Initial bits to bring in Secure Launch functionality. Add Kconfig options for compiling in/out the Secure Launch code. Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx> --- arch/x86/Kconfig | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 5e8949953660..7f3406a9948b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2014,6 +2014,17 @@ config EFI_MIXED If unsure, say N. +config SECURE_LAUNCH + bool "Secure Launch support" + default n + depends on X86_64 + help + This Secure Launch kernel feature allows a bzImage to be loaded + directly through Intel TXT or AMD SKINIT measured launch. This + allows extablishing a Dynamic Root of Trust Measurement (DRTM) + of all the modules and configuration information used for + boooting the operating system. + config SECCOMP def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" -- 2.25.1
