qemu: allow for cross compilation

14 files changed, 249 insertions, 98 deletions

diff --git a/src/Kbuild b/src/Kbuild
index 9815a4b..afbe4be 100644
--- a/src/Kbuild
+++ b/src/Kbuild
@@ -21,7 +21,10 @@ ifeq ($(CONFIG_ARM64),y)
 	wireguard-$(CONFIG_KERNEL_MODE_NEON) += crypto/chacha20-neon-arm64.o
 endif
 ifeq ($(CONFIG_ARM),y)
-	wireguard-$(CONFIG_KERNEL_MODE_NEON) += crypto/chacha20-neon-arm.o crypto/curve25519-neon-arm.o
+	wireguard-$(CONFIG_KERNEL_MODE_NEON) += crypto/chacha20-neon-arm.o
+	ifneq ($(CONFIG_CPU_THUMBONLY),y)
+		wireguard-$(CONFIG_KERNEL_MODE_NEON) += crypto/curve25519-neon-arm.o
+	endif
 endif
 
 ifneq ($(KBUILD_EXTMOD),)
diff --git a/src/Kconfig b/src/Kconfig
index e84aebb..811d1e2 100644
--- a/src/Kconfig
+++ b/src/Kconfig
@@ -3,6 +3,8 @@ config WIREGUARD
 	depends on NET && INET
 	select NET_UDP_TUNNEL
 	select CRYPTO_BLKCIPHER
+	select VFP
+	select VFPv3
 	select NEON
 	select KERNEL_MODE_NEON
 	default m
diff --git a/src/crypto/curve25519.c b/src/crypto/curve25519.c
index a53841d..892da78 100644
--- a/src/crypto/curve25519.c
+++ b/src/crypto/curve25519.c
@@ -190,7 +190,7 @@ static void curve25519_sandy2x_base(u8 pub[CURVE25519_POINT_SIZE], const u8 secr
 	memzero_explicit(x_51, sizeof(x_51));
 	memzero_explicit(z_51, sizeof(z_51));
 }
-#elif IS_ENABLED(CONFIG_KERNEL_MODE_NEON) && defined(CONFIG_ARM)
+#elif IS_ENABLED(CONFIG_KERNEL_MODE_NEON) && defined(CONFIG_ARM) && !defined(CONFIG_CPU_THUMBONLY)
 #include <asm/hwcap.h>
 #include <asm/neon.h>
 #include <asm/simd.h>
@@ -1416,7 +1416,7 @@ static void cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q)
 
 bool curve25519(u8 mypublic[CURVE25519_POINT_SIZE], const u8 secret[CURVE25519_POINT_SIZE], const u8 basepoint[CURVE25519_POINT_SIZE])
 {
-#if IS_ENABLED(CONFIG_KERNEL_MODE_NEON) && defined(CONFIG_ARM)
+#if IS_ENABLED(CONFIG_KERNEL_MODE_NEON) && defined(CONFIG_ARM) && !defined(CONFIG_CPU_THUMBONLY)
 	if (curve25519_use_neon && may_use_simd()) {
 		kernel_neon_begin();
 		curve25519_asm_neon(mypublic, secret, basepoint);
@@ -1590,7 +1590,7 @@ static void cmult(struct other_stack *s, limb *resultx, limb *resultz, const u8
 
 bool curve25519(u8 mypublic[CURVE25519_POINT_SIZE], const u8 secret[CURVE25519_POINT_SIZE], const u8 basepoint[CURVE25519_POINT_SIZE])
 {
-#if IS_ENABLED(CONFIG_KERNEL_MODE_NEON) && defined(CONFIG_ARM)
+#if IS_ENABLED(CONFIG_KERNEL_MODE_NEON) && defined(CONFIG_ARM) && !defined(CONFIG_CPU_THUMBONLY)
 	if (curve25519_use_neon && may_use_simd()) {
 		kernel_neon_begin();
 		curve25519_asm_neon(mypublic, secret, basepoint);
diff --git a/src/tests/qemu/Makefile b/src/tests/qemu/Makefile
index 130ae6d..ae03f6a 100644
--- a/src/tests/qemu/Makefile
+++ b/src/tests/qemu/Makefile
@@ -1,8 +1,17 @@
 PWD := $(shell pwd)
 
+CHOST := $(shell gcc -dumpmachine)
+ifneq (,$(ARCH))
+CBUILD := $(subst -gcc,,$(lastword $(subst /, ,$(firstword $(filter-out android,$(wildcard /usr/bin/$(ARCH)-*-gcc))))))
+endif
+ifeq (,$(CBUILD))
+CBUILD := $(CHOST)
+endif
+ARCH := $(firstword $(subst -, ,$(CBUILD)))
+
 # Set these from the environment to override
-KERNEL_VERSION ?= 4.13.5
-BUILD_PATH ?= $(PWD)/../../../qemu-build
+KERNEL_VERSION ?= 4.13.9
+BUILD_PATH ?= $(PWD)/../../../qemu-build/$(ARCH)
 DISTFILES_PATH ?= $(PWD)/distfiles
 DEBUG_KERNEL ?= no
 NR_CPUS ?= 2
@@ -11,8 +20,6 @@ DOWNLOAD := wget -O
 # DOWNLOAD := curl -f -o
 MIRROR := https://download.wireguard.com/qemu-test/distfiles/
 
