This repository has been archived by the owner on Aug 30, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 93
/
Copy pathconform_config_jamesachambers.sh
274 lines (245 loc) · 9.99 KB
/
conform_config_jamesachambers.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
#!/bin/bash
#
set -e
set -u
shopt -s nullglob
# Utility functions
set_kernel_config() {
# flag as $1, value to set as $2, config must exist at "./.config"
local TGT="CONFIG_${1#CONFIG_}"
local REP="${2//\//\\/}"
if grep -q "^${TGT}[^_]" .config; then
sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
else
echo "${TGT}=${2}" >> .config
fi
}
unset_kernel_config() {
# unsets flag with the value of $1, config must exist at "./.config"
local TGT="CONFIG_${1#CONFIG_}"
sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
}
# Custom config settings follow
# Ceph / RBD
set_kernel_config CONFIG_CEPH_FSCACHE y
set_kernel_config CONFIG_CEPH_FS m
set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
set_kernel_config CONFIG_CEPH_LIB m
set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
set_kernel_config CONFIG_CEPH_LIB_PRETTYDEBUG y
set_kernel_config CONFIG_FSCACHE m
set_kernel_config CONFIG_FSCACHE_STATS y
set_kernel_config CONFIG_LIBCRC32C m
set_kernel_config CONFIG_BLK_DEV_RBD m
# CPU bandwidth provisioning for FAIR_GROUP_SCHED
set_kernel_config CONFIG_CFS_BANDWIDTH y
# Stream parsing
set_kernel_config CONFIG_STREAM_PARSER y
set_kernel_config CONFIG_BPF_STREAM_PARSER y
set_kernel_config CONFIG_BPF_LIRC_MODE2 y
# XDP sockets
set_kernel_config CONFIG_XDP_SOCKETS y
# NF Tables / NAT settings
set_kernel_config CONFIG_NF_TABLES_INET y
set_kernel_config CONFIG_NF_TABLES_IPV4 y
set_kernel_config CONFIG_NF_TABLES_IPV6 y
set_kernel_config CONFIG_NF_TABLES_NETDEV y
set_kernel_config CONFIG_NF_TABLES_ARP y
set_kernel_config CONFIG_NF_TABLES_BRIDGE y
set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
set_kernel_config CONFIG_NF_NAT_REDIRECT y
# Enable ARM kernel workarounds
set_kernel_config CONFIG_ARM64_WORKAROUND_CLEAN_CACHE y
set_kernel_config CONFIG_ARM64_WORKAROUND_REPEAT_TLBI y
set_kernel_config CONFIG_ARM64_ERRATUM_834220 y
set_kernel_config CONFIG_ARM64_ERRATUM_1418040 y
set_kernel_config CONFIG_ARM64_ERRATUM_1165522 y
set_kernel_config CONFIG_ARM64_ERRATUM_1286807 y
# Default power mode
unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
# HDMI CRC
set_kernel_config CONFIG_MEDIA_CEC_RC n
set_kernel_config SMS_SIANO_RC n
# Enable kernel audit
set_kernel_config CONFIG_AUDIT y
set_kernel_config CONFIG_HAVE_ARCH_AUDITSYSCALL y
set_kernel_config CONFIG_AUDITSYSCALL y
set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
# Enable YAMA/Ptrace
set_kernel_config CONFIG_SECURITY_YAMA y
# Crypto
set_kernel_config CONFIG_CRYPTO_ENGINE m
set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
set_kernel_config CONFIG_CRYPTO_SHA2_ARM64_CE m
set_kernel_config CONFIG_CRYPTO_GHASH_ARM64_CE m
set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM m
set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK m
set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
# Security
set_kernel_config CONFIG_PERSISTENT_KEYRINGS y
set_kernel_config CONFIG_BIG_KEYS y
set_kernel_config CONFIG_TRUSTED_KEYS y
set_kernel_config CONFIG_ENCRYPTED_KEYS y
set_kernel_config CONFIG_SECURITY y
set_kernel_config CONFIG_IP_NF_SECURITY m
set_kernel_config CONFIG_IP6_NF_SECURITY m
