Who are kernel defconfigs for? [LWN.net]

By Jonathan Corbet
June 24, 2025

Working on the kernel can be a challenging task but, for many, configuring a kernel build can be the largest obstacle to getting started. The kernel has thousands of configuration options; many of those, if set incorrectly, will result in a kernel that does not work on the target system. The key to helping users with complex configuration problems is to provide reasonable defaults but, in the kernel community, there is currently little consensus around what those defaults should be.

The kernel's configuration options control many aspects of how a kernel will be built. There is one for every device driver, for example, and usually for the subsystems to which the drivers belong as well. Failing to enable a needed driver will result in a non-working kernel; enabling all drivers will result in a long-running build process and a massive kernel at the end. Configuration options also control the availability of many features and system calls, the application of security mitigations and policies, many debugging features, subarchitecture support, and more. Many of the options either depend on or conflict with others.

Working through this maze of configuration options is not fun; the kernel provides some tools for configuration editing, but they can only provide so much help. There are make options to either enable or disable the entire set of configuration options; these are useful for build testing, but are rarely used to create a kernel that will actually run somewhere. A bit more help can be had from make localmodconfig, which examines the modules loaded in the currently running kernel, then generates a configuration to build just those modules. Eric Raymond once attempted to turn the configuration process into an adventure game, but that did little to tame the monsters found therein.

In the end, many people simply start with a known-working configuration (perhaps from their distributor), adjust it as necessary, and try to not think about it again for as long as the resulting kernel works. Linus Torvalds has often said that the configuration system is a problem:

People, I've said this before, and apparently I need to say it again: the kernel config is likely the nastiest part of building a local kernel, and the biggest impediment to people actually building their own kernels.
And people building their own kernel is the first step to becoming a kernel developer.

There is one other operation, make defconfig, that will create an architecture-specific configuration that is intended to be a good starting point, providing a set of reasonable defaults that will create a working kernel. Ingo Molnar, one of the x86 maintainers, has recently come to the conclusion that the x86 default configuration has drifted from those goals; he posted a patch series that aimed to modernize that configuration:

Historically the x86 defconfigs aimed to be distro kernel work-alikes with fewer drivers and a substantially shorter build time. We regularly ask our contributors to test their changes on x86 defconfigs, and we frequently analyze code generation on such kernels as well.
In practice, over the past couple of years this goal has diverged from what actual modern Linux distributions do these days, and this series aims to correct that divergence.

The series makes quite a few changes to the existing default configuration:

Virtualization changes include enabling guest support for the Xen, Jailhouse, ACRN, and Hyper-V hypervisors, along with Intel's TDX confidential-computing mechanism. Support for running as a KVM host is also enabled.
The current x86 default configuration does not include BPF; Molnar's patch set turns it on, including the BPF security module.
It enables a number of memory-management options, including memory hotplugging, kernel samepage merging (KSM), transparent huge pages, userfaultfd, memory control groups, and the multi-generational LRU.
On the core-kernel front, features like core scheduling, NUMA balancing, namespaces, pressure-stall information, and BSD process accounting are enabled.
A number of debugging options are also enabled, including the kgdb debugger, UBSAN, function profiling, and more.

The series generated few comments in general, but Peter Zijlstra complained, suggesting that the memory-management changes (and enabling KSM in particular) were "a giant security fail". Torvalds, in turn, strongly told Molnar to stop this work, saying that the default configuration should be for "normal people". Options that are useful to cloud providers (such as the virtualization subsystems) should not be enabled, he said. The fact that all distributors enable a specific option is also not, in his mind, an argument for enabling that option in the default configuration. Torvalds would seemingly like to see the configuration system made easier to navigate, but this is evidently not the way he wants that to be done.

Molnar responded with the detailed reasoning behind his changes, saying that he wants easier kernel configuration for the people who contribute patches to the kernel. That group includes developers working for cloud providers, who Torvalds does not see as "normal people". Molnar asked:

Why not make the defconfig work out of the box for the testing environments of a broader group of our actual contributors, as long as the build cost isn't overly high?

