diff --git a/common/pc/chromium.nix b/common/pc/chromium.nix index 25d2184..048265b 100644 --- a/common/pc/chromium.nix +++ b/common/pc/chromium.nix @@ -80,7 +80,6 @@ in { nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; chromium = pkgs.chromium.override { - enableWideVine = true; # ungoogled = true; # --enable-native-gpu-memory-buffers # fails on AMD APU # --enable-webrtc-vp9-support @@ -90,7 +89,7 @@ in { # todo vulkan in chrome # todo video encoding in chrome hardware.opengl = { - enable = true; + enable = de.enableAcceleration; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) diff --git a/common/pc/default.nix b/common/pc/default.nix index bf720f0..7cb141e 100644 --- a/common/pc/default.nix +++ b/common/pc/default.nix @@ -14,20 +14,25 @@ in { ./pithos.nix ./spotify.nix ./vscodium.nix - ./discord.nix - ./steam.nix + # FIXME make optional +# ./discord.nix +# ./steam.nix ./touchpad.nix ./mount-samba.nix ]; options.de = { enable = lib.mkEnableOption "enable desktop environment"; + enableAcceleration = lib.mkOption { + type = lib.types.bool; + default = true; + }; }; config = lib.mkIf cfg.enable { # vulkan - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; + hardware.opengl.driSupport = de.enableAcceleration; + hardware.opengl.driSupport32Bit = de.enableAcceleration; # Applications users.users.googlebot.packages = with pkgs; [ @@ -40,8 +45,7 @@ in { element-desktop mpv nextcloud-client - signal-desktop - minecraft +# signal-desktop # FIXME gparted libreoffice-fresh thunderbird diff --git a/common/ssh.nix b/common/ssh.nix index 4504bd1..87e04da 100644 --- a/common/ssh.nix +++ b/common/ssh.nix @@ -5,6 +5,7 @@ rec { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0VFnn3+Mh0nWeN92jov81qNE9fpzTAHYBphNoY7HUx" # reg "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHSkKiRUUmnErOKGx81nyge/9KqjkPh8BfDk0D3oP586" # nat "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeTK1iARlNIKP/DS8/ObBm9yUM/3L1Ub4XI5A2r9OzP" # ray + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKXc9PX3uTYVrgvKdztk+LBh5WMNBUzbXlAo50SCAeNw" # nat 2 ]; system = { liza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDY/pNyWedEfU7Tq9ikGbriRuF1ZWkHhegGS17L0Vcdl"; @@ -12,6 +13,7 @@ rec { ponyo-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9LQuuImgWlkjDhEEIbM1wOd+HqRv1RxvYZuLXPSdRi"; ray = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQM8hwKRgl8cZj7UVYATSLYu4LhG7I0WFJ9m2iWowiB"; s0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q"; + nat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGVgZc5Z2Oh426z7lEftcFUwCFcrZy8bvqS09Tj49GWE"; n1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWlhd1Oid5Xf2zdcBrcdrR0TlhObutwcJ8piobRTpRt"; n2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7bRiRutnI7Bmyt/I238E3Fp5DqiClIXiVibsccipOr"; n3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+rJEaRrFDGirQC2UoWQkmpzLg4qgTjGJgVqiipWiU5"; @@ -26,6 +28,7 @@ rec { liza ponyo ray + nat s0 n1 n2 @@ -37,6 +40,7 @@ rec { ]; personal = with system; [ ray + nat ]; servers = with system; [ liza diff --git a/machines/nat/configuration.nix b/machines/nat/configuration.nix index 5a9a832..2f7aa9d 100644 --- a/machines/nat/configuration.nix +++ b/machines/nat/configuration.nix @@ -1,17 +1,51 @@ -{ config, pkgs, fetchurl, lib, ... }: +{ config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix + ./m1-support ]; - efi.enable = true; - networking.hostName = "nat"; - networking.interfaces.ens160.useDHCP = true; - - services.zerotierone.enable = true; de.enable = true; de.touchpad.enable = true; + + # nixpkgs.overlays = [ + # (final: prev: { + # signal-desktop = prev.signal-desktop.overrideAttrs (old: { + # version = "5.50.1"; + # src = final.fetchurl { + # url = "https://github.com/0mniteck/Signal-Desktop-Builder/raw/2610eaded94b3c717a63fdff3cb872dbbaf16383/builds/release/signal-desktop_5.50.1_arm64.deb"; + # sha256 = "sha256-++xG3fCMvU+nwlkBwjZ0d0wfWiNDSUhyCfzTirsY2xs="; + # }; + + # #buildInputs = old.buildInputs ++ [ final.openssl_3_0 ]; + + # preFixup = '' + # gappsWrapperArgs+=( + # --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ final.stdenv.cc.cc ] }" + # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}" + # --suffix PATH : ${lib.makeBinPath [ final.xdg-utils ]} + # ) + # # Fix the desktop link + # substituteInPlace $out/share/applications/signal-desktop.desktop \ + # --replace /opt/Signal/signal-desktop $out/bin/signal-desktop + # autoPatchelf --no-recurse -- $out/lib/Signal/ + # patchelf --add-needed ${final.libpulseaudio}/lib/libpulse.so $out/lib/Signal/resources/app.asar.unpacked/node_modules/ringrtc/build/linux/libringrtc-arm64.node + # patchelf --add-needed ${final.openssl_3_0}/lib/libcrypto.so.3 $out/lib/Signal/resources/app.asar.unpacked/node_modules/ringrtc/build/linux/libringrtc-arm64.node + # ''; + + # meta.platforms = [ "aarch64-linux" ]; + # }); + # }) + # ]; + + nixpkgs.overlays = [ + (final: prev: { + jellyfin-media-player = prev.jellyfin-media-player.overrideAttrs (old: { + meta.platforms = [ "aarch64-linux" ]; + }); + }) + ]; } diff --git a/machines/nat/hardware-configuration.nix b/machines/nat/hardware-configuration.nix index 827a083..7504282 100644 --- a/machines/nat/hardware-configuration.nix +++ b/machines/nat/hardware-configuration.nix @@ -4,22 +4,61 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = [ ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "nvme" "usbhid" ]; - boot.initrd.kernelModules = [ ]; + efi.enable = true; + + # 4k kernel for m1 + boot.kernelBuildIs16K = false; + + boot.initrd.availableKernelModules = [ "usb_storage" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; + boot.initrd.luks.devices."enc-pv" = { + device = "/dev/nvme0n1p5"; + allowDiscards = true; + }; + fileSystems."/" = - { device = "/dev/disk/by-uuid/02a8c0c7-fd4e-4443-a83c-2d0b63848779"; + { device = "/dev/disk/by-uuid/f3021c34-2034-4bf0-bf3f-64d6d02c0eff"; fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/f3021c34-2034-4bf0-bf3f-64d6d02c0eff"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/f3021c34-2034-4bf0-bf3f-64d6d02c0eff"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/0C95-1290"; + { device = "/dev/disk/by-uuid/D33C-18EE"; fsType = "vfat"; }; - swapDevices = [ ]; -} \ No newline at end of file + swapDevices = + [ { device = "/dev/disk/by-uuid/98e875e4-4c34-42e9-8c71-404dfe137ba7"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0f0.useDHCP = lib.mkDefault true; + + #nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + # high-resolution display + hardware.video.hidpi.enable = lib.mkDefault true; +} diff --git a/machines/nat/m1-support/asahi-fwextract/add_entry_point.patch b/machines/nat/m1-support/asahi-fwextract/add_entry_point.patch new file mode 100644 index 0000000..b29d2fd --- /dev/null +++ b/machines/nat/m1-support/asahi-fwextract/add_entry_point.patch @@ -0,0 +1,31 @@ +diff --git a/asahi_firmware/update.py b/asahi_firmware/update.py +index 8d4c480..7d89353 100644 +--- a/asahi_firmware/update.py ++++ b/asahi_firmware/update.py +@@ -30,7 +30,7 @@ def update_firmware(source, dest, manifest): + + pkg.save_manifest(manifest) + +-if __name__ == "__main__": ++def main(): + import argparse + import logging + logging.basicConfig() +@@ -46,3 +46,7 @@ if __name__ == "__main__": + args = parser.parse_args() + + update_firmware(args.source, args.dest, args.manifest) ++ ++if __name__ == "__main__": ++ main() ++ +diff --git a/setup.py b/setup.py +index 45ada19..1b371ba 100644 +--- a/setup.py ++++ b/setup.py +@@ -9,4 +9,5 @@ setup(name='asahi_firmware', + author_email='marcan@marcan.st', + url='https://github.com/AsahiLinux/asahi-installer/', + packages=['asahi_firmware'], ++ entry_points={"console_scripts": ["asahi-fwextract = asahi_firmware.update:main"]} + ) diff --git a/machines/nat/m1-support/asahi-fwextract/default.nix b/machines/nat/m1-support/asahi-fwextract/default.nix new file mode 100755 index 0000000..58f0f6c --- /dev/null +++ b/machines/nat/m1-support/asahi-fwextract/default.nix @@ -0,0 +1,24 @@ +{ lib +, python3 +, fetchFromGitHub +, makeBinaryWrapper +}: + +python3.pkgs.buildPythonApplication rec { + pname = "asahi-fwextract"; + version = "0.4pre2"; + + # tracking version: https://github.com/AsahiLinux/PKGBUILDs/blob/main/asahi-fwextract/PKGBUILD + src = fetchFromGitHub { + owner = "AsahiLinux"; + repo = "asahi-installer"; + rev = "v${version}"; + hash = "sha256-RqvD2hNjKMlUg+oY1woUN5zpN+1Y/TrBQbokNgdeCW4="; + }; + + patches = [ + ./add_entry_point.patch + ]; + + nativeBuildInputs = [ python3.pkgs.setuptools makeBinaryWrapper ]; +} diff --git a/machines/nat/m1-support/boot-m1n1/default.nix b/machines/nat/m1-support/boot-m1n1/default.nix new file mode 100644 index 0000000..3b81662 --- /dev/null +++ b/machines/nat/m1-support/boot-m1n1/default.nix @@ -0,0 +1,56 @@ +{ config, pkgs, lib, ... }: +let + buildPkgs = if config.boot.kernelBuildIsCross then + import (pkgs.path) { + system = "x86_64-linux"; + crossSystem.system = "aarch64-linux"; + } + else pkgs; + + bootM1n1 = buildPkgs.callPackage ../m1n1 { + isRelease = true; + withTools = false; + }; + + bootUBoot = buildPkgs.callPackage ../u-boot { + m1n1 = bootM1n1; + }; + + bootFiles = { + "m1n1/boot.bin" = pkgs.runCommand "boot.bin" {} '' + cat ${bootM1n1}/build/m1n1.bin > $out + cat ${config.boot.kernelPackages.kernel}/dtbs/apple/*.dtb >> $out + cat ${bootUBoot}/u-boot-nodtb.bin.gz >> $out + if [ -n "${config.boot.m1n1ExtraOptions}" ]; then + echo '${config.boot.m1n1ExtraOptions}' >> $out + fi + ''; + }; +in { + config = { + # install m1n1 with the boot loader + boot.loader.grub.extraFiles = bootFiles; + boot.loader.systemd-boot.extraFiles = bootFiles; + + # ensure the installer has m1n1 in the image + system.extraDependencies = lib.mkForce [ bootM1n1 bootUBoot ]; + + # give the user the utilities to re-extract the firmware if necessary + environment.systemPackages = [ + (buildPkgs.callPackage ../asahi-fwextract {}) + ]; + + # system.extraDependencies = [ boot ]; + # system.extraDependencies = lib.mkForce [ boot ]; + }; + + options.boot.m1n1ExtraOptions = lib.mkOption { + type = lib.types.str; + default = ""; + description = '' + Append extra options to the m1n1 boot binary. Might be useful for fixing + display problems on Mac minis. + https://github.com/AsahiLinux/m1n1/issues/159 + ''; + }; +} diff --git a/machines/nat/m1-support/default.nix b/machines/nat/m1-support/default.nix new file mode 100644 index 0000000..3c76a38 --- /dev/null +++ b/machines/nat/m1-support/default.nix @@ -0,0 +1,8 @@ +{ config, pkgs, lib, ... }: +{ + imports = [ + ./kernel + ./firmware + ./boot-m1n1 + ]; +} diff --git a/machines/nat/m1-support/firmware/default.nix b/machines/nat/m1-support/firmware/default.nix new file mode 100644 index 0000000..217c0a8 --- /dev/null +++ b/machines/nat/m1-support/firmware/default.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: +{ + hardware.firmware = [ + (pkgs.stdenvNoCC.mkDerivation { + name = "firmware"; + buildCommand = '' + mkdir -p $out/lib/firmware + FIRMWARE=`echo ${./.}/*firmware*.tar` + if [ -e "$FIRMWARE" ]; then + tar xf "$FIRMWARE" -C $out/lib/firmware + else + # stop nixos infra from breaking when it doesn't have any firmware + touch $out/lib/firmware/.dummy + fi + ''; + }) + ]; +} diff --git a/machines/nat/m1-support/firmware/firmware.tar b/machines/nat/m1-support/firmware/firmware.tar new file mode 100755 index 0000000..c271d82 Binary files /dev/null and b/machines/nat/m1-support/firmware/firmware.tar differ diff --git a/machines/nat/m1-support/kernel/config b/machines/nat/m1-support/kernel/config new file mode 100644 index 0000000..cb02dcb --- /dev/null +++ b/machines/nat/m1-support/kernel/config @@ -0,0 +1,691 @@ +# from https://github.com/jannau/AsahiLinux-PKGBUILD/blob/main/linux-apple/config + +CONFIG_SWAP=y +CONFIG_DM_SNAPSHOT=m +CONFIG_WERROR=y +CONFIG_DEFAULT_HOSTNAME="m1" +CONFIG_SYSVIPC=y +CONFIG_POSIX_MQUEUE=y +CONFIG_AUDIT=y +CONFIG_NO_HZ_IDLE=y +CONFIG_HIGH_RES_TIMERS=y +CONFIG_BPF_JIT=y +CONFIG_PREEMPT=y +CONFIG_IRQ_TIME_ACCOUNTING=y +CONFIG_BSD_PROCESS_ACCT=y +CONFIG_BSD_PROCESS_ACCT_V3=y +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_NUMA_BALANCING=y +CONFIG_MEMCG=y +CONFIG_BLK_CGROUP=y +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_HUGETLB=y +CONFIG_CPUSETS=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +CONFIG_USER_NS=y +CONFIG_SCHED_AUTOGROUP=y +CONFIG_BLK_DEV_INITRD=y +CONFIG_KALLSYMS_ALL=y +# CONFIG_COMPAT_BRK is not set +CONFIG_PROFILING=y +CONFIG_ARCH_APPLE=y +# CONFIG_ARM64_ERRATUM_2054223 is not set +# CONFIG_ARM64_ERRATUM_2067961 is not set +# CONFIG_NVIDIA_CARMEL_CNP_ERRATUM is not set +CONFIG_ARM64_VA_BITS_48=y +CONFIG_SCHED_MC=y +CONFIG_SCHED_CLUSTER=y +CONFIG_NR_CPUS=64 +CONFIG_NUMA=y +CONFIG_KEXEC=y +CONFIG_KEXEC_FILE=y +CONFIG_CRASH_DUMP=y +CONFIG_XEN=y +# CONFIG_ARM64_PTR_AUTH_KERNEL is not set +CONFIG_RANDOMIZE_BASE=y +CONFIG_HIBERNATION=y +CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y +CONFIG_ENERGY_MODEL=y +CONFIG_ARM_CPUIDLE=y +CONFIG_ARM_PSCI_CPUIDLE=y +CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_STAT=y +CONFIG_CPU_FREQ_GOV_POWERSAVE=m +CONFIG_CPU_FREQ_GOV_USERSPACE=y +CONFIG_CPU_FREQ_GOV_ONDEMAND=y +CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m +CONFIG_CPUFREQ_DT=y +CONFIG_ACPI=y +CONFIG_ACPI_APEI=y +CONFIG_ACPI_APEI_GHES=y +CONFIG_ACPI_APEI_MEMORY_FAILURE=y +CONFIG_ACPI_APEI_EINJ=y +CONFIG_VIRTUALIZATION=y +CONFIG_KVM=y +CONFIG_CRYPTO_SHA1_ARM64_CE=y +CONFIG_CRYPTO_SHA2_ARM64_CE=y +CONFIG_CRYPTO_SHA512_ARM64_CE=m +CONFIG_CRYPTO_SHA3_ARM64=m +CONFIG_CRYPTO_SM3_ARM64_CE=m +CONFIG_CRYPTO_GHASH_ARM64_CE=y +CONFIG_CRYPTO_AES_ARM64=y +CONFIG_CRYPTO_AES_ARM64_CE_CCM=y +CONFIG_CRYPTO_AES_ARM64_CE_BLK=y +CONFIG_CRYPTO_AES_ARM64_BS=m +CONFIG_JUMP_LABEL=y +CONFIG_MODULES=y +CONFIG_MODULE_UNLOAD=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_KSM=y +CONFIG_MEMORY_FAILURE=y +CONFIG_TRANSPARENT_HUGEPAGE=y +CONFIG_CMA=y +CONFIG_NET=y +CONFIG_PACKET=y +CONFIG_UNIX=y +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_IPV6=m +CONFIG_IP_NF_IPTABLES=m +CONFIG_IP_NF_FILTER=m +CONFIG_IP_NF_TARGET_REJECT=m +CONFIG_IP_NF_NAT=m +CONFIG_IP_NF_TARGET_MASQUERADE=m +CONFIG_IP_NF_MANGLE=m +CONFIG_IP6_NF_IPTABLES=m +CONFIG_IP6_NF_FILTER=m +CONFIG_IP6_NF_TARGET_REJECT=m +CONFIG_IP6_NF_MANGLE=m +CONFIG_IP6_NF_NAT=m +CONFIG_IP6_NF_TARGET_MASQUERADE=m +CONFIG_BRIDGE=m +CONFIG_BRIDGE_VLAN_FILTERING=y +CONFIG_NET_DSA=m +CONFIG_VLAN_8021Q=m +CONFIG_VLAN_8021Q_GVRP=y +CONFIG_VLAN_8021Q_MVRP=y +CONFIG_NET_SCHED=y +CONFIG_NET_SCH_CBS=m +CONFIG_NET_SCH_ETF=m +CONFIG_NET_SCH_TAPRIO=m +CONFIG_NET_SCH_MQPRIO=m +CONFIG_NET_SCH_INGRESS=m +CONFIG_NET_CLS_BASIC=m +CONFIG_NET_CLS_FLOWER=m +CONFIG_NET_CLS_ACT=y +CONFIG_NET_ACT_GACT=m +CONFIG_NET_ACT_MIRRED=m +CONFIG_NET_ACT_GATE=m +CONFIG_QRTR=m +CONFIG_QRTR_TUN=m +CONFIG_CAN=m +CONFIG_CAN_FLEXCAN=m +CONFIG_BT=m +CONFIG_BT_HIDP=m +# CONFIG_BT_LE is not set +# CONFIG_BT_DEBUGFS is not set +CONFIG_BT_HCIBTUSB=m +CONFIG_BT_HCIUART=m +CONFIG_BT_HCIUART_LL=y +CONFIG_BT_HCIUART_BCM=y +CONFIG_BT_HCIUART_QCA=y +CONFIG_CFG80211=m +CONFIG_MAC80211=m +CONFIG_RFKILL=m +CONFIG_RFKILL_GPIO=m +# CONFIG_NET_9P=y +# CONFIG_NET_9P_VIRTIO=y +CONFIG_NFC=m +CONFIG_NFC_NCI=m +CONFIG_NFC_S3FWRN5_I2C=m +CONFIG_PCI=y +CONFIG_PCIEPORTBUS=y +CONFIG_PCI_IOV=y +CONFIG_PCI_PASID=y +CONFIG_HOTPLUG_PCI=y +CONFIG_HOTPLUG_PCI_ACPI=y +CONFIG_PCI_HOST_GENERIC=y +CONFIG_PCIE_APPLE=y +CONFIG_PCIE_DW_PLAT_HOST=y +CONFIG_PCI_ENDPOINT=y +CONFIG_PCI_ENDPOINT_CONFIGFS=y +CONFIG_PCI_EPF_TEST=m +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_EFI_BOOTLOADER_CONTROL=y +CONFIG_EFI_CAPSULE_LOADER=y +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_NBD=m +CONFIG_VIRTIO_BLK=y +CONFIG_BLK_DEV_NVME=m +CONFIG_SRAM=y +CONFIG_DW_XDATA_PCIE=y +CONFIG_PCI_ENDPOINT_TEST=m +CONFIG_EEPROM_AT24=m +CONFIG_SCSI=y +# CONFIG_SCSI_PROC_FS is not set +CONFIG_BLK_DEV_SD=y +CONFIG_MD=y +CONFIG_BLK_DEV_MD=m +CONFIG_BLK_DEV_DM=m +CONFIG_DM_MIRROR=m +CONFIG_DM_ZERO=m +CONFIG_DM_CRYPT=m +CONFIG_NETDEVICES=y +CONFIG_WIREGUARD=m +CONFIG_MACVLAN=m +CONFIG_MACVTAP=m +CONFIG_IPVLAN=m +CONFIG_IPVTAP=m +CONFIG_TUN=y +CONFIG_VETH=m +CONFIG_VIRTIO_NET=y +# CONFIG_NET_VENDOR_3COM is not set +# CONFIG_NET_VENDOR_ADAPTEC is not set +# CONFIG_NET_VENDOR_AGERE is not set +# CONFIG_NET_VENDOR_ALACRITECH is not set +# CONFIG_NET_VENDOR_ALTEON is not set +# CONFIG_NET_VENDOR_AMAZON is not set +# CONFIG_NET_VENDOR_AMD is not set +CONFIG_AQTION=y +# CONFIG_NET_VENDOR_ARC is not set +# CONFIG_NET_VENDOR_ATHEROS is not set +CONFIG_TIGON3=y +# CONFIG_NET_VENDOR_BROCADE is not set +# CONFIG_NET_VENDOR_CADENCE is not set +# CONFIG_NET_VENDOR_CAVIUM is not set +# CONFIG_NET_VENDOR_CHELSIO is not set +# CONFIG_NET_VENDOR_CISCO is not set +# CONFIG_NET_VENDOR_CORTINA is not set +# CONFIG_NET_VENDOR_DEC is not set +# CONFIG_NET_VENDOR_DLINK is not set +# CONFIG_NET_VENDOR_EMULEX is not set +# CONFIG_NET_VENDOR_EZCHIP is not set +# CONFIG_NET_VENDOR_GOOGLE is not set +# CONFIG_NET_VENDOR_HISILICON is not set +# CONFIG_NET_VENDOR_HUAWEI is not set +# CONFIG_NET_VENDOR_INTEL is not set +# CONFIG_NET_VENDOR_MICROSOFT is not set +# CONFIG_NET_VENDOR_LITEX is not set +# CONFIG_NET_VENDOR_MARVELL is not set +# CONFIG_NET_VENDOR_MELLANOX is not set +# CONFIG_NET_VENDOR_MICREL is not set +# CONFIG_NET_VENDOR_MICROCHIP is not set +# CONFIG_NET_VENDOR_MICROSEMI is not set +# CONFIG_NET_VENDOR_MYRI is not set +# CONFIG_NET_VENDOR_NATSEMI is not set +# CONFIG_NET_VENDOR_NETERION is not set +# CONFIG_NET_VENDOR_NETRONOME is not set +# CONFIG_NET_VENDOR_NI is not set +# CONFIG_NET_VENDOR_NVIDIA is not set +# CONFIG_NET_VENDOR_OKI is not set +# CONFIG_NET_VENDOR_PACKET_ENGINES is not set +# CONFIG_NET_VENDOR_PENSANDO is not set +# CONFIG_NET_VENDOR_QLOGIC is not set +# CONFIG_NET_VENDOR_QUALCOMM is not set +# CONFIG_NET_VENDOR_RDC is not set +# CONFIG_NET_VENDOR_REALTEK is not set +# CONFIG_NET_VENDOR_RENESAS is not set +# CONFIG_NET_VENDOR_ROCKER is not set +# CONFIG_NET_VENDOR_SAMSUNG is not set +# CONFIG_NET_VENDOR_SEEQ is not set +# CONFIG_NET_VENDOR_SOLARFLARE is not set +# CONFIG_NET_VENDOR_SILAN is not set +# CONFIG_NET_VENDOR_SIS is not set +# CONFIG_NET_VENDOR_SMSC is not set +# CONFIG_NET_VENDOR_SOCIONEXT is not set +# CONFIG_NET_VENDOR_STMICRO is not set +# CONFIG_NET_VENDOR_SUN is not set +# CONFIG_NET_VENDOR_SYNOPSYS is not set +# CONFIG_NET_VENDOR_TEHUTI is not set +# CONFIG_NET_VENDOR_TI is not set +# CONFIG_NET_VENDOR_VIA is not set +# CONFIG_NET_VENDOR_WIZNET is not set +# CONFIG_NET_VENDOR_XILINX is not set +CONFIG_USB_RTL8150=y +CONFIG_USB_RTL8152=y +CONFIG_USB_LAN78XX=y +CONFIG_USB_USBNET=y +CONFIG_USB_NET_SMSC75XX=y +CONFIG_USB_NET_SMSC95XX=y +# CONFIG_USB_NET_NET1080 is not set +# CONFIG_USB_NET_ZAURUS is not set +CONFIG_USB_IPHETH=y +# CONFIG_WLAN_VENDOR_ADMTEK is not set +# CONFIG_WLAN_VENDOR_ATH is not set +# CONFIG_WLAN_VENDOR_ATMEL is not set +# CONFIG_WLAN_VENDOR_CISCO is not set +# CONFIG_WLAN_VENDOR_INTEL is not set +# CONFIG_WLAN_VENDOR_INTERSIL is not set +# CONFIG_WLAN_VENDOR_MARVELL is not set +# CONFIG_WLAN_VENDOR_MEDIATEK is not set +# CONFIG_WLAN_VENDOR_MICROCHIP is not set +# CONFIG_WLAN_VENDOR_RALINK is not set +# CONFIG_WLAN_VENDOR_REALTEK is not set +# CONFIG_WLAN_VENDOR_RSI is not set +# CONFIG_WLAN_VENDOR_ST is not set +# CONFIG_WLAN_VENDOR_TI