Custom kernel configurations for TIrtayana OpenWrt firmware on STB B860H (Amlogic S905X)
This repository is a fork of ophub/kernel with custom kernel configurations optimized for ZTE STB B860H (Amlogic S905X) running OpenWrt as a router. The kernel configurations are tailored for three deployment profiles used in the TIrtayana firmware project.
Each firmware profile uses a specific kernel version with configurations appropriate for its use case:
| Profile | Kernel | Signature | Use Case |
|---|---|---|---|
| Minimal | 5.15.y |
5.15.xxx-TIrtayana |
Base router - SSH/CLI only, lean and stable |
| Standard | 6.1.y |
6.1.xxx-TIrtayana |
Full router - LuCI web UI, QoS, NAT optimization |
| Education | 6.6.y |
6.6.xxx-TIrtayana |
Lab environment - Docker, VPN, network analysis tools |
All changes are config-level modifications (=m → =y, module → built-in). No kernel source code (.c/.h) is modified. This approach ensures full compatibility with upstream kernel updates while providing optimizations for router workloads.
Applied to config-5.15, config-6.1, and config-6.6:
| Config Option | Before | After | Description |
|---|---|---|---|
CONFIG_TCP_CONG_BBR |
=m |
=y |
BBR congestion control built-in - Google's TCP algorithm for better throughput |
CONFIG_DEFAULT_TCP_CONG |
"cubic" |
"bbr" |
Default TCP congestion control set to BBR instead of CUBIC |
CONFIG_NET_SCH_FQ |
=m |
=y |
Fair Queue packet scheduler - required for BBR to function optimally |
CONFIG_WIREGUARD |
=m |
=y |
WireGuard VPN built-in - always available without modprobe |
Rationale: These are essential for any router deployment. BBR + FQ provides significantly better throughput and latency compared to CUBIC. WireGuard built-in ensures VPN is always ready.
QoS and NAT optimizations for full router functionality:
| Config Option | Before | After | Description |
|---|---|---|---|
CONFIG_NET_SCH_HTB |
=m |
=y |
Hierarchical Token Bucket — bandwidth management |
CONFIG_NET_SCH_SFQ |
=m |
=y |
Stochastic Fairness Queueing — fair bandwidth distribution |
CONFIG_NET_SCH_INGRESS |
=m |
=y |
Ingress traffic control — inbound traffic shaping |
CONFIG_NFT_FLOW_OFFLOAD |
=m |
=y |
nftables flow offloading — hardware-accelerated packet forwarding |
CONFIG_NFT_FULLCONE |
=m |
=y |
Full-cone NAT — symmetric NAT for gaming/VoIP compatibility |
CONFIG_NFT_MASQ |
=m |
=y |
Masquerade — essential for NAT router operation |
CONFIG_NFT_NAT |
=m |
=y |
nftables NAT — network address translation |
CONFIG_NF_CT_NETLINK |
=m |
=y |
Conntrack netlink — connection tracking interface |
Rationale: HTB + SFQ + INGRESS form the SQM (Smart Queue Management) trio essential for OpenWrt bandwidth management. NAT modules built-in ensure router functions are always available without module loading delays.
Total changes: 4 base + 8 standard = 12 modifications
Includes all Standard changes, plus Docker support and network analysis tools:
| Config Option | Before | After | Description |
|---|---|---|---|
| All Standard changes above | — | — | Inherited from Standard profile |
CONFIG_NET_SCH_PRIO |
=m |
=y |
Priority queueing — traffic class prioritization for lab exercises |
CONFIG_BRIDGE_NETFILTER |
=m |
=y |
Bridge netfilter - required for Docker networking |
CONFIG_VETH |
=m |
=y |
Virtual Ethernet pairs - required for Docker container networking |
CONFIG_NFT_LOG |
=m |
=y |
nftables logging - packet logging for network analysis |
CONFIG_NFT_LIMIT |
=m |
=y |
nftables rate limiting - traffic rate control for lab scenarios |
CONFIG_NFT_CT |
=m |
=y |
nftables conntrack matching - connection tracking rules |
CONFIG_NET_CLS_U32 |
=m |
=y |
U32 traffic classifier - deep packet classification |
CONFIG_NET_CLS_FW |
=m |
=y |
Firewall-based classifier - fwmark-based traffic classification |
CONFIG_NET_ACT_POLICE |
=m |
=y |
Traffic policing - enforce bandwidth limits in lab |
CONFIG_NET_ACT_MIRRED |
=m |
=y |
Packet mirroring/redirect - traffic capture for analysis |
Rationale: Education profile supports Docker containers for lab environments, RADIUS server, captive portal, and comprehensive network analysis tools. All analysis-related netfilter modules are built-in for classroom use.
