| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110121105859.7ea78d6c.rdunlap@xenotime.net> Date: Fri, 21 Jan 2011 10:58:59 -0800 From: Randy Dunlap <rdunlap@...otime.net> To: Jonathan McCune <jonmccune@....edu> Cc: linux-kernel@...r.kernel.org, tboot-devel@...ts.sourceforge.net, trivial@...nel.org Subject: Re: [PATCH, TRIVIAL] Add more explicit dependencies for CONFIG_INTEL_TXT On Fri, 21 Jan 2011 13:39:19 -0500 Jonathan McCune wrote: > This patch makes the documentation slightly more explicit about how to > enable Intel TXT support in the kernel, and adds two dependencies to > the relevant option in Kconfig. Without this patch it is difficult to > determine how to enable Intel TXT support without some knowledge of > Kconfig. > > Signed-off-by: Jonathan McCune <jonmccune@....edu> > > --- > Documentation/intel_txt.txt | 4 +++- > security/Kconfig | 2 +- > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt > index 849de1a..8487f76 100644 > --- a/Documentation/intel_txt.txt > +++ b/Documentation/intel_txt.txt > @@ -196,7 +196,9 @@ Execution Technology (TXT)". It is marked as > EXPERIMENTAL and > depends on the generic x86 support (to allow maximum flexibility in > kernel build options), since the tboot code will detect whether the > platform actually supports Intel TXT and thus whether any of the > -kernel code is executed. > +kernel code is executed. The kernel option for enabling Intel TXT > +support will only appear if its dependencies are also enabled. > +These are CONFIG_DMAR and CONFIG_PCI_MSI. Shouldn't that comment match the "depends on" line below?? > The Q35_SINIT_17.BIN file is what Intel TXT refers to as an > Authenticated Code Module. It is specific to the chipset in the > diff --git a/security/Kconfig b/security/Kconfig > index 95accd4..5fd4e35 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -136,7 +136,7 @@ config SECURITY_PATH > > config INTEL_TXT > bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" > - depends on HAVE_INTEL_TXT > + depends on HAVE_INTEL_TXT && EXPERIMENTAL && DMAR && ACPI > help > This option enables support for booting the kernel with the > Trusted Boot (tboot) module. This will utilize > -- --- ~Randy *** Remember to use Documentation/SubmitChecklist when testing your code *** -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists