xref: /freebsd/sys/amd64/conf/FIRECRACKER (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6) 
1#
2# FIRECRACKER -- kernel configuration file for Firecracker VM
3#
4# This is largely a stripped-down version of the GENERIC kernel configuration
5# file, without drivers for hardware which will never appear inside the
6# Firecracker VM environment.  It adds support for the Virtio MMIO bus,
7# which Firecracker uses for exposing devices, and legacy mptable, which
8# Firecracker uses for exposing information about CPUs (since it doesn't
9# support ACPI).
10#
11# Since Firecracker loads the kernel directly via the PVH boot protocol,
12# it bypasses the boot loader; some environment variables are hard-coded
13# here which would normally be provided via device hints or loader.conf.
14#
15# For more information about the Firecracker VM, see:
16#
17#    https://firecracker-microvm.github.io/
18
19cpu		HAMMER
20ident		FIRECRACKER
21
22makeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols
23makeoptions	WITH_CTF=1		# Run ctfconvert(1) for DTrace support
24
25options 	SCHED_ULE		# ULE scheduler
26options 	NUMA			# Non-Uniform Memory Architecture support
27options 	PREEMPTION		# Enable kernel thread preemption
28options 	VIMAGE			# Subsystem virtualization, e.g. VNET
29options 	INET			# InterNETworking
30options 	INET6			# IPv6 communications protocols
31options 	IPSEC_SUPPORT		# Allow kldload of ipsec and tcpmd5
32options 	ROUTE_MPATH		# Multipath routing support
33options 	FIB_ALGO		# Modular fib lookups
34options 	TCP_OFFLOAD		# TCP offload
35options 	TCP_BLACKBOX		# Enhanced TCP event logging
36options 	TCP_HHOOK		# hhook(9) framework for TCP
37options 	TCP_RFC7413		# TCP Fast Open
38options 	SCTP_SUPPORT		# Allow kldload of SCTP
39options 	KERN_TLS		# TLS transmit & receive offload
40options 	FFS			# Berkeley Fast Filesystem
41options 	SOFTUPDATES		# Enable FFS soft updates support
42options 	UFS_ACL			# Support for access control lists
43options 	UFS_DIRHASH		# Improve performance on big directories
44options 	UFS_GJOURNAL		# Enable gjournal-based UFS journaling
45options 	QUOTA			# Enable disk quotas for UFS
46options 	MD_ROOT			# MD is a potential root device
47options 	NFSCL			# Network Filesystem Client
48options 	NFSD			# Network Filesystem Server
49options 	NFSLOCKD		# Network Lock Manager
50options 	NFS_ROOT		# NFS usable as /, requires NFSCL
51options 	MSDOSFS			# MSDOS Filesystem
52options 	CD9660			# ISO 9660 Filesystem
53options 	PROCFS			# Process filesystem (requires PSEUDOFS)
54options 	PSEUDOFS		# Pseudo-filesystem framework
55options 	TMPFS			# Efficient memory filesystem
56options 	GEOM_RAID		# Soft RAID functionality.
57options 	GEOM_LABEL		# Provides labelization
58options 	EFIRT			# EFI Runtime Services support
59options 	COMPAT_FREEBSD32	# Compatible with i386 binaries
60options 	COMPAT_FREEBSD4		# Compatible with FreeBSD4
61options 	COMPAT_FREEBSD5		# Compatible with FreeBSD5
62options 	COMPAT_FREEBSD6		# Compatible with FreeBSD6
63options 	COMPAT_FREEBSD7		# Compatible with FreeBSD7
64options 	COMPAT_FREEBSD9		# Compatible with FreeBSD9
65options 	COMPAT_FREEBSD10	# Compatible with FreeBSD10
66options 	COMPAT_FREEBSD11	# Compatible with FreeBSD11
67options 	COMPAT_FREEBSD12	# Compatible with FreeBSD12
68options 	COMPAT_FREEBSD13	# Compatible with FreeBSD13
69options 	COMPAT_FREEBSD14	# Compatible with FreeBSD14
70options 	SCSI_DELAY=5000		# Delay (in ms) before probing SCSI
71options 	KTRACE			# ktrace(1) support
72options 	STACK			# stack(9) support
73options 	SYSVSHM			# SYSV-style shared memory
74options 	SYSVMSG			# SYSV-style message queues
75options 	SYSVSEM			# SYSV-style semaphores
76options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
77options 	PRINTF_BUFR_SIZE=128	# Prevent printf output being interspersed.
78options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
79options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
80options 	AUDIT			# Security event auditing
81options 	CAPABILITY_MODE		# Capsicum capability mode
82options 	CAPABILITIES		# Capsicum capabilities
83options 	MAC			# TrustedBSD MAC Framework
84options 	KDTRACE_FRAME		# Ensure frames are compiled in
85options 	KDTRACE_HOOKS		# Kernel DTrace hooks
86options 	DDB_CTF			# Kernel ELF linker loads CTF data
87options 	INCLUDE_CONFIG_FILE	# Include this file in kernel
88options 	RACCT			# Resource accounting framework
89options 	RACCT_DEFAULT_TO_DISABLED # Set kern.racct.enable=0 by default
90options 	RCTL			# Resource limits
91
92# Debugging support.  Always need this:
93options 	KDB			# Enable kernel debugger support.