Total changes: 4 base + 8 standard + 10 education = 22 modifications
| Config Category | Minimal (5.15) | Standard (6.1) | Education (6.6) |
|---|---|---|---|
| TCP BBR | ✅ built-in | ✅ built-in | ✅ built-in |
| FQ Scheduler | ✅ built-in | ✅ built-in | ✅ built-in |
| WireGuard VPN | ✅ built-in | ✅ built-in | ✅ built-in |
| QoS (HTB/SFQ) | — module | ✅ built-in | ✅ built-in |
| NAT Optimization | — module | ✅ built-in | ✅ built-in |
| Full-cone NAT | — N/A | ✅ built-in | ✅ built-in |
| Flow Offloading | — module | ✅ built-in | ✅ built-in |
| Docker Support | — module | — module | ✅ built-in |
| Network Analysis | — module | — module | ✅ built-in |
| Traffic Policing | — module | — module | ✅ built-in |
| Total Changes | 4 | 12 | 22 |
GitHub Actions (ubuntu-24.04-arm)
└─ Docker: ophub/armbian-trixie:arm64
└─ Toolchain: GCC (default)
└─ Source: unifreq/linux-X.X.y
└─ Config: kernel-config/release/stable/config-X.X
└─ Output: kernel-X.X.xxx-TIrtayana.tar.gz
└─ Upload to GitHub Releases (tag: kernel_stable)
- Go to Actions → Compile mainline stable kernel
- Click "Run workflow"
- Set parameters:
| Parameter | Value |
|---|---|
kernel_source |
unifreq |
kernel_version |
5.15.y / 6.1.y / 6.6.y |
kernel_auto |
true |
kernel_toolchain |
gcc |
kernel_sign |
-TIrtayana (default) |
kernel_config |
kernel-config/release/stable |
- Wait ~1-2 hours per kernel version
- Output appears in Releases
After successful build, the Releases page will contain:
kernel-5.15.xxx-TIrtayana.tar.gz ← Minimal profile
kernel-6.1.xxx-TIrtayana.tar.gz ← Standard profile
kernel-6.6.xxx-TIrtayana.tar.gz ← Education profile
In openwrt-TIrtayana workflow, set:
Custom Kernel Repository: Krisnarhesa/kernel
The OpenWrt build will automatically download the -TIrtayana signed kernels from this repository's Releases.
After flashing the firmware to STB B860H:
# Check kernel version
uname -r
# Expected: 6.1.xxx-TIrtayana
# Verify BBR is active
sysctl net.ipv4.tcp_congestion_control
# Expected: net.ipv4.tcp_congestion_control = bbr
# Verify WireGuard is built-in (not a module)
cat /proc/modules | grep wireguard
# Expected: (no output — built-in, not a module)
# Verify FQ scheduler
tc qdisc show | grep fq
# Expected: fq available as built-in qdisckernel/
├── .github/workflows/
│ └── compile-mainline-stable-kernel.yml # Build workflow with -TIrtayana default
├── kernel-config/
│ └── release/stable/
│ ├── config-5.15 # Minimal profile (4 changes from upstream)
│ ├── config-6.1 # Standard profile (12 changes from upstream)
│ └── config-6.6 # Education profile (22 changes from upstream)
├── kernel-patch/ # Custom patches (if needed)
└── README.md # This file
| Specification | Detail |
|---|---|
| Device | ZTE STB B860H |
| SoC | Amlogic S905X |
| Architecture | ARMv8 / aarch64 |
| RAM | 1GB / 2GB DDR3 |
| Storage | 8GB eMMC |
| DTB | meson-gxl-s905x-b860h.dtb |
This repository is a fork of ophub/kernel. The original kernel compilation framework and configuration files are maintained by the ophub project. Special thanks to:
- ophub - Kernel compilation framework & Amlogic support
- unifreq - Kernel source code maintenance
- torvalds/linux - Linux kernel
For general kernel documentation, see the upstream README.
Licensed under GPL-2.0