orama/os/buildroot/board/orama/kernel.config

# OramaOS Kernel Configuration (Linux 6.6 LTS)
# This is a minimal config — only what OramaOS needs.
# Start from x86_64 defconfig and overlay these options.

# Architecture
CONFIG_64BIT=y
CONFIG_X86_64=y

# EFI boot (required for systemd-boot)
CONFIG_EFI=y
CONFIG_EFI_STUB=y
CONFIG_EFI_PARTITION=y
CONFIG_EFIVAR_FS=y

# WireGuard (built-in since 5.6, no compat module needed)
CONFIG_WIREGUARD=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_NET_FOU=y
CONFIG_NET_UDP_TUNNEL=y

# dm-verity (read-only rootfs integrity)
CONFIG_BLK_DEV_DM=y
CONFIG_DM_VERITY=y
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y

# dm-crypt / LUKS
CONFIG_DM_CRYPT=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_XTS=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y

# Namespaces (for service sandboxing)
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_IPC_NS=y

# Seccomp (syscall filtering)
CONFIG_SECCOMP=y
CONFIG_SECCOMP_FILTER=y

# Cgroups (resource limiting)
CONFIG_CGROUPS=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PIDS=y
CONFIG_MEMCG=y

# Filesystem support
CONFIG_EXT4_FS=y
CONFIG_SQUASHFS=y
CONFIG_SQUASHFS_XZ=y
CONFIG_VFAT_FS=y

# Block devices
CONFIG_BLK_DEV_LOOP=y
CONFIG_VIRTIO_BLK=y

# Networking
CONFIG_NET=y
CONFIG_INET=y
CONFIG_IPV6=y
CONFIG_NETFILTER=y
CONFIG_NF_CONNTRACK=y
CONFIG_NETFILTER_XTABLES=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_NAT=y

# VirtIO (for QEMU testing and cloud VPS)
CONFIG_VIRTIO=y
CONFIG_VIRTIO_PCI=y
CONFIG_VIRTIO_NET=y
CONFIG_VIRTIO_CONSOLE=y
CONFIG_HW_RANDOM_VIRTIO=y

# Serial console (for QEMU debugging)
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y

# Disable unnecessary features
# CONFIG_SOUND is not set
# CONFIG_USB_SUPPORT is not set
# CONFIG_WLAN is not set
# CONFIG_BLUETOOTH is not set
# CONFIG_NFS_FS is not set
# CONFIG_CIFS is not set