERA_JTAGUART is not set
 # CONFIG_SERIAL_ALTERA_UART is not set
 # CONFIG_SERIAL_ARC is not set
@@ -1567,7 +1573,6 @@ CONFIG_TTY_PRINTK=y
 CONFIG_TTY_PRINTK_LEVEL=6
 # CONFIG_VIRTIO_CONSOLE is not set
 # CONFIG_IPMI_HANDLER is not set
-# CONFIG_IPMB_DEVICE_INTERFACE is not set
 CONFIG_HW_RANDOM=y
 # CONFIG_HW_RANDOM_TIMERIOMEM is not set
 CONFIG_HW_RANDOM_INTEL=y
@@ -1586,17 +1591,11 @@ CONFIG_TCG_TPM=y
 # CONFIG_HW_RANDOM_TPM is not set
 CONFIG_TCG_TIS_CORE=y
 CONFIG_TCG_TIS=y
-# CONFIG_TCG_TIS_I2C is not set
-# CONFIG_TCG_TIS_I2C_CR50 is not set
-# CONFIG_TCG_TIS_I2C_ATMEL is not set
-# CONFIG_TCG_TIS_I2C_INFINEON is not set
-# CONFIG_TCG_TIS_I2C_NUVOTON is not set
 # CONFIG_TCG_NSC is not set
 # CONFIG_TCG_ATMEL is not set
 # CONFIG_TCG_INFINEON is not set
 # CONFIG_TCG_CRB is not set
 # CONFIG_TCG_VTPM_PROXY is not set
-# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
 # CONFIG_TELCLOCK is not set
 # CONFIG_XILLYBUS is not set
 # CONFIG_XILLYUSB is not set
@@ -1607,88 +1606,7 @@ CONFIG_RANDOM_TRUST_CPU=y
 #
 # I2C support
 #
-CONFIG_I2C=y
-CONFIG_ACPI_I2C_OPREGION=y
-CONFIG_I2C_BOARDINFO=y
-# CONFIG_I2C_COMPAT is not set
-# CONFIG_I2C_CHARDEV is not set
-# CONFIG_I2C_MUX is not set
-# CONFIG_I2C_HELPER_AUTO is not set
-# CONFIG_I2C_SMBUS is not set
-
-#
-# I2C Algorithms
-#
-CONFIG_I2C_ALGOBIT=y
-# CONFIG_I2C_ALGOPCF is not set
-# CONFIG_I2C_ALGOPCA is not set
-# end of I2C Algorithms
-
-#
-# I2C Hardware Bus support
-#
-
-#
-# PC SMBus host controller drivers
-#
-# CONFIG_I2C_ALI1535 is not set
-# CONFIG_I2C_ALI1563 is not set
-# CONFIG_I2C_ALI15X3 is not set
-# CONFIG_I2C_AMD756 is not set
-# CONFIG_I2C_AMD8111 is not set
-# CONFIG_I2C_AMD_MP2 is not set
-# CONFIG_I2C_I801 is not set
-# CONFIG_I2C_ISCH is not set
-# CONFIG_I2C_ISMT is not set
-# CONFIG_I2C_PIIX4 is not set
-# CONFIG_I2C_NFORCE2 is not set
-# CONFIG_I2C_NVIDIA_GPU is not set
-# CONFIG_I2C_SIS5595 is not set
-# CONFIG_I2C_SIS630 is not set
-# CONFIG_I2C_SIS96X is not set
-# CONFIG_I2C_VIA is not set
-# CONFIG_I2C_VIAPRO is not set
-
-#
-# ACPI drivers
-#
-# CONFIG_I2C_SCMI is not set
-
-#
-# I2C system bus drivers (mostly embedded / system-on-chip)
-#
-# CONFIG_I2C_DESIGNWARE_PLATFORM is not set
-# CONFIG_I2C_DESIGNWARE_PCI is not set
-# CONFIG_I2C_EMEV2 is not set
-# CONFIG_I2C_OCORES is not set
-# CONFIG_I2C_PCA_PLATFORM is not set
-# CONFIG_I2C_SIMTEC is not set
-# CONFIG_I2C_XILINX is not set
-
-#
-# External I2C/SMBus adapter drivers
-#
-# CONFIG_I2C_DIOLAN_U2C is not set
-# CONFIG_I2C_CP2615 is not set
-# CONFIG_I2C_PCI1XXXX is not set
-# CONFIG_I2C_ROBOTFUZZ_OSIF is not set
-# CONFIG_I2C_TAOS_EVM is not set
-# CONFIG_I2C_TINY_USB is not set
-
-#
-# Other I2C/SMBus bus drivers
-#
-# CONFIG_I2C_MLXCPLD is not set
-# CONFIG_I2C_VIRTIO is not set
-# end of I2C Hardware Bus support
-
-# CONFIG_I2C_STUB is not set
-CONFIG_I2C_SLAVE=y
-# CONFIG_I2C_SLAVE_EEPROM is not set
-# CONFIG_I2C_SLAVE_TESTUNIT is not set
-# CONFIG_I2C_DEBUG_CORE is not set
-# CONFIG_I2C_DEBUG_ALGO is not set
-# CONFIG_I2C_DEBUG_BUS is not set
+# CONFIG_I2C is not set
 # end of I2C support

