linux/common-config: enable Intel TDX guest support - mirror/nixpkgs

diff options

author	Alex James	2024-09-24 13:59:37 -0500
committer	github-actions[bot]	2024-11-15 11:20:29 +0000
commit	842dcb62215256d319b934ebaad913463c97e5b7 (patch)
tree	4131436bcd3b4b0ec22a8991cddc4518ddb41e07
parent	7bdd6ff0f072db368e7e305336e5fbba56244792 (diff)

linux/common-config: enable Intel TDX guest support backport-344372-to-release-24.11

Intel Trust Domain Extensions (TDX) is a VM-based trusted execution
environment which attempts to isolate confidential guest VMs from the
host, similar to AMD SEV-SNP. Like AMD SEV-SNP it requires guest
modifications (also referred to as "enlightenments") to operate in the
TEE. Initial support for running Linux in a TDX guest environment was
merged [in 5.19][1]. The guest driver used for generating attestation
reports was merged [in 6.2][2].

Enable both of these options on supported kernel versions. This matches
other distros such as [Arch Linux][3], [Debian][4], [Fedora][5],
[openSUSE][6], and [Ubuntu][7].

[1]: https://lore.kernel.org/lkml/Yot1IAqHoRBlwe0w@zn.tnic/
[2]: https://lore.kernel.org/lkml/20221212191525.553266-1-dave.hansen@linux.intel.com/
[3]: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/blob/ac5ceec882898aa46353794a7c8b645b9ec5ae19/config#L409
[4]: https://salsa.debian.org/kernel-team/linux/-/blob/3fdc0bdcafb4e49c232dcea1144dbdfab21eef20/debian/config/amd64/config#L13
[5]: https://src.fedoraproject.org/rpms/kernel/blob/28b3da71f8a3bbd4947adeeba223527776e01927/f/kernel-x86_64-fedora.config#_3170
[6]: https://github.com/SUSE/kernel-source/blob/994cc2d44d4db48977fa33715fd833105fa23555/config/x86_64/default#L403
[7]: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/tree/debian.master/config/annotations#n6660

(cherry picked from commit 41a390a2a28e590a11a87f81081683f5ac4be3e4)

Diffstat

-rw-r--r--

pkgs/os-specific/linux/kernel/common-config.nix

1 files changed, 4 insertions, 0 deletions


context:
space:
mode: