2016-03-04 00:10:07 +00:00
|
|
|
config EFI_LOADER
|
2019-05-11 08:27:58 +00:00
|
|
|
bool "Support running UEFI applications"
|
2019-11-17 09:44:16 +00:00
|
|
|
depends on OF_LIBFDT && ( \
|
2019-11-19 03:19:09 +00:00
|
|
|
ARM && (SYS_CPU = arm1136 || \
|
|
|
|
SYS_CPU = arm1176 || \
|
|
|
|
SYS_CPU = armv7 || \
|
|
|
|
SYS_CPU = armv8) || \
|
2019-11-17 09:44:16 +00:00
|
|
|
X86 || RISCV || SANDBOX)
|
2018-01-24 13:54:21 +00:00
|
|
|
# We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
|
|
|
|
depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
|
|
|
|
# We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
|
|
|
|
depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
|
2021-09-07 06:56:47 +00:00
|
|
|
depends on BLK
|
2021-11-04 03:09:07 +00:00
|
|
|
depends on !EFI_APP
|
2019-11-20 17:48:02 +00:00
|
|
|
default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
|
2022-05-02 04:27:00 +00:00
|
|
|
select CHARSET
|
2023-01-16 20:46:49 +00:00
|
|
|
# We need to send DM events, dynamically, in the EFI block driver
|
2022-04-19 01:05:12 +00:00
|
|
|
select DM_EVENT
|
|
|
|
select EVENT_DYNAMIC
|
2018-02-06 18:14:28 +00:00
|
|
|
select LIB_UUID
|
2022-04-19 01:01:56 +00:00
|
|
|
imply PARTITION_UUIDS
|
2019-01-22 20:35:23 +00:00
|
|
|
select REGEX
|
2020-03-21 19:45:50 +00:00
|
|
|
imply FAT
|
|
|
|
imply FAT_WRITE
|
2019-12-04 21:58:58 +00:00
|
|
|
imply USB_KEYBOARD_FN_KEYS
|
2020-01-14 23:49:35 +00:00
|
|
|
imply VIDEO_ANSI
|
2016-03-04 00:10:07 +00:00
|
|
|
help
|
2019-05-11 08:27:58 +00:00
|
|
|
Select this option if you want to run UEFI applications (like GNU
|
|
|
|
GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
|
|
|
|
will expose the UEFI API to a loaded application, enabling it to
|
|
|
|
reuse U-Boot's device drivers.
|
2016-05-11 16:25:48 +00:00
|
|
|
|
2019-05-08 21:17:38 +00:00
|
|
|
if EFI_LOADER
|
|
|
|
|
2023-10-26 18:31:20 +00:00
|
|
|
config BOOTEFI_BOOTMGR
|
2021-01-15 18:02:50 +00:00
|
|
|
bool "UEFI Boot Manager"
|
|
|
|
default y
|
2022-07-30 21:52:21 +00:00
|
|
|
select BOOTMETH_GLOBAL if BOOTSTD
|
2021-01-15 18:02:50 +00:00
|
|
|
help
|
|
|
|
Select this option if you want to select the UEFI binary to be booted
|
2023-10-26 18:31:20 +00:00
|
|
|
via UEFI variables Boot####, BootOrder, and BootNext. You should also
|
|
|
|
normally enable CMD_BOOTEFI_BOOTMGR so that the command is available.
|
2021-01-15 18:02:50 +00:00
|
|
|
|
2020-07-14 17:18:33 +00:00
|
|
|
choice
|
|
|
|
prompt "Store for non-volatile UEFI variables"
|
|
|
|
default EFI_VARIABLE_FILE_STORE
|
|
|
|
help
|
|
|
|
Select where non-volatile UEFI variables shall be stored.
|
|
|
|
|
2020-03-19 18:21:58 +00:00
|
|
|
config EFI_VARIABLE_FILE_STORE
|
|
|
|
bool "Store non-volatile UEFI variables as file"
|
|
|
|
depends on FAT_WRITE
|
|
|
|
help
|
2020-07-14 17:18:33 +00:00
|
|
|
Select this option if you want non-volatile UEFI variables to be
|
|
|
|
stored as file /ubootefi.var on the EFI system partition.
