X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=lib%2Fefi_loader%2FKconfig;h=6c9df3a767637fccbd16a246a425c74a4451bc3c;hb=93f6201af71d9a0a521c99212e6066778270a357;hp=9890144d4161117a4388c132acb0d515a2bcab6d;hpb=3e106f11b2c129b7ef26c3371984371e9919c66b;p=platform%2Fkernel%2Fu-boot.git

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 9890144..6c9df3a 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -15,6 +15,8 @@ config EFI_LOADER
 	select HAVE_BLOCK_DEVICE
 	select REGEX
 	imply CFB_CONSOLE_ANSI
+	imply FAT
+	imply FAT_WRITE
 	imply USB_KEYBOARD_FN_KEYS
 	imply VIDEO_ANSI
 	help
@@ -126,6 +128,7 @@ config EFI_GRUB_ARM32_WORKAROUND
 config EFI_RNG_PROTOCOL
 	bool "EFI_RNG_PROTOCOL support"
 	depends on DM_RNG
+	default y
 	help
 	  Provide a EFI_RNG_PROTOCOL implementation using the hardware random
 	  number generator of the platform.
@@ -145,4 +148,31 @@ config EFI_INITRD_FILESPEC
 	help
 	  Full path of the initramfs file, e.g. mmc 0:2 initramfs.cpio.gz.
 
+config EFI_SECURE_BOOT
+	bool "Enable EFI secure boot support"
+	depends on EFI_LOADER
+	select SHA256
+	select RSA
+	select RSA_VERIFY_WITH_PKEY
+	select IMAGE_SIGN_INFO
+	select ASYMMETRIC_KEY_TYPE
+	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+	select X509_CERTIFICATE_PARSER
+	select PKCS7_MESSAGE_PARSER
+	default n
+	help
+	  Select this option to enable EFI secure boot support.
+	  Once SecureBoot mode is enforced, any EFI binary can run only if
+	  it is signed with a trusted key. To do that, you need to install,
+	  at least, PK, KEK and db.
+
+config EFI_MM_COMM_TEE
+	bool "UEFI variables storage service via OP-TEE"
+	depends on OPTEE
+	default n
+	help
+	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI variable
+	  related operations to that. The application will verify, authenticate and
+	  store the variables on an RPMB.
+
 endif