Most options in kernel config files use "options<space><tab>OPTION". This allows the option to be commented out without shifting columns. A few options had two tabs, and some had spaces. Make them consistent.
198 lines
8.2 KiB
Plaintext
198 lines
8.2 KiB
Plaintext
#
|
|
# FIRECRACKER -- kernel configuration file for Firecracker VM
|
|
#
|
|
# This is largely a stripped-down version of the GENERIC kernel configuration
|
|
# file, without drivers for hardware which will never appear inside the
|
|
# Firecracker VM environment. It adds support for the Virtio MMIO bus,
|
|
# which Firecracker uses for exposing devices, and legacy mptable, which
|
|
# Firecracker uses for exposing information about CPUs (since it doesn't
|
|
# support ACPI).
|
|
#
|
|
# Since Firecracker loads the kernel directly via the PVH boot protocol,
|
|
# it bypasses the boot loader; some environment variables are hard-coded
|
|
# here which would normally be provided via device hints or loader.conf.
|
|
#
|
|
# For more information about the Firecracker VM, see:
|
|
#
|
|
# https://firecracker-microvm.github.io/
|
|
|
|
cpu HAMMER
|
|
ident FIRECRACKER
|
|
|
|
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
|
|
makeoptions WITH_CTF=1 # Run ctfconvert(1) for DTrace support
|
|
|
|
options SCHED_ULE # ULE scheduler
|
|
options NUMA # Non-Uniform Memory Architecture support
|
|
options PREEMPTION # Enable kernel thread preemption
|
|
options VIMAGE # Subsystem virtualization, e.g. VNET
|
|
options INET # InterNETworking
|
|
options INET6 # IPv6 communications protocols
|
|
options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5
|
|
options ROUTE_MPATH # Multipath routing support
|
|
options FIB_ALGO # Modular fib lookups
|
|
options TCP_OFFLOAD # TCP offload
|
|
options TCP_BLACKBOX # Enhanced TCP event logging
|
|
options TCP_HHOOK # hhook(9) framework for TCP
|
|
options TCP_RFC7413 # TCP Fast Open
|
|
options SCTP_SUPPORT # Allow kldload of SCTP
|
|
options KERN_TLS # TLS transmit & receive offload
|
|
options FFS # Berkeley Fast Filesystem
|
|
options SOFTUPDATES # Enable FFS soft updates support
|
|
options UFS_ACL # Support for access control lists
|
|
options UFS_DIRHASH # Improve performance on big directories
|
|
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
|
|
options QUOTA # Enable disk quotas for UFS
|
|
options MD_ROOT # MD is a potential root device
|
|
options NFSCL # Network Filesystem Client
|
|
options NFSD # Network Filesystem Server
|
|
options NFSLOCKD # Network Lock Manager
|
|
options NFS_ROOT # NFS usable as /, requires NFSCL
|
|
options MSDOSFS # MSDOS Filesystem
|
|
options CD9660 # ISO 9660 Filesystem
|
|
options PROCFS # Process filesystem (requires PSEUDOFS)
|
|
options PSEUDOFS # Pseudo-filesystem framework
|
|
options TMPFS # Efficient memory filesystem
|
|
options GEOM_RAID # Soft RAID functionality.
|
|
options GEOM_LABEL # Provides labelization
|
|
options EFIRT # EFI Runtime Services support
|
|
options COMPAT_FREEBSD32 # Compatible with i386 binaries
|
|
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
|
|
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
|
|
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
|
|
options COMPAT_FREEBSD7 # Compatible with FreeBSD7
|
|
options COMPAT_FREEBSD9 # Compatible with FreeBSD9
|
|
options COMPAT_FREEBSD10 # Compatible with FreeBSD10
|
|
options COMPAT_FREEBSD11 # Compatible with FreeBSD11
|
|
options COMPAT_FREEBSD12 # Compatible with FreeBSD12
|
|
options COMPAT_FREEBSD13 # Compatible with FreeBSD13
|
|
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
|
|
options KTRACE # ktrace(1) support
|
|
options STACK # stack(9) support
|
|
options SYSVSHM # SYSV-style shared memory
|
|
options SYSVMSG # SYSV-style message queues
|
|
options SYSVSEM # SYSV-style semaphores
|
|
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
|
|
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
|
|
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
|
|
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
|
|
options AUDIT # Security event auditing
|
|
options CAPABILITY_MODE # Capsicum capability mode
|
|
options CAPABILITIES # Capsicum capabilities
|
|
options MAC # TrustedBSD MAC Framework
|
|
options KDTRACE_FRAME # Ensure frames are compiled in
|
|
options KDTRACE_HOOKS # Kernel DTrace hooks
|
|
options DDB_CTF # Kernel ELF linker loads CTF data
|
|
options INCLUDE_CONFIG_FILE # Include this file in kernel
|
|
options RACCT # Resource accounting framework
|
|
options RACCT_DEFAULT_TO_DISABLED # Set kern.racct.enable=0 by default
|
|
options RCTL # Resource limits
|
|
|
|
# Debugging support. Always need this:
|
|
options KDB # Enable kernel debugger support.
