# SPDX-License-Identifier: GPL-2.0
#
# Hardware assisted os compartmentalization(Haoc) configuration
#
menu "Hardware Assisted OS Compartmentalization(HAOC)"

config IEE
	bool "Isolated Execution Environment Framework(IEE)"
	help
		Support for Isolated Execution Environment Framework. Foundation of HAOC.
		Could isolate kernel critical data and enforce all write access made and
		verified in IEE APIs.
		Needs hardware support FEAT_HPDS.
	depends on ARM64_4K_PAGES
	depends on ARM64_VA_BITS_48

config IEE_ALLOW_SPLIT_LM
	bool "Allow IEE split linear mapping"
	depends on IEE
	def_bool n

config IEE_DEBUG
	bool "Skip IEE stack switch for debug"
	depends on IEE
	def_bool n

config IEE_SIP
	bool "Sensitive Instruction Protection for IEE(IEE_SIP)"
	help
		Protects critical instructions that may break the isolation of IEE,
		such as writing system control registers. These instructions would
		be executated inside IEE.
	depends on IEE

config PTP
	bool "Page Table Protection(PTP)"
	help
		Protects page tables by IEE, requring each page table modification call
		IEE Gate for secure mapping.
	depends on IEE

config PTP_S
	bool "Page Table Protection - Separation (PTP_S)"
	help 
		PTP_S (kernel/user page separation). Split PTP write paths so user page 
		tables can use direct writes while kernel tables stay on ptp gate paths,
		with user-side safety checks for alias/integrity.
	depends on PTP

config PTP_RESERVE_ORDER
	depends on PTP
	int "maximum allowable 2^PTP_RESERVE_ORDER pages for one level page table"
	range 9 15
	default 12

config CREDP
	bool "Struct cred protection(CREDP)"
	help
		Protects kernel struct cred. All modifications of cred must be made and
		verified by IEE APIs, and critical dereferences of cred would be monitored
		by IEE either.

		If unsure, say N.
	depends on IEE
	def_bool y

config KEYP
	bool "Struct Key protection(KEYP)"
	help
		This option enables protection for the kernel's struct key. All modifications
		of keys must be made and verified by IEE APIs to defend memory corruptions.

		If unsure, say N.
	depends on IEE
	def_bool y

config IEE_SELINUX_P
	bool "SELinux Protection(IEE_SELINUX_P)"
	help
		Simple enhancement of the famous linux security module SELinux by putting
		several critical data, like selinux policy, into the IEE region.

		If unsure, say N.
	depends on SECURITY_SELINUX
	depends on IEE
	def_bool y

config IEE_PTRP
	bool "Pointer Read&Write Protection for IEE(IEE_PTRP)"
	help
		Provide IEE matadata for each process called task_token to allow
		verifing pointers inside task_struct, like struct cred* that determines
		the capabilities of a process.
		Could be a enhancement of other sub-module of HAOC.
	depends on IEE
	def_bool y

config IEE_PTRP_W
	bool "Pointer Write-Only Protection for IEE to improve performance.(IEE_PTRP_W)"
	help
		Compared to IEE_PTRP, this option only performs write protection on pointers. 
		Enabling this option improves performance and reduces the protection surface.
	depends on IEE_PTRP
	def_bool y

config IEE_CYCLE_CHECK
	bool "Cycle check all process cred struct.(IEE_CYCLE_CHECK)"
	help
		Test for IEE_CYCLE_CHECK
	depends on IEE_PTRP && !IEE_PTRP_W
	def_bool y

config IEE_CS_CHECK
	bool "Contest-Switch check cred struct.(CONFIG_IEE_CS_CHECK)"
	help
		Test for CONFIG_IEE_SW_CHECK
	depends on IEE_PTRP && !IEE_PTRP_W
	def_bool y

config IEE_IO_CHECK
	bool "IO check cred struct.(CONFIG_IEE_IO_CHECK)"
	help
		Test for CONFIG_IEE_IO_CHECK
	depends on IEE_PTRP && !IEE_PTRP_W
	def_bool n

config VARP
	bool "Variable Protection(VARP)"
	help
		Protect variables with IEE. At present, only modprobe_path is covered.
	depends on IEE
	def_bool y

endmenu # HAOC
