> The MediaTek protocol support enables firmware download support and chip initialization for MediaTek Bluetooth USB controllers.
Necessary to make Bluetooth work on some MediaTek controllers.
Core scheduling is a recent innovation in newer kernels to help run
certain untrusted compute workloads more safely in the face of
vulnerabilities like Spectre. In short: it lets processes assign a
unique "cookie" to some group of processes to indicate they are allowed
to be scheduled together on the same SMT-capable core. This helps
mitigate attacks that rely on observing usage of CPU execution units by
cohabitated threads.
Some extra details are available via Linux Weekly News:
"Core scheduling lands in 5.14", https://lwn.net/Articles/861251/
Signed-off-by: Austin Seipp <aseipp@pobox.com>
After linux 5.14.11 FB_SIMPLE conflicts with DRM_SIMPLEDRM, which
will fail configuration, when DRM_SIMPLEDRM is configured as a module
and FB_SIMPLE gets requested as builtin.
Do not enable DRM_SIMPLEDRM as a temporary workaround, until good
enough migration path is found.
Initrd loader is not enabled by default in some aarch64 kernels,
which makes systemd-boot booted kernels fail by default, add this
everywhere, since this is a sane default even when it's already in
some kernel defaults.
BTF is a new, lightweight debug information format tailored specifically
for the needs of eBPF, allowing eBPF programs to be portable across
various kernel versions, configurations and distributions. This is used
by bpftrace and lots of new eBPF-based tooling to avoid a dependency
on LLVM on the host.
BTF debug information is enabled on all major distributions: Fedora 31+,
RHEL 8.2+, Ubuntu 20.10, Debian 11 and ArchLinux all have enabled it.
Enabling BTF debug information requires adding two new dependencies to
the kernel build: Python3 and pahole. Those will be used to generate the
BTF debugging information.
They were enabled in 5.4 but then removed. Let's enable them explicitly
here. To keep the version constraints simple, we match kernel >5.4 even
though some of them are available since 4.x.
LPAE was enabled to support native armv7l builders running in QEMU on aarch64,
but this option disables support for processors which don't support LPAE, which
are still relatively common. In particular, Beaglebones use the Cortex-A8, which
doesn't support LPAE.
Also, if you attempt to boot an LPAE kernel on a CPU that doesn't support it,
it fails before even earlycon is initialized. This makes the problem difficult
to debug without enabling CONFIG_DEBUG_LL or using a hardware debugger.
Turns VMware guest mouse support on in the kernel. This is needed for running Wayland and non-root X in a VMWare guest. In a pre-Wayland world the `xf86-input-vmmouse` userspace driver would have handled this for us. This allows the mouse to properly work in a vmware guest (for example it can now leave the vmware window).
See: https://github.com/vmware/open-vm-tools/issues/528
This option allows to use portions of the system RAM as block devices.
It was configured to 'y' (built-in, therefore not unloadable or
reconfigurable) and configured 16 4MB RAM disks which, to my knowledge,
currently have no purpose in NixOS.
Removing the option restores it to it's default value of 'm', which
enables it to be loaded at runtime (which is also required to be able to
change it's configuration without rebuilding the kernel).
Nixpkgs hasn't supported grsecurity kernels since 2017, so unless
anybody is manually enabling the grsecurity feature to make these
small kernel tweaks this is dead code.
This means we don't actually support any "features" in the kernel
common-config any more, but I've left the argument there because it's
conceivable we could have some again in future.
I don't think there's any reason to have a seperate kernel variant
because of this, with all the maintenance burden that imposes. Debian
and Fedora both enable all these options on their normal kernels.
Alias the Linux Xen attributes, so this change should be seemless for
people who were using the Xen kernels up to now.
All the Xen options are marked as optional anyway, so it should be
fine to try to enable them on non-x86 platforms as well.
Fixes: https://github.com/NixOS/nixpkgs/issues/115182
The parent commit forbids conflicting kernel config options.
Fix the hardened kernels by allowing options in common-config.nix to
be overridden by conflicting ones in hardened/config.nix.
I'm explicitly avoiding using a higher priority (e.g. using mkForce)
in hardened/config.nix so that the user can easily override the
options in that file.