He added that kernel developers tend to work (and test) with configurations that differ significantly from what the distributors are shipping, and that can lead to problems downstream when distributors enable the options the developers are avoiding.

Despite laying out his reasoning, Molnar is seemingly not ready for a fight. He has removed most of the changes from the patch series, saying:

These commits are not coming back. Clearly my approach of using the lowest common denominator of distro kernel configs is not appreciated and I have no desire whatsoever to fight such pushback.

Torvalds did not respond, and nobody else has jumped in, so the conversation ended there. For the time being at least, the x86 default configurations will differ significantly from those used by distributors, and will lack features that many people might prefer to have in their built kernels. It may stay that way for some time. The kernel's build system is an area where few developers choose to go; it is maintained (and probably only really understood) by a single developer. If a consensus cannot be reached even on a set of basic defaults, it seems unlikely that more significant improvements can be expected.

Index entries for this article
Kernel	Build system/Kernel configuration

to post comments

Default kernel configuration

Posted Jun 24, 2025 15:17 UTC (Tue) by tamiko (subscriber, #115350) [Link] (9 responses)

I fully agree with Molnar's sentiment here.

I have been configuring and compiling my own kernel for almost 20 years now, and it has become arduous... Another example is that Gentoo Linux, where configuring and compiling your own kernel has been an entrance barrier for many years, finally started to ship distribution kernel configurations and prebuilt binaries in 2020 as well. Before that as a rookie user you could easily spend an entire day (or more) on getting the kernel configuration right...

I personally switched to simply merging a distribution kernel configuration with a small set of configuration overrides that I care about. It builds a lot of driver modules for hardware that I don't have and will never use - but waiting another 10 minutes for the kernel build to finish is a vastly superior time investment than trying to figure out what configuration options to enable precisely.

What is really missing from the upstream kernel is a sane default configuration for users. Ideally this would come in two parts: (a) enabling standard features that a user doesn't want to miss, and (b) providing a reasonable set of default drivers for current hardware, or even better (c) a robust way of mapping your current hardware to required drivers.

Distributions have largely stepped in and are providing such default configurations. So I think that Molnar's argument of simply enabling a common subset of these configurations is sound.

Default kernel configuration

Posted Jun 24, 2025 15:26 UTC (Tue) by Wol (subscriber, #4433) [Link] (1 responses)

> Before that as a rookie user you could easily spend an entire day (or more) on getting the kernel configuration right...

Which is (one reason) why I became a gentoo user :-)

Elsewhere in recent articles, they've been bemoaning how linux is no longer simple and so much of it is impenetrable. I started with gentoo because it would force me to learn.

You can't have it both ways - it's nice to be hand-held a lot, but if you really want to learn there's nothing for it except hard graft.

Cheers,
Wol

Default kernel configuration

Posted Jun 24, 2025 18:04 UTC (Tue) by parametricpoly (subscriber, #143903) [Link]

Gentoo stage 1, custom kernel, and booting off of a software RAID array was a good starting point for learning Linux. I had minimal experience with Red Hat before starting with Gentoo 20+ years ago, but RH didn't really teach anything. I couldn't even build a bootable kernel or fix conflicts when installing 3rd party debs. When I started with Gentoo, I told myself I'm not worthy of having a graphical desktop until I'm able to build it from scratch. Took few days, but was totally worth it.

Much later writing a distro from scratch and lots of trials and errors with custom initramfs scripts etc. also taught quite a bit.

Default kernel configuration

Posted Jun 24, 2025 18:25 UTC (Tue) by wtarreau (subscriber, #51152) [Link] (5 responses)

Something I noticed progressively happening over the last decade is that it has become increasingly easy to build a non-working kernel due to a stupidly disabled option whose name doesn't ring any bell. It has happened to me a great number of times recently, spending a week-end trying to boot a board and thinking that I was facing a driver issue just to discover that no, I was in fact missing a quirk or conversely I had lazily left support for a questionable feature enabled without understanding clearly in which case it was needed.

