xref: /xnu-8019.80.24/config/MASTER (revision a325d9c4a84054e40bbe985afedcb50ab80993ea) 
1#
2# Mach Operating System
3# Copyright (c) 1986 Carnegie-Mellon University
4# Copyright 2001-2018 Apple Inc.
5#
6# All rights reserved.  The CMU software License Agreement
7# specifies the terms and conditions for use and redistribution.
8#
9#######################################################################
10#
11#	Master machine independent configuration file.
12#
13#	Specific configuration files are created based on this and
14#	the machine specific master file using the doconf script.
15#
16#	Any changes to the master configuration files will affect all
17#	other configuration files based upon it.
18#
19#######################################################################
20#
21#	To build a configuration, execute "doconf <configuration>."
22#	Configurations are specified in the "Configurations:" section
23#	of the MASTER and MASTER.* files as follows:
24#
25#	<configuration> = [ <attribute0> <attribute1> ... <attributeN> ]
26#
27#	Lines in the MASTER and MASTER.* files are selected based on
28#	the attribute selector list, found in a comment at the end of
29#	the line.  This is a list of attributes separated by commas.
30#	The "!" operator selects the line if none of the attributes are
31#	specified.
32#
33#	For example:
34#
35#	<foo,bar>	selects a line if "foo" or "bar" are specified.
36#	<!foo,bar>	selects a line if neither "foo" nor "bar" is
37#			specified.
38#
39#	Lines with no attributes specified are selected for all
40#	configurations.
41#
42#######################################################################
43#
44#  SYSTEM SIZE CONFIGURATION (select exactly one)
45#
46#	xlarge = extra large scale system configuration
47#	large  = large scale system configuration
48#	medium = medium scale system configuration
49#	small  = small scale system configuration
50#	xsmall = extra small scale system configuration
51#	bsmall = special extra small scale system configuration
52#
53#######################################################################
54#
55
56options		INET		#				# <inet>
57options		HW_AST		# Hardware ast support		# <hw_ast>
58options 	HW_FOOTPRINT	# Cache footprint support	# <hw_foot>
59
60options 	MACH		# Standard Mach features	# <mach>
61options		MACH_COMPAT	# Vendor syscall compatibility  # <mach>
62options		MACH_FASTLINK	# Fast symbolic links
63options		MACH_HOST	# Mach host (resource alloc.)	# <host>
64options		MACH_IPC_COMPAT	# Enable old IPC interface	# <ipc_compat>
65options		MACH_IPC_TEST	# Testing code/printfs		# <ipc_test>
66options		MACH_FLIPC	# Fast-Local IPC		# <mach_flipc>
67options 	MACH_NP		# Mach IPC support		# <np>
68options		MACH_NBC	# No buffer cache		# <nbc>
69options		MACH_NET	# Fast network access		# <mach_net>
70options		MACH_XP		# external pager support	# <xp>
71options		NO_DIRECT_RPC	# for untyped mig servers	#
72options		LOOP		# loopback support		# <loop>
73options		VLAN		#				# <vlan>
74options		SIXLOWPAN	# 6LoWPAN support		# <sixlowpan>
75options		BOND		#				# <bond>
76options		IF_FAKE		#				# <if_fake>
77options		IF_HEADLESS	#				# <if_headless>
78options		AH_ALL_CRYPTO	# AH all crypto algs		# <ah_all_crypto>
79options		PF		# Packet Filter			# <pf>
80options		PF_ECN		# PF use ECN marking		# <pf_ecn>
81options		PFLOG		# PF log interface		# <pflog>
82options		MEASURE_BW	# interface bandwidth measurement # <measure_bw>
83options		DUMMYNET	# dummynet support		# <dummynet>
84options		TRAFFIC_MGT	# traffic management support		# <traffic_mgt>
85options		MULTICAST	# Internet Protocol Class-D	$
86options		TCPDEBUG	# TCP debug			# <tcpdebug>
87options		ICMP_BANDLIM	# ICMP bandwidth limiting sysctl
88options		IFNET_INPUT_SANITY_CHK	# allow dlil/ifnet input sanity check # <ifnet_input_chk>
89options		MULTIPATH	# Multipath domain		# <multipath>
