darkforge/kernel/config

#
# DarkForge Linux — Kernel Configuration
# Target: Linux 6.19.8
# Hardware: AMD Ryzen 9 9950X3D / ASUS ROG CROSSHAIR X870E HERO / RTX 5090
# Generated: 2026-03-19
#
# Every non-default choice has a comment explaining WHY it was set.
# This config is hardware-specific — it targets exactly one machine.
#
# Usage:
#   cp config /path/to/linux-6.19.8/.config
#   cd /path/to/linux-6.19.8
#   make olddefconfig   # fill in any new options with defaults
#   make -j32
#

# =============================================================================
# GENERAL SETUP
# =============================================================================

CONFIG_LOCALVERSION="-darkforge"
# Tag the kernel so we can identify our build in uname -r

CONFIG_DEFAULT_HOSTNAME="darkforge"
# Matches the system hostname from rc.conf

CONFIG_SYSVIPC=y
# Required by many applications (wine, steam, etc.)

CONFIG_POSIX_MQUEUE=y
# POSIX message queues — needed by some build systems and dbus

CONFIG_AUDIT=n
# Disable audit subsystem — not needed for a single-user gaming/dev machine

CONFIG_CGROUPS=y
# Control groups — needed by gamemode, containers, and some system tools

CONFIG_NAMESPACES=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
# Namespaces — required by dpack build sandboxing (bubblewrap)

CONFIG_CHECKPOINT_RESTORE=n
# CRIU not needed

CONFIG_BPF_SYSCALL=y
# Extended BPF — useful for performance tools (perf, bpftrace)

CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
# Embed the .config in the kernel and expose via /proc/config.gz
# Invaluable for debugging and rebuilding

# =============================================================================
# CPU — AMD Ryzen 9 9950X3D (Zen 5, 16C/32T, 3D V-Cache)
# =============================================================================

CONFIG_PROCESSOR_SELECT=y
CONFIG_CPU_SUP_AMD=y
CONFIG_CPU_SUP_INTEL=n
# Only AMD support needed — no Intel CPUs on this system

# CONFIG_MZEN5 if available in 6.19, otherwise fall back to MZEN4
# TODO: Verify CONFIG_MZEN5 exists in 6.19 kernel headers.
# GCC 15.2.0 supports znver5 but kernel CONFIG symbol may still be MZEN4.
CONFIG_MZEN4=y
# Zen 4 is the closest available optimization level in most 6.19 builds.
# The kernel's internal CPU model selection; compiler flags (-march=znver5)
# are set separately in CFLAGS and provide the real Zen 5 optimization.

CONFIG_X86_X2APIC=y
# Extended APIC — required for >8 core AMD systems

CONFIG_NR_CPUS=64
# Support up to 64 logical CPUs (9950X3D has 32 threads)
# Slightly over-provisioned for future flexibility

CONFIG_SMP=y
# Symmetric Multi-Processing — obviously needed for 16 cores

CONFIG_SCHED_MC=y
# Multi-core scheduler support — aware of CCD/CCX topology

CONFIG_X86_MCE=y
CONFIG_X86_MCE_AMD=y
# Machine Check Exception — hardware error reporting

CONFIG_MICROCODE=y
CONFIG_MICROCODE_AMD=y
# AMD CPU microcode loading — critical for stability and security patches
# Loaded early via initramfs

CONFIG_AMD_MEM_ENCRYPT=y
# Secure Memory Encryption (SME) — available on Zen 5

CONFIG_AMD_PMC=y
# Platform Management Controller — power state management

CONFIG_X86_AMD_PSTATE=y
CONFIG_X86_AMD_PSTATE_DEFAULT_MODE=3
# AMD P-State EPP driver — preferred over acpi-cpufreq for Zen 5
# Mode 3 = guided autonomous mode (best for gaming — lets firmware optimize)

CONFIG_CPU_FREQ=y
CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL=y
CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y
CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
CONFIG_CPU_FREQ_GOV_POWERSAVE=y
# CPU frequency scaling — schedutil is the default (integrates with scheduler)
# Performance governor available for benchmarks, powersave for idle

# =============================================================================
# SCHEDULER
# =============================================================================

# EEVDF is the default scheduler in 6.19 (replaced CFS in 6.6)
# No CONFIG option needed — it's the only option unless BORE patch is applied
# If BORE is desired later, apply the patch and rebuild

CONFIG_PREEMPT=y
# Full kernel preemption — critical for low-latency gaming
# Trades throughput for responsiveness, which is exactly what we want

CONFIG_HZ_1000=y
# 1000Hz timer tick — lowest latency scheduler tick rate
# Important for gaming input responsiveness

CONFIG_NO_HZ_FULL=y
# Full tickless mode — no timer interrupts on idle cores
# Reduces power and latency when cores aren't busy

CONFIG_HIGH_RES_TIMERS=y
# High-resolution timers — sub-millisecond precision for game loops

# =============================================================================
# MEMORY
# =============================================================================

CONFIG_TRANSPARENT_HUGEPAGE=y
CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y
# THP via madvise only — let applications opt in (games often benefit)
# Not always-on to avoid fragmentation issues

