Add INTEL_TDX_GUEST config option to selectively compile
TDX guest support.
Signed-off-by: Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppusw...@linux.intel.com>
Reviewed-by: Andi Kleen <a...@linux.intel.com>
---
arch/x86/Kconfig | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 8fe91114bfee..0374d9f262a5 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -868,6 +868,21 @@ config ACRN_GUEST
IOT with small footprint and real-time features. More details can be
found in https://projectacrn.org/.
+config INTEL_TDX_GUEST
+ bool "Intel Trusted Domain eXtensions Guest Support"
+ depends on X86_64 && CPU_SUP_INTEL && PARAVIRT
+ depends on SECURITY
+ select PARAVIRT_XL
+ select X86_X2APIC
+ select SECURITY_LOCKDOWN_LSM
+ help
+ Provide support for running in a trusted domain on Intel processors
+ equipped with Trusted Domain eXtenstions. TDX is an new Intel
+ technology that extends VMX and Memory Encryption with a new kind of
+ virtual machine guest called Trust Domain (TD). A TD is designed to
+ run in a CPU mode that protects the confidentiality of TD memory
+ contents and the TD’s CPU state from other software, including VMM.
+
endif #HYPERVISOR_GUEST
source "arch/x86/Kconfig.cpu"
--
2.25.1
