Librem image shrink

[Unb0rn]

This should resolve #1229
Tried not to break anything for any Librem machine, however I am able to test it only on Librem 14

Still need some input on some options:

CONFIG_X86_IOPL_IOPERM - legacy. Is there something in heads still using it?
CONFIG_ZONE_DMA - are there any devices on librem machines still using it?
CONFIG_ISA_DMA_API - isn't it ancient?
CONFIG_RSEQ
CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS - do we need it? I think its only needed for some pretty old specific HW
CONFIG_SYN_COOKIES=y - the kernel is almost network-less. Is it some kind of dependency?
CONFIG_PRINTK=y - will make the kernel mute, but do we care?
CONFIG_BUG=y
CONFIG_MULTIUSER=y - the question is are we using multiuser system or everything runs as root now?

The format is also switched to full config instead of defconfig

[tlaurion]

Should be CONFIG_INITRAMFS_SOURCE="@BLOB_DIR@/dev.cpio"

[Unb0rn]

Fixed this one. Remained from Purism's Pureboot config

[tlaurion]

@Unb0rn replied to your questions under #1229 (comment)

[JonathonHall-Purism]

Hi @Unb0rn, thanks again for the work on this!

Could you please split this up into a few commits so it is easier to review? I'd suggest one commit converting to full-config (with no other changes), and another commit making the config changes we want. Anything along those lines is more reviewable though, right now it is hard to see what exactly was changed (i.e. I think BTRFS was enabled here too, which isn't directly related).

You can replace the existing config file, and then we'll get CI builds I can help test. Right now this doesn't affect anything because the Librem boards still reference the existing config.

Regarding the specific configs in the description, I mentioned some of those in #1229 but didn't catch all of them:

CONFIG_X86_IOPL_IOPERM - Should be OK AFAIK, we don't need to run any binaries not specifically built for Heads on this kernel
CONFIG_ZONE_DMA - I'm not aware of anything requiring this, but I'm not sure, probably just need to test it.
CONFIG_ISA_DMA_API - Might be needed for LPC devices, which includes the TPM on L1UM IIRC.
CONFIG_RSEQ - Sounds removable just from some reading about it, but I don't think it adds much to bzImage either
CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS - I don't think this is needed
CONFIG_SYN_COOKIES=y - I don't think this is needed
CONFIG_PRINTK=y - Keep this please for users that might encounter unexpected issues, for testing, etc.
CONFIG_BUG=y - Keep this too please, as above, I think it is risky to silently ignore the conditions BUG tests for
CONFIG_MULTIUSER=y - I'm OK with removing this as long as it works, i.e. nothing we ship in Heads depends on the syscalls removed by this, we can try it

[Unb0rn]

@JonathonHall-Purism yeah, you were right. Updated defconfig just to build and test everything, removed BTRFS and exFAT as they're unrelated.
Regarding low-power subsystem - Isn't it disabled in current defconfig? Other than that, left printk() and bug() in place
One more question to you and @tlaurion
Found some more "bloat" parameters:

CONFIG_IOMMU_SUPPORT
VIRTIO_MENU
VHOST_MENU
CONFIG_PTP_1588_CLOCK

Do we need any of it in our minimal image?

[tlaurion]

One more question to you and @tlaurion Found some more "bloat" parameters:

CONFIG_IOMMU_SUPPORT
VIRTIO_MENU
VHOST_MENU
CONFIG_PTP_1588_CLOCK

Do we need any of it in our minimal image?

@Unb0rn I do not think so. @JonathonHall-Purism ?

[JonathonHall-Purism]

This is great, I had been doing this manually!

[JonathonHall-Purism]

Agree, I don't think we need any of those.

[Unb0rn]

Well, it looks I started celebrating a bit too early)
I shou;d've paid more attention - in fact what I thought to be a success was a failure with flashrom. It looks like it tries to detect if it is being run as root, and as we don't have those syscalls in non-multiuser kernel it fails with "Not implemented" error. So I think I will make several more tests and push the fixed version later

[Unb0rn]

It turned out to be even more interesting - it had nothing to do with multiuser support, however flashrom still uses iopl() or ioperm(), so had to re-enable it. Double checked to be working.
VHOST_MENU, VIRTIO_MENU and PTP_1588 are also disabled, and regarding IOMMU aren't we using it at all for isolation?

[tlaurion]

No IOMMU device isolation under Heads.

[tlaurion]

• EXTFAT_FS support will definitely be a global improvement for users: Thumb drives and ssd drives generally comes formatted like that. (currently missing)
• As noted under Linux x230 cleanup remix #1184, I notice a lot of things built as modules which are currently not instructed to be packed under initrd, resulting in useless build time (no impact on size of kernel per se, but unneeded if packed as modules and not instructed to be added under Heads per heads global Makefile condition for that config entree defined under board config)
  • This is the case for a lot of crypto stuff
  • AES as module? Suprised it is not braking things, for example with cryptesetup-reencrypt where cryptsetup is instructed to be compiled intoto and using kernel crypto backend?
• IOMMU: No isolation from Heads as said. Though from what I recall, this is setuped there and was needed to have i915 working (xx20 and xx30 here, not Librem), but my human memory might be tricking me. Would have to check what happens when disabled.

[JonathonHall-Purism]

@tlaurion @Unb0rn I tested this thoroughly on L1UM-1X8C and did some basic testing on Mini v2. Looks great, no problems at all, and saves a little over 500 KB on the payload. Let's merge it 💯

Thanks for the patience while this progressed through my priority list too 🙇

[tlaurion]

@JonathonHall-Purism points addressed under #1232 (comment) to be dealt separately?

[JonathonHall-Purism]

Yeah, I think they should be addressed separately. This is a good improvement, it didn't introduce those issues, and I don't see any reason to hold it waiting for other improvements.

Double checking that everything else has tracking issues:

• exFAT support tracked under exfat kernel support missing under Heads #1132
• Kernel enabled but unused modules - opened Kernel configs - enabled but unused modules #1249
• IOMMU support may be unneeded - opened Kernel config - enforce iommu by default in all kernel configs that switched to efifb #1250

[tlaurion]

OK!

Note that dynamic debugging kernel options are removed from kernel from this point!

Merging!