xref: /freebsd/sys/amd64/conf/FIRECRACKER (revision 87bf0aaba8f1bd743d4df24ae422dd8075260d45) 
1469ad860SColin Percival#
2469ad860SColin Percival# FIRECRACKER -- kernel configuration file for Firecracker VM
3469ad860SColin Percival#
4469ad860SColin Percival# This is largely a stripped-down version of the GENERIC kernel configuration
5469ad860SColin Percival# file, without drivers for hardware which will never appear inside the
6469ad860SColin Percival# Firecracker VM environment.  It adds support for the Virtio MMIO bus,
7469ad860SColin Percival# which Firecracker uses for exposing devices, and legacy mptable, which
8469ad860SColin Percival# Firecracker uses for exposing information about CPUs (since it doesn't
9469ad860SColin Percival# support ACPI).
10469ad860SColin Percival#
11469ad860SColin Percival# Since Firecracker loads the kernel directly via the PVH boot protocol,
12469ad860SColin Percival# it bypasses the boot loader; some environment variables are hard-coded
13469ad860SColin Percival# here which would normally be provided via device hints or loader.conf.
14469ad860SColin Percival#
15469ad860SColin Percival# For more information about the Firecracker VM, see:
16469ad860SColin Percival#
17469ad860SColin Percival#    https://firecracker-microvm.github.io/
18469ad860SColin Percival
19469ad860SColin Percivalcpu		HAMMER
20469ad860SColin Percivalident		FIRECRACKER
21469ad860SColin Percival
22469ad860SColin Percivalmakeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols
23469ad860SColin Percivalmakeoptions	WITH_CTF=1		# Run ctfconvert(1) for DTrace support
24469ad860SColin Percival
25469ad860SColin Percivaloptions 	SCHED_ULE		# ULE scheduler
26469ad860SColin Percivaloptions 	NUMA			# Non-Uniform Memory Architecture support
27469ad860SColin Percivaloptions 	PREEMPTION		# Enable kernel thread preemption
28469ad860SColin Percivaloptions 	VIMAGE			# Subsystem virtualization, e.g. VNET
29469ad860SColin Percivaloptions 	INET			# InterNETworking
30469ad860SColin Percivaloptions 	INET6			# IPv6 communications protocols
31469ad860SColin Percivaloptions 	IPSEC_SUPPORT		# Allow kldload of ipsec and tcpmd5
32469ad860SColin Percivaloptions 	ROUTE_MPATH		# Multipath routing support
33469ad860SColin Percivaloptions 	FIB_ALGO		# Modular fib lookups
34469ad860SColin Percivaloptions 	TCP_OFFLOAD		# TCP offload
35469ad860SColin Percivaloptions 	TCP_BLACKBOX		# Enhanced TCP event logging
36469ad860SColin Percivaloptions 	TCP_HHOOK		# hhook(9) framework for TCP
37469ad860SColin Percivaloptions 	TCP_RFC7413		# TCP Fast Open
38469ad860SColin Percivaloptions 	SCTP_SUPPORT		# Allow kldload of SCTP
39469ad860SColin Percivaloptions 	KERN_TLS		# TLS transmit & receive offload
40469ad860SColin Percivaloptions 	FFS			# Berkeley Fast Filesystem
41469ad860SColin Percivaloptions 	SOFTUPDATES		# Enable FFS soft updates support
42469ad860SColin Percivaloptions 	UFS_ACL			# Support for access control lists
43469ad860SColin Percivaloptions 	UFS_DIRHASH		# Improve performance on big directories
44469ad860SColin Percivaloptions 	UFS_GJOURNAL		# Enable gjournal-based UFS journaling
45469ad860SColin Percivaloptions 	QUOTA			# Enable disk quotas for UFS
46469ad860SColin Percivaloptions 	MD_ROOT			# MD is a potential root device
47469ad860SColin Percivaloptions 	NFSCL			# Network Filesystem Client
48469ad860SColin Percivaloptions 	NFSD			# Network Filesystem Server
49469ad860SColin Percivaloptions 	NFSLOCKD		# Network Lock Manager
50469ad860SColin Percivaloptions 	NFS_ROOT		# NFS usable as /, requires NFSCL
51469ad860SColin Percivaloptions 	MSDOSFS			# MSDOS Filesystem
52469ad860SColin Percivaloptions 	CD9660			# ISO 9660 Filesystem
53469ad860SColin Percivaloptions 	PROCFS			# Process filesystem (requires PSEUDOFS)
54469ad860SColin Percivaloptions 	PSEUDOFS		# Pseudo-filesystem framework
55469ad860SColin Percivaloptions 	TMPFS			# Efficient memory filesystem
56469ad860SColin Percivaloptions 	GEOM_RAID		# Soft RAID functionality.
