Noted by survolog@ and irton@, thanks to them.
Also enable some disabled block-related features
(they are experimental, but enabling them looks not harmful)
CONFIG_X86_AMD_PSTATE now connot be =m, set =y.
Disable IBT (indirect branch prediction). It was reported to break machines with NVIDIA
https://www.reddit.com/r/archlinux/comments/v0x3c4/psa_if_you_run_kernel_518_with_nvidia_pass_ibtoff/
Victorr2007 told that his computer booted up very slowly and then he could not login into the graphical session.
He has a proprietary NVIDIA driver. "ibt=off" in kernel cmdline fixed this problem.
Fedora also has this disabled. Let's keep it disabled for at least some time.
Enabled CONFIG_ATOMISP to make cameras on tablets potentially work
(they did not work in 2017 as RussianNeuroMancer told me, probably most cameras still
won't work but at least they will try to work and print errors into dmesg
(for example about missing firmware). Regressions should not happen.
Also noted that CONFIG_MTK_T7XX was accidently disabled, enabled it (=m).
Remade i686 config, for some reason it did not answers for many questions.
Fixes: 537ae029 ("update version, revrite config files, use zstd compression for kernel")
It is enabled on i686 and arm64.
Thanks to betcher@ for noting this.
Lockdown is a useful and needed thing, thanks to consta@ for ideas about it.
Other LSMs may also be useful (nowadays multiple LSMs can be enabled, so enable as many as possible so thet users sould use them).
Answered with default values to most questions.
Reporting of granted accesses (CONFIG_SECURITY_SMACK_BRINGUP) and packet marking (CONFIG_SECURITY_SMACK_NETFILTER) in SMACK were enbaled
for debug and because it may be potentially useful. We do not have plans to use SMACK for now by default.
CONFIG_SYSFB_SIMPLEFB and CONFIG_FB_SIMPLEDRM are mutually exclusive (since kernel 5.15),
CONFIG_SYSFB_SIMPLEFB was disabled but CONFIG_FB_SIMPLEDRM was not enabled instead of it.
Enable CONFIG_FB_SIMPLEDRM as an old, less experimental solution.
(See also: https://wiki.gentoo.org/wiki/NVIDIA/nvidia-drivers -> enable simple framebuffer)
CONFIG_FB_SIMPLE was Y, but let's try to build it as a module (M).
We should try to reduce the size of vmlinuz for better support of PXE etc.
CONFIG_BLK_DEV_NULL_BLK can be N/Y and cannot be M. It is needed for tests, not for production, disabling it.
Other changes were generated automatically.
