| Kconfig (34069d12e239ae8f36dd96c378e4622fb1c42a76) | Kconfig (aba7e066c738d4b349413a271b2a236aa55bacbc) |
|---|---|
| 1# SPDX-License-Identifier: GPL-2.0 2# Select 32 or 64 bit 3config 64BIT 4 bool "64-bit kernel" if "$(ARCH)" = "x86" 5 default "$(ARCH)" != "i386" 6 help 7 Say yes to build a 64-bit kernel - formerly known as x86_64 8 Say no to build a 32-bit kernel - formerly known as i386 --- 88 unchanged lines hidden (view full) --- 97 select ARCH_HAS_STRICT_KERNEL_RWX 98 select ARCH_HAS_STRICT_MODULE_RWX 99 select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE 100 select ARCH_HAS_SYSCALL_WRAPPER 101 select ARCH_HAS_UBSAN_SANITIZE_ALL 102 select ARCH_HAS_DEBUG_WX 103 select ARCH_HAS_ZONE_DMA_SET if EXPERT 104 select ARCH_HAVE_NMI_SAFE_CMPXCHG | 1# SPDX-License-Identifier: GPL-2.0 2# Select 32 or 64 bit 3config 64BIT 4 bool "64-bit kernel" if "$(ARCH)" = "x86" 5 default "$(ARCH)" != "i386" 6 help 7 Say yes to build a 64-bit kernel - formerly known as x86_64 8 Say no to build a 32-bit kernel - formerly known as i386 --- 88 unchanged lines hidden (view full) --- 97 select ARCH_HAS_STRICT_KERNEL_RWX 98 select ARCH_HAS_STRICT_MODULE_RWX 99 select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE 100 select ARCH_HAS_SYSCALL_WRAPPER 101 select ARCH_HAS_UBSAN_SANITIZE_ALL 102 select ARCH_HAS_DEBUG_WX 103 select ARCH_HAS_ZONE_DMA_SET if EXPERT 104 select ARCH_HAVE_NMI_SAFE_CMPXCHG |
| 105 select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE |
|
| 105 select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI 106 select ARCH_MIGHT_HAVE_PC_PARPORT 107 select ARCH_MIGHT_HAVE_PC_SERIO 108 select ARCH_STACKWALK 109 select ARCH_SUPPORTS_ACPI 110 select ARCH_SUPPORTS_ATOMIC_RMW 111 select ARCH_SUPPORTS_DEBUG_PAGEALLOC 112 select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64 --- 10 unchanged lines hidden (view full) --- 123 select ARCH_USE_SYM_ANNOTATIONS 124 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH 125 select ARCH_WANT_DEFAULT_BPF_JIT if X86_64 126 select ARCH_WANTS_DYNAMIC_TASK_STRUCT 127 select ARCH_WANTS_NO_INSTR 128 select ARCH_WANT_GENERAL_HUGETLB 129 select ARCH_WANT_HUGE_PMD_SHARE 130 select ARCH_WANT_LD_ORPHAN_WARN | 106 select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI 107 select ARCH_MIGHT_HAVE_PC_PARPORT 108 select ARCH_MIGHT_HAVE_PC_SERIO 109 select ARCH_STACKWALK 110 select ARCH_SUPPORTS_ACPI 111 select ARCH_SUPPORTS_ATOMIC_RMW 112 select ARCH_SUPPORTS_DEBUG_PAGEALLOC 113 select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64 --- 10 unchanged lines hidden (view full) --- 124 select ARCH_USE_SYM_ANNOTATIONS 125 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH 126 select ARCH_WANT_DEFAULT_BPF_JIT if X86_64 127 select ARCH_WANTS_DYNAMIC_TASK_STRUCT 128 select ARCH_WANTS_NO_INSTR 129 select ARCH_WANT_GENERAL_HUGETLB 130 select ARCH_WANT_HUGE_PMD_SHARE 131 select ARCH_WANT_LD_ORPHAN_WARN |
| 131 select ARCH_WANT_OPTIMIZE_VMEMMAP if X86_64 | 132 select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 133 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64 |
| 132 select ARCH_WANTS_THP_SWAP if X86_64 133 select ARCH_HAS_PARANOID_L1D_FLUSH 134 select BUILDTIME_TABLE_SORT 135 select CLKEVT_I8253 136 select CLOCKSOURCE_VALIDATE_LAST_CYCLE 137 select CLOCKSOURCE_WATCHDOG 138 # Word-size accesses may read uninitialized data past the trailing \0 139 # in strings and cause false KMSAN reports. --- 1163 unchanged lines hidden (view full) --- 1303 Currently, the only fixup is for the Geode machines using 1304 CS5530A and CS5536 chipsets and the RDC R-321x SoC. 1305 1306 Say Y if you want to enable the fixup. Currently, it's safe to 1307 enable this option even if you don't need it. 1308 Say N otherwise. 