[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] x86/tboot: adjust Kconfig default
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 3 Mar 2022 07:16:33 -0500
- Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1646309837; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=LfVRUPgOzLNuly24GA8zsUgw508K1tcvpB9AUvDWmkU=; b=KDkSrAG5p5mD/JGANnIzE8CsRr6CVGbDoMV9fD0TQ+fcYCqz6WbQEWW0/acC8yAc60MlLVX8MKhH/xQ5AxFYCVen3F1zoEMBG/sGxz8GWaBm0K1Aj6Qh/oTGPCH/2sKtJjTYkMp/po27ESAtcrKAMkxSLL8ct7k2MHekByJPmUg=
- Arc-seal: i=1; a=rsa-sha256; t=1646309837; cv=none; d=zohomail.com; s=zohoarc; b=nJcynTWmSYZvAsiuxv4Ws2m7NzxTsleHFCtwdsF83dDh9Nfn+yoRH0zEe0L0AKqmu1N7eQ2JtIzTPKTqcK0K+IXWA2m8cOaNVn+iXVpIKkVtShoUtC7GG6eCYKjal0yw3pJtlNqbe5dzdkEfeoTgnBcG/t4bu8I6L7qkjzKq+wI=
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Mateusz Mówka <mateusz.mowka@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Lukasz Hawrylko <lukasz@xxxxxxxxxxx>
- Delivery-date: Thu, 03 Mar 2022 12:17:25 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 3/3/22 07:03, Jan Beulich wrote:
On 03.03.2022 12:50, Daniel P. Smith wrote:
On 3/3/22 04:49, Jan Beulich wrote:
We shouldn't include unsupported code by default, with not even a means
for its building to be disabled. Convert the dependency from merely
affecting the prompt's visibility to a real one.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
We could of course go further and make the default also account for
DEBUG, as is done elsewhere.
As in you would like to adjust the default based on whether DEBUG is on
or not? I guess my question is what motivation is there to adjust this
selection if DEBUG is enabled or disabled?
This is to have functionality enabled unless overridden in debug builds.
Maybe I am misunderstanding you. If I am wanting to debug either TXT or
a configuration with TXT on and I adjust my config to turn on debug,
then I would have to go turn TXT back on. Is that correct? If that is
the correct understanding, honestly that concerns me because if that is
being done for other config options, it would create the situation where
turning on debug to track down an issue would result in a different
configuration than the one I was experiencing the issue.
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -193,14 +193,15 @@ config HVM_FEP
If unsure, say N.
config TBOOT
- bool "Xen tboot support (UNSUPPORTED)" if UNSUPPORTED
- default y if !PV_SHIM_EXCLUSIVE
+ bool "Xen tboot support (UNSUPPORTED)"
+ depends on UNSUPPORTED
+ default !PV_SHIM_EXCLUSIVE
select CRYPTO
---help---
Allows support for Trusted Boot using the Intel(R) Trusted Execution
Technology (TXT)
- If unsure, say Y.
+ If unsure, stay with the default.
choice
prompt "Alignment of Xen image"
Outside of the debug question, I think the proposed change is good.
Reviewed-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxx>
Thanks. I guess there's an 'o' missing though in the email address?
Apologies for that, correct I missed the 'o' as I was typing it out.
v/r,
dps
|
