Kconfig

	  be unexpected results in the applications.

	  If unsure, say Y
endif

config ARM64_SW_TTBR0_PAN
	bool "Emulate Privileged Access Never using TTBR0_EL1 switching"
	help
	  Enabling this option prevents the kernel from accessing
	  user-space memory directly by pointing TTBR0_EL1 to a reserved
	  zeroed area and reserved ASID. The user access routines
	  restore the valid TTBR0_EL1 temporarily.

menu "ARMv8.1 architectural features"

config ARM64_HW_AFDBM
	bool "Support for hardware updates of the Access and Dirty page flags"
	default y
	help
	  The ARMv8.1 architecture extensions introduce support for
	  hardware updates of the access and dirty information in page
	  table entries. When enabled in TCR_EL1 (HA and HD bits) on
	  capable processors, accesses to pages with PTE_AF cleared will
	  set this bit instead of raising an access flag fault.
	  Similarly, writes to read-only pages with the DBM bit set will
	  clear the read-only bit (AP[2]) instead of raising a
	  permission fault.

	  Kernels built with this configuration option enabled continue
	  to work on pre-ARMv8.1 hardware and the performance impact is
	  minimal. If unsure, say Y.

config ARM64_PAN
	bool "Enable support for Privileged Access Never (PAN)"
	default y
	help
	 Privileged Access Never (PAN; part of the ARMv8.1 Extensions)
	 prevents the kernel or hypervisor from accessing user-space (EL0)
	 memory directly.

	 Choosing this option will cause any unprotected (not using
	 copy_to_user et al) memory access to fail with a permission fault.

	 The feature is detected at runtime, and will remain as a 'nop'
	 instruction if the cpu does not implement the feature.

config ARM64_LSE_ATOMICS
	bool "Atomic instructions"
	default y
	help
	  As part of the Large System Extensions, ARMv8.1 introduces new
	  atomic instructions that are designed specifically to scale in
	  very large systems.

	  Say Y here to make use of these instructions for the in-kernel
	  atomic routines. This incurs a small overhead on CPUs that do
	  not support these instructions and requires the kernel to be
	  built with binutils >= 2.25 in order for the new instructions
	  to be used.

config ARM64_VHE
	bool "Enable support for Virtualization Host Extensions (VHE)"
	default y
	help
	  Virtualization Host Extensions (VHE) allow the kernel to run
	  directly at EL2 (instead of EL1) on processors that support
	  it. This leads to better performance for KVM, as they reduce
	  the cost of the world switch.

	  Selecting this option allows the VHE feature to be detected
	  at runtime, and does not affect processors that do not
	  implement this feature.

endmenu

menu "ARMv8.2 architectural features"

config ARM64_UAO
	bool "Enable support for User Access Override (UAO)"
	default y
	help
	  User Access Override (UAO; part of the ARMv8.2 Extensions)
	  causes the 'unprivileged' variant of the load/store instructions to
	  be overridden to be privileged.

	  This option changes get_user() and friends to use the 'unprivileged'
	  variant of the load/store instructions. This ensures that user-space
	  really did have access to the supplied memory. When addr_limit is
	  set to kernel memory the UAO bit will be set, allowing privileged
	  access to kernel memory.

	  Choosing this option will cause copy_to_user() et al to use user-space
	  memory permissions.

	  The feature is detected at runtime, the kernel will use the
	  regular load/store instructions if the cpu does not implement the
	  feature.

config ARM64_PMEM
	bool "Enable support for persistent memory"
	select ARCH_HAS_PMEM_API
	select ARCH_HAS_UACCESS_FLUSHCACHE
	help
	  Say Y to enable support for the persistent memory API based on the
	  ARMv8.2 DCPoP feature.

	  The feature is detected at runtime, and the kernel will use DC CVAC
	  operations if DC CVAP is not supported (following the behaviour of
	  DC CVAP itself if the system does not define a point of persistence).

config ARM64_RAS_EXTN
	bool "Enable support for RAS CPU Extensions"
	default y
	help
	  CPUs that support the Reliability, Availability and Serviceability
	  (RAS) Extensions, part of ARMv8.2 are able to track faults and
	  errors, classify them and report them to software.

	  On CPUs with these extensions system software can use additional
	  barriers to determine if faults are pending and read the
	  classification from a new set of registers.

	  Selecting this feature will allow the kernel to use these barriers
	  and access the new registers if the system supports the extension.
	  Platform RAS features may additionally depend on firmware support.

endmenu

config ARM64_SVE
	bool "ARM Scalable Vector Extension support"
	default y
	depends on !KVM || ARM64_VHE
	help
	  The Scalable Vector Extension (SVE) is an extension to the AArch64
	  execution state which complements and extends the SIMD functionality
	  of the base architecture to support much larger vectors and to enable
	  additional vectorisation opportunities.

	  To enable use of this extension on CPUs that implement it, say Y.

	  Note that for architectural reasons, firmware _must_ implement SVE
	  support when running on SVE capable hardware.  The required support
	  is present in:

	    * version 1.5 and later of the ARM Trusted Firmware
	    * the AArch64 boot wrapper since commit 5e1261e08abf
	      ("bootwrapper: SVE: Enable SVE for EL2 and below").

	  For other firmware implementations, consult the firmware documentation
	  or vendor.

	  If you need the kernel to boot on SVE-capable hardware with broken
	  firmware, you may need to say N here until you get your firmware
	  fixed.  Otherwise, you may experience firmware panics or lockups when
	  booting the kernel.  If unsure and you are not observing these
	  symptoms, you should assume that it is safe to say Y.