90options		MPTCP		# Multipath TCP			# <mptcp>
91options		SYSV_SEM	# SVID semaphores		# <sysv_sem>
92options		SYSV_MSG	# SVID messages			# <sysv_msg>
93options		SYSV_SHM	# SVID shared mem		# <sysv_shm>
94options		PSYNCH		# pthread synch			# <psynch>
95options		FLOW_DIVERT								# <flow_divert>
96options		NECP									# <necp>
97options		CONTENT_FILTER	#						# <content_filter>
98options 	PACKET_MANGLER	#						# <packet_mangler>
99options		SKYWALK		#		# <skywalk>
100options		CONFIG_NEXUS_USER_PIPE	#	# <config_nexus_user_pipe>
101options		CONFIG_NEXUS_KERNEL_PIPE #	# <config_nexus_kernel_pipe>
102options		CONFIG_NEXUS_MONITOR	#	# <config_nexus_monitor>
103options		CONFIG_NEXUS_FLOWSWITCH	#	# <config_nexus_flowswitch>
104options		CONFIG_NEXUS_NETIF	#	# <config_nexus_netif>
105# secure_kernel - secure kernel from user programs
106options     SECURE_KERNEL       # <secure_kernel>
107
108options     OLD_SEMWAIT_SIGNAL  # old semwait_signal handler
109
110#
111#	4.4 general kernel
112#
113options		SOCKETS		# socket support		# <inet>
114options 	DIAGNOSTIC	# diagnostics			# <diagnostic>
115options		PROFILE		# kernel profiling		# <profile>
116options		SENDFILE	# sendfile					# <sendfile>
117options		NETWORKING	# networking layer		# <inet>
118options		CONFIG_FSE	# file system events		# <config_fse>
119options		CONFIG_IMAGEBOOT	# local image boot	# <config_imageboot>
120options		CONFIG_MBUF_JUMBO	# jumbo cluster pool	# <config_mbuf_jumbo>
121options		CONFIG_IMAGEBOOT_IMG4	# authenticate image with AppleImage4	# <config_imageboot_img4>
122options		CONFIG_IMAGEBOOT_CHUNKLIST	# authenticate image with a chunk list	# <config_imageboot_chunklist>
123
124options		CONFIG_WORKQUEUE	# <config_workqueue>
125options		CONFIG_WORKLOOP_DEBUG	# <config_workloop_debug>
126
127#
128#	4.4 filesystems
129#
130options		MOCKFS		# Boot from an executable	# <mockfs>
131options		FIFO		# fifo support			# <fifo>
132options		FDESC		# fdesc_fs support		# <fdesc>
133options		DEVFS		# devfs support			# <devfs>
134options		ROUTEFS		# routefs support		# <routefs>
135options		NULLFS		# nullfs support 		# <nullfs>
136options		BINDFS		# bindfs support 		# <bindfs>
137options		FS_COMPRESSION	# fs compression	    # <fs_compression>
138options		CONFIG_DEV_KMEM	    # /dev/kmem device for reading KVA	# <config_dev_kmem>
139
140#
141#	file system features
142#
143options		QUOTA		# file system quotas		# <quota>
144options		NAMEDSTREAMS	# named stream vnop support	# <namedstreams>
145options		CONFIG_APPLEDOUBLE # apple double support	# <config_appledouble>
146options		CONFIG_VOLFS	# volfs path support (legacy)	# <config_volfs>
147options		CONFIG_IMGSRC_ACCESS # source of imageboot dmg	# <config_imgsrc_access>
148options		CONFIG_TRIGGERS	# trigger vnodes		# <config_triggers>
149options		CONFIG_EXT_RESOLVER # e.g. memberd		# <config_ext_resolver>
150options		CONFIG_SEARCHFS	# searchfs syscall support	# <config_searchfs>
151options		CONFIG_MNT_SUID # allow suid binaries  # <config_mnt_suid>
152options		CONFIG_MNT_ROOTSNAP # allow rooting from snapshot # <config_mnt_rootsnap>
153options 	CONFIG_ROSV_STARTUP # allow read-only system volume startup # <config_rosv_startup>
154options		CONFIG_FIRMLINKS # support "firmlinks" # <config_firmlinks>
155options 	CONFIG_MOUNT_VM # mount VM volume on startup # <config_mount_vm>
156options 	CONFIG_MOUNT_PREBOOTRECOVERY # mount Preboot and/or Recovery volume on startup # <config_mount_prebootrecovery>
157options		CONFIG_DATALESS_FILES # support dataless file materialization # <config_dataless_files>
158options         CONFIG_BASESYSTEMROOT # mount BaseSystem as initial root filesystem on some kinds of startup # <config_basesystemroot>
159options         CONFIG_UNION_MOUNTS # support union mounts # <config_union_mounts>
160
161#
162# VFS debugging
163#
164options		CONFIG_IOCOUNT_TRACE	# enable vnode's iocount tracing # <config_iocount_trace>