 # CONFIG_I3C is not set
@@ -1715,29 +1633,13 @@ CONFIG_PTP_1588_CLOCK_OPTIONAL=y
 CONFIG_POWER_SUPPLY=y
 # CONFIG_POWER_SUPPLY_DEBUG is not set
 # CONFIG_PDA_POWER is not set
-# CONFIG_IP5XXX_POWER is not set
 # CONFIG_TEST_POWER is not set
-# CONFIG_CHARGER_ADP5061 is not set
-# CONFIG_BATTERY_CW2015 is not set
 # CONFIG_BATTERY_DS2780 is not set
 # CONFIG_BATTERY_DS2781 is not set
-# CONFIG_BATTERY_DS2782 is not set
 # CONFIG_BATTERY_SAMSUNG_SDI is not set
-# CONFIG_BATTERY_SBS is not set
-# CONFIG_CHARGER_SBS is not set
 # CONFIG_BATTERY_BQ27XXX is not set
-# CONFIG_BATTERY_MAX17040 is not set
-# CONFIG_BATTERY_MAX17042 is not set
 # CONFIG_CHARGER_MAX8903 is not set
-# CONFIG_CHARGER_LP8727 is not set
-# CONFIG_CHARGER_LTC4162L is not set
-# CONFIG_CHARGER_MAX77976 is not set
-# CONFIG_CHARGER_BQ2415X is not set
-# CONFIG_BATTERY_GAUGE_LTC2941 is not set
 # CONFIG_BATTERY_GOLDFISH is not set
-# CONFIG_BATTERY_RT5033 is not set
-# CONFIG_CHARGER_BD99954 is not set
-# CONFIG_BATTERY_UG3105 is not set
 # CONFIG_HWMON is not set
 CONFIG_THERMAL=y
 # CONFIG_THERMAL_NETLINK is not set
@@ -1782,81 +1684,25 @@ CONFIG_BCMA_POSSIBLE=y
 #
 # Multifunction device drivers
 #
-# CONFIG_MFD_AS3711 is not set
-# CONFIG_PMIC_ADP5520 is not set
-# CONFIG_MFD_BCM590XX is not set
-# CONFIG_MFD_BD9571MWV is not set
-# CONFIG_MFD_AXP20X_I2C is not set
 # CONFIG_MFD_MADERA is not set
-# CONFIG_PMIC_DA903X is not set
-# CONFIG_MFD_DA9052_I2C is not set
-# CONFIG_MFD_DA9055 is not set
-# CONFIG_MFD_DA9062 is not set
-# CONFIG_MFD_DA9063 is not set
-# CONFIG_MFD_DA9150 is not set
 # CONFIG_MFD_DLN2 is not set
-# CONFIG_MFD_MC13XXX_I2C is not set
-# CONFIG_MFD_MP2629 is not set
 # CONFIG_HTC_PASIC3 is not set
 # CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
 # CONFIG_LPC_ICH is not set
 # CONFIG_LPC_SCH is not set
 # CONFIG_MFD_INTEL_LPSS_ACPI is not set
 # CONFIG_MFD_INTEL_LPSS_PCI is not set
-# CONFIG_MFD_IQS62X is not set
+# CONFIG_MFD_INTEL_PMC_BXT is not set
 # CONFIG_MFD_JANZ_CMODIO is not set
 # CONFIG_MFD_KEMPLD is not set
-# CONFIG_MFD_88PM800 is not set
-# CONFIG_MFD_88PM805 is not set
-# CONFIG_MFD_88PM860X is not set
-# CONFIG_MFD_MAX14577 is not set
-# CONFIG_MFD_MAX77693 is not set
-# CONFIG_MFD_MAX77843 is not set
-# CONFIG_MFD_MAX8907 is not set
-# CONFIG_MFD_MAX8925 is not set
-# CONFIG_MFD_MAX8997 is not set
-# CONFIG_MFD_MAX8998 is not set
-# CONFIG_MFD_MT6360 is not set
-# CONFIG_MFD_MT6370 is not set
 # CONFIG_MFD_MT6397 is not set
-# CONFIG_MFD_MENF21BMC is not set
 # CONFIG_MFD_VIPERBOARD is not set
-# CONFIG_MFD_RETU is not set
-# CONFIG_MFD_PCF50633 is not set
-# CONFIG_MFD_SY7636A is not set
 # CONFIG_MFD_RDC321X is not set
-# CONFIG_MFD_RT4831 is not set
-# CONFIG_MFD_RT5033 is not set
-# CONFIG_MFD_RT5120 is not set
-# CONFIG_MFD_RC5T583 is not set
-# CONFIG_MFD_SI476X_CORE is not set
 # CONFIG_MFD_SM501 is not set
-# CONFIG_MFD_SKY81452 is not set
 CONFIG_MFD_SYSCON=y
 # CONFIG_MFD_TI_AM335X_TSCADC is not set
-# CONFIG_MFD_LP3943 is not set
-# CONFIG_MFD_LP8788 is not set
-# CONFIG_MFD_TI_LMU is not set
-# CONFIG_MFD_PALMAS is not set
-# CONFIG_TPS6105X is not set
-# CONFIG_TPS6507X is not set
-# CONFIG_MFD_TPS65086 is not set
-# CONFIG_MFD_TPS65090 is not set
-# CONFIG_MFD_TI_LP873X is not set
-# CONFIG_MFD_TPS6586X is not set
-# CONFIG_MFD_TPS65912_I2C is not set
-# CONFIG_TWL4030_CORE is not set
-# CONFIG_TWL6040_CORE is not set
-# CONFIG_MFD_WL1273_CORE is not set
-# CONFIG_MFD_LM3533 is not set
 # CONFIG_MFD_TQMX86 is not set
 # CONFIG_MFD_VX855 is not set
-# CONFIG_MFD_ARIZONA_I2C is not set
-# CONFIG_MFD_WM8400 is not set
-# CONFIG_MFD_WM831X_I2C is not set
-# CONFIG_MFD_WM8350_I2C is not set
-# CONFIG_MFD_WM8994 is not set
-# CONFIG_MFD_ATC260X_I2C is not set
 # end of Multifunction device drivers

