Add initial CIQ config tweaks

We are modifying these with the following configs where available CONFIG_MODIFY_LDT_SYSCALL=n CONFIG_LEGACY_VSYSCALL_NONE=n These options are for old software support which adds performance overhead and potential attack surfaces with go against the CIQ LT kernels priority of performance and security. CONFIG_LIVEPATCH=n We do not have Live patching on for any road-map CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y This should be enabled, it often improves performance funnily enough CONFIG_PREEMPT_VOLUNTARY=y CONFIG_HZ=100 These are set to increase throughput CONFIG_PREEMPT_VOLUNTARY=y (default Fedora config) but CONFIG_HZ=100 for higher throughput over the x86_64 default of CONFIG_HZ=1000 which provides lower latency. After modification 'make CROSS_COMPILE=./scripts/dummy-tools/' was run
ctrliq · bmastbergen · Jan 22, 2026 · Jan 5, 2026 · Jan 5, 2026 · Jan 16, 2025
commit 877e548e5a6096a79bc7cebd11f8a59bf0c5a775
diff --git a/ciq/configs/kernel-aarch64-64k-debug.config b/ciq/configs/kernel-aarch64-64k-debug.config
@@ -1,4 +1,3 @@
-# arm64
 #
 # Automatically generated file; DO NOT EDIT.
 # Linux/arm64 6.18.2 Kernel Configuration
@@ -12,8 +11,8 @@ CONFIG_AS_VERSION=25000
 CONFIG_LD_IS_BFD=y
 CONFIG_LD_VERSION=25000
 CONFIG_LLD_VERSION=0
-CONFIG_RUSTC_VERSION=108800
-CONFIG_RUSTC_LLVM_VERSION=200108
+CONFIG_RUSTC_VERSION=107600
+CONFIG_RUSTC_LLVM_VERSION=170006
 CONFIG_CC_CAN_LINK=y
 CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
 CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
@@ -24,9 +23,6 @@ CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
 CONFIG_CC_HAS_COUNTED_BY=y
 CONFIG_CC_HAS_MULTIDIMENSIONAL_NONSTRING=y
 CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY=y
-CONFIG_RUSTC_HAS_COERCE_POINTEE=y
-CONFIG_RUSTC_HAS_SPAN_FILE=y
-CONFIG_RUSTC_HAS_UNNECESSARY_TRANSMUTES=y
 CONFIG_PAHOLE_VERSION=130
 CONFIG_CONSTRUCTORS=y
 CONFIG_IRQ_WORK=y
@@ -646,7 +642,7 @@ CONFIG_PM_SLEEP_DEBUG=y
 # CONFIG_DPM_WATCHDOG is not set
 CONFIG_PM_CLK=y
 CONFIG_PM_GENERIC_DOMAINS=y
-# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
 CONFIG_PM_GENERIC_DOMAINS_SLEEP=y
 CONFIG_PM_GENERIC_DOMAINS_OF=y
 CONFIG_CPU_PM=y
@@ -801,7 +797,7 @@ CONFIG_KVM=y
 # CONFIG_NVHE_EL2_DEBUG is not set
 CONFIG_PTDUMP_STAGE2_DEBUGFS=y
 CONFIG_HAVE_LIVEPATCH=y
-CONFIG_LIVEPATCH=y
+# CONFIG_LIVEPATCH is not set
 CONFIG_CPU_MITIGATIONS=y
 
 #
@@ -8259,10 +8255,10 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_SECURITY_LANDLOCK=y
 # CONFIG_SECURITY_IPE is not set
 CONFIG_INTEGRITY=y

