blob: ab961a8e150512c92aeff7926aeb222898736c7e [file] [log] [blame]
Ilias Apalodimas17aea462024-08-30 14:45:27 +03001menu "UEFI Support"
2
Alexander Graf67ee7052016-03-04 01:10:07 +01003config EFI_LOADER
Heinrich Schuchardt96b236a2019-05-11 10:27:58 +02004 bool "Support running UEFI applications"
Heinrich Schuchardt79cea672019-11-17 10:44:16 +01005 depends on OF_LIBFDT && ( \
Heinrich Schuchardt30c3a5f2019-11-19 04:19:09 +01006 ARM && (SYS_CPU = arm1136 || \
7 SYS_CPU = arm1176 || \
8 SYS_CPU = armv7 || \
9 SYS_CPU = armv8) || \
Heinrich Schuchardt79cea672019-11-17 10:44:16 +010010 X86 || RISCV || SANDBOX)
Alexander Graf5e247172018-01-24 14:54:21 +010011 # We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
12 depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
13 # We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
14 depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
Simon Glass49a643b2021-11-03 21:09:07 -060015 depends on !EFI_APP
Heinrich Schuchardtac212dc2019-11-20 18:48:02 +010016 default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
Tom Rinicec15482024-06-04 19:37:40 -060017 select BLK
Heinrich Schuchardt013aabb2022-05-02 06:27:00 +020018 select CHARSET
Tom Rini7d3684a2023-01-16 15:46:49 -050019 # We need to send DM events, dynamically, in the EFI block driver
AKASHI Takahiro2381f2e2022-04-19 10:05:12 +090020 select DM_EVENT
21 select EVENT_DYNAMIC
Adam Ford70c8f052018-02-06 12:14:28 -060022 select LIB_UUID
AKASHI Takahiroae18a672022-04-19 10:01:56 +090023 imply PARTITION_UUIDS
Heinrich Schuchardt9e18bfa2019-01-22 21:35:23 +010024 select REGEX
Heinrich Schuchardt6c46aaa2020-03-21 20:45:50 +010025 imply FAT
26 imply FAT_WRITE
Heinrich Schuchardt29db4c52019-12-04 22:58:58 +010027 imply USB_KEYBOARD_FN_KEYS
Heinrich Schuchardt8a7514a2020-01-15 00:49:35 +010028 imply VIDEO_ANSI
Alexander Graf67ee7052016-03-04 01:10:07 +010029 help
Heinrich Schuchardt96b236a2019-05-11 10:27:58 +020030 Select this option if you want to run UEFI applications (like GNU
31 GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
32 will expose the UEFI API to a loaded application, enabling it to
33 reuse U-Boot's device drivers.
Alexander Graf7c00a3c2016-05-11 18:25:48 +020034
Heinrich Schuchardt0cbab582019-05-08 23:17:38 +020035if EFI_LOADER
36
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +090037config EFI_BINARY_EXEC
38 bool "Execute UEFI binary"
39 default y
40 help
41 Select this option if you want to execute the UEFI binary after
42 loading it with U-Boot load commands or other methods.
43 You may enable CMD_BOOTEFI_BINARY so that you can use bootefi
44 command to do that.
45
Ilias Apalodimas17aea462024-08-30 14:45:27 +030046config EFI_SECURE_BOOT
47 bool "Enable EFI secure boot support"
48 depends on EFI_LOADER && FIT_SIGNATURE
49 select HASH
50 select SHA256
51 select RSA
52 select RSA_VERIFY_WITH_PKEY
53 select IMAGE_SIGN_INFO
54 select ASYMMETRIC_KEY_TYPE
55 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
56 select X509_CERTIFICATE_PARSER
57 select PKCS7_MESSAGE_PARSER
58 select PKCS7_VERIFY
59 select MSCODE_PARSER
60 select EFI_SIGNATURE_SUPPORT
61 help
62 Select this option to enable EFI secure boot support.
63 Once SecureBoot mode is enforced, any EFI binary can run only if
64 it is signed with a trusted key. To do that, you need to install,
65 at least, PK, KEK and db.
66
67config EFI_SIGNATURE_SUPPORT
68 bool
69
70menu "UEFI services"
71
72config EFI_GET_TIME
73 bool "GetTime() runtime service"
74 depends on DM_RTC
Heinrich Schuchardtb2625e82021-01-15 19:02:50 +010075 default y
76 help
Ilias Apalodimas17aea462024-08-30 14:45:27 +030077 Provide the GetTime() runtime service at boottime. This service
78 can be used by an EFI application to read the real time clock.
79
80config EFI_SET_TIME
81 bool "SetTime() runtime service"
82 depends on EFI_GET_TIME
83 default y if ARCH_QEMU || SANDBOX
84 help
85 Provide the SetTime() runtime service at boottime. This service
86 can be used by an EFI application to adjust the real time clock.
87
88config EFI_HAVE_RUNTIME_RESET
89 # bool "Reset runtime service is available"
90 bool
91 default y
92 depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
93 SANDBOX || SYSRESET_SBI || SYSRESET_X86
94
95endmenu
96
97menu "UEFI Variables"
Heinrich Schuchardtb2625e82021-01-15 19:02:50 +010098
Heinrich Schuchardt41bc6012020-07-14 19:18:33 +020099choice
100 prompt "Store for non-volatile UEFI variables"
101 default EFI_VARIABLE_FILE_STORE
102 help
103 Select where non-volatile UEFI variables shall be stored.
104
Heinrich Schuchardt09a8d502020-03-19 18:21:58 +0000105config EFI_VARIABLE_FILE_STORE
106 bool "Store non-volatile UEFI variables as file"
107 depends on FAT_WRITE
Heinrich Schuchardt41bc6012020-07-14 19:18:33 +0200108 help
109 Select this option if you want non-volatile UEFI variables to be
110 stored as file /ubootefi.var on the EFI system partition.
111
Ilias Apalodimas86ba8692024-04-18 15:54:50 +0300112config EFI_RT_VOLATILE_STORE
113 bool "Allow variable runtime services in volatile storage (e.g RAM)"
114 depends on EFI_VARIABLE_FILE_STORE
115 help
116 When EFI variables are stored on file we don't allow SetVariableRT,
Michal Simek0ac27982024-07-16 15:56:51 +0200117 since the OS doesn't know how to write that file. At the same time
Ilias Apalodimas86ba8692024-04-18 15:54:50 +0300118 we copy runtime variables in DRAM and support GetVariableRT
119
120 Enable this option to allow SetVariableRT on the RAM backend of
121 the EFI variable storage. The OS will be responsible for syncing
122 the RAM contents to the file, otherwise any changes made during
123 runtime won't persist reboots.
124 Authenticated variables are not supported. Note that this will
125 violate the EFI spec since writing auth variables will return
126 EFI_INVALID_PARAMETER
127
Heinrich Schuchardt41bc6012020-07-14 19:18:33 +0200128config EFI_MM_COMM_TEE
Abdellatif El Khlifi431c7b52023-08-04 14:33:44 +0100129 bool "UEFI variables storage service via the trusted world"
Tom Rini74aad482023-07-24 19:51:05 -0400130 depends on OPTEE
Heinrich Schuchardt09a8d502020-03-19 18:21:58 +0000131 help
Abdellatif El Khlifi431c7b52023-08-04 14:33:44 +0100132 Allowing access to the MM SP services (SPs such as StandAlonneMM, smm-gateway).
133 When using the u-boot OP-TEE driver, StandAlonneMM is supported.
134 When using the u-boot FF-A driver any MM SP is supported.
135
Heinrich Schuchardt41bc6012020-07-14 19:18:33 +0200136 If OP-TEE is present and running StandAloneMM, dispatch all UEFI
137 variable related operations to that. The application will verify,
138 authenticate and store the variables on an RPMB.
139
Abdellatif El Khlifi431c7b52023-08-04 14:33:44 +0100140 When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related
141 operations to the MM SP running in the secure world.
142 A door bell mechanism is used to notify the SP when there is data in the shared
143 MM buffer. The data is copied by u-boot to the shared buffer before issuing
144 the door bell event.
145
146config FFA_SHARED_MM_BUF_SIZE
147 int "Memory size of the shared MM communication buffer"
148 depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
149 help
150 This defines the size in bytes of the memory area reserved for the shared
151 buffer used for communication between the MM feature in U-Boot and
152 the MM SP in secure world.
