#
# Mach Operating System
# Copyright (c) 1986 Carnegie-Mellon University
-# Copyright 2001-2014 Apple Inc.
+# Copyright 2001-2018 Apple Inc.
#
# All rights reserved. The CMU software License Agreement
# specifies the terms and conditions for use and redistribution.
-#
+#
#######################################################################
#
# Master machine independent configuration file.
# medium = medium scale system configuration
# small = small scale system configuration
# xsmall = extra small scale system configuration
-# bsmall = special extra small scale system configuration
+# bsmall = special extra small scale system configuration
#
#######################################################################
#
-options INET # # <inet>
+options INET # # <inet>
options HW_AST # Hardware ast support # <hw_ast>
options HW_FOOTPRINT # Cache footprint support # <hw_foot>
options MACH_HOST # Mach host (resource alloc.) # <host>
options MACH_IPC_COMPAT # Enable old IPC interface # <ipc_compat>
options MACH_IPC_TEST # Testing code/printfs # <ipc_test>
+options MACH_FLIPC # Fast-Local IPC # <mach_flipc>
options MACH_NP # Mach IPC support # <np>
options MACH_NBC # No buffer cache # <nbc>
options MACH_NET # Fast network access # <mach_net>
options MACH_XP # external pager support # <xp>
-options NO_DIRECT_RPC # for untyped mig servers #
+options NO_DIRECT_RPC # for untyped mig servers #
options LOOP # loopback support # <loop>
options VLAN # # <vlan>
+options SIXLOWPAN # 6LoWPAN support # <sixlowpan>
options BOND # # <bond>
+options IF_FAKE # # <if_fake>
+options IF_HEADLESS # # <if_headless>
options AH_ALL_CRYPTO # AH all crypto algs # <ah_all_crypto>
-options IPCOMP_ZLIB # IP compression using zlib # <ipcomp_zlib>
options PF # Packet Filter # <pf>
-options PF_ALTQ # PF ALTQ (Alternate Queueing) # <pf_altq>
-options PF_ECN # PF use ECN marking # <pf_ecn>
+options PF_ECN # PF use ECN marking # <pf_ecn>
options PFLOG # PF log interface # <pflog>
-options PKTSCHED_CBQ # CBQ packet scheduler # <pktsched_cbq>
-options PKTSCHED_HFSC # H-FSC packet scheduler # <pktsched_hfsc>
-options PKTSCHED_PRIQ # PRIQ packet scheduler # <pktsched_priq>
-options PKTSCHED_FAIRQ # FAIRQ packet scheduler # <pktsched_fairq>
options MEASURE_BW # interface bandwidth measurement # <measure_bw>
-options CLASSQ_BLUE # BLUE queueing algorithm # <classq_blue>
-options CLASSQ_RED # RED queueing algorithm # <classq_red>
-options CLASSQ_RIO # RIO queueing algorithm # <classq_rio>
-options IPDIVERT # Divert sockets (for NAT) # <ipdivert>
-options IPFIREWALL # IP Firewalling (used by NAT) # <ipfirewall>
-options IPFIREWALL_FORWARD #Transparent proxy # <ipfirewall>
-options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default # <ipfirewall>
options DUMMYNET # dummynet support # <dummynet>
options TRAFFIC_MGT # traffic management support # <traffic_mgt>
-options IPFW2 # IP firewall (new version) # <ipfw2>
options MULTICAST # Internet Protocol Class-D $
options TCPDEBUG # TCP debug # <tcpdebug>
-options TCP_DROP_SYNFIN # Drop TCP packets with SYN+FIN set # <tcpdrop_synfin>
options ICMP_BANDLIM # ICMP bandwidth limiting sysctl
options IFNET_INPUT_SANITY_CHK # allow dlil/ifnet input sanity check # <ifnet_input_chk>
options MULTIPATH # Multipath domain # <multipath>
options MPTCP # Multipath TCP # <mptcp>
-options SYSV_SEM # SVID semaphores # <sysv_sem>
-options SYSV_MSG # SVID messages # <sysv_msg>
-options SYSV_SHM # SVID shared mem # <sysv_shm>
-options PSYNCH # pthread synch
# <psynch>
+options SYSV_SEM # SVID semaphores # <sysv_sem>
+options SYSV_MSG # SVID messages # <sysv_msg>
