Open andrewdavidwong opened 8 years ago
Did someone try to create an android-x86 VM on qubes? I was planning on doing it myself in the near future. (by the way: the stable Marshmallow release is out now)
I tried running RemixOS, but without success. There might be a general problem of running Android as a guest in a Xen hypervisor.
@andrewdavidwong can you reference to those mailing list entries?
@Jeeppler: This is based on my memory of the mailing lists over the years, so I don't have an exhaustive list. However, here are some examples:
According to the posts, people want to run Android x86 to do application development.
However, it seems the Android emulator uses the CPU virtualization extension. The problem could also be solved by using nested virtualization on Xen.
Cross-linking new discussion thread:
https://groups.google.com/d/topic/qubes-users/frK8xaBh9pI/discussion
@grote I have not had any issues running RemixOS under Qubes. But it suffers from the same Android-x86 mouse issue mentioned in the thread that Andrew just linked.
Qubes is actually a convenient platform for running Android emulators because most of them don't allow static IP addresses. Qubes' mini-DHCP server works just fine.
@3n7r0p1 which version did you use? Could you send me the link to the download?
Please also let me know if you find a solution for the mouse issue.
I used an older version of RemixOS so I checked again with the latest release and it also installs and boots fine.
version: 3.0.206, 64-bit filename: Remix_OS_for_PC_Android_M_64bit_B2016101201.zip download: http://www.jide.com/remixos-for-pc#downloadNow https://www.fosshub.com/Remix-OS.html
when booting iso, add INSTALL=1
to kernel parameters
create partition, gpt: no, efi: no
if boot hangs, add vga=ask
to kernel parameters (may need debug mode on)
allow 10-15 mins for first boot, 10-15 mins for desktop after setup
Confirmed mouse behavior hasn't changed. Not all functionality can be replicated from keyboard. Unusable without mouse fix.
IMO, RemixOS is more resource-heavy than Android-x86 (especially graphics). I've Googled the heck out of the mouse issue. Don't have the expertise to take it any further. :(
đź‘Ť yes, please
I just tried android-x86 in an HVM, and it actually works great (the only change I had to do was increase the RAM -- I'm using 4GB, but it probably will work with less). It doesn't have the same mouse issues as RemixOS (which, as of today, is a discontinued project).
I downloaded an Android 4.4.4 iso from https://sourceforge.net/projects/android-x86/ -- but the more I look into it, it appears there are later versions of android-x86 available, including 7.1: http://www.android-x86.org/releases/releasenote-7-1-rc1
It would be cool to make an Android template. I'm not quite sure how the partitioning could work so that android-x86 AppVMs could have private images though.
Update: I tried installing android-x86 7.1 in an HVM, and it doesn't work nearly as well as 4.4.4. I could boot in live mode, but I had the same mouse issues that exist in RemixOS, and when I install to the hard disk and try booting, it never finishes.
@micahflee How did you get an AndroidVM to work in Qubes? Currently trying to figure out how to use the Android-x86 vm to do the same.
I push the topic gently upwards, an android HVM in qubes would be great! Unfortunately it's very painful to get Android x86 running, but I'm going to test a bit by myself and share results.
So hows going with android vm ?
My testing results on qubes r4.0-current-testing are that none of android works so far. Tested iso images : remixOS, android x86 latest cyanogenmod 7.1 release1 and normal 7.1r1, 4.4r5, phoenixOS. None of them detect the hard drive. So another test I installed centos7minimal then andro x86 latest cyanogenmod in rpm package so it added grub entry, it does not boot Most of the tests showed familiar boot screen but did not run, VM killed itself.
But i remember it was working on qubes 3.2, cant remember what android did i run but probably it was remixOS, when i was testing this like a year ago or so. It was install-able but did not boot from installation, had to use iso and all the changes were gone. The performance was really choppy and i gave up, that probably was because of SLAT feature missing on previous laptop.
PS: was not editing grub entries at all, only tested different VESA modes when available
Hint: try to test preinstalled android VM images and just put them in /var/lib/qubes . Personally i couldnt get this method to work, first have to convert given preinstalled images to qcow RAW format
@micahflee Sorry for nagging, but could you please kindly step-by-step creation of android HVMs under Qubes R3.2 for the less talented of us?
can't seem to make it boot/install (tried Android 4.4.4 and later)
Hello, any solution to get a android hvm running on Qubes 4 ? Booting a live iso worked for all Versions of Androidx86,RemixOS and CM. But installtion failed because of the error "No hard drive avalible". Possible to prepare the hvm drive before installing? thanks
Hello,
Here are my limited success to deal with an Android HVM in Qubes R4: 1/ Download Android x86 ISO (tested with android-x86-7.1-r2.iso) 2/ Create an HVM 3/ Give at least 4000MB of RAM to the HVM and disable memory balancing (testing with 2000MB caused the VM to crash during startup) 4/ In the QubesVM advanced settings, select "Boot qubes from CDROM" and use "from file in Qubes" to select the ISO you downloaded 5/ When the VM boots, select Advanced options > Live CD VESA mode - No GPU hardware acceleration. Other options are working but this is the most stable I found. (Press space when android boots up)
Here are the issues I'm also facing:
/usr/share/qubes/templates/libvirt/xen.xml
and to change the line:
<input type="tablet" bus="usb" />
to
<input type="mouse" bus="usb" />
Someone got it installed: https://groups.google.com/forum/#!topic/qubes-users/JGDqzuf1dS0
Thanks for the pointer.
By the way, people are talking about problems with networking, but networking works out of the box in my case.
ptitdoc, what version of android did you try? I think I shot myself in the foot with 7.1.2, as might have a bug with ethernet and dhcp.
I did the following 2 changes:
Changed 1 line in "init" inside initrd from: for device in ${ROOT:-/dev/[hmnsv][dmrv][0-9a-z]}; do to: for device in ${ROOT:-/dev/[hmnsvx][dmrv][0-9a-z]}; do That allows the XEN hard drive to be used at initialization, once the kernel has the driver. I would appreciate if this change would go into the repo there if you (enyone) are an android-x86 developer.
I configured the kernel
A bit of a time passed, and on the sideline I have a config with which the mouse is a mouse, but you have two pointers. If you change the cursor to large, you can get used to it. Network configuration is stil manual and a pain.
Once you build android with that you get a CD (The best if you use the android common build environment... it took me days to get a build on 16G with qubes... but can be done). If that is too much, I can provide you the CD somehow (but why would you trust someone to provide you a CD ... but if in that VM, you have nothing to loose, you do not risk too much :-) ).
Create a new HVM. Boot a recent linux CD/DVD/thumbdrive (I was using the openly available, but unannounced knoppix 8,2).
boot your VM from the linux CD. Create an EXT2 partition to boot (50 or 500 megs? do not remember). install the bootloader from the cd.
Shutdown linux. Boot android.
Install Android to the free space, creating a new partition "ext4". reboot.
Boot linux again. Mount both partitions, copy kernel and inititial ramdisk, into the boot directory. Do NOT use the same name as what the android-x86 install created on the EXT4 partition.
google: andoid-x86 boot grub
update grub/menu.lst according to the instructions found, modify directory name.
reboot end enjoy if you can without a network.
If you need networking, google android-x86 static ip.Use the IP quebes allocated your vm. Or find instructions on how to setup dhcp from the command line - I did not figure that. I have no clue why it does not autodetect.
If some succeeds, please post detailed instructions and CD. I posted this without the actual system at hand, so steps are as I remember from top of my head from many weeks ago.
Please post if you fail as well, when I'll check here (maybe soon, maybe a few month) if there are failure reports I'll try to post a detailed instructions with the system at hand.
The behaviour of the mouse in qubes 4 appears to come from:
/usr/share/qubes/templates/libvirt/xen.xml
Replace the word " tablet " with " mouse ", and mouse will become an emulated mouse in the HVMs. You get two mouse pointers - but if you change the size (I set it to max of 48) of your desktop mouse (Dom0 - system tools - settings manager - Mouse and touchpad - Theme) so the two can be distinguished, it is usable.
This allowed me to run a BSD gui environment in a HWM. I'll see how this changes things for Android.
I hear that @thestinger may, eventually, be working on this.
I'll be using the x86 support in the Android Open Source Project rather than the Android x86 fork though. If there are relevant patches, they can be cherry-picked. I'm not comfortable with some of their changes from a security perspective and I don't want / need additions like an installer as I'll be outputting the images in the appropriate format directly from the builds. I don't want to lose support for block-based updates and verified boot compared to a standard Android installation, but there are other options beyond the traditional way of implementing it.
I also want to have the latest stable release of Android, without a long delay of many months. I intend to land what I can upstream to aid with future porting and maintenance as I've done with some of my hardening work on Android in the past. It will be helpful even if only a few basic things can be landed.
The work involved for full integration as a proper AppVM goes beyond what I'll be able to do within the current scope of the project, but I can get started on it.
Even a nice standalone_vm would be amazing. Have you planned what qubes utilities you are going to implement?
Android looks like it was designed for TemplateVMs – it has separate immutable /system and mutable /data. (Yes, they are few other directories like /vendor etc., but it seems all of them are like /data or like /system…)
On verified boot: I see the point of verified boot on my phone (though it is not bulletproof), but I don't get it in case of Qubes VM:
Android looks like it was designed for TemplateVMs – it has separate immutable /system and mutable /data. (Yes, they are few other directories like /vendor etc., but it seems all of them are like /data or like /system…)
There's the boot image (read-only, verified by bootloader), system (read-only, verified by kernel) and data (encrypted and wiped by a factory reset). Having dtb (read-only, verified by bootloader) split from boot is optional to reuse a boot image across devices with different device trees. Similarly, vendor (read-only, verified by kernel) is split out from system on modern devices so that system can be device independent, although forward looking devices split it long before the hardware abstraction was implemented. Modern devices don't need a cache partition and other partitions are either verified firmware partitions or very limited firmware-related state (misc, persist, etc.).
On an A/B update device, there are two actual partitions for each read-only / verified partition, i.e. the OS and firmware providing A and B slots. One is the active set of slots verified on boot and optionally with hardware read-only enforcement. The other can be written by the OS as part of updating (usually a delta from the active set), and then it can verify that it was all written out correctly (hashes match), mark it as the active set and reboot. If it fails to boot, including a verified boot failure, it will roll back to the old update. Once it makes it to late boot, it marks the new active set as good and rollback is disabled.
The legacy update mechanism involves having a separate recovery partition, which is essentially another boot image and verified in the same way. The OS has to pass the update to recovery via a partition with unencrypted state (cache, which is no longer needed with A/B updates), although it can be done without copying it there via their uncrypt
hack.
Updates don't necessarily need to be done with these existing mechanisms. There are major robustness and usability advantages to A/B updates, so those are worth having, even if it's not implemented in exactly the usual way.
In a standalone VM, you are probably missing some non-modifiable bootloader. Without that, an attacker can just disable the verified boot.
The primary purpose of verified boot is defending against a compromise of the OS by making it difficult to persist with a high level of privileges. The protection against attackers from outside (generally physical tampering, but a bit broader in this case) doesn't apply without QubesOS having it and chaining it along which would be far out-of-scope and not what I mean by preserving it.
- In a TemplateVM, you have immutable /system by design. Verified boot seems redundant.
Not redundant, but not useful due to it not being chained from higher up. If the standard layout of a modern device is followed, /system can be immutable in more than just a template.
It would be completely reasonable to only have updates of the base images externally with them always read-only within the OS. That's what I mean by handling it another way, i.e. not actually handling updates within the OS, and sharing the entire OS images even after updates rather than copy-on-write since they're always identical across installations. I don't know the best approach, but it would certainly be easier to avoid dealing with all the bootloader complexity for A/B updates, especially dealing with verified boot and rollback protection.
Well, verified boot IMHO primarily prevents modification of the base OS, either by an attacker getting high privileges, or by attacker that got physical access. The latter case is quite hard (attacker can also tamper keyboard ETD.) and I agree we are either have it for Qubes's dom0 (and thus it not so useful for domUs, because encryption makes tampering impractical*), or we do not have it for dom0 (and thus we cannot protect anything).
On verified boot in a TemplateVM (well, I meaned rather a template-based-VM): I cannot imagine any scenario where it could be useful. Malware on VM cannot persistently modify /system. Malware in dom0 is game over. Physical access is quite a different story mentioned above.
On update mechanisms: In the first version, I suggest avoiding perfectionism. Current update mechanisms seem to be good-enough for the first version.
*) Well, full disk encryption is a poor-man's-authentication, because it typically provides no actual authentication, just it makes hard or even impossible to do it meaningfully.
The existing update systems (A/B updates or the legacy recovery system) require some bootloader support that I'd need to implement so that's why it's worth figuring out the best approach in advance. I think it'd be easier to implement the legacy system, but it's on the way out and has serious robustness disadvantages. It seems the Android-x86 fork doesn't provide updates at all, so there's not an existing implementation of the bootloader support.
@mat-rex Can you please upload the working kernel config? The config that you posted in qubes-users got truncated when you copied it between VMs.
I hope attachment works better
@mat-rex Can you please upload the working kernel config? The config that you posted in qubes-users got truncated when you copied it between VMs.
Citromail.hu levelezőrendszerből küldve
Lépj be vagy regisztrálj
#
# CONFIG_64BIT=y CONFIG_X86_64=y CONFIG_X86=y CONFIG_INSTRUCTION_DECODER=y CONFIG_OUTPUT_FORMAT="elf64-x86-64" CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" CONFIG_LOCKDEP_SUPPORT=y CONFIG_STACKTRACE_SUPPORT=y CONFIG_MMU=y CONFIG_ARCH_MMAP_RND_BITS_MIN=28 CONFIG_ARCH_MMAP_RND_BITS_MAX=32 CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 CONFIG_NEED_DMA_MAP_STATE=y CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_GENERIC_ISA_DMA=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_HAS_CPU_RELAX=y CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y CONFIG_HAVE_SETUP_PER_CPU_AREA=y CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y CONFIG_ARCH_SUSPEND_POSSIBLE=y CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y CONFIG_ARCH_WANT_GENERAL_HUGETLB=y CONFIG_ZONE_DMA32=y CONFIG_AUDIT_ARCH=y CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y CONFIG_X86_64_SMP=y CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_FIX_EARLYCON_MEM=y CONFIG_DEBUG_RODATA=y CONFIG_PGTABLE_LEVELS=4 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_EXTABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y
#
# CONFIG_INIT_ENV_ARG_LIMIT=32 CONFIG_CROSS_COMPILE=""
CONFIG_LOCALVERSION="-android-x86_64" CONFIG_LOCALVERSION_AUTO=y CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_BZIP2=y CONFIG_HAVE_KERNEL_LZMA=y CONFIG_HAVE_KERNEL_XZ=y CONFIG_HAVE_KERNEL_LZO=y CONFIG_HAVE_KERNEL_LZ4=y CONFIG_KERNEL_GZIP=y
CONFIG_DEFAULT_HOSTNAME="android_x86_64" CONFIG_SWAP=y
CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_AUDIT=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y
#
# CONFIG_GENERIC_IRQ_PROBE=y CONFIG_GENERIC_IRQ_SHOW=y CONFIG_GENERIC_PENDING_IRQ=y CONFIG_GENERIC_IRQ_CHIP=y CONFIG_IRQ_DOMAIN=y CONFIG_IRQ_DOMAIN_HIERARCHY=y CONFIG_GENERIC_MSI_IRQ=y CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
CONFIG_IRQ_FORCED_THREADING=y CONFIG_SPARSE_IRQ=y CONFIG_CLOCKSOURCE_WATCHDOG=y CONFIG_ARCH_CLOCKSOURCE_DATA=y CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y CONFIG_GENERIC_TIME_VSYSCALL=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y CONFIG_GENERIC_CMOS_UPDATE=y