set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
set_kernel_config CONFIG_SECURITY_NETWORK y
set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
set_kernel_config CONFIG_SECURITY_PATH y
set_kernel_config CONFIG_SECURITY_SELINUX n
#set_kernel_config CONFIG_SECURITY_SELINUX_BOOTPARAM y
#set_kernel_config CONFIG_SECURITY_SELINUX_DISABLE y
#set_kernel_config CONFIG_SECURITY_SELINUX_DEVELOP y
#set_kernel_config CONFIG_SECURITY_SELINUX_AVC_STATS y
#set_kernel_config CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE 0
#unset_kernel_config CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE
set_kernel_config CONFIG_SECURITY_APPARMOR y
set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 1
set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTVALUE 1
set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
set_kernel_config CONFIG_SECURITY_LOADPIN n
set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
set_kernel_config CONFIG_INTEGRITY n
set_kernel_config CONFIG_SECURITY_SMACK n
set_kernel_config CONFIG_SECURITY_TOMOYO n
set_kernel_config CONFIG_SECURITY_LOADPIN n
# Performance
set_kernel_config CONFIG_ARM64_PMEM y
set_kernel_config CONFIG_CGROUP_PERF y
set_kernel_config CONFIG_ARM64_CNP y
set_kernel_config CONFIG_ARM64_PTR_AUTH y
set_kernel_config CONFIG_ARM64_PSEUDO_NMI y
set_kernel_config CONFIG_RELOCATABLE y
set_kernel_config CONFIG_RANDOMIZE_BASE y
set_kernel_config CONFIG_RANDOMIZE_MODULE_REGION_FULL y
set_kernel_config CONFIG_CC_HAVE_STACKPROTECTOR_SYSREG y
set_kernel_config CONFIG_STACKPROTECTOR_PER_TASK y
set_kernel_config CONFIG_ARCH_INLINE_SPIN_TRYLOCK y
set_kernel_config CONFIG_ARCH_INLINE_SPIN_TRYLOCK_BH y
set_kernel_config CONFIG_ARCH_INLINE_SPIN_LOCK y
set_kernel_config CONFIG_ARCH_INLINE_SPIN_LOCK_BH y
set_kernel_config CONFIG_ARCH_INLINE_SPIN_LOCK_IRQ y
set_kernel_config CONFIG_ARCH_INLINE_SPIN_LOCK_IRQSAVE y
set_kernel_config CONFIG_ARCH_INLINE_SPIN_UNLOCK y
set_kernel_config CONFIG_ARCH_INLINE_SPIN_UNLOCK_BH y
set_kernel_config CONFIG_ARCH_INLINE_SPIN_UNLOCK_IRQ y
set_kernel_config CONFIG_ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE y
set_kernel_config CONFIG_ARCH_INLINE_READ_LOCK y
set_kernel_config CONFIG_ARCH_INLINE_READ_LOCK_BH y
set_kernel_config CONFIG_ARCH_INLINE_READ_LOCK_IRQ y
set_kernel_config CONFIG_ARCH_INLINE_READ_LOCK_IRQSAVE y
set_kernel_config CONFIG_ARCH_INLINE_READ_UNLOCK y
set_kernel_config CONFIG_ARCH_INLINE_READ_UNLOCK_BH y
set_kernel_config CONFIG_ARCH_INLINE_READ_UNLOCK_IRQ y
set_kernel_config CONFIG_ARCH_INLINE_READ_UNLOCK_IRQRESTORE y
set_kernel_config CONFIG_ARCH_INLINE_WRITE_LOCK y
set_kernel_config CONFIG_ARCH_INLINE_WRITE_LOCK_BH y
set_kernel_config CONFIG_ARCH_INLINE_WRITE_LOCK_IRQ y
set_kernel_config CONFIG_ARCH_INLINE_WRITE_LOCK_IRQSAVE y
set_kernel_config CONFIG_ARCH_INLINE_WRITE_UNLOCK y
set_kernel_config CONFIG_ARCH_INLINE_WRITE_UNLOCK_BH y
set_kernel_config CONFIG_ARCH_INLINE_WRITE_UNLOCK_IRQ y
set_kernel_config CONFIG_ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE y
set_kernel_config CONFIG_INLINE_SPIN_TRYLOCK y
set_kernel_config CONFIG_INLINE_SPIN_TRYLOCK_BH y
set_kernel_config CONFIG_INLINE_SPIN_LOCK y
set_kernel_config CONFIG_INLINE_SPIN_LOCK_BH y
set_kernel_config CONFIG_INLINE_SPIN_LOCK_IRQ y
set_kernel_config CONFIG_INLINE_SPIN_LOCK_IRQSAVE y
set_kernel_config CONFIG_INLINE_SPIN_UNLOCK_BH y
set_kernel_config CONFIG_INLINE_SPIN_UNLOCK_IRQ y
