* [PATCHv2] x86: Add a tboot Kconfig option
@ 2016-08-18 23:44 Derek Straka
2016-08-19 0:04 ` Doug Goldstein
0 siblings, 1 reply; 3+ messages in thread
From: Derek Straka @ 2016-08-18 23:44 UTC (permalink / raw)
To: xen-devel
Cc: Derek Straka, andrew.cooper3, cardoe, jbeulich, shane.wang, gang.wei
Allows for the conditional inclusion of tboot related functionality
via Kconfig
The default configuration for the new CONFIG_TBOOT option is 'y', so the
behavior out of the box remains unchanged. The addition of the option allows
advanced users to disable system behaviors associated with tboot at compile
time rather than relying on the run-time detection and configuration.
The CONFIG_CRYPTO option is 'n' by default and selected by the individual users
that require the functionality. Currently, the only user is tboot.
Signed-off-by: Derek Straka <derek@asterius.io>
---
xen/Rules.mk | 2 +-
xen/arch/x86/Kconfig | 11 +++++++++++
xen/arch/x86/Makefile | 2 +-
xen/common/Kconfig | 4 ++++
xen/include/asm-x86/tboot.h | 16 ++++++++++++++++
5 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/xen/Rules.mk b/xen/Rules.mk
index ebe1dc0..a190ff0 100644
--- a/xen/Rules.mk
+++ b/xen/Rules.mk
@@ -44,7 +44,7 @@ ALL_OBJS-y += $(BASEDIR)/common/built_in.o
ALL_OBJS-y += $(BASEDIR)/drivers/built_in.o
ALL_OBJS-y += $(BASEDIR)/xsm/built_in.o
ALL_OBJS-y += $(BASEDIR)/arch/$(TARGET_ARCH)/built_in.o
-ALL_OBJS-$(CONFIG_X86) += $(BASEDIR)/crypto/built_in.o
+ALL_OBJS-$(CONFIG_CRYPTO) += $(BASEDIR)/crypto/built_in.o
CFLAGS += -nostdinc -fno-builtin -fno-common
CFLAGS += -Werror -Wredundant-decls -Wno-pointer-arith
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index c1e9279..265fd79 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -76,6 +76,17 @@ config HVM_FEP
for use in production.
If unsure, say N.
+
+config TBOOT
+ def_bool y
+ prompt "Xen tboot support" if EXPERT = "y"
+ depends on X86
+ select CRYPTO
+ ---help---
+ Allows support for Trusted Boot using the Intel(R) Trusted Execution
+ Technology (TXT)
+
+ If unsure, say Y.
endmenu
source "common/Kconfig"
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index b18f033..5b9e9da 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -62,7 +62,7 @@ obj-y += trace.o
obj-y += traps.o
obj-y += usercopy.o
obj-y += x86_emulate.o
-obj-y += tboot.o
+obj-$(CONFIG_TBOOT) += tboot.o
obj-y += hpet.o
obj-y += vm_event.o
obj-y += xstate.o
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 51afa24..e2dd89f 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -218,6 +218,10 @@ config SCHED_DEFAULT
endmenu
+config CRYPTO
+ bool
+ default n
+
# Enable/Disable live patching support
config LIVEPATCH
bool "Live patching support (TECH PREVIEW)"
diff --git a/xen/include/asm-x86/tboot.h b/xen/include/asm-x86/tboot.h
index d242862..59ed449 100644
--- a/xen/include/asm-x86/tboot.h
+++ b/xen/include/asm-x86/tboot.h
@@ -119,6 +119,7 @@ typedef struct __packed {
extern tboot_shared_t *g_tboot_shared;
+#ifdef CONFIG_TBOOT
void tboot_probe(void);
void tboot_shutdown(uint32_t shutdown_type);
int tboot_in_measured_env(void);
@@ -127,6 +128,21 @@ int tboot_parse_dmar_table(acpi_table_handler dmar_handler);
int tboot_s3_resume(void);
void tboot_s3_error(int error);
int tboot_wake_ap(int apicid, unsigned long sipi_vec);
+#else
+static inline void tboot_probe(void) {}
+static inline void tboot_shutdown(uint32_t shutdown_type) {}
+static inline int tboot_in_measured_env(void) { return 0; }
+static inline int tboot_protect_mem_regions(void) { return 1; }
+
+static inline int tboot_parse_dmar_table(acpi_table_handler dmar_handler)
+{
+ return acpi_table_parse(ACPI_SIG_DMAR, dmar_handler);
