mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-26 02:20:51 +01:00
c363b16c63
Remove 'device random' from kernel configurations that reference it (most). Replace perhaps mistaken 'nodevice random' in two MIPS configs with 'options RANDOM_LOADABLE' instead. Document removal in UPDATING; update NOTES and random.4. Reviewed by: delphij, markm (previous version) Approved by: secteam(delphij) Differential Revision: https://reviews.freebsd.org/D19918
156 lines
5.9 KiB
Plaintext
156 lines
5.9 KiB
Plaintext
#
|
|
# MINIMAL -- Mostly Minimal kernel configuration file for FreeBSD/i386
|
|
#
|
|
# Many definitions of minimal are possible. The one this file follows is
|
|
# GENERIC, minus all functionality that can be replaced by loading kernel
|
|
# modules.
|
|
#
|
|
# Exceptions:
|
|
# o While UFS is buildable as a module, the current module lacks
|
|
# some features (ACL, GJOURNAL) that GENERIC includes.
|
|
# o acpi as a module has been reported flakey and not well tested, so
|
|
# is included in the kernel.
|
|
# o (non-loaded) random is included due to uncertainty...
|
|
# o Many networking things are included
|
|
#
|
|
# For now, please run changes to these list past imp@freebsd.org
|
|
#
|
|
# For more information on this file, please read the config(5) manual page,
|
|
# and/or the handbook section on Kernel Configuration Files:
|
|
#
|
|
# https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
|
|
#
|
|
# The handbook is also available locally in /usr/share/doc/handbook
|
|
# if you've installed the doc distribution, otherwise always see the
|
|
# FreeBSD World Wide Web server (https://www.FreeBSD.org/) for the
|
|
# latest information.
|
|
#
|
|
# An exhaustive list of options and more detailed explanations of the
|
|
# device lines is also present in the ../../conf/NOTES and NOTES files.
|
|
# If you are in doubt as to the purpose or necessity of a line, check first
|
|
# in NOTES.
|
|
#
|
|
# $FreeBSD$
|
|
|
|
cpu I486_CPU
|
|
cpu I586_CPU
|
|
cpu I686_CPU
|
|
ident MINIMAL
|
|
|
|
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
|
|
makeoptions WITH_CTF=1 # Run ctfconvert(1) for DTrace support
|
|
|
|
options SCHED_ULE # ULE scheduler
|
|
options PREEMPTION # Enable kernel thread preemption
|
|
options INET # InterNETworking
|
|
options INET6 # IPv6 communications protocols
|
|
options TCP_OFFLOAD # TCP offload
|
|
options SCTP # Stream Control Transmission Protocol
|
|
options FFS # Berkeley Fast Filesystem
|
|
options SOFTUPDATES # Enable FFS soft updates support
|
|
options UFS_ACL # Support for access control lists
|
|
options UFS_DIRHASH # Improve performance on big directories
|
|
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
|
|
options QUOTA # Enable disk quotas for UFS
|
|
options MD_ROOT # MD is a potential root device
|
|
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
|
|
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
|
|
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
|
|
options COMPAT_FREEBSD7 # Compatible with FreeBSD7
|
|
options COMPAT_FREEBSD9 # Compatible with FreeBSD9
|
|
options COMPAT_FREEBSD10 # Compatible with FreeBSD10
|
|
options COMPAT_FREEBSD11 # Compatible with FreeBSD11
|
|
options COMPAT_FREEBSD12 # Compatible with FreeBSD12
|
|
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
|
|
options KTRACE # ktrace(1) support
|
|
options STACK # stack(9) support
|
|
options SYSVSHM # SYSV-style shared memory
|
|
options SYSVMSG # SYSV-style message queues
|
|
options SYSVSEM # SYSV-style semaphores
|
|
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
|
|
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
|
|
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
|
|
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
|
|
options AUDIT # Security event auditing
|
|
options CAPABILITY_MODE # Capsicum capability mode
|
|
options CAPABILITIES # Capsicum capabilities
|
|
options MAC # TrustedBSD MAC Framework
|
|
options KDTRACE_FRAME # Ensure frames are compiled in
|
|
options KDTRACE_HOOKS # Kernel DTrace hooks
|
|
options DDB_CTF # Kernel ELF linker loads CTF data
|
|
options INCLUDE_CONFIG_FILE # Include this file in kernel
|
|
|
|
# Debugging support. Always need this:
|
|
options KDB # Enable kernel debugger support.
|
|
options KDB_TRACE # Print a stack trace for a panic.
|
|
# For full debugger support use (turn off in stable branch):
|
|
options DDB # Support DDB.
|
|
options GDB # Support remote GDB.
|
|
options DEADLKRES # Enable the deadlock resolver
|
|
options INVARIANTS # Enable calls of extra sanity checking
|
|
options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS
|
|
options WITNESS # Enable checks to detect deadlocks and cycles
|
|
options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed
|
|
options MALLOC_DEBUG_MAXZONES=8 # Separate malloc(9) zones
|
|
options VERBOSE_SYSINIT=0 # Support debug.verbose_sysinit, off by default
|
|
|
|
# Make an SMP-capable kernel by default
|
|
options SMP # Symmetric MultiProcessor Kernel
|
|
options EARLY_AP_STARTUP
|
|
device apic
|
|
|
|
# CPU frequency control
|
|
device cpufreq
|
|
|
|
# Bus support.
|
|
device acpi
|
|
options ACPI_DMAR
|
|
device pci
|
|
|
|
# atkbdc0 controls both the keyboard and the PS/2 mouse
|
|
device atkbdc # AT keyboard controller
|
|
device atkbd # AT keyboard
|
|
device psm # PS/2 mouse
|
|
|
|
device kbdmux # keyboard multiplexer
|
|
|
|
device vga # VGA video card driver
|
|
options VESA # Add support for VESA BIOS Extensions (VBE)
|
|
|
|
device splash # Splash screen and screen saver support
|
|
|
|
# syscons is the default console driver, resembling an SCO console
|
|
device sc
|
|
options SC_PIXEL_MODE # add support for the raster text mode
|
|
|
|
# vt is the new video console driver
|
|
device vt
|
|
device vt_vga
|
|
device vt_efifb
|
|
|
|
device agp # support several AGP chipsets
|
|
|
|
# Pseudo devices.
|
|
device loop # Network loopback
|
|
device padlock_rng # VIA Padlock RNG
|
|
device rdrand_rng # Intel Bull Mountain RNG
|
|
device ether # Ethernet support
|
|
device vlan # 802.1Q VLAN support
|
|
device tuntap # Packet tunnel.
|
|
device gif # IPv6 and IPv4 tunneling
|
|
|
|
# The `bpf' device enables the Berkeley Packet Filter.
|
|
# Be aware of the administrative consequences of enabling this!
|
|
# Note that 'bpf' is required for DHCP.
|
|
device bpf # Berkeley packet filter
|
|
|
|
# Xen HVM Guest Optimizations
|
|
# NOTE: XENHVM depends on xenpci. They must be added or removed together.
|
|
options XENHVM # Xen HVM kernel infrastructure
|
|
device xenpci # Xen HVM Hypervisor services driver
|
|
|
|
# evdev interface
|
|
options EVDEV_SUPPORT # evdev support in legacy drivers
|
|
device evdev # input event device support
|
|
device uinput # install /dev/uinput cdev
|