#
# CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ_COMMON=y
CONFIG_NO_HZ_IDLE=y
CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y
#
# CONFIG_TICK_CPU_ACCOUNTING=y
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_TASKSTATS=y CONFIG_TASK_DELAY_ACCT=y CONFIG_TASK_XACCT=y CONFIG_TASK_IO_ACCOUNTING=y
#
# CONFIG_PREEMPT_RCU=y
CONFIG_SRCU=y
CONFIG_RCU_STALL_COMMON=y
CONFIG_BUILD_BIN2C=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=17 CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 CONFIG_NMI_LOG_BUF_SHIFT=13 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_ARCH_SUPPORTS_INT128=y CONFIG_CGROUPS=y CONFIG_CGROUP_DEBUG=y CONFIG_CGROUP_FREEZER=y
CONFIG_CPUSETS=y CONFIG_PROC_PID_CPUSET=y CONFIG_CGROUP_CPUACCT=y CONFIG_CGROUP_SCHEDTUNE=y CONFIG_PAGE_COUNTER=y CONFIG_MEMCG=y
CONFIG_CGROUP_SCHED=y CONFIG_FAIR_GROUP_SCHED=y
CONFIG_RT_GROUP_SCHED=y
CONFIG_NAMESPACES=y
CONFIG_SCHED_TUNE=y
CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="" CONFIG_RD_GZIP=y
CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
CONFIG_SYSCTL=y CONFIG_ANON_INODES=y CONFIG_HAVE_UID16=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_HAVE_PCSPKR_PLATFORM=y CONFIG_BPF=y CONFIG_EXPERT=y CONFIG_UID16=y CONFIG_MULTIUSER=y CONFIG_SGETMASK_SYSCALL=y CONFIG_SYSFS_SYSCALL=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_ALL=y CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_PRINTK=y CONFIG_PRINTK_NMI=y CONFIG_BUG=y
CONFIG_PCSPKR_PLATFORM=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_ADVISE_SYSCALLS=y
CONFIG_PCI_QUIRKS=y CONFIG_MEMBARRIER=y CONFIG_EMBEDDED=y CONFIG_HAVE_PERF_EVENTS=y
#
# CONFIG_PERF_EVENTS=y
CONFIG_VM_EVENT_COUNTERS=y CONFIG_COMPAT_BRK=y CONFIG_SLAB=y
CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_KEXEC_CORE=y CONFIG_OPROFILE=y
CONFIG_HAVE_OPROFILE=y CONFIG_OPROFILE_NMI_TIMER=y
CONFIG_UPROBES=y
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y CONFIG_ARCH_USE_BUILTIN_BSWAP=y CONFIG_HAVE_IOREMAP_PROT=y CONFIG_HAVE_KPROBES=y CONFIG_HAVE_KRETPROBES=y CONFIG_HAVE_OPTPROBES=y CONFIG_HAVE_KPROBES_ON_FTRACE=y CONFIG_HAVE_NMI=y CONFIG_HAVE_ARCH_TRACEHOOK=y CONFIG_HAVE_DMA_CONTIGUOUS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_CLK=y CONFIG_HAVE_DMA_API_DEBUG=y CONFIG_HAVE_HW_BREAKPOINT=y CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y CONFIG_HAVE_USER_RETURN_NOTIFIER=y CONFIG_HAVE_PERF_EVENTS_NMI=y CONFIG_HAVE_PERF_REGS=y CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_HAVE_CMPXCHG_LOCAL=y CONFIG_HAVE_CMPXCHG_DOUBLE=y CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_GCC_PLUGINS=y
CONFIG_HAVE_CC_STACKPROTECTOR=y CONFIG_CC_STACKPROTECTOR=y
CONFIG_CC_STACKPROTECTOR_STRONG=y CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y CONFIG_HAVE_CONTEXT_TRACKING=y CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y CONFIG_HAVE_ARCH_HUGE_VMAP=y CONFIG_HAVE_ARCH_SOFT_DIRTY=y CONFIG_MODULES_USE_ELF_RELA=y CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y CONFIG_ARCH_HAS_ELF_RANDOMIZE=y CONFIG_HAVE_ARCH_MMAP_RND_BITS=y CONFIG_HAVE_EXIT_THREAD=y CONFIG_ARCH_MMAP_RND_BITS=28 CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8 CONFIG_HAVE_COPY_THREAD_TLS=y CONFIG_HAVE_STACK_VALIDATION=y
CONFIG_OLD_SIGSUSPEND3=y CONFIG_COMPAT_OLD_SIGACTION=y
CONFIG_HAVE_ARCH_VMAP_STACK=y CONFIG_VMAP_STACK=y
#
#
CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y
CONFIG_MODULES_TREE_LOOKUP=y CONFIG_BLOCK=y CONFIG_BLK_DEV_BSG=y
#
# CONFIG_PARTITION_ADVANCED=y
CONFIG_MSDOS_PARTITION=y
CONFIG_EFI_PARTITION=y
CONFIG_BLOCK_COMPAT=y CONFIG_BLK_MQ_PCI=y
#
# CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y
CONFIG_DEFAULT_CFQ=y
CONFIG_DEFAULT_IOSCHED="cfq" CONFIG_PADATA=y CONFIG_ASN1=y CONFIG_UNINLINE_SPIN_UNLOCK=y CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_RWSEM_SPIN_ON_OWNER=y CONFIG_LOCK_SPIN_ON_OWNER=y CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y CONFIG_QUEUED_SPINLOCKS=y CONFIG_ARCH_USE_QUEUED_RWLOCKS=y CONFIG_QUEUED_RWLOCKS=y CONFIG_FREEZER=y
#
# CONFIG_ZONE_DMA=y CONFIG_SMP=y CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_FAST_FEATURE_TESTS=y
CONFIG_X86_MPPARSE=y
CONFIG_RETPOLINE=y CONFIG_X86_EXTENDED_PLATFORM=y
CONFIG_X86_INTEL_LPSS=y
CONFIG_IOSF_MBI=y
CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y CONFIG_SCHED_OMIT_FRAME_POINTER=y CONFIG_HYPERVISOR_GUEST=y CONFIG_PARAVIRT=y
CONFIG_XEN=y CONFIG_XEN_DOM0=y CONFIG_XEN_PVHVM=y CONFIG_XEN_512GB=y CONFIG_XEN_SAVE_RESTORE=y
CONFIG_XEN_PVH=y
CONFIG_PARAVIRT_CLOCK=y CONFIG_NO_BOOTMEM=y
CONFIG_GENERIC_CPU=y CONFIG_X86_INTERNODE_CACHE_SHIFT=6 CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_TSC=y CONFIG_X86_CMPXCHG64=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=64 CONFIG_X86_DEBUGCTLMSR=y CONFIG_PROCESSOR_SELECT=y CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_HPET_TIMER=y CONFIG_HPET_EMULATE_RTC=y CONFIG_DMI=y
CONFIG_SWIOTLB=y CONFIG_IOMMU_HELPER=y
CONFIG_NR_CPUS=8
CONFIG_PREEMPT=y CONFIG_PREEMPT_COUNT=y CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y
CONFIG_X86_MCE=y CONFIG_X86_MCE_INTEL=y CONFIG_X86_MCE_AMD=y CONFIG_X86_MCE_THRESHOLD=y
CONFIG_X86_THERMAL_VECTOR=y
#
# CONFIG_PERF_EVENTS_INTEL_UNCORE=y CONFIG_PERF_EVENTS_INTEL_RAPL=y CONFIG_PERF_EVENTS_INTEL_CSTATE=y
CONFIG_X86_16BIT=y CONFIG_X86_ESPFIX64=y CONFIG_X86_VSYSCALL_EMULATION=y CONFIG_I8K=m CONFIG_MICROCODE=y CONFIG_MICROCODE_INTEL=y CONFIG_MICROCODE_AMD=y CONFIG_MICROCODE_OLD_INTERFACE=y CONFIG_X86_MSR=y CONFIG_X86_CPUID=y CONFIG_ARCH_PHYS_ADDR_T_64BIT=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y CONFIG_X86_DIRECT_GBPAGES=y
CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_ARCH_SPARSEMEM_DEFAULT=y CONFIG_ARCH_SELECT_MEMORY_MODEL=y
CONFIG_ARCH_PROC_KCORE_TEXT=y CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 CONFIG_SELECT_MEMORY_MODEL=y CONFIG_SPARSEMEM_MANUAL=y CONFIG_SPARSEMEM=y CONFIG_HAVE_MEMORY_PRESENT=y CONFIG_SPARSEMEM_EXTREME=y CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y CONFIG_SPARSEMEM_VMEMMAP=y CONFIG_HAVE_MEMBLOCK=y CONFIG_HAVE_MEMBLOCK_NODE_MAP=y CONFIG_ARCH_DISCARD_MEMBLOCK=y
CONFIG_MEMORY_HOTPLUG=y CONFIG_MEMORY_HOTPLUG_SPARSE=y
CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y CONFIG_MEMORY_BALLOON=y CONFIG_BALLOON_COMPACTION=y CONFIG_COMPACTION=y CONFIG_MIGRATION=y CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_BOUNCE=y CONFIG_VIRT_TO_BUS=y CONFIG_MMU_NOTIFIER=y CONFIG_KSM=y CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
