On 3/26/20 2:06 PM, Daniel Kiper wrote: > On Wed, Mar 25, 2020 at 03:43:06PM -0400, Ross Philipson wrote: >> Initial bits to bring in Secure Launch functionality. Add Kconfig >> options for compiling in/out the Secure Launch code. >> >> Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx> >> --- >> arch/x86/Kconfig | 11 +++++++++++ >> 1 file changed, 11 insertions(+) >> >> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >> index 5e8949953660..7f3406a9948b 100644 >> --- a/arch/x86/Kconfig >> +++ b/arch/x86/Kconfig >> @@ -2014,6 +2014,17 @@ config EFI_MIXED >> >> If unsure, say N. >> >> +config SECURE_LAUNCH >> + bool "Secure Launch support" >> + default n >> + depends on X86_64 >> + help >> + This Secure Launch kernel feature allows a bzImage to be loaded >> + directly through Intel TXT or AMD SKINIT measured launch. This > > I think that you should drop AMD SKINIT from here. This should be added > when AMD secure launch implementation is added. Yea will do. > > ...and why we need this as separate patch? Could not we add this in > a patch which uses CONFIG_SECURE_LAUNCH for first time? So it used to be part of a bigger patch but it ended up shrinking down to this when kernel_info was introduced. The first patch to use it is the SHA patch but that seems a weird place to introduce it. Will have to think about it... > > Daniel >
