Add a Kconfig option for compiling in/out the Secure Launch feature. Secure Launch is controlled by a singel boolean on/off.
Signed-off-by: Ross Philipson <[email protected]> --- arch/x86/Kconfig | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index fa3b616af03a..9404d207c420 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1975,6 +1975,20 @@ config EFI_RUNTIME_MAP See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map. +config SECURE_LAUNCH + bool "Secure Launch DRTM support" + depends on X86_64 && X86_X2APIC && TCG_TIS && TCG_CRB + select CRYPTO_LIB_SHA1 + select CRYPTO_LIB_SHA256 + help + The Secure Launch feature allows a kernel to be launched directly + through a vendor neutral DTRM (Dynamic Root of Trust for Measurement) + solution, with Intel TXT being one example. The DRTM establishes an + environment where the CPU measures the kernel image, employing the TPM, + before starting it. Secure Launch then continues the measurement chain + over kernel configuration information and other launch artifacts (e.g. + any initramfs image). + source "kernel/Kconfig.hz" config ARCH_SUPPORTS_KEXEC -- 2.43.7