+options SYSV_SHM # SVID shared mem # <sysv_shm>
+options PSYNCH # pthread synch # <psynch>
options FLOW_DIVERT # <flow_divert>
options NECP # <necp>
options CONTENT_FILTER # # <content_filter>
options PACKET_MANGLER # # <packet_mangler>
+options SIXLOWPAN # # <sixlowpan>
# secure_kernel - secure kernel from user programs
-options SECURE_KERNEL # <secure_kernel>
+options SECURE_KERNEL # <secure_kernel>
options OLD_SEMWAIT_SIGNAL # old semwait_signal handler
#
-# 4.4 general kernel
+# 4.4 general kernel
#
-options SOCKETS # socket support # <inet, inet6>
-options DIAGNOSTIC # diagnostics # <diagnostic>
-options GPROF # build profiling # <profile>
+options SOCKETS # socket support # <inet>
+options DIAGNOSTIC # diagnostics # <diagnostic>
options PROFILE # kernel profiling # <profile>
options SENDFILE # sendfile # <sendfile>
-options NETWORKING # networking layer # <inet, inet6>
+options NETWORKING # networking layer # <inet>
options CONFIG_FSE # file system events # <config_fse>
options CONFIG_IMAGEBOOT # local image boot # <config_imageboot>
+options CONFIG_LOCKERBOOT # locker boot # <config_lockerboot>
options CONFIG_MBUF_JUMBO # jumbo cluster pool # <config_mbuf_jumbo>
-options CONFIG_FORCE_OUT_IFP # Enable IP_FORCE_OUT_IFP # <config_force_out_ifp>
-options CONFIG_IFEF_NOWINDOWSCALE # Scale TCP window per driver # <config_ifef_nowindowscale>
+options CONFIG_IMAGEBOOT_IMG4 # authenticate image with AppleImage4 # <config_imageboot_img4>
+options CONFIG_IMAGEBOOT_CHUNKLIST # authenticate image with a chunk list # <config_imageboot_chunklist>
options CONFIG_WORKQUEUE # <config_workqueue>
+options CONFIG_WORKLOOP_DEBUG # <config_workloop_debug>
#
-# 4.4 filesystems
+# 4.4 filesystems
#
-options HFS # HFS/HFS+ support # <hfs>
-options MOCKFS # Boot from an executable # <mockfs>
+options MOCKFS # Boot from an executable # <mockfs>
options FIFO # fifo support # <fifo>
options FDESC # fdesc_fs support # <fdesc>
options DEVFS # devfs support # <devfs>
-options JOURNALING # journaling support # <journaling>
-options HFS_COMPRESSION # hfs compression # <hfs_compression>
-options CONFIG_HFS_STD # hfs standard support # <config_hfs_std>
-options CONFIG_HFS_TRIM # hfs trims unused blocks # <config_hfs_trim>
-options CONFIG_HFS_MOUNT_UNMAP #hfs trims blocks at mount # <config_hfs_mount_unmap>
-options CONFIG_HFS_DIRLINK #allow directory hardlink creation # <config_hfs_dirlink>
-options CONFIG_DEV_KMEM # /dev/kmem device for reading KVA # <config_dev_kmem>
+options ROUTEFS # routefs support # <routefs>
+options NULLFS # nullfs support # <nullfs>
+options BINDFS # bindfs support # <bindfs>
+options FS_COMPRESSION # fs compression # <fs_compression>
+options CONFIG_DEV_KMEM # /dev/kmem device for reading KVA # <config_dev_kmem>
#
# file system features
options CONFIG_TRIGGERS # trigger vnodes # <config_triggers>
options CONFIG_EXT_RESOLVER # e.g. memberd # <config_ext_resolver>
options CONFIG_SEARCHFS # searchfs syscall support # <config_searchfs>
-options CONFIG_SECLUDED_RENAME # secluded rename syscall # <config_secluded_rename>
+options CONFIG_MNT_SUID # allow suid binaries # <config_mnt_suid>
+options CONFIG_MNT_ROOTSNAP # allow rooting from snapshot # <config_mnt_rootsnap>
+options CONFIG_ROSV_STARTUP # allow read-only system volume startup # <config_rosv_startup>
+options CONFIG_FIRMLINKS # support "firmlinks" # <config_firmlinks>
+options CONFIG_MOUNT_VM # mount VM volume on startup # <config_mount_vm>
+options CONFIG_MOUNT_PREBOOTRECOVERY # mount Preboot and/or Recovery volume on startup # <config_mount_prebootrecovery>
+options CONFIG_DATALESS_FILES # support dataless file materialization # <config_dataless_files>
