]> git.saurik.com Git - apple/xnu.git/blobdiff - config/MASTER
xnu-7195.50.7.100.1.tar.gz
[apple/xnu.git] / config / MASTER
index cdacdd750d1a4827a36c9bf8432409145b76d7e9..d429f82a2378b621077f92c6fd2af150176221fb 100644 (file)
@@ -1,11 +1,11 @@
 #
 # Mach Operating System
 # Copyright (c) 1986 Carnegie-Mellon University
-# Copyright 2001-2014 Apple Inc.
+# Copyright 2001-2018 Apple Inc.
 #
 # All rights reserved.  The CMU software License Agreement
 # specifies the terms and conditions for use and redistribution.
-#  
+#
 #######################################################################
 #
 #      Master machine independent configuration file.
@@ -48,7 +48,7 @@
 #      medium = medium scale system configuration
 #      small  = small scale system configuration
 #      xsmall = extra small scale system configuration
-#      bsmall = special extra small scale system configuration 
+#      bsmall = special extra small scale system configuration
 #
 #######################################################################
 #
@@ -68,29 +68,22 @@ options     MACH_NP         # Mach IPC support              # <np>
 options                MACH_NBC        # No buffer cache               # <nbc>
 options                MACH_NET        # Fast network access           # <mach_net>
 options                MACH_XP         # external pager support        # <xp>
-options                NO_DIRECT_RPC   # for untyped mig servers       # 
+options                NO_DIRECT_RPC   # for untyped mig servers       #
 options                LOOP            # loopback support              # <loop>
 options                VLAN            #                               # <vlan>
+options                SIXLOWPAN       # 6LoWPAN support               # <sixlowpan>
 options                BOND            #                               # <bond>
+options                IF_FAKE         #                               # <if_fake>
+options                IF_HEADLESS     #                               # <if_headless>
 options                AH_ALL_CRYPTO   # AH all crypto algs            # <ah_all_crypto>
-options                IPCOMP_ZLIB     # IP compression using zlib     # <ipcomp_zlib>
 options                PF              # Packet Filter                 # <pf>
-options                PF_ALTQ         # PF ALTQ (Alternate Queueing)  # <pf_altq>
 options                PF_ECN          # PF use ECN marking            # <pf_ecn>
 options                PFLOG           # PF log interface              # <pflog>
-options                PKTSCHED_CBQ    # CBQ packet scheduler          # <pktsched_cbq>
-options                PKTSCHED_HFSC   # H-FSC packet scheduler        # <pktsched_hfsc>
-options                PKTSCHED_PRIQ   # PRIQ packet scheduler         # <pktsched_priq>
-options                PKTSCHED_FAIRQ  # FAIRQ packet scheduler        # <pktsched_fairq>
 options                MEASURE_BW      # interface bandwidth measurement # <measure_bw>
-options                CLASSQ_BLUE     # BLUE queueing algorithm       # <classq_blue>
-options                CLASSQ_RED      # RED queueing algorithm        # <classq_red>
-options                CLASSQ_RIO      # RIO queueing algorithm        # <classq_rio>
 options                DUMMYNET        # dummynet support              # <dummynet>
 options                TRAFFIC_MGT     # traffic management support            # <traffic_mgt>
 options                MULTICAST       # Internet Protocol Class-D     $
 options                TCPDEBUG        # TCP debug                     # <tcpdebug>
-options                TCP_DROP_SYNFIN # Drop TCP packets with SYN+FIN set     # <tcpdrop_synfin>
 options                ICMP_BANDLIM    # ICMP bandwidth limiting sysctl
 options                IFNET_INPUT_SANITY_CHK  # allow dlil/ifnet input sanity check # <ifnet_input_chk>
 options                MULTIPATH       # Multipath domain              # <multipath>
@@ -103,29 +96,32 @@ options            FLOW_DIVERT                                                             # <flow_divert>
 options                NECP                                                                    # <necp>
 options                CONTENT_FILTER  #                                               # <content_filter>
 options        PACKET_MANGLER  #                                               # <packet_mangler>
-
+options        SIXLOWPAN       #               # <sixlowpan>
 # secure_kernel - secure kernel from user programs
-options     SECURE_KERNEL       # <secure_kernel> 
+options     SECURE_KERNEL       # <secure_kernel>
 