|
|
|
|
|
|
|
|
config EFI_MM_COMM_TEE
|
2023-08-04 13:33:44 +00:00
|
|
|
bool "UEFI variables storage service via the trusted world"
|
2023-07-24 23:51:05 +00:00
|
|
|
depends on OPTEE
|
2020-07-14 17:18:33 +00:00
|
|
|
help
|
2023-08-04 13:33:44 +00:00
|
|
|
Allowing access to the MM SP services (SPs such as StandAlonneMM, smm-gateway).
|
|
|
|
When using the u-boot OP-TEE driver, StandAlonneMM is supported.
|
|
|
|
When using the u-boot FF-A driver any MM SP is supported.
|
|
|
|
|
2020-07-14 17:18:33 +00:00
|
|
|
If OP-TEE is present and running StandAloneMM, dispatch all UEFI
|
|
|
|
variable related operations to that. The application will verify,
|
|
|
|
authenticate and store the variables on an RPMB.
|
|
|
|
|
2023-08-04 13:33:44 +00:00
|
|
|
When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related
|
|
|
|
operations to the MM SP running in the secure world.
|
|
|
|
A door bell mechanism is used to notify the SP when there is data in the shared
|
|
|
|
MM buffer. The data is copied by u-boot to the shared buffer before issuing
|
|
|
|
the door bell event.
|
|
|
|
|
|
|
|
config FFA_SHARED_MM_BUF_SIZE
|
|
|
|
int "Memory size of the shared MM communication buffer"
|
|
|
|
depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
|
|
|
|
help
|
|
|
|
This defines the size in bytes of the memory area reserved for the shared
|
|
|
|
buffer used for communication between the MM feature in U-Boot and
|
|
|
|
the MM SP in secure world.
|
|
|
|
The size of the memory region must be a multiple of the size of the maximum
|
|
|
|
translation granule size that is specified in the ID_AA64MMFR0_EL1 System register.
|
|
|
|
It is assumed that the MM SP knows the size of the shared MM communication buffer.
|
|
|
|
|
|
|
|
config FFA_SHARED_MM_BUF_OFFSET
|
|
|
|
int "Data offset in the shared MM communication buffer"
|
|
|
|
depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
|
|
|
|
help
|
|
|
|
This defines the offset in bytes of the data read or written to in the shared
|
|
|
|
buffer by the MM SP.
|
|
|
|
|
|
|
|
config FFA_SHARED_MM_BUF_ADDR
|
|
|
|
hex "Define the address of the shared MM communication buffer"
|
|
|
|
depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
|
|
|
|
help
|
|
|
|
This defines the address of the shared MM communication buffer
|
|
|
|
used for communication between the MM feature in U-Boot and
|
|
|
|
the MM SP in secure world.
|
|
|
|
It is assumed that the MM SP knows the address of the shared MM communication buffer.
|
|
|
|
|
2022-03-22 21:21:10 +00:00
|
|
|
config EFI_VARIABLE_NO_STORE
|
|
|
|
bool "Don't persist non-volatile UEFI variables"
|
|
|
|
help
|
|
|
|
If you choose this option, non-volatile variables cannot be persisted.
|
|
|
|
You could still provide non-volatile variables via
|
|
|
|
EFI_VARIABLES_PRESEED.
|
|
|
|
|
2020-07-14 17:18:33 +00:00
|
|
|
endchoice
|
2020-03-19 18:21:58 +00:00
|
|
|
|
2020-07-14 19:25:28 +00:00
|
|
|
config EFI_VARIABLES_PRESEED
|
|
|
|
bool "Initial values for UEFI variables"
|
2022-03-22 21:21:10 +00:00
|
|
|
depends on !EFI_MM_COMM_TEE
|
2020-07-14 19:25:28 +00:00
|
|
|
help
|
|
|
|
Include a file with the initial values for non-volatile UEFI variables
|
|
|
|
into the U-Boot binary. If this configuration option is set, changes
|
|
|
|
to authentication related variables (PK, KEK, db, dbx) are not
|
|
|
|
allowed.
|
|
|
|
|
|
|
|
if EFI_VARIABLES_PRESEED
|
|
|
|
|
|
|
|
config EFI_VAR_SEED_FILE
|
|
|
|
string "File with initial values of non-volatile UEFI variables"
|
|
|
|
default ubootefi.var
|
|
|
|
help
|
|
|
|
File with initial values of non-volatile UEFI variables. The file must
|
|
|
|
be in the same format as the storage in the EFI system partition. The
|
|
|
|
easiest way to create it is by setting the non-volatile variables in
|
|
|
|
U-Boot. If a relative file path is used, it is relative to the source
|
|
|
|
directory.