CONFIG_CLEANCACHE=y CONFIG_FRONTSWAP=y
CONFIG_GENERIC_EARLY_IOREMAP=y CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y
CONFIG_FRAME_VECTOR=y CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y CONFIG_ARCH_HAS_PKEYS=y
CONFIG_X86_RESERVE_LOW=64 CONFIG_MTRR=y
CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_ARCH_RANDOM=y
CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_MIXED=y CONFIG_SECCOMP=y
CONFIG_HZ_1000=y CONFIG_HZ=1000 CONFIG_SCHED_HRTICK=y CONFIG_KEXEC=y
CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y CONFIG_RANDOMIZE_BASE=y CONFIG_X86_NEED_RELOCS=y CONFIG_PHYSICAL_ALIGN=0x200000 CONFIG_RANDOMIZE_MEMORY=y CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x1 CONFIG_HOTPLUG_CPU=y
CONFIG_LEGACY_VSYSCALL_EMULATE=y
CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_HAVE_LIVEPATCH=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
#
# CONFIG_SUSPEND=y CONFIG_SUSPEND_FREEZER=y
CONFIG_HIBERNATE_CALLBACKS=y
CONFIG_PM_SLEEP=y CONFIG_PM_SLEEP_SMP=y CONFIG_PM_AUTOSLEEP=y CONFIG_PM_WAKELOCKS=y CONFIG_PM_WAKELOCKS_LIMIT=0
CONFIG_PM=y CONFIG_PM_DEBUG=y
CONFIG_PM_SLEEP_DEBUG=y
CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y CONFIG_PM_CLK=y
CONFIG_ACPI=y CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
CONFIG_ACPI_SLEEP=y
CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y CONFIG_ACPI_EC_DEBUGFS=y CONFIG_ACPI_AC=y CONFIG_ACPI_BATTERY=y CONFIG_ACPI_BUTTON=y CONFIG_ACPI_VIDEO=y CONFIG_ACPI_FAN=y CONFIG_ACPI_DOCK=y CONFIG_ACPI_CPU_FREQ_PSS=y CONFIG_ACPI_PROCESSOR_CSTATE=y CONFIG_ACPI_PROCESSOR_IDLE=y CONFIG_ACPI_PROCESSOR=y CONFIG_ACPI_HOTPLUG_CPU=y CONFIG_ACPI_PROCESSOR_AGGREGATOR=y CONFIG_ACPI_THERMAL=y
CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y CONFIG_ACPI_TABLE_UPGRADE=y
CONFIG_X86_PM_TIMER=y CONFIG_ACPI_CONTAINER=y
CONFIG_ACPI_HOTPLUG_IOAPIC=y CONFIG_ACPI_SBS=m CONFIG_ACPI_HED=m CONFIG_ACPI_CUSTOM_METHOD=m
CONFIG_HAVE_ACPI_APEI=y CONFIG_HAVE_ACPI_APEI_NMI=y
CONFIG_ACPI_WATCHDOG=y
CONFIG_ACPI_SURFACE3_POWER_OPREGION=m CONFIG_PMIC_OPREGION=y CONFIG_CRC_PMIC_OPREGION=y CONFIG_XPOWER_PMIC_OPREGION=y CONFIG_BXT_WC_PMIC_OPREGION=y CONFIG_CHT_WC_PMIC_OPREGION=y
CONFIG_SFI=y
#
# CONFIG_CPU_FREQ=y CONFIG_CPU_FREQ_GOV_ATTR_SET=y CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=y CONFIG_CPU_FREQ_STAT_DETAILS=y
CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y
CONFIG_CPU_FREQ_GOV_PERFORMANCE=y CONFIG_CPU_FREQ_GOV_POWERSAVE=y CONFIG_CPU_FREQ_GOV_USERSPACE=y CONFIG_CPU_FREQ_GOV_ONDEMAND=y CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y
#
#
CONFIG_X86_INTEL_PSTATE=y CONFIG_X86_PCC_CPUFREQ=m CONFIG_X86_ACPI_CPUFREQ=m CONFIG_X86_ACPI_CPUFREQ_CPB=y CONFIG_X86_POWERNOW_K8=m CONFIG_X86_AMD_FREQ_SENSITIVITY=m
CONFIG_X86_P4_CLOCKMOD=m
#
# CONFIG_X86_SPEEDSTEP_LIB=m
#
# CONFIG_CPU_IDLE=y CONFIG_CPU_IDLE_GOV_LADDER=y CONFIG_CPU_IDLE_GOV_MENU=y
CONFIG_INTEL_IDLE=y
#
#
#
# CONFIG_PCI=y CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y CONFIG_PCI_XEN=y CONFIG_PCI_DOMAINS=y
CONFIG_PCIEPORTBUS=y
CONFIG_PCIEAER=y
CONFIG_PCIEAER_INJECT=m CONFIG_PCIEASPM=y
CONFIG_PCIEASPM_DEFAULT=y
CONFIG_PCIE_PME=y
CONFIG_PCI_BUS_ADDR_T_64BIT=y CONFIG_PCI_MSI=y CONFIG_PCI_MSI_IRQ_DOMAIN=y
CONFIG_XEN_PCIDEV_FRONTEND=y CONFIG_HT_IRQ=y CONFIG_PCI_ATS=y CONFIG_PCI_IOV=y
CONFIG_PCI_LABEL=y
CONFIG_HOTPLUG_PCI=y CONFIG_HOTPLUG_PCI_ACPI=y CONFIG_HOTPLUG_PCI_ACPI_IBM=m
CONFIG_HOTPLUG_PCI_SHPC=m
#
#
CONFIG_ISA_DMA_API=y CONFIG_AMD_NB=y CONFIG_PCCARD=m CONFIG_PCMCIA=m CONFIG_PCMCIA_LOAD_CIS=y CONFIG_CARDBUS=y
#
# CONFIG_YENTA=m CONFIG_YENTA_O2=y CONFIG_YENTA_RICOH=y CONFIG_YENTA_TI=y CONFIG_YENTA_ENE_TUNE=y CONFIG_YENTA_TOSHIBA=y CONFIG_PD6729=m CONFIG_I82092=m CONFIG_PCCARD_NONSTATIC=y
#
# CONFIG_BINFMT_ELF=y CONFIG_COMPAT_BINFMT_ELF=y CONFIG_ELFCORE=y CONFIG_BINFMT_SCRIPT=y
CONFIG_BINFMT_MISC=m CONFIG_COREDUMP=y CONFIG_IA32_EMULATION=y
CONFIG_X86_X32=y CONFIG_COMPAT=y CONFIG_COMPAT_FOR_U64_ALIGNMENT=y CONFIG_X86_DEV_DMA_OPS=y CONFIG_NET=y CONFIG_NET_INGRESS=y CONFIG_NET_EGRESS=y
#
# CONFIG_PACKET=y
CONFIG_UNIX=y
CONFIG_XFRM=y CONFIG_XFRM_ALGO=y CONFIG_XFRM_USER=y
CONFIG_XFRM_IPCOMP=y CONFIG_NET_KEY=y
CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_PNP=y CONFIG_IP_PNP_DHCP=y
CONFIG_NET_IP_TUNNEL=y
CONFIG_NET_IPVTI=y CONFIG_NET_UDP_TUNNEL=m
CONFIG_INET_ESP=y
CONFIG_INET_TUNNEL=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m CONFIG_INET_UDP_DIAG=m CONFIG_INET_DIAG_DESTROY=y
CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic"
CONFIG_IPV6=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y CONFIG_INET6_AH=y CONFIG_INET6_ESP=y CONFIG_INET6_IPCOMP=y CONFIG_IPV6_MIP6=y
CONFIG_INET6_XFRM_TUNNEL=y CONFIG_INET6_TUNNEL=y CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_INET6_XFRM_MODE_BEET=y
CONFIG_IPV6_VTI=y
CONFIG_IPV6_TUNNEL=y
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_ANDROID_PARANOID_NETWORK=y CONFIG_NETWORK_SECMARK=y CONFIG_NET_PTP_CLASSIFY=y
CONFIG_NETFILTER=y
CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=m
#
# CONFIG_NETFILTER_INGRESS=y CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_GRE=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_BROADCAST=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y
CONFIG_NF_CONNTRACK_PPTP=y CONFIG_NF_CONNTRACK_SANE=y
CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y
CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y
CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_REDIRECT=y
CONFIG_NETFILTER_XTABLES=y
#
# CONFIG_NETFILTER_XT_MARK=y CONFIG_NETFILTER_XT_CONNMARK=y
#
#
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_NAT=y CONFIG_NETFILTER_XT_TARGET_NETMAP=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
CONFIG_NETFILTER_XT_TARGET_TPROXY=y CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_SECMARK=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
#
#
CONFIG_NETFILTER_XT_MATCH_BPF=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
CONFIG_NETFILTER_XT_MATCH_ECN=y
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y CONFIG_NETFILTER_XT_MATCH_HELPER=y CONFIG_NETFILTER_XT_MATCH_HL=y
CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_L2TP=m CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_QUOTA2=y CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG=y
CONFIG_NETFILTER_XT_MATCH_SOCKET=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y
CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y