 options     OLD_SEMWAIT_SIGNAL  # old semwait_signal handler
 
 #
-#      4.4 general kernel 
+#      4.4 general kernel
 #
-options                SOCKETS         # socket support                # <inet, inet6>
+options                SOCKETS         # socket support                # <inet>
 options        DIAGNOSTIC      # diagnostics                   # <diagnostic>
-options                GPROF           # build profiling               # <profile>
 options                PROFILE         # kernel profiling              # <profile>
 options                SENDFILE        # sendfile                                      # <sendfile>
-options                NETWORKING      # networking layer              # <inet, inet6>
+options                NETWORKING      # networking layer              # <inet>
 options                CONFIG_FSE      # file system events            # <config_fse>
 options                CONFIG_IMAGEBOOT        # local image boot      # <config_imageboot>
+options                CONFIG_LOCKERBOOT       # locker boot   # <config_lockerboot>
 options                CONFIG_MBUF_JUMBO       # jumbo cluster pool    # <config_mbuf_jumbo>
+options                CONFIG_IMAGEBOOT_IMG4   # authenticate image with AppleImage4   # <config_imageboot_img4>
+options                CONFIG_IMAGEBOOT_CHUNKLIST      # authenticate image with a chunk list  # <config_imageboot_chunklist>
 
 options                CONFIG_WORKQUEUE        # <config_workqueue>
+options                CONFIG_WORKLOOP_DEBUG   # <config_workloop_debug>
 
 #
-#      4.4 filesystems 
+#      4.4 filesystems
 #
 options                MOCKFS          # Boot from an executable       # <mockfs>
 options                FIFO            # fifo support                  # <fifo>
@@ -133,6 +129,7 @@ options             FDESC           # fdesc_fs support              # <fdesc>
 options                DEVFS           # devfs support                 # <devfs>
 options                ROUTEFS         # routefs support               # <routefs>
 options                NULLFS          # nullfs support                # <nullfs>
+options                BINDFS          # bindfs support                # <bindfs>
 options                FS_COMPRESSION  # fs compression            # <fs_compression>
 options                CONFIG_DEV_KMEM     # /dev/kmem device for reading KVA  # <config_dev_kmem>
 
@@ -148,28 +145,33 @@ options           CONFIG_TRIGGERS # trigger vnodes                # <config_triggers>
 options                CONFIG_EXT_RESOLVER # e.g. memberd              # <config_ext_resolver>
 options                CONFIG_SEARCHFS # searchfs syscall support      # <config_searchfs>
 options                CONFIG_MNT_SUID # allow suid binaries  # <config_mnt_suid>
+options                CONFIG_MNT_ROOTSNAP # allow rooting from snapshot # <config_mnt_rootsnap>
+options        CONFIG_ROSV_STARTUP # allow read-only system volume startup # <config_rosv_startup>
+options                CONFIG_FIRMLINKS # support "firmlinks" # <config_firmlinks>
+options        CONFIG_MOUNT_VM # mount VM volume on startup # <config_mount_vm>
+options        CONFIG_MOUNT_PREBOOTRECOVERY # mount Preboot and/or Recovery volume on startup # <config_mount_prebootrecovery>
+options                CONFIG_DATALESS_FILES # support dataless file materialization # <config_dataless_files>
+options         CONFIG_BASESYSTEMROOT # mount BaseSystem as initial root filesystem on some kinds of startup # <config_basesystemroot>
 
