1 files changed, 45 insertions, 0 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index d6e1faa28c58..8ef85139553f 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1940,6 +1940,51 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS
          If unsure, say y.
+choice
+        prompt "TSX enable mode"
+        depends on CPU_SUP_INTEL
+        default X86_INTEL_TSX_MODE_OFF
+        help
+          Intel's TSX (Transactional Synchronization Extensions) feature
+          allows to optimize locking protocols through lock elision which
+          can lead to a noticeable performance boost.
+          On the other hand it has been shown that TSX can be exploited
+          to form side channel attacks (e.g. TAA) and chances are there
+          will be more of those attacks discovered in the future.
+          Therefore TSX is not enabled by default (aka tsx=off). An admin
+          might override this decision by tsx=on the command line parameter.
+          Even with TSX enabled, the kernel will attempt to enable the best
+          possible TAA mitigation setting depending on the microcode available
+          for the particular machine.
+          This option allows to set the default tsx mode between tsx=on, =off
+          and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
+          details.
+          Say off if not sure, auto if TSX is in use but it should be used on safe
+          platforms or on if TSX is in use and the security aspect of tsx is not
+          relevant.
+config X86_INTEL_TSX_MODE_OFF
+        bool "off"
+        help
+          TSX is disabled if possible - equals to tsx=off command line parameter.
+config X86_INTEL_TSX_MODE_ON
+        bool "on"
+        help
+          TSX is always enabled on TSX capable HW - equals the tsx=on command
+          line parameter.
+config X86_INTEL_TSX_MODE_AUTO
+        bool "auto"
+        help
+          TSX is enabled on TSX capable HW that is believed to be safe against
+          side channel attacks- equals the tsx=auto command line parameter.
+endchoice
 config EFI
        bool "EFI runtime service support"
        depends on ACPI

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index d6e1faa28c58..8ef85139553f 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig
@@ -1940,6 +1940,51 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS
1940		1940
1941	If unsure, say y.	1941	If unsure, say y.
1942		1942
		1943	choice
		1944	prompt "TSX enable mode"
		1945	depends on CPU_SUP_INTEL
		1946	default X86_INTEL_TSX_MODE_OFF
		1947	help
		1948	Intel's TSX (Transactional Synchronization Extensions) feature
		1949	allows to optimize locking protocols through lock elision which
		1950	can lead to a noticeable performance boost.
		1951
		1952	On the other hand it has been shown that TSX can be exploited
		1953	to form side channel attacks (e.g. TAA) and chances are there
		1954	will be more of those attacks discovered in the future.
		1955
		1956	Therefore TSX is not enabled by default (aka tsx=off). An admin
		1957	might override this decision by tsx=on the command line parameter.
		1958	Even with TSX enabled, the kernel will attempt to enable the best
		1959	possible TAA mitigation setting depending on the microcode available
		1960	for the particular machine.
		1961
		1962	This option allows to set the default tsx mode between tsx=on, =off
		1963	and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
		1964	details.
		1965
		1966	Say off if not sure, auto if TSX is in use but it should be used on safe
		1967	platforms or on if TSX is in use and the security aspect of tsx is not
		1968	relevant.
		1969
		1970	config X86_INTEL_TSX_MODE_OFF
		1971	bool "off"
		1972	help
		1973	TSX is disabled if possible - equals to tsx=off command line parameter.
		1974
		1975	config X86_INTEL_TSX_MODE_ON
		1976	bool "on"
		1977	help
		1978	TSX is always enabled on TSX capable HW - equals the tsx=on command
		1979	line parameter.
		1980
		1981	config X86_INTEL_TSX_MODE_AUTO
		1982	bool "auto"
		1983	help
		1984	TSX is enabled on TSX capable HW that is believed to be safe against
		1985	side channel attacks- equals the tsx=auto command line parameter.
		1986	endchoice
		1987
1943	config EFI	1988	config EFI
1944	bool "EFI runtime service support"	1989	bool "EFI runtime service support"
1945	depends on ACPI	1990	depends on ACPI