X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=lib%2Fefi_loader%2FKconfig;h=6c9df3a767637fccbd16a246a425c74a4451bc3c;hb=93f6201af71d9a0a521c99212e6066778270a357;hp=7984d6f42d452e7662d165bc527ca33ba4f93852;hpb=99f9682cae45604ed3ad923cf2caa8fdd0e273e3;p=platform%2Fkernel%2Fu-boot.git diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 7984d6f..6c9df3a 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -10,11 +10,15 @@ config EFI_LOADER depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT # We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT - default y + default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8 select LIB_UUID select HAVE_BLOCK_DEVICE select REGEX imply CFB_CONSOLE_ANSI + imply FAT + imply FAT_WRITE + imply USB_KEYBOARD_FN_KEYS + imply VIDEO_ANSI help Select this option if you want to run UEFI applications (like GNU GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot @@ -120,4 +124,55 @@ config EFI_GRUB_ARM32_WORKAROUND GRUB prior to version 2.04 requires U-Boot to disable caches. This workaround currently is also needed on systems with caches that cannot be managed via CP15. + +config EFI_RNG_PROTOCOL + bool "EFI_RNG_PROTOCOL support" + depends on DM_RNG + default y + help + Provide a EFI_RNG_PROTOCOL implementation using the hardware random + number generator of the platform. + +config EFI_LOAD_FILE2_INITRD + bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk" + default n + help + Expose a EFI_FILE_LOAD2_PROTOCOL that the Linux UEFI stub can + use to load the initial ramdisk. Once this is enabled using + initrd= will stop working. + +config EFI_INITRD_FILESPEC + string "initramfs path" + default "host 0:1 initrd" + depends on EFI_LOAD_FILE2_INITRD + help + Full path of the initramfs file, e.g. mmc 0:2 initramfs.cpio.gz. + +config EFI_SECURE_BOOT + bool "Enable EFI secure boot support" + depends on EFI_LOADER + select SHA256 + select RSA + select RSA_VERIFY_WITH_PKEY + select IMAGE_SIGN_INFO + select ASYMMETRIC_KEY_TYPE + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select X509_CERTIFICATE_PARSER + select PKCS7_MESSAGE_PARSER + default n + help + Select this option to enable EFI secure boot support. + Once SecureBoot mode is enforced, any EFI binary can run only if + it is signed with a trusted key. To do that, you need to install, + at least, PK, KEK and db. + +config EFI_MM_COMM_TEE + bool "UEFI variables storage service via OP-TEE" + depends on OPTEE + default n + help + If OP-TEE is present and running StandAloneMM, dispatch all UEFI variable + related operations to that. The application will verify, authenticate and + store the variables on an RPMB. + endif