#
# Mach Operating System
# Copyright (c) 1986 Carnegie-Mellon University
-# Copyright 2001-2014 Apple Inc.
+# Copyright 2001-2018 Apple Inc.
#
# All rights reserved. The CMU software License Agreement
# specifies the terms and conditions for use and redistribution.
options MACH_HOST # Mach host (resource alloc.) # <host>
options MACH_IPC_COMPAT # Enable old IPC interface # <ipc_compat>
options MACH_IPC_TEST # Testing code/printfs # <ipc_test>
+options MACH_FLIPC # Fast-Local IPC # <mach_flipc>
options MACH_NP # Mach IPC support # <np>
options MACH_NBC # No buffer cache # <nbc>
options MACH_NET # Fast network access # <mach_net>
options LOOP # loopback support # <loop>
options VLAN # # <vlan>
options BOND # # <bond>
+options IF_FAKE # # <if_fake>
options AH_ALL_CRYPTO # AH all crypto algs # <ah_all_crypto>
options IPCOMP_ZLIB # IP compression using zlib # <ipcomp_zlib>
options PF # Packet Filter # <pf>
-options PF_ALTQ # PF ALTQ (Alternate Queueing) # <pf_altq>
options PF_ECN # PF use ECN marking # <pf_ecn>
options PFLOG # PF log interface # <pflog>
-options PKTSCHED_CBQ # CBQ packet scheduler # <pktsched_cbq>
-options PKTSCHED_HFSC # H-FSC packet scheduler # <pktsched_hfsc>
-options PKTSCHED_PRIQ # PRIQ packet scheduler # <pktsched_priq>
-options PKTSCHED_FAIRQ # FAIRQ packet scheduler # <pktsched_fairq>
options MEASURE_BW # interface bandwidth measurement # <measure_bw>
-options CLASSQ_BLUE # BLUE queueing algorithm # <classq_blue>
-options CLASSQ_RED # RED queueing algorithm # <classq_red>
-options CLASSQ_RIO # RIO queueing algorithm # <classq_rio>
-options IPDIVERT # Divert sockets (for NAT) # <ipdivert>
-options IPFIREWALL # IP Firewalling (used by NAT) # <ipfirewall>
-options IPFIREWALL_FORWARD #Transparent proxy # <ipfirewall>
-options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default # <ipfirewall>
options DUMMYNET # dummynet support # <dummynet>
options TRAFFIC_MGT # traffic management support # <traffic_mgt>
-options IPFW2 # IP firewall (new version) # <ipfw2>
options MULTICAST # Internet Protocol Class-D $
options TCPDEBUG # TCP debug # <tcpdebug>
options TCP_DROP_SYNFIN # Drop TCP packets with SYN+FIN set # <tcpdrop_synfin>
options NECP # <necp>
options CONTENT_FILTER # # <content_filter>
options PACKET_MANGLER # # <packet_mangler>
+
# secure_kernel - secure kernel from user programs
options SECURE_KERNEL # <secure_kernel>
options CONFIG_FSE # file system events # <config_fse>
options CONFIG_IMAGEBOOT # local image boot # <config_imageboot>
options CONFIG_MBUF_JUMBO # jumbo cluster pool # <config_mbuf_jumbo>
-options CONFIG_FORCE_OUT_IFP # Enable IP_FORCE_OUT_IFP # <config_force_out_ifp>
-options CONFIG_IFEF_NOWINDOWSCALE # Scale TCP window per driver # <config_ifef_nowindowscale>
options CONFIG_WORKQUEUE # <config_workqueue>
+options CONFIG_WORKLOOP_DEBUG # <config_workloop_debug>
#
# 4.4 filesystems
#
-options HFS # HFS/HFS+ support # <hfs>
options MOCKFS # Boot from an executable # <mockfs>
options FIFO # fifo support # <fifo>
options FDESC # fdesc_fs support # <fdesc>
options DEVFS # devfs support # <devfs>
-options JOURNALING # journaling support # <journaling>
-options HFS_COMPRESSION # hfs compression # <hfs_compression>
-options CONFIG_HFS_STD # hfs standard support # <config_hfs_std>
-options CONFIG_HFS_TRIM # hfs trims unused blocks # <config_hfs_trim>
-options CONFIG_HFS_MOUNT_UNMAP # hfs trims blocks at mount # <config_hfs_mount_unmap>
-options CONFIG_HFS_DIRLINK # allow directory hardlink creation # <config_hfs_dirlink>
+options ROUTEFS # routefs support # <routefs>
+options NULLFS # nullfs support # <nullfs>
+options FS_COMPRESSION # fs compression # <fs_compression>
options CONFIG_DEV_KMEM # /dev/kmem device for reading KVA # <config_dev_kmem>
#
options CONFIG_TRIGGERS # trigger vnodes # <config_triggers>
options CONFIG_EXT_RESOLVER # e.g. memberd # <config_ext_resolver>
options CONFIG_SEARCHFS # searchfs syscall support # <config_searchfs>
-options CONFIG_SECLUDED_RENAME # secluded rename syscall # <config_secluded_rename>
+options CONFIG_MNT_SUID # allow suid binaries # <config_mnt_suid>
+options CONFIG_MNT_ROOTSNAP # allow rooting from snapshot # <config_mnt_rootsnap>
#
# NFS support
options CRYPTO_SHA2 # <crypto_sha2>
options ENCRYPTED_SWAP # <encrypted_swap>
+options CONFIG_IMG4 # <config_img4>
+
options ZLIB # inflate/deflate support # <zlib>
options IF_BRIDGE # <if_bridge>
#
# configurable vfs related resources
# CONFIG_VNODES - used to pre allocate vnode related resources
-# CONFIG_VNODE_FREE_MIN - mininmum number of free vnodes
# CONFIG_NC_HASH - name cache hash table allocation
# CONFIG_VFS_NAMES - name strings
#
options CONFIG_VNODES=10240 # <small>
options CONFIG_VNODES=750 # <bsmall>
-options CONFIG_VNODE_FREE_MIN=500 # <large,xlarge>
-options CONFIG_VNODE_FREE_MIN=300 # <medium>
-options CONFIG_VNODE_FREE_MIN=200 # <small>
-options CONFIG_VNODE_FREE_MIN=100 # <xsmall>
-options CONFIG_VNODE_FREE_MIN=75 # <bsmall>
-
options CONFIG_NC_HASH=5120 # <large,xlarge>
options CONFIG_NC_HASH=4096 # <medium>
options CONFIG_NC_HASH=2048 # <small,xsmall>
#
# configurable kernel message buffer size
#
-options CONFIG_MSG_BSIZE=4096 # <bsmall,small,xsmall>
-options CONFIG_MSG_BSIZE=16384 # <medium,large,xlarge>
+options CONFIG_MSG_BSIZE_REL=4096 # <bsmall,small,xsmall>
+options CONFIG_MSG_BSIZE_DEV=4096 # <bsmall,small,xsmall>
+options CONFIG_MSG_BSIZE_REL=16384 # <medium,large,xlarge>
+options CONFIG_MSG_BSIZE_DEV=131072 # <medium,large,xlarge>
+options CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_REL # <!development,debug>
+options CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_DEV # <development,debug>
#
# maximum size of the per-process Mach IPC table
#
# configurable kernel - use these options to strip strings from panic
# and printf calls.
-# no_panic_str - saves around 50K of kernel footprint.