1309 1310config MICROCODE | 134 select ARCH_WANTS_THP_SWAP if X86_64 135 select ARCH_HAS_PARANOID_L1D_FLUSH 136 select BUILDTIME_TABLE_SORT 137 select CLKEVT_I8253 138 select CLOCKSOURCE_VALIDATE_LAST_CYCLE 139 select CLOCKSOURCE_WATCHDOG 140 # Word-size accesses may read uninitialized data past the trailing \0 141 # in strings and cause false KMSAN reports. --- 1163 unchanged lines hidden (view full) --- 1305 Currently, the only fixup is for the Geode machines using 1306 CS5530A and CS5536 chipsets and the RDC R-321x SoC. 1307 1308 Say Y if you want to enable the fixup. Currently, it's safe to 1309 enable this option even if you don't need it. 1310 Say N otherwise. 1311 1312config MICROCODE |
| 1311 bool "CPU microcode loading support" 1312 default y | 1313 def_bool y |
| 1313 depends on CPU_SUP_AMD || CPU_SUP_INTEL | 1314 depends on CPU_SUP_AMD || CPU_SUP_INTEL |
| 1314 help 1315 If you say Y here, you will be able to update the microcode on 1316 Intel and AMD processors. The Intel support is for the IA32 family, 1317 e.g. Pentium Pro, Pentium II, Pentium III, Pentium 4, Xeon etc. The 1318 AMD support is for families 0x10 and later. You will obviously need 1319 the actual microcode binary data itself which is not shipped with 1320 the Linux kernel. | |
| 1321 | 1315 |
| 1322 The preferred method to load microcode from a detached initrd is described 1323 in Documentation/arch/x86/microcode.rst. For that you need to enable 1324 CONFIG_BLK_DEV_INITRD in order for the loader to be able to scan the 1325 initrd for microcode blobs. 1326 1327 In addition, you can build the microcode into the kernel. For that you 1328 need to add the vendor-supplied microcode to the CONFIG_EXTRA_FIRMWARE 1329 config option. 1330 1331config MICROCODE_INTEL 1332 bool "Intel microcode loading support" 1333 depends on CPU_SUP_INTEL && MICROCODE 1334 default MICROCODE 1335 help 1336 This options enables microcode patch loading support for Intel 1337 processors. 1338 1339 For the current Intel microcode data package go to 1340 <https://downloadcenter.intel.com> and search for 1341 'Linux Processor Microcode Data File'. 1342 1343config MICROCODE_AMD 1344 bool "AMD microcode loading support" 1345 depends on CPU_SUP_AMD && MICROCODE 1346 help 1347 If you select this option, microcode patch loading support for AMD 1348 processors will be enabled. 1349 | |
| 1350config MICROCODE_LATE_LOADING 1351 bool "Late microcode loading (DANGEROUS)" 1352 default n 1353 depends on MICROCODE 1354 help 1355 Loading microcode late, when the system is up and executing instructions 1356 is a tricky business and should be avoided if possible. Just the sequence 1357 of synchronizing all cores and SMT threads is one fragile dance which does --- 486 unchanged lines hidden (view full) --- 1844 # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 1845 # Clang/LLVM >= 14 1846 # https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f 1847 # https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332 1848 def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \ 1849 (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \ 1850 $(as-instr,endbr64) 1851 | 1316config MICROCODE_LATE_LOADING 1317 bool "Late microcode loading (DANGEROUS)" 1318 default n 1319 depends on MICROCODE 1320 help 1321 Loading microcode late, when the system is up and executing instructions 1322 is a tricky business and should be avoided if possible. Just the sequence 1323 of synchronizing all cores and SMT threads is one fragile dance which does --- 486 unchanged lines hidden (view full) --- 1810 # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 1811 # Clang/LLVM >= 14 1812 # https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f 1813 # https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332 1814 def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \ 1815 (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \ 1816 $(as-instr,endbr64) 1817 |