-CHOST := $(shell gcc -dumpmachine)
-ARCH := $(shell uname -m)
 WIREGUARD_SOURCES := $(wildcard ../../*.c ../../*.h ../../selftest/*.h ../../crypto/*.c ../../crypto/*.h ../../crypto/*.S ../../compat/*.h)
 TOOLS_SOURCES := $(wildcard ../../tools/*.c ../../tools/*.h ../../uapi/*.h)
 
@@ -49,20 +56,107 @@ $(eval $(call tar_download,IPTABLES,iptables,1.6.1,.tar.bz2,http://ftp.netfilter
 $(eval $(call tar_download,NMAP,nmap,7.60,.tar.bz2,https://nmap.org/dist/))
 $(eval $(call tar_download,IPUTILS,iputils,s20161105,.tar.gz,https://github.com/iputils/iputils/archive/s20161105.tar.gz/#))
 
+export CFLAGS ?= -O3 -pipe
+export CPPFLAGS := -I$(BUILD_PATH)/include
+
+ifeq ($(CHOST),$(CBUILD))
+CROSS_COMPILE_FLAG := --host=$(CHOST)
+CFLAGS += -march=native
+else
+$(info Cross compilation: building for $(CBUILD) using $(CHOST))
+CROSS_COMPILE_FLAG := --build=$(CBUILD) --host=$(CHOST)
+export CROSS_COMPILE=$(CBUILD)-
+endif
 ifeq ($(ARCH),aarch64)
+QEMU_ARCH := aarch64
 KERNEL_ARCH := arm64
 KERNEL_BZIMAGE := $(KERNEL_PATH)/arch/arm64/boot/Image
-QEMU_MACHINE := -machine virt,accel=kvm,gic_version=host
+ifeq ($(CHOST),$(CBUILD))
+QEMU_MACHINE := -cpu host -machine virt,gic_version=host,accel=kvm
+else
+QEMU_MACHINE := -cpu cortex-a53 -machine virt
+CFLAGS += -march=armv8-a -mtune=cortex-a53
+endif
+else ifeq ($(ARCH),arm)
+QEMU_ARCH := arm
+KERNEL_ARCH := arm
+KERNEL_BZIMAGE := $(KERNEL_PATH)/arch/arm/boot/zImage
+ifeq ($(CHOST),$(CBUILD))
+QEMU_MACHINE := -cpu host -machine virt,gic_version=host,accel=kvm
 else
-KERNEL_ARCH := $(ARCH)
+QEMU_MACHINE := -cpu cortex-a15 -machine virt
+CFLAGS += -march=armv7-a -mtune=cortex-a15 -mabi=aapcs-linux
+endif
+else ifeq ($(ARCH),x86_64)
+QEMU_ARCH := x86_64
+KERNEL_ARCH := x86_64
 KERNEL_BZIMAGE := $(KERNEL_PATH)/arch/x86/boot/bzImage
-QEMU_MACHINE := -machine q35,accel=kvm
+ifeq ($(CHOST),$(CBUILD))
+QEMU_MACHINE := -cpu host -machine q35,accel=kvm
+else
+QEMU_MACHINE := -cpu Skylake-Server -machine q35
+CFLAGS += -march=skylake-avx512
+endif
+else ifeq ($(ARCH),i686)
+QEMU_ARCH := i386
+KERNEL_ARCH := x86
+KERNEL_BZIMAGE := $(KERNEL_PATH)/arch/x86/boot/bzImage
+ifeq ($(subst i686,x86_64,$(CBUILD)),$(CHOST))
+QEMU_MACHINE := -cpu host -machine q35,accel=kvm
+else
+QEMU_MACHINE := -cpu coreduo -machine q35
+CFLAGS += -march=prescott
+endif
+else ifeq ($(ARCH),mips64)
+QEMU_ARCH := mips64
+KERNEL_ARCH := mips
+KERNEL_BZIMAGE := $(KERNEL_PATH)/vmlinux
+ifeq ($(CHOST),$(CBUILD))
+QEMU_MACHINE := -cpu host -machine malta,accel=kvm
+CFLAGS += -EB
+else
+QEMU_MACHINE := -cpu 20Kc -machine malta -smp 1
+CFLAGS += -march=mips64r2 -EB
+endif
+else ifeq ($(ARCH),mips64el)
+QEMU_ARCH := mips64el
+KERNEL_ARCH := mips
+KERNEL_BZIMAGE := $(KERNEL_PATH)/vmlinux
+ifeq ($(CHOST),$(CBUILD))
+QEMU_MACHINE := -cpu host -machine malta,accel=kvm
+CFLAGS += -EL
+else
+QEMU_MACHINE := -cpu 20Kc -machine malta -smp 1
+CFLAGS += -march=mips64r2 -EL
+endif
+else ifeq ($(ARCH),mips)
+QEMU_ARCH := mips
+KERNEL_ARCH := mips
+KERNEL_BZIMAGE := $(KERNEL_PATH)/vmlinux
+ifeq ($(CHOST),$(CBUILD))
+QEMU_MACHINE := -cpu host -machine malta,accel=kvm
+CFLAGS += -EB
+else
+QEMU_MACHINE := -cpu 24Kf -machine malta -smp 1
+CFLAGS += -march=mips32r2 -EB
+endif
+else ifeq ($(ARCH),mipsel)
+QEMU_ARCH := mipsel
+KERNEL_ARCH := mips
+KERNEL_BZIMAGE := $(KERNEL_PATH)/vmlinux
+ifeq ($(CHOST),$(CBUILD))
+QEMU_MACHINE := -cpu host -machine malta,accel=kvm
+CFLAGS += -EL
+else
+QEMU_MACHINE := -cpu 24Kf -machine malta -smp 1
+CFLAGS += -march=mips32r2 -EL
+endif
+else
+$(error I only build: x86_64, i686, arm, aarch64, mips, mipsel, mips64, mips64el)
 endif
 
