Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...

[cascardo/linux.git] / arch / x86 / Kconfig

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index bf24050..5d0bf1a 100644 (file)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -96,6 +96,7 @@ config X86
        select IRQ_FORCED_THREADING
        select HAVE_BPF_JIT if X86_64
        select HAVE_ARCH_TRANSPARENT_HUGEPAGE
+       select ARCH_HAS_SG_CHAIN
        select CLKEVT_I8253
        select ARCH_HAVE_NMI_SAFE_CMPXCHG
        select GENERIC_IOMAP
@@ -433,6 +434,7 @@ config X86_INTEL_CE
        bool "CE4100 TV platform"
        depends on PCI
        depends on PCI_GODIRECT
+       depends on X86_IO_APIC
        depends on X86_32
        depends on X86_EXTENDED_PLATFORM
        select X86_REBOOTFIXUPS
@@ -839,6 +841,7 @@ config X86_IO_APIC
        def_bool y
        depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_IOAPIC || PCI_MSI
        select GENERIC_IRQ_LEGACY_ALLOC_HWIRQ
+       select IRQ_DOMAIN
 
 config X86_REROUTE_FOR_BROKEN_BOOT_IRQS
        bool "Reroute for broken boot IRQs"
@@ -1540,7 +1543,8 @@ config EFI
 
 config EFI_STUB
        bool "EFI stub support"
-       depends on EFI
+       depends on EFI && !X86_USE_3DNOW
+       select RELOCATABLE
        ---help---
           This kernel feature allows a bzImage to be loaded directly
          by EFI firmware without the use of a bootloader.
@@ -1581,6 +1585,9 @@ source kernel/Kconfig.hz
 
 config KEXEC
        bool "kexec system call"
+       select BUILD_BIN2C
+       select CRYPTO
+       select CRYPTO_SHA256
        ---help---
          kexec is a system call that implements the ability to shutdown your
          current kernel, and to start another kernel.  It is like a reboot
@@ -1595,6 +1602,28 @@ config KEXEC
          interface is strongly in flux, so no good recommendation can be
          made.
 
+config KEXEC_VERIFY_SIG
+       bool "Verify kernel signature during kexec_file_load() syscall"
+       depends on KEXEC
+       ---help---
+         This option makes kernel signature verification mandatory for
+         kexec_file_load() syscall. If kernel is signature can not be
+         verified, kexec_file_load() will fail.
+
+         This option enforces signature verification at generic level.
+         One needs to enable signature verification for type of kernel
+         image being loaded to make sure it works. For example, enable
+         bzImage signature verification option to be able to load and
+         verify signatures of bzImage. Otherwise kernel loading will fail.
+
+config KEXEC_BZIMAGE_VERIFY_SIG
+       bool "Enable bzImage signature verification support"
+       depends on KEXEC_VERIFY_SIG
+       depends on SIGNED_PE_FILE_VERIFICATION
+       select SYSTEM_TRUSTED_KEYRING
+       ---help---
+         Enable bzImage signature verification support.
+
 config CRASH_DUMP
        bool "kernel crash dumps"
        depends on X86_64 || (X86_32 && HIGHMEM)