Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson <[email protected]>
---
arch/x86/Kconfig | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 88fb922..b5e25c5 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1949,6 +1949,38 @@ config EFI_MIXED
If unsure, say N.
+config SECURE_LAUNCH
+ bool "Secure Launch support"
+ default n
+ depends on X86_64 && X86_X2APIC
+ help
+ The Secure Launch feature allows a kernel to be loaded
+ directly through an Intel TXT measured launch. Intel TXT
+ establishes a Dynamic Root of Trust for Measurement (DRTM)
+ where the CPU measures the kernel image. This feature then
+ continues the measurement chain over kernel configuration
+ information and init images.
+
+config SECURE_LAUNCH_ALT_PCR19
+ bool "Secure Launch Alternate PCR 19 usage"
+ default n
+ depends on SECURE_LAUNCH
+ help
+ In the post ACM environment, Secure Launch by default measures
+ configuration information into PCR18. This feature allows finer
+ control over measurements by moving configuration measurements
+ into PCR19.
+
+config SECURE_LAUNCH_ALT_PCR20
+ bool "Secure Launch Alternate PCR 20 usage"
+ default n
+ depends on SECURE_LAUNCH
+ help
+ In the post ACM environment, Secure Launch by default measures
+ image data like any external initrd into PCR17. This feature
+ allows finer control over measurements by moving image measurements
+ into PCR20.
+
source "kernel/Kconfig.hz"
config KEXEC
--
1.8.3.1