+options CONFIG_BASESYSTEMROOT # mount BaseSystem as initial root filesystem on some kinds of startup # <config_basesystemroot>
#
# NFS support
#
options NFSCLIENT # Be an NFS client # <nfsclient>
options NFSSERVER # Be an NFS server # <nfsserver>
+options CONFIG_NFS_GSS # Support NFS GSSAPI # <config_nfs_gss>
+options CONFIG_NFS4 # Use NFSv4 # <config_nfs4>
+options CONFIG_NETBOOT # network booting (requires NFSCLIENT) # <config_netboot>
#
# Machine Independent Apple Features
#
-profile
# build a profiling kernel # <profile>
+profile # build a profiling kernel # <profile>
-#
+#
# IPv6 Support
-#
-options "INET6" # kernel IPv6 Support # <inet6>
-options IPV6SEND # Secure Neighbor Discovery # <ipv6send>
-options IPSEC # IP security # <ipsec>
-options IPSEC_ESP # IP security # <ipsec>
-options "IPV6FIREWALL" # IPv6 Firewall Feature # <ipv6firewall>
-options "IPV6FIREWALL_DEFAULT_TO_ACCEPT" #IPv6 Firewall Feature # <ipv6firewall>
-#options "IPV6FIREWALL_VERBOSE" #IPv6 Firewall Feature # <ipv6firewall>
+#
+options IPSEC # IP security # <ipsec>
+options IPSEC_ESP # IP security # <ipsec>
+
+pseudo-device gif 1 # <gif>
+pseudo-device dummy 2 # <dummy>
+pseudo-device stf 1 # <stf>
-pseudo-device gif 1 # <gif>
-pseudo-device dummy 2 # <dummy>
-pseudo-device stf 1 # <stf>
+options CRYPTO # <ipsec,crypto>
+options CRYPTO_SHA2 # <crypto_sha2>
+options ENCRYPTED_SWAP # <encrypted_swap>
-options CRYPTO # <ipsec,crypto>
-options CRYPTO_SHA2 # <crypto_sha2>
-options ENCRYPTED_SWAP # <encrypted_swap>
+options CONFIG_IMG4 # <config_img4>
-options ZLIB # inflate/deflate support # <zlib>
+options ZLIB # inflate/deflate support # <zlib>
+options ZLIBC # inflate/deflate support # <zlibc>
-options IF_BRIDGE # <if_bridge>
+options IF_BRIDGE # <if_bridge>
#
-# configurable kernel event related resources
+# configurable kernel event related resources
#
options CONFIG_KN_HASHSIZE=64 # <medium,large,xlarge>
options CONFIG_KN_HASHSIZE=48 # <small,xsmall>
options CONFIG_KN_HASHSIZE=20 # <bsmall>
#
-# configurable vfs related resources
-# CONFIG_VNODES - used to pre allocate vnode related resources
-# CONFIG_VNODE_FREE_MIN - mininmum number of free vnodes
+# configurable vfs related resources
+# CONFIG_VNODES - used to pre allocate vnode related resources
# CONFIG_NC_HASH - name cache hash table allocation
# CONFIG_VFS_NAMES - name strings
#
-# 263168 magic number for medium CONFIG_VNODES is based on memory
-# Number vnodes is (memsize/64k) + 1024
+# 263168 magic number for medium CONFIG_VNODES is based on memory
+# Number vnodes is (memsize/64k) + 1024
# This is the calculation that is used by launchd in tiger
-# we are clipping the max based on 16G
+# we are clipping the max based on 16G
# ie ((16*1024*1024*1024)/(64 *1024)) + 1024 = 263168;
options CONFIG_VNODES=263168 # <large,xlarge>
options CONFIG_VNODES=263168 # <medium>
options CONFIG_VNODES=10240 # <small>
-options CONFIG_VNODES=750 # <bsmall>
-
-options CONFIG_VNODE_FREE_MIN=500 # <large,xlarge>
-options CONFIG_VNODE_FREE_MIN=300 # <medium>
-options CONFIG_VNODE_FREE_MIN=200 # <small>
-options CONFIG_VNODE_FREE_MIN=100 # <xsmall>
-options CONFIG_VNODE_FREE_MIN=75 # <bsmall>
+options CONFIG_VNODES=750 # <bsmall>
options CONFIG_NC_HASH=5120 # <large,xlarge>
options CONFIG_NC_HASH=4096 # <medium>
options CONFIG_MAX_CLUSTERS=4 # <small,xsmall,bsmall>
#
-# configurable kauth credential related resources
-#
-options KAUTH_CRED_PRIMES_COUNT=7 # <medium,large,xlarge>
-options KAUTH_CRED_PRIMES_COUNT=3 # <bsmall,xsmall,small>
-
-options KAUTH_CRED_PRIMES="{97, 241, 397, 743, 1499, 3989, 7499}" # <medium,large,xlarge>
