[RFC PATCH 01/12] x86: Secure Launch Kconfig

From: Ross Philipson
Date: Wed Mar 25 2020 - 15:44:39 EST


Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.

Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx>
---
arch/x86/Kconfig | 11 +++++++++++
1 file changed, 11 insertions(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 5e8949953660..7f3406a9948b 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2014,6 +2014,17 @@ config EFI_MIXED

If unsure, say N.

+config SECURE_LAUNCH
+ bool "Secure Launch support"
+ default n
+ depends on X86_64
+ help
+ This Secure Launch kernel feature allows a bzImage to be loaded
+ directly through Intel TXT or AMD SKINIT measured launch. This
+ allows extablishing a Dynamic Root of Trust Measurement (DRTM)
+ of all the modules and configuration information used for
+ boooting the operating system.
+
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
--
2.25.1