diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-10-04 19:37:02 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-10-04 19:37:02 +0300 |
| commit | 5bb3a16dbea8ac40a36056e8ca79d37d47198a67 (patch) | |
| tree | 8cf0cdb8954e25538265022ecb6f0cd711b6e164 /arch/x86/Kconfig | |
| parent | 51eaa866a50f3e5f006b0c4876ddfa0e5c72c5f0 (diff) | |
| parent | b8d1d163604bd1e600b062fb00de5dc42baa355f (diff) | |
| download | linux-5bb3a16dbea8ac40a36056e8ca79d37d47198a67.tar.xz | |
Merge tag 'x86_apic_for_v6.1_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 APIC update from Borislav Petkov:
- Add support for locking the APIC in X2APIC mode to prevent SGX
enclave leaks
* tag 'x86_apic_for_v6.1_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/apic: Don't disable x2APIC if locked
Diffstat (limited to 'arch/x86/Kconfig')
| -rw-r--r-- | arch/x86/Kconfig | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index cabd6e13f549..42747e942a07 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -451,6 +451,11 @@ config X86_X2APIC This allows 32-bit apic IDs (so it can support very large systems), and accesses the local apic via MSRs not via mmio. + Some Intel systems circa 2022 and later are locked into x2APIC mode + and can not fall back to the legacy APIC modes if SGX or TDX are + enabled in the BIOS. They will be unable to boot without enabling + this option. + If you don't know what to do here, say N. config X86_MPPARSE @@ -1922,7 +1927,7 @@ endchoice config X86_SGX bool "Software Guard eXtensions (SGX)" - depends on X86_64 && CPU_SUP_INTEL + depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC depends on CRYPTO=y depends on CRYPTO_SHA256=y select SRCU |