153 The size of the memory region must be a multiple of the size of the maximum
154 translation granule size that is specified in the ID_AA64MMFR0_EL1 System register.
155 It is assumed that the MM SP knows the size of the shared MM communication buffer.
156
157config FFA_SHARED_MM_BUF_OFFSET
158 int "Data offset in the shared MM communication buffer"
159 depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
160 help
161 This defines the offset in bytes of the data read or written to in the shared
162 buffer by the MM SP.
163
164config FFA_SHARED_MM_BUF_ADDR
165 hex "Define the address of the shared MM communication buffer"
166 depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
167 help
168 This defines the address of the shared MM communication buffer
169 used for communication between the MM feature in U-Boot and
170 the MM SP in secure world.
171 It is assumed that the MM SP knows the address of the shared MM communication buffer.
172
Tom Saeger79696ce2022-03-22 15:21:10 -0600173config EFI_VARIABLE_NO_STORE
174 bool "Don't persist non-volatile UEFI variables"
175 help
176 If you choose this option, non-volatile variables cannot be persisted.
177 You could still provide non-volatile variables via
178 EFI_VARIABLES_PRESEED.
179
Heinrich Schuchardt41bc6012020-07-14 19:18:33 +0200180endchoice
Heinrich Schuchardt09a8d502020-03-19 18:21:58 +0000181
Heinrich Schuchardt4b7d5c12020-07-14 21:25:28 +0200182config EFI_VARIABLES_PRESEED
183 bool "Initial values for UEFI variables"
Tom Saeger79696ce2022-03-22 15:21:10 -0600184 depends on !EFI_MM_COMM_TEE
Heinrich Schuchardt4b7d5c12020-07-14 21:25:28 +0200185 help
186 Include a file with the initial values for non-volatile UEFI variables
187 into the U-Boot binary. If this configuration option is set, changes
188 to authentication related variables (PK, KEK, db, dbx) are not
189 allowed.
190
191if EFI_VARIABLES_PRESEED
192
193config EFI_VAR_SEED_FILE
194 string "File with initial values of non-volatile UEFI variables"
Michal Simekc44f36f2024-04-16 08:55:17 +0200195 default "ubootefi.var"
Heinrich Schuchardt4b7d5c12020-07-14 21:25:28 +0200196 help
197 File with initial values of non-volatile UEFI variables. The file must
198 be in the same format as the storage in the EFI system partition. The
199 easiest way to create it is by setting the non-volatile variables in
200 U-Boot. If a relative file path is used, it is relative to the source
201 directory.
202
203endif
204
Heinrich Schuchardt12f18612020-12-20 11:05:38 +0100205config EFI_VAR_BUF_SIZE
206 int "Memory size of the UEFI variable store"
Ilias Apalodimasc1a8e6d2023-11-06 17:47:53 +0200207 default 131072
Heinrich Schuchardt12f18612020-12-20 11:05:38 +0100208 range 4096 2147483647
209 help
210 This defines the size in bytes of the memory area reserved for keeping
211 UEFI variables.
212
Ilias Apalodimasc1a8e6d2023-11-06 17:47:53 +0200213 When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) is used the
214 available size for storing variables is defined in
215 PcdFlashNvStorageVariableSize.
216 That value is probed at runtime from U-Boot. In that case,
217 EFI_VAR_BUF_SIZE represents the memory U-Boot reserves to present
218 runtime variables to the OS.
Heinrich Schuchardt12f18612020-12-20 11:05:38 +0100219
Ilias Apalodimasc1a8e6d2023-11-06 17:47:53 +0200220 Minimum 4096, default 131072
Heinrich Schuchardt12f18612020-12-20 11:05:38 +0100221
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300222config EFI_PLATFORM_LANG_CODES
223 string "Language codes supported by firmware"
224 default "en-US"
Heinrich Schuchardtf2856ad2019-05-31 22:56:02 +0200225 help
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300226 This value is used to initialize the PlatformLangCodes variable. Its
227 value is a semicolon (;) separated list of language codes in native
228 RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
229 to initialize the PlatformLang variable.
