2 bool "Support running UEFI applications"
3 depends on OF_LIBFDT && ( \
4 ARM && (SYS_CPU = arm1136 || \
8 X86 || RISCV || SANDBOX)
9 # We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
10 depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
11 # We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
12 depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
15 default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
17 # We need to send DM events, dynamically, in the EFI block driver
25 imply USB_KEYBOARD_FN_KEYS
28 Select this option if you want to run UEFI applications (like GNU
29 GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
30 will expose the UEFI API to a loaded application, enabling it to
31 reuse U-Boot's device drivers.
35 config CMD_BOOTEFI_BOOTMGR
36 bool "UEFI Boot Manager"
38 select BOOTMETH_GLOBAL if BOOTSTD
40 Select this option if you want to select the UEFI binary to be booted
41 via UEFI variables Boot####, BootOrder, and BootNext. This enables the
42 'bootefi bootmgr' command.
45 prompt "Store for non-volatile UEFI variables"
46 default EFI_VARIABLE_FILE_STORE
48 Select where non-volatile UEFI variables shall be stored.
50 config EFI_VARIABLE_FILE_STORE
51 bool "Store non-volatile UEFI variables as file"
54 Select this option if you want non-volatile UEFI variables to be
55 stored as file /ubootefi.var on the EFI system partition.
57 config EFI_MM_COMM_TEE
58 bool "UEFI variables storage service via the trusted world"
61 Allowing access to the MM SP services (SPs such as StandAlonneMM, smm-gateway).
62 When using the u-boot OP-TEE driver, StandAlonneMM is supported.
63 When using the u-boot FF-A driver any MM SP is supported.
65 If OP-TEE is present and running StandAloneMM, dispatch all UEFI
66 variable related operations to that. The application will verify,
67 authenticate and store the variables on an RPMB.
69 When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related
70 operations to the MM SP running in the secure world.
71 A door bell mechanism is used to notify the SP when there is data in the shared
72 MM buffer. The data is copied by u-boot to the shared buffer before issuing
75 config FFA_SHARED_MM_BUF_SIZE
76 int "Memory size of the shared MM communication buffer"
77 depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
79 This defines the size in bytes of the memory area reserved for the shared
80 buffer used for communication between the MM feature in U-Boot and
81 the MM SP in secure world.
82 The size of the memory region must be a multiple of the size of the maximum
83 translation granule size that is specified in the ID_AA64MMFR0_EL1 System register.
84 It is assumed that the MM SP knows the size of the shared MM communication buffer.
86 config FFA_SHARED_MM_BUF_OFFSET
87 int "Data offset in the shared MM communication buffer"
88 depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
90 This defines the offset in bytes of the data read or written to in the shared
93 config FFA_SHARED_MM_BUF_ADDR
94 hex "Define the address of the shared MM communication buffer"
95 depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
97 This defines the address of the shared MM communication buffer
98 used for communication between the MM feature in U-Boot and
99 the MM SP in secure world.
100 It is assumed that the MM SP knows the address of the shared MM communication buffer.
102 config EFI_VARIABLE_NO_STORE
103 bool "Don't persist non-volatile UEFI variables"
105 If you choose this option, non-volatile variables cannot be persisted.
106 You could still provide non-volatile variables via
107 EFI_VARIABLES_PRESEED.
111 config EFI_VARIABLES_PRESEED
112 bool "Initial values for UEFI variables"
113 depends on !EFI_MM_COMM_TEE
115 Include a file with the initial values for non-volatile UEFI variables
116 into the U-Boot binary. If this configuration option is set, changes
117 to authentication related variables (PK, KEK, db, dbx) are not
120 if EFI_VARIABLES_PRESEED
122 config EFI_VAR_SEED_FILE
123 string "File with initial values of non-volatile UEFI variables"
126 File with initial values of non-volatile UEFI variables. The file must
127 be in the same format as the storage in the EFI system partition. The
128 easiest way to create it is by setting the non-volatile variables in
129 U-Boot. If a relative file path is used, it is relative to the source
134 config EFI_VAR_BUF_SIZE
135 int "Memory size of the UEFI variable store"
136 default 16384 if EFI_MM_COMM_TEE
138 range 4096 2147483647
140 This defines the size in bytes of the memory area reserved for keeping
143 When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) this value should
144 match the value of PcdFlashNvStorageVariableSize used to compile the
147 Minimum 4096, default 65536, or 16384 when using StandAloneMM.
150 bool "GetTime() runtime service"
154 Provide the GetTime() runtime service at boottime. This service
155 can be used by an EFI application to read the real time clock.
158 bool "SetTime() runtime service"
159 depends on EFI_GET_TIME
160 default y if ARCH_QEMU || SANDBOX
162 Provide the SetTime() runtime service at boottime. This service
163 can be used by an EFI application to adjust the real time clock.