-export CFLAGS ?= -O3 -march=native -pipe
-export CPPFLAGS := -I$(BUILD_PATH)/include
-
-REAL_CC := $(CC)
+STRIP := $(CBUILD)-strip
+REAL_CC := $(CBUILD)-gcc
 MUSL_CC := $(BUILD_PATH)/musl-gcc
 export CC := $(MUSL_CC)
 USERSPACE_DEPS := $(MUSL_CC) $(BUILD_PATH)/include/.installed $(BUILD_PATH)/include/linux/.installed
@@ -70,20 +164,14 @@ USERSPACE_DEPS := $(MUSL_CC) $(BUILD_PATH)/include/.installed $(BUILD_PATH)/incl
 build: $(KERNEL_BZIMAGE)
 qemu: $(KERNEL_BZIMAGE)
 	rm -f $(BUILD_PATH)/result
-	qemu-system-$(ARCH) \
+	qemu-system-$(QEMU_ARCH) \
 		-nodefaults \
 		-nographic \
-		$(QEMU_MACHINE) \
-		-cpu host \
 		-smp $(NR_CPUS) \
+		$(QEMU_MACHINE) \
 		-m 192M \
-		-object rng-random,id=rng0,filename=/dev/urandom \
-		-device virtio-rng-pci,rng=rng0 \
-		-device virtio-serial,max_ports=2 \
-		-chardev stdio,id=stdio \
-		-device virtconsole,chardev=stdio \
-		-chardev file,id=status,path=$(BUILD_PATH)/result \
-		-device virtserialport,chardev=status \
+		-serial stdio \
+		-serial file:$(BUILD_PATH)/result \
 		-no-reboot \
 		-monitor none \
 		-kernel $<
@@ -118,27 +206,28 @@ $(KERNEL_PATH)/.installed: $(KERNEL_TAR)
 	ln -sfT $(shell readlink -f ../..) $(KERNEL_PATH)/net/wireguard
 	touch $@
 
-$(KERNEL_PATH)/.config: kernel.config | $(KERNEL_PATH)/.installed
+$(KERNEL_PATH)/.config: kernel.config arch/$(QEMU_ARCH).config | $(KERNEL_PATH)/.installed
 	cp kernel.config $(KERNEL_PATH)/minimal.config
 	printf 'CONFIG_NR_CPUS=$(NR_CPUS)\nCONFIG_INITRAMFS_SOURCE="$(BUILD_PATH)/init-cpio-spec.txt"\n' >> $(KERNEL_PATH)/minimal.config
+	cat arch/$(QEMU_ARCH).config >> $(KERNEL_PATH)/minimal.config
 	$(MAKE) -C $(KERNEL_PATH) ARCH=$(KERNEL_ARCH) allnoconfig
-	cd $(KERNEL_PATH) && scripts/kconfig/merge_config.sh -n .config minimal.config
-	-[ "$(DEBUG_KERNEL)" = "yes" ] && ( cd $(KERNEL_PATH) && scripts/kconfig/merge_config.sh -n .config $(PWD)/debug.config )
+	export ARCH=$(KERNEL_ARCH); cd $(KERNEL_PATH) && scripts/kconfig/merge_config.sh -n .config minimal.config
+	[ "$(DEBUG_KERNEL)" != "yes" ] || ( export ARCH=$(KERNEL_ARCH); cd $(KERNEL_PATH) && scripts/kconfig/merge_config.sh -n .config $(PWD)/debug.config )
 