|
|
|
|
|
|
|
|
endif
|
|
|
|
|
2020-12-20 10:05:38 +00:00
|
|
|
config EFI_VAR_BUF_SIZE
|
|
|
|
int "Memory size of the UEFI variable store"
|
2023-07-08 15:21:12 +00:00
|
|
|
default 16384 if EFI_MM_COMM_TEE
|
|
|
|
default 65536
|
2020-12-20 10:05:38 +00:00
|
|
|
range 4096 2147483647
|
|
|
|
help
|
|
|
|
This defines the size in bytes of the memory area reserved for keeping
|
|
|
|
UEFI variables.
|
|
|
|
|
|
|
|
When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) this value should
|
|
|
|
match the value of PcdFlashNvStorageVariableSize used to compile the
|
|
|
|
StandAloneMM module.
|
|
|
|
|
2023-07-08 15:21:12 +00:00
|
|
|
Minimum 4096, default 65536, or 16384 when using StandAloneMM.
|
2020-12-20 10:05:38 +00:00
|
|
|
|
2019-05-31 20:56:02 +00:00
|
|
|
config EFI_GET_TIME
|
|
|
|
bool "GetTime() runtime service"
|
|
|
|
depends on DM_RTC
|
|
|
|
default y
|
|
|
|
help
|
|
|
|
Provide the GetTime() runtime service at boottime. This service
|
|
|
|
can be used by an EFI application to read the real time clock.
|
|
|
|
|
|
|
|
config EFI_SET_TIME
|
|
|
|
bool "SetTime() runtime service"
|
|
|
|
depends on EFI_GET_TIME
|
2020-11-21 19:52:18 +00:00
|
|
|
default y if ARCH_QEMU || SANDBOX
|
2019-05-31 20:56:02 +00:00
|
|
|
help
|
|
|
|
Provide the SetTime() runtime service at boottime. This service
|
|
|
|
can be used by an EFI application to adjust the real time clock.
|
|
|
|
|
2023-01-18 21:24:59 +00:00
|
|
|
config EFI_SCROLL_ON_CLEAR_SCREEN
|
|
|
|
bool "Avoid overwriting previous output on clear screen"
|
|
|
|
help
|
|
|
|
Instead of erasing the screen content when the console screen should
|
|
|
|
be cleared, emit blank new lines so that previous output is scrolled
|
|
|
|
out of sight rather than overwritten. On serial consoles this allows
|
|
|
|
to capture complete boot logs (except for interactive menus etc.)
|
|
|
|
and can ease debugging related issues.
|
|
|
|
|
2020-11-17 00:27:55 +00:00
|
|
|
config EFI_HAVE_CAPSULE_SUPPORT
|
|
|
|
bool
|
|
|
|
|
|
|
|
config EFI_RUNTIME_UPDATE_CAPSULE
|
|
|
|
bool "UpdateCapsule() runtime service"
|
|
|
|
select EFI_HAVE_CAPSULE_SUPPORT
|
|
|
|
help
|
|
|
|
Select this option if you want to use UpdateCapsule and
|
|
|
|
QueryCapsuleCapabilities API's.
|
|
|
|
|
2020-11-17 00:27:56 +00:00
|
|
|
config EFI_CAPSULE_ON_DISK
|
|
|
|
bool "Enable capsule-on-disk support"
|
2022-03-21 13:37:56 +00:00
|
|
|
depends on SYSRESET
|
2020-11-17 00:27:56 +00:00
|
|
|
select EFI_HAVE_CAPSULE_SUPPORT
|
|
|
|
help
|
|
|
|
Select this option if you want to use capsule-on-disk feature,
|
|
|
|
that is, capsules can be fetched and executed from files
|
|
|
|
under a specific directory on UEFI system partition instead of
|
|
|
|
via UpdateCapsule API.
|
|
|
|
|
2021-06-29 04:55:51 +00:00
|
|
|
config EFI_IGNORE_OSINDICATIONS
|
|
|
|
bool "Ignore OsIndications for CapsuleUpdate on-disk"
|
|
|
|
depends on EFI_CAPSULE_ON_DISK
|
|
|
|
help
|
|
|
|
There are boards where U-Boot does not support SetVariable at runtime.
|
|
|
|
Select this option if you want to use the capsule-on-disk feature
|
|
|
|
without setting the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
|
|
|
|
flag in variable OsIndications.