| 1818config X86_CET 1819 def_bool n 1820 help 1821 CET features configured (Shadow stack or IBT) 1822 |
|
| 1852config X86_KERNEL_IBT 1853 prompt "Indirect Branch Tracking" 1854 def_bool y 1855 depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL 1856 # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f 1857 depends on !LD_IS_LLD || LLD_VERSION >= 140000 1858 select OBJTOOL | 1823config X86_KERNEL_IBT 1824 prompt "Indirect Branch Tracking" 1825 def_bool y 1826 depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL 1827 # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f 1828 depends on !LD_IS_LLD || LLD_VERSION >= 140000 1829 select OBJTOOL |
| 1830 select X86_CET |
|
| 1859 help 1860 Build the kernel with support for Indirect Branch Tracking, a 1861 hardware support course-grain forward-edge Control Flow Integrity 1862 protection. It enforces that all indirect calls must land on 1863 an ENDBR instruction, as such, the compiler will instrument the 1864 code with them to make this happen. 1865 1866 In addition to building the kernel with IBT, seal all functions that --- 77 unchanged lines hidden (view full) --- 1944 that can be used by applications to set aside private regions of code 1945 and data, referred to as enclaves. An enclave's private memory can 1946 only be accessed by code running within the enclave. Accesses from 1947 outside the enclave, including other enclaves, are disallowed by 1948 hardware. 1949 1950 If unsure, say N. 1951 | 1831 help 1832 Build the kernel with support for Indirect Branch Tracking, a 1833 hardware support course-grain forward-edge Control Flow Integrity 1834 protection. It enforces that all indirect calls must land on 1835 an ENDBR instruction, as such, the compiler will instrument the 1836 code with them to make this happen. 1837 1838 In addition to building the kernel with IBT, seal all functions that --- 77 unchanged lines hidden (view full) --- 1916 that can be used by applications to set aside private regions of code 1917 and data, referred to as enclaves. An enclave's private memory can 1918 only be accessed by code running within the enclave. Accesses from 1919 outside the enclave, including other enclaves, are disallowed by 1920 hardware. 1921 1922 If unsure, say N. 1923 |
| 1924config X86_USER_SHADOW_STACK 1925 bool "X86 userspace shadow stack" 1926 depends on AS_WRUSS 1927 depends on X86_64 1928 select ARCH_USES_HIGH_VMA_FLAGS 1929 select X86_CET 1930 help 1931 Shadow stack protection is a hardware feature that detects function 1932 return address corruption. This helps mitigate ROP attacks. 1933 Applications must be enabled to use it, and old userspace does not 1934 get protection "for free". 1935 1936 CPUs supporting shadow stacks were first released in 2020. 1937 1938 See Documentation/arch/x86/shstk.rst for more information. 1939 1940 If unsure, say N. 1941 |
|
| 1952config EFI 1953 bool "EFI runtime service support" 1954 depends on ACPI 1955 select UCS2_STRING 1956 select EFI_RUNTIME_WRAPPERS 1957 select ARCH_USE_MEMREMAP_PROT | 1942config EFI 1943 bool "EFI runtime service support" 1944 depends on ACPI 1945 select UCS2_STRING 1946 select EFI_RUNTIME_WRAPPERS 1947 select ARCH_USE_MEMREMAP_PROT |
| 1948 select EFI_RUNTIME_MAP if KEXEC_CORE |
|
