Use the following configuration settings as a base for an Android kernel
configuration. Settings are organized into
.cfg files for
android-baseoptions enable core Android features and should be configured as specified by all devices.
android-base-ARCHoptions enable core Android features and should be configured as specified by all devices of architecture ARCH. Not all architectures have a corresponding file of architecture-specific required options. If your architecture doesn't have a file, it doesn't have additional architecture-specific kernel configuration requirements for Android.
android-recommended. These options enable advanced Android features and are optional for devices.
These configuration files are located in the
repo. Use the set of configuration files that corresponds to the version of
the kernel you are using.
For details on controls already undertaken to strengthen the kernel on your devices, see System and kernel security. For details on required settings, see the Android Compatibility Definition Document (CDD).
Generating kernel config
For devices that have a minimalist
defconfig format, use the
merge_config.sh script in the kernel tree to enable options:
ARCH=ARCH scripts/kconfig/merge_config.sh <...>/device_defconfig <...>/android-base.cfg <...>/android-base-ARCH.cfg <...>/android-recommended.cfg
This generates a
.config file that you can use to save a new
defconfig file or compile a new kernel with Android features
Additional kernel config requirements
In some cases, the platform maintainer can choose from multiple kernel features to satisfy an Android dependency. Such dependencies can't expressed in the kernel config fragment files (described above) because the format for those files doesn't support logical expressions. In Android 9 and higher, Compatibility Test Suite (CTS) and Vendor Test Suite (VTS) verify that the following requirements are satisfied:
- 4.4 and 4.9 kernels have
CONFIG_ANDROID_LOW_MEMORY_KILLER=yOR have both
- For ARM64 only:
In addition, the
CONFIG_INET_UDP_DIAG option must be set to
y for 4.9 kernels in Android 9 and higher.
Enabling USB host mode options
For USB host mode audio, enable the following options:
CONFIG_SND_USB=y CONFIG_SND_USB_AUDIO=y # CONFIG_USB_AUDIO is for a peripheral mode (gadget) driver
For USB host mode MIDI, enable the following option:
Seccomp BPF with TSYNC
Secure Computing Berkeley Packet Filter (Seccomp BPF) is a kernel security technology that enables the creation of sandboxes that define the context in which a process may make system calls. The thread synchronization (TSYNC) feature enables the use of Seccomp BPF from multithreaded programs. This ability is limited to architectures that have Seccomp support upstream (ARM, ARM64, x86, and x86_64).
Android Live-Lock Daemon
Android 10 includes the Android Live-Lock Daemon (llkd), which is designed to catch and mitigate kernel deadlocks. For details on using llkd, refer to the README.md.
Using vDSO32 on ARM64
Virtual dynamic shared object (vDSO) is an alternative to system calls that,
when used and configured correctly, can reduce cycle costs. Android
10 adds support for vDSO32 on 64-bit kernels (Android
already supports vDSO64 on 64-bit kernels and vDSO32 on 32-bit kernels). Using
CONFIG_VDSO_COMPAT) on ARM64 architecture provides a
0.4 percent increase in battery life and other performance improvements.
The Linux community is actively working on
across architectures. You can set up vDSO in your Linux kernel by enabling
CONFIG_CROSS_COMPILE_COMPAT_VDSO with the arm32 compiler triplet.
The Android Kernel team has backported older versions of the vDSO patch series
into Pixel devices, so you can find examples in Pixel kernel builds
CROSS_COMPILE_ARM32 reference, and