 $(KERNEL_BZIMAGE): $(KERNEL_PATH)/.config $(BUILD_PATH)/init-cpio-spec.txt $(MUSL_PATH)/lib/libc.so $(IPERF_PATH)/src/iperf3 $(BUILD_PATH)/tools/wg $(IPUTILS_PATH)/ping $(BASH_PATH)/bash $(IPROUTE2_PATH)/misc/ss $(IPROUTE2_PATH)/ip/ip $(IPTABLES_PATH)/iptables/xtables-multi $(NMAP_PATH)/ncat/ncat $(BUILD_PATH)/init ../netns.sh $(WIREGUARD_SOURCES) $(TOOLS_SOURCES)
-	LOCALVERSION="" $(MAKE) -C $(KERNEL_PATH)
+	LOCALVERSION="" $(MAKE) -C $(KERNEL_PATH) ARCH=$(KERNEL_ARCH) CROSS_COMPILE=$(CROSS_COMPILE)
 
 $(BUILD_PATH)/include/linux/.installed: | $(KERNEL_PATH)/.config
-	LOCALVERSION="" $(MAKE) -C $(KERNEL_PATH) INSTALL_HDR_PATH=$(BUILD_PATH) headers_install
+	LOCALVERSION="" $(MAKE) -C $(KERNEL_PATH) INSTALL_HDR_PATH=$(BUILD_PATH) ARCH=$(KERNEL_ARCH) CROSS_COMPILE=$(CROSS_COMPILE) headers_install
 	touch $@
 
 $(MUSL_PATH)/lib/libc.so: $(MUSL_TAR)
 	mkdir -p $(BUILD_PATH)
 	flock -x $<.lock true
 	tar -C $(BUILD_PATH) -xf $<
-	cd $(MUSL_PATH) && CC=$(REAL_CC) ./configure --prefix=/ --disable-static
+	cd $(MUSL_PATH) && CC=$(REAL_CC) ./configure --prefix=/ --disable-static --build=$(CBUILD)
 	$(MAKE) -C $(MUSL_PATH)
-	strip -s $@
+	$(STRIP) -s $@
 
 $(BUILD_PATH)/include/.installed: $(MUSL_PATH)/lib/libc.so
 	$(MAKE) -C $(MUSL_PATH) DESTDIR=$(BUILD_PATH) install-headers
@@ -146,7 +235,7 @@ $(BUILD_PATH)/include/.installed: $(MUSL_PATH)/lib/libc.so
 
 $(MUSL_CC): $(MUSL_PATH)/lib/libc.so
 	sh $(MUSL_PATH)/tools/musl-gcc.specs.sh $(BUILD_PATH)/include $(MUSL_PATH)/lib /lib/ld-linux.so.1 > $(BUILD_PATH)/musl-gcc.specs
-	printf '#!/bin/sh\nexec "$(REAL_CC)" "$$@" -specs "$(BUILD_PATH)/musl-gcc.specs" -no-pie\n' > $(BUILD_PATH)/musl-gcc
+	printf '#!/bin/sh\nexec "$(REAL_CC)" "$$@" -specs "$(BUILD_PATH)/musl-gcc.specs" -fno-stack-protector -no-pie\n' > $(BUILD_PATH)/musl-gcc
 	chmod +x $(BUILD_PATH)/musl-gcc
 
 $(IPERF_PATH)/.installed: $(IPERF_TAR)
@@ -158,9 +247,9 @@ $(IPERF_PATH)/.installed: $(IPERF_TAR)
 	touch $@
 
 $(IPERF_PATH)/src/iperf3: | $(IPERF_PATH)/.installed $(USERSPACE_DEPS)
-	cd $(IPERF_PATH) && CFLAGS="$(CFLAGS) -D_GNU_SOURCE" ./configure --prefix=/ --host=$(CHOST) --enable-static --disable-shared
+	cd $(IPERF_PATH) && CFLAGS="$(CFLAGS) -D_GNU_SOURCE" ./configure --prefix=/ $(CROSS_COMPILE_FLAG) --enable-static --disable-shared
 	$(MAKE) -C $(IPERF_PATH)
-	strip -s $@
+	$(STRIP) -s $@
 
 $(LIBMNL_PATH)/.installed: $(LIBMNL_TAR)
 	flock -x $<.lock true
@@ -168,7 +257,7 @@ $(LIBMNL_PATH)/.installed: $(LIBMNL_TAR)
 	touch $@
 
