kata-containers/kernel/configs/fragments/common/base.conf

# Basic necessary items!

CONFIG_SMP=y
CONFIG_HYPERVISOR_GUEST=y
CONFIG_PARAVIRT=y
CONFIG_KVM_GUEST=y
# Note, no nested VM support enabled here

# Turn off embedded mode, as it disabled 'too much', and we
# no longer pass all the tests. We should refine this, and
# work out which of the ~66 items it enables are really needed.
# I believe this is the actual syntax we need for a fragment to
# disable an item...
# CONFIG_EMBEDDED is not set

# Note, no virt enabled baloon yet
CONFIG_INPUT=y
CONFIG_PRINTK=y
# We use this for metrics!
CONFIG_PRINTK_TIME=y
CONFIG_UNIX98_PTYS=y
CONFIG_FUTEX=y
CONFIG_HIGH_RES_TIMERS=y
CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
CONFIG_GENERIC_MSI_IRQ=y
CONFIG_LEGACY_VSYSCALL_NONE=y
CONFIG_NO_HZ=y
CONFIG_NO_HZ_FULL=y
CONFIG_POSIX_MQUEUE=y
CONFIG_POSIX_TIMERS=y
CONFIG_PROC_SYSCTL=y

CONFIG_SHMEM=y

# For security...
CONFIG_RELOCATABLE=y
# FIXME - check if we should be setting this
# https://github.com/kata-containers/packaging/issues/483
#CONFIG_RANDOMIZE_BASE=y
# FIXME - check if we should be setting this
# https://github.com/kata-containers/packaging/issues/483
# I have a feeling it effects our memory hotplug maybe?
# PHYSICAL_ALIGN=0x1000000
CONFIG_RETPOLINE=y

# This would only affect two drivers, neither of which we have enabled.
# The recommendation is to have it on, and you will see if in a diff if you
# look for differences against the frag generated config - so, add it here as
# a comment to make it clear in the future why we have not set it - as it would
# only add noise to our frags and config.
# PREVENT_FIRMWARE_BUILD=y

# Trust the hardware vendor to initialise the RNG - which can speed up boot.
# This can still be dynamically disabled on the kernel command line/kata config if needed.
# Disable for now, as it upsets the entropy test, and we need to improve those: FIXME: see:
# https://github.com/kata-containers/tests/issues/1543
# CONFIG_RANDOM_TRUST_CPU is not set