I am trying to squeeze some processing, security and possibly later storage space tweaking the compilation
I understand that the firmware built "as is" downloadable in openwrt domains is built with -O2. I've managed to compile with O3 as flag; however any other significant changes to the kernel end up breaking the build midway through
Old threads about performance optimization are from 2012, and it seems that those are already integrated into the stock openwrt firmware
with that said
is it safe trying out any compiled firmware that succeeds? Or should I just test it out somewhere else (e.g a VM?) If it "bricks" during installation, would it be possible to recover?
Which tweaks to GCC itself could affect performance, besides the main ones (march, mtune, etc) and the builtin profiles that we see in make menuconfig?
can telephony be excluded if the router will only need PPoE?
factory.bin with -O3 ended up being 6.9MiB vs 6.6MiB from the default settings
would these optmizations have any effect on performance to justify the extra 300KiB?
Better hope with 24.10 enabling crypto accelerator speeding up some ipsec and cryptsetup. It will not significantly improve firewall forwarding (400Mbps) clamped at CPU, or soft offload (1.xGbps) clamped at SoC memory speed. Just add some inaccuracies in critical parts of system.
There's two things with this:
binaries the kernel runs
and the kernel.
To test it out with binaries the kernel runs, you just change your openwrt build config, I mean it generally should be fine, just the size of the binaries will be a little bigger/use more memory and in general any program that would benefit a lot from it probably already has it set e.g openssl This won't effect the kernel at all, it will still be compiled Os or O2. So no real change to basic network performance at all.
To do it for the kernel you need actual patches and that's a more risky thing then on whether it will boot or run as you expect, it's generally ok though, but again it will be larger/use more memory and who knows what real gains you will see. Generally not worth it.
You can edit the -mcpu flag to include additional available extensions, enable Link-Time Optimisation, GCC Graphite, and use mold linker, if supported. Improvements are usually negligible, however.
Base your build on the default config, and only select the packages you need. Packages not selected will not be built, you usually don't need to exclude feeds manually.
Consider OpenSSL instead of mbedtls. Consider patching ustream-ssl to use AES by default, if AES instructions are available(extremely miniscule luci https performance improvement).
Check whether your device includes dedicated crypto accelerator. This will offload Wi-Fi crypto from the CPU.
Use official pre-compiled recovery and u-boot, and you shouldn't have issue debricking your devices.