blob: e58b882560537ec43b8f6df37d9906c69afbd59c [file] [log] [blame]
Ilias Apalodimas17aea462024-08-30 14:45:27 +03001menu "UEFI Support"
2
Alexander Graf67ee7052016-03-04 01:10:07 +01003config EFI_LOADER
Heinrich Schuchardt96b236a2019-05-11 10:27:58 +02004 bool "Support running UEFI applications"
Heinrich Schuchardt79cea672019-11-17 10:44:16 +01005 depends on OF_LIBFDT && ( \
Heinrich Schuchardt30c3a5f2019-11-19 04:19:09 +01006 ARM && (SYS_CPU = arm1136 || \
7 SYS_CPU = arm1176 || \
8 SYS_CPU = armv7 || \
9 SYS_CPU = armv8) || \
Heinrich Schuchardt79cea672019-11-17 10:44:16 +010010 X86 || RISCV || SANDBOX)
Alexander Graf5e247172018-01-24 14:54:21 +010011 # We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
12 depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
13 # We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
14 depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
Simon Glass49a643b2021-11-03 21:09:07 -060015 depends on !EFI_APP
Heinrich Schuchardtac212dc2019-11-20 18:48:02 +010016 default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
Tom Rinicec15482024-06-04 19:37:40 -060017 select BLK
Heinrich Schuchardt013aabb2022-05-02 06:27:00 +020018 select CHARSET
Tom Rini7d3684a2023-01-16 15:46:49 -050019 # We need to send DM events, dynamically, in the EFI block driver
AKASHI Takahiro2381f2e2022-04-19 10:05:12 +090020 select DM_EVENT
21 select EVENT_DYNAMIC
Adam Ford70c8f052018-02-06 12:14:28 -060022 select LIB_UUID
AKASHI Takahiroae18a672022-04-19 10:01:56 +090023 imply PARTITION_UUIDS
Heinrich Schuchardt9e18bfa2019-01-22 21:35:23 +010024 select REGEX
Heinrich Schuchardt6c46aaa2020-03-21 20:45:50 +010025 imply FAT
26 imply FAT_WRITE
Heinrich Schuchardt29db4c52019-12-04 22:58:58 +010027 imply USB_KEYBOARD_FN_KEYS
Heinrich Schuchardt8a7514a2020-01-15 00:49:35 +010028 imply VIDEO_ANSI
Alexander Graf67ee7052016-03-04 01:10:07 +010029 help
Heinrich Schuchardt96b236a2019-05-11 10:27:58 +020030 Select this option if you want to run UEFI applications (like GNU
31 GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
32 will expose the UEFI API to a loaded application, enabling it to
33 reuse U-Boot's device drivers.
Alexander Graf7c00a3c2016-05-11 18:25:48 +020034
Heinrich Schuchardt0cbab582019-05-08 23:17:38 +020035if EFI_LOADER
36
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +090037config EFI_BINARY_EXEC
38 bool "Execute UEFI binary"
39 default y
40 help
41 Select this option if you want to execute the UEFI binary after
42 loading it with U-Boot load commands or other methods.
43 You may enable CMD_BOOTEFI_BINARY so that you can use bootefi
44 command to do that.
45
Ilias Apalodimas17aea462024-08-30 14:45:27 +030046config EFI_SECURE_BOOT
47 bool "Enable EFI secure boot support"
48 depends on EFI_LOADER && FIT_SIGNATURE
49 select HASH
50 select SHA256
51 select RSA
52 select RSA_VERIFY_WITH_PKEY
53 select IMAGE_SIGN_INFO
54 select ASYMMETRIC_KEY_TYPE
55 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
56 select X509_CERTIFICATE_PARSER
57 select PKCS7_MESSAGE_PARSER
58 select PKCS7_VERIFY
59 select MSCODE_PARSER
60 select EFI_SIGNATURE_SUPPORT
61 help
62 Select this option to enable EFI secure boot support.
63 Once SecureBoot mode is enforced, any EFI binary can run only if
64 it is signed with a trusted key. To do that, you need to install,
65 at least, PK, KEK and db.
66
67config EFI_SIGNATURE_SUPPORT
68 bool
69
70menu "UEFI services"
71
72config EFI_GET_TIME
73 bool "GetTime() runtime service"
74 depends on DM_RTC
Heinrich Schuchardtb2625e82021-01-15 19:02:50 +010075 default y
76 help
Ilias Apalodimas17aea462024-08-30 14:45:27 +030077 Provide the GetTime() runtime service at boottime. This service
78 can be used by an EFI application to read the real time clock.