Heinrich Schuchardtf2856ad2019-05-31 22:56:02 +0200230
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300231endmenu
Heinrich Schuchardtf2856ad2019-05-31 22:56:02 +0200232
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300233menu "Capsule support"
Jan Kiszkad4d0fec2023-01-18 22:24:59 +0100234
AKASHI Takahiro473d9b32020-11-17 09:27:55 +0900235config EFI_HAVE_CAPSULE_SUPPORT
236 bool
237
238config EFI_RUNTIME_UPDATE_CAPSULE
239 bool "UpdateCapsule() runtime service"
AKASHI Takahiro473d9b32020-11-17 09:27:55 +0900240 select EFI_HAVE_CAPSULE_SUPPORT
241 help
242 Select this option if you want to use UpdateCapsule and
243 QueryCapsuleCapabilities API's.
244
AKASHI Takahiro45b819542020-11-17 09:27:56 +0900245config EFI_CAPSULE_ON_DISK
246 bool "Enable capsule-on-disk support"
Masami Hiramatsuff744862022-03-21 22:37:56 +0900247 depends on SYSRESET
AKASHI Takahiro45b819542020-11-17 09:27:56 +0900248 select EFI_HAVE_CAPSULE_SUPPORT
AKASHI Takahiro45b819542020-11-17 09:27:56 +0900249 help
250 Select this option if you want to use capsule-on-disk feature,
251 that is, capsules can be fetched and executed from files
252 under a specific directory on UEFI system partition instead of
253 via UpdateCapsule API.
254
Ilias Apalodimasa38d0cb2021-06-29 07:55:51 +0300255config EFI_IGNORE_OSINDICATIONS
256 bool "Ignore OsIndications for CapsuleUpdate on-disk"
257 depends on EFI_CAPSULE_ON_DISK
Ilias Apalodimas44fa8ff2024-06-20 23:15:31 +0300258 default y if !EFI_RT_VOLATILE_STORE
Ilias Apalodimasa38d0cb2021-06-29 07:55:51 +0300259 help
260 There are boards where U-Boot does not support SetVariable at runtime.
261 Select this option if you want to use the capsule-on-disk feature
262 without setting the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
263 flag in variable OsIndications.
264
AKASHI Takahiro45b819542020-11-17 09:27:56 +0900265config EFI_CAPSULE_ON_DISK_EARLY
266 bool "Initiate capsule-on-disk at U-Boot boottime"
267 depends on EFI_CAPSULE_ON_DISK
AKASHI Takahiro45b819542020-11-17 09:27:56 +0900268 help
269 Normally, without this option enabled, capsules will be
270 executed only at the first time of invoking one of efi command.
271 If this option is enabled, capsules will be enforced to be
272 executed as part of U-Boot initialisation so that they will
273 surely take place whatever is set to distro_bootcmd.
274
AKASHI Takahiro7ff3f3c2020-11-17 09:28:00 +0900275config EFI_CAPSULE_FIRMWARE
276 bool
AKASHI Takahiro7ff3f3c2020-11-17 09:28:00 +0900277
AKASHI Takahiro0d963782020-11-30 18:12:11 +0900278config EFI_CAPSULE_FIRMWARE_MANAGEMENT
279 bool "Capsule: Firmware Management Protocol"
280 depends on EFI_HAVE_CAPSULE_SUPPORT
281 default y
282 help
283 Select this option if you want to enable capsule-based
284 firmware update using Firmware Management Protocol.