is not set +# CONFIG_WLAN_VENDOR_ZYDAS is not set +# CONFIG_WLAN_VENDOR_QUANTENNA is not set +# CONFIG_XEN_NETDEV_FRONTEND is not set +CONFIG_INPUT_EVDEV=y +CONFIG_KEYBOARD_APPLESPI=y +CONFIG_INPUT_TOUCHSCREEN=y +CONFIG_TOUCHSCREEN_ATMEL_MXT=m +CONFIG_TOUCHSCREEN_EDT_FT5X06=m +CONFIG_INPUT_MISC=y +# CONFIG_SERIO_SERPORT is not set +CONFIG_SERIO_AMBAKMI=y +CONFIG_LEGACY_PTY_COUNT=16 +CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_EXTENDED=y +CONFIG_SERIAL_8250_SHARE_IRQ=y +CONFIG_SERIAL_8250_DW=y +CONFIG_SERIAL_OF_PLATFORM=y +CONFIG_SERIAL_AMBA_PL011=y +CONFIG_SERIAL_AMBA_PL011_CONSOLE=y +CONFIG_SERIAL_SAMSUNG=y +CONFIG_SERIAL_SAMSUNG_CONSOLE=y +CONFIG_SERIAL_DEV_BUS=y +CONFIG_VIRTIO_CONSOLE=y +CONFIG_I2C_CHARDEV=y +CONFIG_I2C_MUX=y +# CONFIG_I2C_HELPER_AUTO is not set +CONFIG_I2C_SMBUS=y +CONFIG_SPI=y +CONFIG_SPI_DEBUG=y +CONFIG_SPI_APPLE=y +# CONFIG_PTP_1588_CLOCK is not set +CONFIG_PINCTRL=y +CONFIG_PINCTRL_APPLE_GPIO=y +# CONFIG_HWMON is not set +CONFIG_THERMAL_WRITABLE_TRIPS=y +CONFIG_THERMAL_GOV_USER_SPACE=y +CONFIG_WATCHDOG=y +CONFIG_APPLE_WATCHDOG=y +CONFIG_MFD_SYSCON=y +CONFIG_MEDIA_SUPPORT=m +CONFIG_MEDIA_CAMERA_SUPPORT=y +CONFIG_MEDIA_ANALOG_TV_SUPPORT=y +CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y +CONFIG_MEDIA_SDR_SUPPORT=y +CONFIG_MEDIA_PLATFORM_SUPPORT=y +CONFIG_VIDEO_V4L2_SUBDEV_API=y +CONFIG_MEDIA_USB_SUPPORT=y +CONFIG_USB_VIDEO_CLASS=m +CONFIG_USB_GSPCA=m +CONFIG_V4L_PLATFORM_DRIVERS=y +CONFIG_V4L_MEM2MEM_DRIVERS=y +CONFIG_DRM=y +CONFIG_DRM_SIMPLEDRM=y +CONFIG_FB=y +CONFIG_FB_MODE_HELPERS=y +CONFIG_FB_TILEBLITTING=y +CONFIG_FB_EFI=y +# CONFIG_XEN_FBDEV_FRONTEND is not set +CONFIG_LOGO=y +# CONFIG_LOGO_LINUX_MONO is not set +# CONFIG_LOGO_LINUX_VGA16 is not set +CONFIG_SOUND=y +CONFIG_SND=y +CONFIG_USB_ULPI_BUS=y +CONFIG_USB_CONN_GPIO=y +CONFIG_USB=y +CONFIG_USB_OTG=y +CONFIG_USB_MON=m +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_HCD_PLATFORM=y +CONFIG_USB_ACM=m +CONFIG_USB_STORAGE=y +CONFIG_USB_UAS=y +CONFIG_USB_DWC3=y +CONFIG_USB_DWC3_ULPI=y +CONFIG_USB_DWC2=y +CONFIG_USB_DWC2_HOST=y +CONFIG_USB_DWC2_PCI=y +CONFIG_USB_SERIAL=m +CONFIG_USB_SERIAL_CP210X=m +CONFIG_USB_SERIAL_FTDI_SIO=m +CONFIG_USB_SERIAL_OPTION=m +CONFIG_USB_GPIO_VBUS=y +CONFIG_USB_ULPI=y +CONFIG_USB_GADGET=y +CONFIG_U_SERIAL_CONSOLE=y +CONFIG_USB_SNP_UDC_PLAT=y +CONFIG_USB_CONFIGFS=m +CONFIG_USB_CONFIGFS_SERIAL=y +CONFIG_USB_CONFIGFS_ACM=y +CONFIG_USB_CONFIGFS_OBEX=y +CONFIG_USB_CONFIGFS_NCM=y +CONFIG_USB_CONFIGFS_ECM=y +CONFIG_USB_CONFIGFS_ECM_SUBSET=y +CONFIG_USB_CONFIGFS_RNDIS=y +CONFIG_USB_CONFIGFS_EEM=y +CONFIG_USB_CONFIGFS_MASS_STORAGE=y +CONFIG_USB_CONFIGFS_F_FS=y +CONFIG_USB_G_SERIAL=y +CONFIG_USB_CDC_COMPOSITE=y +CONFIG_TYPEC=y +CONFIG_TYPEC_TCPM=y +CONFIG_TYPEC_TPS6598X=y +CONFIG_TYPEC_DP_ALTMODE=m +CONFIG_NEW_LEDS=y +CONFIG_LEDS_CLASS=y +CONFIG_LEDS_CLASS_FLASH=y +CONFIG_LEDS_CLASS_MULTICOLOR=y +CONFIG_LEDS_BRIGHTNESS_HW_CHANGED=y +CONFIG_UDMABUF=y +CONFIG_DMABUF_HEAPS=y +CONFIG_DMABUF_SYSFS_STATS=y +CONFIG_DMABUF_HEAPS_SYSTEM=y +CONFIG_DMABUF_HEAPS_CMA=y +# CONFIG_VIRTIO_MENU is not set +# CONFIG_VHOST_MENU is not set +# CONFIG_XEN_PCIDEV_STUB is not set +CONFIG_MAILBOX=y +CONFIG_GENERIC_PHY=y +CONFIG_VALIDATE_FS_PARSER=y +CONFIG_EXT3_FS=y +CONFIG_EXT4_FS_POSIX_ACL=y +CONFIG_BTRFS_FS=m +CONFIG_BTRFS_FS_POSIX_ACL=y +CONFIG_FANOTIFY=y +CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y +CONFIG_QUOTA=y +CONFIG_AUTOFS4_FS=y +CONFIG_FUSE_FS=m +CONFIG_CUSE=m +CONFIG_OVERLAY_FS=m +CONFIG_VFAT_FS=y +CONFIG_EXFAT_FS=y +CONFIG_TMPFS=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_HUGETLBFS=y +CONFIG_EFIVAR_FS=y +CONFIG_SQUASHFS=y +CONFIG_NFS_FS=y +CONFIG_NFS_V4=y +CONFIG_NFS_V4_1=y +CONFIG_NFS_V4_2=y +CONFIG_ROOT_NFS=y +CONFIG_9P_FS=y +CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_ISO8859_1=y +CONFIG_SECURITY=y +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_ECHAINIV=y +CONFIG_CRYPTO_ANSI_CPRNG=y +CONFIG_CRYPTO_USER_API_RNG=m +CONFIG_CRYPTO_DEV_CCREE=m +CONFIG_CRYPTO_DEV_HISI_SEC2=m +CONFIG_CRYPTO_DEV_HISI_ZIP=m +CONFIG_CRYPTO_DEV_HISI_HPRE=m +CONFIG_CRYPTO_DEV_HISI_TRNG=m +CONFIG_DMA_CMA=y +CONFIG_CMA_SIZE_MBYTES=128 +CONFIG_PRINTK_TIME=y +CONFIG_DEBUG_INFO=y +CONFIG_DEBUG_INFO_REDUCED=y +CONFIG_MAGIC_SYSRQ=y +CONFIG_DEBUG_FS=y +CONFIG_DEBUG_KERNEL=y +# CONFIG_SCHED_DEBUG is not set +CONFIG_FUNCTION_TRACER=y +CONFIG_MEMTEST=y + +# additional nixos mandatory kernel configs +CONFIG_CGROUPS=y +CONFIG_INOTIFY_USER=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EPOLL=y +CONFIG_SYSFS=y +CONFIG_PROC_FS=y +CONFIG_FHANDLE=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_SHA256=y +CONFIG_ISO9660_FS=y +CONFIG_ZISOFS=n +CONFIG_JOLIET=y +CONFIG_SQUASHFS_XZ=y +CONFIG_SQUASHFS_ZSTD=y +CONFIG_DMIID=y +CONFIG_TMPFS_XATTR=y +CONFIG_SECCOMP=y +CONFIG_BINFMT_ELF=y +CONFIG_BINFMT_MISC=y +CONFIG_EFI_STUB=y +CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y +CONFIG_FW_LOADER_COMPRESS=y + +# stuff for the keyboard? +CONFIG_SPI_HID_APPLE=y +CONFIG_HID_APPLE=y +CONFIG_HID_MAGICMOUSE=y + +CONFIG_APPLE_SART=y +CONFIG_APPLE_RTKIT=y +CONFIG_NVME_APPLE=y + +# stuff for sound? +CONFIG_SND_SOC=y +CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y +CONFIG_SND_SIMPLE_CARD=y +CONFIG_SND_SIMPLE_CARD_UTILS=y +CONFIG_SND_SOC_CS42L42=y +CONFIG_SND_SOC_TAS2770=y +CONFIG_DMADEVICES=y +CONFIG_APPLE_ADMAC=y +CONFIG_SND_SOC_APPLE_MCA=y + +# stuff for wifi +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_BRCMUTIL=m +CONFIG_BRCMFMAC=m +CONFIG_BRCMFMAC_PROTO_MSGBUF=y +CONFIG_BRCMFMAC_PCIE=y + +# new stuff for 5.17 +CONFIG_SPMI=y +CONFIG_SPMI_APPLE=y +CONFIG_CHARGER_MACSMC=y +CONFIG_GPIOLIB=y +CONFIG_GPIOLIB_IRQCHIP=y +CONFIG_GPIO_MACSMC=y +CONFIG_BACKLIGHT_GPIO=y + +# nftables related config +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y +CONFIG_BRIDGE_NETFILTER=m + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_EGRESS=y +CONFIG_NETFILTER_SKIP_EGRESS=y +CONFIG_NETFILTER_NETLINK=m +CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_FAMILY_ARP=y +CONFIG_NETFILTER_NETLINK_HOOK=m +CONFIG_NETFILTER_NETLINK_ACCT=m +CONFIG_NETFILTER_NETLINK_QUEUE=m +CONFIG_NETFILTER_NETLINK_LOG=m +CONFIG_NETFILTER_NETLINK_OSF=m +CONFIG_NF_CONNTRACK=m +CONFIG_NF_LOG_SYSLOG=m +CONFIG_NETFILTER_CONNCOUNT=m +CONFIG_NF_CONNTRACK_MARK=y +CONFIG_NF_CONNTRACK_ZONES=y +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CONNTRACK_TIMEOUT=y +CONFIG_NF_CONNTRACK_TIMESTAMP=y +CONFIG_NF_CONNTRACK_LABELS=y +CONFIG_NF_CT_PROTO_DCCP=y +CONFIG_NF_CT_PROTO_GRE=y +CONFIG_NF_CT_PROTO_SCTP=y +CONFIG_NF_CT_PROTO_UDPLITE=y +CONFIG_NF_CONNTRACK_AMANDA=m +CONFIG_NF_CONNTRACK_FTP=m +CONFIG_NF_CONNTRACK_H323=m +CONFIG_NF_CONNTRACK_IRC=m +CONFIG_NF_CONNTRACK_BROADCAST=m +CONFIG_NF_CONNTRACK_NETBIOS_NS=m +CONFIG_NF_CONNTRACK_SNMP=m +CONFIG_NF_CONNTRACK_PPTP=m +CONFIG_NF_CONNTRACK_SANE=m +CONFIG_NF_CONNTRACK_SIP=m +CONFIG_NF_CONNTRACK_TFTP=m +CONFIG_NF_CT_NETLINK=m +CONFIG_NF_CT_NETLINK_TIMEOUT=m +CONFIG_NF_CT_NETLINK_HELPER=m +CONFIG_NETFILTER_NETLINK_GLUE_CT=y +CONFIG_NF_NAT=m +CONFIG_NF_NAT_AMANDA=m +CONFIG_NF_NAT_FTP=m +CONFIG_NF_NAT_IRC=m +CONFIG_NF_NAT_SIP=m +CONFIG_NF_NAT_TFTP=m +CONFIG_NF_NAT_REDIRECT=y +CONFIG_NF_NAT_MASQUERADE=y +CONFIG_NETFILTER_SYNPROXY=m +CONFIG_NF_TABLES=m +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +CONFIG_NFT_NUMGEN=m +CONFIG_NFT_CT=m +CONFIG_NFT_FLOW_OFFLOAD=m +CONFIG_NFT_CONNLIMIT=m +CONFIG_NFT_LOG=m +CONFIG_NFT_LIMIT=m +CONFIG_NFT_MASQ=m +CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m +CONFIG_NFT_TUNNEL=m +CONFIG_NFT_OBJREF=m +CONFIG_NFT_QUEUE=m +CONFIG_NFT_QUOTA=m +CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m +CONFIG_NFT_COMPAT=m +CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m +CONFIG_NFT_XFRM=m +CONFIG_NFT_SOCKET=m +CONFIG_NFT_OSF=m +CONFIG_NFT_TPROXY=m +CONFIG_NFT_SYNPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m +CONFIG_NFT_REJECT_NETDEV=m +CONFIG_NF_FLOW_TABLE_INET=m +CONFIG_NF_FLOW_TABLE=m +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=m +CONFIG_NETFILTER_XT_CONNMARK=m +CONFIG_NETFILTER_XT_SET=m + +# +# Xtables targets +# +CONFIG_NETFILTER_XT_TARGET_AUDIT=m +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m +CONFIG_NETFILTER_XT_TARGET_CONNMARK=m +CONFIG_NETFILTER_XT_TARGET_CT=m +CONFIG_NETFILTER_XT_TARGET_DSCP=m +CONFIG_NETFILTER_XT_TARGET_HL=m +CONFIG_NETFILTER_XT_TARGET_HMARK=m +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m +CONFIG_NETFILTER_XT_TARGET_LED=m +CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_TARGET_MARK=m +CONFIG_NETFILTER_XT_NAT=m +CONFIG_NETFILTER_XT_TARGET_NETMAP=m +CONFIG_NETFILTER_XT_TARGET_NFLOG=m +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m +# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set +CONFIG_NETFILTER_XT_TARGET_RATEEST=m +CONFIG_NETFILTER_XT_TARGET_REDIRECT=m +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m +CONFIG_NETFILTER_XT_TARGET_TEE=m +CONFIG_NETFILTER_XT_TARGET_TPROXY=m +CONFIG_NETFILTER_XT_TARGET_TRACE=m +CONFIG_NETFILTER_XT_TARGET_TCPMSS=m +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m +CONFIG_NETFILTER_XT_MATCH_BPF=m +CONFIG_NETFILTER_XT_MATCH_CGROUP=m +CONFIG_NETFILTER_XT_MATCH_CLUSTER=m +CONFIG_NETFILTER_XT_MATCH_COMMENT=m +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m +CONFIG_NETFILTER_XT_MATCH_CONNMARK=m +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m +CONFIG_NETFILTER_XT_MATCH_CPU=m +CONFIG_NETFILTER_XT_MATCH_DCCP=m +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m +CONFIG_NETFILTER_XT_MATCH_DSCP=m +CONFIG_NETFILTER_XT_MATCH_ECN=m +CONFIG_NETFILTER_XT_MATCH_ESP=m +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m +CONFIG_NETFILTER_XT_MATCH_HELPER=m +CONFIG_NETFILTER_XT_MATCH_HL=m +CONFIG_NETFILTER_XT_MATCH_IPCOMP=m +CONFIG_NETFILTER_XT_MATCH_IPRANGE=m +CONFIG_NETFILTER_XT_MATCH_IPVS=m +CONFIG_NETFILTER_XT_MATCH_L2TP=m +CONFIG_NETFILTER_XT_MATCH_LENGTH=m +CONFIG_NETFILTER_XT_MATCH_LIMIT=m +CONFIG_NETFILTER_XT_MATCH_MAC=m +CONFIG_NETFILTER_XT_MATCH_MARK=m +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m +CONFIG_NETFILTER_XT_MATCH_NFACCT=m +CONFIG_NETFILTER_XT_MATCH_OSF=m +CONFIG_NETFILTER_XT_MATCH_OWNER=m +CONFIG_NETFILTER_XT_MATCH_POLICY=m +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m +CONFIG_NETFILTER_XT_MATCH_QUOTA=m +CONFIG_NETFILTER_XT_MATCH_RATEEST=m +CONFIG_NETFILTER_XT_MATCH_REALM=m +CONFIG_NETFILTER_XT_MATCH_RECENT=m +CONFIG_NETFILTER_XT_MATCH_SCTP=m +CONFIG_NETFILTER_XT_MATCH_SOCKET=m +CONFIG_NETFILTER_XT_MATCH_STATE=m +CONFIG_NETFILTER_XT_MATCH_STATISTIC=m +CONFIG_NETFILTER_XT_MATCH_STRING=m +CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_TIME=m +CONFIG_NETFILTER_XT_MATCH_U32=m +# end of Core Netfilter Configuration diff --git a/machines/nat/m1-support/kernel/default-pagesize-16k.patch b/machines/nat/m1-support/kernel/default-pagesize-16k.patch new file mode 100644 index 0000000..c6fb651 --- /dev/null +++ b/machines/nat/m1-support/kernel/default-pagesize-16k.patch @@ -0,0 +1,13 @@ +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index a1eb6572ecd2..b94fbd9b3d70 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -1036,7 +1036,7 @@ endmenu + + choice + prompt "Page size" +- default ARM64_4K_PAGES ++ default ARM64_16K_PAGES + help + Page size (translation granule) configuration. + diff --git a/machines/nat/m1-support/kernel/default.nix b/machines/nat/m1-support/kernel/default.nix new file mode 100644 index 0000000..fe64bcd --- /dev/null +++ b/machines/nat/m1-support/kernel/default.nix @@ -0,0 +1,62 @@ +# the Asahi Linux kernel and options that must go along with it + +{ config, pkgs, lib, ... }: +{ + config = { + boot.kernelPackages = pkgs.callPackage ./package.nix { + crossBuild = config.boot.kernelBuildIsCross; + _16KBuild = config.boot.kernelBuildIs16K; + }; + + # we definitely want to use CONFIG_ENERGY_MODEL, and + # schedutil is a prerequisite for using it + # source: https://www.kernel.org/doc/html/latest/scheduler/sched-energy.html + powerManagement.cpuFreqGovernor = lib.mkOverride 800 "schedutil"; + + # our kernel config is weird and doesn't really have any modules + # remove? + # boot.initrd.availableKernelModules = lib.mkForce []; + boot.initrd.availableKernelModules = lib.mkForce [ "dm_crypt" ]; + + boot.kernelParams = [ + "earlycon" + "console=ttySAC0,1500000" + "console=tty0" + "boot.shell_on_fail" + # Apple's SSDs are slow (~dozens of ms) at processing flush requests which + # slows down programs that make a lot of fsync calls. This parameter sets + # a delay in ms before actually flushing so that such requests can be + # coalesced. Be warned that increasing this parameter above zero (default + # is 1000) has the potential, though admittedly unlikely, risk of + # UNBOUNDED data corruption in case of power loss!!!! Don't even think + # about it on desktops!! + "nvme_apple.flush_interval=1000" + ]; + + # U-Boot does not support EFI