 $(LIBMNL_PATH)/src/.libs/libmnl.a: | $(LIBMNL_PATH)/.installed $(USERSPACE_DEPS)
-	cd $(LIBMNL_PATH) && ./configure --prefix=/ --host=$(CHOST) --enable-static --disable-shared
+	cd $(LIBMNL_PATH) && ./configure --prefix=/ $(CROSS_COMPILE_FLAG) --enable-static --disable-shared
 	$(MAKE) -C $(LIBMNL_PATH)
 	sed -i 's:prefix=.*:prefix=$(LIBMNL_PATH):' $(LIBMNL_PATH)/libmnl.pc
 
@@ -177,12 +266,12 @@ $(BUILD_PATH)/tools/wg: $(TOOLS_SOURCES) | $(LIBMNL_PATH)/src/.libs/libmnl.a $(U
 	cp -pr ../../uapi ../../tools $(BUILD_PATH)/
 	$(MAKE) -C $(BUILD_PATH)/tools clean
 	LDFLAGS="$(LDFLAGS) -L$(LIBMNL_PATH)/src/.libs" $(MAKE) -C $(BUILD_PATH)/tools LIBMNL_CFLAGS="-I$(LIBMNL_PATH)/include" LIBMNL_LDLIBS="-lmnl" wg
-	strip -s $@
+	$(STRIP) -s $@
 
 $(BUILD_PATH)/init: init.c | $(USERSPACE_DEPS)
 	mkdir -p $(BUILD_PATH)
-	$(MUSL_CC) -o $@ -O3 -std=gnu11 $<
-	strip -s $@
+	$(MUSL_CC) -o $@ $(CFLAGS) -std=gnu11 $<
+	$(STRIP) -s $@
 
 $(IPUTILS_PATH)/.installed: $(IPUTILS_TAR)
 	mkdir -p $(BUILD_PATH)
@@ -192,7 +281,7 @@ $(IPUTILS_PATH)/.installed: $(IPUTILS_TAR)
 
 $(IPUTILS_PATH)/ping: | $(IPUTILS_PATH)/.installed $(USERSPACE_DEPS)
 	$(MAKE) -C $(IPUTILS_PATH) USE_CAP=no USE_IDN=no USE_NETTLE=no USE_CRYPTO=no ping
-	strip -s $@
+	$(STRIP) -s $@
 
 $(BASH_PATH)/.installed: $(BASH_TAR)
 	mkdir -p $(BUILD_PATH)
@@ -201,9 +290,9 @@ $(BASH_PATH)/.installed: $(BASH_TAR)
 	touch $@
 
 $(BASH_PATH)/bash: | $(BASH_PATH)/.installed $(USERSPACE_DEPS)
-	cd $(BASH_PATH) && ./configure --prefix=/ --host=$(CHOST) --without-bash-malloc --disable-debugger --disable-help-builtin --disable-history --disable-multibyte --disable-progcomp --disable-readline --disable-mem-scramble
+	cd $(BASH_PATH) && ./configure --prefix=/ $(CROSS_COMPILE_FLAG) --without-bash-malloc --disable-debugger --disable-help-builtin --disable-history --disable-multibyte --disable-progcomp --disable-readline --disable-mem-scramble
 	$(MAKE) -C $(BASH_PATH)
-	strip -s $@
+	$(STRIP) -s $@
 
 $(eval $(call file_download,271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch,https://raw.githubusercontent.com/lede-project/source/master/package/network/utils/iproute2/patches/))
 $(eval $(call file_download,272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch,https://raw.githubusercontent.com/lede-project/source/master/package/network/utils/iproute2/patches/))
@@ -220,11 +309,11 @@ $(IPROUTE2_PATH)/.installed: $(IPROUTE2_TAR) | $(DISTFILES_PATH)/271-uapi-libc-c
 
 $(IPROUTE2_PATH)/ip/ip: | $(IPROUTE2_PATH)/.installed $(LIBMNL_PATH)/src/.libs/libmnl.a $(USERSPACE_DEPS)
 	LDFLAGS="$(LDFLAGS) -L$(LIBMNL_PATH)/src/.libs" PKG_CONFIG_LIBDIR="$(LIBMNL_PATH)" $(MAKE) -C $(IPROUTE2_PATH) PREFIX=/ ip/ip
-	strip -s $(IPROUTE2_PATH)/ip/ip
+	$(STRIP) -s $(IPROUTE2_PATH)/ip/ip
 
 $(IPROUTE2_PATH)/misc/ss: | $(IPROUTE2_PATH)/.installed $(LIBMNL_PATH)/src/.libs/libmnl.a $(USERSPACE_DEPS)
 	LDFLAGS="$(LDFLAGS) -L$(LIBMNL_PATH)/src/.libs" PKG_CONFIG_LIBDIR="$(LIBMNL_PATH)" $(MAKE) -C $(IPROUTE2_PATH) PREFIX=/ misc/ss
-	strip -s $(IPROUTE2_PATH)/misc/ss
+	$(STRIP) -s $(IPROUTE2_PATH)/misc/ss
 
 $(IPTABLES_PATH)/.installed: $(IPTABLES_TAR)
 	mkdir -p $(BUILD_PATH)
@@ -234,9 +323,9 @@ $(IPTABLES_PATH)/.installed: $(IPTABLES_TAR)
 	touch $@
 
 $(IPTABLES_PATH)/iptables/xtables-multi: | $(IPTABLES_PATH)/.installed $(LIBMNL_PATH)/src/.libs/libmnl.a $(USERSPACE_DEPS)
-	cd $(IPTABLES_PATH) && PKG_CONFIG_LIBDIR="$(LIBMNL_PATH)" ./configure --prefix=/ --host=$(CHOST) --enable-static --disable-shared --disable-nftables --disable-bpf-compiler --disable-nfsynproxy --disable-libipq --with-kernel=$(BUILD_PATH)/include
+	cd $(IPTABLES_PATH) && PKG_CONFIG_LIBDIR="$(LIBMNL_PATH)" ./configure --prefix=/ $(CROSS_COMPILE_FLAG) --enable-static --disable-shared --disable-nftables --disable-bpf-compiler --disable-nfsynproxy --disable-libipq --with-kernel=$(BUILD_PATH)/include
 	$(MAKE) -C $(IPTABLES_PATH)
-	strip -s $@
+	$(STRIP) -s $@
 
 $(NMAP_PATH)/.installed: $(NMAP_TAR)
 	mkdir -p $(BUILD_PATH)
@@ -245,9 +334,9 @@ $(NMAP_PATH)/.installed: $(NMAP_TAR)
 	touch $@
 
 $(NMAP_PATH)/ncat/ncat: | $(NMAP_PATH)/.installed $(USERSPACE_DEPS)
-	cd $(NMAP_PATH) && ./configure --prefix=/ --host=$(CHOST) --enable-static --disable-shared --without-ndiff --without-zenmap --without-nping --with-libpcap=included --with-libpcre=included --with-libdnet=included --without-liblua --with-liblinear=included --without-nmap-update --without-openssl --with-pcap=linux
+	cd $(NMAP_PATH) && ./configure --prefix=/ $(CROSS_COMPILE_FLAG) --enable-static --disable-shared --without-ndiff --without-zenmap --without-nping --with-libpcap=included --with-libpcre=included --with-libdnet=included --without-liblua --with-liblinear=included --without-nmap-update --without-openssl --with-pcap=linux
 	$(MAKE) -C $(NMAP_PATH) build-ncat
-	strip -s $@
+	$(STRIP) -s $@
 
 clean:
 	rm -rf $(BUILD_PATH)
diff --git a/src/tests/qemu/arch/aarch64.config b/src/tests/qemu/arch/aarch64.config
new file mode 100644
index 0000000..7f46172
--- /dev/null
+++ b/src/tests/qemu/arch/aarch64.config
@@ -0,0 +1,4 @@
+CONFIG_SERIAL_AMBA_PL011=y
+CONFIG_SERIAL_AMBA_PL011_CONSOLE=y
+CONFIG_CMDLINE_BOOL=y
+CONFIG_CMDLINE="console=ttyAMA0 wg.success=ttyAMA1"
diff --git a/src/tests/qemu/arch/arm.config b/src/tests/qemu/arch/arm.config
new file mode 100644
index 0000000..0f39937
--- /dev/null
+++ b/src/tests/qemu/arch/arm.config
@@ -0,0 +1,8 @@
+CONFIG_MMU=y
+CONFIG_ARCH_MULTI_V7=y
+CONFIG_ARCH_VIRT=y
+CONFIG_THUMB2_KERNEL=n
+CONFIG_SERIAL_AMBA_PL011=y
+CONFIG_SERIAL_AMBA_PL011_CONSOLE=y
+CONFIG_CMDLINE_BOOL=y
+CONFIG_CMDLINE="console=ttyAMA0 wg.success=ttyAMA1"
diff --git a/src/tests/qemu/arch/i386.config b/src/tests/qemu/arch/i386.config
new file mode 100644
index 0000000..ed1e701
--- /dev/null
+++ b/src/tests/qemu/arch/i386.config
@@ -0,0 +1,4 @@
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_CMDLINE_BOOL=y
+CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1"
diff --git a/src/tests/qemu/arch/mips.config b/src/tests/qemu/arch/mips.config
new file mode 100644
index 0000000..f8c7a7f
--- /dev/null
+++ b/src/tests/qemu/arch/mips.config
@@ -0,0 +1,9 @@
+CONFIG_CPU_MIPS32_R2=y
+CONFIG_MIPS_MALTA=y
+CONFIG_MIPS_CPS=y
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_SYSCON=y
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_CMDLINE_BOOL=y
+CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1"
diff --git a/src/tests/qemu/arch/mips64.config b/src/tests/qemu/arch/mips64.config
new file mode 100644
index 0000000..6fc6bc4
--- /dev/null
+++ b/src/tests/qemu/arch/mips64.config
@@ -0,0 +1,10 @@
+CONFIG_64BIT=y
+CONFIG_CPU_MIPS64_R2=y
+CONFIG_MIPS_MALTA=y
+CONFIG_MIPS_CPS=y
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_SYSCON=y
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_CMDLINE_BOOL=y
+CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1"
diff --git a/src/tests/qemu/arch/mips64el.config b/src/tests/qemu/arch/mips64el.config
new file mode 100644
index 0000000..fc1e43a
--- /dev/null
+++ b/src/tests/qemu/arch/mips64el.config
@@ -0,0 +1,11 @@
+CONFIG_64BIT=y
+CONFIG_CPU_MIPS64_R2=y
+CONFIG_MIPS_MALTA=y
+CONFIG_CPU_LITTLE_ENDIAN=y
+CONFIG_MIPS_CPS=y
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_SYSCON=y
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_CMDLINE_BOOL=y
+CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1"
diff --git a/src/tests/qemu/arch/mipsel.config b/src/tests/qemu/arch/mipsel.config
new file mode 100644
index 0000000..4759a65
--- /dev/null
+++ b/src/tests/qemu/arch/mipsel.config
@@ -0,0 +1,10 @@
+CONFIG_CPU_MIPS32_R2=y
+CONFIG_MIPS_MALTA=y
+CONFIG_CPU_LITTLE_ENDIAN=y
+CONFIG_MIPS_CPS=y
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_SYSCON=y
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_CMDLINE_BOOL=y
+CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1"
diff --git a/src/tests/qemu/arch/x86_64.config b/src/tests/qemu/arch/x86_64.config
new file mode 100644
index 0000000..ed1e701
--- /dev/null
+++ b/src/tests/qemu/arch/x86_64.config
@@ -0,0 +1,4 @@
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_CMDLINE_BOOL=y
+CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1"
diff --git a/src/tests/qemu/init.c b/src/tests/qemu/init.c
index 626ce6a..afbc611 100644
--- a/src/tests/qemu/init.c
+++ b/src/tests/qemu/init.c
@@ -38,36 +38,41 @@ static void panic(const char *what)
 
