1# SPDX-License-Identifier: GPL-2.0
2#
3# KVM configuration
4#
5
6source "virt/kvm/Kconfig"
7
8menuconfig VIRTUALIZATION
9	bool "Virtualization"
10	depends on HAVE_KVM || X86
11	default y
12	help
13	  Say Y here to get to see options for using your Linux host to run other
14	  operating systems inside virtual machines (guests).
15	  This option alone does not add any kernel code.
16
17	  If you say N, all options in this submenu will be skipped and disabled.
18
19if VIRTUALIZATION
20
21config KVM
22	tristate "Kernel-based Virtual Machine (KVM) support"
23	depends on HAVE_KVM
24	depends on HIGH_RES_TIMERS
25	depends on X86_LOCAL_APIC
26	select PREEMPT_NOTIFIERS
27	select MMU_NOTIFIER
28	select HAVE_KVM_IRQCHIP
29	select HAVE_KVM_PFNCACHE
30	select HAVE_KVM_IRQFD
31	select HAVE_KVM_DIRTY_RING
32	select IRQ_BYPASS_MANAGER
33	select HAVE_KVM_IRQ_BYPASS
34	select HAVE_KVM_IRQ_ROUTING
35	select HAVE_KVM_EVENTFD
36	select KVM_ASYNC_PF
37	select USER_RETURN_NOTIFIER
38	select KVM_MMIO
39	select SCHED_INFO
40	select PERF_EVENTS
41	select GUEST_PERF_EVENTS
42	select HAVE_KVM_MSI
43	select HAVE_KVM_CPU_RELAX_INTERCEPT
44	select HAVE_KVM_NO_POLL
45	select KVM_XFER_TO_GUEST_WORK
46	select KVM_GENERIC_DIRTYLOG_READ_PROTECT
47	select KVM_VFIO
48	select SRCU
49	select INTERVAL_TREE
50	select HAVE_KVM_PM_NOTIFIER if PM
51	help
52	  Support hosting fully virtualized guest machines using hardware
53	  virtualization extensions.  You will need a fairly recent
54	  processor equipped with virtualization extensions. You will also
55	  need to select one or more of the processor modules below.
56
57	  This module provides access to the hardware capabilities through
58	  a character device node named /dev/kvm.
59
60	  To compile this as a module, choose M here: the module
61	  will be called kvm.
62
63	  If unsure, say N.
64
65config KVM_WERROR
66	bool "Compile KVM with -Werror"
67	# KASAN may cause the build to fail due to larger frames
68	default y if X86_64 && !KASAN
69	# We use the dependency on !COMPILE_TEST to not be enabled
70	# blindly in allmodconfig or allyesconfig configurations
71	depends on KVM
72	depends on (X86_64 && !KASAN) || !COMPILE_TEST
73	depends on EXPERT
74	help
75	  Add -Werror to the build flags for KVM.
76
77	  If in doubt, say "N".
78
79config KVM_INTEL
80	tristate "KVM for Intel (and compatible) processors support"
81	depends on KVM && IA32_FEAT_CTL
82	help
83	  Provides support for KVM on processors equipped with Intel's VT
84	  extensions, a.k.a. Virtual Machine Extensions (VMX).
85
86	  To compile this as a module, choose M here: the module
87	  will be called kvm-intel.
88
89config X86_SGX_KVM
90	bool "Software Guard eXtensions (SGX) Virtualization"
91	depends on X86_SGX && KVM_INTEL
92	help
93
94	  Enables KVM guests to create SGX enclaves.
95
96	  This includes support to expose "raw" unreclaimable enclave memory to
97	  guests via a device node, e.g. /dev/sgx_vepc.
98
99	  If unsure, say N.
100
101config KVM_AMD
102	tristate "KVM for AMD processors support"
103	depends on KVM
104	help
105	  Provides support for KVM on AMD processors equipped with the AMD-V
106	  (SVM) extensions.
107
108	  To compile this as a module, choose M here: the module
109	  will be called kvm-amd.
110
111config KVM_AMD_SEV
112	def_bool y
113	bool "AMD Secure Encrypted Virtualization (SEV) support"
114	depends on KVM_AMD && X86_64
115	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
116	help
117	  Provides support for launching Encrypted VMs (SEV) and Encrypted VMs
118	  with Encrypted State (SEV-ES) on AMD processors.
119
120config KVM_XEN
121	bool "Support for Xen hypercall interface"
122	depends on KVM
123	help
124	  Provides KVM support for the hosting Xen HVM guests and
125	  passing Xen hypercalls to userspace.
126
127	  If in doubt, say "N".
128
129config KVM_EXTERNAL_WRITE_TRACKING
130	bool
131
132endif # VIRTUALIZATION
133