1.. SPDX-License-Identifier: CC-BY-4.0 2 3Frequently Asked Questions 4========================== 5 6How do I... 7----------- 8 9... check whether a Kconfig option is active? 10^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 11 12 Kconfig is a build time configuration system, combining inherent knowledge, 13 the capabilities of the toolchain, and explicit user choice to form a 14 configuration of a build of Xen. 15 16 A file, by default ``.config``, is produced by the build identifying the 17 configuration used. Kconfig symbols all start with ``CONFIG_``, and come in 18 a variety of types including strings, integers and booleans. Booleans are 19 the most common, and when active are expressed with ``...=y``. e.g.:: 20 21 xen.git/xen$ grep CONFIG_FOO .config 22 CONFIG_FOO_BOOLEAN=y 23 CONFIG_FOO_STRING="lorem ipsum" 24 CONFIG_FOO_INTEGER=42 25 26 Symbols which are either absent, or expressed as ``... is not set`` are 27 disabled. e.g.:: 28 29 xen.git/xen$ grep CONFIG_BAR .config 30 # CONFIG_BAR is not set 31 32 Builds of Xen configured with ``CONFIG_HYPFS_CONFIG=y`` embed their own 33 ``.config`` at build time, and can provide it to the :term:`control domain` 34 upon requested. e.g.:: 35 36 [root@host ~]# xenhypfs cat /buildinfo/config | grep -e FOO -e BAR 37 CONFIG_FOO=y 38 # CONFIG_BAR is not set 39 40 41... tell if CET is active? 42^^^^^^^^^^^^^^^^^^^^^^^^^^ 43 44 Control-flow Enforcement Technology support was added to Xen 4.14. It is 45 build time conditional, dependent on both having a new-enough toolchain and 46 an explicit Kconfig option, and also requires capable hardware. See 47 :term:`CET`. 48 49 For CET-SS, Shadow Stacks, the minimum toolchain requirements are ``binutils 50 >= 2.29`` or ``LLVM >= 6``. No specific compiler support is required. 51 Check for ``CONFIG_XEN_SHSTK`` being active. 52 53 For CET-IBT, Indirect Branch Tracking, the minimum toolchain requirements 54 are ``GCC >= 9`` and ``binutils >= 2.29``. Xen relies on a compiler feature 55 which is specific to GCC at the time of writing. Check for 56 ``CONFIG_XEN_IBT`` being active. 57 58 If a capable Xen is booted on capable hardware, and CET is not disabled by 59 command line option or errata, Xen will print some details early on boot 60 about which CET facilities have been turned on:: 61 62 ... 63 (XEN) CPU Vendor: Intel, Family 6 (0x6), Model 143 (0x8f), Stepping 8 (raw 000806f8) 64 (XEN) Enabling Supervisor Shadow Stacks 65 (XEN) Enabling Indirect Branch Tracking 66 (XEN) - IBT disabled in UEFI Runtime Services 67 (XEN) EFI RAM map: 68 ... 69 70 This can be obtained from the control domain with ``xl dmesg``, but remember 71 to confirm that the console ring hasn't wrapped. 72