 #define pretty_message(msg) puts("\x1b[32m\x1b[1m" msg "\x1b[0m")
 
-static void print_banner(const struct utsname *utsname)
+static void print_banner(void)
 {
-	int len = strlen("    WireGuard Test Suite on      ") + strlen(utsname->sysname) + strlen(utsname->release);
-	printf("\x1b[45m\x1b[33m\x1b[1m%*.s\x1b[0m\n\x1b[45m\x1b[33m\x1b[1m    WireGuard Test Suite on %s %s    \x1b[0m\n\x1b[45m\x1b[33m\x1b[1m%*.s\x1b[0m\n\n", len, "", utsname->sysname, utsname->release, len, "");
+	struct utsname utsname;
+	int len;
+
+	if (uname(&utsname) < 0)
+		panic("uname");
+
+	len = strlen("    WireGuard Test Suite on       ") + strlen(utsname.sysname) + strlen(utsname.release) + strlen(utsname.machine);
+	printf("\x1b[45m\x1b[33m\x1b[1m%*.s\x1b[0m\n\x1b[45m\x1b[33m\x1b[1m    WireGuard Test Suite on %s %s %s    \x1b[0m\n\x1b[45m\x1b[33m\x1b[1m%*.s\x1b[0m\n\n", len, "", utsname.sysname, utsname.release, utsname.machine, len, "");
 }
 
 static void seed_rng(void)
 {
-	int fd1, fd2, i;
+	int fd;
 	struct {
 		int entropy_count;
 		int buffer_size;
-		unsigned char buffer[128];
+		unsigned char buffer[256];
 	} entropy = {
-		.entropy_count = 128,
-		.buffer_size = 128
+		.entropy_count = sizeof(entropy.buffer) * 8,
+		.buffer_size = sizeof(entropy.buffer),
+		.buffer = "Adding real entropy is not actually important for these tests. Don't try this at home, kids!"
 	};
-	pretty_message("[+] Ensuring RNG entropy...");
-	fd1 = open("/dev/hwrng", O_RDONLY);
-	fd2 = open("/dev/urandom", O_WRONLY);
-	if (fd1 < 0 || fd2 < 0)
-		panic("open(hwrng,urandom)");
-	for (i = 0; i < 4096; ++i) {
-		if (read(fd1, entropy.buffer, 128) != 128)
-			panic("read(hwrng)");
-		if (ioctl(fd2, RNDADDENTROPY, &entropy) < 0)
+
+	if (mknod("/dev/urandom", S_IFCHR | 0644, makedev(1, 9)))
+		panic("mknod(/dev/urandom)");
+	fd = open("/dev/urandom", O_WRONLY);
+	if (fd < 0)
+		panic("open(urandom)");
+	for (int i = 0; i < 256; ++i) {
+		if (ioctl(fd, RNDADDENTROPY, &entropy) < 0)
 			panic("ioctl(urandom)");
 	}
-	close(fd1);
-	close(fd2);
+	close(fd);
 }
 