 # CONFIG_REGULATOR is not set
@@ -1954,12 +1800,6 @@ CONFIG_BACKLIGHT_CLASS_DEVICE=y
 # CONFIG_BACKLIGHT_APPLE is not set
 # CONFIG_BACKLIGHT_QCOM_WLED is not set
 # CONFIG_BACKLIGHT_SAHARA is not set
-# CONFIG_BACKLIGHT_ADP8860 is not set
-# CONFIG_BACKLIGHT_ADP8870 is not set
-# CONFIG_BACKLIGHT_LM3639 is not set
-# CONFIG_BACKLIGHT_LV5207LP is not set
-# CONFIG_BACKLIGHT_BD6107 is not set
-# CONFIG_BACKLIGHT_ARCXCNN is not set
 # end of Backlight & LCD device support

 #
@@ -1970,7 +1810,7 @@ CONFIG_DUMMY_CONSOLE=y
 CONFIG_DUMMY_CONSOLE_COLUMNS=80
 CONFIG_DUMMY_CONSOLE_ROWS=25
 CONFIG_FRAMEBUFFER_CONSOLE=y
-# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set
+CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION=y
 CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
 # CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set
 # CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set
@@ -2093,12 +1933,6 @@ CONFIG_USB_HID=m
 # end of USB HID Boot Protocol drivers
 # end of USB HID support

-#
-# I2C HID support
-#
-# CONFIG_I2C_HID_ACPI is not set
-# end of I2C HID support
-
 #
 # Intel ISH HID support
 #
@@ -2150,9 +1984,7 @@ CONFIG_USB_EHCI_HCD_PLATFORM=m
 # CONFIG_USB_OXU210HP_HCD is not set
 # CONFIG_USB_ISP116X_HCD is not set
 # CONFIG_USB_FOTG210_HCD is not set
-CONFIG_USB_OHCI_HCD=m
-CONFIG_USB_OHCI_HCD_PCI=m
-# CONFIG_USB_OHCI_HCD_PLATFORM is not set
+# CONFIG_USB_OHCI_HCD is not set
 # CONFIG_USB_UHCI_HCD is not set
 # CONFIG_USB_SL811_HCD is not set
 # CONFIG_USB_R8A66597_HCD is not set
@@ -2232,9 +2064,6 @@ CONFIG_USB_STORAGE=m
 # CONFIG_USB_ISIGHTFW is not set
 # CONFIG_USB_YUREX is not set
 # CONFIG_USB_EZUSB_FX2 is not set
-# CONFIG_USB_HUB_USB251XB is not set
-# CONFIG_USB_HSIC_USB3503 is not set
-# CONFIG_USB_HSIC_USB4604 is not set
 # CONFIG_USB_LINK_LAYER_TEST is not set
 # CONFIG_USB_CHAOSKEY is not set

@@ -2242,37 +2071,12 @@ CONFIG_USB_STORAGE=m
 # USB Physical Layer drivers
 #
 # CONFIG_NOP_USB_XCEIV is not set
-# CONFIG_USB_ISP1301 is not set
 # end of USB Physical Layer drivers

