# SPDX-License-Identifier: GPL-2.0
#
# Hardware assisted os compartmentalization(Haoc) configuration
#
menu "Hardware Assisted OS Compartmentalization(HAOC)"

config IEE
	bool "Isolated Execution Environment Framework(IEE)"
	help
		Support for Isolated Execution Environment Framework. Foundation of HAOC.
	depends on ARM64_4K_PAGES
	depends on ARM64_VA_BITS_48
	def_bool y

config IEE_SIP
	bool "Sensitive Instruction Protection for IEE(IEE_SIP)"
	help
		Protects critical instructions that may break the isolation of IEE,
		such as writing system control registers. These instructions would
		be executated inside IEE.
	depends on IEE
	def_bool y

config IEE_PTRP
	bool "Pointer Protection for IEE(IEE_PTRP)"
	help
		Provide IEE matadata for each process called task_token to allow
		verifing pointers inside task_struct, like struct cred* that determines
		the capabilities of a process.
		Could be a enhancement of other sub-module of HAOC.
	depends on IEE
	def_bool y

config PTP
	bool "Page Table Protection(PTP)"
	help
		Protects page tables by IEE, requring each page table modification call
		IEE Gate for secure mapping.
	depends on IEE
	def_bool y

config PTP_RESERVE_ORDER
	depends on PTP
	int "maximum allowable 2^PTP_RESERVE_ORDER pages for one level page table"
	range 9 15
	default 12


endmenu # HAOC
