blob: 224e0aeeb71c5102a1dcb1084a47a4f85798d3c9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
#
# SECURITY items
#
# Ensure this option is enabled.
value CONFIG_COMPAT_BRK n
value CONFIG_DEVKMEM n
value CONFIG_LSM_MMAP_MIN_ADDR 0
value CONFIG_SECURITY y
!exists CONFIG_SECURITY_FILE_CAPABILITIES | value CONFIG_SECURITY_FILE_CAPABILITIES y
value CONFIG_SECURITY_SELINUX y
value CONFIG_SECURITY_SMACK y
value CONFIG_SECURITY_YAMA y
value CONFIG_SYN_COOKIES y
value CONFIG_DEFAULT_SECURITY_APPARMOR y
# For architectures which support this option ensure it is enabled.
!exists CONFIG_SECCOMP | value CONFIG_SECCOMP y
!exists CONFIG_CC_STACKPROTECTOR | value CONFIG_CC_STACKPROTECTOR y
!exists CONFIG_DEBUG_RODATA | value CONFIG_DEBUG_RODATA y
!exists CONFIG_STRICT_DEVMEM | value CONFIG_STRICT_DEVMEM y
# For architectures which support this option ensure it is disabled.
!exists CONFIG_COMPAT_VDSO | value CONFIG_COMPAT_VDSO n
# Default to 32768 for armel, 65536 for everything else.
( arch armel & value CONFIG_DEFAULT_MMAP_MIN_ADDR 32768 ) | \
( value CONFIG_DEFAULT_MMAP_MIN_ADDR 65536)
# CONFIG_USB_DEVICE_FS breaks udev USB firmware loading and is deprecated
# ensure it is disabled.
value CONFIG_USB_DEVICEFS n
# upstart requires DEVTMPFS be enabled and mounted by default.
value CONFIG_DEVTMPFS y
value CONFIG_DEVTMPFS_MOUNT y
# some /dev nodes require POSIX ACLs, like /dev/dsp
value CONFIG_TMPFS_POSIX_ACL y
# Ramdisk size should be a minimum of 64M
value CONFIG_BLK_DEV_RAM_SIZE 65536
# LVM requires dm_mod built in to activate correctly (LP: #560717)
value CONFIG_BLK_DEV_DM y
# sysfs: ensure all DEPRECATED items are off
!exists CONFIG_SYSFS_DEPRECATED_V2 | value CONFIG_SYSFS_DEPRECATED_V2 n
!exists CONFIG_SYSFS_DEPRECATED | value CONFIG_SYSFS_DEPRECATED n
# automatically add local version will cause packaging failure
value CONFIG_LOCALVERSION_AUTO n
# provide framebuffer console form the start
# UbuntuSpec:foundations-m-grub2-boot-framebuffer
value CONFIG_FRAMEBUFFER_CONSOLE y
# GRUB changes will rely on built in vesafb on x86,
# UbuntuSpec:foundations-m-grub2-boot-framebuffer
(( arch i386 | arch amd64 ) & value CONFIG_FB_VESA y) | \
value CONFIG_FB_VESA m | !exists CONFIG_FB_VESA
# Build in uinput module so that it's always available (LP: 584812)
value CONFIG_INPUT_UINPUT y
# upstart relies on getting all of the kernel arguments
value CONFIG_INIT_PASS_ALL_PARAMS y
# Enabling CONFIG_IMA is vastly expensive, ensure it is off
value CONFIG_IMA n
# Ensure CONFIG_INTEL_IDLE is turned off for -virtual.
!exists CONFIG_INTEL_IDLE | \
(flavour virtual & value CONFIG_INTEL_IDLE n) | \
value CONFIG_INTEL_IDLE y
# Ensure CONFIG_IPV6 is y, if this is a module we get a module load for
# every ipv6 packet, bad.
value CONFIG_IPV6 y
value CONFIG_PRINTK_TIME y
# CONFIG_PM is broken on s5pv310 (now exynos4) so don't enforce CONFIG_PM_DEBUG for the moment
value CONFIG_ARCH_EXYNOS4 y | value CONFIG_PM_DEBUG y
value CONFIG_ARCH_EXYNOS4 y | value CONFIG_PM_ADVANCED_DEBUG y
# LINARO kernels should be able to boot with a BTRFS rootfs without an initrd
value CONFIG_BTRFS_FS y
value CONFIG_LIBCRC32C y
# LINARO kernels should have TIMER_STATS on (LP: 718677)
value CONFIG_TIMER_STATS y
# LINARO kernels should have basic profiling and tracing options on (LP: 764796)
value CONFIG_PROFILING y
value CONFIG_PERF_EVENTS y
value CONFIG_HW_PERF_EVENTS y
value CONFIG_FTRACE y
value CONFIG_ENABLE_DEFAULT_TRACERS y | value CONFIG_GENERIC_TRACER y
value CONFIG_HIGH_RES_TIMERS y
# LINARO kernels should be able to boot with any EXT rootfs without an initrd
value CONFIG_EXT2_FS y
value CONFIG_EXT3_FS y
value CONFIG_EXT4_FS y
|
