d97c68d178
If CONFIG_RANDOM_TRUST_CPU is set, the RNG initializes using RDRAND. But, the user can disable (or enable) this behavior by setting `random.trust_cpu=0/1` on the kernel command line. This allows system builders to do reasonable things while avoiding howls from tinfoil hatters. (Or vice versa.) CONFIG_RANDOM_TRUST_BOOTLOADER is basically the same thing, but regards the seed passed via EFI or device tree, which might come from RDRAND or a TPM or somewhere else. In order to allow distros to more easily enable this while avoiding those same howls (or vice versa), this commit adds the corresponding `random.trust_bootloader=0/1` toggle. Cc: Theodore Ts'o <tytso@mit.edu> Cc: Graham Christensen <graham@grahamc.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net> Link: https://github.com/NixOS/nixpkgs/pull/165355 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
456 lines
16 KiB
Plaintext
456 lines
16 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Character device configuration
|
|
#
|
|
|
|
menu "Character devices"
|
|
|
|
source "drivers/tty/Kconfig"
|
|
|
|
config TTY_PRINTK
|
|
tristate "TTY driver to output user messages via printk"
|
|
depends on EXPERT && TTY
|
|
default n
|
|
help
|
|
If you say Y here, the support for writing user messages (i.e.
|
|
console messages) via printk is available.
|
|
|
|
The feature is useful to inline user messages with kernel
|
|
messages.
|
|
In order to use this feature, you should output user messages
|
|
to /dev/ttyprintk or redirect console to this TTY.
|
|
|
|
If unsure, say N.
|
|
|
|
config TTY_PRINTK_LEVEL
|
|
depends on TTY_PRINTK
|
|
int "ttyprintk log level (1-7)"
|
|
range 1 7
|
|
default "6"
|
|
help
|
|
Printk log level to use for ttyprintk messages.
|
|
|
|
config PRINTER
|
|
tristate "Parallel printer support"
|
|
depends on PARPORT
|
|
help
|
|
If you intend to attach a printer to the parallel port of your Linux
|
|
box (as opposed to using a serial printer; if the connector at the
|
|
printer has 9 or 25 holes ["female"], then it's serial), say Y.
|
|
Also read the Printing-HOWTO, available from
|
|
<https://www.tldp.org/docs.html#howto>.
|
|
|
|
It is possible to share one parallel port among several devices
|
|
(e.g. printer and ZIP drive) and it is safe to compile the
|
|
corresponding drivers into the kernel.
|
|
|
|
To compile this driver as a module, choose M here and read
|
|
<file:Documentation/admin-guide/parport.rst>. The module will be called lp.
|
|
|
|
If you have several parallel ports, you can specify which ports to
|
|
use with the "lp" kernel command line option. (Try "man bootparam"
|
|
or see the documentation of your boot loader (lilo or loadlin) about
|
|
how to pass options to the kernel at boot time.) The syntax of the
|
|
"lp" command line option can be found in <file:drivers/char/lp.c>.
|
|
|
|
If you have more than 8 printers, you need to increase the LP_NO
|
|
macro in lp.c and the PARPORT_MAX macro in parport.h.
|
|
|
|
config LP_CONSOLE
|
|
bool "Support for console on line printer"
|
|
depends on PRINTER
|
|
help
|
|
If you want kernel messages to be printed out as they occur, you
|
|
can have a console on the printer. This option adds support for
|
|
doing that; to actually get it to happen you need to pass the
|
|
option "console=lp0" to the kernel at boot time.
|
|
|
|
If the printer is out of paper (or off, or unplugged, or too
|
|
busy..) the kernel will stall until the printer is ready again.
|
|
By defining CONSOLE_LP_STRICT to 0 (at your own risk) you
|
|
can make the kernel continue when this happens,
|
|
but it'll lose the kernel messages.
|
|
|
|
If unsure, say N.
|
|
|
|
config PPDEV
|
|
tristate "Support for user-space parallel port device drivers"
|
|
depends on PARPORT
|
|
help
|
|
Saying Y to this adds support for /dev/parport device nodes. This
|
|
is needed for programs that want portable access to the parallel
|
|
port, for instance deviceid (which displays Plug-and-Play device
|
|
IDs).
|
|
|
|
This is the parallel port equivalent of SCSI generic support (sg).
|
|
It is safe to say N to this -- it is not needed for normal printing
|
|
or parallel port CD-ROM/disk support.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called ppdev.
|
|
|
|
If unsure, say N.
|
|
|
|
config VIRTIO_CONSOLE
|
|
tristate "Virtio console"
|
|
depends on TTY
|
|
select HVC_DRIVER
|
|
select VIRTIO
|
|
help
|
|
Virtio console for use with hypervisors.