165
166# NFS support
167#
168options		NFSCLIENT	# Be an NFS client		# <nfsclient>
169options		NFSSERVER	# Be an NFS server		# <nfsserver>
170options		CONFIG_NFS_GSS	# Support NFS GSSAPI		# <config_nfs_gss>
171options		CONFIG_NFS4	# Use NFSv4			# <config_nfs4>
172options		CONFIG_NETBOOT	# network booting (requires NFSCLIENT) # <config_netboot>
173
174#
175# Machine Independent Apple Features
176#
177profile				# build a profiling kernel	# <profile>
178
179#
180# IPv6 Support
181#
182options         IPSEC           # IP security            	# <ipsec>
183options         IPSEC_ESP       # IP security            	# <ipsec>
184
185pseudo-device   gif     1				# <gif>
186pseudo-device   dummy   2				# <dummy>
187pseudo-device   stf 	1 				# <stf>
188
189options			CRYPTO				# <ipsec,crypto>
190options			CRYPTO_SHA2			# <crypto_sha2>
191options			ENCRYPTED_SWAP			# <encrypted_swap>
192
193options			CONFIG_IMG4			# <config_img4>
194
195options		ZLIB	# inflate/deflate support	# <zlib>
196options		ZLIBC	# inflate/deflate support	# <zlibc>
197
198options		IF_BRIDGE				# <if_bridge>
199
200#
201#  configurable kernel event related resources
202#
203options   CONFIG_KN_HASHSIZE=64		# <medium,large,xlarge>
204options   CONFIG_KN_HASHSIZE=48		# <small,xsmall>
205options   CONFIG_KN_HASHSIZE=20		# <bsmall>
206
207#
208#  configurable vfs related resources
209#  CONFIG_VNODES - used to pre allocate vnode related resources
210#  CONFIG_NC_HASH - name cache hash table allocation
211#  CONFIG_VFS_NAMES - name strings
212#
213#  263168 magic number for medium CONFIG_VNODES is based on memory
214#  Number vnodes  is (memsize/64k) + 1024
215#  This is the calculation that is used by launchd in tiger
216#  we are clipping the max based on 16G
217#  ie ((16*1024*1024*1024)/(64 *1024)) + 1024 = 263168;
218
219options   CONFIG_VNODES=263168		# <large,xlarge>
220options   CONFIG_VNODES=263168		# <medium>
221options   CONFIG_VNODES=10240		# <small>
222options   CONFIG_VNODES=750		# <bsmall>
223
224options   CONFIG_NC_HASH=5120		# <large,xlarge>
225options   CONFIG_NC_HASH=4096		# <medium>
226options   CONFIG_NC_HASH=2048		# <small,xsmall>
227options   CONFIG_NC_HASH=1024		# <bsmall>
228
229options   CONFIG_VFS_NAMES=5120		# <large,xlarge>
230options   CONFIG_VFS_NAMES=4096		# <medium>
231options   CONFIG_VFS_NAMES=3072		# <small,xsmall>
232options   CONFIG_VFS_NAMES=2048		# <bsmall>
233
234options   CONFIG_MAX_CLUSTERS=8		# <xlarge,large,medium>
235options   CONFIG_MAX_CLUSTERS=4		# <small,xsmall,bsmall>
236
237#
238#  configurable options for minumum number of buffers for kernel memory
239#
240options   CONFIG_MIN_NBUF=256		# <medium,large,xlarge>
241options   CONFIG_MIN_NBUF=128		# <small>
242options   CONFIG_MIN_NBUF=80		# <xsmall>
243options   CONFIG_MIN_NBUF=64		# <bsmall>
244
245options   CONFIG_MIN_NIOBUF=128		# <medium,large,xlarge>
246options   CONFIG_MIN_NIOBUF=64		# <xsmall,small>
247options   CONFIG_MIN_NIOBUF=32		# <bsmall>
248
249#
250# set maximum space used for packet buffers
251#
252options        CONFIG_NMBCLUSTERS="((1024 * 1024) / MCLBYTES)"	# <large,xlarge>
253options        CONFIG_NMBCLUSTERS="((1024 * 512) / MCLBYTES)"	# <medium>
254options        CONFIG_NMBCLUSTERS="((1024 * 256) / MCLBYTES)"	# <bsmall,xsmall,small>
255
256#
257# Configure size of TCP hash table
258#
259options CONFIG_TCBHASHSIZE=4096		# <medium,large,xlarge>
260options CONFIG_TCBHASHSIZE=128		# <xsmall,small,bsmall>
261
262#
263# Configure bandwidth limiting sysctl
264#
265options CONFIG_ICMP_BANDLIM=250		# <medium,large,xlarge>
266options CONFIG_ICMP_BANDLIM=50		# <xsmall,small,bsmall>
267
268#
269#  configurable async IO options
270#  CONFIG_AIO_MAX - system wide limit of async IO requests.
271#  CONFIG_AIO_PROCESS_MAX - process limit of async IO requests.
272#  CONFIG_AIO_THREAD_COUNT - number of async IO worker threads created.