#
# CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_REJECT_IPV4=y CONFIG_NF_NAT_IPV4=y CONFIG_NF_NAT_MASQUERADE_IPV4=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_RAW=y CONFIG_IP_NF_SECURITY=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y
#
# CONFIG_NF_DEFRAG_IPV6=y CONFIG_NF_CONNTRACK_IPV6=y
CONFIG_NF_REJECT_IPV6=y
CONFIG_NF_NAT_IPV6=y CONFIG_NF_NAT_MASQUERADE_IPV6=y CONFIG_IP6_NF_IPTABLES=y
CONFIG_IP6_NF_MATCH_IPV6HEADER=y
CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_REJECT=y
CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y
CONFIG_IP6_NF_NAT=y CONFIG_IP6_NF_TARGET_MASQUERADE=y CONFIG_IP6_NF_TARGET_NPT=y
CONFIG_L2TP=m
CONFIG_STP=m CONFIG_BRIDGE=m CONFIG_BRIDGE_IGMP_SNOOPING=y CONFIG_HAVE_NET_DSA=y
CONFIG_LLC=m
CONFIG_PHONET=y
CONFIG_NET_SCHED=y
#
#
CONFIG_NET_SCH_HTB=y
CONFIG_NET_SCH_INGRESS=y
#
# CONFIG_NET_CLS=y
CONFIG_NET_CLS_U32=y
CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32
CONFIG_NET_EMATCH_U32=y
CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=y CONFIG_NET_ACT_GACT=y
CONFIG_NET_ACT_MIRRED=y
CONFIG_NET_SCH_FIFO=y
CONFIG_VSOCKETS=m CONFIG_VMWARE_VMCI_VSOCKETS=m CONFIG_VIRTIO_VSOCKETS=m CONFIG_VIRTIO_VSOCKETS_COMMON=m CONFIG_NETLINK_DIAG=y
CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y
CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y
CONFIG_NET_FLOW_LIMIT=y
#
#
CONFIG_BT=m CONFIG_BT_BREDR=y CONFIG_BT_RFCOMM=m CONFIG_BT_RFCOMM_TTY=y CONFIG_BT_BNEP=m CONFIG_BT_BNEP_MC_FILTER=y CONFIG_BT_BNEP_PROTO_FILTER=y CONFIG_BT_HIDP=m CONFIG_BT_HS=y CONFIG_BT_LE=y
CONFIG_BT_DEBUGFS=y
#
# CONFIG_BT_INTEL=m CONFIG_BT_BCM=m CONFIG_BT_RTL=m CONFIG_BT_QCA=m CONFIG_BT_HCIBTUSB=m CONFIG_BT_HCIBTUSB_BCM=y CONFIG_BT_HCIBTUSB_RTL=y CONFIG_BT_HCIBTSDIO=m CONFIG_BT_HCIUART=m CONFIG_BT_HCIUART_H4=y CONFIG_BT_HCIUART_BCSP=y CONFIG_BT_HCIUART_ATH3K=y CONFIG_BT_HCIUART_LL=y CONFIG_BT_HCIUART_3WIRE=y CONFIG_BT_HCIUART_INTEL=y CONFIG_BT_HCIUART_BCM=y CONFIG_BT_HCIUART_QCA=y CONFIG_BT_HCIUART_AG6XX=y CONFIG_BT_HCIUART_MRVL=y CONFIG_BT_HCIBCM203X=m CONFIG_BT_HCIBPA10X=m CONFIG_BT_HCIBFUSB=m CONFIG_BT_HCIDTL1=m CONFIG_BT_HCIBT3C=m CONFIG_BT_HCIBLUECARD=m CONFIG_BT_HCIBTUART=m CONFIG_BT_HCIVHCI=m CONFIG_BT_MRVL=m CONFIG_BT_MRVL_SDIO=m CONFIG_BT_ATH3K=m CONFIG_BT_WILINK=m
CONFIG_FIB_RULES=y CONFIG_WIRELESS=y
#
#
CONFIG_MAC80211_STA_HASH_MAX_SIZE=0
CONFIG_DST_CACHE=y
CONFIG_MAY_USE_DEVLINK=y CONFIG_HAVE_EBPF_JIT=y
#
#
#
# CONFIG_UEVENT_HELPER=y CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=y
CONFIG_EXTRA_FIRMWARE=""
CONFIG_WANT_DEV_COREDUMP=y CONFIG_ALLOW_DEV_COREDUMP=y CONFIG_DEV_COREDUMP=y
CONFIG_SYS_HYPERVISOR=y
CONFIG_GENERIC_CPU_AUTOPROBE=y CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=y CONFIG_REGMAP_SPI=y CONFIG_REGMAP_MMIO=y CONFIG_REGMAP_IRQ=y CONFIG_DMA_SHARED_BUFFER=y
#
# CONFIG_CONNECTOR=m CONFIG_MTD=m
CONFIG_MTD_OF_PARTS=m
#
# CONFIG_MTD_BLKDEVS=m CONFIG_MTD_BLOCK=m
CONFIG_FTL=m CONFIG_NFTL=m
CONFIG_INFTL=m CONFIG_RFD_FTL=m CONFIG_SSFDC=m CONFIG_SM_FTL=m CONFIG_MTD_OOPS=m
#
#
CONFIG_MTD_MAP_BANK_WIDTH_1=y CONFIG_MTD_MAP_BANK_WIDTH_2=y CONFIG_MTD_MAP_BANK_WIDTH_4=y
CONFIG_MTD_CFI_I1=y CONFIG_MTD_CFI_I2=y
#
#
#
#
#
#
CONFIG_MTD_NAND_IDS=m CONFIG_MTD_NAND_ECC=m
CONFIG_MTD_NAND=m
CONFIG_MTD_ONENAND=m
#
# CONFIG_MTD_LPDDR=m CONFIG_MTD_QINFO_PROBE=m
CONFIG_MTD_UBI=m CONFIG_MTD_UBI_WL_THRESHOLD=4096 CONFIG_MTD_UBI_BEB_LIMIT=20
CONFIG_MTD_UBI_GLUEBI=m
CONFIG_OF=y
CONFIG_OF_ADDRESS=y CONFIG_OF_ADDRESS_PCI=y CONFIG_OF_IRQ=y CONFIG_OF_NET=y CONFIG_OF_MDIO=m CONFIG_OF_PCI=y CONFIG_OF_PCI_IRQ=y
CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y CONFIG_PARPORT=m CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m
CONFIG_PARPORT_PC_PCMCIA=m
CONFIG_PARPORT_AX88796=m
CONFIG_PARPORT_NOT_PC=y CONFIG_PNP=y CONFIG_PNP_DEBUG_MESSAGES=y
#
# CONFIG_PNPACPI=y CONFIG_BLK_DEV=y
CONFIG_PARIDE=m
#
# CONFIG_PARIDE_PD=m
#
#
CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m
CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 CONFIG_BLK_DEV_CRYPTOLOOP=y
CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=8192
CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_VIRTIO_BLK=y
CONFIG_NVME_CORE=y CONFIG_BLK_DEV_NVME=y
#
# CONFIG_SENSORS_LIS3LV02D=m CONFIG_AD525X_DPOT=m CONFIG_AD525X_DPOT_I2C=m
CONFIG_TIFM_CORE=m CONFIG_TIFM_7XX1=m CONFIG_ICS932S401=m CONFIG_ENCLOSURE_SERVICES=m
CONFIG_APDS9802ALS=m CONFIG_ISL29003=m CONFIG_ISL29020=m CONFIG_SENSORS_TSL2550=m CONFIG_SENSORS_BH1770=m CONFIG_SENSORS_APDS990X=m CONFIG_HMC6352=m
CONFIG_VMWARE_BALLOON=m CONFIG_USB_SWITCH_FSA9480=m
CONFIG_PANEL=m CONFIG_PANEL_PARPORT=0 CONFIG_PANEL_PROFILE=5
CONFIG_UID_SYS_STATS=y
CONFIG_MEMORY_STATE_TIME=y CONFIG_C2PORT=m CONFIG_C2PORT_DURAMAR_2150=m
#
# CONFIG_EEPROM_AT24=m
CONFIG_EEPROM_93CX6=m
CONFIG_CB710_CORE=m
CONFIG_CB710_DEBUG_ASSUMPTIONS=y
#
# CONFIG_TI_ST=m CONFIG_SENSORS_LIS3_I2C=m
#
# CONFIG_ALTERA_STAPL=m CONFIG_INTEL_MEI=m CONFIG_INTEL_MEI_ME=m CONFIG_INTEL_MEI_TXE=m CONFIG_VMWARE_VMCI=m
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
CONFIG_ECHO=m
CONFIG_HAVE_IDE=y CONFIG_IDE=m
#
#
CONFIG_IDE_GD=m CONFIG_IDE_GD_ATA=y
CONFIG_IDE_PROC_FS=y
#
#
#
#
#
# CONFIG_SCSI_MOD=y
CONFIG_SCSI=y CONFIG_SCSI_DMA=y
#
# CONFIG_BLK_DEV_SD=y
CONFIG_BLK_DEV_SR=y CONFIG_BLK_DEV_SR_VENDOR=y CONFIG_CHR_DEV_SG=y
#
# CONFIG_SCSI_SPI_ATTRS=y
CONFIG_SCSI_LOWLEVEL=y
CONFIG_SCSI_UFSHCD=y
CONFIG_VMWARE_PVSCSI=y
CONFIG_HYPERV_STORAGE=y
CONFIG_SCSI_VIRTIO=y CONFIG_SCSI_LOWLEVEL_PCMCIA=y CONFIG_PCMCIA_AHA152X=m CONFIG_PCMCIA_FDOMAIN=m CONFIG_PCMCIA_QLOGIC=m CONFIG_PCMCIA_SYM53C500=m
CONFIG_ATA=y
CONFIG_ATA_VERBOSE_ERROR=y CONFIG_ATA_ACPI=y
CONFIG_SATA_PMP=y
#
# CONFIG_SATA_AHCI=y CONFIG_SATA_AHCI_PLATFORM=y
CONFIG_ATA_SFF=y
#
#
CONFIG_ATA_BMDMA=y
#
# CONFIG_ATA_PIIX=y
CONFIG_SATA_SIS=y
CONFIG_SATA_VIA=y
#
# CONFIG_PATA_ALI=y CONFIG_PATA_AMD=y
CONFIG_PATA_ATIIXP=y
CONFIG_PATA_IT8213=y
CONFIG_PATA_SCH=y
CONFIG_PATA_SIS=y
CONFIG_PATA_VIA=y
#
#
CONFIG_PATA_PLATFORM=y
#
# CONFIG_PATA_ACPI=y CONFIG_ATA_GENERIC=y
CONFIG_MD=y
CONFIG_BLK_DEV_DM_BUILTIN=y CONFIG_BLK_DEV_DM=y
CONFIG_DM_DEBUG=y CONFIG_DM_BUFIO=y
CONFIG_DM_CRYPT=y
CONFIG_DM_UEVENT=y
CONFIG_DM_VERITY=y
CONFIG_DM_VERITY_HASH_PREFETCH_MIN_SIZE=1 CONFIG_DM_VERITY_FEC=y
CONFIG_FUSION=y CONFIG_FUSION_SPI=y
CONFIG_FUSION_MAX_SGE=128
#
#
CONFIG_MACINTOSH_DRIVERS=y CONFIG_MAC_EMUMOUSEBTN=m CONFIG_NETDEVICES=y CONFIG_MII=m CONFIG_NET_CORE=y
CONFIG_IFB=m CONFIG_NET_TEAM=m
CONFIG_MACVLAN=m CONFIG_MACVTAP=m
CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y CONFIG_TUN=y
CONFIG_VETH=m CONFIG_VIRTIO_NET=m
CONFIG_SUNGEM_PHY=m CONFIG_ARCNET=m CONFIG_ARCNET_1201=m CONFIG_ARCNET_1051=m CONFIG_ARCNET_RAW=m CONFIG_ARCNET_CAP=m CONFIG_ARCNET_COM90xx=m CONFIG_ARCNET_COM90xxIO=m CONFIG_ARCNET_RIM_I=m CONFIG_ARCNET_COM20020=m CONFIG_ARCNET_COM20020_PCI=m
#
#
#
# CONFIG_ETHERNET=y CONFIG_MDIO=m CONFIG_NET_VENDOR_3COM=y CONFIG_PCMCIA_3C574=m CONFIG_PCMCIA_3C589=m CONFIG_VORTEX=m CONFIG_TYPHOON=m CONFIG_NET_VENDOR_ADAPTEC=y CONFIG_ADAPTEC_STARFIRE=m CONFIG_NET_VENDOR_AGERE=y CONFIG_ET131X=m CONFIG_NET_VENDOR_ALTEON=y CONFIG_ACENIC=m
CONFIG_ALTERA_TSE=m CONFIG_NET_VENDOR_AMAZON=y
CONFIG_NET_VENDOR_AMD=y CONFIG_AMD8111_ETH=m CONFIG_PCNET32=m CONFIG_PCMCIA_NMCLAN=m CONFIG_NET_VENDOR_ARC=y
CONFIG_NET_VENDOR_ATHEROS=y CONFIG_ATL2=m CONFIG_ATL1=m CONFIG_ATL1E=m CONFIG_ATL1C=m CONFIG_ALX=m CONFIG_NET_VENDOR_AURORA=y CONFIG_AURORA_NB8800=m CONFIG_NET_CADENCE=y CONFIG_MACB=m CONFIG_NET_VENDOR_BROADCOM=y CONFIG_B44=m CONFIG_B44_PCI_AUTOSELECT=y CONFIG_B44_PCICORE_AUTOSELECT=y CONFIG_B44_PCI=y CONFIG_BCMGENET=m CONFIG_BNX2=m CONFIG_CNIC=m CONFIG_TIGON3=m CONFIG_BNX2X=m CONFIG_BNX2X_SRIOV=y
CONFIG_BNXT=m CONFIG_BNXT_SRIOV=y CONFIG_NET_VENDOR_BROCADE=y CONFIG_BNA=m CONFIG_NET_VENDOR_CAVIUM=y CONFIG_THUNDER_NIC_PF=m
CONFIG_THUNDER_NIC_BGX=m CONFIG_THUNDER_NIC_RGX=m CONFIG_LIQUIDIO=m CONFIG_NET_VENDOR_CHELSIO=y CONFIG_CHELSIO_T1=m CONFIG_CHELSIO_T1_1G=y CONFIG_CHELSIO_T3=m CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4VF=m CONFIG_NET_VENDOR_CISCO=y CONFIG_ENIC=m CONFIG_CX_ECAT=m CONFIG_DNET=m CONFIG_NET_VENDOR_DEC=y CONFIG_NET_TULIP=y CONFIG_DE2104X=m CONFIG_DE2104X_DSL=0 CONFIG_TULIP=m
CONFIG_TULIP_MMIO=y
CONFIG_DE4X5=m CONFIG_WINBOND_840=m CONFIG_DM9102=m CONFIG_ULI526X=m CONFIG_PCMCIA_XIRCOM=m CONFIG_NET_VENDOR_DLINK=y CONFIG_DL2K=m CONFIG_SUNDANCE=m
CONFIG_NET_VENDOR_EMULEX=y CONFIG_BE2NET=m CONFIG_BE2NET_HWMON=y CONFIG_NET_VENDOR_EZCHIP=y
CONFIG_NET_VENDOR_EXAR=y CONFIG_S2IO=m CONFIG_VXGE=m
CONFIG_NET_VENDOR_FUJITSU=y CONFIG_PCMCIA_FMVJ18X=m CONFIG_NET_VENDOR_HP=y CONFIG_HP100=m CONFIG_NET_VENDOR_INTEL=y CONFIG_E100=m CONFIG_E1000=m CONFIG_E1000E=m CONFIG_E1000E_HWTS=y CONFIG_IGB=m CONFIG_IGB_HWMON=y CONFIG_IGB_DCA=y CONFIG_IGBVF=m CONFIG_IXGB=m CONFIG_IXGBE=m CONFIG_IXGBE_HWMON=y CONFIG_IXGBE_DCA=y CONFIG_IXGBEVF=m CONFIG_I40E=m CONFIG_I40EVF=m CONFIG_FM10K=m CONFIG_NET_VENDOR_I825XX=y CONFIG_JME=m CONFIG_NET_VENDOR_MARVELL=y CONFIG_MVMDIO=m
CONFIG_SKGE=m
CONFIG_SKGE_GENESIS=y CONFIG_SKY2=m
CONFIG_NET_VENDOR_MELLANOX=y CONFIG_MLX4_EN=m CONFIG_MLX4_CORE=m CONFIG_MLX4_DEBUG=y CONFIG_MLX5_CORE=m CONFIG_MLX5_CORE_EN=y CONFIG_MLXSW_CORE=m CONFIG_MLXSW_CORE_HWMON=y CONFIG_MLXSW_PCI=m CONFIG_NET_VENDOR_MICREL=y CONFIG_KS8842=m CONFIG_KS8851=m CONFIG_KS8851_MLL=m CONFIG_KSZ884X_PCI=m CONFIG_NET_VENDOR_MICROCHIP=y CONFIG_ENC28J60=m
CONFIG_ENCX24J600=m CONFIG_NET_VENDOR_MYRI=y CONFIG_MYRI10GE=m CONFIG_MYRI10GE_DCA=y CONFIG_FEALNX=m CONFIG_NET_VENDOR_NATSEMI=y CONFIG_NATSEMI=m CONFIG_NS83820=m CONFIG_NET_VENDOR_NETRONOME=y CONFIG_NFP_NETVF=m
CONFIG_NET_VENDOR_8390=y CONFIG_PCMCIA_AXNET=m CONFIG_NE2K_PCI=m CONFIG_PCMCIA_PCNET=m CONFIG_NET_VENDOR_NVIDIA=y CONFIG_FORCEDETH=m CONFIG_NET_VENDOR_OKI=y CONFIG_ETHOC=m CONFIG_NET_PACKET_ENGINE=y CONFIG_HAMACHI=m CONFIG_YELLOWFIN=m CONFIG_NET_VENDOR_QLOGIC=y CONFIG_QLA3XXX=m CONFIG_QLCNIC=m CONFIG_QLCNIC_SRIOV=y CONFIG_QLCNIC_HWMON=y CONFIG_QLGE=m CONFIG_NETXEN_NIC=m CONFIG_QED=m CONFIG_QED_SRIOV=y CONFIG_QEDE=m CONFIG_NET_VENDOR_QUALCOMM=y
CONFIG_NET_VENDOR_REALTEK=y CONFIG_ATP=m CONFIG_8139CP=m CONFIG_8139TOO=m CONFIG_8139TOO_PIO=y CONFIG_8139TOO_TUNE_TWISTER=y CONFIG_8139TOO_8129=y
CONFIG_R8169=m CONFIG_NET_VENDOR_RENESAS=y CONFIG_NET_VENDOR_RDC=y CONFIG_R6040=m CONFIG_NET_VENDOR_ROCKER=y CONFIG_NET_VENDOR_SAMSUNG=y CONFIG_SXGBE_ETH=m CONFIG_NET_VENDOR_SEEQ=y CONFIG_NET_VENDOR_SILAN=y CONFIG_SC92031=m CONFIG_NET_VENDOR_SIS=y CONFIG_SIS900=m CONFIG_SIS190=m CONFIG_SFC=m CONFIG_SFC_MTD=y CONFIG_SFC_MCDI_MON=y CONFIG_SFC_SRIOV=y CONFIG_SFC_MCDI_LOGGING=y CONFIG_NET_VENDOR_SMSC=y CONFIG_PCMCIA_SMC91C92=m CONFIG_EPIC100=m CONFIG_SMSC911X=m
CONFIG_SMSC9420=m CONFIG_NET_VENDOR_STMICRO=y CONFIG_STMMAC_ETH=m CONFIG_STMMAC_PLATFORM=m CONFIG_DWMAC_GENERIC=m CONFIG_STMMAC_PCI=m CONFIG_NET_VENDOR_SUN=y CONFIG_HAPPYMEAL=m CONFIG_SUNGEM=m CONFIG_CASSINI=m CONFIG_NIU=m CONFIG_NET_VENDOR_SYNOPSYS=y CONFIG_SYNOPSYS_DWC_ETH_QOS=m CONFIG_NET_VENDOR_TEHUTI=y CONFIG_TEHUTI=m CONFIG_NET_VENDOR_TI=y
CONFIG_TLAN=m CONFIG_NET_VENDOR_VIA=y CONFIG_VIA_RHINE=m CONFIG_VIA_RHINE_MMIO=y CONFIG_VIA_VELOCITY=m CONFIG_NET_VENDOR_WIZNET=y CONFIG_WIZNET_W5100=m CONFIG_WIZNET_W5300=m
CONFIG_WIZNET_BUS_ANY=y CONFIG_WIZNET_W5100_SPI=m CONFIG_NET_VENDOR_XIRCOM=y CONFIG_PCMCIA_XIRC2PS=m
CONFIG_NET_SB1000=m CONFIG_PHYLIB=m CONFIG_SWPHY=y
#
#
CONFIG_MDIO_BITBANG=m
CONFIG_MDIO_CAVIUM=m CONFIG_MDIO_GPIO=m
CONFIG_MDIO_OCTEON=m CONFIG_MDIO_THUNDER=m
#
# CONFIG_AMD_PHY=m CONFIG_AQUANTIA_PHY=m CONFIG_AT803X_PHY=m CONFIG_BCM7XXX_PHY=m CONFIG_BCM87XX_PHY=m CONFIG_BCM_NET_PHYLIB=m CONFIG_BROADCOM_PHY=m CONFIG_CICADA_PHY=m CONFIG_DAVICOM_PHY=m CONFIG_DP83848_PHY=m CONFIG_DP83867_PHY=m CONFIG_FIXED_PHY=m CONFIG_ICPLUS_PHY=m CONFIG_INTEL_XWAY_PHY=m CONFIG_LSI_ET1011C_PHY=m CONFIG_LXT_PHY=m CONFIG_MARVELL_PHY=m CONFIG_MICREL_PHY=m CONFIG_MICROCHIP_PHY=m CONFIG_MICROSEMI_PHY=m CONFIG_NATIONAL_PHY=m CONFIG_QSEMI_PHY=m CONFIG_REALTEK_PHY=m CONFIG_SMSC_PHY=m CONFIG_STE10XP=m CONFIG_TERANETICS_PHY=m CONFIG_VITESSE_PHY=m
CONFIG_MICREL_KS8995MA=m CONFIG_PLIP=m CONFIG_PPP=m CONFIG_PPP_BSDCOMP=m CONFIG_PPP_DEFLATE=m CONFIG_PPP_FILTER=y CONFIG_PPP_MPPE=m CONFIG_PPP_MULTILINK=y CONFIG_PPPOE=m CONFIG_PPPOL2TP=m CONFIG_PPPOLAC=m CONFIG_PPPOPNS=m CONFIG_PPP_ASYNC=m CONFIG_PPP_SYNC_TTY=m CONFIG_SLIP=m CONFIG_SLHC=m
CONFIG_USB_NET_DRIVERS=y CONFIG_USB_CATC=m CONFIG_USB_KAWETH=m CONFIG_USB_PEGASUS=m CONFIG_USB_RTL8150=m CONFIG_USB_RTL8152=m CONFIG_USB_LAN78XX=m CONFIG_USB_USBNET=m CONFIG_USB_NET_AX8817X=m CONFIG_USB_NET_AX88179_178A=m CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m CONFIG_USB_NET_CDC_NCM=m CONFIG_USB_NET_HUAWEI_CDC_NCM=m CONFIG_USB_NET_CDC_MBIM=m CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SR9700=m CONFIG_USB_NET_SR9800=m CONFIG_USB_NET_SMSC75XX=m CONFIG_USB_NET_SMSC95XX=m CONFIG_USB_NET_GL620A=m CONFIG_USB_NET_NET1080=m CONFIG_USB_NET_PLUSB=m CONFIG_USB_NET_MCS7830=m CONFIG_USB_NET_RNDIS_HOST=m CONFIG_USB_NET_CDC_SUBSET_ENABLE=m CONFIG_USB_NET_CDC_SUBSET=m CONFIG_USB_ALI_M5632=y CONFIG_USB_AN2720=y CONFIG_USB_BELKIN=y CONFIG_USB_ARMLINUX=y CONFIG_USB_EPSON2888=y CONFIG_USB_KC2190=y CONFIG_USB_NET_ZAURUS=m CONFIG_USB_NET_CX82310_ETH=m CONFIG_USB_NET_KALMIA=m CONFIG_USB_NET_QMI_WWAN=m CONFIG_USB_NET_INT51X1=m CONFIG_USB_CDC_PHONET=m CONFIG_USB_IPHETH=m CONFIG_USB_SIERRA_NET=m CONFIG_USB_VL600=m CONFIG_USB_NET_CH9200=m CONFIG_WLAN=y
CONFIG_WLAN_VENDOR_INTEL=y
#
#
CONFIG_XEN_NETDEV_FRONTEND=y CONFIG_VMXNET3=m
CONFIG_HYPERV_NET=m
CONFIG_NVM=y
#
# CONFIG_INPUT=y CONFIG_INPUT_LEDS=y CONFIG_INPUT_FF_MEMLESS=y CONFIG_INPUT_POLLDEV=m CONFIG_INPUT_SPARSEKMAP=m CONFIG_INPUT_MATRIXKMAP=m
#
# CONFIG_INPUT_MOUSEDEV=y CONFIG_INPUT_MOUSEDEV_PSAUX=y CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 CONFIG_INPUT_JOYDEV=m CONFIG_INPUT_EVDEV=y CONFIG_INPUT_EVBUG=m CONFIG_INPUT_KEYRESET=y CONFIG_INPUT_KEYCOMBO=y
#
# CONFIG_INPUT_KEYBOARD=y
CONFIG_KEYBOARD_ATKBD=m CONFIG_KEYBOARD_QT1070=m CONFIG_KEYBOARD_QT2160=m
CONFIG_KEYBOARD_GPIO=m
CONFIG_KEYBOARD_MATRIX=m
CONFIG_KEYBOARD_XTKBD=m
CONFIG_INPUT_MOUSE=y CONFIG_MOUSE_PS2=m CONFIG_MOUSE_PS2_ALPS=y CONFIG_MOUSE_PS2_BYD=y CONFIG_MOUSE_PS2_LOGIPS2PP=y CONFIG_MOUSE_PS2_SYNAPTICS=y CONFIG_MOUSE_PS2_CYPRESS=y CONFIG_MOUSE_PS2_LIFEBOOK=y CONFIG_MOUSE_PS2_TRACKPOINT=y CONFIG_MOUSE_PS2_ELANTECH=y CONFIG_MOUSE_PS2_SENTELIC=y CONFIG_MOUSE_PS2_TOUCHKIT=y CONFIG_MOUSE_PS2_FOCALTECH=y
CONFIG_MOUSE_SERIAL=m CONFIG_MOUSE_APPLETOUCH=m CONFIG_MOUSE_BCM5974=m CONFIG_MOUSE_CYAPA=m CONFIG_MOUSE_ELAN_I2C=m CONFIG_MOUSE_ELAN_I2C_I2C=y CONFIG_MOUSE_ELAN_I2C_SMBUS=y CONFIG_MOUSE_VSXXXAA=m CONFIG_MOUSE_GPIO=m CONFIG_MOUSE_SYNAPTICS_I2C=m CONFIG_MOUSE_SYNAPTICS_USB=m CONFIG_INPUT_JOYSTICK=y CONFIG_JOYSTICK_ANALOG=m CONFIG_JOYSTICK_A3D=m CONFIG_JOYSTICK_ADI=m CONFIG_JOYSTICK_COBRA=m CONFIG_JOYSTICK_GF2K=m CONFIG_JOYSTICK_GRIP=m CONFIG_JOYSTICK_GRIP_MP=m CONFIG_JOYSTICK_GUILLEMOT=m CONFIG_JOYSTICK_INTERACT=m CONFIG_JOYSTICK_SIDEWINDER=m CONFIG_JOYSTICK_TMDC=m CONFIG_JOYSTICK_IFORCE=m CONFIG_JOYSTICK_IFORCE_USB=y CONFIG_JOYSTICK_IFORCE_232=y CONFIG_JOYSTICK_WARRIOR=m CONFIG_JOYSTICK_MAGELLAN=m CONFIG_JOYSTICK_SPACEORB=m CONFIG_JOYSTICK_SPACEBALL=m CONFIG_JOYSTICK_STINGER=m CONFIG_JOYSTICK_TWIDJOY=m CONFIG_JOYSTICK_ZHENHUA=m CONFIG_JOYSTICK_DB9=m CONFIG_JOYSTICK_GAMECON=m CONFIG_JOYSTICK_TURBOGRAFX=m CONFIG_JOYSTICK_AS5011=m CONFIG_JOYSTICK_JOYDUMP=m CONFIG_JOYSTICK_XPAD=m CONFIG_JOYSTICK_XPAD_FF=y CONFIG_JOYSTICK_XPAD_LEDS=y CONFIG_JOYSTICK_WALKERA0701=m CONFIG_INPUT_TABLET=y CONFIG_TABLET_USB_ACECAD=m CONFIG_TABLET_USB_AIPTEK=m CONFIG_TABLET_USB_GTCO=m CONFIG_TABLET_USB_HANWANG=m CONFIG_TABLET_USB_KBTAB=m CONFIG_TABLET_USB_PEGASUS=m CONFIG_TABLET_SERIAL_WACOM4=m CONFIG_INPUT_TOUCHSCREEN=y CONFIG_TOUCHSCREEN_PROPERTIES=y CONFIG_TOUCHSCREEN_ADS7846=m CONFIG_TOUCHSCREEN_AD7877=m CONFIG_TOUCHSCREEN_AD7879=m CONFIG_TOUCHSCREEN_AD7879_I2C=m CONFIG_TOUCHSCREEN_AD7879_SPI=m CONFIG_TOUCHSCREEN_AR1021_I2C=m CONFIG_TOUCHSCREEN_ATMEL_MXT=m
CONFIG_TOUCHSCREEN_AUO_PIXCIR=m CONFIG_TOUCHSCREEN_BU21013=m CONFIG_TOUCHSCREEN_CHIPONE_ICN8318=m
CONFIG_TOUCHSCREEN_CYTTSP_CORE=m CONFIG_TOUCHSCREEN_CYTTSP_I2C=m CONFIG_TOUCHSCREEN_CYTTSP_SPI=m CONFIG_TOUCHSCREEN_CYTTSP4_CORE=m CONFIG_TOUCHSCREEN_CYTTSP4_I2C=m CONFIG_TOUCHSCREEN_CYTTSP4_SPI=m CONFIG_TOUCHSCREEN_DYNAPRO=m CONFIG_TOUCHSCREEN_HAMPSHIRE=m CONFIG_TOUCHSCREEN_EETI=m CONFIG_TOUCHSCREEN_EGALAX=m CONFIG_TOUCHSCREEN_EGALAX_SERIAL=m CONFIG_TOUCHSCREEN_FUJITSU=m CONFIG_TOUCHSCREEN_GOODIX=m CONFIG_TOUCHSCREEN_ILI210X=m CONFIG_TOUCHSCREEN_GUNZE=m CONFIG_TOUCHSCREEN_EKTF2127=m CONFIG_TOUCHSCREEN_ELAN=m CONFIG_TOUCHSCREEN_ELO=m CONFIG_TOUCHSCREEN_WACOM_W8001=m CONFIG_TOUCHSCREEN_WACOM_I2C=m CONFIG_TOUCHSCREEN_MAX11801=m CONFIG_TOUCHSCREEN_MCS5000=m CONFIG_TOUCHSCREEN_MMS114=m
CONFIG_TOUCHSCREEN_MTOUCH=m CONFIG_TOUCHSCREEN_IMX6UL_TSC=m CONFIG_TOUCHSCREEN_INEXIO=m CONFIG_TOUCHSCREEN_MK712=m CONFIG_TOUCHSCREEN_PENMOUNT=m CONFIG_TOUCHSCREEN_EDT_FT5X06=m CONFIG_TOUCHSCREEN_TOUCHRIGHT=m CONFIG_TOUCHSCREEN_TOUCHWIN=m CONFIG_TOUCHSCREEN_UCB1400=m CONFIG_TOUCHSCREEN_PIXCIR=m CONFIG_TOUCHSCREEN_WDT87XX_I2C=m
CONFIG_TOUCHSCREEN_USB_COMPOSITE=m CONFIG_TOUCHSCREEN_USB_EGALAX=y CONFIG_TOUCHSCREEN_USB_PANJIT=y CONFIG_TOUCHSCREEN_USB_3M=y CONFIG_TOUCHSCREEN_USB_ITM=y CONFIG_TOUCHSCREEN_USB_ETURBO=y CONFIG_TOUCHSCREEN_USB_GUNZE=y CONFIG_TOUCHSCREEN_USB_DMC_TSC10=y CONFIG_TOUCHSCREEN_USB_IRTOUCH=y CONFIG_TOUCHSCREEN_USB_IDEALTEK=y CONFIG_TOUCHSCREEN_USB_GENERAL_TOUCH=y CONFIG_TOUCHSCREEN_USB_GOTOP=y CONFIG_TOUCHSCREEN_USB_JASTEC=y CONFIG_TOUCHSCREEN_USB_ELO=y CONFIG_TOUCHSCREEN_USB_E2I=y CONFIG_TOUCHSCREEN_USB_ZYTRONIC=y CONFIG_TOUCHSCREEN_USB_ETT_TC45USB=y CONFIG_TOUCHSCREEN_USB_NEXIO=y CONFIG_TOUCHSCREEN_USB_EASYTOUCH=y CONFIG_TOUCHSCREEN_TOUCHIT213=m CONFIG_TOUCHSCREEN_TSC_SERIO=m CONFIG_TOUCHSCREEN_TSC200X_CORE=m CONFIG_TOUCHSCREEN_TSC2004=m CONFIG_TOUCHSCREEN_TSC2005=m CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_RM_TS=m CONFIG_TOUCHSCREEN_SILEAD=m CONFIG_TOUCHSCREEN_SIS_I2C=m CONFIG_TOUCHSCREEN_ST1232=m CONFIG_TOUCHSCREEN_SUR40=m CONFIG_TOUCHSCREEN_SURFACE3_SPI=m CONFIG_TOUCHSCREEN_SX8654=m CONFIG_TOUCHSCREEN_TPS6507X=m CONFIG_TOUCHSCREEN_ZFORCE=m CONFIG_TOUCHSCREEN_ROHM_BU21023=m CONFIG_TOUCHSCREEN_NWFERMI=m CONFIG_TOUCHSCREEN_DWAV_USB_MT=m CONFIG_INPUT_MISC=y CONFIG_INPUT_88PM80X_ONKEY=m CONFIG_INPUT_AD714X=m CONFIG_INPUT_AD714X_I2C=m CONFIG_INPUT_AD714X_SPI=m
C
-- Eredeti ĂĽzenet -- FeladĂł: fgvhcw<notifications@github.com>CĂmzett: QubesOS/qubes-issues<qubes-issues@noreply.github.com>, Mention<mention@noreply.github.com>ElkĂĽldve: 2018. november 17. 5:20Tárgy : Re: [QubesOS/qubes-issues] Consider support for Android VMs (#2233)
@mat-rex Can you please upload the working kernel config? The config that you posted in qubes-users got truncated when you copied it between VMs.
— You are receiving this because you were mentioned . Reply to this email directly, view it on GitHub, or mute the thread.
Citromail.hu levelezőrendszerből küldve
Lépj be vagy regisztrálj
A post with detailed setup (including build from source) instruction for Android x86 in a Standalone VM on Qubes 4.0: https://groups.google.com/d/msgid/qubes-users/53bdab0a-8c70-4fc3-9d4b-224b43849946%40googlegroups.com
Manged to run Anbox inside Whonix-Workstation.
https://www.whonix.org/wiki/Anbox
It should be very much possible to port these instructions to Debian buster
based and possibly other VMs too.
I wouldn't recommend Anbox since the security model and mitigations within it are missing / broken.
@adrelanos Could you please provide a guide on how you accomplished to run Anbox inside Whonix-WS 15? I followed the directions in the Whonix Wiki but it doesn't say how to tackle the in-VM kernel issue. Can it be done in PHV mode? @marmarek That solution doesn't offer clipboard or file sharing between VMs
Linnxam:
@adrelanos Could you please provide a guide on how you accomplished to run Anbox inside Whonix-WS 15?
https://www.whonix.org/wiki/Anbox is sufficient as is.
I followed the directions in the Whonix Wiki but it doesn't say how to tackle the in-VM kernel issue. Can it be done in PHV mode?
Set up Qubes VM kernel first.
https://www.qubes-os.org/doc/managing-vm-kernel/
Qubes VM kernel is unspecific to Whonix. I am not an export for Qubes VM kernel. Please contact Qubes support.
https://www.qubes-os.org/support/
Once Qubes VM kernel is functional, instructions https://www.whonix.org/wiki/Anbox should work as is.
@adrelanos The idea is to install the kernel from within the VM and not having to change anything in dom0, similar to how you can do it with a cloned Debian-10 TemplateVM by selecting 'none' as kernel. Is there any way to make that work for Whonix-ws? Alternatively I could also continue with the cloned Debian TemplateVM but once I installed Anbox and ran it, it started up but the Anbox windows were just blank white. I was able to interact with objects within the window by clicking them, but the weird graphical glitch prevented me from seeing what I was clicking.
The idea is to install the kernel from within the VM and not having to change anything in dom0, similar to how you can do it with a cloned Debian-10 TemplateVM by selecting 'none' as kernel. Is there any way to make that work for Whonix-ws?
Qubes VM kernel works the same in Whonix as it works in Debian.
Alternatively I could also continue with the cloned Debian TemplateVM but once I installed Anbox and ran it, it started up but the Anbox windows were just blank white. I was able to interact with objects within the window by clicking them, but the weird graphical glitch prevented me from seeing what I was clicking.
I have no idea.
Can you (or someone) help me figure out the problem? I just reproduced it with a fresh install (RC 4.0.2 iso). Steps to reproduce:
When hovering the mouse over the window and clicking in random places, new windows will pop up (e.g. 'Files') but they'll also launch in a blank window where you can't see anything. Any troubleshooting advice?
The kernels are installed correctly ls -1 /dev/{ashmem,binder} /dev/ashmem /dev/binder And Anbox services seem to be running fine sudo systemctl status anbox-container-manager.service
@adrelanos The solution was to enable software rendering because Qubes doesn't support OpenGL within VMs. I'm surprised that you managed to run it, the Whonix guide doesn't instruct to enable software rendering. snap set anbox software-rendering.enable=true snap restart anbox.container-manager
I'll tag @marmarek here too The reason I wanted an Android VM is to be able to use proprietary apps that also function offline, and generally for other testing purposes. So after downloading the apps I cut networking to the Android VM to make sure they don't call home and due to other security concerns, as @thestinger previously mentioned. Now I'd like to make sure the VM itself leaves no traces in QubesOS. Is it possible to set the whole VM to read-only to make sure nothing gets written to disk?
You can use Disposable VM out of this VM (on R4.0 you need TemplateVM -> AppVM and then DispVM from this AppVM). Not really "nothing gets written to disk", but "all modifications are discarded on shutdown". See https://www.qubes-os.org/doc/disposablevm-customization/
@marmarek it's a standalone Debian-10 VM (HVM) The goal is to have an offline & read-only Android container that doesn't write/leak anything into OS/disk. Not really looking for an "all modifications are discarded on shutdown", but making the whole VM read-only. Can I do this from either outside (dom0) or from the inside (VM)? If it's not possible, what would be the best approach to not let Anbox/Android apps write anything on disk and only execute in RAM?
You can try setting its volumes to read-only using qvm-volume config <vmname>:<volume> rw False
for each volume. Haven't tried it before ;)
Writing to the VM from outside (dom0) is clearly possible. After all, dom0 can discard your VM and create a new one…
Ad execution only in RAM – do you really need it? I think, the purpose of execution only in RAM is that an adversary that gets a temporary access to the VM cannot extend it indefinitely, right? If so, then disposableVMs satisfy this requirement.
Maybe you are also concerned about keeping traces from old runs. Yes, this would be better handled in RAM-only execution. However, in such case, you need OS+apps ready for that or you need to store temporary writes in the RAM, which can potentially result in need of a large amount of RAM. As a tradeoff, one could store those temporary modifications on SSD (or HDD) encrypted by a per-boot key stored in RAM. I have experimented with that in the past, see https://github.com/QubesOS/qubes-issues/issues/904 . I am however not sure if there is a good solution for today's Qubes version – by default, LVM snapshots are used, which implies the need to store the snapshot on the same volume group, so you cannot encrypt it separately.
@marmarek @v6ak Thanks for the suggestions. I made the private, root & volatile volumes read-only and it wouldn't even start a terminal (although the VM itself booted normally). Leaving private & volatile rw and root read-only resulted in the desired effect, at least superficially. qvm-volume config Android:root rw False
Let me give you an example: One of the many good proprietary apps would be Google Translate, it's very interesting to be able to read foreign forums & comments but I can do without Google tracking translation in real time and calling home constantly Easy: download offline languages, cut network VM Next problem: I don't necessarily want all those translation to dwell somewhere on my disk as I obviously don't know what I'm going to translate. So I tested it out, translated a couple sentences from Korean to English, shut down the VM, started it again and then Google Translate showed me my last translations so obviously it's getting stored on the disk.
I made the root volume read-only and tried again. When translating Korean sentences to English and closing the app, then starting it again, it shows my last translations, but when rebooting the VM they're gone now. Is there a way to verify if they still get written to the fs somewhere or if everything is done in RAM now?
Over the years, many Qubes users on the mailing lists have expressed the desire to be able to run some kind of Android VM (e.g., HVM) under Qubes OS.