|
|
|
|
Also serves as a general-purpose serial device for data
|
|
transfer between the guest and host. Character devices at
|
|
/dev/vportNpn will be created when corresponding ports are
|
|
found, where N is the device number and n is the port number
|
|
within that device. If specified by the host, a sysfs
|
|
attribute called 'name' will be populated with a name for
|
|
the port which can be used by udev scripts to create a
|
|
symlink to the device.
|
|
|
|
config IBM_BSR
|
|
tristate "IBM POWER Barrier Synchronization Register support"
|
|
depends on PPC_PSERIES
|
|
help
|
|
This devices exposes a hardware mechanism for fast synchronization
|
|
of threads across a large system which avoids bouncing a cacheline
|
|
between several cores on a system
|
|
|
|
config POWERNV_OP_PANEL
|
|
tristate "IBM POWERNV Operator Panel Display support"
|
|
depends on PPC_POWERNV
|
|
default m
|
|
help
|
|
If you say Y here, a special character device node, /dev/op_panel,
|
|
will be created which exposes the operator panel display on IBM
|
|
Power Systems machines with FSPs.
|
|
|
|
If you don't require access to the operator panel display from user
|
|
space, say N.
|
|
|
|
If unsure, say M here to build it as a module called powernv-op-panel.
|
|
|
|
source "drivers/char/ipmi/Kconfig"
|
|
|
|
config DS1620
|
|
tristate "NetWinder thermometer support"
|
|
depends on ARCH_NETWINDER
|
|
help
|
|
Say Y here to include support for the thermal management hardware
|
|
found in the NetWinder. This driver allows the user to control the
|
|
temperature set points and to read the current temperature.
|
|
|
|
It is also possible to say M here to build it as a module (ds1620)
|
|
It is recommended to be used on a NetWinder, but it is not a
|
|
necessity.
|
|
|
|
config NWBUTTON
|
|
tristate "NetWinder Button"
|
|
depends on ARCH_NETWINDER
|
|
help
|
|
If you say Y here and create a character device node /dev/nwbutton
|
|
with major and minor numbers 10 and 158 ("man mknod"), then every
|
|
time the orange button is pressed a number of times, the number of
|
|
times the button was pressed will be written to that device.
|
|
|
|
This is most useful for applications, as yet unwritten, which
|
|
perform actions based on how many times the button is pressed in a
|
|
row.
|
|
|
|
Do not hold the button down for too long, as the driver does not
|
|
alter the behaviour of the hardware reset circuitry attached to the
|
|
button; it will still execute a hard reset if the button is held
|
|
down for longer than approximately five seconds.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called nwbutton.
|
|
|
|
Most people will answer Y to this question and "Reboot Using Button"
|
|
below to be able to initiate a system shutdown from the button.
|
|
|
|
config NWBUTTON_REBOOT
|
|
bool "Reboot Using Button"
|
|
depends on NWBUTTON
|
|
help
|
|
If you say Y here, then you will be able to initiate a system
|
|
shutdown and reboot by pressing the orange button a number of times.
|
|
The number of presses to initiate the shutdown is two by default,
|
|
but this can be altered by modifying the value of NUM_PRESSES_REBOOT
|
|
in nwbutton.h and recompiling the driver or, if you compile the
|
|
driver as a module, you can specify the number of presses at load
|
|
time with "insmod button reboot_count=<something>".
|
|
|
|
config NWFLASH
|
|
tristate "NetWinder flash support"
|
|
depends on ARCH_NETWINDER
|
|
help
|
|
If you say Y here and create a character device /dev/flash with
|
|
major 10 and minor 160 you can manipulate the flash ROM containing
|
|
the NetWinder firmware. Be careful as accidentally overwriting the
|
|
flash contents can render your computer unbootable. On no account
|
|
allow random users access to this device. :-)
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called nwflash.
|
|
|
|
If you're not sure, say N.
|
|
|
|
source "drivers/char/hw_random/Kconfig"
|
|
|
|
config DTLK
|
|
tristate "Double Talk PC internal speech card support"
|
|
depends on ISA
|
|
help
|
|
This driver is for the DoubleTalk PC, a speech synthesizer
|
|
manufactured by RC Systems (<https://www.rcsys.com/>). It is also
|
|
called the `internal DoubleTalk'.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called dtlk.
|
|
|
|
config XILINX_HWICAP
|
|
tristate "Xilinx HWICAP Support"
|
|
depends on MICROBLAZE
|
|
help
|
|
This option enables support for Xilinx Internal Configuration
|
|
Access Port (ICAP) driver. The ICAP is used on Xilinx Virtex
|
|
FPGA platforms to partially reconfigure the FPGA at runtime.
|
|
|
|
If unsure, say N.
