| # Kconfig - x86 core configuration options |
| |
| # |
| # Copyright (c) 2014-2015 Wind River Systems, Inc. |
| # |
| # SPDX-License-Identifier: Apache-2.0 |
| # |
| |
| config NESTED_INTERRUPTS |
| bool "Enable nested interrupts" |
| default y |
| help |
| This option enables support for nested interrupts. |
| |
| config EXCEPTION_DEBUG |
| bool "Unhandled exception debugging" |
| default y |
| depends on PRINTK |
| help |
| Install handlers for various CPU exception/trap vectors to |
| make debugging them easier, at a small expense in code size. |
| This prints out the specific exception vector and any associated |
| error codes. |
| |
| menu "Memory Layout Options" |
| |
| config IDT_NUM_VECTORS |
| int "Number of IDT vectors" |
| default 256 |
| range 32 256 |
| help |
| This option specifies the number of interrupt vector entries in the |
| Interrupt Descriptor Table (IDT). By default all 256 vectors are |
| supported in an IDT requiring 2048 bytes of memory. |
| |
| config MAX_IRQ_LINES |
| int "Number of IRQ lines" |
| default 128 |
| range 0 256 |
| help |
| This option specifies the number of IRQ lines in the system. |
| It can be tuned to save some bytes in ROM, as it determines the |
| size of the _irq_to_interrupt_vector_table, which is used at runtime |
| to program to the PIC the association between vectors and |
| interrupts. |
| |
| config SET_GDT |
| bool "Setup GDT as part of boot process" |
| default y |
| help |
| This option sets up the GDT as part of the boot process. However, |
| this may conflict with some security scenarios where the GDT is |
| already appropriately set by an earlier bootloader stage, in which |
| case this should be disabled. If disabled, the global _gdt pointer |
| will not be available. |
| |
| config GDT_DYNAMIC |
| bool "Store GDT in RAM so that it can be modified" |
| depends on SET_GDT |
| help |
| This option stores the GDT in RAM instead of ROM, so that it may |
| be modified at runtime at the expense of some memory. |
| |
| endmenu |
| |
| config DISABLE_SSBD |
| bool "Disable Speculative Store Bypass" |
| depends on USERSPACE |
| default y if !X86_NO_SPECTRE_V4 |
| help |
| This option will disable Speculative Store Bypass in order to |
| mitigate against certain kinds of side channel attacks. Quoting |
| the "Speculative Execution Side Channels" document, version 2.0: |
| |
| When SSBD is set, loads will not execute speculatively |
| until the addresses of all older stores are known. This |
| ensure s that a load does not speculatively consume stale |
| data values due to bypassing an older store on the same |
| logical processor. |
| |
| If enabled, this applies to all threads in the system. |
| |
| Even if enabled, will have no effect on CPUs that do not |
| require this feature. |
| |
| config ENABLE_EXTENDED_IBRS |
| bool "Enable Extended IBRS" |
| depends on USERSPACE |
| default y if !X86_NO_SPECTRE_V2 |
| help |
| This option will enable the Extended Indirect Branch Restricted |
| Speculation 'always on' feature. This mitigates Indirect Branch |
| Control vulnerabilities (aka Spectre V2). |
| |
| config X86_RETPOLINE |
| bool "Build with retpolines enabled in x86 assembly code" |
| depends on USERSPACE |
| help |
| This is recommended on platforms with speculative executions, to |
| protect against branch target injection (AKA Spectre-V2). Full |
| description of how retpolines work can be found here[1]. |
| |
| [1] https://support.google.com/faqs/answer/7625886 |
| |
| config X86_BOUNDS_CHECK_BYPASS_MITIGATION |
| bool |
| depends on USERSPACE |
| default y if !X86_NO_SPECTRE_V1 |
| select BOUNDS_CHECK_BYPASS_MITIGATION |
| help |
| Hidden config to select arch-independent option to enable |
| Spectre V1 mitigations by default if the CPU is not known |
| to be immune to it. |