Re: [PATCH] Use 'imply' with SEV Kconfig CRYPTO dependencies

From: Brijesh Singh
Date: Tue Jun 19 2018 - 15:23:09 EST


Hi Boris,


On 06/19/2018 04:46 AM, Borislav Petkov wrote:
On Thu, Jun 14, 2018 at 07:08:26AM -0500, Brijesh Singh wrote:
I think depends should look like this:

config KVM_AMD_SEV
ÂÂÂ def_bool y
ÂÂÂ bool "AMD Secure Encrypted Virtualization (SEV) support"
ÂÂÂ depends KVM_AMD && X86_64
ÂÂÂ depends CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)

CRYPTO_DEV_CCP_DD - this still doesn't belong here. KVM_AMD_SEV doesn't
care about what kind of functionality the PSP needs to function and
select it - it should only depend on a single symbol.



It would be nice to have a single depends. But the main issue is, PSP support is provided through the ccp driver (aka CRYPTO_DEV_CCP_DD). Hence KVM_AMD_SEV need to have some level of dependency with ccp driver. This is to ensure that the ccp was 'y' when kvm-amd=y for SEV to work.


Now, you can add a separate CRYPTO .config item which collects all
required functionality for SEV guests and have KVM_AMD_SEV depend
on that. Or a similar solution. But not have KVM_AMD_SEV poke into
CRYPTO...PSP dependencies because it doesn't need to know about it.



I am sorry but I am not able to follow you on how creating a separate CRYPTO .config item will solve this problem. Creating a separate config will be useful if we are okay with calling 'select' from kvm (i.e if kvm-amd is 'y' then all the symbols from crypto will be 'y').

I looked at other drivers where they have similar situation and it seems like solution is same as what I have used above.


-Brijesh