Configuring Gentoo Kernel for VMware Player – Optimized Manual Configuration
Last Updated: 09/18/16
This techtorial is the second option of the fifth article in my installing Gentoo in VMware Player series. This article covers how to make a stripped down version of the Gentoo kernel for VMware Player. It follows chapter seven of the Gentoo handbook. If you would like a more basic tutorial, you may check out my basic kernel configuration techtorial. I also have a tutorial covering how to automatically build the kernel via genkernel. If you are just now coming to this series, start with my first article.
While this article uses the same settings as my previous article as a foundation, you do not need to refer to that article. That article was designed to give a high-level overview of how to enable specific features. This article goes through most menus of the kernel and covers which settings are OK to exclude. If a menu is not shown, then no changes were made inside of that menu. For the changes that are made, I usually do not explain the functionality of the settings, as that is beyond the scope of this document; however, you may obtain more details about a certain feature by referring to its help option.
General Setup Submenu
Start off by going into the “General setup” submenu.
If you do not plan on using any sort of auditing features, then you can remove them. The option I am turning off is “Auditing support”. This feature is mainly needed for SELinux and allows you to monitor system calls. It is most likely a feature that the average user will not need. On a similar note, you most likely do not need profiling or kprobe support. Profiling will allow you to monitor low-level hardware calls and kprobes allows you to dynamically break into kernel routines and collect debug information. The below images show what my menu looks like.
Enable the Block Layer Submenu
Return to the root menu and enter into the “Enable the block layer” submenu.
Go to the “Partition Types” submenu.
I disabled support for the advanced partition selection. If you are using EFI, most systems post-2011 do, then make sure you leave that enabled.
Go up a menu, back to the “Enable the block layer” submenu, and enter into the “IO Schedulers” submenu.
Choose whichever I/O scheduler you want and disable support for the other ones. I went with CFQ.
Processor Type and Features Submenu
Return to the root menu and enter into the “Processor type and features” submenu.
In this section I can only guide you on what to and not to do. This section will depend on your specific type of hardware. I will cover what I changed and why, and hopefully this will serve as a good reference for you. Remember, if you are unsure, leave the options at their default values (unless you are running on special hardware).
These are the settings that I changed (organized based off appearance in the kernel list):
- I disabled “Enable MPS table”, as it is only needed on older systems that do not have ACPI support.
- I disabled “Support for extended (non-PC) x86 platforms”, as I am not using any special, non-standard, hardware.
- I changed the processor family under “Processor family (Generic-x86-64)” to “Core 2/newer Xeon”. Make sure you select your CPU family.
- I left IOMMU support on, because I have a chip that supports it. Refer to this table on Wikipedia for more information.
- I changed the “Maximum number of CPUs” to two, because this VM was set to only use one logical core. You should set this value to one more than the number of logical cores your VM has.
- I disabled “Reroute for broken boot IRQs”, as my chipset is not “broken”.
- I disabled all of the AMD features, as I do not have an AMD chip.
- I left support for NUMA on, as my chip supports it. If yours does not, then you should disable it.
- I enabled support for cleancache and frontswap, as these should reduce the number of I/Os and thus improve performance.
- I disabled “Check for low memory corruption”, as I am not worried about memory corruption. If you are concerned, then leave it on.
- I disabled “EFI”, as I do not have an EFI compatible system.
- I disabled “kexec system call”, as this feature appears to still be underdevelopment.
- I disabled “kernel crash dumps” as this is something only needed by kexec.
- I turned off “Build a relocatable kernel”, as I am only using one statically located kernel.
After all of my setting changes, this is what my options look like:
Power Management and ACPI Options Submenu
Return to the root menu and enter into the “Power management and ACPI options” submenu.
If you do not plan on hibernating your system, then go ahead and turn off that feature. You may also want to turn off the “Power Management Debug Support”, unless you plan on doing some power related debugging. If you have an Intel CPU you may want to enable support for “Cpuidle Driver for Intel Processors”, as it should reduce power consumption. When you are done, enter into the ACPI submenu.
In the ACPI submenu, I disabled all deprecated features. I also disabled “AC Adapter” and “Battery”, as my system is always in AC mode, and thus does not need to have the profile switching. I also removed support for “Dock”, as this is a desktop computer. I made “Processor Aggregator” as built-in, as this should reduce power consumption. The below image shows what my final settings look like.
Bus Options (PCI etc…) Submenu
Return to the root menu and enter into the “Bus options” submenu.
Unless you have PCMCIA cards and plan on hot plugging PCI cards into your system (very unlikely). You can disable support for those two options.
Device Drivers Submenu
Return to the root menu and enter into the “Device Drivers” submenu.
In this menu I disabled the following options: “Block devices”, “Multiple devices driver support”, “Macintosh device drivers”, “Watchdog Timer Support”, “EDAC reporting”, and “X86 Platform Specific Device Drivers”. If you are using a RAID, then you should not disable support for “Multiple devices driver support”. Add support for “Fusion MPT device support” and “ATA/ATAPI/MFM/RLL support” as built-in. The former feature is required for our VM to function properly and the latter is required to obtain audio support.
From the main device drivers menu, enter into the “Generic Driver Options” submenu.
Disable “Include in-kernel firmware blobs in kernel binary” and “Managed device resources verbose debug messages”.
Return to the main device drivers menu and enter into the “Misc devices” submenu.
Enable built-in support for “VMware VMCI Driver”.
Return to the main device drivers menu and enter into the “ATA/ATAPI/MFM/RLL support” submenu.
Add built-in support for the following options: “generic ATA/ATAPI disk support”, “Include IDE/ATAPI CDROM support”, “IDE ACPI support”, “legacy /proc/ide/ support”, “Generic PCI IDE chipset support”, and “Intel PIIX/ICH chipsets support”. Disable everything else. Note that if you chose to configure you VM with support for floppy disks, then you should also add built-in support for “ATAPI floppy support”.
Return to the main device drivers menu and enter into the “SCSI device support” submenu.
Disable support for “Enable vendor-specific extensions”. Enable support for “SCSI low-level drivers” and enter into that submenu.
Make the “SYM53C8XX Version 2 SCSI support” option built-in. Unless you have any other cards, all of the other options should be disabled.
Return to the main device drivers menu and enter into the “Serial ATA and Parallel ATA drivers” submenu.
Unless you are using SAS expanders, disable support for “SATA Port Multiplier support”. Look at the other enabled options and disable / enable support as needed. The below images show what my configuration looks like.
Return to the main device drivers menu and enter into the “Fusion MPT device support” submenu.
Add support for “Fusion MPT ScsiHost drviers for SPI” as built-in. This is another feature that is required to ensure proper functionality of our VM.
Return to the main device drivers menu and enter into the “Network device support” submenu.
Assuming you do not need any support other than basic Ethernet, disable support for everything but “Ethernet driver support”. Then enter into the “Ethernet driver support” submenu.
Disable support for everything, but “Intel(R) PRO/1000 Gigabit Ethernet support” under “Intel (devices)”.
Return to the main device drivers menu and enter into the “Input device support” submenu.
Disable all devices that you do not need, such as joysticks, tablets, touchscreens, etc…. You may also disable “Polled input device skeleton”.
Return to the main device drivers menu and enter into the “Character devices” submenu.
Disable support for “Non-standard serial port support” and “/dev/kmem virtual device support”. Unless your chipset supports it, you can also disable “Hardware Random Number Generator Core support”. Then enter into the “Serial drivers” submenu.
Disable “Support 8250_core.* kernel options”, “Console on 8250/16550 and compatible serial port”, and “Extended 8250/16550 serial driver options”.
Return to the main device drivers menu and enter into the “I2C support” submenu.
Enter into the “I2C Hardware Bus support” submenu.
Add built-in support for “Intel PIIX4 and compatible (ATI/AMD/Serverworks/Broadcom/SMSC)”. You should additionally add support for any other features, as needed by your chipset. For example, my chipset uses ICH10, so I am adding built-in support for “Intel 82801 (ICH/PCH)”. For more information, do some online searches about your CPU and motherboard.
Return to the main device drivers menu and enter into the “Graphics support” submenu.
Disable support for all graphics cards and add built-in support for the following options: “Support for framebuffer devices”, “DRM driver for VMware Virtual GPU”, and “Enable framebuffer console under vmwgfx by default”. You can also disable support for AGP. Once you are done, your menu should look very similar to the below image. After making those settings, go into the “Console display driver support” submenu.
Enable built-in support for “Framebuffer Console support”.
Return to the main device drivers menu and enter into the “Sound card support” submenu.
Make sure that the “Advanced Linux Sound Architecture” submenu is built-in (you will probably also want “Preclaim OSS device numbers” as built-in) and then go into that submenu.
Disable the following options: “Sequencer dummy client”, “Support old ALSI API”, “Verbose procfs contents”, “Generic sound devices”, and “USB sound devices”. Go to the “PCI sound devices” submenu.
Scroll down until you find “(Creative) Ensoniq AudioPCI 1371/1373” and make it built-in. Remove support for all other sound cards, including “Intel HD Audio”.
Return to the main device drivers menu and enter into the “HID support”.