273#
274options   CONFIG_AIO_MAX=360			# <xlarge>
275options   CONFIG_AIO_MAX=180			# <large>
276options   CONFIG_AIO_MAX=90			# <medium>
277options   CONFIG_AIO_MAX=45			# <small>
278options   CONFIG_AIO_MAX=20			# <xsmall>
279options   CONFIG_AIO_MAX=10			# <bsmall>
280
281options   CONFIG_AIO_PROCESS_MAX=64		# <xlarge>
282options   CONFIG_AIO_PROCESS_MAX=32		# <large>
283options   CONFIG_AIO_PROCESS_MAX=16		# <medium>
284options   CONFIG_AIO_PROCESS_MAX=12		# <small>
285options   CONFIG_AIO_PROCESS_MAX=8		# <xsmall>
286options   CONFIG_AIO_PROCESS_MAX=4		# <bsmall>
287
288options   CONFIG_AIO_THREAD_COUNT=16		# <xlarge>
289options   CONFIG_AIO_THREAD_COUNT=8		# <large>
290options   CONFIG_AIO_THREAD_COUNT=4		# <medium>
291options   CONFIG_AIO_THREAD_COUNT=3		# <small>
292options   CONFIG_AIO_THREAD_COUNT=2		# <xsmall,bsmall>
293
294options   CONFIG_MAXVIFS=32			# <medium,large,xlarge>
295options   CONFIG_MAXVIFS=16			# <small,xsmall>
296options   CONFIG_MAXVIFS=2			# <bsmall>
297
298options   CONFIG_MFCTBLSIZ=256			# <medium,large,xlarge>
299options   CONFIG_MFCTBLSIZ=128			# <small,xsmall>
300options   CONFIG_MFCTBLSIZ=16			# <bsmall>
301
302#
303# configurable kernel message buffer size
304#
305options   CONFIG_MSG_BSIZE_REL=16384		# <msgb_small>
306options   CONFIG_MSG_BSIZE_DEV=131072		# <msgb_small>
307options   CONFIG_MSG_BSIZE_REL=131072		# <msgb_large>
308options   CONFIG_MSG_BSIZE_DEV=131072		# <msgb_large>
309options   CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_REL	# <!development,debug>
310options   CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_DEV	# <development,debug>
311
312#
313# maximum size of the per-process Mach IPC table
314#
315options   CONFIG_IPC_TABLE_ENTRIES_STEPS=64  	# 137898 entries	# <bsmall,small,xsmall>
316options   CONFIG_IPC_TABLE_ENTRIES_STEPS=256 	# 300714 entries	# <medium,large,xlarge>
317
318#
319# maximum copyout size for IPC debugging tools
320#
321options CONFIG_IPC_KERNEL_MAP_SIZE=16	# 16M	# <bsmall,small,xsmall>
322options CONFIG_IPC_KERNEL_MAP_SIZE=64	# 64M	# <medium,large,xlarge>
323
324#
325#  configurable kernel - use these options to strip strings from panic
326#  and printf calls.
327#  no_printf_str - saves around 45K of kernel footprint.
328#
329options   CONFIG_NO_PRINTF_STRINGS		# <no_printf_str>
330options   CONFIG_NO_KPRINTF_STRINGS		# <no_kprintf_str>
331
332# support vsprintf (deprecated in favor of vsnprintf)
333options   CONFIG_VSPRINTF               # <vsprintf>
334
335#
336# configurable kernel - general switch to say we are building for an
337# embedded device
338#
339options   CONFIG_EMBEDDED			# <config_embedded>
340
341options   CONFIG_ARROW              # <config_arrow>
342
343
344options   NOS_ARM_ASM			# <nos_arm_asm>
345options   NOS_ARM_PMAP			# <nos_arm_pmap>
346
347# support dynamic signing of code
348#
349options		CONFIG_DYNAMIC_CODE_SIGNING	# <dynamic_codesigning>
350
351# enforce library validation on all processes.