285
Ilias Apalodimas967334d2021-06-22 17:38:52 +0300286config EFI_CAPSULE_FIRMWARE_FIT
287 bool "FMP driver for FIT images"
288 depends on FIT
289 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
290 select UPDATE_FIT
291 select DFU
Sughosh Ganua1d9f672022-04-15 11:29:37 +0530292 select SET_DFU_ALT_INFO
Ilias Apalodimas967334d2021-06-22 17:38:52 +0300293 select EFI_CAPSULE_FIRMWARE
294 help
295 Select this option if you want to enable firmware management protocol
296 driver for FIT image
297
298config EFI_CAPSULE_FIRMWARE_RAW
299 bool "FMP driver for raw images"
300 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
301 depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
302 select DFU_WRITE_ALT
303 select DFU
Sughosh Ganua1d9f672022-04-15 11:29:37 +0530304 select SET_DFU_ALT_INFO
Ilias Apalodimas967334d2021-06-22 17:38:52 +0300305 select EFI_CAPSULE_FIRMWARE
306 help
307 Select this option if you want to enable firmware management protocol
308 driver for raw image
309
Sughosh Ganu586bb982020-12-30 19:27:09 +0530310config EFI_CAPSULE_AUTHENTICATE
311 bool "Update Capsule authentication"
312 depends on EFI_CAPSULE_FIRMWARE
313 depends on EFI_CAPSULE_ON_DISK
314 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
Alexandru Gagniuc1a69f4d2021-05-24 14:28:57 -0500315 select HASH
Sughosh Ganu586bb982020-12-30 19:27:09 +0530316 select SHA256
317 select RSA
318 select RSA_VERIFY
319 select RSA_VERIFY_WITH_PKEY
320 select X509_CERTIFICATE_PARSER
321 select PKCS7_MESSAGE_PARSER
322 select PKCS7_VERIFY
Sughosh Ganu3f5318f2021-04-07 17:23:31 +0530323 select IMAGE_SIGN_INFO
Masahisa Kojima915e4272021-05-14 09:53:36 +0900324 select EFI_SIGNATURE_SUPPORT
Sughosh Ganu586bb982020-12-30 19:27:09 +0530325 help
326 Select this option if you want to enable capsule
327 authentication
328
Etienne Carriere6326e912023-02-16 18:21:41 +0100329config EFI_CAPSULE_MAX
330 int "Max value for capsule index"
331 default 15
332 range 0 65535
333 help
334 Select the max capsule index value used for capsule report
335 variables. This value is used to create CapsuleMax variable.
336
Jonathan Humphreys0d6f8412024-06-13 15:27:53 -0500337config EFI_CAPSULE_CRT_FILE
338 string "Path to the EFI capsule public key certificate"
Sughosh Ganu3f46bcc2023-08-22 23:10:05 +0530339 depends on EFI_CAPSULE_AUTHENTICATE
340 help
Jonathan Humphreys0d6f8412024-06-13 15:27:53 -0500341 Provides the path to the EFI capsule public key certificate that
342 corresponds to the capsule signing key. This certificate will be used
343 to generate the EFI capsule ESL (signature list file) that gets
344 embedded in the platform's device tree and used for capsule
345 authentication at the time of capsule update.
Sughosh Ganu3f46bcc2023-08-22 23:10:05 +0530346
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300347endmenu
348
349menu "UEFI protocol support"
350
Heinrich Schuchardt3db35912019-05-11 09:53:33 +0200351config EFI_DEVICE_PATH_TO_TEXT
352 bool "Device path to text protocol"
353 default y
354 help
355 The device path to text protocol converts device nodes and paths to
356 human readable strings.
357
Heinrich Schuchardt1cb1a9d2021-01-16 09:44:25 +0100358config EFI_DEVICE_PATH_UTIL
359 bool "Device path utilities protocol"
360 default y
361 help
362 The device path utilities protocol creates and manipulates device
363 paths and device nodes. It is required to run the EFI Shell.
364
Heinrich Schuchardt0404b282021-01-16 09:33:24 +0100365config EFI_DT_FIXUP
366 bool "Device tree fixup protocol"
367 depends on !GENERATE_ACPI_TABLE
368 default y
369 help
370 The EFI device-tree fix-up protocol provides a function to let the
371 firmware apply fix-ups. This may be used by boot loaders.
372
Heinrich Schuchardt0cbab582019-05-08 23:17:38 +0200373config EFI_LOADER_HII
374 bool "HII protocols"
375 default y
376 help
377 The Human Interface Infrastructure is a complicated framework that
378 allows UEFI applications to draw fancy menus and hook strings using
379 a translation framework.
380
381 U-Boot implements enough of its features to be able to run the UEFI
382 Shell, but not more than that.
383
Heinrich Schuchardtb3258842019-05-16 07:52:58 +0200384config EFI_UNICODE_COLLATION_PROTOCOL2
Heinrich Schuchardt532fec72019-05-08 23:24:26 +0200385 bool "Unicode collation protocol"
386 default y
387 help
388 The Unicode collation protocol is used for lexical comparisons. It is
389 required to run the UEFI shell.
