zephyr/arch/x86/core/Kconfig

114 lines
3.5 KiB
Plaintext

# Kconfig - x86 core configuration options
#
# Copyright (c) 2014-2015 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
config NESTED_INTERRUPTS
bool "Enable nested interrupts"
default y
help
This option enables support for nested interrupts.
config EXCEPTION_DEBUG
bool "Unhandled exception debugging"
default y
depends on PRINTK
help
Install handlers for various CPU exception/trap vectors to
make debugging them easier, at a small expense in code size.
This prints out the specific exception vector and any associated
error codes.
menu "Memory Layout Options"
config IDT_NUM_VECTORS
int "Number of IDT vectors"
default 256
range 32 256
help
This option specifies the number of interrupt vector entries in the
Interrupt Descriptor Table (IDT). By default all 256 vectors are
supported in an IDT requiring 2048 bytes of memory.
config MAX_IRQ_LINES
int "Number of IRQ lines"
default 128
range 0 256
help
This option specifies the number of IRQ lines in the system.
It can be tuned to save some bytes in ROM, as it determines the
size of the _irq_to_interrupt_vector_table, which is used at runtime
to program to the PIC the association between vectors and
interrupts.
config SET_GDT
bool "Setup GDT as part of boot process"
default y
help
This option sets up the GDT as part of the boot process. However,
this may conflict with some security scenarios where the GDT is
already appropriately set by an earlier bootloader stage, in which
case this should be disabled. If disabled, the global _gdt pointer
will not be available.
config GDT_DYNAMIC
bool "Store GDT in RAM so that it can be modified"
depends on SET_GDT
help
This option stores the GDT in RAM instead of ROM, so that it may
be modified at runtime at the expense of some memory.
endmenu
config DISABLE_SSBD
bool "Disable Speculative Store Bypass"
depends on USERSPACE
default y if !X86_NO_SPECTRE_V4
help
This option will disable Speculative Store Bypass in order to
mitigate against certain kinds of side channel attacks. Quoting
the "Speculative Execution Side Channels" document, version 2.0:
When SSBD is set, loads will not execute speculatively
until the addresses of all older stores are known. This
ensure s that a load does not speculatively consume stale
data values due to bypassing an older store on the same
logical processor.
If enabled, this applies to all threads in the system.
Even if enabled, will have no effect on CPUs that do not
require this feature.
config ENABLE_EXTENDED_IBRS
bool "Enable Extended IBRS"
depends on USERSPACE
default y if !X86_NO_SPECTRE_V2
help
This option will enable the Extended Indirect Branch Restricted
Speculation 'always on' feature. This mitigates Indirect Branch
Control vulnerabilities (aka Spectre V2).
config X86_RETPOLINE
bool "Build with retpolines enabled in x86 assembly code"
depends on USERSPACE
help
This is recommended on platforms with speculative executions, to
protect against branch target injection (AKA Spectre-V2). Full
description of how retpolines work can be found here[1].
[1] https://support.google.com/faqs/answer/7625886
config X86_BOUNDS_CHECK_BYPASS_MITIGATION
bool
depends on USERSPACE
default y if !X86_NO_SPECTRE_V1
select BOUNDS_CHECK_BYPASS_MITIGATION
help
Hidden config to select arch-independent option to enable
Spectre V1 mitigations by default if the CPU is not known
to be immune to it.