|
|
|
|
|
2020-11-17 00:27:56 +00:00
|
|
|
config EFI_CAPSULE_ON_DISK_EARLY
|
|
|
|
bool "Initiate capsule-on-disk at U-Boot boottime"
|
|
|
|
depends on EFI_CAPSULE_ON_DISK
|
|
|
|
help
|
|
|
|
Normally, without this option enabled, capsules will be
|
|
|
|
executed only at the first time of invoking one of efi command.
|
|
|
|
If this option is enabled, capsules will be enforced to be
|
|
|
|
executed as part of U-Boot initialisation so that they will
|
|
|
|
surely take place whatever is set to distro_bootcmd.
|
|
|
|
|
2020-11-17 00:28:00 +00:00
|
|
|
config EFI_CAPSULE_FIRMWARE
|
|
|
|
bool
|
|
|
|
|
2020-11-30 09:12:11 +00:00
|
|
|
config EFI_CAPSULE_FIRMWARE_MANAGEMENT
|
|
|
|
bool "Capsule: Firmware Management Protocol"
|
|
|
|
depends on EFI_HAVE_CAPSULE_SUPPORT
|
|
|
|
default y
|
|
|
|
help
|
|
|
|
Select this option if you want to enable capsule-based
|
|
|
|
firmware update using Firmware Management Protocol.
|
|
|
|
|
2021-06-22 14:38:52 +00:00
|
|
|
config EFI_CAPSULE_FIRMWARE_FIT
|
|
|
|
bool "FMP driver for FIT images"
|
|
|
|
depends on FIT
|
|
|
|
depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
|
|
|
|
select UPDATE_FIT
|
|
|
|
select DFU
|
2022-04-15 05:59:37 +00:00
|
|
|
select SET_DFU_ALT_INFO
|
2021-06-22 14:38:52 +00:00
|
|
|
select EFI_CAPSULE_FIRMWARE
|
|
|
|
help
|
|
|
|
Select this option if you want to enable firmware management protocol
|
|
|
|
driver for FIT image
|
|
|
|
|
|
|
|
config EFI_CAPSULE_FIRMWARE_RAW
|
|
|
|
bool "FMP driver for raw images"
|
|
|
|
depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
|
|
|
|
depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
|
|
|
|
select DFU_WRITE_ALT
|
|
|
|
select DFU
|
2022-04-15 05:59:37 +00:00
|
|
|
select SET_DFU_ALT_INFO
|
2021-06-22 14:38:52 +00:00
|
|
|
select EFI_CAPSULE_FIRMWARE
|
|
|
|
help
|
|
|
|
Select this option if you want to enable firmware management protocol
|
|
|
|
driver for raw image
|
|
|
|
|
2020-12-30 13:57:09 +00:00
|
|
|
config EFI_CAPSULE_AUTHENTICATE
|
|
|
|
bool "Update Capsule authentication"
|
|
|
|
depends on EFI_CAPSULE_FIRMWARE
|
|
|
|
depends on EFI_CAPSULE_ON_DISK
|
|
|
|
depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
|
2021-05-24 19:28:57 +00:00
|
|
|
select HASH
|
2020-12-30 13:57:09 +00:00
|
|
|
select SHA256
|
|
|
|
select RSA
|
|
|
|
select RSA_VERIFY
|
|
|
|
select RSA_VERIFY_WITH_PKEY
|
|
|
|
select X509_CERTIFICATE_PARSER
|
|
|
|
select PKCS7_MESSAGE_PARSER
|
|
|
|
select PKCS7_VERIFY
|
2021-04-07 11:53:31 +00:00
|
|
|
select IMAGE_SIGN_INFO
|
2021-05-14 00:53:36 +00:00
|
|
|
select EFI_SIGNATURE_SUPPORT
|
2020-12-30 13:57:09 +00:00
|
|
|
help
|
|
|
|
Select this option if you want to enable capsule
|
|
|
|
authentication
|
|
|
|
|
2023-02-16 17:21:41 +00:00
|
|
|
config EFI_CAPSULE_MAX
|
|
|
|
int "Max value for capsule index"
|
|
|
|
default 15
|
|
|
|
range 0 65535
|
|
|
|
help
|
|
|
|
Select the max capsule index value used for capsule report
|
|
|
|
variables. This value is used to create CapsuleMax variable.
