nixos-apple-silicon icon indicating copy to clipboard operation
nixos-apple-silicon copied to clipboard

Published 20 hours ago verified publisher icon tpwrules

Kernel missing some capabilities

Open WhyNotHugo opened this issue 2 years ago • 4 comments

Trying to use wifi with iwd, turns out some options are missing in the kernel:

CONFIG_CRYPTO_USER_API_SKCIPHER
CONFIG_KEY_DH_OPERATIONS
CONFIG_CRYPTO_ECB
CONFIG_CRYPTO_CBC
CONFIG_CRYPTO_DES
CONFIG_CRYPTO_AES

Turning them on would be quick fix, but I think it would make sense to try and base the config on the upstream Nix config, and only override the values specifically needed for running on the M1. Otherwise there will always be more small differences that will break things in unexpected ways. This approach should also reduce the burden of eventually up-streaming the work done here.

The problem is, right now, it's not very clear which flags must change for M1. I'm going to try and diff the asahi kernel config with the defaults and see if the diff is rather small or not.

WhyNotHugo avatar May 17 '22 16:05 WhyNotHugo

Did you get any interesting results from this? I think some options are changing to more sensible defaults and there was a new Asahi kernel release just recently which I will try to incorporate soon. But moving to a stock NixOS kernel config is definitely the best long-term option, I just don't really know how to do it effectively.

tpwrules avatar May 26 '22 02:05 tpwrules

Nothing useful. Asahi is based on ArchLinuxARM, but the Asahi kernel's config is entirely different from ALARM's config (thousands of different values), so that didn't help figure answer "what flags do we need to change for the M1 build".

I also created a new kernel config from scratch and compared that one -- the result was the same.

I do admit that this is not my area of expertise either; my approach is the one of someone who's building but doesn't really know about kernel development.

WhyNotHugo avatar May 26 '22 10:05 WhyNotHugo

I think most of this will be addressed with pull request #10. I didn't enable DES because it's so ancient and broken.

zzywysm avatar Jul 16 '22 02:07 zzywysm

For what its worth, i wrote a script to merge the asahi arch kernel config with the one in this repo to produce a more fully enabled kernel. The config is available here: https://gist.github.com/psanford/84dd1bbffc1d6a81ca8d088551e2dd43

psanford avatar Aug 02 '22 17:08 psanford

The latest release now uses a 99% unmodified config from the Asahi reference distro which looks to have the options you mention. The big obstacle to getting it to boot was figuring out which modules needed to go in the initrd, but I found that out and everything works nicely now.

Still am not sure about moving to a NixOS-generated kernel config just because they are rather bloated. The kernel took about 6 minutes (on my x86 machine) to compile with the cut down config, 12 minutes with the reference distro config, and 50 minutes with a NixOS-generated config (which I didn't try to boot). There's a decent chance GitHub Actions won't give me enough time to build that config and kind of time is annoying during development for me and for users just upgrading their systems.

tpwrules avatar Oct 30 '22 03:10 tpwrules