Merge branch 'x86-txt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'x86-txt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86, intel_txt: clean up the impact on generic code, unbreak non-x86 x86, intel_txt: Handle ACPI_SLEEP without X86_TRAMPOLINE x86, intel_txt: Fix typos in Kconfig help x86, intel_txt: Factor out the code for S3 setup x86, intel_txt: tboot.c needs <asm/fixmap.h> intel_txt: Force IOMMU on for Intel TXT launch x86, intel_txt: Intel TXT Sx shutdown support x86, intel_txt: Intel TXT reboot/halt shutdown support x86, intel_txt: Intel TXT boot support
author: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-15 12:19:20 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-15 12:19:20 -0400
commit: 1aaf2e59135fd67321f47c11c64a54aac27014e9 (patch)
tree: 633ffa4db3ac6e8d566cba549510561ffd61d8f4 /security
parent: 66a4fe0cb80a9fde8cb173289afb863fd279466a (diff)
parent: 936e894a976dd3b0f07f1f6f43c17b77b7e6146d (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 4c865345caa0..fb363cd81cf6 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -113,6 +113,36 @@ config SECURITY_ROOTPLUG
          If you are unsure how to answer this question, answer N.
+config INTEL_TXT
+        bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
+        depends on HAVE_INTEL_TXT
+        help
+          This option enables support for booting the kernel with the
+          Trusted Boot (tboot) module. This will utilize
+          Intel(R) Trusted Execution Technology to perform a measured launch
+          of the kernel. If the system does not support Intel(R) TXT, this
+          will have no effect.
+          Intel TXT will provide higher assurance of system configuration and
+          initial state as well as data reset protection.  This is used to
+          create a robust initial kernel measurement and verification, which
+          helps to ensure that kernel security mechanisms are functioning
+          correctly. This level of protection requires a root of trust outside
+          of the kernel itself.
+          Intel TXT also helps solve real end user concerns about having
+          confidence that their hardware is running the VMM or kernel that
+          it was configured with, especially since they may be responsible for
+          providing such assurances to VMs and services running on it.
+          See <http://www.intel.com/technology/security/> for more information
+          about Intel(R) TXT.
+          See <http://tboot.sourceforge.net> for more information about tboot.
+          See Documentation/intel_txt.txt for a description of how to enable
+          Intel TXT support in a kernel boot.
+          If you are unsure as to whether this is required, answer N.
 config LSM_MMAP_MIN_ADDR
        int "Low address space for LSM to protect from user allocation"
        depends on SECURITY && SECURITY_SELINUX
author	Linus Torvalds <torvalds@linux-foundation.org>	2009-09-15 12:19:20 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2009-09-15 12:19:20 -0400
commit	1aaf2e59135fd67321f47c11c64a54aac27014e9 (patch)
tree	633ffa4db3ac6e8d566cba549510561ffd61d8f4 /security
parent	66a4fe0cb80a9fde8cb173289afb863fd279466a (diff)
parent	936e894a976dd3b0f07f1f6f43c17b77b7e6146d (diff)

diff --git a/security/Kconfig b/security/Kconfig index 4c865345caa0..fb363cd81cf6 100644 --- a/security/Kconfig +++ b/security/Kconfig
@@ -113,6 +113,36 @@ config SECURITY_ROOTPLUG
113		113
114	If you are unsure how to answer this question, answer N.	114	If you are unsure how to answer this question, answer N.
115		115
		116	config INTEL_TXT
		117	bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
		118	depends on HAVE_INTEL_TXT
		119	help
		120	This option enables support for booting the kernel with the
		121	Trusted Boot (tboot) module. This will utilize
		122	Intel(R) Trusted Execution Technology to perform a measured launch
		123	of the kernel. If the system does not support Intel(R) TXT, this
		124	will have no effect.
		125
		126	Intel TXT will provide higher assurance of system configuration and
		127	initial state as well as data reset protection. This is used to
		128	create a robust initial kernel measurement and verification, which
		129	helps to ensure that kernel security mechanisms are functioning
		130	correctly. This level of protection requires a root of trust outside
		131	of the kernel itself.
		132
		133	Intel TXT also helps solve real end user concerns about having
		134	confidence that their hardware is running the VMM or kernel that
		135	it was configured with, especially since they may be responsible for
		136	providing such assurances to VMs and services running on it.
		137
		138	See <http://www.intel.com/technology/security/> for more information
		139	about Intel(R) TXT.
		140	See <http://tboot.sourceforge.net> for more information about tboot.
		141	See Documentation/intel_txt.txt for a description of how to enable
		142	Intel TXT support in a kernel boot.
		143
		144	If you are unsure as to whether this is required, answer N.
		145
116	config LSM_MMAP_MIN_ADDR	146	config LSM_MMAP_MIN_ADDR
117	int "Low address space for LSM to protect from user allocation"	147	int "Low address space for LSM to protect from user allocation"
118	depends on SECURITY && SECURITY_SELINUX	148	depends on SECURITY && SECURITY_SELINUX