-options KAUTH_CRED_PRIMES="{5, 17, 97}" # <bsmall,xsmall,small>
-
-#
-# configurable options for minumum number of buffers for kernel memory
+# configurable options for minumum number of buffers for kernel memory
#
options CONFIG_MIN_NBUF=256 # <medium,large,xlarge>
options CONFIG_MIN_NBUF=128 # <small>
#
# set maximum space used for packet buffers
#
-options CONFIG_NMBCLUSTERS="((1024 * 1024) / MCLBYTES)" # <large,xlarge>
-options CONFIG_NMBCLUSTERS="((1024 * 512) / MCLBYTES)" # <medium>
-options CONFIG_NMBCLUSTERS="((1024 * 256) / MCLBYTES)" # <bsmall,xsmall,small>
+options CONFIG_NMBCLUSTERS="((1024 * 1024) / MCLBYTES)" # <large,xlarge>
+options CONFIG_NMBCLUSTERS="((1024 * 512) / MCLBYTES)" # <medium>
+options CONFIG_NMBCLUSTERS="((1024 * 256) / MCLBYTES)" # <bsmall,xsmall,small>
#
# Configure size of TCP hash table
options CONFIG_ICMP_BANDLIM=50 # <xsmall,small,bsmall>
#
-# configurable async IO options
+# configurable async IO options
# CONFIG_AIO_MAX - system wide limit of async IO requests.
# CONFIG_AIO_PROCESS_MAX - process limit of async IO requests.
# CONFIG_AIO_THREAD_COUNT - number of async IO worker threads created.
#
-options CONFIG_AIO_MAX=360 # <xlarge>
-options CONFIG_AIO_MAX=180 # <large>
+options CONFIG_AIO_MAX=360 # <xlarge>
+options CONFIG_AIO_MAX=180 # <large>
options CONFIG_AIO_MAX=90 # <medium>
options CONFIG_AIO_MAX=45 # <small>
options CONFIG_AIO_MAX=20 # <xsmall>
options CONFIG_AIO_PROCESS_MAX=8 # <xsmall>
options CONFIG_AIO_PROCESS_MAX=4 # <bsmall>
-options CONFIG_AIO_THREAD_COUNT=16 # <xlarge>
+options CONFIG_AIO_THREAD_COUNT=16 # <xlarge>
options CONFIG_AIO_THREAD_COUNT=8 # <large>
options CONFIG_AIO_THREAD_COUNT=4 # <medium>
options CONFIG_AIO_THREAD_COUNT=3 # <small>
options CONFIG_AIO_THREAD_COUNT=2 # <xsmall,bsmall>
-options CONFIG_MAXVIFS=32 # <medium,large,xlarge>
-options CONFIG_MAXVIFS=16 # <small,xsmall>
-options CONFIG_MAXVIFS=2 # <bsmall>
+options CONFIG_MAXVIFS=32 # <medium,large,xlarge>
+options CONFIG_MAXVIFS=16 # <small,xsmall>
+options CONFIG_MAXVIFS=2 # <bsmall>
options CONFIG_MFCTBLSIZ=256 # <medium,large,xlarge>
options CONFIG_MFCTBLSIZ=128 # <small,xsmall>
#
# configurable kernel message buffer size
#
-options CONFIG_MSG_BSIZE=4096 # <bsmall,small,xsmall>
-options CONFIG_MSG_BSIZE=16384 # <medium,large,xlarge>
+options CONFIG_MSG_BSIZE_REL=16384 # <msgb_small>
+options CONFIG_MSG_BSIZE_DEV=131072 # <msgb_small>
+options CONFIG_MSG_BSIZE_REL=131072 # <msgb_large>
+options CONFIG_MSG_BSIZE_DEV=131072 # <msgb_large>
+options CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_REL # <!development,debug>
+options CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_DEV # <development,debug>
+
+#
+# maximum size of the per-process Mach IPC table
+#
+options CONFIG_IPC_TABLE_ENTRIES_STEPS=64 # 137898 entries # <bsmall,small,xsmall>
+options CONFIG_IPC_TABLE_ENTRIES_STEPS=256 # 300714 entries # <medium,large,xlarge>
+
+#
+# maximum copyout size for IPC debugging tools
+#
+options CONFIG_IPC_KERNEL_MAP_SIZE=16 # 16M # <bsmall,small,xsmall>
+options CONFIG_IPC_KERNEL_MAP_SIZE=64 # 64M # <medium,large,xlarge>
#
# configurable kernel - use these options to strip strings from panic
# and printf calls.
-# no_panic_str - saves around 50K of kernel footprint.
# no_printf_str - saves around 45K of kernel footprint.
#
-options CONFIG_NO_PANIC_STRINGS # <no_panic_str>
options CONFIG_NO_PRINTF_STRINGS # <no_printf_str>
options CONFIG_NO_KPRINTF_STRINGS # <no_kprintf_str>
+# support vsprintf (deprecated in favor of vsnprintf)
+options CONFIG_VSPRINTF # <vsprintf>
+
#
-# use finer-grained lock groups for the proc subsystem
+# configurable kernel - general switch to say we are building for an
+# embedded device
#
-options CONFIG_FINE_LOCK_GROUPS # <medium,large,xlarge>
+options CONFIG_EMBEDDED # <config_embedded>
+options CONFIG_ARROW # <config_arrow>
+
+
+options NOS_ARM_ASM # <nos_arm_asm>
+options NOS_ARM_PMAP # <nos_arm_pmap>
# support dynamic signing of code
#
options CONFIG_DYNAMIC_CODE_SIGNING # <dynamic_codesigning>
-# enforce library validation on all processes.
+# enforce library validation on all processes.
#
options CONFIG_ENFORCE_LIBRARY_VALIDATION # <config_library_validation>
+# support loading a second static trust cache
+#
+options CONFIG_SECOND_STATIC_TRUST_CACHE # <second_static_trust_cache>
+
+# support supplemental signatures
+#
+options CONFIG_SUPPLEMENTAL_SIGNATURES # <config_supplemental_signatures>
+
#
# code decryption... used on embedded for app protection, DSMOS on desktop
#
-options CONFIG_CODE_DECRYPTION # <config_code_decryption>
+options CONFIG_CODE_DECRYPTION # <config_code_decryption>
#
# User Content Protection, used on embedded
#
-options CONFIG_PROTECT # <config_protect>
+options CONFIG_PROTECT # <config_protect>
+
+#allow write-protection of key page
+options CONFIG_KEYPAGE_WP # <config_keypage_wp>
+
+#
+# allow vm_pageout_scan to dynamically adjust its priority based on priorities of waiters
+#
+options CONFIG_VPS_DYNAMIC_PRIO # <vps_dynamic_prio>
#
# enable per-process memory priority tracking
#
-options CONFIG_MEMORYSTATUS # <memorystatus>
+options CONFIG_MEMORYSTATUS # <memorystatus>
+#
+# enable per-process dirty-status tracking
+#
+options CONFIG_DIRTYSTATUS_TRACKING # <dirtystatus_tracking>
#
# enable jetsam - used on embedded
#
-options CONFIG_JETSAM # <jetsam>
+options CONFIG_JETSAM # <jetsam>
+
+#
+# enable new link table implementation stats/debugging
+# (adds mesaureable overhead)
+#
+options CONFIG_LTABLE_STATS # <config_ltable_stats>
+options CONFIG_LTABLE_DEBUG # <config_ltable_debug>
+
+#
+# enable new wait queue implementation stats / debugging
+#
+options CONFIG_WAITQ_STATS # <config_waitq_stats>
+options CONFIG_WAITQ_DEBUG # <config_waitq_debug>
#
# enable freezing of suspended processes - used on embedded
#
-options CONFIG_FREEZE # <freeze>
+options CONFIG_FREEZE # <freeze>
-options CHECK_CS_VALIDATION_BITMAP # <config_cs_validation_bitmap>
+options CHECK_CS_VALIDATION_BITMAP # <config_cs_validation_bitmap>
+
+#
+# enable physical writes accounting
+#
+options CONFIG_PHYS_WRITE_ACCT # <phys_write_acct>
#
# enable detectiion of file cache thrashing - used on platforms with
# dynamic VM compression enabled
#
-options CONFIG_PHANTOM_CACHE
# <phantom_cache>
+options CONFIG_PHANTOM_CACHE # <phantom_cache>
#
# memory pressure event support
#
options VM_PRESSURE_EVENTS # <vm_pressure_events>
+options CONFIG_SECLUDED_MEMORY # <config_secluded_memory>
+
+options CONFIG_BACKGROUND_QUEUE # <config_background_queue>
+
+#
+# Ledger features
+#
+options CONFIG_LEDGER_INTERVAL_MAX # <config_ledger_interval_max>
+
#
# I/O Scheduling
#
options CONFIG_IOSCHED # <config_iosched>
+#
+# Accounting for I/O usage
+#
+options CONFIG_IO_ACCOUNTING # <config_io_accounting>
+
#
# Enable inheritance of importance through specially marked mach ports and for file locks
# For now debug is enabled wherever inheritance is
#
options IMPORTANCE_INHERITANCE # <importance_inheritance>
-options IMPORTANCE_DEBUG # <importance_inheritance>
+options IMPORTANCE_TRACE # <importance_trace>
+options IMPORTANCE_DEBUG # <importance_debug>
-options CONFIG_TELEMETRY # <config_telemetry>
+options CONFIG_TELEMETRY # <config_telemetry>
options CONFIG_PROC_UUID_POLICY # <config_proc_uuid_policy>
#
-# In-kernel tests
+# ECC data logging
#
-options CONFIG_IN_KERNEL_TESTS # <in_kernel_tests>
+options CONFIG_ECC_LOGGING # <config_ecc_logging>
#
-# ECC data logging
-#
-options CONFIG_ECC_LOGGING # <config_ecc_logging>
+# Application core dumps
+#
+options CONFIG_COREDUMP # <config_coredump>
+
+#
+# Vnode guards
+#
+options CONFIG_VNGUARD # <config_vnguard>
#
# Ethernet (ARP)
#
-pseudo-device ether # <networking,inet,inet6>
+pseudo-device ether # <networking,inet>
#
# Network loopback device
#
-pseudo-device loop # <networking,inet,inet6>
+pseudo-device loop # <networking,inet>
#
# UCB pseudo terminal service
#
#
# packet filter device
#
-pseudo-device bpfilter 4 init bpf_init # <networking,inet,inet6>
+pseudo-device bpfilter 4 init bpf_init # <networking,inet>
#
# fsevents device
pseudo-device dtrace 1 init dtrace_init # <config_dtrace>
pseudo-device helper 1 init helper_init # <config_dtrace>
pseudo-device lockstat 1 init lockstat_init # <config_dtrace>
+pseudo-device lockprof 1 init lockprof_init # <config_dtrace>
pseudo-device sdt 1 init sdt_init # <config_dtrace>
pseudo-device systrace 1 init systrace_init # <config_dtrace>
pseudo-device fbt 1 init fbt_init # <config_dtrace>
pseudo-device profile_prvd 1 init profile_init # <config_dtrace>
+
#
# IOKit configuration options
#
options HIBERNATION # system hibernation # <hibernation>
-options IOKITCPP # C++ implementation # <iokitcpp>
-options IOKITSTATS # IOKit statistics # <iokitstats>
-options CONFIG_SLEEP # # <config_sleep>
-options CONFIG_MAX_THREADS=64 # IOConfigThread threads
-options NO_KEXTD # <no_kextd>
-options NO_KERNEL_HID # <no_kernel_hid>
+options IOKITCPP # C++ implementation # <iokitcpp>
+options IOKITSTATS # IOKit statistics # <iokitstats>
+options IOTRACKING # IOKit tracking # <iotracking>
+options CONFIG_SLEEP # # <config_sleep>
+options CONFIG_MAX_THREADS=500 # IOConfigThread threads
+options NO_KEXTD # <no_kextd>
+options NO_KERNEL_HID # <no_kernel_hid>
#
# Libkern configuration options
#
options LIBKERNCPP # C++ implementation # <libkerncpp>
+options CONFIG_BLOCKS # Blocks runtime # <config_blocks>
options CONFIG_KXLD # kxld/runtime linking of kexts # <config_kxld>
options CONFIG_KEC_FIPS # Kernel External Components for FIPS compliance (KEC_FIPS) # <config_kec_fips>
# CONFIG_KEXT_BASEMENT - alloc post boot loaded kexts after prelinked kexts
#
-options CONFIG_KEXT_BASEMENT # # <config_kext_basement>
+options CONFIG_KEXT_BASEMENT # # <config_kext_basement>
#
-# security configuration options
+# Persona Management
#
+options CONFIG_PERSONAS # Persona management # <config_personas>
+options PERSONA_DEBUG # Persona debugging # <persona_debug>
-options CONFIG_LCTX # Login Context
+#
+# security configuration options
+#
-options CONFIG_MACF # Mandatory Access Control Framework # <config_macf>
+options CONFIG_MACF # Mandatory Access Control Framework # <config_macf>
options CONFIG_MACF_SOCKET_SUBSET # MAC socket subest (no labels) # <config_macf>
-#options CONFIG_MACF_SOCKET # MAC socket labels # <config_macf>
-#options CONFIG_MACF_NET # mbuf # <config_macf>
-#options CONFIG_MACF_DEBUG # debug # <config_macf>
+#options CONFIG_MACF_DEBUG # debug # <config_macf>
-options CONFIG_AUDIT # Kernel auditing # <config_audit>
+options CONFIG_AUDIT # Kernel auditing # <config_audit>
+options CONFIG_ARCADE # Arcade validation support # <config_arcade>
+
+options CONFIG_SETUID # setuid/setgid support # <config_setuid>
+
+options CONFIG_SECURE_BSD_ROOT # secure BSD root # <config_secure_bsd_root>
+
+options CONFIG_KAS_INFO # kas_info support # <config_kas_info>
#
# MACH configuration options.
#
-# TASK_SWAPPER enables code that manages demand for physical memory by
-# forcibly suspending tasks when the demand exceeds supply. This
-# option should be on.
-#
-options MACH_PAGEMAP # <mach_pagemap>
-options MACH_RT
-options TASK_SWAPPER # <task_swapper_disabled>
#
# This defines configuration options that are normally used only during
#
options MACH_DEBUG # IPC debugging interface # <mdebug>
options MACH_IPC_DEBUG # Enable IPC debugging calls # <ipc_debug>
-options MACH_VM_DEBUG # # <debug>
+options MACH_VM_DEBUG # # <debug>
#
# MACH_MP_DEBUG control the possible dead locks that may occur by controlling
# that IPL level has been raised down to SPL0 after some calls to
# hardclock device driver.
#
-options MACH_MP_DEBUG # # <debug>
-#
-# ZONE_DEBUG keeps track of all zalloc()ed elements to perform further
-# operations on each element.