390
Heinrich Schuchardtb3258842019-05-16 07:52:58 +0200391if EFI_UNICODE_COLLATION_PROTOCOL2
Heinrich Schuchardt532fec72019-05-08 23:24:26 +0200392
Heinrich Schuchardt58ddcd32018-09-04 19:34:56 +0200393config EFI_UNICODE_CAPITALIZATION
394 bool "Support Unicode capitalization"
Heinrich Schuchardt58ddcd32018-09-04 19:34:56 +0200395 default y
396 help
397 Select this option to enable correct handling of the capitalization of
398 Unicode codepoints in the range 0x0000-0xffff. If this option is not
399 set, only the the correct handling of the letters of the codepage
400 used by the FAT file system is ensured.
401
Heinrich Schuchardt532fec72019-05-08 23:24:26 +0200402endif
403
Sughosh Ganu7064a5d2019-12-29 00:01:05 +0530404config EFI_RNG_PROTOCOL
405 bool "EFI_RNG_PROTOCOL support"
406 depends on DM_RNG
Peter Robinsonfa497522020-04-01 11:15:01 +0100407 default y
Sughosh Ganu7064a5d2019-12-29 00:01:05 +0530408 help
Heinrich Schuchardt7bcc7fc2020-02-14 23:28:58 +0100409 Provide a EFI_RNG_PROTOCOL implementation using the hardware random
410 number generator of the platform.
Sughosh Ganu7064a5d2019-12-29 00:01:05 +0530411
Ilias Apalodimas590fef62020-11-11 11:18:11 +0200412config EFI_TCG2_PROTOCOL
413 bool "EFI_TCG2_PROTOCOL support"
Ilias Apalodimascc29c9b2021-05-11 14:40:58 +0300414 default y
Ilias Apalodimas590fef62020-11-11 11:18:11 +0200415 depends on TPM_V2
Ilias Apalodimascc29c9b2021-05-11 14:40:58 +0300416 select SHA1
417 select SHA256
Ilias Apalodimascc29c9b2021-05-11 14:40:58 +0300418 select SHA384
419 select SHA512
Masahisa Kojima70be5a62021-05-26 12:09:58 +0900420 select HASH
Masahisa Kojimacd1fe7d2021-10-26 17:27:24 +0900421 select SMBIOS_PARSER
Ilias Apalodimas590fef62020-11-11 11:18:11 +0200422 help
423 Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
424 of the platform.
425
Ilias Apalodimas967650d2020-11-30 11:47:40 +0200426config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
427 int "EFI_TCG2_PROTOCOL EventLog size"
428 depends on EFI_TCG2_PROTOCOL
Masahisa Kojima8db8a962021-07-14 22:00:01 +0900429 default 65536
Ilias Apalodimas967650d2020-11-30 11:47:40 +0200430 help
431 Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
432 this is going to be allocated twice. One for the eventlog it self
433 and one for the configuration table that is required from the spec
434
Etienne Carriereb9064352023-02-16 17:29:48 +0100435config EFI_TCG2_PROTOCOL_MEASURE_DTB
436 bool "Measure DTB with EFI_TCG2_PROTOCOL"
437 depends on EFI_TCG2_PROTOCOL
438 help
439 When enabled, the DTB image passed to the booted EFI image is
440 measured using the EFI TCG2 protocol. Do not enable this feature if
441 the passed DTB contains data that change across platform reboots
442 and cannot be used has a predictable measurement. Otherwise
443 this feature allows better measurement of the system boot
444 sequence.
445
Ilias Apalodimas3510ba72020-02-21 09:55:45 +0200446config EFI_LOAD_FILE2_INITRD
447 bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
Ilias Apalodimasb307e3d2021-03-17 21:55:00 +0200448 default y
Ilias Apalodimas3510ba72020-02-21 09:55:45 +0200449 help
Ilias Apalodimasb307e3d2021-03-17 21:55:00 +0200450 Linux v5.7 and later can make use of this option. If the boot option
451 selected by the UEFI boot manager specifies an existing file to be used
452 as initial RAM disk, a Linux specific Load File2 protocol will be
453 installed and Linux 5.7+ will ignore any initrd=<ramdisk> command line
454 argument.