# no_printf_str - saves around 45K of kernel footprint.
#
-options CONFIG_NO_PANIC_STRINGS # <no_panic_str>
options CONFIG_NO_PRINTF_STRINGS # <no_printf_str>
options CONFIG_NO_KPRINTF_STRINGS # <no_kprintf_str>
#
options CONFIG_FINE_LOCK_GROUPS # <medium,large,xlarge>
+#
+# configurable kernel - general switch to say we are building for an
+# embedded device
+#
+options CONFIG_EMBEDDED # <config_embedded>
+
# support dynamic signing of code
#
#
options CONFIG_PROTECT # <config_protect>
+#allow write-protection of key page
+options CONFIG_KEYPAGE_WP # <config_keypage_wp>
+
#
# enable per-process memory priority tracking
#
#
options CONFIG_JETSAM # <jetsam>
+#
+# enable new link table implementation stats/debugging
+# (adds mesaureable overhead)
+#
+options CONFIG_LTABLE_STATS # <config_ltable_stats>
+options CONFIG_LTABLE_DEBUG # <config_ltable_debug>
+
#
# enable new wait queue implementation stats / debugging
#
#
options VM_PRESSURE_EVENTS # <vm_pressure_events>
+options CONFIG_SECLUDED_MEMORY # <config_secluded_memory>
+
+options CONFIG_BACKGROUND_QUEUE # <config_background_queue>
+
+#
+# Ledger features
+#
+options CONFIG_LEDGER_INTERVAL_MAX # <config_ledger_interval_max>
+
#
# I/O Scheduling
#
options CONFIG_IOSCHED # <config_iosched>
+#
+# Accounting for I/O usage
+#
+options CONFIG_IO_ACCOUNTING # <config_io_accounting>
+
#
# Enable inheritance of importance through specially marked mach ports and for file locks
# For now debug is enabled wherever inheritance is
#
options IMPORTANCE_INHERITANCE # <importance_inheritance>
-options IMPORTANCE_DEBUG # <importance_inheritance>
+options IMPORTANCE_TRACE # <importance_trace>
+options IMPORTANCE_DEBUG # <importance_debug>
options CONFIG_TELEMETRY # <config_telemetry>
#
options CONFIG_ECC_LOGGING # <config_ecc_logging>
+#
+# Application core dumps
+#
+options CONFIG_COREDUMP # <config_coredump>
+
+#
+# Vnode guards
+#
+options CONFIG_VNGUARD # <config_vnguard>
+
#
# Ethernet (ARP)
#
pseudo-device fbt 1 init fbt_init # <config_dtrace>
pseudo-device profile_prvd 1 init profile_init # <config_dtrace>
+
#
# IOKit configuration options
#
#
options LIBKERNCPP # C++ implementation # <libkerncpp>
+options CONFIG_BLOCKS # Blocks runtime # <config_blocks>
options CONFIG_KXLD # kxld/runtime linking of kexts # <config_kxld>
options CONFIG_KEC_FIPS # Kernel External Components for FIPS compliance (KEC_FIPS) # <config_kec_fips>
#
options CONFIG_KEXT_BASEMENT # # <config_kext_basement>
+#
+# Persona Management
+#
+options CONFIG_PERSONAS # Persona management # <config_personas>
+options PERSONA_DEBUG # Persona debugging # <persona_debug>
+
#
# security configuration options
#
# forcibly suspending tasks when the demand exceeds supply. This
# option should be on.
#
-options MACH_PAGEMAP # <mach_pagemap>
-options MACH_RT
options TASK_SWAPPER # <task_swapper_disabled>
#
# operations on each element.
#
options ZONE_DEBUG # # <debug>
-
+options CONFIG_ZCACHE #Enable per-cpu caching for zones # <config_zcache>
options CONFIG_ZLEAKS # Live zone leak debugging # <zleaks>
-#
-options ZONE_ALIAS_ADDR # # <zone_alias_addr>
-
-
#
# CONFIG_TASK_ZONE_INFO allows per-task zone information to be extracted
# Primarily useful for xnu debug and development.
options KPERF # <kperf>
options KPC # <kpc>
+
+options PGO # <pgo>
+
# MACH_COUNTERS enables code that handles various counters in the system.
#
options MACH_COUNTERS # # <debug>
options PROC_REF_DEBUG # <proc_ref_debug>
#
-# Kernel Voucher Attr Manager for Activity Trace
+# Kernel OS reason debug instrumentation
#
-options CONFIG_ATM # <config_atm>
+options OS_REASON_DEBUG # <os_reason_debug>
#
-# Kernel Voucher Attr Manager for BANK
+# Kernel Voucher Attr Manager for Activity Trace
#
-options CONFIG_BANK # <config_bank>
-
+options CONFIG_ATM # <config_atm>
# Group related tasks together into coalitions
options CONFIG_COALITIONS # <config_coalitions>
# Syscall options
#
options CONFIG_REQUIRES_U32_MUNGING # incoming U32 argument structures must be munged to match U64 # <config_requires_u32_munging>
+
+#
+# copyout() instrumentation
+#
+options COPYOUT_SHIM # Shim for copyout memory analysis via kext #<copyout_shim>
+
+
+#
+# Telemetry for 32-bit process launch
+#
+options CONFIG_32BIT_TELEMETRY # # <config_32bit_telemetry>
+
+options CONFIG_QUIESCE_COUNTER # Support for _COMM_PAGE_CPU_QUIESCENT_COUNTER # <config_quiesce_counter>
+