| 1958 help 1959 This enables the kernel to use EFI runtime services that are 1960 available (such as the EFI variable services). 1961 1962 This option is only useful on systems that have EFI firmware. 1963 In addition, you should use the latest ELILO loader available 1964 at <http://elilo.sourceforge.net> in order to take advantage 1965 of EFI runtime services. However, even with this option, the --- 59 unchanged lines hidden (view full) --- 2025 help 2026 Maximum allowable number of ranges in efi_fake_mem boot option. 2027 Ranges can be set up to this value using comma-separated list. 2028 The default value is 8. 2029 2030config EFI_RUNTIME_MAP 2031 bool "Export EFI runtime maps to sysfs" if EXPERT 2032 depends on EFI | 1949 help 1950 This enables the kernel to use EFI runtime services that are 1951 available (such as the EFI variable services). 1952 1953 This option is only useful on systems that have EFI firmware. 1954 In addition, you should use the latest ELILO loader available 1955 at <http://elilo.sourceforge.net> in order to take advantage 1956 of EFI runtime services. However, even with this option, the --- 59 unchanged lines hidden (view full) --- 2016 help 2017 Maximum allowable number of ranges in efi_fake_mem boot option. 2018 Ranges can be set up to this value using comma-separated list. 2019 The default value is 8. 2020 2021config EFI_RUNTIME_MAP 2022 bool "Export EFI runtime maps to sysfs" if EXPERT 2023 depends on EFI |
| 2033 default KEXEC_CORE | |
| 2034 help 2035 Export EFI runtime memory regions to /sys/firmware/efi/runtime-map. 2036 That memory map is required by the 2nd kernel to set up EFI virtual 2037 mappings after kexec, but can also be used for debugging purposes. 2038 2039 See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map. 2040 2041source "kernel/Kconfig.hz" 2042 | 2024 help 2025 Export EFI runtime memory regions to /sys/firmware/efi/runtime-map. 2026 That memory map is required by the 2nd kernel to set up EFI virtual 2027 mappings after kexec, but can also be used for debugging purposes. 2028 2029 See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map. 2030 2031source "kernel/Kconfig.hz" 2032 |
| 2043config KEXEC 2044 bool "kexec system call" 2045 select KEXEC_CORE 2046 help 2047 kexec is a system call that implements the ability to shutdown your 2048 current kernel, and to start another kernel. It is like a reboot 2049 but it is independent of the system firmware. And like a reboot 2050 you can start any kernel with it, not just Linux. | 2033config ARCH_SUPPORTS_KEXEC 2034 def_bool y |
| 2051 | 2035 |
| 2052 The name comes from the similarity to the exec system call. | 2036config ARCH_SUPPORTS_KEXEC_FILE 2037 def_bool X86_64 && CRYPTO && CRYPTO_SHA256 |
| 2053 | 2038 |
| 2054 It is an ongoing process to be certain the hardware in a machine 2055 is properly shutdown, so do not be surprised if this code does not 2056 initially work for you. As of this writing the exact hardware 2057 interface is strongly in flux, so no good recommendation can be 2058 made. 2059 2060config KEXEC_FILE 2061 bool "kexec file based system call" 2062 select KEXEC_CORE | 2039config ARCH_SELECTS_KEXEC_FILE 2040 def_bool y 2041 depends on KEXEC_FILE |
| 2063 select HAVE_IMA_KEXEC if IMA | 2042 select HAVE_IMA_KEXEC if IMA |
| 2064 depends on X86_64 2065 depends on CRYPTO=y 2066 depends on CRYPTO_SHA256=y 2067 help 2068 This is new version of kexec system call. This system call is 2069 file based and takes file descriptors as system call argument 2070 for kernel and initramfs as opposed to list of segments as 2071 accepted by previous system call. | |
| 2072 | 2043 |
| 2073config ARCH_HAS_KEXEC_PURGATORY | 2044config ARCH_SUPPORTS_KEXEC_PURGATORY |
| 2074 def_bool KEXEC_FILE 2075 | 2045 def_bool KEXEC_FILE 2046 |
| 2076config KEXEC_SIG 2077 bool "Verify kernel signature during kexec_file_load() syscall" 2078 depends on KEXEC_FILE 2079 help | 2047config ARCH_SUPPORTS_KEXEC_SIG 2048 def_bool y |
| 2080 | 2049 |