 # CONFIG_USB_GADGET is not set
 # CONFIG_TYPEC is not set
 # CONFIG_USB_ROLE_SWITCH is not set
-CONFIG_MMC=m
-CONFIG_MMC_BLOCK=m
-CONFIG_MMC_BLOCK_MINORS=8
-# CONFIG_SDIO_UART is not set
-# CONFIG_MMC_TEST is not set
-
-#
-# MMC/SD/SDIO Host Controller Drivers
-#
-# CONFIG_MMC_DEBUG is not set
-CONFIG_MMC_SDHCI=m
-# CONFIG_MMC_SDHCI_PCI is not set
-# CONFIG_MMC_SDHCI_ACPI is not set
-# CONFIG_MMC_SDHCI_PLTFM is not set
-# CONFIG_MMC_WBSD is not set
-# CONFIG_MMC_TIFM_SD is not set
-# CONFIG_MMC_CB710 is not set
-# CONFIG_MMC_VIA_SDMMC is not set
-# CONFIG_MMC_VUB300 is not set
-# CONFIG_MMC_USHC is not set
-# CONFIG_MMC_USDHI6ROL0 is not set
-CONFIG_MMC_CQHCI=m
-# CONFIG_MMC_HSQ is not set
-# CONFIG_MMC_TOSHIBA_PCI is not set
-# CONFIG_MMC_MTK is not set
+# CONFIG_MMC is not set
 # CONFIG_SCSI_UFSHCD is not set
 # CONFIG_MEMSTICK is not set
 # CONFIG_NEW_LEDS is not set
@@ -2302,47 +2106,14 @@ CONFIG_RTC_INTF_DEV=y
 #
 # I2C RTC drivers
 #
-# CONFIG_RTC_DRV_ABB5ZES3 is not set
-# CONFIG_RTC_DRV_ABEOZ9 is not set
-# CONFIG_RTC_DRV_ABX80X is not set
-# CONFIG_RTC_DRV_DS1307 is not set
-# CONFIG_RTC_DRV_DS1374 is not set
-# CONFIG_RTC_DRV_DS1672 is not set
-# CONFIG_RTC_DRV_MAX6900 is not set
-# CONFIG_RTC_DRV_RS5C372 is not set
-# CONFIG_RTC_DRV_ISL1208 is not set
-# CONFIG_RTC_DRV_ISL12022 is not set
-# CONFIG_RTC_DRV_X1205 is not set
-# CONFIG_RTC_DRV_PCF8523 is not set
-# CONFIG_RTC_DRV_PCF85063 is not set
-# CONFIG_RTC_DRV_PCF85363 is not set
-# CONFIG_RTC_DRV_PCF8563 is not set
-# CONFIG_RTC_DRV_PCF8583 is not set
-# CONFIG_RTC_DRV_M41T80 is not set
-# CONFIG_RTC_DRV_BQ32K is not set
-# CONFIG_RTC_DRV_S35390A is not set
-# CONFIG_RTC_DRV_FM3130 is not set
-# CONFIG_RTC_DRV_RX8010 is not set
-# CONFIG_RTC_DRV_RX8581 is not set
-# CONFIG_RTC_DRV_RX8025 is not set
-# CONFIG_RTC_DRV_EM3027 is not set
-# CONFIG_RTC_DRV_RV3028 is not set
-# CONFIG_RTC_DRV_RV3032 is not set
-# CONFIG_RTC_DRV_RV8803 is not set
-# CONFIG_RTC_DRV_SD3078 is not set

 #
 # SPI RTC drivers
 #
-CONFIG_RTC_I2C_AND_SPI=y

 #
 # SPI and I2C RTC drivers
 #
-# CONFIG_RTC_DRV_DS3232 is not set
-# CONFIG_RTC_DRV_PCF2127 is not set
-# CONFIG_RTC_DRV_RV3029C2 is not set
-# CONFIG_RTC_DRV_RX6110 is not set

 #
 # Platform RTC drivers
@@ -2404,20 +2175,62 @@ CONFIG_SYNC_FILE=y
 # CONFIG_CHROME_PLATFORMS is not set
 # CONFIG_MELLANOX_PLATFORM is not set
 CONFIG_SURFACE_PLATFORMS=y
-# CONFIG_SURFACE_3_POWER_OPREGION is not set
 # CONFIG_SURFACE_GPE is not set
 # CONFIG_SURFACE_PRO3_BUTTON is not set
-# CONFIG_X86_PLATFORM_DEVICES is not set
+CONFIG_X86_PLATFORM_DEVICES=y
+# CONFIG_ACPI_WMI is not set
+# CONFIG_ACERHDF is not set
+# CONFIG_ACER_WIRELESS is not set
+# CONFIG_AMD_PMF is not set
+# CONFIG_AMD_PMC is not set
+# CONFIG_ADV_SWBUTTON is not set
+# CONFIG_APPLE_GMUX is not set
+# CONFIG_ASUS_LAPTOP is not set
+# CONFIG_ASUS_WIRELESS is not set
+# CONFIG_X86_PLATFORM_DRIVERS_DELL is not set
+# CONFIG_FUJITSU_LAPTOP is not set
+# CONFIG_FUJITSU_TABLET is not set
+# CONFIG_GPD_POCKET_FAN is not set
+# CONFIG_HP_ACCEL is not set
+# CONFIG_WIRELESS_HOTKEY is not set
+# CONFIG_IBM_RTL is not set
+# CONFIG_SENSORS_HDAPS is not set
+# CONFIG_INTEL_SAR_INT1092 is not set
+# CONFIG_INTEL_PMC_CORE is not set
+
+#
+# Intel Speed Select Technology interface support
+#
+# CONFIG_INTEL_SPEED_SELECT_INTERFACE is not set
+# end of Intel Speed Select Technology interface support
+
+#
+# Intel Uncore Frequency Control
+#
+# CONFIG_INTEL_UNCORE_FREQ_CONTROL is not set
+# end of Intel Uncore Frequency Control
+
+# CONFIG_INTEL_PUNIT_IPC is not set
+# CONFIG_INTEL_RST is not set
+# CONFIG_INTEL_SMARTCONNECT is not set
+# CONFIG_INTEL_TURBO_MAX_3 is not set
+# CONFIG_INTEL_VSEC is not set
+# CONFIG_SAMSUNG_LAPTOP is not set
+# CONFIG_SAMSUNG_Q10 is not set
+# CONFIG_TOSHIBA_BT_RFKILL is not set
+# CONFIG_TOSHIBA_HAPS is not set
+# CONFIG_ACPI_CMPC is not set
+# CONFIG_PANASONIC_LAPTOP is not set
+# CONFIG_TOPSTAR_LAPTOP is not set
+# CONFIG_INTEL_IPS is not set
+# CONFIG_INTEL_SCU_PCI is not set
+# CONFIG_INTEL_SCU_PLATFORM is not set
+# CONFIG_SIEMENS_SIMATIC_IPC is not set
+# CONFIG_WINMATE_FM07_KEYS is not set
 # CONFIG_P2SB is not set
 CONFIG_HAVE_CLK=y
 CONFIG_HAVE_CLK_PREPARE=y
 CONFIG_COMMON_CLK=y
-# CONFIG_COMMON_CLK_MAX9485 is not set
-# CONFIG_COMMON_CLK_SI5341 is not set
-# CONFIG_COMMON_CLK_SI5351 is not set
-# CONFIG_COMMON_CLK_SI544 is not set
-# CONFIG_COMMON_CLK_CDCE706 is not set
-# CONFIG_COMMON_CLK_CS2000_CP is not set
 # CONFIG_XILINX_VCU is not set
 # CONFIG_HWSPINLOCK is not set