diff --git a/ciq/configs/kernel-aarch64-64k.config b/ciq/configs/kernel-aarch64-64k.config
@@ -1,4 +1,3 @@
-# arm64
 #
 # Automatically generated file; DO NOT EDIT.
 # Linux/arm64 6.18.2 Kernel Configuration
@@ -12,8 +11,8 @@ CONFIG_AS_VERSION=25000
 CONFIG_LD_IS_BFD=y
 CONFIG_LD_VERSION=25000
 CONFIG_LLD_VERSION=0
-CONFIG_RUSTC_VERSION=108800
-CONFIG_RUSTC_LLVM_VERSION=200108
+CONFIG_RUSTC_VERSION=107600
+CONFIG_RUSTC_LLVM_VERSION=170006
 CONFIG_CC_CAN_LINK=y
 CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
 CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
@@ -24,9 +23,6 @@ CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
 CONFIG_CC_HAS_COUNTED_BY=y
 CONFIG_CC_HAS_MULTIDIMENSIONAL_NONSTRING=y
 CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY=y
-CONFIG_RUSTC_HAS_COERCE_POINTEE=y
-CONFIG_RUSTC_HAS_SPAN_FILE=y
-CONFIG_RUSTC_HAS_UNNECESSARY_TRANSMUTES=y
 CONFIG_PAHOLE_VERSION=130
 CONFIG_IRQ_WORK=y
 CONFIG_BUILDTIME_TABLE_SORT=y
@@ -643,7 +639,7 @@ CONFIG_PM_SLEEP_DEBUG=y
 # CONFIG_DPM_WATCHDOG is not set
 CONFIG_PM_CLK=y
 CONFIG_PM_GENERIC_DOMAINS=y
-# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
 CONFIG_PM_GENERIC_DOMAINS_SLEEP=y
 CONFIG_PM_GENERIC_DOMAINS_OF=y
 CONFIG_CPU_PM=y
@@ -797,7 +793,7 @@ CONFIG_KVM=y
 # CONFIG_NVHE_EL2_DEBUG is not set
 # CONFIG_PTDUMP_STAGE2_DEBUGFS is not set
 CONFIG_HAVE_LIVEPATCH=y
-CONFIG_LIVEPATCH=y
+# CONFIG_LIVEPATCH is not set
 CONFIG_CPU_MITIGATIONS=y
 
 #
@@ -874,7 +870,6 @@ CONFIG_LTO_NONE=y
 CONFIG_ARCH_SUPPORTS_CFI=y
 # CONFIG_CFI is not set
 CONFIG_HAVE_CFI_ICALL_NORMALIZE_INTEGERS=y
-CONFIG_HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC=y
 CONFIG_HAVE_CONTEXT_TRACKING_USER=y
 CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
 CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
@@ -8237,10 +8232,10 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_SECURITY_LANDLOCK=y
 # CONFIG_SECURITY_IPE is not set
 CONFIG_INTEGRITY=y

diff --git a/ciq/configs/kernel-aarch64-debug.config b/ciq/configs/kernel-aarch64-debug.config
@@ -1,4 +1,3 @@
-# arm64
 #
 # Automatically generated file; DO NOT EDIT.
 # Linux/arm64 6.18.2 Kernel Configuration
@@ -12,8 +11,8 @@ CONFIG_AS_VERSION=25000
 CONFIG_LD_IS_BFD=y
 CONFIG_LD_VERSION=25000
 CONFIG_LLD_VERSION=0
-CONFIG_RUSTC_VERSION=108800
-CONFIG_RUSTC_LLVM_VERSION=200108
+CONFIG_RUSTC_VERSION=107600
+CONFIG_RUSTC_LLVM_VERSION=170006
 CONFIG_CC_CAN_LINK=y
 CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
 CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
@@ -24,9 +23,6 @@ CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
 CONFIG_CC_HAS_COUNTED_BY=y
 CONFIG_CC_HAS_MULTIDIMENSIONAL_NONSTRING=y
 CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY=y
-CONFIG_RUSTC_HAS_COERCE_POINTEE=y
-CONFIG_RUSTC_HAS_SPAN_FILE=y
-CONFIG_RUSTC_HAS_UNNECESSARY_TRANSMUTES=y
 CONFIG_PAHOLE_VERSION=130
 CONFIG_CONSTRUCTORS=y
 CONFIG_IRQ_WORK=y
@@ -645,7 +641,7 @@ CONFIG_PM_SLEEP_DEBUG=y
 # CONFIG_DPM_WATCHDOG is not set
 CONFIG_PM_CLK=y
 CONFIG_PM_GENERIC_DOMAINS=y
-# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
 CONFIG_PM_GENERIC_DOMAINS_SLEEP=y
 CONFIG_PM_GENERIC_DOMAINS_OF=y
 CONFIG_CPU_PM=y
@@ -800,7 +796,7 @@ CONFIG_KVM=y
 # CONFIG_NVHE_EL2_DEBUG is not set
 CONFIG_PTDUMP_STAGE2_DEBUGFS=y
 CONFIG_HAVE_LIVEPATCH=y
-CONFIG_LIVEPATCH=y
+# CONFIG_LIVEPATCH is not set
 CONFIG_CPU_MITIGATIONS=y
 