57469ad860SColin Percivaloptions 	GEOM_LABEL		# Provides labelization
58469ad860SColin Percivaloptions 	EFIRT			# EFI Runtime Services support
59469ad860SColin Percivaloptions 	COMPAT_FREEBSD32	# Compatible with i386 binaries
60469ad860SColin Percivaloptions 	COMPAT_FREEBSD10	# Compatible with FreeBSD10
61469ad860SColin Percivaloptions 	COMPAT_FREEBSD11	# Compatible with FreeBSD11
62469ad860SColin Percivaloptions 	COMPAT_FREEBSD12	# Compatible with FreeBSD12
63469ad860SColin Percivaloptions 	COMPAT_FREEBSD13	# Compatible with FreeBSD13
6484d12f88SKristof Provostoptions 	COMPAT_FREEBSD14	# Compatible with FreeBSD14
65469ad860SColin Percivaloptions 	SCSI_DELAY=5000		# Delay (in ms) before probing SCSI
66469ad860SColin Percivaloptions 	KTRACE			# ktrace(1) support
67469ad860SColin Percivaloptions 	STACK			# stack(9) support
68469ad860SColin Percivaloptions 	SYSVSHM			# SYSV-style shared memory
69469ad860SColin Percivaloptions 	SYSVMSG			# SYSV-style message queues
70469ad860SColin Percivaloptions 	SYSVSEM			# SYSV-style semaphores
71469ad860SColin Percivaloptions 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
72469ad860SColin Percivaloptions 	PRINTF_BUFR_SIZE=128	# Prevent printf output being interspersed.
73469ad860SColin Percivaloptions 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
74469ad860SColin Percivaloptions 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
75469ad860SColin Percivaloptions 	AUDIT			# Security event auditing
76469ad860SColin Percivaloptions 	CAPABILITY_MODE		# Capsicum capability mode
77469ad860SColin Percivaloptions 	CAPABILITIES		# Capsicum capabilities
78469ad860SColin Percivaloptions 	MAC			# TrustedBSD MAC Framework
79469ad860SColin Percivaloptions 	KDTRACE_FRAME		# Ensure frames are compiled in
80469ad860SColin Percivaloptions 	KDTRACE_HOOKS		# Kernel DTrace hooks
81469ad860SColin Percivaloptions 	DDB_CTF			# Kernel ELF linker loads CTF data
82469ad860SColin Percivaloptions 	INCLUDE_CONFIG_FILE	# Include this file in kernel
83469ad860SColin Percivaloptions 	RACCT			# Resource accounting framework
84469ad860SColin Percivaloptions 	RACCT_DEFAULT_TO_DISABLED # Set kern.racct.enable=0 by default
85469ad860SColin Percivaloptions 	RCTL			# Resource limits
86469ad860SColin Percival
87469ad860SColin Percival# Debugging support.  Always need this:
88469ad860SColin Percivaloptions 	KDB			# Enable kernel debugger support.
89469ad860SColin Percivaloptions 	KDB_TRACE		# Print a stack trace for a panic.
90469ad860SColin Percival# For full debugger support use (turn off in stable branch):
91469ad860SColin Percivaloptions 	BUF_TRACKING		# Track buffer history
92469ad860SColin Percivaloptions 	DDB			# Support DDB.