variables + boot.loader.efi.canTouchEfiVariables = lib.mkForce false; + + # GRUB has to be installed as removable if the user chooses to use it + boot.loader.grub = lib.mkDefault { + version = 2; + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + }; + + options.boot.kernelBuildIsCross = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Set that the Asahi Linux kernel should be cross-compiled."; + }; + + options.boot.kernelBuildIs16K = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Set that the Asahi Linux kernel should be built with 16K pages and various + software patched to be compatible. Some software may still be broken. + ''; + }; +} diff --git a/machines/nat/m1-support/kernel/package.nix b/machines/nat/m1-support/kernel/package.nix new file mode 100644 index 0000000..75a494e --- /dev/null +++ b/machines/nat/m1-support/kernel/package.nix @@ -0,0 +1,67 @@ +{ pkgs, crossBuild ? false, _16KBuild ? false }: let + buildPkgs = if crossBuild then + import (pkgs.path) { + system = "x86_64-linux"; + crossSystem.system = "aarch64-linux"; + } + else pkgs; + + # we do this so the config can be read on any system and not affect + # the output hash + localPkgs = import (pkgs.path) { system = "aarch64-linux"; }; + readConfig = configfile: import (localPkgs.runCommand "config.nix" {} '' + echo "{" > "$out" + while IFS='=' read key val; do + [ "x''${key#CONFIG_}" != "x$key" ] || continue + no_firstquote="''${val#\"}"; + echo ' "'"$key"'" = "'"''${no_firstquote%\"}"'";' >> "$out" + done < "${configfile}" + echo "}" >> $out + '').outPath; + + linux_asahi_pkg = { stdenv, lib, fetchFromGitHub, fetchpatch, linuxKernel, ... } @ args: + linuxKernel.manualConfig rec { + inherit stdenv lib; + + version = "5.19.0-rc7-asahi"; + modDirVersion = version; + + src = fetchFromGitHub { + # tracking branch: https://github.com/AsahiLinux/linux/tree/asahi + owner = "AsahiLinux"; + repo = "linux"; + rev = "c7d02d6615a5fb4afefd3084fce93d86e5fb184d"; + hash = "sha256-sed405+6L5U7S+Na2DNLGPNTNf3tv96LjK3CimeRjNU="; + }; + + kernelPatches = [ + ] ++ lib.optionals (!_16KBuild) [ + # thanks to Sven Peter + # https://lore.kernel.org/linux-iommu/20211019163737.46269-1-sven@svenpeter.dev/ + { name = "sven-iommu-4k"; + patch = ./sven-iommu-4k.patch; + } + ] ++ lib.optionals _16KBuild [ + # patch the kernel to set the default size to 16k so we don't need to + # convert our config to the nixos infrastructure or patch it and thus + # introduce a dependency on the host system architecture + { name = "default-pagesize-16k"; + patch = ./default-pagesize-16k.patch; + } + ]; + + configfile = ./config; + config = readConfig configfile; + + extraMeta.branch = "5.19"; + } // (args.argsOverride or {}); + + linux_asahi = (buildPkgs.callPackage linux_asahi_pkg { }).overrideAttrs (o: { + # use 5.19 suitable randstruct seed patch + # to be removed when https://github.com/NixOS/nixpkgs/pull/180750 is + # accepted and percolates through + patches = (builtins.filter + (v: (pkgs.lib.hasInfix "randstruct" (builtins.path { path = v; })) != true) + o.patches) ++ [ ./randstruct-provide-seed-5.19.patch ]; + }); +in buildPkgs.recurseIntoAttrs (buildPkgs.linuxPackagesFor linux_asahi) diff --git a/machines/nat/m1-support/kernel/randstruct-provide-seed-5.19.patch b/machines/nat/m1-support/kernel/randstruct-provide-seed-5.19.patch new file mode 100644 index 0000000..5ca897a --- /dev/null +++ b/machines/nat/m1-support/kernel/randstruct-provide-seed-5.19.patch @@ -0,0 +1,13 @@ +diff --git a/scripts/gen-randstruct-seed.sh b/scripts/gen-randstruct-seed.sh +index 61017b36c464..7bb494dd2e18 100755 +--- a/scripts/gen-randstruct-seed.sh ++++ b/scripts/gen-randstruct-seed.sh +@@ -1,7 +1,7 @@ + #!/bin/sh + # SPDX-License-Identifier: GPL-2.0 + +-SEED=$(od -A n -t x8 -N 32 /dev/urandom | tr -d ' \n') ++SEED="NIXOS_RANDSTRUCT_SEED" + echo "$SEED" > "$1" + HASH=$(echo -n "$SEED" | sha256sum | cut -d" " -f1) + echo "#define RANDSTRUCT_HASHED_SEED \"$HASH\"" > "$2" diff --git a/machines/nat/m1-support/kernel/sven-iommu-4k.patch b/machines/nat/m1-support/kernel/sven-iommu-4k.patch new file mode 100644 index 0000000..25eb541 --- /dev/null +++ b/machines/nat/m1-support/kernel/sven-iommu-4k.patch @@ -0,0 +1,449 @@ +diff --git a/drivers/iommu/apple-dart.c b/drivers/iommu/apple-dart.c +index 4f1a37bdd42d..c8c3ea81d818 100644 +--- a/drivers/iommu/apple-dart.c ++++ b/drivers/iommu/apple-dart.c +@@ -97,7 +97,6 @@ struct apple_dart_hw { + * @lock: lock for hardware operations involving this dart + * @pgsize: pagesize supported by this DART + * @supports_bypass: indicates if this DART supports bypass mode +- * @force_bypass: force bypass mode due to pagesize mismatch? + * @sid2group: maps stream ids to iommu_groups + * @iommu: iommu core device + */ +@@ -115,7 +114,6 @@ struct apple_dart { + + u32 pgsize; + u32 supports_bypass : 1; +- u32 force_bypass : 1; + + struct iommu_group *sid2group[DART_MAX_STREAMS]; + struct iommu_device iommu; +@@ -499,9 +497,6 @@ static int apple_dart_attach_dev(struct iommu_domain *domain, + struct apple_dart_master_cfg *cfg = dev_iommu_priv_get(dev); + struct apple_dart_domain *dart_domain = to_dart_domain(domain); + +- if (cfg->stream_maps[0].dart->force_bypass && +- domain->type != IOMMU_DOMAIN_IDENTITY) +- return -EINVAL; + if (!cfg->stream_maps[0].dart->supports_bypass && + domain->type == IOMMU_DOMAIN_IDENTITY) + return -EINVAL; +@@ -630,8 +625,6 @@ static int apple_dart_of_xlate(struct device *dev, struct of_phandle_args *args) + if (cfg_dart) { + if (cfg_dart->supports_bypass != dart->supports_bypass) + return -EINVAL; +- if (cfg_dart->force_bypass != dart->force_bypass) +- return -EINVAL; + if (cfg_dart->pgsize != dart->pgsize) + return -EINVAL; + } +@@ -736,8 +729,6 @@ static int apple_dart_def_domain_type(struct device *dev) + { + struct apple_dart_master_cfg *cfg = dev_iommu_priv_get(dev); + +- if (cfg->stream_maps[0].dart->force_bypass) +- return IOMMU_DOMAIN_IDENTITY; + if (!cfg->stream_maps[0].dart->supports_bypass) + return IOMMU_DOMAIN_DMA; + +@@ -1121,8 +1121,6 @@ static int apple_dart_probe(struct platform_device *pdev) + goto err_clk_disable; + } + +- dart->force_bypass = dart->pgsize > PAGE_SIZE; +- + ret = apple_dart_hw_reset(dart); + if (ret) + goto err_clk_disable; +@@ -1149,8 +1147,8 @@ static int apple_dart_probe(struct platform_device *pdev) + + dev_info( + &pdev->dev, +- "DART [pagesize %x, %d streams, bypass support: %d, bypass forced: %d] initialized\n", +- dart->pgsize, dart->num_streams, dart->supports_bypass, dart->force_bypass); ++ "DART [pagesize %x, %d streams, bypass support: %d] initialized\n", ++ dart->pgsize, dart->num_streams, dart->supports_bypass); + return 0; + + err_sysfs_remove: + +diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c +index 09f6e1c0f9c0..094592751cfa 100644 +--- a/drivers/iommu/dma-iommu.c ++++ b/drivers/iommu/dma-iommu.c +@@ -20,9 +20,11 @@ + #include + #include + #include ++#include + #include + #include + #include ++#include + #include + #include + #include +@@ -710,6 +712,9 @@ static struct page **__iommu_dma_alloc_pages(struct device *dev, + { + struct page **pages; + unsigned int i = 0, nid = dev_to_node(dev); ++ unsigned int j; ++ unsigned long min_order = __fls(order_mask); ++ unsigned int min_order_size = 1U << min_order; + + order_mask &= (2U << MAX_ORDER) - 1; + if (!order_mask) +@@ -749,15 +754,37 @@ static struct page **__iommu_dma_alloc_pages(struct device *dev, + split_page(page, order); + break; + } +- if (!page) { +- __iommu_dma_free_pages(pages, i); +- return NULL; ++ ++ /* ++ * If we have no valid page here we might be trying to allocate ++ * the last block consisting of 1<pgsize_bitmap; ++ struct sg_append_table sgt_append = {}; ++ struct scatterlist *last_sg; + struct page **pages; + dma_addr_t iova; + ssize_t ret; ++ phys_addr_t orig_s_phys; ++ size_t orig_s_len, orig_s_off, s_iova_off, iova_size; + + if (static_branch_unlikely(&iommu_deferred_attach_enabled) && + iommu_deferred_attach(dev, domain)) + return NULL; + + min_size = alloc_sizes & -alloc_sizes; +- if (min_size < PAGE_SIZE) { ++ if (iovad->granule > PAGE_SIZE) { ++ if (size < iovad->granule) { ++ /* ensure a single contiguous allocation */ ++ min_size = ALIGN(size, PAGE_SIZE*(1U<coherent_dma_mask, dev); ++ iova_size = iova_align(iovad, size); ++ iova = iommu_dma_alloc_iova(domain, iova_size, dev->coherent_dma_mask, dev); + if (!iova) + goto out_free_pages; + +- if (sg_alloc_table_from_pages(sgt, pages, count, 0, size, GFP_KERNEL)) ++ /* append_table is only used to get a pointer to the last entry */ ++ if (sg_alloc_append_table_from_pages(&sgt_append, pages, count, 0, ++ iova_size, UINT_MAX, 0, GFP_KERNEL)) + goto out_free_iova; ++ memcpy(sgt, &sgt_append.sgt, sizeof(*sgt)); ++ last_sg = sgt_append.prv; + + if (!(ioprot & IOMMU_CACHE)) { + struct scatterlist *sg; +@@ -825,18 +839,59 @@ static struct page **__iommu_dma_alloc_noncontiguous(struct device *dev, + arch_dma_prep_coherent(sg_page(sg), sg->length); + } + ++ if (iovad->granule > PAGE_SIZE) { ++ if (size < iovad->granule) { ++ /* ++ * we only have a single sg list entry here that is ++ * likely not aligned to iovad->granule. adjust the ++ * entry to represent the encapsulating IOMMU page ++ * and then later restore everything to its original ++ * values, similar to the impedance matching done in ++ * iommu_dma_map_sg. ++ */ ++ orig_s_phys = sg_phys(sgt->sgl); ++ orig_s_len = sgt->sgl->length; ++ orig_s_off = sgt->sgl->offset; ++ s_iova_off = iova_offset(iovad, orig_s_phys); ++ ++ sg_set_page(sgt->sgl, ++ pfn_to_page(PHYS_PFN(orig_s_phys - s_iova_off)), ++ iova_align(iovad, orig_s_len + s_iova_off), ++ sgt->sgl->offset & ~s_iova_off); ++ } else { ++ /* ++ * convince iommu_map_sg_atomic to map the last block ++ * even though it may be too small. ++ */ ++ orig_s_len = last_sg->length; ++ last_sg->length = iova_align(iovad, last_sg->length); ++ } ++ } ++ + ret = iommu_map_sg_atomic(domain, iova, sgt->sgl, sgt->orig_nents, ioprot); +- if (ret < 0 || ret < size) ++ if (ret < 0 || ret < iova_size) + goto out_free_sg; + ++ if (iovad->granule > PAGE_SIZE) { ++ if (size < iovad->granule) { ++ sg_set_page(sgt->sgl, ++ pfn_to_page(PHYS_PFN(orig_s_phys)), ++ orig_s_len, orig_s_off); ++ ++ iova += s_iova_off; ++ } else { ++ last_sg->length = orig_s_len; ++ } ++ } ++ + sgt->sgl->dma_address = iova; +- sgt->sgl->dma_length = size; ++ sgt->sgl->dma_length = iova_size; + return pages; + + out_free_sg: + sg_free_table(sgt); + out_free_iova: +- iommu_dma_free_iova(cookie, iova, size, NULL); ++ iommu_dma_free_iova(cookie, iova, iova_size, NULL); + out_free_pages: + __iommu_dma_free_pages(pages, count); + return NULL; +@@ -1040,8 +1124,9 @@ static int __finalise_sg(struct device *dev, struct scatterlist *sg, int nents, + unsigned int s_length = sg_dma_len(s); + unsigned int s_iova_len = s->length; + +- s->offset += s_iova_off; +- s->length = s_length; ++ sg_set_page(s, ++ pfn_to_page(PHYS_PFN(sg_phys(s) + s_iova_off)), ++ s_length, s_iova_off & ~PAGE_MASK); + sg_dma_address(s) = DMA_MAPPING_ERROR; + sg_dma_len(s) = 0; + +@@ -1082,13 +1167,17 @@ static int __finalise_sg(struct device *dev, struct scatterlist *sg, int nents, + static void __invalidate_sg(struct scatterlist *sg, int nents) + { + struct scatterlist *s; ++ phys_addr_t orig_paddr; + int i; + + for_each_sg(sg, s, nents, i) { +- if (sg_dma_address(s) != DMA_MAPPING_ERROR) +- s->offset += sg_dma_address(s); +- if (sg_dma_len(s)) +- s->length = sg_dma_len(s); ++ if (sg_dma_len(s)) { ++ orig_paddr = sg_phys(s) + sg_dma_address(s); ++ sg_set_page(s, ++ pfn_to_page(PHYS_PFN(orig_paddr)), ++ sg_dma_len(s), ++ sg_dma_address(s) & ~PAGE_MASK); ++ } + sg_dma_address(s) = DMA_MAPPING_ERROR; + sg_dma_len(s) = 0; + } +@@ -1166,15 +1255,16 @@ static int iommu_dma_map_sg(struct device *dev, struct scatterlist *sg, + * stashing the unaligned parts in the as-yet-unused DMA fields. + */ + for_each_sg(sg, s, nents, i) { +- size_t s_iova_off = iova_offset(iovad, s->offset); ++ phys_addr_t s_phys = sg_phys(s); ++ size_t s_iova_off = iova_offset(iovad, s_phys); + size_t s_length = s->length; + size_t pad_len = (mask - iova_len + 1) & mask; + + sg_dma_address(s) = s_iova_off; + sg_dma_len(s) = s_length; +- s->offset -= s_iova_off; + s_length = iova_align(iovad, s_length + s_iova_off); +- s->length = s_length; ++ sg_set_page(s, pfn_to_page(PHYS_PFN(s_phys - s_iova_off)), ++ s_length, s->offset & ~s_iova_off); + + /* + * Due to the alignment of our single IOVA allocation, we can +@@ -1412,9 +1502,15 @@ static int iommu_dma_get_sgtable(struct device *dev, struct sg_table *sgt, + void *cpu_addr, dma_addr_t dma_addr, size_t size, + unsigned long attrs) + { ++ struct iommu_domain *domain = iommu_get_dma_domain(dev); ++ struct iommu_dma_cookie *cookie = domain->iova_cookie; ++ struct iova_domain *iovad = &cookie->iovad; + struct page *page; + int