114 lines
3.5 KiB
Plaintext
114 lines
3.5 KiB
Plaintext
# Kconfig - x86 core configuration options
|
|
|
|
#
|
|
# Copyright (c) 2014-2015 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
config NESTED_INTERRUPTS
|
|
bool "Enable nested interrupts"
|
|
default y
|
|
help
|
|
This option enables support for nested interrupts.
|
|
|
|
config EXCEPTION_DEBUG
|
|
bool "Unhandled exception debugging"
|
|
default y
|
|
depends on PRINTK
|
|
help
|
|
Install handlers for various CPU exception/trap vectors to
|
|
make debugging them easier, at a small expense in code size.
|
|
This prints out the specific exception vector and any associated
|
|
error codes.
|
|
|
|
menu "Memory Layout Options"
|
|
|
|
config IDT_NUM_VECTORS
|
|
int "Number of IDT vectors"
|
|
default 256
|
|
range 32 256
|
|
help
|
|
This option specifies the number of interrupt vector entries in the
|
|
Interrupt Descriptor Table (IDT). By default all 256 vectors are
|
|
supported in an IDT requiring 2048 bytes of memory.
|
|
|
|
config MAX_IRQ_LINES
|
|
int "Number of IRQ lines"
|
|
default 128
|
|
range 0 256
|
|
help
|
|
This option specifies the number of IRQ lines in the system.
|
|
It can be tuned to save some bytes in ROM, as it determines the
|
|
size of the _irq_to_interrupt_vector_table, which is used at runtime
|
|
to program to the PIC the association between vectors and
|
|
interrupts.
|
|
|
|
config SET_GDT
|
|
bool "Setup GDT as part of boot process"
|
|
default y
|
|
help
|
|
This option sets up the GDT as part of the boot process. However,
|
|
this may conflict with some security scenarios where the GDT is
|
|
already appropriately set by an earlier bootloader stage, in which
|
|
case this should be disabled. If disabled, the global _gdt pointer
|
|
will not be available.
|
|
|
|
config GDT_DYNAMIC
|
|
bool "Store GDT in RAM so that it can be modified"
|
|
depends on SET_GDT
|
|
help
|
|
This option stores the GDT in RAM instead of ROM, so that it may
|
|
be modified at runtime at the expense of some memory.
|
|
|
|
endmenu
|
|
|
|
config DISABLE_SSBD
|
|
bool "Disable Speculative Store Bypass"
|
|
depends on USERSPACE
|
|
default y if !X86_NO_SPECTRE_V4
|
|
help
|
|
This option will disable Speculative Store Bypass in order to
|
|
mitigate against certain kinds of side channel attacks. Quoting
|
|
the "Speculative Execution Side Channels" document, version 2.0:
|
|
|
|
When SSBD is set, loads will not execute speculatively
|
|
until the addresses of all older stores are known. This
|
|
ensure s that a load does not speculatively consume stale
|
|
data values due to bypassing an older store on the same
|
|
logical processor.
|
|
|
|
If enabled, this applies to all threads in the system.
|
|
|
|
Even if enabled, will have no effect on CPUs that do not
|
|
require this feature.
|
|
|
|
config ENABLE_EXTENDED_IBRS
|
|
bool "Enable Extended IBRS"
|
|
depends on USERSPACE
|
|
default y if !X86_NO_SPECTRE_V2
|
|
help
|
|
This option will enable the Extended Indirect Branch Restricted
|
|
Speculation 'always on' feature. This mitigates Indirect Branch
|
|
Control vulnerabilities (aka Spectre V2).
|
|
|
|
config X86_RETPOLINE
|
|
bool "Build with retpolines enabled in x86 assembly code"
|
|
depends on USERSPACE
|
|
help
|
|
This is recommended on platforms with speculative executions, to
|
|
protect against branch target injection (AKA Spectre-V2). Full
|
|
description of how retpolines work can be found here[1].
|
|
|
|
[1] https://support.google.com/faqs/answer/7625886
|
|
|
|
config X86_BOUNDS_CHECK_BYPASS_MITIGATION
|
|
bool
|
|
depends on USERSPACE
|
|
default y if !X86_NO_SPECTRE_V1
|
|
select BOUNDS_CHECK_BYPASS_MITIGATION
|
|
help
|
|
Hidden config to select arch-independent option to enable
|
|
Spectre V1 mitigations by default if the CPU is not known
|
|
to be immune to it.
|