mirror of
https://github.com/smaeul/u-boot.git
synced 2025-11-03 21:48:15 +00:00
31cadc3635
Enable EFI_SET_TIME on the sandbox and QEMU ARM to ensure that we compile and test the relevant code. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
230 lines
6.9 KiB
Plaintext
230 lines
6.9 KiB
Plaintext
config EFI_LOADER
|
|
bool "Support running UEFI applications"
|
|
depends on OF_LIBFDT && ( \
|
|
ARM && (SYS_CPU = arm1136 || \
|
|
SYS_CPU = arm1176 || \
|
|
SYS_CPU = armv7 || \
|
|
SYS_CPU = armv8) || \
|
|
X86 || RISCV || SANDBOX)
|
|
# We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
|
|
depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
|
|
# We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
|
|
depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
|
|
default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
|
|
select LIB_UUID
|
|
select HAVE_BLOCK_DEVICE
|
|
select REGEX
|
|
imply CFB_CONSOLE_ANSI
|
|
imply FAT
|
|
imply FAT_WRITE
|
|
imply USB_KEYBOARD_FN_KEYS
|
|
imply VIDEO_ANSI
|
|
help
|
|
Select this option if you want to run UEFI applications (like GNU
|
|
GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
|
|
will expose the UEFI API to a loaded application, enabling it to
|
|
reuse U-Boot's device drivers.
|
|
|
|
if EFI_LOADER
|
|
|
|
config EFI_SETUP_EARLY
|
|
bool
|
|
default n
|
|
|
|
choice
|
|
prompt "Store for non-volatile UEFI variables"
|
|
default EFI_VARIABLE_FILE_STORE
|
|
help
|
|
Select where non-volatile UEFI variables shall be stored.
|
|
|
|
config EFI_VARIABLE_FILE_STORE
|
|
bool "Store non-volatile UEFI variables as file"
|
|
depends on FAT_WRITE
|
|
help
|
|
Select this option if you want non-volatile UEFI variables to be
|
|
stored as file /ubootefi.var on the EFI system partition.
|
|
|
|
config EFI_MM_COMM_TEE
|
|
bool "UEFI variables storage service via OP-TEE"
|
|
depends on OPTEE
|
|
help
|
|
If OP-TEE is present and running StandAloneMM, dispatch all UEFI
|
|
variable related operations to that. The application will verify,
|
|
authenticate and store the variables on an RPMB.
|
|
|
|
endchoice
|
|
|
|
config EFI_VARIABLES_PRESEED
|
|
bool "Initial values for UEFI variables"
|
|
depends on EFI_VARIABLE_FILE_STORE
|
|
help
|
|
Include a file with the initial values for non-volatile UEFI variables
|
|
into the U-Boot binary. If this configuration option is set, changes
|
|
to authentication related variables (PK, KEK, db, dbx) are not
|
|
allowed.
|
|
|
|
if EFI_VARIABLES_PRESEED
|
|
|
|
config EFI_VAR_SEED_FILE
|
|
string "File with initial values of non-volatile UEFI variables"
|
|
default ubootefi.var
|
|
help
|
|
File with initial values of non-volatile UEFI variables. The file must
|
|
be in the same format as the storage in the EFI system partition. The
|
|
easiest way to create it is by setting the non-volatile variables in
|
|
U-Boot. If a relative file path is used, it is relative to the source
|
|
directory.
|
|
|
|
endif
|
|
|
|
config EFI_GET_TIME
|
|
bool "GetTime() runtime service"
|
|
depends on DM_RTC
|
|
default y
|
|
help
|
|
Provide the GetTime() runtime service at boottime. This service
|
|
can be used by an EFI application to read the real time clock.
|
|
|
|
config EFI_SET_TIME
|
|
bool "SetTime() runtime service"
|
|
depends on EFI_GET_TIME
|
|
default y if ARCH_QEMU || SANDBOX
|
|
default n
|
|
help
|
|
Provide the SetTime() runtime service at boottime. This service
|
|
can be used by an EFI application to adjust the real time clock.
|
|
|
|
config EFI_DEVICE_PATH_TO_TEXT
|
|
bool "Device path to text protocol"
|
|
default y
|
|
help
|
|
The device path to text protocol converts device nodes and paths to
|
|
human readable strings.
|
|
|
|
config EFI_LOADER_HII
|
|
bool "HII protocols"
|
|
default y
|
|
help
|
|
The Human Interface Infrastructure is a complicated framework that
|
|
allows UEFI applications to draw fancy menus and hook strings using
|
|
a translation framework.
|
|
|
|
U-Boot implements enough of its features to be able to run the UEFI
|
|
Shell, but not more than that.
