Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)

modulename: tboot.ko

configname: CONFIG_INTEL_TXT

Linux Kernel Configuration
└─>Security options
└─>Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)
In linux kernel since version 2.6.32 (release Date: 2009-12-02)  
This option enables support for booting the kernel with the
Trusted Boot (tboot) module. This will utilize
Intel(R) Trusted Execution Technology to perform a measured launch
of the kernel. If the system does not support Intel(R) TXT, this
will have no effect.

Intel TXT will provide higher assurance of system configuration and
initial state as well as data reset protection. This is used to
create a robust initial kernel measurement and verification, which
helps to ensure that kernel security mechanisms are functioning
correctly. This level of protection requires a root of trust outside
of the kernel itself.

Intel TXT also helps solve real end user concerns about having
confidence that their hardware is running the VMM or kernel that
it was configured with, especially since they may be responsible for
providing such assurances to VMs and services running on it.

See <https://www.intel.com/technology/security/> for more information
about Intel(R) TXT.
See <http://tboot.sourceforge.net> for more information about tboot.
See Documentation/arch/x86/intel_txt.rst for a description of how to enable
Intel TXT support in a kernel boot.

If you are unsure as to whether this is required, answer N.

source code: