Add INTEL_TDX_GUEST config option to selectively compile TDX guest support.
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppusw...@linux.intel.com> Reviewed-by: Andi Kleen <a...@linux.intel.com> --- arch/x86/Kconfig | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 8fe91114bfee..0374d9f262a5 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -868,6 +868,21 @@ config ACRN_GUEST IOT with small footprint and real-time features. More details can be found in https://projectacrn.org/. +config INTEL_TDX_GUEST + bool "Intel Trusted Domain eXtensions Guest Support" + depends on X86_64 && CPU_SUP_INTEL && PARAVIRT + depends on SECURITY + select PARAVIRT_XL + select X86_X2APIC + select SECURITY_LOCKDOWN_LSM + help + Provide support for running in a trusted domain on Intel processors + equipped with Trusted Domain eXtenstions. TDX is an new Intel + technology that extends VMX and Memory Encryption with a new kind of + virtual machine guest called Trust Domain (TD). A TD is designed to + run in a CPU mode that protects the confidentiality of TD memory + contents and the TD’s CPU state from other software, including VMM. + endif #HYPERVISOR_GUEST source "arch/x86/Kconfig.cpu" -- 2.25.1