This option is added with kernel 4.15!!!

Arne


Am 2020-06-09 19:30, schrieb Peter Müller:
> Quoted from https://capsule8.com/blog/kernel-configuration-glossary/:
> 
>> Significance: High
>> 
>> The User Mode Instruction Prevention (UMIP) is a security feature in 
>> newer
>> Intel processors. If enabled a general protection fault is issued if 
>> the SGDT
>> SLDT SIDT SMSW or STR instructions are executed in user mode. These
>> instructions unnecessarily expose information about the hardware 
>> state.
> 
> Personally, I do not like Intel's "hardware security features" as they
> often turned out as being difficult to handle, to implement and
> completely useless or even contraproductive at the end of the day (SGX?
> Why, did anyone mentioned SGX?!). Anyway, here we go...
> 
> Fixes: #12367
> 
> Cc: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
> Cc: Michael Tremer <michael.tremer(a)ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
>  config/kernel/kernel.config.x86_64-ipfire | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/config/kernel/kernel.config.x86_64-ipfire
> b/config/kernel/kernel.config.x86_64-ipfire
> index 6a5fbbfe9..f37b4b5d4 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -459,6 +459,7 @@ CONFIG_X86_EXTENDED_PLATFORM=y
>  # CONFIG_X86_GOLDFISH is not set
>  # CONFIG_X86_INTEL_MID is not set
>  CONFIG_X86_INTEL_LPSS=y
> +CONFIG_X86_INTEL_UMIP=y
>  CONFIG_X86_AMD_PLATFORM_DEVICE=y
>  CONFIG_IOSF_MBI=y
>  # CONFIG_IOSF_MBI_DEBUG is not set