93469ad860SColin Percivaloptions 	FULL_BUF_TRACKING	# Track more buffer history
94469ad860SColin Percivaloptions 	GDB			# Support remote GDB.
95469ad860SColin Percivaloptions 	DEADLKRES		# Enable the deadlock resolver
96469ad860SColin Percivaloptions 	INVARIANTS		# Enable calls of extra sanity checking
97469ad860SColin Percivaloptions 	INVARIANT_SUPPORT	# Extra sanity checks of internal structures, required by INVARIANTS
98469ad860SColin Percivaloptions 	QUEUE_MACRO_DEBUG_TRASH	# Trash queue(2) internal pointers on invalidation
99469ad860SColin Percivaloptions 	WITNESS			# Enable checks to detect deadlocks and cycles
100469ad860SColin Percivaloptions 	WITNESS_SKIPSPIN	# Don't run witness on spinlocks for speed
101469ad860SColin Percivaloptions 	MALLOC_DEBUG_MAXZONES=8	# Separate malloc(9) zones
102469ad860SColin Percivaloptions 	VERBOSE_SYSINIT=0	# Support debug.verbose_sysinit, off by default
103469ad860SColin Percival
104469ad860SColin Percival# Kernel dump features.
105469ad860SColin Percivaloptions 	EKCD			# Support for encrypted kernel dumps
106469ad860SColin Percivaloptions 	GZIO			# gzip-compressed kernel and user dumps
107469ad860SColin Percivaloptions 	ZSTDIO			# zstd-compressed kernel and user dumps
108469ad860SColin Percivaloptions 	DEBUGNET		# debugnet networking
109469ad860SColin Percivaloptions 	NETDUMP			# netdump(4) client support
110469ad860SColin Percivaloptions 	NETGDB			# netgdb(4) client support
111469ad860SColin Percival
112469ad860SColin Percival# Make an SMP-capable kernel by default
113469ad860SColin Percivaloptions 	SMP			# Symmetric MultiProcessor Kernel
114469ad860SColin Percival
115469ad860SColin Percival# Pseudo devices.
116469ad860SColin Percivaldevice		crypto			# core crypto support
117469ad860SColin Percivaldevice		aesni			# AES-NI OpenCrypto module
118469ad860SColin Percivaldevice		loop			# Network loopback
119469ad860SColin Percivaldevice		rdrand_rng		# Intel Bull Mountain RNG
120469ad860SColin Percivaldevice		ether			# Ethernet support
121469ad860SColin Percivaldevice		vlan			# 802.1Q VLAN support
122469ad860SColin Percivaldevice		tuntap			# Packet tunnel.
123469ad860SColin Percivaldevice		md			# Memory "disks"
124469ad860SColin Percivaldevice		gif			# IPv6 and IPv4 tunneling
125469ad860SColin Percivaldevice		firmware		# firmware assist module
126469ad860SColin Percivaldevice		xz			# lzma decompression
127469ad860SColin Percivaldevice		bpf			# Berkeley packet filter
128469ad860SColin Percival
129469ad860SColin Percival# Serial (COM) ports
130469ad860SColin Percivaldevice		uart			# Generic UART driver
131469ad860SColin Percival
132469ad860SColin Percival# VirtIO support
133469ad860SColin Percivaldevice		virtio			# Generic VirtIO bus (required)
134469ad860SColin Percivaldevice		virtio_mmio		# VirtIO MMIO bus
135469ad860SColin Percivaldevice		vtnet			# VirtIO Ethernet device
136469ad860SColin Percivaldevice		virtio_blk		# VirtIO Block device
137469ad860SColin Percival
138469ad860SColin Percival# Linux KVM paravirtualization support
139469ad860SColin Percivaldevice		kvm_clock		# KVM paravirtual clock driver
140469ad860SColin Percival
141469ad860SColin Percival# Netmap provides direct access to TX/RX rings on supported NICs
142469ad860SColin Percivaldevice		netmap			# netmap(4) support
143469ad860SColin Percival
144469ad860SColin Percival# Firecracker exposes information via the legacy MP Table mechanism
145469ad860SColin Percival# rather than via ACPI (which it does not implement).