94options 	KDB_TRACE		# Print a stack trace for a panic.
95# For full debugger support use (turn off in stable branch):
96options 	BUF_TRACKING		# Track buffer history
97options 	DDB			# Support DDB.
98options 	FULL_BUF_TRACKING	# Track more buffer history
99options 	GDB			# Support remote GDB.
100options 	DEADLKRES		# Enable the deadlock resolver
101options 	INVARIANTS		# Enable calls of extra sanity checking
102options 	INVARIANT_SUPPORT	# Extra sanity checks of internal structures, required by INVARIANTS
103options 	QUEUE_MACRO_DEBUG_TRASH	# Trash queue(2) internal pointers on invalidation
104options 	WITNESS			# Enable checks to detect deadlocks and cycles
105options 	WITNESS_SKIPSPIN	# Don't run witness on spinlocks for speed
106options 	MALLOC_DEBUG_MAXZONES=8	# Separate malloc(9) zones
107options 	VERBOSE_SYSINIT=0	# Support debug.verbose_sysinit, off by default
108
109# Kernel dump features.
110options 	EKCD			# Support for encrypted kernel dumps
111options 	GZIO			# gzip-compressed kernel and user dumps
112options 	ZSTDIO			# zstd-compressed kernel and user dumps
113options 	DEBUGNET		# debugnet networking
114options 	NETDUMP			# netdump(4) client support
115options 	NETGDB			# netgdb(4) client support
116
117# Make an SMP-capable kernel by default
118options 	SMP			# Symmetric MultiProcessor Kernel
119
120# Pseudo devices.
121device		crypto			# core crypto support
122device		aesni			# AES-NI OpenCrypto module
123device		loop			# Network loopback
124device		rdrand_rng		# Intel Bull Mountain RNG
125device		ether			# Ethernet support
126device		vlan			# 802.1Q VLAN support
127device		tuntap			# Packet tunnel.
128device		md			# Memory "disks"
129device		gif			# IPv6 and IPv4 tunneling
130device		firmware		# firmware assist module
131device		xz			# lzma decompression
132device		bpf			# Berkeley packet filter
133
134# Serial (COM) ports
135device		uart			# Generic UART driver
136
137# VirtIO support
138device		virtio			# Generic VirtIO bus (required)
139device		virtio_mmio		# VirtIO MMIO bus
140device		vtnet			# VirtIO Ethernet device
141device		virtio_blk		# VirtIO Block device
142
143# Linux KVM paravirtualization support
144device		kvm_clock		# KVM paravirtual clock driver
145
146# Netmap provides direct access to TX/RX rings on supported NICs
147device		netmap			# netmap(4) support
148
149# Firecracker exposes information via the legacy MP Table mechanism
150# rather than via ACPI (which it does not implement).
151device		mptable
152
153# Firecracker launches the FreeBSD kernel directly, via the PVH boot
154# protocol, rather than via the boot loader; as such, we need to bake
155# device hints into the kernel configuration rather than relying on
156# device.hints being loaded, and likewise have no loader.conf to place
157# other settings into.
158envvar	hint.uart.0.at="isa"
159envvar	hint.uart.0.port="0x3F8"
160envvar	hint.uart.0.flags="0x10"
161envvar	hint.uart.0.irq="0x4"
162envvar	hint.acpi.0.disabled="1"
163
164# Inside a VM, "power off" doesn't really yank the AC power, so there's
165# no need to worry about disks flushing caches before losing power.
166envvar	kern.shutdown.poweroff_delay="0"
167
168# Firecracker seems to have a bug in its UART emulation.  This works
169# around the problem.
170envvar	hw.broken_txfifo="1"
171
172# We don't have an early timecounter to calibrate the TSC against, so
173# skip that; later in the boot process we have other timecounters.
174envvar	machdep.disable_tsc_calibration="1"
175
176# Provide bug-for-bug compatibility with Linux in MP Table searching
177# and parsing.  Firecracker relies on these bugs.
178options 	MPTABLE_LINUX_BUG_COMPAT
179
180# Disable the automatic registration of a PCI bridge; we do in fact
181# not have one.
182options 	NO_LEGACY_PCIB
183
184# Bus support.
185# Note that Firecracker provides neither ACPI nor PCI; but removing these
186# devices currently (2022-07-09) prevents the kernel from building.
187device		acpi
188device		pci
189
190# Xen HVM Guest Optimizations
191# NOTE: XENHVM depends on xenpci and xentimer.
192# They must be added or removed together.
193# NOTE: These are present in FIRECRACKER because the PVH boot method
194# originates from Xen; once that code is untangled these can be removed.
195options 	XENHVM			# Xen HVM kernel infrastructure
196device		xenpci			# Xen HVM Hypervisor services driver
197device		xentimer		# Xen x86 PV timer device
198