 #
 # NFS support
 #
 options                NFSCLIENT       # Be an NFS client              # <nfsclient>
 options                NFSSERVER       # Be an NFS server              # <nfsserver>
+options                CONFIG_NFS_GSS  # Support NFS GSSAPI            # <config_nfs_gss>
+options                CONFIG_NFS4     # Use NFSv4                     # <config_nfs4>
+options                CONFIG_NETBOOT  # network booting (requires NFSCLIENT) # <config_netboot>
 
 #
 # Machine Independent Apple Features
 #
 profile                                # build a profiling kernel      # <profile>
 
-#       
+#
 # IPv6 Support
-#       
-options         "INET6"         # kernel IPv6 Support           # <inet6>
-options         IPV6SEND       # Secure Neighbor Discovery     # <ipv6send>
+#
 options         IPSEC           # IP security                  # <ipsec>
 options         IPSEC_ESP       # IP security                  # <ipsec>
-options         "IPV6FIREWALL"  # IPv6 Firewall Feature        # <ipv6firewall>
-options         "IPV6FIREWALL_DEFAULT_TO_ACCEPT"       #IPv6 Firewall Feature          # <ipv6firewall>
-#options         "IPV6FIREWALL_VERBOSE"                #IPv6 Firewall Feature          # <ipv6firewall>
 
 pseudo-device   gif     1                              # <gif>
 pseudo-device   dummy   2                              # <dummy>
@@ -179,28 +181,30 @@ options                   CRYPTO                          # <ipsec,crypto>
 options                        CRYPTO_SHA2                     # <crypto_sha2>
 options                        ENCRYPTED_SWAP                  # <encrypted_swap>
 
+options                        CONFIG_IMG4                     # <config_img4>
+
 options                ZLIB    # inflate/deflate support       # <zlib>
+options                ZLIBC   # inflate/deflate support       # <zlibc>
 
 options                IF_BRIDGE                               # <if_bridge>
 
 #
-#  configurable kernel event related resources 
+#  configurable kernel event related resources
 #
 options   CONFIG_KN_HASHSIZE=64                # <medium,large,xlarge>
 options   CONFIG_KN_HASHSIZE=48                # <small,xsmall>
 options   CONFIG_KN_HASHSIZE=20                # <bsmall>
 
 #
-#  configurable vfs related resources 
-#  CONFIG_VNODES - used to pre allocate vnode related resources 
-#  CONFIG_VNODE_FREE_MIN - mininmum number of free vnodes 
+#  configurable vfs related resources
+#  CONFIG_VNODES - used to pre allocate vnode related resources
 #  CONFIG_NC_HASH - name cache hash table allocation
 #  CONFIG_VFS_NAMES - name strings
 #
-#  263168 magic number for medium CONFIG_VNODES is based on memory 
-#  Number vnodes  is (memsize/64k) + 1024 
+#  263168 magic number for medium CONFIG_VNODES is based on memory
+#  Number vnodes  is (memsize/64k) + 1024
 #  This is the calculation that is used by launchd in tiger
-#  we are clipping the max based on 16G 
+#  we are clipping the max based on 16G
 #  ie ((16*1024*1024*1024)/(64 *1024)) + 1024 = 263168;
 
 options   CONFIG_VNODES=263168         # <large,xlarge>
@@ -208,12 +212,6 @@ options   CONFIG_VNODES=263168             # <medium>
 options   CONFIG_VNODES=10240          # <small>
 options   CONFIG_VNODES=750            # <bsmall>
 
-options   CONFIG_VNODE_FREE_MIN=500    # <large,xlarge>
-options   CONFIG_VNODE_FREE_MIN=300    # <medium>
-options   CONFIG_VNODE_FREE_MIN=200    # <small>
-options   CONFIG_VNODE_FREE_MIN=100    # <xsmall>
-options   CONFIG_VNODE_FREE_MIN=75     # <bsmall>
-
 options   CONFIG_NC_HASH=5120          # <large,xlarge>
 options   CONFIG_NC_HASH=4096          # <medium>
 options   CONFIG_NC_HASH=2048          # <small,xsmall>
@@ -228,7 +226,7 @@ options   CONFIG_MAX_CLUSTERS=8             # <xlarge,large,medium>
 options   CONFIG_MAX_CLUSTERS=4                # <small,xsmall,bsmall>
 