79
80config EFI_SET_TIME
81 bool "SetTime() runtime service"
82 depends on EFI_GET_TIME
83 default y if ARCH_QEMU || SANDBOX
84 help
85 Provide the SetTime() runtime service at boottime. This service
86 can be used by an EFI application to adjust the real time clock.
87
88config EFI_HAVE_RUNTIME_RESET
89 # bool "Reset runtime service is available"
90 bool
91 default y
92 depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
93 SANDBOX || SYSRESET_SBI || SYSRESET_X86
94
95endmenu
96
97menu "UEFI Variables"
Heinrich Schuchardtb2625e82021-01-15 19:02:50 +010098
Heinrich Schuchardt41bc6012020-07-14 19:18:33 +020099choice
100 prompt "Store for non-volatile UEFI variables"
101 default EFI_VARIABLE_FILE_STORE
102 help
103 Select where non-volatile UEFI variables shall be stored.
104
Heinrich Schuchardt09a8d502020-03-19 18:21:58 +0000105config EFI_VARIABLE_FILE_STORE
106 bool "Store non-volatile UEFI variables as file"
107 depends on FAT_WRITE
Heinrich Schuchardt41bc6012020-07-14 19:18:33 +0200108 help
109 Select this option if you want non-volatile UEFI variables to be
110 stored as file /ubootefi.var on the EFI system partition.
111
Ilias Apalodimas86ba8692024-04-18 15:54:50 +0300112config EFI_RT_VOLATILE_STORE
113 bool "Allow variable runtime services in volatile storage (e.g RAM)"
114 depends on EFI_VARIABLE_FILE_STORE
115 help
116 When EFI variables are stored on file we don't allow SetVariableRT,
Michal Simek0ac27982024-07-16 15:56:51 +0200117 since the OS doesn't know how to write that file. At the same time
Ilias Apalodimas86ba8692024-04-18 15:54:50 +0300118 we copy runtime variables in DRAM and support GetVariableRT
119
120 Enable this option to allow SetVariableRT on the RAM backend of
121 the EFI variable storage. The OS will be responsible for syncing
122 the RAM contents to the file, otherwise any changes made during
123 runtime won't persist reboots.
124 Authenticated variables are not supported. Note that this will
125 violate the EFI spec since writing auth variables will return
126 EFI_INVALID_PARAMETER
127
Heinrich Schuchardt41bc6012020-07-14 19:18:33 +0200128config EFI_MM_COMM_TEE
Abdellatif El Khlifi431c7b52023-08-04 14:33:44 +0100129 bool "UEFI variables storage service via the trusted world"
Tom Rini74aad482023-07-24 19:51:05 -0400130 depends on OPTEE
Heinrich Schuchardt09a8d502020-03-19 18:21:58 +0000131 help
Abdellatif El Khlifi431c7b52023-08-04 14:33:44 +0100132 Allowing access to the MM SP services (SPs such as StandAlonneMM, smm-gateway).
133 When using the u-boot OP-TEE driver, StandAlonneMM is supported.
134 When using the u-boot FF-A driver any MM SP is supported.
135
Heinrich Schuchardt41bc6012020-07-14 19:18:33 +0200136 If OP-TEE is present and running StandAloneMM, dispatch all UEFI
137 variable related operations to that. The application will verify,
138 authenticate and store the variables on an RPMB.
139
Abdellatif El Khlifi431c7b52023-08-04 14:33:44 +0100140 When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related
141 operations to the MM SP running in the secure world.
142 A door bell mechanism is used to notify the SP when there is data in the shared
143 MM buffer. The data is copied by u-boot to the shared buffer before issuing
144 the door bell event.
145
146config FFA_SHARED_MM_BUF_SIZE
147 int "Memory size of the shared MM communication buffer"
148 depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
149 help
150 This defines the size in bytes of the memory area reserved for the shared
151 buffer used for communication between the MM feature in U-Boot and
152 the MM SP in secure world.
153 The size of the memory region must be a multiple of the size of the maximum
154 translation granule size that is specified in the ID_AA64MMFR0_EL1 System register.