352#
353options		CONFIG_ENFORCE_LIBRARY_VALIDATION  # <config_library_validation>
354
355# support loading a second static trust cache
356#
357options CONFIG_SECOND_STATIC_TRUST_CACHE # <second_static_trust_cache>
358
359# support supplemental signatures
360#
361options CONFIG_SUPPLEMENTAL_SIGNATURES # <config_supplemental_signatures>
362
363#
364# code decryption... used on embedded for app protection, DSMOS on desktop
365#
366options		CONFIG_CODE_DECRYPTION		# <config_code_decryption>
367
368#
369# User Content Protection, used on embedded
370#
371options		CONFIG_PROTECT			# <config_protect>
372
373#allow write-protection of key page
374options		CONFIG_KEYPAGE_WP		# <config_keypage_wp>
375
376#
377# allow vm_pageout_scan to dynamically adjust its priority based on priorities of waiters
378#
379options		CONFIG_VPS_DYNAMIC_PRIO		# <vps_dynamic_prio>
380
381#
382# enable per-process memory priority tracking
383#
384options		CONFIG_MEMORYSTATUS		# <memorystatus>
385
386#
387# enable jetsam - used on embedded
388#
389options		CONFIG_JETSAM			# <jetsam>
390
391#
392# enable new link table implementation stats/debugging
393# (adds mesaureable overhead)
394#
395options		CONFIG_LTABLE_STATS			# <config_ltable_stats>
396options		CONFIG_LTABLE_DEBUG			# <config_ltable_debug>
397
398#
399# enable new wait queue implementation stats / debugging
400#
401options		CONFIG_WAITQ_STATS			# <config_waitq_stats>
402options		CONFIG_WAITQ_DEBUG			# <config_waitq_debug>
403options		CONFIG_WAITQ_IRQSAFE_ALLOW_INVALID	# <config_waitq_irqsafe_allow_invalid>
404
405#
406# enable freezing of suspended processes - used on embedded
407#
408options		CONFIG_FREEZE			# <freeze>
409
410options		CHECK_CS_VALIDATION_BITMAP	# <config_cs_validation_bitmap>
411
412#
413# enable physical writes accounting
414#
415options		CONFIG_PHYS_WRITE_ACCT		# <phys_write_acct>
416
417#
418# enable detectiion of file cache thrashing - used on platforms with
419# dynamic VM compression enabled
420#
421options		CONFIG_PHANTOM_CACHE		# <phantom_cache>
422
423#
424# memory pressure event support
425#
426options		VM_PRESSURE_EVENTS		# <vm_pressure_events>
427
428options		CONFIG_SECLUDED_MEMORY		# <config_secluded_memory>
429
430options		CONFIG_BACKGROUND_QUEUE		# <config_background_queue>
431
432#
433# Ledger features
434#
435options		CONFIG_LEDGER_INTERVAL_MAX	# <config_ledger_interval_max>
436
437#
438# I/O Scheduling
439#
440options		CONFIG_IOSCHED			# <config_iosched>
441
442#
443# Accounting for I/O usage
444#
445options 	CONFIG_IO_ACCOUNTING 		# <config_io_accounting>
446
447#
448# Enable inheritance of importance through specially marked mach ports and for file locks
449# For now debug is enabled wherever inheritance is
450#
451options		IMPORTANCE_INHERITANCE		# <importance_inheritance>
452options		IMPORTANCE_TRACE		# <importance_trace>
453options		IMPORTANCE_DEBUG		# <importance_debug>
454
455options		CONFIG_TELEMETRY		# <config_telemetry>
456
457options		CONFIG_PROC_UUID_POLICY		# <config_proc_uuid_policy>
458
459#
460# ECC data logging
461#
462options		CONFIG_ECC_LOGGING		# <config_ecc_logging>
463
464#
465# Application core dumps
466#
467options		CONFIG_COREDUMP			# <config_coredump>
468
469#
470# Vnode guards
471#
472options		CONFIG_VNGUARD			# <config_vnguard>
473
474#
475#  Ethernet (ARP)
476#
477pseudo-device	ether				# <networking,inet>
478#
479#  Network loopback device
480#
481pseudo-device	loop				# <networking,inet>
482#
483#  UCB pseudo terminal service
484#
485pseudo-device  pty     512 init pty_init       # <xlarge>
486pseudo-device  pty     256 init pty_init       # <large>
487pseudo-device  pty     128 init pty_init       # <medium>
488pseudo-device  pty      48 init pty_init       # <small>
489pseudo-device  pty      16 init pty_init       # <xsmall>
490pseudo-device  pty       8 init pty_init       # <bsmall>
491#
492# Cloning pseudo terminal service
493#
494pseudo-device	ptmx	1 init ptmx_init
495
496#
497# vnode device
498#
499pseudo-device  vndevice		4       init    vndevice_init   # <development,debug>
500
501#
502# memory device
503pseudo-device	mdevdevice	1	init	mdevinit
504
505#
506#
507# packet filter device
508#
509pseudo-device	bpfilter	4	init	bpf_init		# <networking,inet>
510
511#
512# fsevents device
513pseudo-device	fsevents	1	init	fsevents_init	# <config_fse>
514
515pseudo-device	random		1	init	random_init
516pseudo-device	dtrace		1	init	dtrace_init	# <config_dtrace>
517pseudo-device	helper		1	init	helper_init	# <config_dtrace>
518pseudo-device	lockstat	1	init	lockstat_init	# <config_dtrace>
519pseudo-device	lockprof	1	init	lockprof_init	# <config_dtrace>
520pseudo-device	sdt		1	init	sdt_init	# <config_dtrace>
521pseudo-device	systrace	1	init	systrace_init	# <config_dtrace>
522pseudo-device	fbt		1	init	fbt_init	# <config_dtrace>
523pseudo-device	profile_prvd	1	init	profile_init	# <config_dtrace>
524
525
526pseudo-device perfmon 1 init perfmon_dev_init # <config_perfmon>
527
528#
529# IOKit configuration options
530#
531
532options		HIBERNATION	# system hibernation	# <hibernation>
533options		IOKITCPP	# C++ implementation	# <iokitcpp>
534options		IOKITSTATS	# IOKit statistics	# <iokitstats>
535options		IOTRACKING	# IOKit tracking	# <iotracking>
536options		CONFIG_SLEEP	#			# <config_sleep>
537options		CONFIG_MAX_THREADS=500	# IOConfigThread threads
538options         NO_KEXTD                		# <no_kextd>
539options         NO_KERNEL_HID           		# <no_kernel_hid>
540
541#
542# Libkern configuration options
543#
544
545options		LIBKERNCPP		# C++ implementation	# <libkerncpp>
546options		CONFIG_BLOCKS		# Blocks runtime	# <config_blocks>
547options		CONFIG_KXLD		# kxld/runtime linking of kexts # <config_kxld>
548options		CONFIG_KEC_FIPS		# Kernel External Components for FIPS compliance (KEC_FIPS) # <config_kec_fips>
549
550# Note that when adding this config option to an architecture, one MUST
551# add the architecture to the preprocessor test at the beginning of
552# libkern/kmod/cplus_{start.c,stop.c}.