 #
-#  configurable options for minumum number of buffers for kernel memory 
+#  configurable options for minumum number of buffers for kernel memory
 #
 options   CONFIG_MIN_NBUF=256          # <medium,large,xlarge>
 options   CONFIG_MIN_NBUF=128          # <small>
@@ -259,7 +257,7 @@ options CONFIG_ICMP_BANDLIM=250             # <medium,large,xlarge>
 options CONFIG_ICMP_BANDLIM=50         # <xsmall,small,bsmall>
 
 #
-#  configurable async IO options 
+#  configurable async IO options
 #  CONFIG_AIO_MAX - system wide limit of async IO requests.
 #  CONFIG_AIO_PROCESS_MAX - process limit of async IO requests.
 #  CONFIG_AIO_THREAD_COUNT - number of async IO worker threads created.
@@ -295,8 +293,12 @@ options   CONFIG_MFCTBLSIZ=16                      # <bsmall>
 #
 # configurable kernel message buffer size
 #
-options   CONFIG_MSG_BSIZE=4096                        # <bsmall,small,xsmall>
-options   CONFIG_MSG_BSIZE=16384               # <medium,large,xlarge>
+options   CONFIG_MSG_BSIZE_REL=4096            # <msgb_small>
+options   CONFIG_MSG_BSIZE_DEV=4096            # <msgb_small>
+options   CONFIG_MSG_BSIZE_REL=16384           # <msgb_large>
+options   CONFIG_MSG_BSIZE_DEV=131072          # <msgb_large>
+options   CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_REL        # <!development,debug>
+options   CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_DEV        # <development,debug>
 
 #
 # maximum size of the per-process Mach IPC table
@@ -304,31 +306,42 @@ options   CONFIG_MSG_BSIZE=16384          # <medium,large,xlarge>
 options   CONFIG_IPC_TABLE_ENTRIES_STEPS=64    # 137898 entries        # <bsmall,small,xsmall>
 options   CONFIG_IPC_TABLE_ENTRIES_STEPS=256   # 300714 entries        # <medium,large,xlarge>
 
-
 #
 #  configurable kernel - use these options to strip strings from panic
 #  and printf calls.
-#  no_panic_str - saves around 50K of kernel footprint.
 #  no_printf_str - saves around 45K of kernel footprint.
 #
-options   CONFIG_NO_PANIC_STRINGS              # <no_panic_str>
 options   CONFIG_NO_PRINTF_STRINGS             # <no_printf_str>
 options   CONFIG_NO_KPRINTF_STRINGS            # <no_kprintf_str>
 
+# support vsprintf (deprecated in favor of vsnprintf)
+options   CONFIG_VSPRINTF               # <vsprintf>
+
 #
-# use finer-grained lock groups for the proc subsystem
+# configurable kernel - general switch to say we are building for an
+# embedded device
 #
-options   CONFIG_FINE_LOCK_GROUPS               # <medium,large,xlarge>
+options   CONFIG_EMBEDDED                      # <config_embedded>
+
+options   CONFIG_ARROW              # <config_arrow>
 
 
 # support dynamic signing of code
 #
 options                CONFIG_DYNAMIC_CODE_SIGNING     # <dynamic_codesigning>
 
-# enforce library validation on all processes. 
+# enforce library validation on all processes.
 #
 options                CONFIG_ENFORCE_LIBRARY_VALIDATION  # <config_library_validation>
 
