I don't have a strong opinion on whether we need this or not. Protection Keys has relatively little code associated with it, and it is not a heavyweight feature to keep enabled. However, I can imagine that folks would still appreciate being able to disable it. Here's the option if folks want it. --- b/arch/x86/Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) diff -puN arch/x86/Kconfig~pkeys-40-kconfig-prompt arch/x86/Kconfig --- a/arch/x86/Kconfig~pkeys-40-kconfig-prompt 2015-09-16 10:48:19.287329737 -0700 +++ b/arch/x86/Kconfig 2015-09-16 10:48:19.291329919 -0700 @@ -1696,8 +1696,18 @@ config X86_INTEL_MPX If unsure, say N. config X86_INTEL_MEMORY_PROTECTION_KEYS + prompt "Intel Memory Protection Keys" def_bool y + # Note: only available in 64-bit mode depends on CPU_SUP_INTEL && X86_64 + ---help--- + Memory Protection Keys provides a mechanism for enforcing + page-based protections, but without requiring modification of the + page tables when an application changes protection domains. + + For details, see Documentation/x86/protection-keys.txt + + If unsure, say y. config EFI bool "EFI runtime service support" _ -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>