	  CPUs that support SVE are architecturally required to support the
	  Virtualization Host Extensions (VHE), so the kernel makes no
	  provision for supporting SVE alongside KVM without VHE enabled.
	  Thus, you will need to enable CONFIG_ARM64_VHE if you want to support
	  KVM in the same kernel image.

config ARM64_MODULE_PLTS
	bool
	select HAVE_MOD_ARCH_SPECIFIC

config RELOCATABLE
	bool
	help
	  This builds the kernel as a Position Independent Executable (PIE),
	  which retains all relocation metadata required to relocate the
	  kernel binary at runtime to a different virtual address than the
	  address it was linked at.
	  Since AArch64 uses the RELA relocation format, this requires a
	  relocation pass at runtime even if the kernel is loaded at the
	  same address it was linked at.

config RANDOMIZE_BASE
	bool "Randomize the address of the kernel image"
	select ARM64_MODULE_PLTS if MODULES
	select RELOCATABLE
	help
	  Randomizes the virtual address at which the kernel image is
	  loaded, as a security feature that deters exploit attempts
	  relying on knowledge of the location of kernel internals.

	  It is the bootloader's job to provide entropy, by passing a
	  random u64 value in /chosen/kaslr-seed at kernel entry.

	  When booting via the UEFI stub, it will invoke the firmware's
	  EFI_RNG_PROTOCOL implementation (if available) to supply entropy
	  to the kernel proper. In addition, it will randomise the physical
	  location of the kernel Image as well.

	  If unsure, say N.

config RANDOMIZE_MODULE_REGION_FULL
	bool "Randomize the module region over a 4 GB range"
	depends on RANDOMIZE_BASE
	default y
	help
	  Randomizes the location of the module region inside a 4 GB window
	  covering the core kernel. This way, it is less likely for modules
	  to leak information about the location of core kernel data structures
	  but it does imply that function calls between modules and the core
	  kernel will need to be resolved via veneers in the module PLT.

	  When this option is not set, the module region will be randomized over
	  a limited range that contains the [_stext, _etext] interval of the
	  core kernel, so branch relocations are always in range.

endmenu

menu "Boot options"

config ARM64_ACPI_PARKING_PROTOCOL
	bool "Enable support for the ARM64 ACPI parking protocol"
	depends on ACPI
	help
	  Enable support for the ARM64 ACPI parking protocol. If disabled
	  the kernel will not allow booting through the ARM64 ACPI parking
	  protocol even if the corresponding data is present in the ACPI
	  MADT table.

config CMDLINE
	string "Default kernel command string"
	default ""
	help
	  Provide a set of default command-line options at build time by
	  entering them here. As a minimum, you should specify the the
	  root device (e.g. root=/dev/nfs).

config CMDLINE_FORCE
	bool "Always use the default kernel command string"
	help
	  Always use the default kernel command string, even if the boot
	  loader passes other arguments to the kernel.
	  This is useful if you cannot or don't want to change the
	  command-line options your boot loader passes to the kernel.

config EFI_STUB
	bool

config EFI
	bool "UEFI runtime support"
	depends on OF && !CPU_BIG_ENDIAN
	depends on KERNEL_MODE_NEON
	select LIBFDT
	select UCS2_STRING
	select EFI_PARAMS_FROM_FDT
	select EFI_RUNTIME_WRAPPERS
	select EFI_STUB
	select EFI_ARMSTUB
	default y
	help
	  This option provides support for runtime services provided
	  by UEFI firmware (such as non-volatile variables, realtime
          clock, and platform reset). A UEFI stub is also provided to
	  allow the kernel to be booted as an EFI application. This
	  is only useful on systems that have UEFI firmware.

config DMI
	bool "Enable support for SMBIOS (DMI) tables"
	depends on EFI
	default y
	help
	  This enables SMBIOS/DMI feature for systems.

	  This option is only useful on systems that have UEFI firmware.
	  However, even with this option, the resultant kernel should
	  continue to boot on existing non-UEFI platforms.

endmenu

menu "Userspace binary formats"

source "fs/Kconfig.binfmt"

config COMPAT
	bool "Kernel support for 32-bit EL0"
	depends on ARM64_4K_PAGES || EXPERT
	select COMPAT_BINFMT_ELF if BINFMT_ELF
	select HAVE_UID16
	select OLD_SIGSUSPEND3
	select COMPAT_OLD_SIGACTION
	help
	  This option enables support for a 32-bit EL0 running under a 64-bit
	  kernel at EL1. AArch32-specific components such as system calls,
	  the user helper functions, VFP support and the ptrace interface are
	  handled appropriately by the kernel.

	  If you use a page size other than 4KB (i.e, 16KB or 64KB), please be aware
	  that you will only be able to execute AArch32 binaries that were compiled
	  with page size aligned segments.

	  If you want to execute 32-bit userspace applications, say Y.

config SYSVIPC_COMPAT
	def_bool y
	depends on COMPAT && SYSVIPC

endmenu

menu "Power management options"

source "kernel/power/Kconfig"

config ARCH_HIBERNATION_POSSIBLE
	def_bool y
	depends on CPU_PM

config ARCH_HIBERNATION_HEADER
	def_bool y
	depends on HIBERNATION

config ARCH_SUSPEND_POSSIBLE
	def_bool y

endmenu

menu "CPU Power Management"

source "drivers/cpuidle/Kconfig"

source "drivers/cpufreq/Kconfig"

endmenu

source "net/Kconfig"

source "drivers/Kconfig"

source "drivers/firmware/Kconfig"

source "drivers/acpi/Kconfig"

source "fs/Kconfig"

source "arch/arm64/kvm/Kconfig"

source "arch/arm64/Kconfig.debug"

source "security/Kconfig"

source "crypto/Kconfig"
if CRYPTO
source "arch/arm64/crypto/Kconfig"
endif

source "lib/Kconfig"