Re: [RFC PATCH 01/12] x86: Secure Launch Kconfig

From: Daniel Kiper
Date: Thu Mar 26 2020 - 14:07:30 EST


On Wed, Mar 25, 2020 at 03:43:06PM -0400, Ross Philipson wrote:
> Initial bits to bring in Secure Launch functionality. Add Kconfig
> options for compiling in/out the Secure Launch code.
>
> Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx>
> ---
> arch/x86/Kconfig | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 5e8949953660..7f3406a9948b 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -2014,6 +2014,17 @@ config EFI_MIXED
>
> If unsure, say N.
>
> +config SECURE_LAUNCH
> + bool "Secure Launch support"
> + default n
> + depends on X86_64
> + help
> + This Secure Launch kernel feature allows a bzImage to be loaded
> + directly through Intel TXT or AMD SKINIT measured launch. This

I think that you should drop AMD SKINIT from here. This should be added
when AMD secure launch implementation is added.

...and why we need this as separate patch? Could not we add this in
a patch which uses CONFIG_SECURE_LAUNCH for first time?

Daniel