Lines Matching +full:programmable +full:- +full:security

1 # SPDX-License-Identifier: GPL-2.0
4 bool "64-bit kernel" if "$(ARCH)" = "x86"
7 Say yes to build a 64-bit kernel - formerly known as x86_64
8 Say no to build a 32-bit kernel - formerly known as i386
13 # Options that are inherently 32-bit kernel only:
27 # Options that are inherently 64-bit kernel only:
55 # ported to 32-bit as well. )
150 # Word-size accesses may read uninitialized data past the trailing \0
329 default "elf32-i386" if X86_32
330 default "elf64-x86-64" if X86_64
424 …default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) if 64…
425 default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC) $(CLANG_FLAGS))
429 the segment on 32-bit kernels.
434 bool "Symmetric multi-processing support"
440 If you say N here, the kernel will run on uni- and multiprocessor
455 See also <file:Documentation/arch/x86/i386/IO-APIC.rst>,
456 <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO available at
467 This allows 32-bit apic IDs (so it can support very large systems),
478 bool "Enable MSI and MSI-x delivery by posted interrupts"
533 bool "Support for extended (non-PC) x86 platforms"
541 for the following non-PC x86 platforms, depending on the value of
544 32-bit platforms (CONFIG_64BIT=n):
547 RDC R-321x SoC
549 STA2X11-based (e.g. Northville)
552 64-bit platforms (CONFIG_64BIT=y):
558 generic distribution kernel, say Y here - otherwise say N.
571 Adds support for Numascale NumaChip large-SMP systems. Needed to
584 supposed to run on these EM64T-based machines. Only choose this option
695 - BayTrail
696 - Braswell
697 - Quark
715 bool "RDC R-321x SoC"
721 This option is needed for RDC R-321x system-on-chip, also known
722 as R-8610-(G).
726 bool "Support non-standard 32-bit SMP architectures"
741 # On 32-bit this adds too big of NODES_SHIFT and we run out of page flags:
742 # On 32-bit SPARSEMEM adds too big of SECTIONS_WIDTH:
753 This adds support for boards based on the STA2X11 IO-Hub,
774 prompt "Single-depth WCHAN output"
787 Say Y here to enable options for running Linux under various hyper-
809 bool "paravirt-ops debugging"
820 spinlock implementation with something virtualization-friendly
874 bool "Jailhouse non-root cell support"
878 This option allows to run Linux as guest in a Jailhouse non-root
888 a flexible, lightweight reference open-source hypervisor, built with
889 real-time and safety-criticality in mind. It is built for embedded
890 IOT with small footprint and real-time features. More details can be
894 bool "Intel TDX (Trust Domain Extensions) - Guest Support"
918 Use the IA-PC HPET (High Precision Event Timer) to manage
924 as it is off-chip. The interface used is documented
958 The GART supports full DMA access for devices with 32-bit access
967 32-bit limited device.
992 # The ranges are different on 32-bit and 64-bit kernels, depending on
1054 by sharing mid-level caches, last-level cache tags or internal
1062 prompt "Multi-core scheduler support"
1065 Multi-core scheduler support improves the CPU scheduler's decision
1066 making when dealing with multi-core CPU chips at a cost of slightly
1100 A local APIC (Advanced Programmable Interrupt Controller) is an
1101 integrated interrupt controller in the CPU. If you have a single-CPU
1105 all. The local APIC supports CPU-generated self-interrupts (timer,
1110 bool "IO-APIC support on uniprocessors"
1113 An IO-APIC (I/O Advanced Programmable Interrupt Controller) is an
1114 SMP-capable replacement for PC-style interrupt controllers. Most
1117 If you have a single-CPU system with an IO-APIC, you can say Y here
1119 an IO-APIC, then the kernel will still run with no slowdown at all.
1147 entry in the chipset's IO-APIC is masked (as, e.g. the RT
1221 mode, which is an 80286-era approximation of 16-bit real mode.
1229 a 16-bit DOS program where 16-bit performance matters, vm86
1233 Note that any app that works on a 64-bit kernel is unlikely to
1234 need this option, as 64-bit kernels don't, and can't, support
1235 V8086 mode. This option is also unrelated to 16-bit protected
1236 mode and is not needed to run most 16-bit programs under Wine.
1248 bool "Enable support for 16-bit segments" if EXPERT
1252 This option is required by programs like Wine to run 16-bit
1255 plus 16K runtime memory on x86-64,
1293 capabilities and permission from potentially active security
1328 CS5530A and CS5536 chipsets and the RDC R-321x SoC.
1375 tristate "/dev/cpu/*/msr - Model-specific register support"
1378 Model-Specific Registers (MSRs). It is a character device with
1380 MSR accesses are directed to a specific CPU on multi-processor
1384 tristate "/dev/cpu/*/cpuid - CPU information support"
1400 However, the address space of 32-bit x86 processors is only 4
1419 PAE implements 3-level paging on IA32 processors. PAE is fully
1435 Select this if you have a 32-bit processor and between 1 and 4
1443 Select this if you have a 32-bit processor and more than 4
1462 will also likely make your kernel incompatible with binary-only
1502 larger swapspace support for non-overcommit purposes. It
1507 bool "Enable 5-level page tables support"
1513 5-level paging enables access to larger address space:
1520 support 4- or 5-level paging.