@@ -2573,7 +2386,7 @@ CONFIG_LIBNVDIMM=y
 # CONFIG_BTT is not set
 # CONFIG_DAX is not set
 CONFIG_NVMEM=y
-# CONFIG_NVMEM_SYSFS is not set
+CONFIG_NVMEM_SYSFS=y
 # CONFIG_NVMEM_RMEM is not set

 #
@@ -2674,7 +2487,7 @@ CONFIG_SYSFS=y
 CONFIG_ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y
 CONFIG_ARCH_HAS_GIGANTIC_PAGE=y
 # CONFIG_CONFIGFS_FS is not set
-CONFIG_EFIVAR_FS=m
+# CONFIG_EFIVAR_FS is not set
 # end of Pseudo filesystems

 # CONFIG_MISC_FILESYSTEMS is not set
@@ -2743,8 +2556,8 @@ CONFIG_IO_WQ=y
 #
 # CONFIG_KEYS is not set
 # CONFIG_SECURITY_DMESG_RESTRICT is not set
-# CONFIG_SECURITYFS is not set
-CONFIG_INTEL_TXT=y
+CONFIG_SECURITYFS=y
+# CONFIG_INTEL_TXT is not set
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_FORTIFY_SOURCE is not set
@@ -2821,7 +2634,7 @@ CONFIG_CRYPTO_SIMD=y
 #
 # Block ciphers
 #
-CONFIG_CRYPTO_AES=y
+# CONFIG_CRYPTO_AES is not set
 # CONFIG_CRYPTO_AES_TI is not set
 # CONFIG_CRYPTO_ARIA is not set
 # CONFIG_CRYPTO_BLOWFISH is not set
@@ -3205,7 +3018,6 @@ CONFIG_WQ_WATCHDOG=y
 # end of Scheduler Debugging

 # CONFIG_DEBUG_TIMEKEEPING is not set
-CONFIG_DEBUG_PREEMPT=y

 #
 # Lock Debugging (spinlocks, mutexes, etc...)
@@ -3294,8 +3106,8 @@ CONFIG_EARLY_PRINTK=y
 # CONFIG_DEBUG_TLBFLUSH is not set
 CONFIG_HAVE_MMIOTRACE_SUPPORT=y
 # CONFIG_X86_DECODER_SELFTEST is not set
-CONFIG_IO_DELAY_0X80=y
-# CONFIG_IO_DELAY_0XED is not set
+# CONFIG_IO_DELAY_0X80 is not set
+CONFIG_IO_DELAY_0XED=y
 # CONFIG_IO_DELAY_UDELAY is not set
 # CONFIG_IO_DELAY_NONE is not set
 # CONFIG_CPA_DEBUG is not set

Signed-off-by: Thierry Laurion <[email protected]>
…inux helper

librems vs mainline have:
- mei module not compiled in

- Streamline modules/linux Makefile helpers so that one asks on console for new Kconfig options to be y/n, another one to do olddefconfig (accept new defaults)
  - Exercice proves again that oldconfig exposes new things added into kernel by default as opposed to defconfig format.
- Add TCP Syn cookies to all linux configs (all boards add CDC tethering AFAIK. Add this protection by default)
- Remove unneeded network card drivers from librems common and unify
- Remove unneeded microsoft surface drivers from librems common and unify
- Remove WMI embedded Binary MOF driver CONFIG_WMI_BMOF
- Unify removed Kconfig options from x230 ported to 6.1.8 to librems common
- Verify qemu (AMD) changes working (note, there is clock source watchdog that would need to be investigated seperately for QEMU TCG mode, that is, not KVM)
- Review crypto backend requirements/unify once more
- Removed bunch of unused stuff under QEMU Q35 (AMD)