| 2081 This option makes the kexec_file_load() syscall check for a valid 2082 signature of the kernel image. The image can still be loaded without 2083 a valid signature unless you also enable KEXEC_SIG_FORCE, though if 2084 there's a signature that we can check, then it must be valid. | 2050config ARCH_SUPPORTS_KEXEC_SIG_FORCE 2051 def_bool y |
| 2085 | 2052 |
| 2086 In addition to this option, you need to enable signature 2087 verification for the corresponding kernel image type being 2088 loaded in order for this to work. | 2053config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG 2054 def_bool y |
| 2089 | 2055 |
| 2090config KEXEC_SIG_FORCE 2091 bool "Require a valid signature in kexec_file_load() syscall" 2092 depends on KEXEC_SIG 2093 help 2094 This option makes kernel signature verification mandatory for 2095 the kexec_file_load() syscall. | 2056config ARCH_SUPPORTS_KEXEC_JUMP 2057 def_bool y |
| 2096 | 2058 |
| 2097config KEXEC_BZIMAGE_VERIFY_SIG 2098 bool "Enable bzImage signature verification support" 2099 depends on KEXEC_SIG 2100 depends on SIGNED_PE_FILE_VERIFICATION 2101 select SYSTEM_TRUSTED_KEYRING 2102 help 2103 Enable bzImage signature verification support. | 2059config ARCH_SUPPORTS_CRASH_DUMP 2060 def_bool X86_64 || (X86_32 && HIGHMEM) |
| 2104 | 2061 |
| 2105config CRASH_DUMP 2106 bool "kernel crash dumps" 2107 depends on X86_64 || (X86_32 && HIGHMEM) 2108 help 2109 Generate crash dump after being started by kexec. 2110 This should be normally only set in special crash dump kernels 2111 which are loaded in the main kernel with kexec-tools into 2112 a specially reserved region and then later executed after 2113 a crash by kdump/kexec. The crash dump kernel must be compiled 2114 to a memory address not used by the main kernel or BIOS using 2115 PHYSICAL_START, or it must be built as a relocatable image 2116 (CONFIG_RELOCATABLE=y). 2117 For more details see Documentation/admin-guide/kdump/kdump.rst | 2062config ARCH_SUPPORTS_CRASH_HOTPLUG 2063 def_bool y |
| 2118 | 2064 |
| 2119config KEXEC_JUMP 2120 bool "kexec jump" 2121 depends on KEXEC && HIBERNATION 2122 help 2123 Jump between original kernel and kexeced kernel and invoke 2124 code in physical address mode via KEXEC 2125 | |
| 2126config PHYSICAL_START 2127 hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) 2128 default "0x1000000" 2129 help 2130 This gives the physical address where the kernel is loaded. 2131 2132 If kernel is a not relocatable (CONFIG_RELOCATABLE=n) then 2133 bzImage will decompress itself to above physical address and --- 496 unchanged lines hidden (view full) --- 2630 If in doubt, say N. 2631 2632endif 2633 2634config ARCH_HAS_ADD_PAGES 2635 def_bool y 2636 depends on ARCH_ENABLE_MEMORY_HOTPLUG 2637 | 2065config PHYSICAL_START 2066 hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) 2067 default "0x1000000" 2068 help 2069 This gives the physical address where the kernel is loaded. 2070 2071 If kernel is a not relocatable (CONFIG_RELOCATABLE=n) then 2072 bzImage will decompress itself to above physical address and --- 496 unchanged lines hidden (view full) --- 2569 If in doubt, say N. 2570 2571endif 2572 2573config ARCH_HAS_ADD_PAGES 2574 def_bool y 2575 depends on ARCH_ENABLE_MEMORY_HOTPLUG 2576 |
| 2638config ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE 2639 def_bool y 2640 | |
| 2641menu "Power management and ACPI options" 2642 2643config ARCH_HIBERNATION_HEADER 2644 def_bool y 2645 depends on HIBERNATION 2646 2647source "kernel/power/Kconfig" 2648 --- 409 unchanged lines hidden --- | 2577menu "Power management and ACPI options" 2578 2579config ARCH_HIBERNATION_HEADER 2580 def_bool y 2581 depends on HIBERNATION 2582 2583source "kernel/power/Kconfig" 2584 --- 409 unchanged lines hidden --- |