 #
@@ -8267,10 +8263,10 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_SECURITY_LANDLOCK=y
 # CONFIG_SECURITY_IPE is not set
 CONFIG_INTEGRITY=y

diff --git a/ciq/configs/kernel-aarch64.config b/ciq/configs/kernel-aarch64.config
@@ -1,4 +1,3 @@
-# arm64
 #
 # Automatically generated file; DO NOT EDIT.
 # Linux/arm64 6.18.2 Kernel Configuration
@@ -12,8 +11,8 @@ CONFIG_AS_VERSION=25000
 CONFIG_LD_IS_BFD=y
 CONFIG_LD_VERSION=25000
 CONFIG_LLD_VERSION=0
-CONFIG_RUSTC_VERSION=108800
-CONFIG_RUSTC_LLVM_VERSION=200108
+CONFIG_RUSTC_VERSION=107600
+CONFIG_RUSTC_LLVM_VERSION=170006
 CONFIG_CC_CAN_LINK=y
 CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
 CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
@@ -24,9 +23,6 @@ CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
 CONFIG_CC_HAS_COUNTED_BY=y
 CONFIG_CC_HAS_MULTIDIMENSIONAL_NONSTRING=y
 CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY=y
-CONFIG_RUSTC_HAS_COERCE_POINTEE=y
-CONFIG_RUSTC_HAS_SPAN_FILE=y
-CONFIG_RUSTC_HAS_UNNECESSARY_TRANSMUTES=y
 CONFIG_PAHOLE_VERSION=130
 CONFIG_IRQ_WORK=y
 CONFIG_BUILDTIME_TABLE_SORT=y
@@ -642,7 +638,7 @@ CONFIG_PM_SLEEP_DEBUG=y
 # CONFIG_DPM_WATCHDOG is not set
 CONFIG_PM_CLK=y
 CONFIG_PM_GENERIC_DOMAINS=y
-# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
 CONFIG_PM_GENERIC_DOMAINS_SLEEP=y
 CONFIG_PM_GENERIC_DOMAINS_OF=y
 CONFIG_CPU_PM=y
@@ -796,7 +792,7 @@ CONFIG_KVM=y
 # CONFIG_NVHE_EL2_DEBUG is not set
 # CONFIG_PTDUMP_STAGE2_DEBUGFS is not set
 CONFIG_HAVE_LIVEPATCH=y
-CONFIG_LIVEPATCH=y
+# CONFIG_LIVEPATCH is not set
 CONFIG_CPU_MITIGATIONS=y
 
 #
@@ -873,7 +869,6 @@ CONFIG_LTO_NONE=y
 CONFIG_ARCH_SUPPORTS_CFI=y
 # CONFIG_CFI is not set
 CONFIG_HAVE_CFI_ICALL_NORMALIZE_INTEGERS=y
-CONFIG_HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC=y
 CONFIG_HAVE_CONTEXT_TRACKING_USER=y
 CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
 CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
@@ -8245,10 +8240,10 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_SECURITY_LANDLOCK=y
 # CONFIG_SECURITY_IPE is not set
 CONFIG_INTEGRITY=y