I've read a number of driver descriptions which forget to explain what it's for. You can have CONFIG_FOO: "Enabling this will allow GRZYBLK to enable mode SCHMURK of boards level 2 and 3", but accidentally omitting what board models, families and sometimes brands they were aiming at. I'm not pointing a finger, I know for doing such mistakes myself how hard it is to document for others stuff that's obvious to you. But it's just to say that this doesn't help.

As an example, just a few days ago I tried booting my Radxa E20C board on 6.16-rc1 and found ethernet to only work on Tx. This was both with my own trimmed down config and the arch's defconfig. The driver's author kindly suggested I was missing CONFIG_MOTORCOM_PHY, whose description only mentions some unknown chips and can easily be skipped since not apparently matching why I was having in that machine. I think that one process that makes this happen often is the "reuse and extend" of existing drivers. It significantly reduces code duplication, but it's not necessarily common that the description is updated to explain what new devices are supported after a patch. And clearly, cross-references of the doc should be improved. E.g. when a DTS is committed to reference certain devices and drivers, it would make sense to at the same time mention that device (or group of devices) in the referenced drivers' description.

Overall I think that we should probably have config profiles that would need to be assembled: use this on an x86, this on an arm64 etc. Then on top of this, use this for a storage server, this for a network server, this for a gaming machine, this for a music machine, this for a general server, this for a general workstation, this for a tiny development QEMU image etc. It would avoid missing important stuff, and allow users to try again from a different angle in case of failure.

Anyway it's a really complex topic and even distros seem to invest a huge amount of work in that area.

Maybe we're also missing a tool that would not just detect hardware (PCI enumeration, ACPI, I2C, thermal sensors, DTB etc) but would also consume a kernel config to indicate "your config is currently missing this, this and this". It could be easier for everyone (not just beginners) to start playing with the config using some guidance, seek the option's dependencies etc, and observe what they gain from doing this.

Default kernel configuration

Posted Jun 24, 2025 19:20 UTC (Tue) by geert (subscriber, #98403) [Link] (1 responses)

For enabling hardware support based on what is described in the DTS or DTB, we have dt_to_config.
It can't handle everything, though. E.g. Ethernet PHYs may be probed based on the PHY ID, instead of on a compatible value.

https://elixir.bootlin.com/linux/v6.15.3/source/scripts/d...

Default kernel configuration

Posted Jun 25, 2025 20:09 UTC (Wed) by bobolopolis (subscriber, #119051) [Link]

A few weeks ago I was wishing for a tool like this, it's quite tedious to crawl through a dts and figure out which drivers are needed. Thanks for pointing it out!

Default kernel configuration

Posted Jun 25, 2025 10:13 UTC (Wed) by farnz (subscriber, #17727) [Link] (2 responses)

It feels like we're talking around at least three changes:

Tooling to merge config fragments together; I should be able to say "take this base config, and merge in this fragment, reporting conflicts between the base and the merged in fragment for human resolution".
A tool I can run on a system that says "given all the hardware you can detect via DeviceTree/ACPI, PCIe IDs, USB IDs, Ethernet PHY IDs, build me a config with essentials for booting set to Y, and everything else you can find set to M". This should also turn on the required options for mounted filesystems.
System software provided config fragments (init systems, container systems etc) that say "you need these options set like this for full operation". You can then merge that into the hardware config, to get a working kernel for the software environment.

Ideally, you'd be able to start from no configuration, run the hardware tool to get a minimal config for your hardware to boot from identified devices (so it needs to be told "I boot from Ethernet", or "I boot from SD card"), then merge in the settings needed for your system software (systemd, runit, openrc, Kubernetes, Docker, XFCE, whatever else you choose to run), and have a kernel config with just enough built in that you can boot, and enough modules to drive all the hardware that was attached when you ran the tool.

