+config EFI_HAVE_RUNTIME_RESET
+ # bool "Reset runtime service is available"
+ bool
+ default y
+ depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || SYSRESET_X86
+
+config EFI_GRUB_ARM32_WORKAROUND
+ bool "Workaround for GRUB on 32bit ARM"
+ default n if ARCH_QEMU
+ default y
+ depends on ARM && !ARM64
+ help
+ GRUB prior to version 2.04 requires U-Boot to disable caches. This
+ workaround currently is also needed on systems with caches that
+ cannot be managed via CP15.
+
+config EFI_RNG_PROTOCOL
+ bool "EFI_RNG_PROTOCOL support"
+ depends on DM_RNG
+ default y
+ help
+ Provide a EFI_RNG_PROTOCOL implementation using the hardware random
+ number generator of the platform.
+
+config EFI_TCG2_PROTOCOL
+ bool "EFI_TCG2_PROTOCOL support"
+ depends on TPM_V2
+ help
+ Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
+ of the platform.
+
+config EFI_LOAD_FILE2_INITRD
+ bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
+ default n
+ help
+ Expose a EFI_FILE_LOAD2_PROTOCOL that the Linux UEFI stub can
+ use to load the initial ramdisk. Once this is enabled using
+ initrd=<ramdisk> will stop working.
+
+config EFI_INITRD_FILESPEC
+ string "initramfs path"
+ default "host 0:1 initrd"
+ depends on EFI_LOAD_FILE2_INITRD
+ help
+ Full path of the initramfs file, e.g. mmc 0:2 initramfs.cpio.gz.
+
+config EFI_SECURE_BOOT
+ bool "Enable EFI secure boot support"
+ depends on EFI_LOADER
+ select SHA256
+ select RSA
+ select RSA_VERIFY_WITH_PKEY
+ select IMAGE_SIGN_INFO
+ select ASYMMETRIC_KEY_TYPE
+ select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select X509_CERTIFICATE_PARSER
+ select PKCS7_MESSAGE_PARSER
+ select PKCS7_VERIFY
+ default n
+ help
+ Select this option to enable EFI secure boot support.
+ Once SecureBoot mode is enforced, any EFI binary can run only if
+ it is signed with a trusted key. To do that, you need to install,
+ at least, PK, KEK and db.
+