On 06/26/2018 07:22 AM, Kirill A. Shutemov wrote: > Add new config option to enabled/disable Multi-Key Total Memory > Encryption support. > > MKTME uses MEMORY_PHYSICAL_PADDING to reserve enough space in per-KeyID > direct mappings for memory hotplug. > > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> > --- > arch/x86/Kconfig | 19 ++++++++++++++++++- > 1 file changed, 18 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index fa5e1ec09247..9a843bd63108 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -1523,6 +1523,23 @@ config ARCH_USE_MEMREMAP_PROT > def_bool y > depends on AMD_MEM_ENCRYPT > > +config X86_INTEL_MKTME > + bool "Intel Multi-Key Total Memory Encryption" > + select DYNAMIC_PHYSICAL_MASK > + select PAGE_EXTENSION > + depends on X86_64 && CPU_SUP_INTEL > + ---help--- > + Say yes to enable support for Multi-Key Total Memory Encryption. > + This requires an Intel processor that has support of the feature. > + > + Multikey Total Memory Encryption (MKTME) is a technology that allows > + transparent memory encryption in and upcoming Intel platforms. huh? Maybe drop the "and"? > + > + MKTME is built on top of TME. TME allows encryption of the entirety > + of system memory using a single key. MKTME allows having multiple > + encryption domains, each having own key -- different memory pages can > + be encrypted with different keys. > + > # Common NUMA Features > config NUMA > bool "Numa Memory Allocation and Scheduler Support" > @@ -2199,7 +2216,7 @@ config RANDOMIZE_MEMORY > > config MEMORY_PHYSICAL_PADDING > hex "Physical memory mapping padding" if EXPERT > - depends on RANDOMIZE_MEMORY > + depends on RANDOMIZE_MEMORY || X86_INTEL_MKTME > default "0xa" if MEMORY_HOTPLUG > default "0x0" > range 0x1 0x40 if MEMORY_HOTPLUG > -- ~Randy