165 config EFI_SCROLL_ON_CLEAR_SCREEN
166 bool "Avoid overwriting previous output on clear screen"
168 Instead of erasing the screen content when the console screen should
169 be cleared, emit blank new lines so that previous output is scrolled
170 out of sight rather than overwritten. On serial consoles this allows
171 to capture complete boot logs (except for interactive menus etc.)
172 and can ease debugging related issues.
174 config EFI_HAVE_CAPSULE_SUPPORT
177 config EFI_RUNTIME_UPDATE_CAPSULE
178 bool "UpdateCapsule() runtime service"
179 select EFI_HAVE_CAPSULE_SUPPORT
181 Select this option if you want to use UpdateCapsule and
182 QueryCapsuleCapabilities API's.
184 config EFI_CAPSULE_ON_DISK
185 bool "Enable capsule-on-disk support"
187 select EFI_HAVE_CAPSULE_SUPPORT
189 Select this option if you want to use capsule-on-disk feature,
190 that is, capsules can be fetched and executed from files
191 under a specific directory on UEFI system partition instead of
192 via UpdateCapsule API.
194 config EFI_IGNORE_OSINDICATIONS
195 bool "Ignore OsIndications for CapsuleUpdate on-disk"
196 depends on EFI_CAPSULE_ON_DISK
198 There are boards where U-Boot does not support SetVariable at runtime.
199 Select this option if you want to use the capsule-on-disk feature
200 without setting the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
201 flag in variable OsIndications.
203 config EFI_CAPSULE_ON_DISK_EARLY
204 bool "Initiate capsule-on-disk at U-Boot boottime"
205 depends on EFI_CAPSULE_ON_DISK
207 Normally, without this option enabled, capsules will be
208 executed only at the first time of invoking one of efi command.
209 If this option is enabled, capsules will be enforced to be
210 executed as part of U-Boot initialisation so that they will
211 surely take place whatever is set to distro_bootcmd.
213 config EFI_CAPSULE_FIRMWARE
216 config EFI_CAPSULE_FIRMWARE_MANAGEMENT
217 bool "Capsule: Firmware Management Protocol"
218 depends on EFI_HAVE_CAPSULE_SUPPORT
221 Select this option if you want to enable capsule-based
222 firmware update using Firmware Management Protocol.
224 config EFI_CAPSULE_FIRMWARE_FIT
225 bool "FMP driver for FIT images"
227 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
230 select SET_DFU_ALT_INFO
231 select EFI_CAPSULE_FIRMWARE
233 Select this option if you want to enable firmware management protocol
236 config EFI_CAPSULE_FIRMWARE_RAW
237 bool "FMP driver for raw images"
238 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
239 depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
242 select SET_DFU_ALT_INFO
243 select EFI_CAPSULE_FIRMWARE
245 Select this option if you want to enable firmware management protocol
248 config EFI_CAPSULE_AUTHENTICATE
249 bool "Update Capsule authentication"
250 depends on EFI_CAPSULE_FIRMWARE
251 depends on EFI_CAPSULE_ON_DISK
252 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
257 select RSA_VERIFY_WITH_PKEY
258 select X509_CERTIFICATE_PARSER
259 select PKCS7_MESSAGE_PARSER
261 select IMAGE_SIGN_INFO
262 select EFI_SIGNATURE_SUPPORT
264 Select this option if you want to enable capsule
267 config EFI_CAPSULE_MAX
268 int "Max value for capsule index"
272 Select the max capsule index value used for capsule report
273 variables. This value is used to create CapsuleMax variable.
275 config EFI_DEVICE_PATH_TO_TEXT
276 bool "Device path to text protocol"
279 The device path to text protocol converts device nodes and paths to
280 human readable strings.
282 config EFI_DEVICE_PATH_UTIL
283 bool "Device path utilities protocol"
286 The device path utilities protocol creates and manipulates device
287 paths and device nodes. It is required to run the EFI Shell.
290 bool "Device tree fixup protocol"
291 depends on !GENERATE_ACPI_TABLE
294 The EFI device-tree fix-up protocol provides a function to let the
295 firmware apply fix-ups. This may be used by boot loaders.
297 config EFI_LOADER_HII
301 The Human Interface Infrastructure is a complicated framework that
302 allows UEFI applications to draw fancy menus and hook strings using
303 a translation framework.
305 U-Boot implements enough of its features to be able to run the UEFI
306 Shell, but not more than that.
308 config EFI_UNICODE_COLLATION_PROTOCOL2
309 bool "Unicode collation protocol"
312 The Unicode collation protocol is used for lexical comparisons. It is
313 required to run the UEFI shell.
