On 6/3/2023 9:37 AM, Borislav Petkov wrote:
On Sat, Jun 03, 2023 at 08:22:24AM -0700, Chang S. Bae wrote:+static __init int x86_nokeylocker_setup(char *arg) +{ + /* Expect an exact match without trailing characters. */ + if (strlen(arg)) + return 0; + + if (!cpu_feature_enabled(X86_FEATURE_KEYLOCKER)) + return 1; + + setup_clear_cpu_cap(X86_FEATURE_KEYLOCKER); + pr_info("x86/keylocker: Disabled by kernel command line.\n"); + return 1; +} +__setup("nokeylocker", x86_nokeylocker_setup);Can we stop adding those just to remove them at some point later but simply do: clearcpuid=keylocker ?
Oh, I was not sure about this policy. Thanks, now I'm glad that I have confidence in removing this.
Chang