|
|
options KDB_TRACE # Print a stack trace for a panic.
|
|
# For full debugger support use (turn off in stable branch):
|
|
options BUF_TRACKING # Track buffer history
|
|
options DDB # Support DDB.
|
|
options FULL_BUF_TRACKING # Track more buffer history
|
|
options GDB # Support remote GDB.
|
|
options DEADLKRES # Enable the deadlock resolver
|
|
options INVARIANTS # Enable calls of extra sanity checking
|
|
options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS
|
|
options QUEUE_MACRO_DEBUG_TRASH # Trash queue(2) internal pointers on invalidation
|
|
options WITNESS # Enable checks to detect deadlocks and cycles
|
|
options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed
|
|
options MALLOC_DEBUG_MAXZONES=8 # Separate malloc(9) zones
|
|
options VERBOSE_SYSINIT=0 # Support debug.verbose_sysinit, off by default
|
|
|
|
# Kernel dump features.
|
|
options EKCD # Support for encrypted kernel dumps
|
|
options GZIO # gzip-compressed kernel and user dumps
|
|
options ZSTDIO # zstd-compressed kernel and user dumps
|
|
options DEBUGNET # debugnet networking
|
|
options NETDUMP # netdump(4) client support
|
|
options NETGDB # netgdb(4) client support
|
|
|
|
# Make an SMP-capable kernel by default
|
|
options SMP # Symmetric MultiProcessor Kernel
|
|
options EARLY_AP_STARTUP
|
|
|
|
# Pseudo devices.
|
|
device crypto # core crypto support
|
|
device aesni # AES-NI OpenCrypto module
|
|
device loop # Network loopback
|
|
device rdrand_rng # Intel Bull Mountain RNG
|
|
device ether # Ethernet support
|
|
device vlan # 802.1Q VLAN support
|
|
device tuntap # Packet tunnel.
|
|
device md # Memory "disks"
|
|
device gif # IPv6 and IPv4 tunneling
|
|
device firmware # firmware assist module
|
|
device xz # lzma decompression
|
|
device bpf # Berkeley packet filter
|
|
|
|
# Serial (COM) ports
|
|
device uart # Generic UART driver
|
|
|
|
# VirtIO support
|
|
device virtio # Generic VirtIO bus (required)
|
|
device virtio_mmio # VirtIO MMIO bus
|
|
device vtnet # VirtIO Ethernet device
|
|
device virtio_blk # VirtIO Block device
|
|
|
|
# Linux KVM paravirtualization support
|
|
device kvm_clock # KVM paravirtual clock driver
|
|
|
|
# Netmap provides direct access to TX/RX rings on supported NICs
|
|
device netmap # netmap(4) support
|
|
|
|
# Firecracker exposes information via the legacy MP Table mechanism
|
|
# rather than via ACPI (which it does not implement).
|
|
device mptable
|
|
|
|
# Firecracker launches the FreeBSD kernel directly, via the PVH boot
|
|
# protocol, rather than via the boot loader; as such, we need to bake
|
|
# device hints into the kernel configuration rather than relying on
|
|
# device.hints being loaded, and likewise have no loader.conf to place
|
|
# other settings into.
|
|
envvar hint.uart.0.at="isa"
|
|
envvar hint.uart.0.port="0x3F8"
|
|
envvar hint.uart.0.flags="0x10"
|
|
envvar hint.uart.0.irq="0x4"
|
|
envvar hint.acpi.0.disabled="1"
|
|
|
|
# Inside a VM, "power off" doesn't really yank the AC power, so there's
|
|
# no need to worry about disks flushing caches before losing power.
|
|
envvar kern.shutdown.poweroff_delay="0"
|
|
|
|
# Firecracker seems to have a bug in its UART emulation. This works
|
|
# around the problem.
|
|
envvar hw.broken_txfifo="1"
|
|
|
|
# We don't have an early timecounter to calibrate the TSC against, so
|
|
# skip that; later in the boot process we have other timecounters.
|
|
envvar machdep.disable_tsc_calibration="1"
|
|
|
|
# Provide bug-for-bug compatiblity with Linux in MP Table searching
|
|
# and parsing. Firecracker relies on these bugs.
|
|
options MPTABLE_LINUX_BUG_COMPAT
|
|
|
|
# Disable the automatic registration of a PCI bridge; we do in fact
|
|
# not have one.
|
|
options NO_LEGACY_PCIB
|
|
|
|
# Bus support.
|
|
# Note that Firecracker provides neither ACPI nor PCI; but removing these
|
|
# devices currently (2022-07-09) prevents the kernel from building.
|
|
device acpi
|
|
device pci
|
|
|
|
# Xen HVM Guest Optimizations
|
|
# NOTE: XENHVM depends on xenpci and xentimer.
|
|
# They must be added or removed together.
|
|
# NOTE: These are present in FIRECRACKER because the PVH boot method
|
|
# originates from Xen; once that code is untangled these can be removed.
|
|
options XENHVM # Xen HVM kernel infrastructure
|
|
device xenpci # Xen HVM Hypervisor services driver
|
|
device xentimer # Xen x86 PV timer device
|