Vai al menù, saltando i contenuti (access key "m")
Appunti su Gentoo Linux.
Configurazione del kernel
La compilazione
make menuconfig make && make modules_install cp arch..../bzImage /boot/kernel /sbin/lilo
La configurazione
General setup --->
[*] Enable loadable module support --->
-*- Enable the block layer --->
Processor type and features --->
Power management and ACPI options --->
Bus options (PCI etc.) --->
Executable file formats / Emulations --->
[*] Networking support --->
Device Drivers --->
Firmware Drivers --->
File systems --->
Kernel hacking --->
Security options --->
-*- Cryptographic API --->
[ ] Virtualization --->
Library routines --->
---
Load an Alternate Configuration File
Save an Alternate Configuration File
General setup
[*] Prompt for development and/or incomplete code/drivers
() Cross-compiler tool prefix
() Local version - append to kernel release
[ ] Automatically append version information to the version string
Kernel compression mode (LZO) --->
(HOMY2) Default hostname
[*] Support for paging of anonymous memory (swap)
[*] System V IPC
[*] POSIX Message Queues
[*] BSD Process Accounting
[ ] BSD Process Accounting version 3 file format
[ ] open by fhandle syscalls
[ ] Export task/process statistics through netlink (EXPERIMENTAL)
[*] Auditing support
[*] Enable system-call auditing support
IRQ subsystem --->
RCU Subsystem --->
<*> Kernel .config support
[*] Enable access to .config through /proc/config.gz
(18) Kernel log buffer size (16 => 64KB, 17 => 128KB)
[ ] Control Group support --->
-*- Namespaces support --->
[ ] Automatic process group scheduling
[ ] Enable deprecated sysfs features to support old userspace tools
-*- Kernel->user space relay support (formerly relayfs)
[ ] Initial RAM filesystem and RAM disk (initramfs/initrd) support
[*] Optimize for size
[ ] Configure standard kernel features (expert users) --->
[ ] Embedded system
Kernel Performance Events And Counters --->
[ ] Disable heap randomization
Choose SLAB allocator (SLUB (Unqueued Allocator)) --->
[*] Profiling support
< > OProfile system profiling
[ ] Kprobes
[*] Optimize trace point call sites
GCOV-based kernel profiling --->
System V IPC dalla descrizione sembra che si può togliere, in realtà è un componente fondamentale! Senza di lui non funzionano i driver Nvidia, i driver ALSA, ecc...
Per far funzionare la compression LZO bisogna installare il programmino per fare questo tipo di compressione altrimenti alla fine della compilazione del kernel avremo un errore.
emerge lzop
Enable loadable module support
--- Enable loadable module support [ ] Forced module loading [*] Module unloading [ ] Forced module unloading [ ] Module versioning support [ ] Source checksum for all modules
Enable the block layer
--- Enable the block layer
[*] Block layer SG support v4
[ ] Block layer data integrity support
IO Schedulers --->
< > Deadline I/O scheduler
<*> CFQ I/O scheduler
Default I/O scheduler (CFQ) --->
Processor type and features
[*] Tickless System (Dynamic Ticks)
[*] High Resolution Timer Support
[*] Symmetric multi-processing support
[ ] Enable MPS table
[ ] Support for extended (non-PC) x86 platforms
[*] Single-depth WCHAN output
[ ] Paravirtualized guest support --->
[ ] Memtest
Processor family (Intel Atom) --->
[ ] IBM Calgary IOMMU support
[ ] AMD IOMMU support
[ ] Enable Maximum number of SMP Processors and NUMA Nodes
(4) Maximum number of CPUs
[*] SMT (Hyperthreading) scheduler support
[*] Multi-core scheduler support
[ ] Fine granularity task level IRQ time accounting
Preemption Model (Voluntary Kernel Preemption (Desktop)) --->
[ ] Reroute for broken boot IRQs
[*] Machine Check / overheating reporting
[*] Intel MCE features
[ ] AMD MCE features
< > Machine check injector support
< > Dell laptop support
< > /dev/cpu/microcode - microcode support
<*> /dev/cpu/*/msr - Model-specific register support
<*> /dev/cpu/*/cpuid - CPU information support
[ ] Numa Memory Allocation and Scheduler Support
Memory model (Sparse Memory) --->
[*] Sparse Memory virtual memmap
[ ] Allow for memory hot-add
[ ] Allow for memory compaction
[ ] Enable KSM for page merging
(4096) Low address space to protect from user allocation
[ ] Enable recovery from hardware memory errors
[ ] Transparent Hugepage Support
[ ] Enable cleancache driver to cache clean pages if tmem is present
[ ] Check for low memory corruption
(64) Amount of low memory, in kilobytes, to reserve for the BIOS
-*- MTRR (Memory Type Range Register) support
[*] MTRR cleanup support
(0) MTRR cleanup enable value (0-1)
(1) MTRR cleanup spare reg num (0-7)
[*] EFI runtime service support
[*] Enable seccomp to safely compute untrusted bytecode
[ ] Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)
Timer frequency (1000 HZ) --->
[ ] kexec system call
[*] kernel crash dumps
(0x1000000) Physical address where the kernel is loaded
[*] Build a relocatable kernel
[*] Support for hot-pluggable CPUs
[ ] Compat VDSO support
[ ] Built-in kernel command line
Abilitate il Symmetric multi-processing support se avete un sistema multiprocessore (sia che abbiate più processori distinti sia che abbiate un processore con più core al suo interno). Abilitate l'SMT (Hyperthreading) scheduler support se avete una CPU che supporta l'hyper threading. Infine abilitate l'opzione Multi-core scheduler support se avete una CPU che contiene più di un core al suo interno.