Q/A:
- CONFIG_RANDSTRUCT_NONE vs CONFIG_RANDSTRUCT_FULL? CONFIG_RANDSTRUCT_NONE now.
- CONFIG_LDISC_AUTOLOAD=y?
- CONFIG_PTP_1588_CLOCK_OPTIONAL=y?
- CONFIG_X86_THERMAL_VECTOR=y?
- ACPI-WMI (Windows Management Instrumentation) mapper device (PNP0C14) enabled by ACPI_VIDEO and depended by DRM drivers.
  - ACPI_VIDEO seems needed.
- CONFIG_INPUT_VIVALDIFMAP=y anabled by CONFIG_KEYBOARD_ATKBD (AT/PS2 Keyboard)

Signed-off-by: Thierry Laurion <[email protected]>
…atch for qemu board

Before commiting changes here, take nv41 linux config changes and save into patch file:
git diff > patch

Signed-off-by: Thierry Laurion <[email protected]>
…g but flashrom

Apply previous patch:
patch config/linux-qemu.config patch

Apply changes:
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm1 linux.modify_and_save_oldconfig_in_place

Review changes, build:
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm1

Run:
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=qemu-coreboot-whiptail-tpm1 run

Signed-off-by: Thierry Laurion <[email protected]>
…ack CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 default

Review changes with:
sudo git difftool -d ext4_orphan_kernel_bump

Signed-off-by: Thierry Laurion <[email protected]>
…NSOLE_LEGACY_ACCELERATION, required per coreboot->linux EFI compatible fb driven console. Turn off SURFACE

Signed-off-by: Thierry Laurion <[email protected]>
…ES=y otherwise cryptsetup luksOpen ops fails

Signed-off-by: Thierry Laurion <[email protected]>
…cation using kernel sysfs exposure

Signed-off-by: Thierry Laurion <[email protected]>
Use changes of branch to create patch:
sudo git diff ext4_orphan_kernel_bump > patch

patch content:
diff --git a/config/linux-qemu.config b/config/linux-qemu.config
index a660b1639a..c994ac5d7f 100644
--- a/config/linux-qemu.config
+++ b/config/linux-qemu.config
@@ -116,7 +116,7 @@ CONFIG_PREEMPT_NONE=y
 # CONFIG_PREEMPT_VOLUNTARY is not set
 # CONFIG_PREEMPT is not set
 # CONFIG_PREEMPT_DYNAMIC is not set
-# CONFIG_SCHED_CORE is not set
+CONFIG_SCHED_CORE=y

 #
 # CPU/Task time and stats accounting
@@ -633,7 +633,7 @@ CONFIG_SOFTIRQ_ON_OWN_STACK=y
 CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
 CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
 CONFIG_HAVE_EXIT_THREAD=y
-CONFIG_ARCH_MMAP_RND_BITS=28
+CONFIG_ARCH_MMAP_RND_BITS=32
 CONFIG_PAGE_SIZE_LESS_THAN_64KB=y
 CONFIG_PAGE_SIZE_LESS_THAN_256KB=y
 CONFIG_HAVE_OBJTOOL=y
@@ -773,14 +773,14 @@ CONFIG_SWAP=y
 # CONFIG_SLAB is not set
 CONFIG_SLUB=y
 # CONFIG_SLOB is not set
-CONFIG_SLAB_MERGE_DEFAULT=y
-# CONFIG_SLAB_FREELIST_RANDOM is not set
-# CONFIG_SLAB_FREELIST_HARDENED is not set
+# CONFIG_SLAB_MERGE_DEFAULT is not set
+CONFIG_SLAB_FREELIST_RANDOM=y
+CONFIG_SLAB_FREELIST_HARDENED=y
 # CONFIG_SLUB_STATS is not set
 CONFIG_SLUB_CPU_PARTIAL=y
 # end of SLAB allocator options

-# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set
+CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
 # CONFIG_COMPAT_BRK is not set
 CONFIG_SPARSEMEM=y
 CONFIG_SPARSEMEM_EXTREME=y
@@ -1570,7 +1570,7 @@ CONFIG_HW_CONSOLE=y
 CONFIG_VT_HW_CONSOLE_BINDING=y
 CONFIG_UNIX98_PTYS=y
 # CONFIG_LEGACY_PTYS is not set
-CONFIG_LDISC_AUTOLOAD=y
+# CONFIG_LDISC_AUTOLOAD is not set

 #
 # Serial drivers
@@ -2851,7 +2851,7 @@ CONFIG_SECURITYFS=y
 # CONFIG_INTEL_TXT is not set
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
 # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
@@ -2869,8 +2869,8 @@ CONFIG_INIT_STACK_NONE=y
 # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
 # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set
 # CONFIG_GCC_PLUGIN_STACKLEAK is not set
-# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
-# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
+CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
+CONFIG_INIT_ON_FREE_DEFAULT_ON=y
 # end of Memory initialization

