summaryrefslogtreecommitdiff
path: root/src/soc/intel/common/block/sgx/Kconfig
blob: 6e8323f3331c85806f507d07e5d7ffaaa9880631 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
config SOC_INTEL_COMMON_BLOCK_SGX
	bool
	select CPU_INTEL_COMMON
	select CPU_INTEL_COMMON_HYPERTHREADING
	default n
	help
	  Intel Processor common SGX support

config SOC_INTEL_COMMON_BLOCK_SGX_LOCK_MEMORY
	bool
	depends on SOC_INTEL_COMMON_BLOCK_SGX
	default n
	help
	 Lock memory before SGX activation. This is only needed if MCHECK does not do it.

config SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
	bool "Enable Software Guard Extensions (SGX) if available"
	depends on SOC_INTEL_COMMON_BLOCK_SGX
	default n
	help
	  Intel Software Guard Extensions (SGX) is a set of new CPU instructions that can be
	  used by applications to set aside private regions (so-called Secure Enclaves) of
	  code and data.

	  SGX will only be enabled when supported by the CPU!

config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE
	int
	default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX
	default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB
	default 128 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB
	default  64 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB
	default  32 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB
	default   1 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_1MB

choice
	prompt "PRMRR size"
	default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX if SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
	default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED if !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
	help
	  PRMRR (Protected Memory Range) is the space in RAM that is used to provide a protected
	  memory area (e.g. for the Intel SGX Secure Enclaves). The memory region is accessible
	  only by the processor itself to protect the data from unauthorized access.

	  This option selects the maximum size that gets reserved. Depending on the SoC a lower,
	  compatible value may be chosen at runtime as not all values are supported on all
	  families.

config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX
	bool "Maximum"

config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB
	bool "256 MiB"

config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB
	bool "128 MiB"

config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB
	bool "64 MiB"

config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB
	bool "32 MiB"

config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_1MB
	depends on !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE  # SGX depends on PRMRR >= 32 MiB
	bool "1 MiB"

config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED
	depends on !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE  # SGX depends on PRMRR >= 32 MiB
	bool "Disabled"

endchoice