+# support loading a second static trust cache
+#
+options CONFIG_SECOND_STATIC_TRUST_CACHE # <second_static_trust_cache>
+
+# support supplemental signatures
+#
+options CONFIG_SUPPLEMENTAL_SIGNATURES # <config_supplemental_signatures>
+
 #
 # code decryption... used on embedded for app protection, DSMOS on desktop
 #
@@ -339,11 +352,23 @@ options           CONFIG_CODE_DECRYPTION          # <config_code_decryption>
 #
 options                CONFIG_PROTECT                  # <config_protect>
 
+#allow write-protection of key page
+options                CONFIG_KEYPAGE_WP               # <config_keypage_wp>
+
+#
+# allow vm_pageout_scan to dynamically adjust its priority based on priorities of waiters
+#
+options                CONFIG_VPS_DYNAMIC_PRIO         # <vps_dynamic_prio>
+
 #
 # enable per-process memory priority tracking
 #
 options                CONFIG_MEMORYSTATUS             # <memorystatus>
 
+#
+# enable per-process dirty-status tracking
+#
+options                CONFIG_DIRTYSTATUS_TRACKING     # <dirtystatus_tracking>
 #
 # enable jetsam - used on embedded
 #
@@ -369,6 +394,11 @@ options            CONFIG_FREEZE                   # <freeze>
 
 options                CHECK_CS_VALIDATION_BITMAP      # <config_cs_validation_bitmap>
 
+#
+# enable physical writes accounting
+#
+options                CONFIG_PHYS_WRITE_ACCT          # <phys_write_acct>
+
 #
 # enable detectiion of file cache thrashing - used on platforms with
 # dynamic VM compression enabled
@@ -384,6 +414,11 @@ options            CONFIG_SECLUDED_MEMORY          # <config_secluded_memory>
 
 options                CONFIG_BACKGROUND_QUEUE         # <config_background_queue>
 
+#
+# Ledger features
+#
+options                CONFIG_LEDGER_INTERVAL_MAX      # <config_ledger_interval_max>
+
 #
 # I/O Scheduling
 #
@@ -399,7 +434,8 @@ options     CONFIG_IO_ACCOUNTING            # <config_io_accounting>
 # For now debug is enabled wherever inheritance is
 #
 options                IMPORTANCE_INHERITANCE          # <importance_inheritance>
-options                IMPORTANCE_DEBUG                # <importance_inheritance>
+options                IMPORTANCE_TRACE                # <importance_trace>
+options                IMPORTANCE_DEBUG                # <importance_debug>
 
 options                CONFIG_TELEMETRY                # <config_telemetry>
 
@@ -407,7 +443,7 @@ options             CONFIG_PROC_UUID_POLICY         # <config_proc_uuid_policy>
 
 #
 # ECC data logging
-# 
+#
 options                CONFIG_ECC_LOGGING              # <config_ecc_logging>
 
 #
@@ -415,14 +451,19 @@ options           CONFIG_ECC_LOGGING              # <config_ecc_logging>
 #
 options                CONFIG_COREDUMP                 # <config_coredump>
 
+#
+# Vnode guards
+#
+options                CONFIG_VNGUARD                  # <config_vnguard>
+
 #
 #  Ethernet (ARP)
 #
-pseudo-device  ether                           # <networking,inet,inet6>
+pseudo-device  ether                           # <networking,inet>
 #
 #  Network loopback device
 #
-pseudo-device  loop                            # <networking,inet,inet6>
+pseudo-device  loop                            # <networking,inet>
 #
 #  UCB pseudo terminal service
 #
@@ -450,7 +491,7 @@ pseudo-device       mdevdevice      1       init    mdevinit
 #
 # packet filter device
 #
-pseudo-device  bpfilter        4       init    bpf_init                # <networking,inet,inet6>
+pseudo-device  bpfilter        4       init    bpf_init                # <networking,inet>
 