|
|
|
|
config EFI_UNICODE_COLLATION_PROTOCOL2
|
|
bool "Unicode collation protocol"
|
|
default y
|
|
help
|
|
The Unicode collation protocol is used for lexical comparisons. It is
|
|
required to run the UEFI shell.
|
|
|
|
if EFI_UNICODE_COLLATION_PROTOCOL2
|
|
|
|
config EFI_UNICODE_CAPITALIZATION
|
|
bool "Support Unicode capitalization"
|
|
default y
|
|
help
|
|
Select this option to enable correct handling of the capitalization of
|
|
Unicode codepoints in the range 0x0000-0xffff. If this option is not
|
|
set, only the the correct handling of the letters of the codepage
|
|
used by the FAT file system is ensured.
|
|
|
|
config EFI_UNICODE_COLLATION_PROTOCOL
|
|
bool "Deprecated version of the Unicode collation protocol"
|
|
default n
|
|
help
|
|
In EFI 1.10 a version of the Unicode collation protocol using ISO
|
|
639-2 language codes existed. This protocol is not part of the UEFI
|
|
specification any longer. Unfortunately it is required to run the
|
|
UEFI Self Certification Test (SCT) II, version 2.6, 2017.
|
|
|
|
Choose this option for testing only. It is bound to be removed.
|
|
|
|
endif
|
|
|
|
config EFI_LOADER_BOUNCE_BUFFER
|
|
bool "EFI Applications use bounce buffers for DMA operations"
|
|
depends on ARM64
|
|
default n
|
|
help
|
|
Some hardware does not support DMA to full 64bit addresses. For this
|
|
hardware we can create a bounce buffer so that payloads don't have to
|
|
worry about platform details.
|
|
|
|
config EFI_PLATFORM_LANG_CODES
|
|
string "Language codes supported by firmware"
|
|
default "en-US"
|
|
help
|
|
This value is used to initialize the PlatformLangCodes variable. Its
|
|
value is a semicolon (;) separated list of language codes in native
|
|
RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
|
|
to initialize the PlatformLang variable.
|
|
|
|
config EFI_HAVE_RUNTIME_RESET
|
|
# bool "Reset runtime service is available"
|
|
bool
|
|
default y
|
|
depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || SYSRESET_X86
|
|
|
|
config EFI_GRUB_ARM32_WORKAROUND
|
|
bool "Workaround for GRUB on 32bit ARM"
|
|
default n if ARCH_QEMU
|
|
default y
|
|
depends on ARM && !ARM64
|
|
help
|
|
GRUB prior to version 2.04 requires U-Boot to disable caches. This
|
|
workaround currently is also needed on systems with caches that
|
|
cannot be managed via CP15.
|
|
|
|
config EFI_RNG_PROTOCOL
|
|
bool "EFI_RNG_PROTOCOL support"
|
|
depends on DM_RNG
|
|
default y
|
|
help
|
|
Provide a EFI_RNG_PROTOCOL implementation using the hardware random
|
|
number generator of the platform.
|
|
|
|
config EFI_TCG2_PROTOCOL
|
|
bool "EFI_TCG2_PROTOCOL support"
|
|
depends on TPM_V2
|
|
help
|
|
Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
|
|
of the platform.
|
|
|
|
config EFI_LOAD_FILE2_INITRD
|
|
bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
|
|
default n
|
|
help
|
|
Expose a EFI_FILE_LOAD2_PROTOCOL that the Linux UEFI stub can
|
|
use to load the initial ramdisk. Once this is enabled using
|
|
initrd=<ramdisk> will stop working.
|
|
|
|
config EFI_INITRD_FILESPEC
|
|
string "initramfs path"
|
|
default "host 0:1 initrd"
|
|
depends on EFI_LOAD_FILE2_INITRD
|
|
help
|
|
Full path of the initramfs file, e.g. mmc 0:2 initramfs.cpio.gz.
|
|
|
|
config EFI_SECURE_BOOT
|
|
bool "Enable EFI secure boot support"
|
|
depends on EFI_LOADER
|
|
select SHA256
|
|
select RSA
|
|
select RSA_VERIFY_WITH_PKEY
|
|
select IMAGE_SIGN_INFO
|
|
select ASYMMETRIC_KEY_TYPE
|
|
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
select X509_CERTIFICATE_PARSER
|
|
select PKCS7_MESSAGE_PARSER
|
|
select PKCS7_VERIFY
|
|
default n
|
|
help
|
|
Select this option to enable EFI secure boot support.
|
|
Once SecureBoot mode is enforced, any EFI binary can run only if
|
|
it is signed with a trusted key. To do that, you need to install,
|
|
at least, PK, KEK and db.
|
|
|
|
endif
|