Go to the “Special HID drivers” submenu.
Disable support for everything, unless you require certain devices.
Go up a menu, back to the “HID support” submenu, and enter into the “USB HID support” submenu.
Disable “PID device support”, unless you need it.
Return to the main device drivers menu and enter into the “USB support” submenu.
You may disable the following: “USB verbose debug messages”, “USB announce new devices”, and “USB Printer support” (obviously leave printer support if you want it). If you are sure you will not be using any USB 1.1 devices, you may also disable “OHCI HCD support”. If you have USB 3.0 devices, you should enable “xHCI HCD (USB 3.0) support”.
Return to the main device drivers menu and enter into the “IOMMU Hardware Support” submenu.
Enable all support for your CPU type and disable support for the other. In my case, I enable all Intel support and attempted to disable everything else. Apparently, in this particular version of the kernel, there is an issue where I cannot exclude “AMD IOMMU support”; this was not the case in previous kernel versions.
Networking Support Submenu
Return to the root menu and enter into the “Networking support” submenu.
Disable everything, unless you have other devices you need support for and then enter into the “Networking options” submenu.
In this menu you will see many different options. Most of which you do not need to concern yourself with. Disable everything but the following options: “Packet socket”, “Unix domain sockets”, “Transformation user configuration interface”, “TCP/IP networking”, “Large receive Offload (ipv4/tcp) “, and “The IPv6 protocol”. If you do not think you will need IPv6, you may disable that as well. When disabling the other options, check to see if any of them apply to you. Most of them are for security purposes, which are unnecessary for this VM.
File Systems Submenu
Return to the root menu and enter into the “File systems” submenu.
If you followed my filesystem configuration then you should only have ext4 filesystems. You may remove support for all of the other filesystems. You may also remove support for the following options: “Ext4 Security Labels”, “Quota support”, “Miscellaneous filesystems”, and “Network File Systems” (you may want to keep this one). When you are done, enter into the “CD-ROM/DVD Filesystems” submenu.
Make sure that “ISO 9660 CDROM file system support” and “Microsoft Joliet CDROM extensions” are set to be built-in. If you are not planning on using RockRidge, then disable “Transparent decompression extension”.
Go up a menu, back to the “File systems” submenu, and enter into the “DOS/FAT/NT Filesystems” submenu.
Disable everything, unless you wish to have support for Windows filesystems.
Go up a menu, back to the “File systems” submenu, and enter into the “Pseudo filesystems” submenu.
Enable built-in support for the following items: “/proc file system support”, “Tmpfs virtual memory file system support”, “Tmpfs POSIX Access Control Lists”, and “Tmpfs extended attributes”. As for everything else, it is completely up to you. I personally chose to disable them.
Go up a menu, back to the “File systems” submenu, and enter into the “Native language support” submenu. Remove all languages that you do not need and add any you want. For me, the default settings were sufficient.
Kernel Hacking Submenu
Return to the root menu and enter into the “Kernel hacking” submenu.
Disable everything but: “Show timing information on printks”, “Enable __must_check logic”, and “Enable verbose x86 bootup info messages”.
Security Options Submenu
Return to the root menu and enter into the “Security options” submenu.
If you are not planning on doing any special security stuff, then disable everything in this section.
Cryptographic API Submenu
Return to the root menu and enter into the “Cryptographic API” submenu.
Exclude support for “Hardware crypto devices” (it is at the bottom of the list).
Return to the root menu and disable “Virtualization”; it is unlikely you will be running a VM inside of a VM. If you would like to have another virtual machine, then simply make one on your host system.
At this point, we are finally done configuring the kernel. I am sure there are other ways to optimize this configuration. If you have suggestions, please voice them in the comments.
Go ahead and save your changes by using the right arrow key to select the save button.
In the following window just press enter to save the changes.
If it was successful, you will see the below dialog. Press enter to continue.
At this point, you have successfully (hopefully) configured the kernel. Go ahead and exit the kernel configuration by pressing “Esc” twice.
We can now compile the kernel by using the below command. This may take some time, so please be patient. If all went well you should have no errors.
make && make modules_install
Now we just need to copy over the kernel image. Make sure to replace the version number with whatever your kernel version number is. In this example, I am using “3.10.7”.
cp arch/x86_64/boot/bzImage /boot/kernel-3.10.7-gentoo
Assuming you have been closely following this series, you should not need an initramfs or have to specify any modules to be automatically loaded at boot. If this is not the case, then please refer to the this and this section in the Gentoo Handbook, respectively.
My next article, once finished will cover how to configure your system (chapter 8 and 9 of the Gentoo Handbook).