|
|
|
|
config APPLICOM
|
|
tristate "Applicom intelligent fieldbus card support"
|
|
depends on PCI
|
|
help
|
|
This driver provides the kernel-side support for the intelligent
|
|
fieldbus cards made by Applicom International. More information
|
|
about these cards can be found on the WWW at the address
|
|
<https://www.applicom-int.com/>, or by email from David Woodhouse
|
|
<dwmw2@infradead.org>.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called applicom.
|
|
|
|
If unsure, say N.
|
|
|
|
config SONYPI
|
|
tristate "Sony Vaio Programmable I/O Control Device support"
|
|
depends on X86_32 && PCI && INPUT
|
|
help
|
|
This driver enables access to the Sony Programmable I/O Control
|
|
Device which can be found in many (all ?) Sony Vaio laptops.
|
|
|
|
If you have one of those laptops, read
|
|
<file:Documentation/admin-guide/laptops/sonypi.rst>, and say Y or M here.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called sonypi.
|
|
|
|
config GPIO_TB0219
|
|
tristate "TANBAC TB0219 GPIO support"
|
|
depends on TANBAC_TB022X
|
|
select GPIO_VR41XX
|
|
|
|
source "drivers/char/pcmcia/Kconfig"
|
|
|
|
config MWAVE
|
|
tristate "ACP Modem (Mwave) support"
|
|
depends on X86 && TTY
|
|
select SERIAL_8250
|
|
help
|
|
The ACP modem (Mwave) for Linux is a WinModem. It is composed of a
|
|
kernel driver and a user level application. Together these components
|
|
support direct attachment to public switched telephone networks (PSTNs)
|
|
and support selected world wide countries.
|
|
|
|
This version of the ACP Modem driver supports the IBM Thinkpad 600E,
|
|
600, and 770 that include on board ACP modem hardware.
|
|
|
|
The modem also supports the standard communications port interface
|
|
(ttySx) and is compatible with the Hayes AT Command Set.
|
|
|
|
The user level application needed to use this driver can be found at
|
|
the IBM Linux Technology Center (LTC) web site:
|
|
<http://www.ibm.com/linux/ltc/>.
|
|
|
|
If you own one of the above IBM Thinkpads which has the Mwave chipset
|
|
in it, say Y.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called mwave.
|
|
|
|
config SCx200_GPIO
|
|
tristate "NatSemi SCx200 GPIO Support"
|
|
depends on SCx200
|
|
select NSC_GPIO
|
|
help
|
|
Give userspace access to the GPIO pins on the National
|
|
Semiconductor SCx200 processors.
|
|
|
|
If compiled as a module, it will be called scx200_gpio.
|
|
|
|
config PC8736x_GPIO
|
|
tristate "NatSemi PC8736x GPIO Support"
|
|
depends on X86_32 && !UML
|
|
default SCx200_GPIO # mostly N
|
|
select NSC_GPIO # needed for support routines
|
|
help
|
|
Give userspace access to the GPIO pins on the National
|
|
Semiconductor PC-8736x (x=[03456]) SuperIO chip. The chip
|
|
has multiple functional units, inc several managed by
|
|
hwmon/pc87360 driver. Tested with PC-87366
|
|
|
|
If compiled as a module, it will be called pc8736x_gpio.
|
|
|
|
config NSC_GPIO
|
|
tristate "NatSemi Base GPIO Support"
|
|
depends on X86_32
|
|
# selected by SCx200_GPIO and PC8736x_GPIO
|
|
# what about 2 selectors differing: m != y
|
|
help
|
|
Common support used (and needed) by scx200_gpio and
|
|
pc8736x_gpio drivers. If those drivers are built as
|
|
modules, this one will be too, named nsc_gpio
|
|
|
|
config DEVMEM
|
|
bool "/dev/mem virtual device support"
|
|
default y
|
|
help
|
|
Say Y here if you want to support the /dev/mem device.
|
|
The /dev/mem device is used to access areas of physical
|
|
memory.
|
|
When in doubt, say "Y".
|
|
|
|
config NVRAM
|
|
tristate "/dev/nvram support"
|
|
depends on X86 || HAVE_ARCH_NVRAM_OPS
|
|
default M68K || PPC
|
|
help
|
|
If you say Y here and create a character special file /dev/nvram
|
|
with major number 10 and minor number 144 using mknod ("man mknod"),
|
|
you get read and write access to the non-volatile memory.
|
|
|
|
/dev/nvram may be used to view settings in NVRAM or to change them
|
|
(with some utility). It could also be used to frequently
|
|
save a few bits of very important data that may not be lost over
|
|
power-off and for which writing to disk is too insecure. Note
|
|
however that most NVRAM space in a PC belongs to the BIOS and you
|
|
should NEVER idly tamper with it. See Ralf Brown's interrupt list
|
|
for a guide to the use of CMOS bytes by your BIOS.