155 It is assumed that the MM SP knows the size of the shared MM communication buffer.
156
157config FFA_SHARED_MM_BUF_OFFSET
158 int "Data offset in the shared MM communication buffer"
159 depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
160 help
161 This defines the offset in bytes of the data read or written to in the shared
162 buffer by the MM SP.
163
164config FFA_SHARED_MM_BUF_ADDR
165 hex "Define the address of the shared MM communication buffer"
166 depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
167 help
168 This defines the address of the shared MM communication buffer
169 used for communication between the MM feature in U-Boot and
170 the MM SP in secure world.
171 It is assumed that the MM SP knows the address of the shared MM communication buffer.
172
Tom Saeger79696ce2022-03-22 15:21:10 -0600173config EFI_VARIABLE_NO_STORE
174 bool "Don't persist non-volatile UEFI variables"
175 help
176 If you choose this option, non-volatile variables cannot be persisted.
177 You could still provide non-volatile variables via
178 EFI_VARIABLES_PRESEED.
179
Heinrich Schuchardt41bc6012020-07-14 19:18:33 +0200180endchoice
Heinrich Schuchardt09a8d502020-03-19 18:21:58 +0000181
Heinrich Schuchardt4b7d5c12020-07-14 21:25:28 +0200182config EFI_VARIABLES_PRESEED
183 bool "Initial values for UEFI variables"
Tom Saeger79696ce2022-03-22 15:21:10 -0600184 depends on !EFI_MM_COMM_TEE
Heinrich Schuchardt4b7d5c12020-07-14 21:25:28 +0200185 help
186 Include a file with the initial values for non-volatile UEFI variables
187 into the U-Boot binary. If this configuration option is set, changes
188 to authentication related variables (PK, KEK, db, dbx) are not
189 allowed.
190
191if EFI_VARIABLES_PRESEED
192
193config EFI_VAR_SEED_FILE
194 string "File with initial values of non-volatile UEFI variables"
Michal Simekc44f36f2024-04-16 08:55:17 +0200195 default "ubootefi.var"
Heinrich Schuchardt4b7d5c12020-07-14 21:25:28 +0200196 help
197 File with initial values of non-volatile UEFI variables. The file must
198 be in the same format as the storage in the EFI system partition. The
199 easiest way to create it is by setting the non-volatile variables in
200 U-Boot. If a relative file path is used, it is relative to the source
201 directory.
202
203endif
204
Heinrich Schuchardt12f18612020-12-20 11:05:38 +0100205config EFI_VAR_BUF_SIZE
206 int "Memory size of the UEFI variable store"
Ilias Apalodimasc1a8e6d2023-11-06 17:47:53 +0200207 default 131072
Heinrich Schuchardt12f18612020-12-20 11:05:38 +0100208 range 4096 2147483647
209 help
210 This defines the size in bytes of the memory area reserved for keeping
211 UEFI variables.
212
Ilias Apalodimasc1a8e6d2023-11-06 17:47:53 +0200213 When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) is used the
214 available size for storing variables is defined in
215 PcdFlashNvStorageVariableSize.
216 That value is probed at runtime from U-Boot. In that case,
217 EFI_VAR_BUF_SIZE represents the memory U-Boot reserves to present
218 runtime variables to the OS.
Heinrich Schuchardt12f18612020-12-20 11:05:38 +0100219
Ilias Apalodimasc1a8e6d2023-11-06 17:47:53 +0200220 Minimum 4096, default 131072
Heinrich Schuchardt12f18612020-12-20 11:05:38 +0100221
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300222config EFI_PLATFORM_LANG_CODES
223 string "Language codes supported by firmware"
224 default "en-US"
Heinrich Schuchardtf2856ad2019-05-31 22:56:02 +0200225 help
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300226 This value is used to initialize the PlatformLangCodes variable. Its
227 value is a semicolon (;) separated list of language codes in native
228 RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
229 to initialize the PlatformLang variable.