Default kernel configuration

Posted Jun 25, 2025 11:07 UTC (Wed) by Wol (subscriber, #4433) [Link]

I've mentioned this before, but what I would like to see is something along the lines of "here is a list of hardware".

So you'd select CPU - probably initially "AMD, Intel, MIPS, Longsoon, ..." which would lead to "AMD Thunderbolt, AMD Ryzen, AMD ...", and on to mobo and/or chipset.

So basically a structured tree of all the typical/possible hardware, that turns on all the options for that hardware.

Probably less use for hobbyists now the list of available manufacturers has rather shrunk somewhat, but equally you're then not worrying about what hardware is in your PC (until the manufacturers, as they do, decide to change the hardware without changing the designation ... although I guess it *shouldn't* be a problem loading all the drivers for all the hardware that might be on a board with that designation...)

Cheers,
Wol

Default kernel configuration

Posted Jun 25, 2025 12:45 UTC (Wed) by daroc (editor, #160859) [Link]

There is already tooling to merge configurations: ./scripts/kconfig/merge_config.sh

It's not terribly sophisticated, but it could serve as a basis for what you're proposing. Similarly, there are scripts for extracting configs for certain specific kinds of hardware — turning a device tree blob into a config, for example — but those only work on some platforms.

Default kernel configuration

Posted Jun 24, 2025 21:34 UTC (Tue) by gerdesj (subscriber, #5446) [Link]

"Before that as a rookie user you could easily spend an entire day (or more) on getting the kernel configuration right."

My memory goes dim - I was a Gentooer from roughly 2002 to 2018. I still have one as a VM, which is getting quite elderly now. Two at work! I seem to remember there was always a Gentoo kernel config you can start off with. Once you have that genkernel does the rest.

I remember make config only taking about 20 minutes to get through. Obviously you then forget to run lilo and reach for the boot floppy ...

Appreciate the effort

Posted Jun 24, 2025 15:26 UTC (Tue) by NightMonkey (subscriber, #23051) [Link] (2 responses)

Just want to say thanks to Ingo Molnar for considering paths to improving the kernel config machinery for users. I've been building my own kernels since moving to Gentoo for some of my systems in 2006. I have a pretty ritualized process, but there's been a lot of "looking over the shoulder" of distro kernel configurations (Debian, Ubuntu and MX Linux, mainly) to help me populate common options for a desktop and server, and to prepare my systems for new and interesting use-cases.

Appreciate the effort

Posted Jun 26, 2025 20:31 UTC (Thu) by andy_shev (subscriber, #75870) [Link] (1 responses)

It depemds on the use cases. Embedded world, I believe, will hate such a change in the defconfig.

Appreciate the effort

Posted Jul 15, 2025 0:36 UTC (Tue) by tbird20d (subscriber, #1901) [Link]

> It depemds on the use cases. Embedded world, I believe, will hate such a change in the defconfig.
Yes. It's not just small systems that want to avoid bloated kernel configs. Larger kernels have bigger attack surfaces, and boot slower.

Driver Bloat

Posted Jun 24, 2025 16:06 UTC (Tue) by wsy (subscriber, #121706) [Link]

It's drivers that bloat the kernel, not hardware-independent features.

For 99% of x86 users, the set of drivers needed is really small:

Disk: ahci, nvme, legacy ide, usb mass storage and virtio
Input: usb hid, ps/2
Display: amdgpu, i915, nouveau, with vesa/efi fallback
Network: r8169, iwlwifi, ath*k, e1000e, igb, virtio, maybe broadcom ones.

That's it, it makes compilling kernel much more enjoyable.

Who are the normal people?

Posted Jun 24, 2025 16:08 UTC (Tue) by jhoblitt (subscriber, #77733) [Link] (1 responses)

If we go by device count, the average user is probably running Android, and Android enables bpf.

If it is excluding consumer devices, then I suspect cloud/hyperscalers would be the next largest demographic.

Who are the normal people?

