So... since it was I who precipitated this whole debacle by leaving TXT
disabled when I merged that kernel a while ago, I guess I should weigh
in a bit. If I had just enabled it then I doubt anyone who doesn't care
about this feature would have noticed.
After reviewing the hooks it adds to the kernel, I'm going to recommend
we enable it. I'll detail the logic in this below.
1. It actually has people who want to use it.
2. It doesn't actually hook into much of the kernel at all, just s3
hooks to turn it off/on when sleeping and a hook in to the iommu
initialization to force it on so that page level protection can be
done.
3. The blob I don't think meets our firmware guidelines, but that's ok,
we ship other features useless without firmware that must be fetched
externally. (Broadcom wifi being the big one I can think of.)
4. The fact that the blob runs isn't much worse than SMM running or
whatever, those are all pretty opaque things that can screw with the
system on the way up.
5. It doesn't look like it will be a maintenance burden, aside from the
fact that intel_iommu will be forced on, which is its own can of
worms.
That said, I think that Intel have been a little silly in the way this
upstream with, as far as I can tell, fairly little review of whether
it's a desireable feature.
Anyway, I recommend we turn it on, but let users sort it out for
themselves. If it's a burden, we can add a TAINT flag for it and just
email all the bugs to Eric since he's so gung ho on it. :)
--Kyle