+}
+
+static inline int tboot_s3_resume(void) { return 0; }
+static inline void tboot_s3_error(int error) {}
+static inline int tboot_wake_ap(int apicid, unsigned long sipi_vec) { return 1; }
+#endif /* CONFIG_TBOOT */
#endif /* __TBOOT_H__ */
--
1.9.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCHv2] x86: Add a tboot Kconfig option
2016-08-18 23:44 [PATCHv2] x86: Add a tboot Kconfig option Derek Straka
@ 2016-08-19 0:04 ` Doug Goldstein
2016-08-19 7:47 ` Jan Beulich
0 siblings, 1 reply; 3+ messages in thread
From: Doug Goldstein @ 2016-08-19 0:04 UTC (permalink / raw)
To: Derek Straka, xen-devel; +Cc: andrew.cooper3, gang.wei, jbeulich, shane.wang
[-- Attachment #1.1.1: Type: text/plain, Size: 877 bytes --]
On 8/18/16 6:44 PM, Derek Straka wrote:
> Allows for the conditional inclusion of tboot related functionality
> via Kconfig
>
> The default configuration for the new CONFIG_TBOOT option is 'y', so the
> behavior out of the box remains unchanged. The addition of the option allows
> advanced users to disable system behaviors associated with tboot at compile
> time rather than relying on the run-time detection and configuration.
>
> The CONFIG_CRYPTO option is 'n' by default and selected by the individual users
> that require the functionality. Currently, the only user is tboot.
>
> Signed-off-by: Derek Straka <derek@asterius.io>
> ---
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
>
> +config CRYPTO
> + bool
> + default n
> +
If a v3 happens (or the committer wants to change it) this can be
"def_bool n".
--
Doug Goldstein
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 959 bytes --]
[-- Attachment #2: Type: text/plain, Size: 127 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCHv2] x86: Add a tboot Kconfig option
2016-08-19 0:04 ` Doug Goldstein
@ 2016-08-19 7:47 ` Jan Beulich
0 siblings, 0 replies; 3+ messages in thread
From: Jan Beulich @ 2016-08-19 7:47 UTC (permalink / raw)
To: Derek Straka, Doug Goldstein
Cc: andrew.cooper3, xen-devel, gang.wei, shane.wang
>>> On 19.08.16 at 02:04, <cardoe@cardoe.com> wrote:
> On 8/18/16 6:44 PM, Derek Straka wrote:
>> Allows for the conditional inclusion of tboot related functionality
>> via Kconfig
>>
>> The default configuration for the new CONFIG_TBOOT option is 'y', so the
>> behavior out of the box remains unchanged. The addition of the option
> allows
>> advanced users to disable system behaviors associated with tboot at compile
>> time rather than relying on the run-time detection and configuration.
>>
>> The CONFIG_CRYPTO option is 'n' by default and selected by the individual
> users
>> that require the functionality. Currently, the only user is tboot.
>>
>> Signed-off-by: Derek Straka <derek@asterius.io>
>> ---
>
> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
>
>
>>
>> +config CRYPTO
>> + bool
>> + default n
>> +
>
> If a v3 happens (or the committer wants to change it) this can be
> "def_bool n".
This isn't just a "can be", nor should it become def_bool. Defaults
for select only options should be omitted altogether, so that when
a prompt gets added to them and nothing has previously selected
it, the user will be presented with a prompt instead of the already
recorded default of "no" getting used.
But yes, no v3 is needed, this line can easily be dropped while
committing.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-08-19 7:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-18 23:44 [PATCHv2] x86: Add a tboot Kconfig option Derek Straka
2016-08-19 0:04 ` Doug Goldstein
2016-08-19 7:47 ` Jan Beulich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.