 #
 # fsevents device
@@ -460,11 +501,13 @@ pseudo-device     random          1       init    random_init
 pseudo-device  dtrace          1       init    dtrace_init     # <config_dtrace>
 pseudo-device  helper          1       init    helper_init     # <config_dtrace>
 pseudo-device  lockstat        1       init    lockstat_init   # <config_dtrace>
+pseudo-device  lockprof        1       init    lockprof_init   # <config_dtrace>
 pseudo-device  sdt             1       init    sdt_init        # <config_dtrace>
 pseudo-device  systrace        1       init    systrace_init   # <config_dtrace>
 pseudo-device  fbt             1       init    fbt_init        # <config_dtrace>
 pseudo-device  profile_prvd    1       init    profile_init    # <config_dtrace>
 
+
 #
 # IOKit configuration options
 #
@@ -474,7 +517,7 @@ options             IOKITCPP        # C++ implementation    # <iokitcpp>
 options                IOKITSTATS      # IOKit statistics      # <iokitstats>
 options                IOTRACKING      # IOKit tracking        # <iotracking>
 options                CONFIG_SLEEP    #                       # <config_sleep>
-options   CONFIG_MAX_THREADS=64        # IOConfigThread threads
+options                CONFIG_MAX_THREADS=500  # IOConfigThread threads
 options         NO_KEXTD                               # <no_kextd>
 options         NO_KERNEL_HID                          # <no_kernel_hid>
 
@@ -483,6 +526,7 @@ options         NO_KERNEL_HID                       # <no_kernel_hid>
 #
 
 options                LIBKERNCPP              # C++ implementation    # <libkerncpp>
+options                CONFIG_BLOCKS           # Blocks runtime        # <config_blocks>
 options                CONFIG_KXLD             # kxld/runtime linking of kexts # <config_kxld>
 options                CONFIG_KEC_FIPS         # Kernel External Components for FIPS compliance (KEC_FIPS) # <config_kec_fips>
 
@@ -511,12 +555,19 @@ options           PERSONA_DEBUG       # Persona debugging     # <persona_debug>
 
 options                CONFIG_MACF     # Mandatory Access Control Framework    # <config_macf>
 options                CONFIG_MACF_SOCKET_SUBSET       # MAC socket subest (no labels) # <config_macf>
-#options       CONFIG_MACF_SOCKET  # MAC socket labels     # <config_macf>
-#options       CONFIG_MACF_NET     # mbuf                  # <config_macf>
 #options       CONFIG_MACF_DEBUG   # debug                 # <config_macf>
 
 options                CONFIG_AUDIT        # Kernel auditing       # <config_audit>
 
+options                CONFIG_ARCADE           # Arcade validation support     # <config_arcade>
+
+options                CONFIG_SETUID           # setuid/setgid support # <config_setuid>
+
+options                CONFIG_SECURE_BSD_ROOT  # secure BSD root       # <config_secure_bsd_root>
+
+options                CONFIG_KAS_INFO         # kas_info support      # <config_kas_info>
+
+options                CONFIG_ZALLOC_SEQUESTER         # Sequester VA for zones # <config_zalloc_sequester>
 
 #
 # MACH configuration options.
@@ -525,7 +576,6 @@ options             CONFIG_AUDIT        # Kernel auditing       # <config_audit>
 #      forcibly suspending tasks when the demand exceeds supply. This
 #      option should be on.
 #
-options                MACH_RT
 options                TASK_SWAPPER    #       <task_swapper_disabled>
 
 #
@@ -556,12 +606,7 @@ options            MACH_VM_DEBUG   #                               # <debug>
 #      hardclock device driver.
 #
 options                MACH_MP_DEBUG   #                               # <debug>
-#
-# ZONE_DEBUG keeps track of all zalloc()ed elements to perform further
-#      operations on each element.
-#
-options                ZONE_DEBUG      #               # <debug>
-
+options                CONFIG_ZCACHE   # Enable per-cpu caching for zones      # <config_zcache>
 options                CONFIG_ZLEAKS   # Live zone leak debugging      # <zleaks>
 
