HardenedBSD/sys/amd64/conf/MINIMAL

#
# MINIMAL -- Mostly Minimal kernel configuration file for FreeBSD/amd64
#
# Many definitions of minimal are possible. The one this file follows is
# GENERIC, minus all functionality that can be replaced by loading kernel
# modules.
#
# Exceptions:
# o (non-loaded) random is included due to uncertainty...
# o Many networking things are included
#
# For now, please run changes to these list past imp@freebsd.org
#
# For more information on this file, please read the config(5) manual page,
# and/or the handbook section on Kernel Configuration Files:
#
#    https://docs.freebsd.org/en/books/handbook/kernelconfig/#kernelconfig-config
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (https://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ../../conf/NOTES and NOTES files.
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#

cpu		HAMMER
ident		MINIMAL

makeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols
makeoptions	WITH_CTF=1		# Run ctfconvert(1) for DTrace support

options 	SCHED_ULE		# ULE scheduler
options 	NUMA			# Non-Uniform Memory Architecture support
options 	PREEMPTION		# Enable kernel thread preemption
options 	VIMAGE			# Subsystem virtualization, e.g. VNET
options 	INET			# InterNETworking
options 	INET6			# IPv6 communications protocols
options 	TCP_OFFLOAD		# TCP offload
options 	SCTP_SUPPORT		# Allow kldload of SCTP
options 	SOFTUPDATES		# Enable FFS soft updates support
options 	UFS_ACL			# Support for access control lists
options 	UFS_DIRHASH		# Improve performance on big directories
options 	UFS_GJOURNAL		# Enable gjournal-based UFS journaling
options 	QUOTA			# Enable disk quotas for UFS
options 	MD_ROOT			# MD is a potential root device
options 	GEOM_LABEL		# Provides labelization
options 	COMPAT_FREEBSD32	# Compatible with i386 binaries
options 	COMPAT_FREEBSD10	# Compatible with FreeBSD10
options 	COMPAT_FREEBSD11	# Compatible with FreeBSD11
options 	COMPAT_FREEBSD12	# Compatible with FreeBSD12
options 	COMPAT_FREEBSD13	# Compatible with FreeBSD13
options 	COMPAT_FREEBSD14	# Compatible with FreeBSD14
options 	SCSI_DELAY=5000		# Delay (in ms) before probing SCSI
options 	KTRACE			# ktrace(1) support
options 	STACK			# stack(9) support
options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options 	PRINTF_BUFR_SIZE=128	# Prevent printf output being interspersed.
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
options 	AUDIT			# Security event auditing
options 	CAPABILITY_MODE		# Capsicum capability mode
options 	CAPABILITIES		# Capsicum capabilities
options 	MAC			# TrustedBSD MAC Framework
options 	KDTRACE_FRAME		# Ensure frames are compiled in
options 	KDTRACE_HOOKS		# Kernel DTrace hooks
options 	DDB_CTF			# Kernel ELF linker loads CTF data
options 	INCLUDE_CONFIG_FILE	# Include this file in kernel

# Debugging support.  Always need this:
options 	KDB			# Enable kernel debugger support.
options 	KDB_TRACE		# Print a stack trace for a panic.
# For full debugger support use (turn off in stable branch):
include "std.debug"

# Make an SMP-capable kernel by default
options 	SMP			# Symmetric MultiProcessor Kernel

# CPU frequency control
device		cpufreq

# Bus support.
device		acpi
options 	IOMMU
device		pci

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc			# AT keyboard controller
device		atkbd			# AT keyboard
device		psm			# PS/2 mouse

device		kbdmux			# keyboard multiplexer

# syscons is the legacy console driver, resembling an SCO console
device		vga			# VGA video card driver
device		splash			# Splash screen and screen saver support
device		sc
options 	SC_PIXEL_MODE		# add support for the raster text mode

# vt is the default video console driver
device		vt
device		vt_vga
device		vt_efifb
device		vt_vbefb

device		agp			# support several AGP chipsets

# Serial (COM) ports
device		uart			# Generic UART driver

# Pseudo devices.
device		loop			# Network loopback
device		padlock_rng		# VIA Padlock RNG
device		rdrand_rng		# Intel Bull Mountain RNG
device		ether			# Ethernet support

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device		bpf			# Berkeley packet filter

# VirtIO support
device		virtio			# Generic VirtIO bus (required)
device		virtio_pci		# VirtIO PCI device
device		vtnet			# VirtIO Ethernet device
device		virtio_blk		# VirtIO Block device
device		virtio_balloon		# VirtIO Memory Balloon device

# Linux KVM paravirtualization support
device		kvm_clock		# KVM paravirtual clock driver

# Xen HVM Guest Optimizations
# NOTE: XENHVM depends on xenpci and xentimer.
# They must be added or removed together.
options 	XENHVM			# Xen HVM kernel infrastructure
device		xenefi			# Xen EFI timer device
device		xenpci			# Xen HVM Hypervisor services driver
device		xentimer		# Xen x86 PV timer device

# evdev interface
options 	EVDEV_SUPPORT		# evdev support in legacy drivers
device		evdev			# input event device support
device		uinput			# install /dev/uinput cdev

# NVM Express (NVMe) support
device		nvme			# base NVMe driver

# ATA controllers
device		ahci			# AHCI-compatible SATA controllers

# CAM
device		scbus			# SCSI bus (required for ATA/SCSI)
device		da			# Direct Access (disks)
device		cd			# CD
device		pass			# Passthrough device (direct ATA/SCSI access)