CONFIG_KSM=y
# Kernel Same-page Merging — useful for VMs and wine prefixes

CONFIG_ZSWAP=y
CONFIG_ZSWAP_DEFAULT_ON=y
CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD=y
# Compressed swap cache — reduces swap I/O for the 96GB swap partition
# Zstd gives best compression ratio for swap data

CONFIG_HIBERNATION=y
# Hibernate support — requires the 96GB swap partition >= RAM size

# =============================================================================
# STORAGE — Samsung 9100 PRO NVMe (PCIe 5.0 x4)
# =============================================================================

CONFIG_BLK_DEV_NVME=y
# NVMe driver built-in (not module) — root filesystem is on NVMe
# Must be built-in for EFISTUB boot without initramfs

CONFIG_NVME_MULTIPATH=n
# Single NVMe drive — no multipath needed

CONFIG_BLK_DEV_LOOP=y
# Loop devices — needed for ISO mounting and squashfs

CONFIG_BLK_DEV_DM=n
# Device mapper — not needed (no LVM, no LUKS)

# =============================================================================
# FILESYSTEM
# =============================================================================

CONFIG_EXT4_FS=y
# ext4 built-in — root filesystem, must not be a module

CONFIG_EXT4_FS_POSIX_ACL=y
# POSIX ACLs on ext4 — needed by some applications

CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y
# tmpfs for /tmp, /run, and build sandboxes

CONFIG_VFAT_FS=y
CONFIG_FAT_DEFAULT_UTF8=y
# FAT/VFAT for the EFI System Partition

CONFIG_FUSE_FS=y
# FUSE — needed for NTFS3, appimage, and user-space filesystems

CONFIG_SQUASHFS=y
CONFIG_SQUASHFS_XZ=y
CONFIG_SQUASHFS_ZSTD=y
# Squashfs for the live ISO root filesystem

CONFIG_PROC_FS=y
CONFIG_SYSFS=y
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
# Essential virtual filesystems — devtmpfs auto-mount required for eudev

CONFIG_EFI_PARTITION=y
CONFIG_EFIVAR_FS=y
CONFIG_EFI_STUB=y
# *** CRITICAL *** — EFI stub enables the kernel to boot directly via UEFI
# This is how DarkForge boots: no bootloader, kernel IS the EFI binary

CONFIG_EFI=y
CONFIG_EFI_MIXED=n
# Pure 64-bit UEFI — no 32-bit EFI compatibility needed

# =============================================================================
# GPU — NVIDIA RTX 5090 (Blackwell, GB202)
# =============================================================================

CONFIG_DRM=y
CONFIG_DRM_KMS_HELPER=y
# Direct Rendering Manager — base graphics subsystem

CONFIG_DRM_NOUVEAU=n
# Disable nouveau — we use nvidia-open kernel modules exclusively
# Nouveau doesn't support RTX 5090 and would conflict

CONFIG_DRM_SIMPLEDRM=y
# Simple framebuffer driver — provides console output before nvidia loads
# This gives us a visible boot console via UEFI framebuffer

CONFIG_FB=y
CONFIG_FB_EFI=y
# EFI framebuffer — early boot display before nvidia-drm takes over

# nvidia-open modules (nvidia, nvidia-modeset, nvidia-drm, nvidia-uvm)
# are built out-of-tree and loaded via /etc/rc.conf MODULES array
# Minimum driver version: 570.86.16+ for RTX 5090

# =============================================================================
# NETWORK — Realtek RTL8125BN (2.5GbE on X870E Hero)
# =============================================================================

CONFIG_NETDEVICES=y
CONFIG_ETHERNET=y
CONFIG_NET_VENDOR_REALTEK=y
CONFIG_R8169=y
# Realtek RTL8125BN 2.5GbE controller — the only NIC on this board
# R8169 driver handles the entire RTL8125/8169 family

CONFIG_INET=y
CONFIG_IPV6=y
CONFIG_PACKET=y
CONFIG_UNIX=y
# Basic networking stack — IPv4, IPv6, raw sockets, Unix domain sockets

CONFIG_NETFILTER=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_TABLES=y
CONFIG_NFT_NAT=y
CONFIG_NFT_MASQ=y
# Netfilter with nftables — basic firewall capabilities
# Needed for NAT if running VMs or containers

CONFIG_WIRELESS=n
CONFIG_WLAN=n
# No WiFi — ethernet only (per user decision)

# =============================================================================
# USB — X870E has USB 3.2 Gen2x2 and USB4
# =============================================================================

CONFIG_USB=y
CONFIG_USB_XHCI_HCD=y
CONFIG_USB_XHCI_PCI=y
# xHCI for USB 3.x/4.x host controller

CONFIG_USB4=y
CONFIG_THUNDERBOLT=y
# USB4/Thunderbolt support — X870E has USB4 ports

CONFIG_USB_STORAGE=y
# USB mass storage — for USB drives and the live installer

CONFIG_USB_HID=y
CONFIG_HID=y
CONFIG_HID_GENERIC=y
# HID for USB keyboards, mice, and game controllers

