From: Jonathan M. <jon...@cm...> - 2011-01-21 18:39:29
|
This patch makes the documentation slightly more explicit about how to enable Intel TXT support in the kernel, and adds two dependencies to the relevant option in Kconfig. Without this patch it is difficult to determine how to enable Intel TXT support without some knowledge of Kconfig. Signed-off-by: Jonathan McCune <jon...@cm...> --- Documentation/intel_txt.txt | 4 +++- security/Kconfig | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt index 849de1a..8487f76 100644 --- a/Documentation/intel_txt.txt +++ b/Documentation/intel_txt.txt @@ -196,7 +196,9 @@ Execution Technology (TXT)". It is marked as EXPERIMENTAL and depends on the generic x86 support (to allow maximum flexibility in kernel build options), since the tboot code will detect whether the platform actually supports Intel TXT and thus whether any of the -kernel code is executed. +kernel code is executed. The kernel option for enabling Intel TXT +support will only appear if its dependencies are also enabled. +These are CONFIG_DMAR and CONFIG_PCI_MSI. The Q35_SINIT_17.BIN file is what Intel TXT refers to as an Authenticated Code Module. It is specific to the chipset in the diff --git a/security/Kconfig b/security/Kconfig index 95accd4..5fd4e35 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -136,7 +136,7 @@ config SECURITY_PATH config INTEL_TXT bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" - depends on HAVE_INTEL_TXT + depends on HAVE_INTEL_TXT && EXPERIMENTAL && DMAR && ACPI help This option enables support for booting the kernel with the Trusted Boot (tboot) module. This will utilize -- 1.5.6.5 |