Heinrich Schuchardtf2856ad2019-05-31 22:56:02 +0200230
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300231endmenu
Heinrich Schuchardtf2856ad2019-05-31 22:56:02 +0200232
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300233menu "Capsule support"
Jan Kiszkad4d0fec2023-01-18 22:24:59 +0100234
AKASHI Takahiro473d9b32020-11-17 09:27:55 +0900235config EFI_HAVE_CAPSULE_SUPPORT
236 bool
237
238config EFI_RUNTIME_UPDATE_CAPSULE
239 bool "UpdateCapsule() runtime service"
AKASHI Takahiro473d9b32020-11-17 09:27:55 +0900240 select EFI_HAVE_CAPSULE_SUPPORT
241 help
242 Select this option if you want to use UpdateCapsule and
243 QueryCapsuleCapabilities API's.
244
AKASHI Takahiro45b819542020-11-17 09:27:56 +0900245config EFI_CAPSULE_ON_DISK
246 bool "Enable capsule-on-disk support"
Masami Hiramatsuff744862022-03-21 22:37:56 +0900247 depends on SYSRESET
AKASHI Takahiro45b819542020-11-17 09:27:56 +0900248 select EFI_HAVE_CAPSULE_SUPPORT
AKASHI Takahiro45b819542020-11-17 09:27:56 +0900249 help
250 Select this option if you want to use capsule-on-disk feature,
251 that is, capsules can be fetched and executed from files
252 under a specific directory on UEFI system partition instead of
253 via UpdateCapsule API.
254
Ilias Apalodimasa38d0cb2021-06-29 07:55:51 +0300255config EFI_IGNORE_OSINDICATIONS
256 bool "Ignore OsIndications for CapsuleUpdate on-disk"
257 depends on EFI_CAPSULE_ON_DISK
Ilias Apalodimas44fa8ff2024-06-20 23:15:31 +0300258 default y if !EFI_RT_VOLATILE_STORE
Ilias Apalodimasa38d0cb2021-06-29 07:55:51 +0300259 help
260 There are boards where U-Boot does not support SetVariable at runtime.
261 Select this option if you want to use the capsule-on-disk feature
262 without setting the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
263 flag in variable OsIndications.
264
AKASHI Takahiro45b819542020-11-17 09:27:56 +0900265config EFI_CAPSULE_ON_DISK_EARLY
266 bool "Initiate capsule-on-disk at U-Boot boottime"
267 depends on EFI_CAPSULE_ON_DISK
AKASHI Takahiro45b819542020-11-17 09:27:56 +0900268 help
269 Normally, without this option enabled, capsules will be
270 executed only at the first time of invoking one of efi command.
271 If this option is enabled, capsules will be enforced to be
272 executed as part of U-Boot initialisation so that they will
273 surely take place whatever is set to distro_bootcmd.
274
Caleb Connolly3744e472024-08-30 13:34:33 +0100275config EFI_CAPSULE_NAMESPACE_GUID
276 string "Namespace for dynamic capsule GUIDs"
277 # v4 UUID as a default for upstream U-Boot boards
278 default "8c9f137e-91dc-427b-b2d6-b420faebaf2a"
279 depends on EFI_HAVE_CAPSULE_SUPPORT
280 help
281 Define the namespace or "salt" GUID used to generate the per-image
282 GUIDs. This should be a GUID in the standard 8-4-4-4-12 format.
283
284 Device vendors are expected to generate their own namespace GUID
285 to avoid conflicts with upstream/community images.
286
AKASHI Takahiro7ff3f3c2020-11-17 09:28:00 +0900287config EFI_CAPSULE_FIRMWARE
288 bool
AKASHI Takahiro7ff3f3c2020-11-17 09:28:00 +0900289
AKASHI Takahiro0d963782020-11-30 18:12:11 +0900290config EFI_CAPSULE_FIRMWARE_MANAGEMENT
291 bool "Capsule: Firmware Management Protocol"
292 depends on EFI_HAVE_CAPSULE_SUPPORT
293 default y
294 help
295 Select this option if you want to enable capsule-based
296 firmware update using Firmware Management Protocol.