1522 See Documentation/arch/x86/x86_64/5level-paging.rst for more
1573 Enable NUMA (Non-Uniform Memory Access) support.
1579 For 64-bit this is recommended if the system is Intel Core i7
1582 For 32-bit this is only needed if you boot a 32-bit
1583 kernel on a 64-bit NUMA platform.
1639 See Documentation/admin-guide/mm/memory-hotplug.rst for more information.
1655 tristate "Support non-standard NVDIMMs and ADR protected memory"
1662 Treat memory marked using the non-standard e820 type of 12 as used
1663 by the Intel Sandy Bridge-EP reference BIOS as protected memory.
1670 bool "Allocate 3rd-level pagetables from highmem"
1675 low memory. Setting this option will put user-space page table
1688 Documentation/admin-guide/kernel-parameters.rst to adjust this.
1696 BIOS-originated corruption always affects the same memory,
1730 emulation can be found in <file:arch/x86/math-emu/README>.
1742 a video (VGA) card on a PCI or AGP bus. Enabling write-combining
1756 The AMD K6-2 (stepping 8 and above) and K6-3 processors have two
1758 write-combining. All of these processors are supported by this code
1785 int "MTRR cleanup enable value (0-1)"
1793 int "MTRR cleanup spare reg num (0-7)"
1813 spontaneous reboots) or a non-working video driver.
1821 User Mode Instruction Prevention (UMIP) is a security feature in
1829 specific cases in protected and virtual-8086 modes. Emulated
1836 # https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f
1837 # https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332
1838 def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
1840 $(as-instr,endbr64)
1851 # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
1857 hardware support course-grain forward-edge Control Flow Integrity
1872 # Note: only available in 64-bit mode
1878 page-based protections, but without requiring modification of the
1881 For details, see Documentation/core-api/protection-keys.rst
1909 and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
1913 platforms or on if TSX is in use and the security aspect of tsx is not
1919 TSX is disabled if possible - equals to tsx=off command line parameter.
1924 TSX is always enabled on TSX capable HW - equals the tsx=on command
1931 side channel attacks- equals the tsx=auto command line parameter.
2002 resultant kernel should continue to boot on existing non-EFI
2013 See Documentation/admin-guide/efi-stub.rst for more information.
2033 bool "EFI mixed-mode support"
2036 Enabling this feature allows a 64-bit kernel to be booted
2037 on a 32-bit firmware, provided that your CPU supports 64-bit
2040 Note that it is not possible to boot a mixed-mode enabled
2041 kernel via the EFI boot stub - a bootloader that supports
2050 Export EFI runtime memory regions to /sys/firmware/efi/runtime-map.
2054 See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
2123 command line boot parameter passed to the panic-ed
2124 kernel. Please take a look at Documentation/admin-guide/kdump/kdump.rst
2162 image is mapped, as a security feature that deters exploit
2166 On 64-bit, the kernel physical and virtual addresses are
2173 On 32-bit, the kernel physical and virtual addresses are
2204 If bootloader loads the kernel at a non-aligned address and
2208 If bootloader loads the kernel at a non-aligned address and
2216 On 32-bit this value must be a multiple of 0x2000. On 64-bit
2235 (physical memory mapping, vmalloc & vmemmap). This security feature
2266 to 64-bit linear addresses, allowing software to use of the
2278 prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
2282 presented with a 32-bit vDSO that is not mapped at the address
2292 dl_main: Assertion `(void *) ph->p_vaddr == _rtld_local._dl_sysinfo_dso' failed!
2295 option from 1 to 0, which turns off the 32-bit vDSO entirely.
2309 it can be used to assist security vulnerability exploitation.
2318 to improve security.
2330 certain uses of the vsyscall area as an ASLR-bypassing
2345 bool "Built-in kernel command line"
2357 Systems with fully functional boot loaders (i.e. non-embedded)
2361 string "Built-in kernel command string"
2373 In most cases, the command line (whether built-in or provided
2378 bool "Built-in command line overrides boot loader arguments"
2382 command line, and use ONLY the built-in command line.
2391 Linux can allow user programs to install a per-process x86
2393 call. This is required to run 16-bit or segmented code such as
2398 context switches and increases the low-level kernel attack
2433 def_bool $(success,echo 'int __seg_fs fs; int __seg_gs gs;' | $(CC) -x c - -S -o /dev/null)
2443 # -fsanitize=kernel-address (KASAN) and -fsanitize=thread
2445 # GCC < 13.3 - see GCC PR sanitizer/111736.