|
|
|
|
|
2023-08-22 17:40:05 +00:00
|
|
|
config EFI_CAPSULE_ESL_FILE
|
|
|
|
string "Path to the EFI Signature List File"
|
|
|
|
depends on EFI_CAPSULE_AUTHENTICATE
|
|
|
|
help
|
|
|
|
Provides the path to the EFI Signature List file which will
|
|
|
|
be embedded in the platform's device tree and used for
|
|
|
|
capsule authentication at the time of capsule update.
|
|
|
|
|
2019-05-11 07:53:33 +00:00
|
|
|
config EFI_DEVICE_PATH_TO_TEXT
|
|
|
|
bool "Device path to text protocol"
|
|
|
|
default y
|
|
|
|
help
|
|
|
|
The device path to text protocol converts device nodes and paths to
|
|
|
|
human readable strings.
|
|
|
|
|
2021-01-16 08:44:25 +00:00
|
|
|
config EFI_DEVICE_PATH_UTIL
|
|
|
|
bool "Device path utilities protocol"
|
|
|
|
default y
|
|
|
|
help
|
|
|
|
The device path utilities protocol creates and manipulates device
|
|
|
|
paths and device nodes. It is required to run the EFI Shell.
|
|
|
|
|
2021-01-16 08:33:24 +00:00
|
|
|
config EFI_DT_FIXUP
|
|
|
|
bool "Device tree fixup protocol"
|
|
|
|
depends on !GENERATE_ACPI_TABLE
|
|
|
|
default y
|
|
|
|
help
|
|
|
|
The EFI device-tree fix-up protocol provides a function to let the
|
|
|
|
firmware apply fix-ups. This may be used by boot loaders.
|
|
|
|
|
2019-05-08 21:17:38 +00:00
|
|
|
config EFI_LOADER_HII
|
|
|
|
bool "HII protocols"
|
|
|
|
default y
|
|
|
|
help
|
|
|
|
The Human Interface Infrastructure is a complicated framework that
|
|
|
|
allows UEFI applications to draw fancy menus and hook strings using
|
|
|
|
a translation framework.
|
|
|
|
|
|
|
|
U-Boot implements enough of its features to be able to run the UEFI
|
|
|
|
Shell, but not more than that.
|
|
|
|
|
2019-05-16 05:52:58 +00:00
|
|
|
config EFI_UNICODE_COLLATION_PROTOCOL2
|
2019-05-08 21:24:26 +00:00
|
|
|
bool "Unicode collation protocol"
|
|
|
|
default y
|
|
|
|
help
|
|
|
|
The Unicode collation protocol is used for lexical comparisons. It is
|
|
|
|
required to run the UEFI shell.
|
|
|
|
|
2019-05-16 05:52:58 +00:00
|
|
|
if EFI_UNICODE_COLLATION_PROTOCOL2
|
2019-05-08 21:24:26 +00:00
|
|
|
|
2018-09-04 17:34:56 +00:00
|
|
|
config EFI_UNICODE_CAPITALIZATION
|
|
|
|
bool "Support Unicode capitalization"
|
|
|
|
default y
|
|
|
|
help
|
|
|
|
Select this option to enable correct handling of the capitalization of
|
|
|
|
Unicode codepoints in the range 0x0000-0xffff. If this option is not
|
|
|
|
set, only the the correct handling of the letters of the codepage
|
|
|
|
used by the FAT file system is ensured.
|
|
|
|
|
2019-05-08 21:24:26 +00:00
|
|
|
endif
|
|
|
|
|
2016-05-11 16:25:48 +00:00
|
|
|
config EFI_LOADER_BOUNCE_BUFFER
|
|
|
|
bool "EFI Applications use bounce buffers for DMA operations"
|
2019-05-08 21:17:38 +00:00
|
|
|
depends on ARM64
|
2016-05-11 16:25:48 +00:00
|
|
|
help
|
|
|
|
Some hardware does not support DMA to full 64bit addresses. For this
|
|
|
|
hardware we can create a bounce buffer so that payloads don't have to
|
|
|
|
worry about platform details.
|
2019-02-11 14:24:00 +00:00
|
|
|
|
2019-05-08 21:17:38 +00:00
|
|
|
config EFI_PLATFORM_LANG_CODES
|
|
|
|
string "Language codes supported by firmware"
|
|
|
|
default "en-US"
|
2019-02-11 14:24:00 +00:00
|
|
|
help
|
2019-05-08 21:17:38 +00:00
|
|
|
This value is used to initialize the PlatformLangCodes variable. Its
|
|
|
|
value is a semicolon (;) separated list of language codes in native
|
|
|
|
RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
|
|
|
|
to initialize the PlatformLang variable.