297
Ilias Apalodimas967334d2021-06-22 17:38:52 +0300298config EFI_CAPSULE_FIRMWARE_FIT
299 bool "FMP driver for FIT images"
300 depends on FIT
301 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
302 select UPDATE_FIT
303 select DFU
Sughosh Ganua1d9f672022-04-15 11:29:37 +0530304 select SET_DFU_ALT_INFO
Ilias Apalodimas967334d2021-06-22 17:38:52 +0300305 select EFI_CAPSULE_FIRMWARE
306 help
307 Select this option if you want to enable firmware management protocol
308 driver for FIT image
309
310config EFI_CAPSULE_FIRMWARE_RAW
311 bool "FMP driver for raw images"
312 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
313 depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
314 select DFU_WRITE_ALT
315 select DFU
Sughosh Ganua1d9f672022-04-15 11:29:37 +0530316 select SET_DFU_ALT_INFO
Ilias Apalodimas967334d2021-06-22 17:38:52 +0300317 select EFI_CAPSULE_FIRMWARE
318 help
319 Select this option if you want to enable firmware management protocol
320 driver for raw image
321
Sughosh Ganu586bb982020-12-30 19:27:09 +0530322config EFI_CAPSULE_AUTHENTICATE
323 bool "Update Capsule authentication"
324 depends on EFI_CAPSULE_FIRMWARE
325 depends on EFI_CAPSULE_ON_DISK
326 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
Alexandru Gagniuc1a69f4d2021-05-24 14:28:57 -0500327 select HASH
Sughosh Ganu586bb982020-12-30 19:27:09 +0530328 select SHA256
329 select RSA
330 select RSA_VERIFY
331 select RSA_VERIFY_WITH_PKEY
332 select X509_CERTIFICATE_PARSER
333 select PKCS7_MESSAGE_PARSER
334 select PKCS7_VERIFY
Sughosh Ganu3f5318f2021-04-07 17:23:31 +0530335 select IMAGE_SIGN_INFO
Masahisa Kojima915e4272021-05-14 09:53:36 +0900336 select EFI_SIGNATURE_SUPPORT
Sughosh Ganu586bb982020-12-30 19:27:09 +0530337 help
338 Select this option if you want to enable capsule
339 authentication
340
Etienne Carriere6326e912023-02-16 18:21:41 +0100341config EFI_CAPSULE_MAX
342 int "Max value for capsule index"
343 default 15
344 range 0 65535
345 help
346 Select the max capsule index value used for capsule report
347 variables. This value is used to create CapsuleMax variable.
348
Jonathan Humphreys0d6f8412024-06-13 15:27:53 -0500349config EFI_CAPSULE_CRT_FILE
350 string "Path to the EFI capsule public key certificate"
Sughosh Ganu3f46bcc2023-08-22 23:10:05 +0530351 depends on EFI_CAPSULE_AUTHENTICATE
352 help
Jonathan Humphreys0d6f8412024-06-13 15:27:53 -0500353 Provides the path to the EFI capsule public key certificate that
354 corresponds to the capsule signing key. This certificate will be used
355 to generate the EFI capsule ESL (signature list file) that gets
356 embedded in the platform's device tree and used for capsule
357 authentication at the time of capsule update.
Sughosh Ganu3f46bcc2023-08-22 23:10:05 +0530358
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300359endmenu
360
361menu "UEFI protocol support"
362
Heinrich Schuchardt3db35912019-05-11 09:53:33 +0200363config EFI_DEVICE_PATH_TO_TEXT
364 bool "Device path to text protocol"
365 default y
366 help
367 The device path to text protocol converts device nodes and paths to
368 human readable strings.
369
Heinrich Schuchardt1cb1a9d2021-01-16 09:44:25 +0100370config EFI_DEVICE_PATH_UTIL
371 bool "Device path utilities protocol"
372 default y
373 help
374 The device path utilities protocol creates and manipulates device
375 paths and device nodes. It is required to run the EFI Shell.
376
Heinrich Schuchardt0404b282021-01-16 09:33:24 +0100377config EFI_DT_FIXUP
378 bool "Device tree fixup protocol"
379 depends on !GENERATE_ACPI_TABLE
380 default y
381 help
382 The EFI device-tree fix-up protocol provides a function to let the
383 firmware apply fix-ups. This may be used by boot loaders.
384
Heinrich Schuchardt0cbab582019-05-08 23:17:38 +0200385config EFI_LOADER_HII
386 bool "HII protocols"
387 default y
388 help
389 The Human Interface Infrastructure is a complicated framework that
390 allows UEFI applications to draw fancy menus and hook strings using
391 a translation framework.
392
393 U-Boot implements enough of its features to be able to run the UEFI
394 Shell, but not more than that.
395
Heinrich Schuchardtb3258842019-05-16 07:52:58 +0200396config EFI_UNICODE_COLLATION_PROTOCOL2
Heinrich Schuchardt532fec72019-05-08 23:24:26 +0200397 bool "Unicode collation protocol"
398 default y
399 help
400 The Unicode collation protocol is used for lexical comparisons. It is
401 required to run the UEFI shell.