 #
@@ -574,20 +619,12 @@ options           CONFIG_TASK_ZONE_INFO           # <task_zone_info>
 # available when the kernel is being debugged.
 #
 options                CONFIG_DEBUGGER_FOR_ZONE_INFO   # <debugger_for_zone_info>
-# 
-# XPR_DEBUG enables the gathering of data through the XPR macros inserted
-#      into various subsystems. This option is normally only enabled for
-#      specific performance or behavior studies, as the overhead in both
-#      code and data space is large. The data is normally retrieved through
-#      the kernel debugger (kdb) or by reading /dev/kmem.
-#      
-options                XPR_DEBUG       #               # <debug>
-# 
+#
 # MACH_LDEBUG controls the internal consistency checks and
 #      data gathering in the locking package. This also enables a debug-only
 #      version of simple-locks on uniprocessor machines. The code size and
 #      performance impact of this option is significant.
-# 
+#
 options                MACH_LDEBUG     #               # <debug>
 
 #
@@ -603,14 +640,17 @@ options           NO_KDEBUG               # no kernel tracing     # <no_kdebug>
 #
 options                CONFIG_DTRACE           #                   # <config_dtrace>
 
+options                LOCK_STATS              #                   # <lock_stats>
+
 # kernel performance tracing
 options     KPERF                  # <kperf>
 options     KPC                    # <kpc>
 
+
 options     PGO                    # <pgo>
 
 # MACH_COUNTERS enables code that handles various counters in the system.
-# 
+#
 options                MACH_COUNTERS   #                           # <debug>
 
 # DEVELOPMENT define for development builds
@@ -618,6 +658,7 @@ options             DEVELOPMENT     # dev kernel                # <development>
 
 # DEBUG kernel
 options                DEBUG           # general debugging code    # <debug>
+options                CONFIG_NONFATAL_ASSERTS # non fatal asserts     # <softasserts>
 
 ##########################################################
 #
@@ -642,7 +683,7 @@ options             MACH_BSD        # BSD subsystem on top of Mach  # <mach_bsd>
 options         IOKIT          #                               # <iokit>
 
 #
-#  configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in 
+#  configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in
 #  sync with bsd/conf/MASTER until we fix the config system... todo XXX
 #
 options   CONFIG_THREAD_MAX=2560               # <medium,large,xlarge>
@@ -653,12 +694,13 @@ options   CONFIG_TASK_MAX=1024                    # <medium,large,xlarge>
 options   CONFIG_TASK_MAX=768                  # <small,>
 options   CONFIG_TASK_MAX=512                  # <xsmall,bsmall>
 
-options   CONFIG_ZONE_MAP_MIN=12582912 # <medium,large,xlarge>
-options   CONFIG_ZONE_MAP_MIN=6291456  # <small>
-options   CONFIG_ZONE_MAP_MIN=1048576  # <xsmall,bsmall>
+#
+# Minimum zone map size: 115 MB
+#
+options   CONFIG_ZONE_MAP_MIN=120586240        # <xsmall,bsmall,small,medium,large,xlarge>
 
-# Sizes must be a power of two for the zhash to 
-# be able to just mask off bits instead of mod 
+# Sizes must be a power of two for the zhash to
+# be able to just mask off bits instead of mod
 options          CONFIG_ZLEAK_ALLOCATION_MAP_NUM=16384 #<medium,large,xlarge>
 options          CONFIG_ZLEAK_ALLOCATION_MAP_NUM=8192  #<small,xsmall,bsmall>
 options   CONFIG_ZLEAK_TRACE_MAP_NUM=8192 #<medium,large,xlarge>
@@ -676,6 +718,8 @@ options             CONFIG_SCHED_GRRR               # <config_sched_grrr>
 options                CONFIG_SCHED_GRRR_CORE          # <config_sched_grrr>
 options                CONFIG_SCHED_MULTIQ             # <config_sched_multiq>
 options                CONFIG_SCHED_TIMESHARE_CORE     # <config_sched_traditional,config_sched_multiq>
+options                CONFIG_CLUTCH                   # <config_clutch>
+options        CONFIG_SCHED_AUTO_JOIN          # <config_sched_auto_join>
 