Ilias Apalodimas3510ba72020-02-21 09:55:45 +0200455
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300456config EFI_RISCV_BOOT_PROTOCOL
457 bool "RISCV_EFI_BOOT_PROTOCOL support"
458 default y
459 depends on RISCV
AKASHI Takahiro1900a3b2020-04-14 11:51:38 +0900460 help
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300461 The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
462 to the next boot stage. It should be enabled as it is meant to
463 replace the transfer via the device-tree. The latter is not
464 possible on systems using ACPI.
AKASHI Takahiro1900a3b2020-04-14 11:51:38 +0900465
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300466endmenu
467
468menu "Misc options"
469config EFI_LOADER_BOUNCE_BUFFER
470 bool "EFI Applications use bounce buffers for DMA operations"
471 depends on ARM64
472 help
473 Some hardware does not support DMA to full 64bit addresses. For this
474 hardware we can create a bounce buffer so that payloads don't have to
475 worry about platform details.
476
477config EFI_GRUB_ARM32_WORKAROUND
478 bool "Workaround for GRUB on 32bit ARM"
479 default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
480 default y
481 depends on ARM && !ARM64
482 help
483 GRUB prior to version 2.04 requires U-Boot to disable caches. This
484 workaround currently is also needed on systems with caches that
485 cannot be managed via CP15.
Masahisa Kojima915e4272021-05-14 09:53:36 +0900486
Jose Marinhoebb61ee2021-03-02 17:26:38 +0000487config EFI_ESRT
488 bool "Enable the UEFI ESRT generation"
489 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
490 default y
491 help
492 Enabling this option creates the ESRT UEFI system table.
493
Jose Marinhoff72cb32021-12-23 14:51:07 +0000494config EFI_ECPT
495 bool "Enable the UEFI ECPT generation"
496 default y
497 help
498 Enabling this option created the ECPT UEFI table.
499
Vincent Stehléc53cec62022-12-16 17:55:04 +0100500config EFI_EBBR_2_1_CONFORMANCE
501 bool "Add the EBBRv2.1 conformance entry to the ECPT table"
Heinrich Schuchardt7cbf7452024-07-18 14:05:09 +0200502 depends on BOOTMETH_EFI_BOOTMGR
Jose Marinhoe3b7c9b2021-12-17 12:55:05 +0000503 depends on EFI_ECPT
504 depends on EFI_LOADER_HII
505 depends on EFI_RISCV_BOOT_PROTOCOL || !RISCV
506 depends on EFI_RNG_PROTOCOL || !DM_RNG
507 depends on EFI_UNICODE_COLLATION_PROTOCOL2
508 default y
509 help
Vincent Stehléc53cec62022-12-16 17:55:04 +0100510 Enabling this option adds the EBBRv2.1 conformance entry to the ECPT UEFI table.
Jose Marinhoe3b7c9b2021-12-17 12:55:05 +0000511
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300512config EFI_SCROLL_ON_CLEAR_SCREEN
513 bool "Avoid overwriting previous output on clear screen"
514 help
515 Instead of erasing the screen content when the console screen should
516 be cleared, emit blank new lines so that previous output is scrolled
517 out of sight rather than overwritten. On serial consoles this allows
518 to capture complete boot logs (except for interactive menus etc.)
519 and can ease debugging related issues.
520
521endmenu
522
523menu "EFI bootmanager"
524
525config EFI_BOOTMGR
526 bool "UEFI Boot Manager"
Sunil V L279d1c82022-01-28 20:48:44 +0530527 default y
Sunil V L279d1c82022-01-28 20:48:44 +0530528 help
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300529 Select this option if you want to select the UEFI binary to be booted
530 via UEFI variables Boot####, BootOrder, and BootNext. You should also
531 normally enable CMD_BOOTEFI_BOOTMGR so that the command is available.
Sunil V L279d1c82022-01-28 20:48:44 +0530532
Masahisa Kojima949c4412023-11-10 13:25:40 +0900533config EFI_HTTP_BOOT
534 bool "EFI HTTP Boot support"
535 select CMD_DNS
536 select CMD_WGET
537 select BLKMAP
538 help
539 Enabling this option adds EFI HTTP Boot support. It allows to
540 directly boot from network.
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300541endmenu
Masahisa Kojima949c4412023-11-10 13:25:40 +0900542
Heinrich Schuchardt0cbab582019-05-08 23:17:38 +0200543endif
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300544
545source "lib/efi/Kconfig"
546
547endmenu