mirror of
https://github.com/torvalds/linux.git
synced 2024-12-13 06:32:50 +00:00
6ebcb06071
Add the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is encrypted by copying it through a temporary buffer. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Borislav Petkov <bp@alien8.de> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Dave Young <dyoung@redhat.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Larry Woodman <lwoodman@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Matt Fleming <matt@codeblueprint.co.uk> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Rik van Riel <riel@redhat.com> Cc: Toshimitsu Kani <toshi.kani@hpe.com> Cc: kasan-dev@googlegroups.com Cc: kvm@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: linux-efi@vger.kernel.org Cc: linux-mm@kvack.org Link: http://lkml.kernel.org/r/c039bf9412ef95e1e6bf4fdf8facab95e00c717b.1500319216.git.thomas.lendacky@amd.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
44 lines
1.3 KiB
Makefile
44 lines
1.3 KiB
Makefile
# Kernel does not boot with instrumentation of tlb.c.
|
|
KCOV_INSTRUMENT_tlb.o := n
|
|
|
|
obj-y := init.o init_$(BITS).o fault.o ioremap.o extable.o pageattr.o mmap.o \
|
|
pat.o pgtable.o physaddr.o setup_nx.o tlb.o
|
|
|
|
# Make sure __phys_addr has no stackprotector
|
|
nostackp := $(call cc-option, -fno-stack-protector)
|
|
CFLAGS_physaddr.o := $(nostackp)
|
|
CFLAGS_setup_nx.o := $(nostackp)
|
|
|
|
CFLAGS_fault.o := -I$(src)/../include/asm/trace
|
|
|
|
obj-$(CONFIG_X86_PAT) += pat_rbtree.o
|
|
|
|
obj-$(CONFIG_X86_32) += pgtable_32.o iomap_32.o
|
|
|
|
obj-$(CONFIG_HUGETLB_PAGE) += hugetlbpage.o
|
|
obj-$(CONFIG_X86_PTDUMP_CORE) += dump_pagetables.o
|
|
obj-$(CONFIG_X86_PTDUMP) += debug_pagetables.o
|
|
|
|
obj-$(CONFIG_HIGHMEM) += highmem_32.o
|
|
|
|
obj-$(CONFIG_KMEMCHECK) += kmemcheck/
|
|
|
|
KASAN_SANITIZE_kasan_init_$(BITS).o := n
|
|
obj-$(CONFIG_KASAN) += kasan_init_$(BITS).o
|
|
|
|
obj-$(CONFIG_MMIOTRACE) += mmiotrace.o
|
|
mmiotrace-y := kmmio.o pf_in.o mmio-mod.o
|
|
obj-$(CONFIG_MMIOTRACE_TEST) += testmmiotrace.o
|
|
|
|
obj-$(CONFIG_NUMA) += numa.o numa_$(BITS).o
|
|
obj-$(CONFIG_AMD_NUMA) += amdtopology.o
|
|
obj-$(CONFIG_ACPI_NUMA) += srat.o
|
|
obj-$(CONFIG_NUMA_EMU) += numa_emulation.o
|
|
|
|
obj-$(CONFIG_X86_INTEL_MPX) += mpx.o
|
|
obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o
|
|
obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o
|
|
|
|
obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt.o
|
|
obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_boot.o
|