1# SPDX-License-Identifier: GPL-2.0 2# 3# KVM configuration 4# 5 6source "virt/kvm/Kconfig" 7 8menuconfig VIRTUALIZATION 9 bool "Virtualization" 10 depends on HAVE_KVM || X86 11 default y 12 help 13 Say Y here to get to see options for using your Linux host to run other 14 operating systems inside virtual machines (guests). 15 This option alone does not add any kernel code. 16 17 If you say N, all options in this submenu will be skipped and disabled. 18 19if VIRTUALIZATION 20 21config KVM 22 tristate "Kernel-based Virtual Machine (KVM) support" 23 depends on HAVE_KVM 24 depends on HIGH_RES_TIMERS 25 depends on X86_LOCAL_APIC 26 select PREEMPT_NOTIFIERS 27 select MMU_NOTIFIER 28 select HAVE_KVM_IRQCHIP 29 select HAVE_KVM_IRQFD 30 select IRQ_BYPASS_MANAGER 31 select HAVE_KVM_IRQ_BYPASS 32 select HAVE_KVM_IRQ_ROUTING 33 select HAVE_KVM_EVENTFD 34 select KVM_ASYNC_PF 35 select USER_RETURN_NOTIFIER 36 select KVM_MMIO 37 select SCHED_INFO 38 select PERF_EVENTS 39 select GUEST_PERF_EVENTS 40 select HAVE_KVM_MSI 41 select HAVE_KVM_CPU_RELAX_INTERCEPT 42 select HAVE_KVM_NO_POLL 43 select KVM_XFER_TO_GUEST_WORK 44 select KVM_GENERIC_DIRTYLOG_READ_PROTECT 45 select KVM_VFIO 46 select SRCU 47 select HAVE_KVM_PM_NOTIFIER if PM 48 help 49 Support hosting fully virtualized guest machines using hardware 50 virtualization extensions. You will need a fairly recent 51 processor equipped with virtualization extensions. You will also 52 need to select one or more of the processor modules below. 53 54 This module provides access to the hardware capabilities through 55 a character device node named /dev/kvm. 56 57 To compile this as a module, choose M here: the module 58 will be called kvm. 59 60 If unsure, say N. 61 62config KVM_WERROR 63 bool "Compile KVM with -Werror" 64 # KASAN may cause the build to fail due to larger frames 65 default y if X86_64 && !KASAN 66 # We use the dependency on !COMPILE_TEST to not be enabled 67 # blindly in allmodconfig or allyesconfig configurations 68 depends on KVM 69 depends on (X86_64 && !KASAN) || !COMPILE_TEST 70 depends on EXPERT 71 help 72 Add -Werror to the build flags for KVM. 73 74 If in doubt, say "N". 75 76config KVM_INTEL 77 tristate "KVM for Intel (and compatible) processors support" 78 depends on KVM && IA32_FEAT_CTL 79 help 80 Provides support for KVM on processors equipped with Intel's VT 81 extensions, a.k.a. Virtual Machine Extensions (VMX). 82 83 To compile this as a module, choose M here: the module 84 will be called kvm-intel. 85 86config X86_SGX_KVM 87 bool "Software Guard eXtensions (SGX) Virtualization" 88 depends on X86_SGX && KVM_INTEL 89 help 90 91 Enables KVM guests to create SGX enclaves. 92 93 This includes support to expose "raw" unreclaimable enclave memory to 94 guests via a device node, e.g. /dev/sgx_vepc. 95 96 If unsure, say N. 97 98config KVM_AMD 99 tristate "KVM for AMD processors support" 100 depends on KVM 101 help 102 Provides support for KVM on AMD processors equipped with the AMD-V 103 (SVM) extensions. 104 105 To compile this as a module, choose M here: the module 106 will be called kvm-amd. 107 108config KVM_AMD_SEV 109 def_bool y 110 bool "AMD Secure Encrypted Virtualization (SEV) support" 111 depends on KVM_AMD && X86_64 112 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) 113 help 114 Provides support for launching Encrypted VMs (SEV) and Encrypted VMs 115 with Encrypted State (SEV-ES) on AMD processors. 116 117config KVM_XEN 118 bool "Support for Xen hypercall interface" 119 depends on KVM 120 help 121 Provides KVM support for the hosting Xen HVM guests and 122 passing Xen hypercalls to userspace. 123 124 If in doubt, say "N". 125 126config KVM_MMU_AUDIT 127 bool "Audit KVM MMU" 128 depends on KVM && TRACEPOINTS 129 help 130 This option adds a R/W kVM module parameter 'mmu_audit', which allows 131 auditing of KVM MMU events at runtime. 132 133endif # VIRTUALIZATION 134