diff --git a/ciq/configs/kernel-x86_64-debug.config b/ciq/configs/kernel-x86_64-debug.config
@@ -1,4 +1,3 @@
-# x86_64
 #
 # Automatically generated file; DO NOT EDIT.
 # Linux/x86_64 6.18.2 Kernel Configuration
@@ -12,8 +11,8 @@ CONFIG_AS_VERSION=25000
 CONFIG_LD_IS_BFD=y
 CONFIG_LD_VERSION=25000
 CONFIG_LLD_VERSION=0
-CONFIG_RUSTC_VERSION=108800
-CONFIG_RUSTC_LLVM_VERSION=200108
+CONFIG_RUSTC_VERSION=107600
+CONFIG_RUSTC_LLVM_VERSION=170006
 CONFIG_CC_CAN_LINK=y
 CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
 CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
@@ -24,9 +23,6 @@ CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
 CONFIG_CC_HAS_COUNTED_BY=y
 CONFIG_CC_HAS_MULTIDIMENSIONAL_NONSTRING=y
 CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY=y
-CONFIG_RUSTC_HAS_COERCE_POINTEE=y
-CONFIG_RUSTC_HAS_SPAN_FILE=y
-CONFIG_RUSTC_HAS_UNNECESSARY_TRANSMUTES=y
 CONFIG_PAHOLE_VERSION=130
 CONFIG_CONSTRUCTORS=y
 CONFIG_IRQ_WORK=y
@@ -140,9 +136,9 @@ CONFIG_BPF_LSM=y
 CONFIG_PREEMPT_BUILD=y
 CONFIG_ARCH_HAS_PREEMPT_LAZY=y
 # CONFIG_PREEMPT_NONE is not set
-# CONFIG_PREEMPT_VOLUNTARY is not set
+CONFIG_PREEMPT_VOLUNTARY=y
 # CONFIG_PREEMPT is not set
-CONFIG_PREEMPT_LAZY=y
+# CONFIG_PREEMPT_LAZY is not set
 # CONFIG_PREEMPT_RT is not set
 CONFIG_PREEMPT_COUNT=y
 CONFIG_PREEMPTION=y
@@ -471,8 +467,6 @@ CONFIG_PERF_EVENTS_AMD_UNCORE=y
 CONFIG_PERF_EVENTS_AMD_BRS=y
 # end of Performance monitoring
 
-CONFIG_X86_16BIT=y
-CONFIG_X86_ESPFIX64=y
 CONFIG_X86_VSYSCALL_EMULATION=y
 CONFIG_X86_IOPL_IOPERM=y
 CONFIG_MICROCODE=y
@@ -519,11 +513,11 @@ CONFIG_EFI_STUB=y
 CONFIG_EFI_HANDOVER_PROTOCOL=y
 # CONFIG_EFI_MIXED is not set
 CONFIG_EFI_RUNTIME_MAP=y
-# CONFIG_HZ_100 is not set
+CONFIG_HZ_100=y
 # CONFIG_HZ_250 is not set
 # CONFIG_HZ_300 is not set
-CONFIG_HZ_1000=y
-CONFIG_HZ=1000
+# CONFIG_HZ_1000 is not set
+CONFIG_HZ=100
 CONFIG_SCHED_HRTICK=y
 CONFIG_ARCH_SUPPORTS_KEXEC=y
 CONFIG_ARCH_SUPPORTS_KEXEC_FILE=y
@@ -550,10 +544,10 @@ CONFIG_HOTPLUG_CPU=y
 CONFIG_LEGACY_VSYSCALL_XONLY=y
 # CONFIG_LEGACY_VSYSCALL_NONE is not set
 # CONFIG_CMDLINE_BOOL is not set
-CONFIG_MODIFY_LDT_SYSCALL=y
+# CONFIG_MODIFY_LDT_SYSCALL is not set
 # CONFIG_STRICT_SIGALTSTACK_SIZE is not set
 CONFIG_HAVE_LIVEPATCH=y
-CONFIG_LIVEPATCH=y
+# CONFIG_LIVEPATCH is not set
 CONFIG_X86_BUS_LOCK_DETECT=y
 # end of Processor type and features
 
@@ -625,7 +619,7 @@ CONFIG_PM_TRACE=y
 CONFIG_PM_TRACE_RTC=y
 CONFIG_PM_CLK=y
 CONFIG_PM_GENERIC_DOMAINS=y
-# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
 CONFIG_PM_GENERIC_DOMAINS_SLEEP=y
 CONFIG_ENERGY_MODEL=y
 CONFIG_ARCH_SUPPORTS_ACPI=y
@@ -9158,10 +9152,10 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_SECURITY_LANDLOCK=y
 # CONFIG_SECURITY_IPE is not set
 CONFIG_INTEGRITY=y
@@ -10112,7 +10106,6 @@ CONFIG_SAMPLES=y
 # CONFIG_SAMPLE_FPROBE is not set
 # CONFIG_SAMPLE_KFIFO is not set
 # CONFIG_SAMPLE_KDB is not set
-# CONFIG_SAMPLE_LIVEPATCH is not set
 # CONFIG_SAMPLE_CONFIGFS is not set
 # CONFIG_SAMPLE_CONNECTOR is not set
 # CONFIG_SAMPLE_FANOTIFY_ERROR is not set