553options         CONFIG_STATIC_CPPINIT   # Static library initializes kext cpp runtime # <config_static_cppinit>
554
555#
556# libsa configuration options
557#
558
559# CONFIG_KEXT_BASEMENT - alloc post boot loaded kexts after prelinked kexts
560#
561options		CONFIG_KEXT_BASEMENT		#	# <config_kext_basement>
562
563#
564# Persona Management
565#
566options		CONFIG_PERSONAS	    # Persona management    # <config_personas>
567options		PERSONA_DEBUG	    # Persona debugging     # <persona_debug>
568
569#
570# security configuration options
571#
572
573options		CONFIG_MACF	# Mandatory Access Control Framework	# <config_macf>
574options		CONFIG_MACF_SOCKET_SUBSET	# MAC socket subest (no labels)	# <config_macf>
575#options	CONFIG_MACF_DEBUG   # debug	    	    # <config_macf>
576
577options		CONFIG_AUDIT	    # Kernel auditing	    # <config_audit>
578
579options		CONFIG_ARCADE		# Arcade validation support	# <config_arcade>
580
581options		CONFIG_SETUID		# setuid/setgid support # <config_setuid>
582
583options		CONFIG_SECURE_BSD_ROOT	# secure BSD root	# <config_secure_bsd_root>
584
585options		CONFIG_KAS_INFO		# kas_info support	# <config_kas_info>
586
587options		CONFIG_PROC_RESOURCE_LIMITS	# Per process limits for resources like file descriptors and mach ports  # <config_proc_resource_limits>
588
589#
590# MACH configuration options.
591#
592
593#
594# This defines configuration options that are normally used only during
595# kernel code development and debugging. They add run-time error checks or
596# statistics gathering, which will slow down the system
597#
598##########################################################
599#
600# MACH_ASSERT controls the assert() and ASSERT() macros, used to verify the
601#	consistency of various algorithms in the kernel. The performance impact
602#	of this option is significant.
603#
604options		MACH_ASSERT	#		# <mach_assert>
605#
606# MACH_DEBUG enables the mach_debug_server, a message interface used to
607#	retrieve or control various statistics. This interface may expose data
608#	structures that would not normally be allowed outside the kernel, and
609#	MUST NOT be enabled on a released configuration.
610#	Other options here enable information retrieval for specific subsystems
611#
612options		MACH_DEBUG	# IPC debugging interface	# <mdebug>
613options		MACH_IPC_DEBUG	# Enable IPC debugging calls	# <ipc_debug>
614options		MACH_LOCKFREE_SPACE	# Enable lockfree IPC space # <ipc_lockfree_space>
615options		MACH_VM_DEBUG	#				# <debug>
616#
617# MACH_MP_DEBUG control the possible dead locks that may occur by controlling
618#	that IPL level has been raised down to SPL0 after some calls to
619#	hardclock device driver.
620#
621options		MACH_MP_DEBUG	#				# <debug>
622options		CONFIG_ZLEAKS	# Live zone leak debugging	# <zleaks>
623
624#
625# CONFIG_TASK_ZONE_INFO allows per-task zone information to be extracted
626# Primarily useful for xnu debug and development.
627#
628options		CONFIG_TASK_ZONE_INFO		# <task_zone_info>
629#
630# CONFIG_DEBUGGER_FOR_ZONE_INFO restricts zone info so that it is only
631# available when the kernel is being debugged.