set_kernel_config CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE y
set_kernel_config CONFIG_INLINE_READ_LOCK y
set_kernel_config CONFIG_INLINE_READ_LOCK_BH y
set_kernel_config CONFIG_INLINE_READ_LOCK_IRQ y
set_kernel_config CONFIG_INLINE_READ_LOCK_IRQSAVE y
set_kernel_config CONFIG_INLINE_READ_UNLOCK y
set_kernel_config CONFIG_INLINE_READ_UNLOCK_BH y
set_kernel_config CONFIG_INLINE_READ_UNLOCK_IRQ y
set_kernel_config CONFIG_INLINE_READ_UNLOCK_IRQRESTORE y
set_kernel_config CONFIG_INLINE_WRITE_LOCK y
set_kernel_config CONFIG_INLINE_WRITE_LOCK_BH y
set_kernel_config CONFIG_INLINE_WRITE_LOCK_IRQ y
set_kernel_config CONFIG_INLINE_WRITE_LOCK_IRQSAVE y
set_kernel_config CONFIG_INLINE_WRITE_UNLOCK y
set_kernel_config CONFIG_INLINE_WRITE_UNLOCK_BH y
set_kernel_config CONFIG_INLINE_WRITE_UNLOCK_IRQ y
set_kernel_config CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE y
# Memory
set_kernel_config CONFIG_HAVE_FAST_GUP y
set_kernel_config CONFIG_ARCH_KEEP_MEMBLOCK y
# VHOST
set_kernel_config CONFIG_VHOST_SCSI m
set_kernel_config CONFIG_VHOST_VSOCK m
# General
set_kernel_config CONFIG_64BIT_TIME y
set_kernel_config CONFIG_MTD_PCI m
# Sockets
set_kernel_config CONFIG_VSOCKETS m
set_kernel_config CONFIG_VSOCKETS_DIAG m
set_kernel_config CONFIG_VIRTIO_VSOCKETS m
set_kernel_config CONFIG_VIRTIO_VSOCKETS_COMMON m
set_kernel_config CONFIG_VIRTIO_BLK m
# Networking
set_kernel_config CONFIG_NETLABEL y
set_kernel_config CONFIG_TCP_MD5SIG y
set_kernel_config CONFIG_TLS m
set_kernel_config CONFIG_TLS_DEVICE y
set_kernel_config CONFIG_INET_UDP_DIAG m
set_kernel_config CONFIG_INET_RAW_DIAG m
set_kernel_config CONFIG_INET_DIAG_DESTROY y
set_kernel_config CONFIG_NF_NAT_MASQUERADE y
set_kernel_config CONFIG_NETFILTER_SYNPROXY m
set_kernel_config CONFIG_NFT_XFRM m
set_kernel_config CONFIG_NF_CONNTRACK_SECMARK y
set_kernel_config CONFIG_NETFILTER_XT_TARGET_CONNSECMARK m
set_kernel_config CONFIG_NETFILTER_XT_TARGET_SECMARK m
set_kernel_config CONFIG_VSOCKMON m
set_kernel_config CONFIG_LSM_MMAP_MIN_ADDR 0
# Compiler options
set_kernel_config CONFIG_OPTIMIZE_INLINING y
# Printers
set_kernel_config CONFIG_PRINTER m
set_kernel_config CONFIG_PPDEV m
set_kernel_config CONFIG_PARPORT m
set_kernel_config CONFIG_PARPORT_NOT_PC y
set_kernel_config CONFIG_BAYCOM_PAR n
set_kernel_config CONFIG_PARPORT_AX88796 n
set_kernel_config CONFIG_PARPORT_1284 n
set_kernel_config CONFIG_PLIP m
set_kernel_config CONFIG_JOYSTICK_DB9 n
set_kernel_config CONFIG_JOYSTICK_GAMECON n
set_kernel_config CONFIG_JOYSTICK_TURBOGRAFX n
set_kernel_config CONFIG_JOYSTICK_WALKERA0701 n
set_kernel_config CONFIG_SERIO_PARKBD n
set_kernel_config CONFIG_LP_CONSOLE n
set_kernel_config CONFIG_I2C_PARPORT n
set_kernel_config CONFIG_SPI_BUTTERFLY n
set_kernel_config CONFIG_SPI_LM70_LLP n
set_kernel_config CONFIG_PPS_CLIENT_PARPORT n
# Sound
set_kernel_config CONFIG_SND_MTS64 n
set_kernel_config CONFIG_SND_PORTMAN2X4 n
set_kernel_config CONFIG_USB_USS720 n
set_kernel_config CONFIG_USB_SERIAL_MOS7715_PARPORT n
set_kernel_config CONFIG_PANEL n
# GPIO
set_kernel_config CONFIG_GPIO_SYSCON n
set_kernel_config CONFIG_SYSCON_REBOOT_MODE n
# Broadcom
set_kernel_config CONFIG_POWER_RESET_BRCMSTB y
# Drivers
set_kernel_config CONFIG_REGULATOR_ANATOP n
set_kernel_config CONFIG_DRM_PANEL_ARM_VERSATILE m
set_kernel_config CONFIG_LEDS_SYSCON n
set_kernel_config CONFIG_MUX_MMIO n