1config X86_64
2	def_bool y
3
4config X86
5	def_bool y
6	select ACPI
7	select ACPI_LEGACY_TABLES_LOOKUP
8	select ARCH_SUPPORTS_INT128
9	select COMPAT
10	select CORE_PARKING
11	select HAS_ALTERNATIVE
12	select HAS_CPUFREQ
13	select HAS_EHCI
14	select HAS_EX_TABLE
15	select HAS_FAST_MULTIPLY
16	select HAS_IOPORTS
17	select HAS_KEXEC
18	select MEM_ACCESS_ALWAYS_ON
19	select HAS_MEM_PAGING
20	select HAS_NS16550
21	select HAS_PASSTHROUGH
22	select HAS_PCI
23	select HAS_PDX
24	select HAS_SCHED_GRANULARITY
25	select HAS_UBSAN
26	select HAS_VPCI if !PV_SHIM_EXCLUSIVE && HVM
27	select NEEDS_LIBELF
28	select NUMA
29
30config ARCH_DEFCONFIG
31	string
32	default "arch/x86/configs/x86_64_defconfig"
33
34config INDIRECT_THUNK
35	def_bool $(cc-option,-mindirect-branch-register)
36
37config HAS_AS_CET_SS
38	# binutils >= 2.29 or LLVM >= 6
39	def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy)
40
41menu "Architecture Features"
42
43source "arch/Kconfig"
44
45config PV
46	def_bool y
47	prompt "PV support"
48	---help---
49	  Interfaces to support PV domains. These require guest kernel support
50	  to run as a PV guest, but don't require any specific hardware support.
51
52	  This option is needed if you want to run PV domains.
53
54	  If unsure, say Y.
55
56config PV32
57	bool "Support for 32bit PV guests"
58	depends on PV
59	default y
60	---help---
61	  The 32bit PV ABI uses Ring1, an area of the x86 architecture which
62	  was deprecated and mostly removed in the AMD64 spec.  As a result,
63	  it occasionally conflicts with newer x86 hardware features, causing
64	  overheads for Xen to maintain backwards compatibility.
65
66	  People may wish to disable 32bit PV guests for attack surface
67	  reduction, or performance reasons.  Backwards compatibility can be
68	  provided via the PV Shim mechanism.
69
70	  If unsure, say Y.
71
72config PV_LINEAR_PT
73       bool "Support for PV linear pagetables"
74       depends on PV
75       default y
76       ---help---
77         Linear pagetables (also called "recursive pagetables") refers
78         to the practice of a guest operating system having pagetable
79         entries pointing to other pagetables of the same level (i.e.,
80         allowing L2 PTEs to point to other L2 pages).  Some operating
81         systems use it as a simple way to consistently map the current
82         process's pagetables into its own virtual address space.
83
84         Linux and MiniOS don't use this technique.  NetBSD and Novell
85         Netware do; there may be other custom operating systems which
86         do.  If you're certain you don't plan on having PV guests
87         which use this feature, turning it off can reduce the attack
88         surface.
89
90         If unsure, say Y.
91
92config HVM
93	def_bool !PV_SHIM_EXCLUSIVE
94	prompt "HVM support"
95	---help---
96	  Interfaces to support HVM domains.  HVM domains require hardware
97	  virtualisation extensions (e.g. Intel VT-x, AMD SVM), but can boot
98	  guests which have no specific Xen knowledge.
99
100	  This option is needed if you want to run HVM or PVH domains.
101
102	  If unsure, say Y.
103
104config XEN_SHSTK
105	bool "Supervisor Shadow Stacks"
106	depends on HAS_AS_CET_SS && EXPERT
107	default y
108	---help---
109	  Control-flow Enforcement Technology (CET) is a set of features in
110	  hardware designed to combat Return-oriented Programming (ROP, also
111	  call/jump COP/JOP) attacks.  Shadow Stacks are one CET feature
112	  designed to provide return address protection.
113
114	  This option arranges for Xen to use CET-SS for its own protection.
115	  When CET-SS is active, 32bit PV guests cannot be used.  Backwards
116	  compatiblity can be provided via the PV Shim mechanism.
117
118config SHADOW_PAGING
119        bool "Shadow Paging"
120        default y
121        ---help---
122
123          Shadow paging is a software alternative to hardware paging support
124          (Intel EPT, AMD NPT).
125
126          It is required for:
127            * Running HVM guests on hardware lacking hardware paging support
128              (First-generation Intel VT-x or AMD SVM).
129            * Live migration of PV guests.
130            * L1TF sidechannel mitigation for PV guests.
131
132          Under a small number of specific workloads, shadow paging may be
133          deliberately used as a performance optimisation.
134
135          If unsure, say Y.
136
137config BIGMEM
138	bool "big memory support"
139	default n
140	---help---
141	  Allows Xen to support up to 123Tb of memory.
142
143	  This requires enlarging struct page_info as well as shrinking
144	  the always accessible direct mapped memory range.
145
146	  If unsure, say N.
147
148config HVM_FEP
149	bool "HVM Forced Emulation Prefix support" if EXPERT
150	default DEBUG
151	depends on HVM
152	---help---
153
154	  Compiles in a feature that allows HVM guest to arbitrarily
155	  exercise the instruction emulator.
156
157	  This feature can only be enabled during boot time with
158	  appropriate hypervisor command line option. Please read
159	  hypervisor command line documentation before trying to use
160	  this feature.
161
162	  This is strictly for testing purposes, and not appropriate
163	  for use in production.
164
165	  If unsure, say N.
166
167config TBOOT
168	def_bool y
169	prompt "Xen tboot support" if EXPERT
170	select CRYPTO
171	---help---
172	  Allows support for Trusted Boot using the Intel(R) Trusted Execution
173	  Technology (TXT)
174
175	  If unsure, say Y.
176
177choice
178	prompt "Alignment of Xen image"
179	default XEN_ALIGN_2M if PV_SHIM_EXCLUSIVE
180	default XEN_ALIGN_DEFAULT
181	---help---
182	  Specify alignment for Xen image.
183
184	  If unsure, choose "default".
185
186config XEN_ALIGN_DEFAULT
187	bool "Default alignment"
188	---help---
189	  Pick alignment according to build variants.
190
191	  For EFI build the default alignment is 2M. For ELF build
192	  the default alignment is 4K due to syslinux failing to handle
193	  the increment of image size induced by 2M alignment.
194
195config XEN_ALIGN_2M
196	bool "2M alignment"
197
198endchoice
199
200config GUEST
201	bool
202
203config XEN_GUEST
204	bool "Xen Guest"
205	select GUEST
206	---help---
207	  Support for Xen detecting when it is running under Xen.
208
209	  If unsure, say N.
210
211config PVH_GUEST
212	def_bool y
213	prompt "PVH Guest"
214	depends on XEN_GUEST
215	---help---
216	  Support booting using the PVH ABI.
217
218	  If unsure, say Y.
219
220config PV_SHIM
221	def_bool y
222	prompt "PV Shim"
223	depends on PV && XEN_GUEST
224	---help---
225	  Build Xen with a mode which acts as a shim to allow PV guest to run
226	  in an HVM/PVH container. This mode can only be enabled with command
227	  line option.
228
229	  If unsure, say Y.
230
231config PV_SHIM_EXCLUSIVE
232	bool "PV Shim Exclusive"
233	depends on PV_SHIM
234	---help---
235	  Build Xen in a way which unconditionally assumes PV_SHIM mode.  This
236	  option is only intended for use when building a dedicated PV Shim
237	  firmware, and will not function correctly in other scenarios.
238
239	  If unsure, say N.
240
241if !PV_SHIM_EXCLUSIVE
242
243config HYPERV_GUEST
244	bool "Hyper-V Guest"
245	select GUEST
246	---help---
247	  Support for Xen detecting when it is running under Hyper-V.
248
249	  If unsure, say N.
250
251endif
252
253config MEM_SHARING
254	bool "Xen memory sharing support" if EXPERT
255	depends on HVM
256
257endmenu
258
259source "common/Kconfig"
260
261source "drivers/Kconfig"
262