632#
633options		CONFIG_DEBUGGER_FOR_ZONE_INFO	# <debugger_for_zone_info>
634#
635# MACH_LDEBUG controls the internal consistency checks and
636#	data gathering in the locking package. This also enables a debug-only
637#	version of simple-locks on uniprocessor machines. The code size and
638#	performance impact of this option is significant.
639#
640options		MACH_LDEBUG	#		# <debug>
641
642#
643# configuration option for full, partial, or no kernel debug event tracing
644#
645options		KDEBUG			# kernel tracing	# <kdebug>
646options		IST_KDEBUG		# limited tracing	# <ist_kdebug>
647options		NO_KDEBUG       	# no kernel tracing 	# <no_kdebug>
648
649#
650# CONFIG_DTRACE enables code needed to support DTrace. Currently this is
651# only used for delivery of traps/interrupts to DTrace.
652#
653options		CONFIG_DTRACE		#		    # <config_dtrace>
654
655options		LOCK_STATS		#		    # <lock_stats>
656
657# kernel performance tracing
658options     KPERF                  # <kperf>
659options     KPC                    # <kpc>
660
661
662#
663# CONFIG_PERFMON enables code to interface with performance monitoring hardware,
664# which count hardware events like cache misses and branch mispredicts.
665#
666options     CONFIG_PERFMON         # <config_perfmon>
667
668options     PGO                    # <pgo>
669
670# DEVELOPMENT define for development builds
671options		DEVELOPMENT	# dev kernel	    	    # <development>
672
673# DEBUG kernel
674options		DEBUG		# general debugging code    # <debug>
675options		CONFIG_NONFATAL_ASSERTS	# non fatal asserts	# <softasserts>
676
677##########################################################
678#
679# This defines configuration options that are normally used only during
680# kernel code development and performance characterization. They add run-time
681# statistics gathering, which will slow down the system,
682#
683##########################################################
684#
685# MACH_IPC_STATS controls the collection of statistics in the MACH IPC
686#	subsystem.
687#
688#options	MACH_IPC_STATS
689#
690# MACH_CLUSTER_STATS controls the collection of various statistics concerning
691#	the effectiveness and behavior of the clustered pageout and pagein
692#	code.
693#
694#options	MACH_CLUSTER_STATS
695
696options		MACH_BSD	# BSD subsystem on top of Mach	# <mach_bsd>
697options         IOKIT		#				# <iokit>
698
699#
700#  configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in
701#  sync with bsd/conf/MASTER until we fix the config system... todo XXX
702#
703options   CONFIG_THREAD_MAX=2560		# <medium,large,xlarge>
704options   CONFIG_THREAD_MAX=1536		# <small,xsmall>
705options   CONFIG_THREAD_MAX=1024		# <bsmall>
706
707options   CONFIG_TASK_MAX=1024			# <medium,large,xlarge>
708options   CONFIG_TASK_MAX=768			# <small,>
709options   CONFIG_TASK_MAX=512			# <xsmall,bsmall>
710
711#
712# Minimum zone map size: 115 MB
713#
714options   CONFIG_ZONE_MAP_MIN=120586240	# <xsmall,bsmall,small,medium,large,xlarge>
715
716# Sizes must be a power of two for the zhash to
717# be able to just mask off bits instead of mod
718options	  CONFIG_ZLEAK_ALLOCATION_MAP_NUM=16384 #<medium,large,xlarge>
719options	  CONFIG_ZLEAK_ALLOCATION_MAP_NUM=8192	#<small,xsmall,bsmall>
720options   CONFIG_ZLEAK_TRACE_MAP_NUM=8192 #<medium,large,xlarge>
721options   CONFIG_ZLEAK_TRACE_MAP_NUM=4096 #<small,xsmall,bsmall>
722
723# vc_progress_white - make the progress gear white instead of black
724options	  CONFIG_VC_PROGRESS_WHITE		# <vc_progress_white>
725
726#
727# Timeshare scheduler implementations
728#
729options		CONFIG_SCHED_TRADITIONAL	# <config_sched_traditional>
730options		CONFIG_SCHED_PROTO		# <config_sched_proto>
731options		CONFIG_SCHED_GRRR		# <config_sched_grrr>
732options		CONFIG_SCHED_GRRR_CORE		# <config_sched_grrr>
733options		CONFIG_SCHED_MULTIQ		# <config_sched_multiq>
734options		CONFIG_SCHED_TIMESHARE_CORE	# <config_sched_traditional,config_sched_multiq>
735options		CONFIG_CLUTCH			# <config_clutch>
736options 	CONFIG_SCHED_AUTO_JOIN		# <config_sched_auto_join>
737
738options		CONFIG_SCHED_IDLE_IN_PLACE	# <config_sched_idle_in_place>