402
Heinrich Schuchardtb3258842019-05-16 07:52:58 +0200403if EFI_UNICODE_COLLATION_PROTOCOL2
Heinrich Schuchardt532fec72019-05-08 23:24:26 +0200404
Heinrich Schuchardt58ddcd32018-09-04 19:34:56 +0200405config EFI_UNICODE_CAPITALIZATION
406 bool "Support Unicode capitalization"
Heinrich Schuchardt58ddcd32018-09-04 19:34:56 +0200407 default y
408 help
409 Select this option to enable correct handling of the capitalization of
410 Unicode codepoints in the range 0x0000-0xffff. If this option is not
411 set, only the the correct handling of the letters of the codepage
412 used by the FAT file system is ensured.
413
Heinrich Schuchardt532fec72019-05-08 23:24:26 +0200414endif
415
Sughosh Ganu7064a5d2019-12-29 00:01:05 +0530416config EFI_RNG_PROTOCOL
417 bool "EFI_RNG_PROTOCOL support"
418 depends on DM_RNG
Peter Robinsonfa497522020-04-01 11:15:01 +0100419 default y
Sughosh Ganu7064a5d2019-12-29 00:01:05 +0530420 help
Heinrich Schuchardt7bcc7fc2020-02-14 23:28:58 +0100421 Provide a EFI_RNG_PROTOCOL implementation using the hardware random
422 number generator of the platform.
Sughosh Ganu7064a5d2019-12-29 00:01:05 +0530423
Ilias Apalodimas590fef62020-11-11 11:18:11 +0200424config EFI_TCG2_PROTOCOL
425 bool "EFI_TCG2_PROTOCOL support"
Ilias Apalodimascc29c9b2021-05-11 14:40:58 +0300426 default y
Ilias Apalodimas590fef62020-11-11 11:18:11 +0200427 depends on TPM_V2
Ilias Apalodimascc29c9b2021-05-11 14:40:58 +0300428 select SHA1
429 select SHA256
Ilias Apalodimascc29c9b2021-05-11 14:40:58 +0300430 select SHA384
431 select SHA512
Masahisa Kojima70be5a62021-05-26 12:09:58 +0900432 select HASH
Masahisa Kojimacd1fe7d2021-10-26 17:27:24 +0900433 select SMBIOS_PARSER
Ilias Apalodimas590fef62020-11-11 11:18:11 +0200434 help
435 Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
436 of the platform.
437
Ilias Apalodimas967650d2020-11-30 11:47:40 +0200438config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
439 int "EFI_TCG2_PROTOCOL EventLog size"
440 depends on EFI_TCG2_PROTOCOL
Masahisa Kojima8db8a962021-07-14 22:00:01 +0900441 default 65536
Ilias Apalodimas967650d2020-11-30 11:47:40 +0200442 help
443 Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
444 this is going to be allocated twice. One for the eventlog it self
445 and one for the configuration table that is required from the spec
446
Etienne Carriereb9064352023-02-16 17:29:48 +0100447config EFI_TCG2_PROTOCOL_MEASURE_DTB
448 bool "Measure DTB with EFI_TCG2_PROTOCOL"
449 depends on EFI_TCG2_PROTOCOL
450 help
451 When enabled, the DTB image passed to the booted EFI image is
452 measured using the EFI TCG2 protocol. Do not enable this feature if
453 the passed DTB contains data that change across platform reboots
454 and cannot be used has a predictable measurement. Otherwise
455 this feature allows better measurement of the system boot
456 sequence.
457
Ilias Apalodimas3510ba72020-02-21 09:55:45 +0200458config EFI_LOAD_FILE2_INITRD
459 bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
Ilias Apalodimasb307e3d2021-03-17 21:55:00 +0200460 default y
Ilias Apalodimas3510ba72020-02-21 09:55:45 +0200461 help
Ilias Apalodimasb307e3d2021-03-17 21:55:00 +0200462 Linux v5.7 and later can make use of this option. If the boot option
463 selected by the UEFI boot manager specifies an existing file to be used
464 as initial RAM disk, a Linux specific Load File2 protocol will be
465 installed and Linux 5.7+ will ignore any initrd=<ramdisk> command line
466 argument.