 CONFIG_RANDSTRUCT_NONE=y
@@ -3287,7 +3287,12 @@ CONFIG_CC_HAS_KASAN_GENERIC=y
 CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y
 # CONFIG_KASAN is not set
 CONFIG_HAVE_ARCH_KFENCE=y
-# CONFIG_KFENCE is not set
+CONFIG_KFENCE=y
+CONFIG_KFENCE_SAMPLE_INTERVAL=100
+CONFIG_KFENCE_NUM_OBJECTS=255
+# CONFIG_KFENCE_DEFERRABLE is not set
+# CONFIG_KFENCE_STATIC_KEYS is not set
+CONFIG_KFENCE_STRESS_TEST_FAULTS=0
 CONFIG_HAVE_ARCH_KMSAN=y
 # end of Memory Debugging

Signed-off-by: Thierry Laurion <[email protected]>
Patch all linux configs:
find config/linux* | grep -v qemu |  while read config; do patch $config patch; done

Save all configs in oldefconfig format (unattended, can be used in loop):
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest
find ./boards/* -type d | awk -F "/" {'print $3'} | sort | uniq | while read board; do make BOARD=$board linux.save_in_oldconfig_format_in_place; done

Signed-off-by: Thierry Laurion <[email protected]>
@tlaurion tlaurion marked this pull request as draft October 20, 2024 15:49
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aluciani for the sake of this PR changes, I think reviewing and commenting changes directly under config/linux-nitropad-x.config as comments would facilitate progress on this PR.

@@ -115,7 +115,7 @@ CONFIG_PREEMPT_NONE=y
# CONFIG_PREEMPT_VOLUNTARY is not set
# CONFIG_PREEMPT is not set
# CONFIG_PREEMPT_DYNAMIC is not set
# CONFIG_SCHED_CORE is not set

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enables core scheduler to enhanced process scheduling
KSPP : Make scheduler aware of SMT Cores. Program needs to opt-in to using this feature with prctl(PR_SCHED_CORE).

@@ -586,7 +586,7 @@ CONFIG_SOFTIRQ_ON_OWN_STACK=y
CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
CONFIG_HAVE_EXIT_THREAD=y
CONFIG_ARCH_MMAP_RND_BITS=28
Copy link

@aluciani aluciani Oct 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Increases ASLR entropy for mmap allocations, improving security against memory-based attacks.
From 28 to 32

@@ -717,14 +717,14 @@ CONFIG_BINFMT_SCRIPT=y
# CONFIG_SLAB is not set
CONFIG_SLUB=y
# CONFIG_SLOB is not set
CONFIG_SLAB_MERGE_DEFAULT=y

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merging slabs can potentially lead to memory reuse vulnerabilities if a freed slab is reused without proper sanitization.
KSPP : Make cross-slab heap attacks not as trivial when object sizes are the same. (Same as slab_nomerge boot param.)

# CONFIG_SLAB_FREELIST_RANDOM is not set
# CONFIG_SLAB_FREELIST_HARDENED is not set
# CONFIG_SLAB_MERGE_DEFAULT is not set
CONFIG_SLAB_FREELIST_RANDOM=y

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Randomizes the order of the freelist in the slab allocator.
KSPP : Randomize allocator freelists, harden metadata.

# CONFIG_SLAB_FREELIST_HARDENED is not set
# CONFIG_SLAB_MERGE_DEFAULT is not set
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Harden the slab allocator’s freelist to protect against heap-based attacks.
KSPP : Randomize allocator freelists, harden metadata.

@@ -2818,7 +2811,7 @@ CONFIG_SECURITYFS=y
# CONFIG_INTEL_TXT is not set
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HARDENED_USERCOPY=y
# CONFIG_FORTIFY_SOURCE is not set
CONFIG_FORTIFY_SOURCE=y

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adds protections against buffer overflows.
KSPP : Check for memory copies that might overflow a structure in str*() and mem*() functions both at build-time and run-time.

@@ -2836,8 +2829,8 @@ CONFIG_INIT_STACK_NONE=y
# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set
# CONFIG_GCC_PLUGIN_STACKLEAK is not set
# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initializes memory to a default value upon allocation.
Ensures that newly allocated memory does not contain residual data from previous allocations.
KSPP : Wipe slab and page allocations (since v5.3)

# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
CONFIG_INIT_ON_FREE_DEFAULT_ON=y

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initializes memory to a default value upon allocation.
Prevents Information Leakage.
KSPP : Wipe slab and page allocations (since v5.3), The init_on_free is only needed if there is concern about minimizing stale data lifetime.

@@ -3242,7 +3235,12 @@ CONFIG_CC_HAS_KASAN_GENERIC=y
CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y
# CONFIG_KASAN is not set
CONFIG_HAVE_ARCH_KFENCE=y
# CONFIG_KFENCE is not set
CONFIG_KFENCE=y

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enables a kernel feature for detecting use-after-free and other memory safety issues.
KSPP : Enable sampling-based overflow detection (since v5.12). This is similar to KASAN coverage, but with almost zero runtime overhead.