# =============================================================================
# INPUT — Gaming controllers
# =============================================================================

CONFIG_INPUT_JOYSTICK=y
CONFIG_JOYSTICK_XPAD=y
CONFIG_JOYSTICK_XPAD_FF=y
CONFIG_JOYSTICK_XPAD_LEDS=y
# Xbox controller support with force feedback and LED control

CONFIG_HID_SONY=y
# PlayStation controller support (DualShock/DualSense)

CONFIG_HID_STEAM=y
# Steam controller support

CONFIG_INPUT_FF_MEMLESS=y
CONFIG_INPUT_JOYDEV=y
CONFIG_INPUT_EVDEV=y
# Force feedback, joydev, and evdev — required by SDL and gaming

CONFIG_INPUT_TOUCHSCREEN=n
# No touchscreen

# =============================================================================
# SOUND — Onboard Realtek ALC4082
# =============================================================================

CONFIG_SOUND=y
CONFIG_SND=y
CONFIG_SND_HDA_INTEL=y
CONFIG_SND_HDA_CODEC_REALTEK=y
CONFIG_SND_HDA_CODEC_HDMI=y
# HD Audio for onboard Realtek codec and HDMI audio out via GPU
# PipeWire handles the userspace audio routing

CONFIG_SND_USB_AUDIO=y
# USB audio class — for USB DACs, headsets, microphones

CONFIG_SOUND_OSS_CORE=n
# No OSS emulation — ALSA only, PipeWire handles the rest

# =============================================================================
# IOMMU — AMD-Vi (for potential GPU passthrough)
# =============================================================================

CONFIG_AMD_IOMMU=y
CONFIG_AMD_IOMMU_V2=y
CONFIG_IOMMU_DEFAULT_DMA_LAZY=y
# AMD IOMMU enabled for DMA remapping
# Lazy mode is fine for single-GPU, no passthrough currently
# Enables future VFIO/GPU passthrough if needed

# =============================================================================
# VIRTUALIZATION (minimal — for potential future VM use)
# =============================================================================

CONFIG_KVM=y
CONFIG_KVM_AMD=y
CONFIG_KVM_AMD_SEV=n
# KVM for AMD — enables running VMs if needed
# SEV not needed for a gaming workstation

CONFIG_VFIO=y
CONFIG_VFIO_PCI=y
# VFIO for potential GPU passthrough

# =============================================================================
# SECURITY (minimal — single-user system)
# =============================================================================

CONFIG_SECURITY=y
CONFIG_SECCOMP=y
CONFIG_SECCOMP_FILTER=y
# Seccomp — required by bubblewrap (dpack sandbox), Chrome, Steam

CONFIG_SECURITY_SELINUX=n
CONFIG_SECURITY_APPARMOR=n
CONFIG_SECURITY_TOMOYO=n
# No MAC — unnecessary overhead for a single-user system

# =============================================================================
# DISABLE — Things we definitely don't need
# =============================================================================

CONFIG_BLUETOOTH=n
# Disabled per user decision

CONFIG_PCMCIA=n
CONFIG_ISDN=n
CONFIG_INFINIBAND=n
CONFIG_PARPORT=n
CONFIG_I2O=n
CONFIG_TELEPHONY=n
CONFIG_HAMRADIO=n
CONFIG_CAN=n
CONFIG_ATALK=n
CONFIG_X25=n
CONFIG_DECNET=n
CONFIG_ECONET=n
CONFIG_WAN=n
CONFIG_FDDI=n
CONFIG_ATM=n
# Legacy subsystems — none of this hardware exists

CONFIG_DRM_RADEON=n
CONFIG_DRM_AMDGPU=n
CONFIG_DRM_I915=n
# Disable other GPU drivers — only NVIDIA (out-of-tree) on this system

CONFIG_IWLWIFI=n
CONFIG_NET_VENDOR_INTEL=n
CONFIG_NET_VENDOR_BROADCOM=n
CONFIG_NET_VENDOR_QUALCOMM=n
# Disable unused network drivers

CONFIG_INPUT_TOUCHSCREEN=n
CONFIG_INPUT_TABLET=n
CONFIG_INPUT_MISC=n
# Disable unused input devices

# =============================================================================
# MISC
# =============================================================================

CONFIG_PRINTK=y
CONFIG_MAGIC_SYSRQ=y
# SysRq for emergency debugging

CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
# Kernel modules — needed for nvidia-open and other out-of-tree modules

CONFIG_KALLSYMS=y
CONFIG_FUTEX=y
CONFIG_EPOLL=y
CONFIG_SIGNALFD=y
CONFIG_TIMERFD=y
CONFIG_EVENTFD=y
CONFIG_AIO=y
CONFIG_IO_URING=y
# Essential syscalls needed by modern applications

CONFIG_PERF_EVENTS=y
# Performance monitoring — useful for profiling games and builds

CONFIG_DNOTIFY=y
CONFIG_INOTIFY_USER=y
CONFIG_FANOTIFY=y
# Filesystem notifications — needed by many desktop applications

CONFIG_EXPERT=y
# Enable expert mode to access all configuration options