 options                CONFIG_SCHED_IDLE_IN_PLACE      # <config_sched_idle_in_place>
 options                CONFIG_SCHED_SFI                # <config_sched_sfi>
@@ -696,6 +740,7 @@ options             MACH_KDP            # KDP               # <mach_kdp>
 options                CONFIG_SERIAL_KDP   # KDP over serial   # <config_serial_kdp>
 options                CONFIG_KDP_INTERACTIVE_DEBUGGING        # <kdp_interactive_debugging>
 
+options        CONFIG_TASKWATCH
 #
 # Kernel Power On Self Tests
 #
@@ -716,12 +761,6 @@ options OS_REASON_DEBUG                                    # <os_reason_debug>
 #
 options        CONFIG_ATM                              # <config_atm>
 
-#
-# Kernel Voucher Attr Manager for BANK
-#
-options        CONFIG_BANK                             # <config_bank>
-
-
 # Group related tasks together into coalitions
 options                CONFIG_COALITIONS                       # <config_coalitions>
 
@@ -730,6 +769,7 @@ options             CONFIG_SYSDIAGNOSE                      # <config_sysdiagnose>
 
 # Configurable Security Restrictions
 options                CONFIG_CSR                              # <config_csr>
+options                CONFIG_CSR_FROM_DT              # <config_csr_from_dt>
 
 #
 # Console options
@@ -741,3 +781,44 @@ options            VIDEO_CONSOLE   # uni-directional output over framebuffer
 # Syscall options
 #
 options                CONFIG_REQUIRES_U32_MUNGING     # incoming U32 argument structures must be munged to match U64  # <config_requires_u32_munging>
+
+#
+# copyout() instrumentation
+#
+options                COPYOUT_SHIM                    # Shim for copyout memory analysis via kext #<copyout_shim>
+
+#
+# Enable hardware correlation of mach absolute time
+# across intel/arm boundary
+options                CONFIG_MACH_BRIDGE_SEND_TIME #  # <config_mach_bridge_send_time>
+options                CONFIG_MACH_BRIDGE_RECV_TIME #  # <config_mach_bridge_recv_time>
+
+#
+# Telemetry for 32-bit process launch
+#
+options                CONFIG_32BIT_TELEMETRY # # <config_32bit_telemetry>
+
+options                CONFIG_QUIESCE_COUNTER # Support for _COMM_PAGE_CPU_QUIESCENT_COUNTER # <config_quiesce_counter>
+options                CONFIG_ARM_PFZ  # Support for PFZ on ARM # <config_arm_pfz>
+
+#
+# Sanitizers
+#
+options                CONFIG_KASAN            # <config_kasan>
+options                CONFIG_UBSAN            # <config_ubsan>
+options                CONFIG_KSANCOV          # <config_ksancov>
+
+# dark boot support
+options                CONFIG_DARKBOOT         # <config_darkboot>
+
+# support for processes delaying idle sleep for pending IO
+options                CONFIG_DELAY_IDLE_SLEEP # <config_delay_idle_sleep>
+
+# support for storing a 64-bit user supplied value in the proc structure
+options                CONFIG_PROC_UDATA_STORAGE # <config_proc_udata_storage>
+
+pseudo-device ksancov 1 init ksancov_init_dev # <config_ksancov>
+
+# debug instrumentation to catch code that leaves interrupts masked
+# for an excessive period of time
+options   INTERRUPT_MASKED_DEBUG # <interrupt_masked_debug>