2450 def_bool $(cc-option,-mharden-sls=all)
2453 def_bool $(cc-option,-mfunction-return=thunk-extern)
2456 def_bool $(cc-option,-fpatchable-function-entry=16,16)
2466 # Basically: FUNCTION_ALIGNMENT - 5*CFI_CLANG
2528 kernel-to-user data leaks by avoiding speculative indirect
2529 branches. Requires a compiler with -mindirect-branch=thunk-extern
2533 bool "Enable return-thunks"
2538 Compile the kernel with the return-thunks compiler option to guard
2539 against kernel-to-user data leaks by avoiding return speculation.
2540 Requires a compiler with -mfunction-return=thunk-extern
2558 SKL Return-Speculation-Buffer (RSB) underflow issue. The
2561 non-affected systems the overhead of this option is marginal as
2562 the call depth tracking is using run-time generated call thunks
2577 kernel command line with 'debug-callthunks'.
2602 Enable the SRSO mitigation needed on AMD Zen1-4 machines.
2605 bool "Mitigate Straight-Line-Speculation"
2610 Compile the kernel with straight-line-speculation options to guard
2633 See also <file:Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst>
2636 bool "Mitigate Spectre-BHB (Branch History Injection)"
2643 See <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2653 See also <file:Documentation/admin-guide/hw-vuln/mds.rst>
2664 See also <file:Documentation/admin-guide/hw-vuln/tsx_async_abort.rst>
2672 Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO)
2676 <file:Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst>
2686 See <file:Documentation/admin-guide/hw-vuln/l1tf.rst
2698 memory security restrictions to gain read access to privileged memory
2709 See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2721 See also <file:Documentation/admin-guide/hw-vuln/spectre.rst>
2735 <file:Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst>
2742 hardware security vulnerability and its exploitation takes advantage
2744 security vulnerabilities.
2774 battery status information, and user-space programs will receive
2784 and more information, read <file:Documentation/power/apm-acpi.rst>
2785 and the Battery Powered Linux mini-HOWTO, available from
2790 VESA-compliant "green" monitors.
2842 feature is turned off -- see "Do CPU IDLE calls", below). This
2871 do with your VESA-compliant power-saving monitor. Further, this
2872 option doesn't work for all laptops -- it might not turn off your
2882 needs to. Unfortunately, some BIOSes do not -- especially those in
2906 PCI-based systems don't have any BIOS at all. Linux can also try to
2927 bool "OLPC XO-1"
2939 # x86-64 doesn't support PCI BIOS access from long mode so always go direct.
2981 architectures -- if your target machine is modern, it probably does
2986 # x86_64 have no ISA slots, but can have ISA-style DMA.
2988 bool "ISA-style DMA support" if (X86_64 && EXPERT)
2991 Enables ISA-style DMA support for devices requiring such controllers.
3010 PCI-IDs of several on-chip devices, so its a good dependency
3016 tristate "NatSemi SCx200 27MHz High-Resolution Timer Support"
3020 This driver provides a clocksource built upon the on-chip
3021 27MHz high-resolution timer. Its also a workaround for
3022 NSC Geode SC-1100's buggy TSC, which loses time when the
3039 bool "OLPC XO-1 Power Management"
3042 Add support for poweroff and suspend of the OLPC XO-1 laptop.
3045 bool "OLPC XO-1 Real Time Clock"
3048 Add support for the XO-1 real time clock, which can be used as a
3049 programmable wakeup source.
3052 bool "OLPC XO-1 SCI extras"
3057 Add support for SCI-based features of the OLPC XO-1 laptop:
3058 - EC-driven system wakeups
3059 - Power button
3060 - Ebook switch
3061 - Lid switch
3062 - AC adapter status updates
3063 - Battery status updates
3066 bool "OLPC XO-1.5 SCI extras"
3070 Add support for SCI-based features of the OLPC XO-1.5 laptop:
3071 - EC-driven system wakeups
3072 - AC adapter status updates
3073 - Battery status updates
3109 bool "Technologic Systems TS-5500 platform support"
3115 This option enables system support for the Technologic Systems TS-5500.
3134 Include code to run legacy 32-bit programs under a
3135 64-bit kernel. You should likely turn this on, unless you're
3136 100% sure that you don't have any 32-bit programs left.
3143 Make IA32 emulation disabled by default. This prevents loading 32-bit
3144 processes and access to 32-bit syscalls. If unsure, leave it to its
3148 bool "x32 ABI for 64-bit mode"
3150 # llvm-objcopy does not convert x86_64 .note.gnu.property or
3154 depends on $(success,$(OBJCOPY) --version | head -n1 | grep -qv llvm)
3156 Include code to run binaries for the x32 native 32-bit ABI
3157 for 64-bit processors. An x32 process gets access to the
3158 full 64-bit register file and wide data path while leaving