146469ad860SColin Percivaldevice		mptable
147469ad860SColin Percival
148469ad860SColin Percival# Firecracker launches the FreeBSD kernel directly, via the PVH boot
149469ad860SColin Percival# protocol, rather than via the boot loader; as such, we need to bake
150469ad860SColin Percival# device hints into the kernel configuration rather than relying on
151469ad860SColin Percival# device.hints being loaded, and likewise have no loader.conf to place
152469ad860SColin Percival# other settings into.
153469ad860SColin Percivalenvvar	hint.uart.0.at="isa"
154469ad860SColin Percivalenvvar	hint.uart.0.port="0x3F8"
155469ad860SColin Percivalenvvar	hint.uart.0.flags="0x10"
156469ad860SColin Percivalenvvar	hint.uart.0.irq="0x4"
157469ad860SColin Percivalenvvar	hint.acpi.0.disabled="1"
158469ad860SColin Percival
159469ad860SColin Percival# Inside a VM, "power off" doesn't really yank the AC power, so there's
160469ad860SColin Percival# no need to worry about disks flushing caches before losing power.
161469ad860SColin Percivalenvvar	kern.shutdown.poweroff_delay="0"
162469ad860SColin Percival
163469ad860SColin Percival# Firecracker seems to have a bug in its UART emulation.  This works
164469ad860SColin Percival# around the problem.
165469ad860SColin Percivalenvvar	hw.broken_txfifo="1"
166469ad860SColin Percival
167469ad860SColin Percival# We don't have an early timecounter to calibrate the TSC against, so
168469ad860SColin Percival# skip that; later in the boot process we have other timecounters.
169469ad860SColin Percivalenvvar	machdep.disable_tsc_calibration="1"
170469ad860SColin Percival
1710167b5a7SIgor Ostapenko# Provide bug-for-bug compatibility with Linux in MP Table searching
172469ad860SColin Percival# and parsing.  Firecracker relies on these bugs.
173469ad860SColin Percivaloptions 	MPTABLE_LINUX_BUG_COMPAT
174469ad860SColin Percival
175469ad860SColin Percival# Disable the automatic registration of a PCI bridge; we do in fact
176469ad860SColin Percival# not have one.
177469ad860SColin Percivaloptions 	NO_LEGACY_PCIB
178469ad860SColin Percival
179469ad860SColin Percival# Bus support.
180469ad860SColin Percival# Note that Firecracker provides neither ACPI nor PCI; but removing these
181469ad860SColin Percival# devices currently (2022-07-09) prevents the kernel from building.
182469ad860SColin Percivaldevice		acpi
183469ad860SColin Percivaldevice		pci
184469ad860SColin Percival
185469ad860SColin Percival# Xen HVM Guest Optimizations
186469ad860SColin Percival# NOTE: XENHVM depends on xenpci and xentimer.
187469ad860SColin Percival# They must be added or removed together.
188469ad860SColin Percival# NOTE: These are present in FIRECRACKER because the PVH boot method
189469ad860SColin Percival# originates from Xen; once that code is untangled these can be removed.
190469ad860SColin Percivaloptions 	XENHVM			# Xen HVM kernel infrastructure
191469ad860SColin Percivaldevice		xenpci			# Xen HVM Hypervisor services driver
192469ad860SColin Percivaldevice		xentimer		# Xen x86 PV timer device
193*bfd2ce2aSStephen J. Kiernan
194*bfd2ce2aSStephen J. Kiernan# EFI devices
195*bfd2ce2aSStephen J. Kiernandevice		efidev			# EFI pseudo-device
196*bfd2ce2aSStephen J. Kiernandevice		efirtc			# EFI RTC
197