Scegliere il Preemption Model e il Timer frequency a seconda che usiate il PC come desktop e quindi avete bisogno di una grande responsivness oppure lo usate come server. Io ho scelto come desktop.
Power management and ACPI options
[ ] Suspend to RAM and standby
[ ] Hibernation (aka 'suspend to disk')
[ ] Run-time PM core functionality
[*] ACPI (Advanced Configuration and Power Interface) Support --->
--- ACPI (Advanced Configuration and Power Interface) Support
[ ] Deprecated /proc/acpi files
[ ] Deprecated power /proc/acpi directories
< > EC read/write access through /sys/kernel/debug/ec
[ ] Deprecated /proc/acpi/event support
< > AC Adapter
< > Battery
<*> Button
<*> Fan
[ ] Dock
<*> Processor
<*> Processor Aggregator
<*> Thermal Zone
[ ] Debug Statements
< > PCI slot detection driver
-*- Container and Module Devices (EXPERIMENTAL)
< > Smart Battery System
< > Hardware Error Device
< > Allow ACPI methods to be inserted/replaced at run time
[ ] ACPI Platform Error Interface (APEI)
[ ] SFI (Simple Firmware Interface) Support --->
CPU Frequency scaling --->
-*- CPU idle PM support
[ ] Cpuidle Driver for Intel Processors
Memory power savings --->
Bus options (PCI etc.)
[*] PCI support [*] Support mmconfig PCI config space access [ ] Support for DMA Remapping Devices (EXPERIMENTAL) [ ] Support for Interrupt Remapping (EXPERIMENTAL) [*] PCI Express support [*] Root Port Advanced Error Reporting support [ ] PCI Express ECRC settings control < > PCIe AER error injector support -*- PCI Express ASPM control [ ] Debug PCI Express ASPM [*] Message Signaled Interrupts (MSI and MSI-X) [ ] PCI Debugging < > PCI Stub driver [*] Interrupts on hypertransport devices [ ] PCI IOV support < > PCCard (PCMCIA/CardBus) support ---> < > Support for PCI Hotplug ---> [ ] RapidIO support
Ovviamente abilitate il support per il PCI Express se effettivamente avete delle slot PCI Express.
