Hi Joe et al., What is the thinking behind the HAVE_INTEL_TXT option? Is the intention to disable all TXT-related code on non-x86 platforms? Wouldn't it be cleaner to add a dependency such as CONFIG_X86 to the CONFIG_INTEL_TXT line, instead of the pseudo-automatic HAVE_INTEL_TXT?
Thanks, -Jon On Fri, Jan 21, 2011 at 1:58 PM, Randy Dunlap <rdun...@xenotime.net> wrote: > On Fri, 21 Jan 2011 13:39:19 -0500 Jonathan McCune wrote: > >> This patch makes the documentation slightly more explicit about how to >> enable Intel TXT support in the kernel, and adds two dependencies to >> the relevant option in Kconfig. Without this patch it is difficult to >> determine how to enable Intel TXT support without some knowledge of >> Kconfig. >> >> Signed-off-by: Jonathan McCune <jonmcc...@cmu.edu> >> >> --- >> Documentation/intel_txt.txt | 4 +++- >> security/Kconfig | 2 +- >> 2 files changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt >> index 849de1a..8487f76 100644 >> --- a/Documentation/intel_txt.txt >> +++ b/Documentation/intel_txt.txt >> @@ -196,7 +196,9 @@ Execution Technology (TXT)". It is marked as >> EXPERIMENTAL and >> depends on the generic x86 support (to allow maximum flexibility in >> kernel build options), since the tboot code will detect whether the >> platform actually supports Intel TXT and thus whether any of the >> -kernel code is executed. >> +kernel code is executed. The kernel option for enabling Intel TXT >> +support will only appear if its dependencies are also enabled. >> +These are CONFIG_DMAR and CONFIG_PCI_MSI. > > Shouldn't that comment match the "depends on" line below?? > > >> The Q35_SINIT_17.BIN file is what Intel TXT refers to as an >> Authenticated Code Module. It is specific to the chipset in the >> diff --git a/security/Kconfig b/security/Kconfig >> index 95accd4..5fd4e35 100644 >> --- a/security/Kconfig >> +++ b/security/Kconfig >> @@ -136,7 +136,7 @@ config SECURITY_PATH >> >> config INTEL_TXT >> bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" >> - depends on HAVE_INTEL_TXT >> + depends on HAVE_INTEL_TXT && EXPERIMENTAL && DMAR && ACPI >> help >> This option enables support for booting the kernel with the >> Trusted Boot (tboot) module. This will utilize >> -- > > > --- > ~Randy > *** Remember to use Documentation/SubmitChecklist when testing your code *** > ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