ret; + ++ if (iovad->granule > PAGE_SIZE) ++ return -ENXIO; ++ + if (is_vmalloc_addr(cpu_addr)) { + struct page **pages = dma_common_find_pages(cpu_addr); + +diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c +index f2c45b85b9fc..0c370e486d6e 100644 +--- a/drivers/iommu/iommu.c ++++ b/drivers/iommu/iommu.c +@@ -80,6 +80,8 @@ static struct iommu_domain *__iommu_domain_alloc(struct bus_type *bus, + unsigned type); + static int __iommu_attach_device(struct iommu_domain *domain, + struct device *dev); ++static void __iommu_detach_device(struct iommu_domain *domain, ++ struct device *dev); + static int __iommu_attach_group(struct iommu_domain *domain, + struct iommu_group *group); + static void __iommu_detach_group(struct iommu_domain *domain, +@@ -1976,6 +1978,24 @@ void iommu_domain_free(struct iommu_domain *domain) + } + EXPORT_SYMBOL_GPL(iommu_domain_free); + ++static int iommu_check_page_size(struct iommu_domain *domain, ++ struct device *dev) ++{ ++ bool trusted = !(dev_is_pci(dev) && to_pci_dev(dev)->untrusted); ++ ++ if (!iommu_is_paging_domain(domain)) ++ return 0; ++ if (iommu_is_large_pages_domain(domain) && trusted) ++ return 0; ++ ++ if (!(domain->pgsize_bitmap & (PAGE_SIZE | (PAGE_SIZE - 1)))) { ++ pr_warn("IOMMU pages cannot exactly represent CPU pages.\n"); ++ return -EFAULT; ++ } ++ ++ return 0; ++} ++ + static int __iommu_attach_device(struct iommu_domain *domain, + struct device *dev) + { +@@ -1985,9 +2005,23 @@ static int __iommu_attach_device(struct iommu_domain *domain, + return -ENODEV; + + ret = domain->ops->attach_dev(domain, dev); +- if (!ret) +- trace_attach_device_to_domain(dev); +- return ret; ++ if (ret) ++ return ret; ++ ++ /* ++ * Check that CPU pages can be represented by the IOVA granularity. ++ * This has to be done after ops->attach_dev since many IOMMU drivers ++ * only limit domain->pgsize_bitmap after having attached the first ++ * device. ++ */ ++ ret = iommu_check_page_size(domain, dev); ++ if (ret) { ++ __iommu_detach_device(domain, dev); ++ return ret; ++ } ++ ++ trace_attach_device_to_domain(dev); ++ return 0; + } + + int iommu_attach_device(struct iommu_domain *domain, struct device *dev) +diff --git a/drivers/iommu/iova.c b/drivers/iommu/iova.c +index db77aa675145..180ce65a6789 100644 +--- a/drivers/iommu/iova.c ++++ b/drivers/iommu/iova.c +@@ -49,10 +49,11 @@ init_iova_domain(struct iova_domain *iovad, unsigned long granule, + { + /* + * IOVA granularity will normally be equal to the smallest +- * supported IOMMU page size; both *must* be capable of +- * representing individual CPU pages exactly. ++ * supported IOMMU page size; while both usually are capable of ++ * representing individual CPU pages exactly the IOVA allocator ++ * supports any granularities that are an exact power of two. + */ +- BUG_ON((granule > PAGE_SIZE) || !is_power_of_2(granule)); ++ BUG_ON(!is_power_of_2(granule)); + + spin_lock_init(&iovad->iova_rbtree_lock); + iovad->rbroot = RB_ROOT; +diff --git a/include/linux/iommu.h b/include/linux/iommu.h +index 9208eca4b0d1..dec2dd70a876 100644 +--- a/include/linux/iommu.h ++++ b/include/linux/iommu.h +@@ -63,6 +63,8 @@ struct iommu_domain_geometry { + implementation */ + #define __IOMMU_DOMAIN_PT (1U << 2) /* Domain is identity mapped */ + #define __IOMMU_DOMAIN_DMA_FQ (1U << 3) /* DMA-API uses flush queue */ ++#define __IOMMU_DOMAIN_LP (1U << 4) /* Support for PAGE_SIZE smaller ++ than IOMMU page size */ + + /* + * This are the possible domain-types +@@ -82,10 +84,12 @@ struct iommu_domain_geometry { + #define IOMMU_DOMAIN_IDENTITY (__IOMMU_DOMAIN_PT) + #define IOMMU_DOMAIN_UNMANAGED (__IOMMU_DOMAIN_PAGING) + #define IOMMU_DOMAIN_DMA (__IOMMU_DOMAIN_PAGING | \ +- __IOMMU_DOMAIN_DMA_API) ++ __IOMMU_DOMAIN_DMA_API | \ ++ __IOMMU_DOMAIN_LP) + #define IOMMU_DOMAIN_DMA_FQ (__IOMMU_DOMAIN_PAGING | \ + __IOMMU_DOMAIN_DMA_API | \ +- __IOMMU_DOMAIN_DMA_FQ) ++ __IOMMU_DOMAIN_DMA_FQ | \ ++ __IOMMU_DOMAIN_LP) + + struct iommu_domain { + unsigned type; +@@ -102,6 +106,16 @@ static inline bool iommu_is_dma_domain(struct iommu_domain *domain) + return domain->type & __IOMMU_DOMAIN_DMA_API; + } + ++static inline bool iommu_is_paging_domain(struct iommu_domain *domain) ++{ ++ return domain->type & __IOMMU_DOMAIN_PAGING; ++} ++ ++static inline bool iommu_is_large_pages_domain(struct iommu_domain *domain) ++{ ++ return domain->type & __IOMMU_DOMAIN_LP; ++} ++ + enum iommu_cap { + IOMMU_CAP_CACHE_COHERENCY, /* IOMMU can enforce cache coherent DMA + transactions */ diff --git a/machines/nat/m1-support/m1n1/default.nix b/machines/nat/m1-support/m1n1/default.nix new file mode 100644 index 0000000..f719554 --- /dev/null +++ b/machines/nat/m1-support/m1n1/default.nix @@ -0,0 +1,85 @@ +{ stdenv +, lib +, fetchFromGitHub +, pkgsCross +, python3 +, dtc +, isRelease ? false +, withTools ? true +, withChainloading ? false +, rust-bin ? null +}: + +assert withChainloading -> rust-bin != null; + +let + pyenv = python3.withPackages (p: with p; [ + construct + pyserial + ]); + + rustenv = rust-bin.selectLatestNightlyWith (toolchain: toolchain.minimal.override { + targets = [ "aarch64-unknown-none-softfloat" ]; + }); +in stdenv.mkDerivation rec { + pname = "m1n1"; + version = "1.1.3"; + + src = fetchFromGitHub { + # tracking branch: https://github.com/AsahiLinux/m1n1/tree/main + owner = "AsahiLinux"; + repo = "m1n1"; + rev = "v${version}"; + hash = "sha256-S2HLBLmgER0ZZJ5Q4EX2f1KDxnol0yCDrloDMJaLwBE="; + fetchSubmodules = true; + }; + + makeFlags = [ "ARCH=aarch64-unknown-linux-gnu-" ] + ++ lib.optional isRelease "RELEASE=1" + ++ lib.optional withChainloading "CHAINLOADING=1"; + + nativeBuildInputs = [ + dtc + pkgsCross.aarch64-multiplatform.buildPackages.gcc + ] ++ lib.optional withChainloading rustenv; + + postPatch = '' + substituteInPlace proxyclient/m1n1/asm.py \ + --replace 'aarch64-linux-gnu-' 'aarch64-unknown-linux-gnu-' \ + --replace 'TOOLCHAIN = ""' 'TOOLCHAIN = "'$out'/toolchain-bin/"' + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/build + cp build/m1n1.macho $out/build + cp build/m1n1.bin $out/build + '' + (lib.optionalString withTools '' + mkdir -p $out/{bin,script,toolchain-bin} + cp -r proxyclient $out/script + cp -r tools $out/script + + for toolpath in $out/script/proxyclient/tools/*.py; do + tool=$(basename $toolpath .py) + script=$out/bin/m1n1-$tool + cat > $script < m1n1-u-boot.macho + cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin + ''; +})