2 bool "Support running UEFI applications"
3 depends on OF_LIBFDT && ( \
4 ARM && (SYS_CPU = arm1136 || \
8 X86 || RISCV || SANDBOX)
9 # We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
10 depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
11 # We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
12 depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
13 default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
15 select HAVE_BLOCK_DEVICE
17 imply CFB_CONSOLE_ANSI
20 imply USB_KEYBOARD_FN_KEYS
23 Select this option if you want to run UEFI applications (like GNU
24 GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
25 will expose the UEFI API to a loaded application, enabling it to
26 reuse U-Boot's device drivers.
31 prompt "Store for non-volatile UEFI variables"
32 default EFI_VARIABLE_FILE_STORE
34 Select where non-volatile UEFI variables shall be stored.
36 config EFI_VARIABLE_FILE_STORE
37 bool "Store non-volatile UEFI variables as file"
40 Select this option if you want non-volatile UEFI variables to be
41 stored as file /ubootefi.var on the EFI system partition.
43 config EFI_MM_COMM_TEE
44 bool "UEFI variables storage service via OP-TEE"
47 If OP-TEE is present and running StandAloneMM, dispatch all UEFI
48 variable related operations to that. The application will verify,
49 authenticate and store the variables on an RPMB.
53 config EFI_VARIABLES_PRESEED
54 bool "Initial values for UEFI variables"
55 depends on EFI_VARIABLE_FILE_STORE
57 Include a file with the initial values for non-volatile UEFI variables
58 into the U-Boot binary. If this configuration option is set, changes
59 to authentication related variables (PK, KEK, db, dbx) are not
62 if EFI_VARIABLES_PRESEED
64 config EFI_VAR_SEED_FILE
65 string "File with initial values of non-volatile UEFI variables"
68 File with initial values of non-volatile UEFI variables. The file must
69 be in the same format as the storage in the EFI system partition. The
70 easiest way to create it is by setting the non-volatile variables in
71 U-Boot. If a relative file path is used, it is relative to the source
77 bool "GetTime() runtime service"
81 Provide the GetTime() runtime service at boottime. This service
82 can be used by an EFI application to read the real time clock.
85 bool "SetTime() runtime service"
86 depends on EFI_GET_TIME
89 Provide the SetTime() runtime service at boottime. This service
90 can be used by an EFI application to adjust the real time clock.
92 config EFI_DEVICE_PATH_TO_TEXT
93 bool "Device path to text protocol"
96 The device path to text protocol converts device nodes and paths to
97 human readable strings.
103 The Human Interface Infrastructure is a complicated framework that
104 allows UEFI applications to draw fancy menus and hook strings using
105 a translation framework.
107 U-Boot implements enough of its features to be able to run the UEFI
108 Shell, but not more than that.
110 config EFI_UNICODE_COLLATION_PROTOCOL2
111 bool "Unicode collation protocol"
114 The Unicode collation protocol is used for lexical comparisons. It is
115 required to run the UEFI shell.
117 if EFI_UNICODE_COLLATION_PROTOCOL2
119 config EFI_UNICODE_CAPITALIZATION
120 bool "Support Unicode capitalization"
123 Select this option to enable correct handling of the capitalization of
124 Unicode codepoints in the range 0x0000-0xffff. If this option is not
125 set, only the the correct handling of the letters of the codepage
126 used by the FAT file system is ensured.
128 config EFI_UNICODE_COLLATION_PROTOCOL
129 bool "Deprecated version of the Unicode collation protocol"
132 In EFI 1.10 a version of the Unicode collation protocol using ISO
133 639-2 language codes existed. This protocol is not part of the UEFI
134 specification any longer. Unfortunately it is required to run the
135 UEFI Self Certification Test (SCT) II, version 2.6, 2017.
137 Choose this option for testing only. It is bound to be removed.
141 config EFI_LOADER_BOUNCE_BUFFER
142 bool "EFI Applications use bounce buffers for DMA operations"
146 Some hardware does not support DMA to full 64bit addresses. For this
147 hardware we can create a bounce buffer so that payloads don't have to
148 worry about platform details.
150 config EFI_PLATFORM_LANG_CODES
151 string "Language codes supported by firmware"
154 This value is used to initialize the PlatformLangCodes variable. Its
155 value is a semicolon (;) separated list of language codes in native
156 RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
157 to initialize the PlatformLang variable.
159 config EFI_HAVE_RUNTIME_RESET
160 # bool "Reset runtime service is available"
163 depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || SYSRESET_X86
165 config EFI_GRUB_ARM32_WORKAROUND
166 bool "Workaround for GRUB on 32bit ARM"
168 depends on ARM && !ARM64
170 GRUB prior to version 2.04 requires U-Boot to disable caches. This
171 workaround currently is also needed on systems with caches that
172 cannot be managed via CP15.
174 config EFI_RNG_PROTOCOL
175 bool "EFI_RNG_PROTOCOL support"
179 Provide a EFI_RNG_PROTOCOL implementation using the hardware random
180 number generator of the platform.
182 config EFI_LOAD_FILE2_INITRD
183 bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
186 Expose a EFI_FILE_LOAD2_PROTOCOL that the Linux UEFI stub can
187 use to load the initial ramdisk. Once this is enabled using
188 initrd=<ramdisk> will stop working.
190 config EFI_INITRD_FILESPEC
191 string "initramfs path"
192 default "host 0:1 initrd"
193 depends on EFI_LOAD_FILE2_INITRD
195 Full path of the initramfs file, e.g. mmc 0:2 initramfs.cpio.gz.
197 config EFI_SECURE_BOOT
198 bool "Enable EFI secure boot support"
199 depends on EFI_LOADER
202 select RSA_VERIFY_WITH_PKEY
203 select IMAGE_SIGN_INFO
204 select ASYMMETRIC_KEY_TYPE
205 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
206 select X509_CERTIFICATE_PARSER
207 select PKCS7_MESSAGE_PARSER
211 Select this option to enable EFI secure boot support.
212 Once SecureBoot mode is enforced, any EFI binary can run only if
213 it is signed with a trusted key. To do that, you need to install,
214 at least, PK, KEK and db.