|
2019-02-11 14:24:00 +00:00
|
|
|
|
2019-07-05 16:12:16 +00:00
|
|
|
config EFI_HAVE_RUNTIME_RESET
|
|
|
|
# bool "Reset runtime service is available"
|
|
|
|
bool
|
|
|
|
default y
|
2020-12-02 15:22:11 +00:00
|
|
|
depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
|
|
|
|
SANDBOX || SYSRESET_X86
|
2019-07-05 16:12:16 +00:00
|
|
|
|
2019-07-22 20:04:36 +00:00
|
|
|
config EFI_GRUB_ARM32_WORKAROUND
|
|
|
|
bool "Workaround for GRUB on 32bit ARM"
|
2021-03-03 13:05:05 +00:00
|
|
|
default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
|
2019-07-22 20:04:36 +00:00
|
|
|
default y
|
|
|
|
depends on ARM && !ARM64
|
|
|
|
help
|
|
|
|
GRUB prior to version 2.04 requires U-Boot to disable caches. This
|
|
|
|
workaround currently is also needed on systems with caches that
|
|
|
|
cannot be managed via CP15.
|
2019-12-28 18:31:05 +00:00
|
|
|
|
|
|
|
config EFI_RNG_PROTOCOL
|
|
|
|
bool "EFI_RNG_PROTOCOL support"
|
|
|
|
depends on DM_RNG
|
2020-04-01 10:15:01 +00:00
|
|
|
default y
|
2019-12-28 18:31:05 +00:00
|
|
|
help
|
2020-02-14 22:28:58 +00:00
|
|
|
Provide a EFI_RNG_PROTOCOL implementation using the hardware random
|
|
|
|
number generator of the platform.
|
2020-11-11 09:18:11 +00:00
|
|
|
|
|
|
|
config EFI_TCG2_PROTOCOL
|
|
|
|
bool "EFI_TCG2_PROTOCOL support"
|
2021-05-11 11:40:58 +00:00
|
|
|
default y
|
2020-11-11 09:18:11 +00:00
|
|
|
depends on TPM_V2
|
2021-05-11 11:40:58 +00:00
|
|
|
select SHA1
|
|
|
|
select SHA256
|
|
|
|
select SHA384
|
|
|
|
select SHA512
|
2021-05-26 03:09:58 +00:00
|
|
|
select HASH
|
2021-10-26 08:27:24 +00:00
|
|
|
select SMBIOS_PARSER
|
2020-11-11 09:18:11 +00:00
|
|
|
help
|
|
|
|
Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
|
|
|
|
of the platform.
|
2019-12-28 18:31:05 +00:00
|
|
|
|
2020-11-30 09:47:40 +00:00
|
|
|
config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
|
|
|
|
int "EFI_TCG2_PROTOCOL EventLog size"
|
|
|
|
depends on EFI_TCG2_PROTOCOL
|
2021-07-14 13:00:01 +00:00
|
|
|
default 65536
|
2020-11-30 09:47:40 +00:00
|
|
|
help
|
|
|
|
Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
|
|
|
|
this is going to be allocated twice. One for the eventlog it self
|
|
|
|
and one for the configuration table that is required from the spec
|
|
|
|
|
2023-02-16 16:29:48 +00:00
|
|
|
config EFI_TCG2_PROTOCOL_MEASURE_DTB
|
|
|
|
bool "Measure DTB with EFI_TCG2_PROTOCOL"
|
|
|
|
depends on EFI_TCG2_PROTOCOL
|
|
|
|
help
|
|
|
|
When enabled, the DTB image passed to the booted EFI image is
|
|
|
|
measured using the EFI TCG2 protocol. Do not enable this feature if
|
|
|
|
the passed DTB contains data that change across platform reboots
|
|
|
|
and cannot be used has a predictable measurement. Otherwise
|
|
|
|
this feature allows better measurement of the system boot
|
|
|
|
sequence.