Posted Jun 25, 2025 7:21 UTC (Wed) by taladar (subscriber, #68407) [Link]

Android might have the average user but almost certainly not the average user who compiles their own kernel.

"make distroconfig"

Posted Jun 24, 2025 16:16 UTC (Tue) by smurf (subscriber, #17840) [Link]

If Linus thinks the default should be a trimmed-down bare-metal kernel, then maybe we should bake the "most distributions do this" into a different set of default options?

cp /boot/config-$(uname -r) .config && make -j olddefconfig && make -j menuconfig

Posted Jun 24, 2025 16:53 UTC (Tue) by adobriyan (subscriber, #30858) [Link]

The rite of passage for kernel contributors is to compile their own kernel tuned for specific machine.

It is done by installing distro kernel, taking its .config and chopping obviously unnecessary stuff.

Send CV to linux-kernel if it boots without initrd on the first try.

Normal people do not compile a kernel

Posted Jun 24, 2025 16:56 UTC (Tue) by lunaryorn (subscriber, #111088) [Link] (2 responses)

> For NORMAL people. People who don't know what they should do without a
default config. People who just have a random machine that they want
to run Linux on and need an initial config for.

Perhaps it's just me, but I would not consider people "who just have a random machine that they want to run Linux on", and feel that they absolutely should start with compiling their own kernel, instead of reaching for, say, Ubuntu or Fedora, to be "normal".

Normal people do not compile a kernel

Posted Jun 24, 2025 21:28 UTC (Tue) by dmv (subscriber, #168800) [Link] (1 responses)

Yeah, that was my exact thought. Maybe he meant “normal kernel developer”?

Normal people do not compile a kernel

Posted Jun 25, 2025 8:02 UTC (Wed) by andyp (subscriber, #48701) [Link]

I think he meant "new kernel developer".

Bad defaults are hard to change

Posted Jun 24, 2025 17:14 UTC (Tue) by quotemstr (subscriber, #45331) [Link]

It's hard to get established projects to change unfortunate defaults. It's not just Linux. People get wrapped up in a certain mental model of a project's median user and don't update when that model drifts from reality. Defaults are especially stubborn in projects that are allergic to user telemetry: you end up with duels of data-free assertions and the status quo often wins by default.

make mrproper

Posted Jun 24, 2025 18:04 UTC (Tue) by professor (subscriber, #63325) [Link]

It´s been a while since i compiled a kernel but i always liked "make mrproper" followed by manual selecting (built in, not modules) the hardware i had in front of me (lspci helps) and other features (filesystem, scheduler, hz, etc) i wanted.

make distroconfig

Posted Jun 25, 2025 4:12 UTC (Wed) by pabs (subscriber, #43278) [Link] (3 responses)

The distros should get together and add configs that are suitable for distros, and then all use that, perhaps with minor downstream tweaks. I always wondered why that hasn't happened yet.

make distroconfig

Posted Jun 25, 2025 7:25 UTC (Wed) by smurf (subscriber, #17840) [Link] (2 responses)

Maybe just nobody had that idea. I emailed Ingo Molnar whether he'd consider adding his config as a "make distroconfig" target but no reply yet, which probably isn't surprising given the email volume a core kernel dev has to contend with …

make distroconfig

Posted Jun 26, 2025 3:37 UTC (Thu) by pabs (subscriber, #43278) [Link] (1 responses)

I think such a config should come from the distros instead, since ideally it would be identical to what is shipped in the mostly-upstream-only using distros like Debian, Ubuntu, Fedora, Gentoo etc. I haven't asked any of those teams about it though.

Either way, thanks for mailing Ingo about this idea, hopefully it leads to changes there.

make distroconfig

Posted Jun 26, 2025 8:38 UTC (Thu) by Karellen (subscriber, #67644) [Link]

From the article, I had the impression that Ingo had already contacted the relevant distro teams to find out what configs they were shipping, to determine what to put in his original patch set?

More automation?

Posted Jun 25, 2025 7:28 UTC (Wed) by taladar (subscriber, #68407) [Link] (2 responses)

I feel this is one area where more automation would be useful.

A lot of optional kernel features fall into two categories that could be auto-detected in theory if you are building for a single system.

Hardware usually can be auto-detected with modern devices based on the kind of information you can get from lspci, lsusb, dmidecode and similar tools even if no driver is loaded for a device as long as the device is connected to the system.

Software like iptables, docker, qemu, sandboxing or profiling tools,... could in theory just install a file with the required kernel options into some directory the kernel config can read.

Sure, the result would still have a lot of options that are more about the environment you plan to use the system in or some policy but it would probably make for a better starting point than having to select a lot of options unrelated to your own hardware or even architecture.

More automation?

Posted Jun 26, 2025 16:28 UTC (Thu) by meyert (subscriber, #32097) [Link] (1 responses)

Isn't that what localmodconfig does?

More automation?

Posted Jun 27, 2025 7:26 UTC (Fri) by taladar (subscriber, #68407) [Link]

I believe that one relies on the modules in use on the currently running kernel instead which is not quite the same thing, especially in cases where the running kernel does not support the hardware but e.g. lspci shows it.

Add a new, different type of "defconfig"?

Posted Jun 25, 2025 23:22 UTC (Wed) by kepstin (subscriber, #72391) [Link] (1 responses)

So, if "make defconfig" isn't going to change, maybe we need something new? Perhaps a "make distroconfig" that sets options suitable for general purpose Linux distributions on a given architecture - providing the kernel features used by modern desktop and server systems, and enough drivers to work on most systems (maybe cut out super obscure or obsolete stuff).

As for my personal systems, I copied what Gentoo did - use the Fedora kernel configuration as a base, and make only minor modifications on top of that. I ended up cutting out some drivers to reduce build time, but not that many - there's a bunch of things where it's not clear how to tell if it's needed, and I don't want to have to recompile just because I got a new usb device.

Add a new, different type of "defconfig"?

Posted Jul 7, 2025 14:14 UTC (Mon) by sammythesnake (guest, #17693) [Link]

Surely that's what modules are for - update your config to build the module for the new USB device, compile (only what's changed) and copy the new module into the relevant directory (then depmod/modprobe)

That should take no more than a few minutes and likely quite a lot less time than working out which config options need changing!

one for all

Posted Jun 26, 2025 20:21 UTC (Thu) by andy_shev (subscriber, #75870) [Link]

One configudation may not suit all possible usages. For embedded world these new options is an additional headache to drop and remove. Also the defconfig defaults tend to become a kinda "always on" dependencies to many people who may be surprised in the future if one or two disappear. I tend to agree with Torvalds.

Another aspect of defconfig

Posted Jul 15, 2025 9:30 UTC (Tue) by donald.buczek (subscriber, #112892) [Link]

For me, the benefit of defconfig is combined with "make savedefconfig". This makes it possible to save your own configuration as a delta to a default configuration. It is compressed and cleaned up of everything resulting from dependencies. Only then is it possible to track your own configuration with revision control and also automatically evolve it as required by changes in the upstream kernel. This can go along this line: `cp my-config .config && make savedefconfig && cp defconfig my-config && git commit -m"Update for new kernel" my-config`.

I don't understand the problems described in other comments with kernel building for which you would need a “typical” defconfig or one from the distributor. I'm not familiar with distributions, but while my Debian notebook sadly doesn't have a /proc/config.gz, it does have /boot/config-VERSION for all installed kernels. Why can't you start with that if you want to tinker?

Use absolute dates in config documentation, please

Posted Aug 21, 2025 5:01 UTC (Thu) by frostsnow (subscriber, #114957) [Link]

One thing which makes compiling custom kernels needlessly confusing is when I lookup the help text for a kernel config option and read something like, "this feature is usually available on newer processors". I have no idea when the documentation was written so "newer" is totally ambiguous. An approximate year instead of "newer" would be much more useful.