
menu "Common Features"

config COMPAT
	bool
	help
	  32-bit interface support on 64-bit Xen which is used for both
	  HVM and PV guests. HVMLoader makes 32-bit hypercalls irrespective
	  of the destination runmode of the guest.

config CORE_PARKING
	bool

config FLASK
	bool "FLux Advanced Security Kernel support"
	default y
	depends on XSM
	---help---
	  Enables the FLASK (FLux Advanced Security Kernel) support which
	  provides a mandatory access control framework by which security
	  enforcement, isolation, and auditing can be achieved with fine
	  granular control via a security policy.

	  If unsure, say N.

config FLASK_AVC_STATS
	def_bool y
	depends on FLASK
	---help---
	  Maintain statistics on the access vector cache

# Select HAS_DEVICE_TREE if device tree is supported
config HAS_DEVICE_TREE
	bool

# Select HAS_MEM_ACCESS if mem access is supported
config HAS_MEM_ACCESS
	bool

# Select HAS_MEM_PAGING if mem paging is supported
config HAS_MEM_PAGING
	bool

# Select HAS_MEM_SHARING if mem sharing is supported
config HAS_MEM_SHARING
	bool

# Select HAS_PDX if PDX is supported
config HAS_PDX
	bool

# Select HAS_KEXEC if kexec is supported
config HAS_KEXEC
	bool

# Select HAS_GDBSX if GDBSX is supported
config HAS_GDBSX
	bool

config HAS_IOPORTS
	bool

config HAS_BUILD_ID
	string
	option env="XEN_HAS_BUILD_ID"

# Enable/Disable kexec support
config KEXEC
	bool "kexec support"
	default y
	depends on HAS_KEXEC
	---help---
	  Allows a running Xen hypervisor to be replaced with another OS
	  without rebooting. This is primarily used to execute a crash
	  environment to collect information on a Xen hypervisor or dom0 crash.

	  If unsure, say Y.

# Allows "late" initialization of the hardware domain
config LATE_HWDOM
	bool "dedicated hardware domain"
	default n
	depends on XSM && X86
	---help---
	  Allows the creation of a dedicated hardware domain distinct from
	  domain 0 that manages devices without needing access to other
	  privileged functionality such as the ability to manage domains.
	  This requires that the actual domain 0 be a stub domain that
	  constructs the actual hardware domain instead of initializing the
	  hardware itself.  Because the hardware domain needs access to
	  hypercalls not available to unprivileged guests, an XSM policy
	  is required to properly define the privilege of these domains.

	  This feature does nothing if the "hardware_dom" boot parameter is
	  not present.  If this feature is being used for security, it should
	  be combined with an IOMMU in strict mode.

	  If unsure, say N.

# Enables transcendent memory support
config TMEM
	def_bool y
	prompt "Transcendent Memory Support" if EXPERT = "y"
	---help---
	  Transcendent memory allows PV-aware guests to collaborate on memory
	  usage. Guests can 'swap' their memory to the hypervisor or have an
	  collective pool of memory shared across guests. The end result is
	  less memory usage by guests allowing higher guest density.

	  You also have to enable it on the Xen commandline by using tmem=1

	  If unsure, say Y.

# Adds support for Xenoprof
config XENOPROF
	def_bool y
	prompt "Xen Oprofile Support" if EXPERT = "y"
	depends on X86
	---help---
	  Xen OProfile (Xenoprof) is a system-wide profiler for Xen virtual
	  machine environments, capable of profiling the Xen virtual machine
	  monitor, multiple Linux guest operating systems, and applications
	  running on them.

	  If unsure, say Y.

# Enable/Disable XSM support
config XSM
	bool "Xen Security Modules support"
	default n
	---help---
	  Enables the security framework known as Xen Security Modules which
	  allows administrators fine-grained control over a Xen domain and
	  its capabilities by defining permissible interactions between domains,
	  the hypervisor itself, and related resources such as memory and
	  devices.

	  If unsure, say N.

# Enable schedulers
menu "Schedulers"
	visible if EXPERT = "y"

config SCHED_CREDIT
	def_bool y
	---help---
	  The traditional credit scheduler is a general purpose scheduler.

config SCHED_CREDIT2
	bool "Credit2 scheduler support (EXPERIMENTAL)"
	default y
	---help---
	  The credit2 scheduler is a general purpose scheduler that is
	  optimized for lower latency and higher VM density.

config SCHED_RTDS
	bool "RTDS scheduler support (EXPERIMENTAL)"
	default y
	---help---
	  The RTDS scheduler is a soft and firm real-time scheduler for
	  multicore, targeted for embedded, automotive, graphics and gaming
	  in the cloud, and general low-latency workloads.

config SCHED_ARINC653
	bool "ARINC653 scheduler support (EXPERIMENTAL)"
	default y
	---help---
	  The ARINC653 scheduler is a hard real-time scheduler for single
	  cores, targeted for avionics, drones, and medical devices.

choice
	prompt "Default Scheduler?"
	default SCHED_CREDIT_DEFAULT 

	config SCHED_CREDIT_DEFAULT
		bool "Credit Scheduler" if SCHED_CREDIT
	config SCHED_CREDIT2_DEFAULT
		bool "Credit2 Scheduler" if SCHED_CREDIT2
	config SCHED_RTDS_DEFAULT
		bool "RT Scheduler" if SCHED_RTDS
	config SCHED_ARINC653_DEFAULT
		bool "ARINC653 Scheduler" if SCHED_ARINC653
endchoice

config SCHED_DEFAULT
	string
	default "credit" if SCHED_CREDIT_DEFAULT
	default "credit2" if SCHED_CREDIT2_DEFAULT
	default "rtds" if SCHED_RTDS_DEFAULT
	default "arinc653" if SCHED_ARINC653_DEFAULT
	default "credit"

endmenu

# Enable/Disable live patching support
config LIVEPATCH
	bool "Live patching support (TECH PREVIEW)"
	default n
	depends on X86 && HAS_BUILD_ID = "y"
	---help---
	  Allows a running Xen hypervisor to be dynamically patched using
	  binary patches without rebooting. This is primarily used to binarily
	  patch in the field an hypervisor with XSA fixes.

	  If unsure, say Y.

config FAST_SYMBOL_LOOKUP
	bool "Fast symbol lookup (bigger binary)"
	default y
	depends on LIVEPATCH
	---help---
	  When searching for symbol addresses we can use the built-in system
	  that is optimized for searching symbols using addresses as the key.
	  However using it for the inverse (find address using the symbol name)
	  it is slow. This extra data and code (~55kB) speeds up the search.
	  The only user of this is Live patching.

	  If unsure, say Y.
endmenu