Executable file formats / Emulations
[*] Kernel support for ELF binaries [*] Write ELF core dumps with partial segments <*> Kernel support for MISC binaries [*] IA32 Emulation < > IA32 a.out support
Networking support
--- Networking support
Networking options --->
<*> Packet socket
<*> Unix domain sockets
< > PF_KEY sockets
[*] TCP/IP networking
[ ] IP: multicasting
[ ] IP: advanced router
[ ] IP: kernel level autoconfiguration
< > IP: tunneling
< > IP: GRE demultiplexer
[ ] IP: ARP daemon support
[ ] IP: TCP syncookie support
< > IP: AH transformation
< > IP: ESP transformation
< > IP: IPComp transformation
< > IP: IPsec transport mode
< > IP: IPsec tunnel mode
< > IP: IPsec BEET mode
<*> Large Receive Offload (ipv4/tcp)
< > INET: socket monitoring interface
[ ] TCP: advanced congestion control --->
[ ] TCP: MD5 Signature Option support (RFC2385) (EXPERIMENTAL)
< > The IPv6 protocol --->
[ ] NetLabel subsystem support
-*- Security Marking
[ ] Timestamping in PHY devices
[ ] Network packet filtering framework (Netfilter) --->
< > The DCCP Protocol (EXPERIMENTAL) --->
< > The SCTP Protocol (EXPERIMENTAL) --->
< > The RDS Protocol (EXPERIMENTAL)
< > The TIPC Protocol (EXPERIMENTAL) --->
< > Asynchronous Transfer Mode (ATM)
< > Layer Two Tunneling Protocol (L2TP) --->
< > 802.1d Ethernet Bridging
[ ] Distributed Switch Architecture support --->
< > 802.1Q VLAN Support
< > DECnet Support
< > ANSI/IEEE 802.2 LLC type 2 Support
< > The IPX protocol
< > Appletalk protocol support
< > CCITT X.25 Packet Layer (EXPERIMENTAL)
< > LAPB Data Link Driver (EXPERIMENTAL)
< > Acorn Econet/AUN protocols (EXPERIMENTAL)
< > WAN router
< > Phonet protocols family
< > IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks support (EXPERIMENTAL)
[ ] QoS and/or fair queueing --->
[ ] Data Center Bridging support
< > B.A.T.M.A.N. Advanced Meshing Protocol
[ ] enable BPF Just In Time compiler
Network testing --->
[ ] Amateur Radio support --->
< > CAN bus subsystem support --->
< > IrDA (infrared) subsystem support --->
< > Bluetooth subsystem support --->
< > RxRPC session sockets
-*- Wireless --->
--- Wireless
<*> cfg80211 - wireless configuration API
[ ] nl80211 testmode command
[ ] enable developer warnings
[ ] cfg80211 regulatory debugging
[*] enable powersave by default
[ ] cfg80211 DebugFS entries
[*] cfg80211 wireless extensions compatibility
[ ] Wireless extensions sysfs files
< > Common routines for IEEE802.11 drivers
<*> Generic IEEE 802.11 Networking Stack (mac80211)
Default rate control algorithm (Minstrel) --->
[ ] Enable mac80211 mesh networking (pre-802.11s) support
-*- Enable LED triggers
[ ] Export mac80211 internals in DebugFS
[ ] Select mac80211 debugging features --->
< > WiMAX Wireless Broadband support --->
<*> RF switch subsystem support --->
< > Plan 9 Resource Sharing Support (9P2000) --->
< > CAIF support --->
< > Ceph core library (EXPERIMENTAL)
Se non vi serve il supporto per il protocollo IPv6, disabilitatelo. Fa solo aumentare la dimensione del kernel e per di più rallenta le comunicazioni di rete.
Device Drivers
Generic Driver Options --->
<*> Connector - unified userspace <-> kernelspace linker --->
< > Memory Technology Device (MTD) support --->
< > Parallel port support --->
-*- Plug and Play support --->
[*] Block devices --->
[ ] Misc devices --->
< > ATA/ATAPI/MFM/RLL support (DEPRECATED) --->
SCSI device support --->
<*> Serial ATA and Parallel ATA drivers --->
[ ] Multiple devices driver support (RAID and LVM) --->
< > Generic Target Core Mod (TCM) and ConfigFS Infrastructure --->
[ ] Fusion MPT device support --->
IEEE 1394 (FireWire) support --->
< > I2O device support --->
[ ] Macintosh device drivers --->
[*] Network device support --->
[ ] ISDN support --->
< > Telephony support --->
Input device support --->
Character devices --->
<*> I2C support --->
[ ] SPI support --->
PPS support --->
PTP clock support --->
[ ] GPIO Support --->
< > Dallas's 1-wire support --->
<*> Power supply class support --->
<*> Hardware Monitoring support --->
-*- Generic Thermal sysfs driver --->
[ ] Watchdog Timer Support --->
Sonics Silicon Backplane --->
Broadcom specific AMBA --->
[*] Multifunction device drivers --->
[ ] Voltage and Current Regulator Support --->
< > Multimedia support --->
Graphics support --->
<*> Sound card support --->
[*] HID Devices --->
[*] USB support --->
< > Ultra Wideband devices (EXPERIMENTAL) --->
<*> MMC/SD/SDIO card support --->
< > Sony MemoryStick card support (EXPERIMENTAL) --->
-*- LED Support --->
[ ] Near Field Communication (NFC) devices --->
[ ] Accessibility support --->
< > InfiniBand support --->
[*] EDAC (Error Detection And Correction) reporting --->
[*] Real Time Clock --->
[*] DMA Engine support --->
[ ] Auxiliary Display support --->
< > Userspace I/O drivers --->
[ ] Staging drivers --->
[ ] X86 Platform Specific Device Drivers --->
Firmware Drivers
< > BIOS Enhanced Disk Drive calls determine boot disk <*> EFI Variable Support via sysfs < > BIOS update support for DELL systems via sysfs < > Dell Systems Management Base Driver [*] Export DMI identification via sysfs to userspace < > DMI table support in sysfs [ ] iSCSI Boot Firmware Table Attributes < > SigmaStudio firmware loader [ ] Google Firmware Drivers
File systems
<*> Second extended fs support
[ ] Ext2 extended attributes
[ ] Ext2 execute in place support
<*> Ext3 journalling file system support
[ ] Default to 'data=ordered' in ext3
[ ] Ext3 extended attributes
< > The Extended 4 (ext4) filesystem
[ ] JBD (ext3) debugging support
< > Reiserfs support
< > JFS filesystem support
< > XFS filesystem support
< > GFS2 file system support
< > Btrfs filesystem (EXPERIMENTAL) Unstable disk format
< > NILFS2 file system support (EXPERIMENTAL)
[*] Dnotify support
[*] Inotify support for userspace
[ ] Filesystem wide access notification
[ ] Quota support
< > Kernel automounter version 4 support (also supports v3)
<*> FUSE (Filesystem in Userspace) support
< > Character device in Userspace support
Caches --->
CD-ROM/DVD Filesystems --->
DOS/FAT/NT Filesystems --->
Pseudo filesystems --->
[ ] Miscellaneous filesystems --->
[*] Network File Systems --->
Partition Types --->
-*- Native language support --->
Kernel hacking
[*] Show timing information on printks
(4) Default message log level (1-7)
[ ] Enable __deprecated logic
[*] Enable __must_check logic
(2048) Warn for stack frames larger than (needs gcc 4.4)
[ ] Magic SysRq key
[ ] Strip assembler-generated symbols during link
[ ] Enable unused/obsolete exported symbols
-*- Debug Filesystem
[ ] Run 'make headers_check' when building vmlinux
[ ] Enable full Section mismatch analysis
[*] Kernel debugging
[ ] Debug shared IRQ handlers
[ ] Detect Hard and Soft Lockups
[ ] Detect Hung Tasks
[ ] Collect scheduler debugging info
[*] Collect scheduler statistics
[*] Collect kernel timers statistics
[ ] Debug object operations
[ ] SLUB debugging on by default
[ ] Enable SLUB performance statistics
[ ] Kernel memory leak detector
[ ] RT Mutex debugging, deadlock detection
[ ] Built-in scriptable tester for rt-mutexes
[ ] Spinlock and rw-lock debugging: basic checks
[ ] Mutex debugging: basic checks
[ ] Lock debugging: detect incorrect freeing of live locks
[ ] Lock debugging: prove locking correctness
[ ] RCU debugging: sparse-based checks for pointer usage
[ ] Lock usage statistics
[ ] Spinlock debugging: sleep-inside-spinlock checking
[ ] Locking API boot-time self-tests
[*] Stack utilization instrumentation
[ ] kobject debugging
[ ] Compile the kernel with debug info
[ ] Debug VM
[ ] Debug VM translations
[ ] Debug filesystem writers count
[ ] Debug linked list manipulation
[ ] Linked list sorting test
[ ] Debug SG table operations
[ ] Debug notifier call chains
[ ] Debug credential management
[*] Compile the kernel with frame pointers
[ ] Delay each boot printk message by N milliseconds
< > torture tests for RCU
(60) RCU CPU stall timeout in seconds
< > Self test for the backtrace code
[ ] Force extended block device numbers and spread them
[ ] Force weak per-cpu definitions
[ ] Debug access to per_cpu maps
< > Linux Kernel Dump Test Tool Module
< > CPU notifier error injection module
[ ] Fault-injection framework
[ ] Latency measuring infrastructure
[*] Sysctl checks
[ ] Debug page memory allocations
[ ] Deprecated power event trace API, to be removed
[*] Tracers --->
[*] Remote debugging over FireWire early on boot
[ ] Enable dynamic printk() support
[ ] Enable debugging of DMA-API usage
[ ] Perform an atomic64_t self-test at boot
[ ] Sample kernel code --->
[ ] KGDB: kernel debugger --->
< > Test kstrto*() family of functions at runtime
[ ] Filter access to /dev/mem
[*] Enable verbose x86 bootup info messages
-*- Early printk
[*] Early printk via EHCI debug port
[*] Check for stack overflows
[ ] Export kernel pagetable layout to userspace via debugfs
[*] Write protect kernel read-only data structures
[ ] Testcase for the DEBUG_RODATA feature
[ ] Set loadable kernel module data as NX and text as RO
< > Testcase for the NX non-executable stack feature
[ ] Enable IOMMU debugging
[ ] Enable IOMMU stress-test mode
IO delay type (port 0x80 based port-IO delay [recommended]) --->
[*] Debug boot parameters
[ ] CPA self-test code
[*] Allow gcc to uninline functions marked 'inline'
[ ] Strict copy size checks
Security options
[ ] Enable access key retention support
[ ] Restrict unprivileged access to the kernel syslog
[*] Enable different security models
[ ] Enable the securityfs filesystem
[*] Socket and Networking Security Hooks
[ ] Security hooks for pathname based access control
(65536) Low address space for LSM to protect from user allocation
[*] NSA SELinux Support
[*] NSA SELinux boot parameter
(1) NSA SELinux boot parameter default value
[*] NSA SELinux runtime disable
[*] NSA SELinux Development Support
[*] NSA SELinux AVC Statistics
(1) NSA SELinux checkreqprot default value
[ ] NSA SELinux maximum supported policy format version
[ ] TOMOYO Linux Support
[ ] AppArmor support
[ ] Integrity Measurement Architecture(IMA)
Default security module (SELinux) --->
Cryptographic API
--- Cryptographic API
*** Crypto core or helper ***
-*- Cryptographic algorithm manager
[*] Disable run-time self tests
< > GF(2^128) multiplication functions (EXPERIMENTAL)
< > Null algorithms
< > Parallel crypto engine (EXPERIMENTAL)
< > Software async crypto daemon
<*> Authenc support
< > Testing module
*** Authenticated Encryption with Associated Data ***
< > CCM support
< > GCM/GMAC support
< > Sequence Number IV Generator
*** Block modes ***
<*> CBC support
< > CTR support
< > CTS support
-*- ECB support
< > LRW support (EXPERIMENTAL)
< > PCBC support
< > XTS support (EXPERIMENTAL)
*** Hash modes ***
-*- HMAC support
< > XCBC support
< > VMAC support
*** Digest ***
< > CRC32c CRC algorithm
< > CRC32c INTEL hardware acceleration
< > GHASH digest algorithm
-*- MD4 digest algorithm
-*- MD5 digest algorithm
< > Michael MIC keyed digest algorithm
< > RIPEMD-128 digest algorithm
< > RIPEMD-160 digest algorithm
< > RIPEMD-256 digest algorithm
< > RIPEMD-320 digest algorithm
<*> SHA1 digest algorithm
< > SHA224 and SHA256 digest algorithm
< > SHA384 and SHA512 digest algorithms
< > Tiger digest algorithms
< > Whirlpool digest algorithms
< > GHASH digest algorithm (CLMUL-NI accelerated)
*** Ciphers ***
-*- AES cipher algorithms
< > AES cipher algorithms (x86_64)
< > AES cipher algorithms (AES-NI)
< > Anubis cipher algorithm
-*- ARC4 cipher algorithm
< > Blowfish cipher algorithm
< > Camellia cipher algorithms
< > CAST5 (CAST-128) cipher algorithm
< > CAST6 (CAST-256) cipher algorithm
-*- DES and Triple DES EDE cipher algorithms
< > FCrypt cipher algorithm
< > Khazad cipher algorithm
< > Salsa20 stream cipher algorithm (EXPERIMENTAL)
< > Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)
< > SEED cipher algorithm
< > Serpent cipher algorithm
< > TEA, XTEA and XETA cipher algorithms
< > Twofish cipher algorithm
< > Twofish cipher algorithm (x86_64)
*** Compression ***
< > Deflate compression algorithm
< > Zlib compression algorithm
< > LZO compression algorithm
*** Random Number Generation ***
< > Pseudo Random Number Generation for Cryptographic modules
< > User-space interface for hash algorithms
< > User-space interface for symmetric key cipher algorithms
[*] Hardware crypto devices --->
Virtualization
Library routines
< > CRC-CCITT functions < > CRC16 functions <*> CRC calculation for the T10 Data Integrity Field < > CRC ITU-T V.41 functions -*- CRC32 functions < > CRC7 functions < > CRC32c (Castagnoli, et al) Cyclic Redundancy-Check < > XZ decompression support -*- Averaging functions