Kernel Configuration

Use the following configuration settings as a base for an Android kernel configuration. Settings are organized into .cfg files for android-base, android-base-ARCH, and android-recommended:

  • android-base options enable core Android features and should be configured as specified by all devices.
  • android-base-ARCH options enable core Android features and should be configured as specified by all devices of architecture ARCH. Not all architectures have a corresponding file of architecture-specific required options. If your architecture doesn't have a file, it doesn't have additional architecture-specific kernel configuration requirements for Android.
  • android-recommended. These options enable advanced Android features and are optional for devices.

These configuration files are located in the kernel/configs repo. Use the set of configuration files that corresponds to the version of the kernel you are using.

For details on controls already undertaken to strengthen the kernel on your devices, see System and kernel security. For details on required settings, see the Android Compatibility Definition Document (CDD).

Generating kernel config

For devices that have a minimalist defconfig format, use the merge_config.sh script in the kernel tree to enable options:

ARCH=ARCH scripts/kconfig/merge_config.sh <...>/device_defconfig <...>/android-base.cfg <...>/android-base-ARCH.cfg <...>/android-recommended.cfg

This generates a .config file that you can use to save a new defconfig file or compile a new kernel with Android features enabled.

Additional kernel config requirements

In some cases, the platform maintainer can choose from multiple kernel features to satisfy an Android dependency. Such dependencies can't expressed in the kernel config fragment files (described above) because the format for those files doesn't support logical expressions. In Android 9 and higher, Compatibility Test Suite (CTS) and Vendor Test Suite (VTS) verify that the following requirements are satisfied:

  • CONFIG_OF=y or CONFIG_ACPI=y
  • 4.4 and 4.9 kernels have CONFIG_ANDROID_LOW_MEMORY_KILLER=y OR have both CONFIG_MEMCG=y and CONFIG_MEMCG_SWAP=y
  • CONFIG_DEBUG_RODATA=y or CONFIG_STRICT_KERNEL_RWX=y
  • CONFIG_DEBUG_SET_MODULE_RONX=y or CONFIG_STRICT_MODULE_RWX=y
  • For ARM64 only: CONFIG_ARM64_SW_TTBR0_PAN=y or CONFIG_ARM64_PAN=y

In addition, the CONFIG_INET_UDP_DIAG option must be set to y for 4.9 kernels in Android 9 and higher.

Enabling USB host mode options

For USB host mode audio, enable the following options:

CONFIG_SND_USB=y
CONFIG_SND_USB_AUDIO=y
# CONFIG_USB_AUDIO is for a peripheral mode (gadget) driver

For USB host mode MIDI, enable the following option:

CONFIG_SND_USB_MIDI=y

Seccomp BPF with TSYNC

Secure Computing Berkeley Packet Filter (Seccomp BPF) is a kernel security technology that enables the creation of sandboxes that define the context in which a process may make system calls. The thread synchronization (TSYNC) feature enables the use of Seccomp BPF from multithreaded programs. This ability is limited to architectures that have Seccomp support upstream (ARM, ARM64, x86, and x86_64).

Android Live-Lock Daemon

Android 10 includes the Android Live-Lock Daemon (llkd), which is designed to catch and mitigate kernel deadlocks. For details on using llkd, refer to the README.md.

Using vDSO32 on ARM64

Virtual dynamic shared object (vDSO) is an alternative to system calls that, when used and configured correctly, can reduce cycle costs. Android 10 adds support for vDSO32 on 64-bit kernels (Android already supports vDSO64 on 64-bit kernels and vDSO32 on 32-bit kernels). Using vDSO32 (CONFIG_VDSO_COMPAT) on ARM64 architecture provides a 0.4 percent increase in battery life and other performance improvements.

The Linux community is actively working on unifying vDSOs across architectures. You can set up vDSO in your Linux kernel by enabling vDSO32 with CONFIG_COMPAT and CONFIG_CROSS_COMPILE_COMPAT_VDSO with the arm32 compiler triplet. The Android Kernel team has backported older versions of the vDSO patch series into Pixel devices, so you can find examples in Pixel kernel builds (LINUX_FCC_CROSS_COMPILE_ARM32_PREBUILTS_BIN path, CROSS_COMPILE_ARM32 reference, and CONFIG_CROSS_COMPILE_ARM32 config).