 static void mount_filesystems(void)
@@ -142,8 +147,10 @@ static void kmod_selftests(void)
 
 static void launch_tests(void)
 {
+	char cmdline[4096], *success_dev;
 	int status, fd;
 	pid_t pid;
+
 	pretty_message("[+] Launching tests...");
 	pid = fork();
 	if (pid == -1)
@@ -156,26 +163,32 @@ static void launch_tests(void)
 		panic("waitpid");
 	if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
 		pretty_message("[+] Tests successful! :-)");
-		fd = open("/dev/vport1p1", O_WRONLY);
+		fd = open("/proc/cmdline", O_RDONLY);
 		if (fd < 0)
-			panic("open(vport1p1)");
+			panic("open(/proc/cmdline)");
+		if (read(fd, cmdline, sizeof(cmdline) - 1) <= 0)
+			panic("read(/proc/cmdline)");
+		cmdline[sizeof(cmdline) - 1] = '\0';
+		for (success_dev = strtok(cmdline, " \n"); success_dev; success_dev = strtok(NULL, " \n")) {
+			if (strncmp(success_dev, "wg.success=", 11))
+				continue;
+			memcpy(success_dev + 11 - 5, "/dev/", 5);
+			success_dev += 11 - 5;
+			break;
+		}
+		if (!success_dev || !strlen(success_dev))
+			panic("Unable to find success device");
+
+		fd = open(success_dev, O_WRONLY);
+		if (fd < 0)
+			panic("open(success_dev)");
 		if (write(fd, "success\n", 8) != 8)
-			panic("write(success)");
+			panic("write(success_dev)");
 		close(fd);
 	} else
 		puts("\x1b[31m\x1b[1m[-] Tests failed! :-(\x1b[0m");
 }
 
-static bool linux_4_8_or_higher(const struct utsname *utsname)
-{
-	unsigned int maj, min, rel;
-	if (strcmp(utsname->sysname, "Linux"))
-		return false;
-	if (sscanf(utsname->release, "%u.%u.%u", &maj, &min, &rel) != 3)
-		return false;
-	return KERNEL_VERSION(maj, min, rel) >= KERNEL_VERSION(4, 8, 0);
-}
-
 static void ensure_console(void)
 {
 	for (unsigned int i = 0; i < 1000; ++i) {
@@ -196,16 +209,11 @@ static void ensure_console(void)
 
 int main(int argc, char *argv[])
 {
-	struct utsname utsname;
-
+	seed_rng();
 	ensure_console();
-	if (uname(&utsname) < 0)
-		panic("uname");
-	print_banner(&utsname);
+	print_banner();
 	mount_filesystems();
 	kmod_selftests();
-	if (!linux_4_8_or_higher(&utsname))
-		seed_rng();
 	enable_logging();
 	launch_tests();
 	poweroff();
diff --git a/src/tests/qemu/kernel.config b/src/tests/qemu/kernel.config
index 7b0b1e3..398ce71 100644
--- a/src/tests/qemu/kernel.config
+++ b/src/tests/qemu/kernel.config
@@ -22,21 +22,12 @@ CONFIG_IP_NF_NAT=y
 CONFIG_TTY=y
 CONFIG_BINFMT_ELF=y
 CONFIG_BINFMT_SCRIPT=y
-CONFIG_PCI=y
-CONFIG_PCI_MSI=y
-CONFIG_PCI_HOST_COMMON=y
-CONFIG_PCI_HOST_GENERIC=y
+CONFIG_VDSO=y
 CONFIG_VIRTUALIZATION=y
 CONFIG_HYPERVISOR_GUEST=y
 CONFIG_PARAVIRT=y
 CONFIG_KVM_GUEST=y
 CONFIG_PARAVIRT_SPINLOCKS=y
-CONFIG_VIRTIO=y
-CONFIG_VIRTIO_PCI=y
-CONFIG_VIRTIO_CONSOLE=y
-CONFIG_VIRTIO_PCI_LEGACY=y
-CONFIG_HW_RANDOM=y
-CONFIG_HW_RANDOM_VIRTIO=y
 CONFIG_PRINTK=y
 CONFIG_KALLSYMS=y
 CONFIG_BUG=y
@@ -83,7 +74,5 @@ CONFIG_BOOTPARAM_HUNG_TASK_PANIC=y
 CONFIG_PANIC_TIMEOUT=-1
 CONFIG_STACKTRACE=y
 CONFIG_EARLY_PRINTK=y
-CONFIG_CMDLINE_BOOL=y
-CONFIG_CMDLINE="console=hvc0"
 CONFIG_WIREGUARD=y
 CONFIG_WIREGUARD_DEBUG=y