|
|
|
|
This memory is conventionally called "NVRAM" on PowerPC machines,
|
|
"CMOS RAM" on PCs, "NVRAM" on Ataris and "PRAM" on Macintoshes.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called nvram.
|
|
|
|
config DEVPORT
|
|
bool "/dev/port character device"
|
|
depends on ISA || PCI
|
|
default y
|
|
help
|
|
Say Y here if you want to support the /dev/port device. The /dev/port
|
|
device is similar to /dev/mem, but for I/O ports.
|
|
|
|
config HPET
|
|
bool "HPET - High Precision Event Timer" if (X86 || IA64)
|
|
default n
|
|
depends on ACPI
|
|
help
|
|
If you say Y here, you will have a miscdevice named "/dev/hpet/". Each
|
|
open selects one of the timers supported by the HPET. The timers are
|
|
non-periodic and/or periodic.
|
|
|
|
config HPET_MMAP
|
|
bool "Allow mmap of HPET"
|
|
default y
|
|
depends on HPET
|
|
help
|
|
If you say Y here, user applications will be able to mmap
|
|
the HPET registers.
|
|
|
|
config HPET_MMAP_DEFAULT
|
|
bool "Enable HPET MMAP access by default"
|
|
default y
|
|
depends on HPET_MMAP
|
|
help
|
|
In some hardware implementations, the page containing HPET
|
|
registers may also contain other things that shouldn't be
|
|
exposed to the user. This option selects the default (if
|
|
kernel parameter hpet_mmap is not set) user access to the
|
|
registers for applications that require it.
|
|
|
|
config HANGCHECK_TIMER
|
|
tristate "Hangcheck timer"
|
|
depends on X86 || IA64 || PPC64 || S390
|
|
help
|
|
The hangcheck-timer module detects when the system has gone
|
|
out to lunch past a certain margin. It can reboot the system
|
|
or merely print a warning.
|
|
|
|
config UV_MMTIMER
|
|
tristate "UV_MMTIMER Memory mapped RTC for SGI UV"
|
|
depends on X86_UV
|
|
default m
|
|
help
|
|
The uv_mmtimer device allows direct userspace access to the
|
|
UV system timer.
|
|
|
|
source "drivers/char/tpm/Kconfig"
|
|
|
|
config TELCLOCK
|
|
tristate "Telecom clock driver for ATCA SBC"
|
|
depends on X86
|
|
default n
|
|
help
|
|
The telecom clock device is specific to the MPCBL0010 and MPCBL0050
|
|
ATCA computers and allows direct userspace access to the
|
|
configuration of the telecom clock configuration settings. This
|
|
device is used for hardware synchronization across the ATCA backplane
|
|
fabric. Upon loading, the driver exports a sysfs directory,
|
|
/sys/devices/platform/telco_clock, with a number of files for
|
|
controlling the behavior of this hardware.
|
|
|
|
source "drivers/s390/char/Kconfig"
|
|
|
|
source "drivers/char/xillybus/Kconfig"
|
|
|
|
config ADI
|
|
tristate "SPARC Privileged ADI driver"
|
|
depends on SPARC64
|
|
default m
|
|
help
|
|
SPARC M7 and newer processors utilize ADI (Application Data
|
|
Integrity) to version and protect memory. This driver provides
|
|
read/write access to the ADI versions for privileged processes.
|
|
This feature is also known as MCD (Memory Corruption Detection)
|
|
and SSM (Silicon Secured Memory). Intended consumers of this
|
|
driver include crash and makedumpfile.
|
|
|
|
config RANDOM_TRUST_CPU
|
|
bool "Trust the CPU manufacturer to initialize Linux's CRNG"
|
|
depends on ARCH_RANDOM
|
|
default n
|
|
help
|
|
Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or
|
|
RDRAND, IBM for the S390 and Power PC architectures) is trustworthy
|
|
for the purposes of initializing Linux's CRNG. Since this is not
|
|
something that can be independently audited, this amounts to trusting
|
|
that CPU manufacturer (perhaps with the insistence or mandate
|
|
of a Nation State's intelligence or law enforcement agencies)
|
|
has not installed a hidden back door to compromise the CPU's
|
|
random number generation facilities. This can also be configured
|
|
at boot with "random.trust_cpu=on/off".
|
|
|
|
config RANDOM_TRUST_BOOTLOADER
|
|
bool "Trust the bootloader to initialize Linux's CRNG"
|
|
help
|
|
Some bootloaders can provide entropy to increase the kernel's initial
|
|
device randomness. Say Y here to assume the entropy provided by the
|
|
booloader is trustworthy so it will be added to the kernel's entropy
|
|
pool. Otherwise, say N here so it will be regarded as device input that
|
|
only mixes the entropy pool. This can also be configured at boot with
|
|
"random.trust_bootloader=on/off".
|
|
|
|
endmenu
|