1# SPDX-License-Identifier: GPL-2.0
2#
3# KVM configuration
4#
5
6source "virt/kvm/Kconfig"
7
8menuconfig VIRTUALIZATION
9	bool "Virtualization"
10	depends on HAVE_KVM || X86
11	default y
12	help
13	  Say Y here to get to see options for using your Linux host to run other
14	  operating systems inside virtual machines (guests).
15	  This option alone does not add any kernel code.
16
17	  If you say N, all options in this submenu will be skipped and disabled.
18
19if VIRTUALIZATION
20
21config KVM
22	tristate "Kernel-based Virtual Machine (KVM) support"
23	depends on HAVE_KVM
24	depends on HIGH_RES_TIMERS
25	depends on X86_LOCAL_APIC
26	select PREEMPT_NOTIFIERS
27	select MMU_NOTIFIER
28	select HAVE_KVM_IRQCHIP
29	select HAVE_KVM_IRQFD
30	select IRQ_BYPASS_MANAGER
31	select HAVE_KVM_IRQ_BYPASS
32	select HAVE_KVM_IRQ_ROUTING
33	select HAVE_KVM_EVENTFD
34	select KVM_ASYNC_PF
35	select USER_RETURN_NOTIFIER
36	select KVM_MMIO
37	select SCHED_INFO
38	select PERF_EVENTS
39	select HAVE_KVM_MSI
40	select HAVE_KVM_CPU_RELAX_INTERCEPT
41	select HAVE_KVM_NO_POLL
42	select KVM_XFER_TO_GUEST_WORK
43	select KVM_GENERIC_DIRTYLOG_READ_PROTECT
44	select KVM_VFIO
45	select SRCU
46	select HAVE_KVM_PM_NOTIFIER if PM
47	help
48	  Support hosting fully virtualized guest machines using hardware
49	  virtualization extensions.  You will need a fairly recent
50	  processor equipped with virtualization extensions. You will also
51	  need to select one or more of the processor modules below.
52
53	  This module provides access to the hardware capabilities through
54	  a character device node named /dev/kvm.
55
56	  To compile this as a module, choose M here: the module
57	  will be called kvm.
58
59	  If unsure, say N.
60
61config KVM_WERROR
62	bool "Compile KVM with -Werror"
63	# KASAN may cause the build to fail due to larger frames
64	default y if X86_64 && !KASAN
65	# We use the dependency on !COMPILE_TEST to not be enabled
66	# blindly in allmodconfig or allyesconfig configurations
67	depends on KVM
68	depends on (X86_64 && !KASAN) || !COMPILE_TEST
69	depends on EXPERT
70	help
71	  Add -Werror to the build flags for KVM.
72
73	  If in doubt, say "N".
74
75config KVM_INTEL
76	tristate "KVM for Intel (and compatible) processors support"
77	depends on KVM && IA32_FEAT_CTL
78	help
79	  Provides support for KVM on processors equipped with Intel's VT
80	  extensions, a.k.a. Virtual Machine Extensions (VMX).
81
82	  To compile this as a module, choose M here: the module
83	  will be called kvm-intel.
84
85config X86_SGX_KVM
86	bool "Software Guard eXtensions (SGX) Virtualization"
87	depends on X86_SGX && KVM_INTEL
88	help
89
90	  Enables KVM guests to create SGX enclaves.
91
92	  This includes support to expose "raw" unreclaimable enclave memory to
93	  guests via a device node, e.g. /dev/sgx_vepc.
94
95	  If unsure, say N.
96
97config KVM_AMD
98	tristate "KVM for AMD processors support"
99	depends on KVM
100	help
101	  Provides support for KVM on AMD processors equipped with the AMD-V
102	  (SVM) extensions.
103
104	  To compile this as a module, choose M here: the module
105	  will be called kvm-amd.
106
107config KVM_AMD_SEV
108	def_bool y
109	bool "AMD Secure Encrypted Virtualization (SEV) support"
110	depends on KVM_AMD && X86_64
111	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
112	help
113	  Provides support for launching Encrypted VMs (SEV) and Encrypted VMs
114	  with Encrypted State (SEV-ES) on AMD processors.
115
116config KVM_XEN
117	bool "Support for Xen hypercall interface"
118	depends on KVM
119	help
120	  Provides KVM support for the hosting Xen HVM guests and
121	  passing Xen hypercalls to userspace.
122
123	  If in doubt, say "N".
124
125config KVM_MMU_AUDIT
126	bool "Audit KVM MMU"
127	depends on KVM && TRACEPOINTS
128	help
129	 This option adds a R/W kVM module parameter 'mmu_audit', which allows
130	 auditing of KVM MMU events at runtime.
131
132config KVM_EXTERNAL_WRITE_TRACKING
133	bool
134
135endif # VIRTUALIZATION
136