xref: /openbmc/linux/arch/x86/kvm/Kconfig (revision e3211e41)
1# SPDX-License-Identifier: GPL-2.0
2#
3# KVM configuration
4#
5
6source "virt/kvm/Kconfig"
7
8menuconfig VIRTUALIZATION
9	bool "Virtualization"
10	depends on HAVE_KVM || X86
11	default y
12	help
13	  Say Y here to get to see options for using your Linux host to run other
14	  operating systems inside virtual machines (guests).
15	  This option alone does not add any kernel code.
16
17	  If you say N, all options in this submenu will be skipped and disabled.
18
19if VIRTUALIZATION
20
21config KVM
22	tristate "Kernel-based Virtual Machine (KVM) support"
23	depends on HAVE_KVM
24	depends on HIGH_RES_TIMERS
25	# for TASKSTATS/TASK_DELAY_ACCT:
26	depends on NET && MULTIUSER
27	depends on X86_LOCAL_APIC
28	select PREEMPT_NOTIFIERS
29	select MMU_NOTIFIER
30	select HAVE_KVM_IRQCHIP
31	select HAVE_KVM_IRQFD
32	select IRQ_BYPASS_MANAGER
33	select HAVE_KVM_IRQ_BYPASS
34	select HAVE_KVM_IRQ_ROUTING
35	select HAVE_KVM_EVENTFD
36	select KVM_ASYNC_PF
37	select USER_RETURN_NOTIFIER
38	select KVM_MMIO
39	select TASKSTATS
40	select TASK_DELAY_ACCT
41	select PERF_EVENTS
42	select HAVE_KVM_MSI
43	select HAVE_KVM_CPU_RELAX_INTERCEPT
44	select HAVE_KVM_NO_POLL
45	select KVM_XFER_TO_GUEST_WORK
46	select KVM_GENERIC_DIRTYLOG_READ_PROTECT
47	select KVM_VFIO
48	select SRCU
49	help
50	  Support hosting fully virtualized guest machines using hardware
51	  virtualization extensions.  You will need a fairly recent
52	  processor equipped with virtualization extensions. You will also
53	  need to select one or more of the processor modules below.
54
55	  This module provides access to the hardware capabilities through
56	  a character device node named /dev/kvm.
57
58	  To compile this as a module, choose M here: the module
59	  will be called kvm.
60
61	  If unsure, say N.
62
63config KVM_WERROR
64	bool "Compile KVM with -Werror"
65	# KASAN may cause the build to fail due to larger frames
66	default y if X86_64 && !KASAN
67	# We use the dependency on !COMPILE_TEST to not be enabled
68	# blindly in allmodconfig or allyesconfig configurations
69	depends on KVM
70	depends on (X86_64 && !KASAN) || !COMPILE_TEST
71	depends on EXPERT
72	help
73	  Add -Werror to the build flags for KVM.
74
75	  If in doubt, say "N".
76
77config KVM_INTEL
78	tristate "KVM for Intel (and compatible) processors support"
79	depends on KVM && IA32_FEAT_CTL
80	help
81	  Provides support for KVM on processors equipped with Intel's VT
82	  extensions, a.k.a. Virtual Machine Extensions (VMX).
83
84	  To compile this as a module, choose M here: the module
85	  will be called kvm-intel.
86
87config X86_SGX_KVM
88	bool "Software Guard eXtensions (SGX) Virtualization"
89	depends on X86_SGX && KVM_INTEL
90	help
91
92	  Enables KVM guests to create SGX enclaves.
93
94	  This includes support to expose "raw" unreclaimable enclave memory to
95	  guests via a device node, e.g. /dev/sgx_vepc.
96
97	  If unsure, say N.
98
99config KVM_AMD
100	tristate "KVM for AMD processors support"
101	depends on KVM
102	help
103	  Provides support for KVM on AMD processors equipped with the AMD-V
104	  (SVM) extensions.
105
106	  To compile this as a module, choose M here: the module
107	  will be called kvm-amd.
108
109config KVM_AMD_SEV
110	def_bool y
111	bool "AMD Secure Encrypted Virtualization (SEV) support"
112	depends on KVM_AMD && X86_64
113	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
114	help
115	  Provides support for launching Encrypted VMs (SEV) and Encrypted VMs
116	  with Encrypted State (SEV-ES) on AMD processors.
117
118config KVM_XEN
119	bool "Support for Xen hypercall interface"
120	depends on KVM
121	help
122	  Provides KVM support for the hosting Xen HVM guests and
123	  passing Xen hypercalls to userspace.
124
125	  If in doubt, say "N".
126
127config KVM_MMU_AUDIT
128	bool "Audit KVM MMU"
129	depends on KVM && TRACEPOINTS
130	help
131	 This option adds a R/W kVM module parameter 'mmu_audit', which allows
132	 auditing of KVM MMU events at runtime.
133
134endif # VIRTUALIZATION
135