1 files changed, 30 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index d23c839038f0..edc7cbdc012a 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -113,6 +113,36 @@ config SECURITY_ROOTPLUG
          If you are unsure how to answer this question, answer N.
+config INTEL_TXT
+        bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
+        depends on EXPERIMENTAL && X86 && DMAR && ACPI
+        help
+          This option enables support for booting the kernel with the
+          Trusted Boot (tboot) module. This will utilize
+          Intel(R) Trusted Execution Technology to perform a measured launch
+          of the kernel. If the system does not support Intel(R) TXT, this
+          will have no effect.
+          Intel TXT will provide higher assurance of sysem configuration and
+          initial state as well as data reset protection.  This is used to
+          create a robust initial kernel measurement and verification, which
+          helps to ensure that kernel security mechanisms are functioning
+          correctly. This level of protection requires a root of trust outside
+          of the kernel itself.
+          Intel TXT also helps solve real end user concerns about having
+          confidence that their hardware is running the VMM or kernel that
+          it was conigured with, especially since they may be responsible for
+          providing such assurances to VMs and services running on it.
+          See <http://www.intel.com/technology/security/> for more information
+          about Intel(R) TXT.
+          See <http://tboot.sourceforge.net> for more information about tboot.
+          See Documentation/intel_txt.txt for a description of how to enable
+          Intel TXT support in a kernel boot.
+          If you are unsure as to whether this is required, answer N.
 source security/selinux/Kconfig
 source security/smack/Kconfig
 source security/tomoyo/Kconfig

diff --git a/security/Kconfig b/security/Kconfig index d23c839038f0..edc7cbdc012a 100644 --- a/security/Kconfig +++ b/security/Kconfig
@@ -113,6 +113,36 @@ config SECURITY_ROOTPLUG
113		113
114	If you are unsure how to answer this question, answer N.	114	If you are unsure how to answer this question, answer N.
115		115
		116	config INTEL_TXT
		117	bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
		118	depends on EXPERIMENTAL && X86 && DMAR && ACPI
		119	help
		120	This option enables support for booting the kernel with the
		121	Trusted Boot (tboot) module. This will utilize
		122	Intel(R) Trusted Execution Technology to perform a measured launch
		123	of the kernel. If the system does not support Intel(R) TXT, this
		124	will have no effect.
		125
		126	Intel TXT will provide higher assurance of sysem configuration and
		127	initial state as well as data reset protection. This is used to
		128	create a robust initial kernel measurement and verification, which
		129	helps to ensure that kernel security mechanisms are functioning
		130	correctly. This level of protection requires a root of trust outside
		131	of the kernel itself.
		132
		133	Intel TXT also helps solve real end user concerns about having
		134	confidence that their hardware is running the VMM or kernel that
		135	it was conigured with, especially since they may be responsible for
		136	providing such assurances to VMs and services running on it.
		137
		138	See <http://www.intel.com/technology/security/> for more information
		139	about Intel(R) TXT.
		140	See <http://tboot.sourceforge.net> for more information about tboot.
		141	See Documentation/intel_txt.txt for a description of how to enable
		142	Intel TXT support in a kernel boot.
		143
		144	If you are unsure as to whether this is required, answer N.
		145
116	source security/selinux/Kconfig	146	source security/selinux/Kconfig
117	source security/smack/Kconfig	147	source security/smack/Kconfig
118	source security/tomoyo/Kconfig	148	source security/tomoyo/Kconfig