-#
-options ZONE_DEBUG # # <debug>
-
+options MACH_MP_DEBUG # # <debug>
options CONFIG_ZLEAKS # Live zone leak debugging # <zleaks>
-#
-options ZONE_ALIAS_ADDR # # <zone_alias_addr>
-
-
#
# CONFIG_TASK_ZONE_INFO allows per-task zone information to be extracted
# Primarily useful for xnu debug and development.
# available when the kernel is being debugged.
#
options CONFIG_DEBUGGER_FOR_ZONE_INFO # <debugger_for_zone_info>
-#
-# XPR_DEBUG enables the gathering of data through the XPR macros inserted
-# into various subsystems. This option is normally only enabled for
-# specific performance or behavior studies, as the overhead in both
-# code and data space is large. The data is normally retrieved through
-# the kernel debugger (kdb) or by reading /dev/kmem.
-#
-options XPR_DEBUG # # <debug>
-#
+#
# MACH_LDEBUG controls the internal consistency checks and
# data gathering in the locking package. This also enables a debug-only
# version of simple-locks on uniprocessor machines. The code size and
# performance impact of this option is significant.
-#
+#
options MACH_LDEBUG # # <debug>
#
#
options KDEBUG # kernel tracing # <kdebug>
options IST_KDEBUG # limited tracing # <ist_kdebug>
-options NO_KDEBUG # no kernel tracing # <no_kdebug>
+options NO_KDEBUG # no kernel tracing # <no_kdebug>
#
# CONFIG_DTRACE enables code needed to support DTrace. Currently this is
# only used for delivery of traps/interrupts to DTrace.
#
-options CONFIG_DTRACE # # <config_dtrace>
+options CONFIG_DTRACE # # <config_dtrace>
+
+options LOCK_STATS # # <lock_stats>
# kernel performance tracing
options KPERF # <kperf>
options KPC # <kpc>
-# MACH_COUNTERS enables code that handles various counters in the system.
-#
-options MACH_COUNTERS # # <debug>
+
+options PGO # <pgo>
# DEVELOPMENT define for development builds
-options DEVELOPMENT # dev kernel # <development>
+options DEVELOPMENT # dev kernel # <development>
# DEBUG kernel
-options DEBUG # general debugging code # <debug>
+options DEBUG # general debugging code # <debug>
+options CONFIG_NONFATAL_ASSERTS # non fatal asserts # <softasserts>
##########################################################
#
options IOKIT # # <iokit>
#
-# configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in
+# configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in
# sync with bsd/conf/MASTER until we fix the config system... todo XXX
#
options CONFIG_THREAD_MAX=2560 # <medium,large,xlarge>
options CONFIG_TASK_MAX=768 # <small,>
options CONFIG_TASK_MAX=512 # <xsmall,bsmall>
-options CONFIG_ZONE_MAP_MIN=12582912 # <medium,large,xlarge>
-options CONFIG_ZONE_MAP_MIN=6291456 # <small>
-options CONFIG_ZONE_MAP_MIN=1048576 # <xsmall,bsmall>
+#
+# Minimum zone map size: 115 MB
+#
+options CONFIG_ZONE_MAP_MIN=120586240 # <xsmall,bsmall,small,medium,large,xlarge>
-# Sizes must be a power of two for the zhash to
-# be able to just mask off bits instead of mod
+# Sizes must be a power of two for the zhash to
+# be able to just mask off bits instead of mod
options CONFIG_ZLEAK_ALLOCATION_MAP_NUM=16384 #<medium,large,xlarge>
options CONFIG_ZLEAK_ALLOCATION_MAP_NUM=8192 #<small,xsmall,bsmall>
options CONFIG_ZLEAK_TRACE_MAP_NUM=8192 #<medium,large,xlarge>
# vc_progress_white - make the progress gear white instead of black
options CONFIG_VC_PROGRESS_WHITE # <vc_progress_white>
-#
-# Context switched counters
-#
-options CONFIG_COUNTERS # <config_counters>
-
#
# Timeshare scheduler implementations
#
options CONFIG_SCHED_GRRR_CORE # <config_sched_grrr>
options CONFIG_SCHED_MULTIQ # <config_sched_multiq>
options CONFIG_SCHED_TIMESHARE_CORE # <config_sched_traditional,config_sched_multiq>
-options CONFIG_SCHED_FAIRSHARE_CORE # <config_sched_traditional,config_sched_multiq,config_sched_proto>
+options CONFIG_CLUTCH # <config_clutch>
+options CONFIG_SCHED_AUTO_JOIN # <config_sched_auto_join>
-options CONFIG_SCHED_IDLE_IN_PLACE # <config_sched_idle_in_place>
+options CONFIG_SCHED_IDLE_IN_PLACE # <config_sched_idle_in_place>
+options CONFIG_SCHED_SFI # <config_sched_sfi>
options CONFIG_GZALLOC # <config_gzalloc>
+options CONFIG_SCHED_DEFERRED_AST # <config_sched_deferred_ast>
# Enable allocation of contiguous physical memory through vm_map_enter_cpm()
-options VM_CPM # <vm_cpm>
+options VM_CPM # <vm_cpm>
-options CONFIG_SKIP_PRECISE_USER_KERNEL_TIME # <config_skip_precise_user_kernel_time>
+options CONFIG_SKIP_PRECISE_USER_KERNEL_TIME # <config_skip_precise_user_kernel_time>
#
# Switch to disable cpu, wakeup and high memory watermark monitors
#
-options CONFIG_NOMONITORS # <config_nomonitors>
+options CONFIG_NOMONITORS # <config_nomonitors>
-options MACH_KDP # KDP # <mach_kdp>
-options CONFIG_SERIAL_KDP # KDP over serial # <config_serial_kdp>
+options MACH_KDP # KDP # <mach_kdp>
+options CONFIG_SERIAL_KDP # KDP over serial # <config_serial_kdp>
options CONFIG_KDP_INTERACTIVE_DEBUGGING # <kdp_interactive_debugging>
+options CONFIG_TASKWATCH
+options CONFIG_USER_NOTIFICATION # <config_user_notification>
#
-# Kernel Voucher Attr Manager for Activity Trace
+# Kernel Power On Self Tests
#
-options CONFIG_ATM # <config_atm>
+options CONFIG_XNUPOST # <config_xnupost>
#
-# Kernel Voucher Attr Manager for BANK
+# Kernel proc reference instrumentation
#
-options CONFIG_BANK # <config_bank>
+options PROC_REF_DEBUG # <proc_ref_debug>
+#
+# Kernel Voucher Attr Manager for Activity Trace
+#
+options CONFIG_ATM # <config_atm>
# Group related tasks together into coalitions
options CONFIG_COALITIONS # <config_coalitions>
+# Enable support for sysdiagnose notifications
+options CONFIG_SYSDIAGNOSE # <config_sysdiagnose>
+
# Configurable Security Restrictions
-options CONFIG_CSR # <config_csr>
+options CONFIG_CSR # <config_csr>
+options CONFIG_CSR_FROM_DT # <config_csr_from_dt>
+
+# Enable collection of IO Compression statistics
+options CONFIG_IO_COMPRESSION_STATS # <config_io_compression_stats>
#
# Console options
# Syscall options
#
options CONFIG_REQUIRES_U32_MUNGING # incoming U32 argument structures must be munged to match U64 # <config_requires_u32_munging>
+
+#
+# copyout() instrumentation
+#
+options COPYOUT_SHIM # Shim for copyout memory analysis via kext #<copyout_shim>
+
+#
+# Enable hardware correlation of mach absolute time
+# across intel/arm boundary
+options CONFIG_MACH_BRIDGE_SEND_TIME # # <config_mach_bridge_send_time>
+options CONFIG_MACH_BRIDGE_RECV_TIME # # <config_mach_bridge_recv_time>
+
+#
+# Telemetry for 32-bit process launch
+#
+options CONFIG_32BIT_TELEMETRY # # <config_32bit_telemetry>
+
+options CONFIG_QUIESCE_COUNTER # Support for _COMM_PAGE_CPU_QUIESCENT_COUNTER # <config_quiesce_counter>
+options CONFIG_ARM_PFZ # Support for PFZ on ARM # <config_arm_pfz>
+
+#
+# Sanitizers
+#
+options CONFIG_KASAN # <config_kasan>
+options CONFIG_UBSAN # <config_ubsan>
+options CONFIG_KSANCOV # <config_ksancov>
+
+# dark boot support
+options CONFIG_DARKBOOT # <config_darkboot>
+
+# support for processes delaying idle sleep for pending IO
+options CONFIG_DELAY_IDLE_SLEEP # <config_delay_idle_sleep>
+
+# support for storing a 64-bit user supplied value in the proc structure
+options CONFIG_PROC_UDATA_STORAGE # <config_proc_udata_storage>
+
+pseudo-device ksancov 1 init ksancov_init_dev # <config_ksancov>
+
+# debug instrumentation to catch code that leaves interrupts masked
+# for an excessive period of time
+options INTERRUPT_MASKED_DEBUG # <interrupt_masked_debug>
projects / apple / xnu.git / blobdiff