Thanks, that thread helps a lot. I was previously unaware of the convention that HAVE_INTEL_TXT is following to better support other architectures.
Generally when I can't find a kernel config option I use the forward-slash search command. Searching for TXT turns up the relevant CONFIG_INTEL_TXT CONFIG_HAVE_INTEL_TXT entries, but their dependencies are not identified completely in the help text, so it still strikes me as impossible to learn that _DMAR and _PCI_MSI are required without actually looking in the Kconfig files. Here is a screenshot showing the search results for TXT in `make menuconfig` with vanilla linux 2.6.37: http://sparrow.ece.cmu.edu/~jmmccune/search_TXT.jpg My intention was to convey that if CONFIG_DMAR and CONFIG_PCI_MSI (pre-req for DMAR) are not enabled, then the TXT options will not appear. I am somewhat surprised that `make menuconfig` is not displaying those dependencies since they are already in Kconfig for HAVE_INTEL_TXT. I don't know enough about the kernel build process to know why they might be omitted from the help text. Thoughts? Thanks, -Jon On Sun, Jan 23, 2011 at 8:05 PM, Wang, Shane <shane.w...@intel.com> wrote: > HAVE_INTEL_TXT definition is in arch/x86/Kconfig. It is the same as your > patch. > When we put it into x86 folder, we intend to disable all TXT code on non-x86 > platforms currently. > > config HAVE_INTEL_TXT > def_bool y > depends on EXPERIMENTAL && DMAR && ACPI > > The story is at the threads beginning with http://lkml.org/lkml/2009/6/30/664. > > Thanks. > Shane > >> -----Original Message----- >> From: Jonathan McCune [mailto:jonmcc...@cmu.edu] >> Sent: Saturday, January 22, 2011 3:10 AM >> To: tboot-devel@lists.sourceforge.net >> Subject: Re: [tboot-devel] [PATCH, TRIVIAL] Add more explicit dependencies >> for CONFIG_INTEL_TXT >> >> Hi Joe et al., >> >> What is the thinking behind the HAVE_INTEL_TXT option? Is the >> intention to disable all TXT-related code on non-x86 platforms? >> Wouldn't it be cleaner to add a dependency such as CONFIG_X86 to the >> CONFIG_INTEL_TXT line, instead of the pseudo-automatic >> HAVE_INTEL_TXT? >> >> Thanks, >> -Jon >> >> >> >> On Fri, Jan 21, 2011 at 1:58 PM, Randy Dunlap <rdun...@xenotime.net> >> wrote: >> > On Fri, 21 Jan 2011 13:39:19 -0500 Jonathan McCune wrote: >> > >> >> This patch makes the documentation slightly more explicit about how to >> >> enable Intel TXT support in the kernel, and adds two dependencies to >> >> the relevant option in Kconfig. Without this patch it is difficult to >> >> determine how to enable Intel TXT support without some knowledge of >> >> Kconfig. >> >> >> >> Signed-off-by: Jonathan McCune <jonmcc...@cmu.edu> >> >> >> >> --- >> >> Documentation/intel_txt.txt | 4 +++- >> >> security/Kconfig | 2 +- >> >> 2 files changed, 4 insertions(+), 2 deletions(-) >> >> >> >> diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt >> >> index 849de1a..8487f76 100644 >> >> --- a/Documentation/intel_txt.txt >> >> +++ b/Documentation/intel_txt.txt >> >> @@ -196,7 +196,9 @@ Execution Technology (TXT)". It is marked as >> >> EXPERIMENTAL and >> >> depends on the generic x86 support (to allow maximum flexibility in >> >> kernel build options), since the tboot code will detect whether the >> >> platform actually supports Intel TXT and thus whether any of the >> >> -kernel code is executed. >> >> +kernel code is executed. The kernel option for enabling Intel TXT >> >> +support will only appear if its dependencies are also enabled. >> >> +These are CONFIG_DMAR and CONFIG_PCI_MSI. >> > >> > Shouldn't that comment match the "depends on" line below?? >> > >> > >> >> The Q35_SINIT_17.BIN file is what Intel TXT refers to as an >> >> Authenticated Code Module. It is specific to the chipset in the >> >> diff --git a/security/Kconfig b/security/Kconfig >> >> index 95accd4..5fd4e35 100644 >> >> --- a/security/Kconfig >> >> +++ b/security/Kconfig >> >> @@ -136,7 +136,7 @@ config SECURITY_PATH >> >> >> >> config INTEL_TXT >> >> bool "Enable Intel(R) Trusted Execution Technology (Intel(R) >> TXT)" >> >> - depends on HAVE_INTEL_TXT >> >> + depends on HAVE_INTEL_TXT && EXPERIMENTAL && DMAR && >> ACPI >> >> help >> >> This option enables support for booting the kernel with the >> >> Trusted Boot (tboot) module. This will utilize >> >> -- >> > >> > >> > --- >> > ~Randy >> > *** Remember to use Documentation/SubmitChecklist when testing your >> code *** >> > >> >> ------------------------------------------------------------------------------ >> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> Finally, a world-class log management solution at an even better price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> tboot-devel mailing list >> tboot-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tboot-devel > ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