|
|
|
|
|
2020-02-21 07:55:45 +00:00
|
|
|
config EFI_LOAD_FILE2_INITRD
|
|
|
|
bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
|
2021-03-17 19:55:00 +00:00
|
|
|
default y
|
2020-02-21 07:55:45 +00:00
|
|
|
help
|
2021-03-17 19:55:00 +00:00
|
|
|
Linux v5.7 and later can make use of this option. If the boot option
|
|
|
|
selected by the UEFI boot manager specifies an existing file to be used
|
|
|
|
as initial RAM disk, a Linux specific Load File2 protocol will be
|
|
|
|
installed and Linux 5.7+ will ignore any initrd=<ramdisk> command line
|
|
|
|
argument.
|
2020-02-21 07:55:45 +00:00
|
|
|
|
2020-04-14 02:51:38 +00:00
|
|
|
config EFI_SECURE_BOOT
|
|
|
|
bool "Enable EFI secure boot support"
|
2021-09-26 01:43:29 +00:00
|
|
|
depends on EFI_LOADER && FIT_SIGNATURE
|
2021-05-24 19:28:57 +00:00
|
|
|
select HASH
|
2020-04-14 02:51:38 +00:00
|
|
|
select SHA256
|
|
|
|
select RSA
|
|
|
|
select RSA_VERIFY_WITH_PKEY
|
|
|
|
select IMAGE_SIGN_INFO
|
|
|
|
select ASYMMETRIC_KEY_TYPE
|
|
|
|
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
|
|
select X509_CERTIFICATE_PARSER
|
|
|
|
select PKCS7_MESSAGE_PARSER
|
2020-07-21 10:35:22 +00:00
|
|
|
select PKCS7_VERIFY
|
2022-07-05 05:48:14 +00:00
|
|
|
select MSCODE_PARSER
|
2021-05-14 00:53:36 +00:00
|
|
|
select EFI_SIGNATURE_SUPPORT
|
2020-04-14 02:51:38 +00:00
|
|
|
help
|
|
|
|
Select this option to enable EFI secure boot support.
|
|
|
|
Once SecureBoot mode is enforced, any EFI binary can run only if
|
|
|
|
it is signed with a trusted key. To do that, you need to install,
|
|
|
|
at least, PK, KEK and db.
|
|
|
|
|
2021-05-14 00:53:36 +00:00
|
|
|
config EFI_SIGNATURE_SUPPORT
|
|
|
|
bool
|
|
|
|
|
2021-03-02 17:26:38 +00:00
|
|
|
config EFI_ESRT
|
|
|
|
bool "Enable the UEFI ESRT generation"
|
|
|
|
depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
|
|
|
|
default y
|
|
|
|
help
|
|
|
|
Enabling this option creates the ESRT UEFI system table.
|
|
|
|
|
2021-12-23 14:51:07 +00:00
|
|
|
config EFI_ECPT
|
|
|
|
bool "Enable the UEFI ECPT generation"
|
|
|
|
default y
|
|
|
|
help
|
|
|
|
Enabling this option created the ECPT UEFI table.
|
|
|
|
|
2022-12-16 16:55:04 +00:00
|
|
|
config EFI_EBBR_2_1_CONFORMANCE
|
|
|
|
bool "Add the EBBRv2.1 conformance entry to the ECPT table"
|
2021-12-17 12:55:05 +00:00
|
|
|
depends on EFI_ECPT
|
|
|
|
depends on EFI_LOADER_HII
|
|
|
|
depends on EFI_RISCV_BOOT_PROTOCOL || !RISCV
|
|
|
|
depends on EFI_RNG_PROTOCOL || !DM_RNG
|
|
|
|
depends on EFI_UNICODE_COLLATION_PROTOCOL2
|
|
|
|
default y
|
|
|
|
help
|
2022-12-16 16:55:04 +00:00
|
|
|
Enabling this option adds the EBBRv2.1 conformance entry to the ECPT UEFI table.
|
2021-12-17 12:55:05 +00:00
|
|
|
|
2022-01-28 15:18:44 +00:00
|
|
|
config EFI_RISCV_BOOT_PROTOCOL
|
|
|
|
bool "RISCV_EFI_BOOT_PROTOCOL support"
|
|
|
|
default y
|
|
|
|
depends on RISCV
|
|
|
|
help
|
|
|
|
The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
|
|
|
|
to the next boot stage. It should be enabled as it is meant to
|
|
|
|
replace the transfer via the device-tree. The latter is not
|
|
|
|
possible on systems using ACPI.
|
|
|
|
|
2019-05-08 21:17:38 +00:00
|
|
|
endif
|