Ilias Apalodimas3510ba72020-02-21 09:55:45 +0200467
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300468config EFI_RISCV_BOOT_PROTOCOL
469 bool "RISCV_EFI_BOOT_PROTOCOL support"
470 default y
471 depends on RISCV
AKASHI Takahiro1900a3b2020-04-14 11:51:38 +0900472 help
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300473 The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
474 to the next boot stage. It should be enabled as it is meant to
475 replace the transfer via the device-tree. The latter is not
476 possible on systems using ACPI.
AKASHI Takahiro1900a3b2020-04-14 11:51:38 +0900477
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300478endmenu
479
480menu "Misc options"
481config EFI_LOADER_BOUNCE_BUFFER
482 bool "EFI Applications use bounce buffers for DMA operations"
483 depends on ARM64
484 help
485 Some hardware does not support DMA to full 64bit addresses. For this
486 hardware we can create a bounce buffer so that payloads don't have to
487 worry about platform details.
488
489config EFI_GRUB_ARM32_WORKAROUND
490 bool "Workaround for GRUB on 32bit ARM"
491 default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
492 default y
493 depends on ARM && !ARM64
494 help
495 GRUB prior to version 2.04 requires U-Boot to disable caches. This
496 workaround currently is also needed on systems with caches that
497 cannot be managed via CP15.
Masahisa Kojima915e4272021-05-14 09:53:36 +0900498
Jose Marinhoebb61ee2021-03-02 17:26:38 +0000499config EFI_ESRT
500 bool "Enable the UEFI ESRT generation"
501 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
502 default y
503 help
504 Enabling this option creates the ESRT UEFI system table.
505
Jose Marinhoff72cb32021-12-23 14:51:07 +0000506config EFI_ECPT
507 bool "Enable the UEFI ECPT generation"
508 default y
509 help
510 Enabling this option created the ECPT UEFI table.
511
Vincent Stehléc53cec62022-12-16 17:55:04 +0100512config EFI_EBBR_2_1_CONFORMANCE
513 bool "Add the EBBRv2.1 conformance entry to the ECPT table"
Heinrich Schuchardt7cbf7452024-07-18 14:05:09 +0200514 depends on BOOTMETH_EFI_BOOTMGR
Jose Marinhoe3b7c9b2021-12-17 12:55:05 +0000515 depends on EFI_ECPT
516 depends on EFI_LOADER_HII
517 depends on EFI_RISCV_BOOT_PROTOCOL || !RISCV
518 depends on EFI_RNG_PROTOCOL || !DM_RNG
519 depends on EFI_UNICODE_COLLATION_PROTOCOL2
520 default y
521 help
Vincent Stehléc53cec62022-12-16 17:55:04 +0100522 Enabling this option adds the EBBRv2.1 conformance entry to the ECPT UEFI table.
Jose Marinhoe3b7c9b2021-12-17 12:55:05 +0000523
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300524config EFI_SCROLL_ON_CLEAR_SCREEN
525 bool "Avoid overwriting previous output on clear screen"
526 help
527 Instead of erasing the screen content when the console screen should
528 be cleared, emit blank new lines so that previous output is scrolled
529 out of sight rather than overwritten. On serial consoles this allows
530 to capture complete boot logs (except for interactive menus etc.)
531 and can ease debugging related issues.
532
533endmenu
534
535menu "EFI bootmanager"
536
537config EFI_BOOTMGR
538 bool "UEFI Boot Manager"
Sunil V L279d1c82022-01-28 20:48:44 +0530539 default y
Sunil V L279d1c82022-01-28 20:48:44 +0530540 help
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300541 Select this option if you want to select the UEFI binary to be booted
542 via UEFI variables Boot####, BootOrder, and BootNext. You should also
543 normally enable CMD_BOOTEFI_BOOTMGR so that the command is available.
Sunil V L279d1c82022-01-28 20:48:44 +0530544
Masahisa Kojima949c4412023-11-10 13:25:40 +0900545config EFI_HTTP_BOOT
546 bool "EFI HTTP Boot support"
547 select CMD_DNS
548 select CMD_WGET
549 select BLKMAP
550 help
551 Enabling this option adds EFI HTTP Boot support. It allows to
552 directly boot from network.
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300553endmenu
Masahisa Kojima949c4412023-11-10 13:25:40 +0900554
Heinrich Schuchardt0cbab582019-05-08 23:17:38 +0200555endif
Ilias Apalodimas17aea462024-08-30 14:45:27 +0300556
557source "lib/efi/Kconfig"
558
559endmenu