739options		CONFIG_SCHED_SFI		# <config_sched_sfi>
740options		CONFIG_GZALLOC			# <config_gzalloc>
741options		CONFIG_SCHED_DEFERRED_AST	# <config_sched_deferred_ast>
742
743options		CONFIG_PREADOPT_TG			# <config_preadopt_tg>
744options		CONFIG_PREADOPT_TG_DEBUG	# <config_preadopt_tg_debug>
745
746# Enable allocation of contiguous physical memory through vm_map_enter_cpm()
747options		VM_CPM				# <vm_cpm>
748
749options	    CONFIG_SKIP_PRECISE_USER_KERNEL_TIME    # <config_skip_precise_user_kernel_time>
750
751#
752# Switch to disable cpu, wakeup and high memory watermark monitors
753#
754options 	CONFIG_NOMONITORS			# <config_nomonitors>
755
756options		MACH_KDP	    # KDP		# <mach_kdp>
757options		CONFIG_SERIAL_KDP   # KDP over serial	# <config_serial_kdp>
758options		CONFIG_KDP_INTERACTIVE_DEBUGGING	# <kdp_interactive_debugging>
759options		CONFIG_KDP_COREDUMP_ENCRYPTION	# Support for encrypting kernel coredumps	# <config_kdp_coredump_encryption>
760
761options 	CONFIG_TASKWATCH
762options 	CONFIG_USER_NOTIFICATION		# <config_user_notification>
763#
764# Kernel Power On Self Tests
765#
766options		CONFIG_XNUPOST				# <config_xnupost>
767
768#
769# Kernel proc reference instrumentation
770#
771options PROC_REF_DEBUG					# <proc_ref_debug>
772
773#
774# Kernel Voucher Attr Manager for Activity Trace
775#
776options 	CONFIG_ATM				# <config_atm>
777
778# Group related tasks together into coalitions
779options		CONFIG_COALITIONS			# <config_coalitions>
780
781# Enable support for sysdiagnose notifications
782options		CONFIG_SYSDIAGNOSE			# <config_sysdiagnose>
783
784# Configurable Security Restrictions
785options		CONFIG_CSR				# <config_csr>
786options		CONFIG_CSR_FROM_DT		# <config_csr_from_dt>
787
788# Enable collection of IO Compression statistics
789options		CONFIG_IO_COMPRESSION_STATS		# <config_io_compression_stats>
790
791#
792# Console options
793#
794options		SERIAL_CONSOLE	# bi-directional serial over UART
795options		VIDEO_CONSOLE	# uni-directional output over framebuffer
796
797#
798# Syscall options
799#
800options		CONFIG_REQUIRES_U32_MUNGING	# incoming U32 argument structures must be munged to match U64	# <config_requires_u32_munging>
801
802#
803# copyout() instrumentation
804#
805options		COPYOUT_SHIM			# Shim for copyout memory analysis via kext #<copyout_shim>
806
807#
808# Enable hardware correlation of mach absolute time
809# across intel/arm boundary
810options		CONFIG_MACH_BRIDGE_SEND_TIME #  # <config_mach_bridge_send_time>
811options		CONFIG_MACH_BRIDGE_RECV_TIME #  # <config_mach_bridge_recv_time>
812
813#
814# Telemetry for 32-bit process launch
815#
816options		CONFIG_32BIT_TELEMETRY # # <config_32bit_telemetry>
817
818options		CONFIG_QUIESCE_COUNTER # Support for _COMM_PAGE_CPU_QUIESCENT_COUNTER # <config_quiesce_counter>
819options		CONFIG_ARM_PFZ	# Support for PFZ on ARM # <config_arm_pfz>
820
821#
822# Sanitizers
823#
824options		CONFIG_KASAN		# <config_kasan>
825options		CONFIG_UBSAN		# <config_ubsan>
826
827options		CONFIG_KCOV			# <config_kcov>
828options		CONFIG_KSANCOV		# <config_ksancov>
829options		CONFIG_STKSZ		# <config_stksz>
830
831# dark boot support
832options		CONFIG_DARKBOOT		# <config_darkboot>
833
834# support for processes delaying idle sleep for pending IO
835options		CONFIG_DELAY_IDLE_SLEEP # <config_delay_idle_sleep>
836
837# support for storing a 64-bit user supplied value in the proc structure
838options		CONFIG_PROC_UDATA_STORAGE # <config_proc_udata_storage>
839
840pseudo-device ksancov 1 init ksancov_init_dev # <config_ksancov>
841
842# Debug instrumentation to catch code that leaves interrupts masked
843# for an excessive period of time
844options		INTERRUPT_MASKED_DEBUG # <interrupt_masked_debug>
845
846# Statistics for disabled preemption duration and emitting trace points
847# or panicking when the duration crosses a threshold.
848options		SCHED_PREEMPTION_DISABLE_DEBUG # <sched_preemption_disable_debug>
849
850# support for system call rejection/tracing
851options		CONFIG_DEBUG_SYSCALL_REJECTION	# <config_debug_syscall_rejection>
852