]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blobdiff - drivers/firmware/efi/Kconfig
projects / mirror_ubuntu-bionic-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
efi/libstub: Enable reset attack mitigation
[mirror_ubuntu-bionic-kernel.git] / drivers / firmware / efi / Kconfig
diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index 394db40ed37495112d23a59b7e1de72074761bae..2b4c39fdfa9141546f2193942754a8889550b840 100644 (file)
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -151,6 +151,16 @@ config APPLE_PROPERTIES
 
          If unsure, say Y if you have a Mac.  Otherwise N.
 
+config RESET_ATTACK_MITIGATION
+       bool "Reset memory attack mitigation"
+       depends on EFI_STUB
+       help
+         Request that the firmware clear the contents of RAM after a reboot
+         using the TCG Platform Reset Attack Mitigation specification. This
+         protects against an attacker forcibly rebooting the system while it
+         still contains secrets in RAM, booting another OS and extracting the
+         secrets.
+
 endmenu
 
 config UEFI_CPER
ubuntu-bionic-kernel mirror