315 if EFI_UNICODE_COLLATION_PROTOCOL2
317 config EFI_UNICODE_CAPITALIZATION
318 bool "Support Unicode capitalization"
321 Select this option to enable correct handling of the capitalization of
322 Unicode codepoints in the range 0x0000-0xffff. If this option is not
323 set, only the the correct handling of the letters of the codepage
324 used by the FAT file system is ensured.
328 config EFI_LOADER_BOUNCE_BUFFER
329 bool "EFI Applications use bounce buffers for DMA operations"
332 Some hardware does not support DMA to full 64bit addresses. For this
333 hardware we can create a bounce buffer so that payloads don't have to
334 worry about platform details.
336 config EFI_PLATFORM_LANG_CODES
337 string "Language codes supported by firmware"
340 This value is used to initialize the PlatformLangCodes variable. Its
341 value is a semicolon (;) separated list of language codes in native
342 RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
343 to initialize the PlatformLang variable.
345 config EFI_HAVE_RUNTIME_RESET
346 # bool "Reset runtime service is available"
349 depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
350 SANDBOX || SYSRESET_X86
352 config EFI_GRUB_ARM32_WORKAROUND
353 bool "Workaround for GRUB on 32bit ARM"
354 default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
356 depends on ARM && !ARM64
358 GRUB prior to version 2.04 requires U-Boot to disable caches. This
359 workaround currently is also needed on systems with caches that
360 cannot be managed via CP15.
362 config EFI_RNG_PROTOCOL
363 bool "EFI_RNG_PROTOCOL support"
367 Provide a EFI_RNG_PROTOCOL implementation using the hardware random
368 number generator of the platform.
370 config EFI_TCG2_PROTOCOL
371 bool "EFI_TCG2_PROTOCOL support"
374 # Sandbox TPM currently fails on GetCapabilities needed for TCG2
383 Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
386 config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
387 int "EFI_TCG2_PROTOCOL EventLog size"
388 depends on EFI_TCG2_PROTOCOL
391 Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
392 this is going to be allocated twice. One for the eventlog it self
393 and one for the configuration table that is required from the spec
395 config EFI_TCG2_PROTOCOL_MEASURE_DTB
396 bool "Measure DTB with EFI_TCG2_PROTOCOL"
397 depends on EFI_TCG2_PROTOCOL
399 When enabled, the DTB image passed to the booted EFI image is
400 measured using the EFI TCG2 protocol. Do not enable this feature if
401 the passed DTB contains data that change across platform reboots
402 and cannot be used has a predictable measurement. Otherwise
403 this feature allows better measurement of the system boot
406 config EFI_LOAD_FILE2_INITRD
407 bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
410 Linux v5.7 and later can make use of this option. If the boot option
411 selected by the UEFI boot manager specifies an existing file to be used
412 as initial RAM disk, a Linux specific Load File2 protocol will be
413 installed and Linux 5.7+ will ignore any initrd=<ramdisk> command line
416 config EFI_SECURE_BOOT
417 bool "Enable EFI secure boot support"
418 depends on EFI_LOADER && FIT_SIGNATURE
422 select RSA_VERIFY_WITH_PKEY
423 select IMAGE_SIGN_INFO
424 select ASYMMETRIC_KEY_TYPE
425 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
426 select X509_CERTIFICATE_PARSER
427 select PKCS7_MESSAGE_PARSER
430 select EFI_SIGNATURE_SUPPORT
432 Select this option to enable EFI secure boot support.
433 Once SecureBoot mode is enforced, any EFI binary can run only if
434 it is signed with a trusted key. To do that, you need to install,
435 at least, PK, KEK and db.
437 config EFI_SIGNATURE_SUPPORT
441 bool "Enable the UEFI ESRT generation"
442 depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
445 Enabling this option creates the ESRT UEFI system table.
448 bool "Enable the UEFI ECPT generation"
451 Enabling this option created the ECPT UEFI table.
453 config EFI_EBBR_2_1_CONFORMANCE
454 bool "Add the EBBRv2.1 conformance entry to the ECPT table"
456 depends on EFI_LOADER_HII
457 depends on EFI_RISCV_BOOT_PROTOCOL || !RISCV
458 depends on EFI_RNG_PROTOCOL || !DM_RNG
459 depends on EFI_UNICODE_COLLATION_PROTOCOL2
462 Enabling this option adds the EBBRv2.1 conformance entry to the ECPT UEFI table.
464 config EFI_RISCV_BOOT_PROTOCOL
465 bool "RISCV_EFI_BOOT_PROTOCOL support"
469 The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
470 to the next boot stage. It should be enabled as it is meant to
471 replace the transfer via the device-tree. The latter is not
472 possible on systems using ACPI.