lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTi=0W3hZs6bsCwttg9BBgoQs0v-qVO5x5UPnNM+k@mail.gmail.com>
Date:	Fri, 21 Jan 2011 13:39:19 -0500
From:	Jonathan McCune <jonmccune@....edu>
To:	linux-kernel@...r.kernel.org
Cc:	tboot-devel@...ts.sourceforge.net, trivial@...nel.org
Subject: [PATCH, TRIVIAL] Add more explicit dependencies for CONFIG_INTEL_TXT

This patch makes the documentation slightly more explicit about how to
enable Intel TXT support in the kernel, and adds two dependencies to
the relevant option in Kconfig.  Without this patch it is difficult to
determine how to enable Intel TXT support without some knowledge of
Kconfig.

Signed-off-by: Jonathan McCune <jonmccune@....edu>

---
 Documentation/intel_txt.txt |    4 +++-
 security/Kconfig            |    2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt
index 849de1a..8487f76 100644
--- a/Documentation/intel_txt.txt
+++ b/Documentation/intel_txt.txt
@@ -196,7 +196,9 @@ Execution Technology (TXT)".  It is marked as
EXPERIMENTAL and
 depends on the generic x86 support (to allow maximum flexibility in
 kernel build options), since the tboot code will detect whether the
 platform actually supports Intel TXT and thus whether any of the
-kernel code is executed.
+kernel code is executed. The kernel option for enabling Intel TXT
+support will only appear if its dependencies are also enabled.
+These are CONFIG_DMAR and CONFIG_PCI_MSI.

 The Q35_SINIT_17.BIN file is what Intel TXT refers to as an
 Authenticated Code Module.  It is specific to the chipset in the
diff --git a/security/Kconfig b/security/Kconfig
index 95accd4..5fd4e35 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -136,7 +136,7 @@ config SECURITY_PATH

 config INTEL_TXT
 	bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
-	depends on HAVE_INTEL_TXT
+	depends on HAVE_INTEL_TXT && EXPERIMENTAL && DMAR && ACPI
 	help
 	  This option enables support for booting the kernel with the
 	  Trusted Boot (tboot) module. This will utilize
-- 
1.5.6.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