[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] x86: add a tboot Kconfig option

commit 739111b3114a6506b2b7daae423e2fde07ef4775
Author:     Derek Straka <derek@xxxxxxxxxxx>
AuthorDate: Fri Aug 19 17:02:27 2016 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Aug 19 17:02:27 2016 +0200

    x86: add a tboot Kconfig option
    
    Allows for the conditional inclusion of tboot related functionality
    via Kconfig
    
    The default configuration for the new CONFIG_TBOOT option is 'y', so the
    behavior out of the box remains unchanged.  The addition of the option 
allows
    advanced users to disable system behaviors associated with tboot at compile
    time rather than relying on the run-time detection and configuration.
    
    The CONFIG_CRYPTO option is 'n' by default and selected by the individual 
users
    that require the functionality.  Currently, the only user is tboot.
    
    Signed-off-by: Derek Straka <derek@xxxxxxxxxxx>
    Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
---
 xen/Rules.mk                |  2 +-
 xen/arch/x86/Kconfig        | 11 +++++++++++
 xen/arch/x86/Makefile       |  2 +-
 xen/common/Kconfig          |  3 +++
 xen/include/asm-x86/tboot.h | 19 +++++++++++++++++++
 5 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/xen/Rules.mk b/xen/Rules.mk
index ebe1dc0..a190ff0 100644
--- a/xen/Rules.mk
+++ b/xen/Rules.mk
@@ -44,7 +44,7 @@ ALL_OBJS-y               += $(BASEDIR)/common/built_in.o
 ALL_OBJS-y               += $(BASEDIR)/drivers/built_in.o
 ALL_OBJS-y               += $(BASEDIR)/xsm/built_in.o
 ALL_OBJS-y               += $(BASEDIR)/arch/$(TARGET_ARCH)/built_in.o
-ALL_OBJS-$(CONFIG_X86)   += $(BASEDIR)/crypto/built_in.o
+ALL_OBJS-$(CONFIG_CRYPTO)   += $(BASEDIR)/crypto/built_in.o
 
 CFLAGS += -nostdinc -fno-builtin -fno-common
 CFLAGS += -Werror -Wredundant-decls -Wno-pointer-arith
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index c1e9279..265fd79 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -76,6 +76,17 @@ config HVM_FEP
          for use in production.
 
          If unsure, say N.
+
+config TBOOT
+       def_bool y
+       prompt "Xen tboot support" if EXPERT = "y"
+       depends on X86
+       select CRYPTO
+       ---help---
+         Allows support for Trusted Boot using the Intel(R) Trusted Execution
+         Technology (TXT)
+
+         If unsure, say Y.
 endmenu
 
 source "common/Kconfig"
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index b18f033..5b9e9da 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -62,7 +62,7 @@ obj-y += trace.o
 obj-y += traps.o
 obj-y += usercopy.o
 obj-y += x86_emulate.o
-obj-y += tboot.o
+obj-$(CONFIG_TBOOT) += tboot.o
 obj-y += hpet.o
 obj-y += vm_event.o
 obj-y += xstate.o
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 51afa24..befa30e 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -218,6 +218,9 @@ config SCHED_DEFAULT
 
 endmenu
 
+config CRYPTO
+       bool
+
 # Enable/Disable live patching support
 config LIVEPATCH
        bool "Live patching support (TECH PREVIEW)"
diff --git a/xen/include/asm-x86/tboot.h b/xen/include/asm-x86/tboot.h
index d242862..bfeed15 100644
--- a/xen/include/asm-x86/tboot.h
+++ b/xen/include/asm-x86/tboot.h
@@ -119,6 +119,7 @@ typedef struct __packed {
 
 extern tboot_shared_t *g_tboot_shared;
 
+#ifdef CONFIG_TBOOT
 void tboot_probe(void);
 void tboot_shutdown(uint32_t shutdown_type);
 int tboot_in_measured_env(void);
@@ -127,6 +128,24 @@ int tboot_parse_dmar_table(acpi_table_handler 
dmar_handler);
 int tboot_s3_resume(void);
 void tboot_s3_error(int error);
 int tboot_wake_ap(int apicid, unsigned long sipi_vec);
+#else
+static inline void tboot_probe(void) {}
+static inline void tboot_shutdown(uint32_t shutdown_type) {}
+static inline int tboot_in_measured_env(void) { return 0; }
+static inline int tboot_protect_mem_regions(void) { return 1; }
+
+static inline int tboot_parse_dmar_table(acpi_table_handler dmar_handler)
+{
+    return acpi_table_parse(ACPI_SIG_DMAR, dmar_handler);
+}
+
+static inline int tboot_s3_resume(void) { return 0; }
+static inline void tboot_s3_error(int error) {}
+static inline int tboot_wake_ap(int apicid, unsigned long sipi_vec)
+{
+    return 1;
+}
+#endif /* CONFIG_TBOOT */
 
 #endif /* __TBOOT_H__ */
 
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.