@@ -3242,7 +3235,12 @@ CONFIG_CC_HAS_KASAN_GENERIC=y
CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y
# CONFIG_KASAN is not set
CONFIG_HAVE_ARCH_KFENCE=y
# CONFIG_KFENCE is not set
CONFIG_KFENCE=y
CONFIG_KFENCE_SAMPLE_INTERVAL=100

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sets the sampling interval for KFENCE to 100, determining how frequently memory allocations are checked.
Recommendation of KSPP

@aluciani
Copy link

We might also want to reduce the CONFIG_BLK_DEV_LOOP_MIN_COUNT from 8 to 2.
Each block is around 256 (up to 512) bytes (please correct me if I'm wrong), so
8 * 256 = 2048 bytes
2 * 256 = 512 bytes
Worth the space.

I wanted to reduce the value of CONFIG_NR_CPUS for the same reason, each supported CPU adds 8KB, so :
For 32 CPUs: 32 CPUs×8192 bytes/CPU =262,144 bytes (≈256KB)
For 24 CPUs: 24 CPUs×8192  bytes/CPU =196,608 bytes (≈192KB)
Memory Savings:
262,144bytes−196,608bytes=65,536bytes(≈64KB)

But I understand that it will be a pain to update every linux configuration for every card every time.

@aluciani
Copy link

The kernel-hardening-checker also talks about CFI, I think it would also be a plus to have it, but I think it would slow head down too much.
CONFIG_CFI_AUTO_DEFAULT

@aluciani
Copy link

@aluciani this is nice exercise. Wondering if https://github.com/a13xp0p0v/kernel-hardening-checker should be added under nix docker image and some self-test should be added in CI in long term to make those checks automatic and warn of security regressions, somehow.

#1816 (comment)

The tool is good and complete. But the problem is that it has a lot of checks, most of which don't apply here.The ones suggested here are in the minority.
I don't know if integrating it into nix is a good idea. Or it could be for a limited number of configurations.

@aluciani
Copy link

Seccomp, Stack Leak Protection, and Strict Memory Access could also be enable with thoses parameters :

  • CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER to enhance security by enabling syscall filtering.
  • Switch to CONFIG_EFI_DISABLE_PCI_DMA for better PCI DMA security in EFI environments.
  • Switch IOMMU default behavior to strict mode with CONFIG_IOMMU_DEFAULT_DMA_STRICT to enforce stricter DMA rules.
  • CONFIG_SECURITY_DMESG_RESTRICT to limit access to kernel messages and reduce attack surface.
  • CONFIG_STRICT_DEVMEM and CONFIG_IO_STRICT_DEVMEM to restrict access to /dev/mem and prevent unintended access to hardware memory.

@tlaurion
Copy link
Collaborator Author

tlaurion commented Oct 29, 2024

A quick reminder that Heads is a controlled flow environment, GUI based where user input are related to secret provisioning.

Other areas criticized for Heads are filesystem parsing/mounting where not much more can be done then print_tree sanitization in code right now, where luks/ext3/ext4/exfat is a bit out of reach of further sanitization as of now. Also noted that Heads parses syslinux/grub configs, where some additional sanitization could happen, with opened issues.

I'm open to further kernel hardening, but Heads use case of kernel needs to be understood. Across platforms, different uses of sysfs and devmem happens, where "ultimate lockdown" is currently optional : that is Authenticated wall guarded recovery shell access + usb boot with USB Security dongle (something you have and something you know: its GPG User PIN to detach sign + verify detached signature with public key fused inside of Heads measured boot public key).

We could tune kernel further more, but corner case impact will be discovered only with extensive testing, which is to be dodged for ease of maintainability and generalization of kernel config across all boards.

@aluciani what additional prevention is thought to be added by hardening further more the kernel with your past comment?

@tlaurion
Copy link
Collaborator Author

tlaurion commented Oct 29, 2024

Seccomp, Stack Leak Protection, and Strict Memory Access could also be enable with thoses parameters :

  • CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER to enhance security by enabling syscall filtering.

I don't see why not, but might cause problems in corner cases.

  • Switch to CONFIG_EFI_DISABLE_PCI_DMA for better PCI DMA security in EFI environments.

I see possible problems, would need extensive testing (coreboot fb -> efifb basic 2d fb prior of final OS doing drm+3d modules loading and own graphic card on its own with kexec passing coreboot fb to final OS)

  • Switch IOMMU default behavior to strict mode with CONFIG_IOMMU_DEFAULT_DMA_STRICT to enforce stricter DMA rules.

Same as above for same reasoning

  • CONFIG_SECURITY_DMESG_RESTRICT to limit access to kernel messages and reduce attack surface.

I don't see interest, Heads is single root user where dmesg is used to even dump debug info to be outputted under /tmp/debug.log if put in TRACE+DEBUG mode through config settings to understand what Heads does. No go.

  • CONFIG_STRICT_DEVMEM and CONFIG_IO_STRICT_DEVMEM to restrict access to /dev/mem and prevent unintended access to hardware memory.

I see problems here as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants