[u-boot.git] / lib / efi_loader / Kconfig

config EFI_LOADER
	bool "Support running UEFI applications"
	depends on OF_LIBFDT && ( \
		ARM && (SYS_CPU = arm1136 || \
			SYS_CPU = arm1176 || \
			SYS_CPU = armv7   || \
			SYS_CPU = armv8)  || \
		X86 || RISCV || SANDBOX)
	# We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
	depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
	# We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
	depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
	depends on BLK
	depends on !EFI_APP
	default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
	select CHARSET
	# We need to send DM events, dynamically, in the EFI block driver
	select DM_EVENT
	select EVENT_DYNAMIC
	select LIB_UUID
	imply PARTITION_UUIDS
	select REGEX
	imply FAT
	imply FAT_WRITE
	imply USB_KEYBOARD_FN_KEYS
	imply VIDEO_ANSI
	help
	  Select this option if you want to run UEFI applications (like GNU
	  GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
	  will expose the UEFI API to a loaded application, enabling it to
	  reuse U-Boot's device drivers.

if EFI_LOADER

config CMD_BOOTEFI_BOOTMGR
	bool "UEFI Boot Manager"
	default y
	select BOOTMETH_GLOBAL if BOOTSTD
	help
	  Select this option if you want to select the UEFI binary to be booted
	  via UEFI variables Boot####, BootOrder, and BootNext. This enables the
	  'bootefi bootmgr' command.

choice
	prompt "Store for non-volatile UEFI variables"
	default EFI_VARIABLE_FILE_STORE
	help
	  Select where non-volatile UEFI variables shall be stored.

config EFI_VARIABLE_FILE_STORE
	bool "Store non-volatile UEFI variables as file"
	depends on FAT_WRITE
	help
	  Select this option if you want non-volatile UEFI variables to be
	  stored as file /ubootefi.var on the EFI system partition.

config EFI_MM_COMM_TEE
	bool "UEFI variables storage service via OP-TEE"
	depends on OPTEE
	help
	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI
	  variable related operations to that. The application will verify,
	  authenticate and store the variables on an RPMB.

config EFI_VARIABLE_NO_STORE
	bool "Don't persist non-volatile UEFI variables"
	help
	  If you choose this option, non-volatile variables cannot be persisted.
	  You could still provide non-volatile variables via
	  EFI_VARIABLES_PRESEED.

endchoice

config EFI_VARIABLES_PRESEED
	bool "Initial values for UEFI variables"
	depends on !EFI_MM_COMM_TEE
	help
	  Include a file with the initial values for non-volatile UEFI variables
	  into the U-Boot binary. If this configuration option is set, changes
	  to authentication related variables (PK, KEK, db, dbx) are not
	  allowed.

if EFI_VARIABLES_PRESEED

config EFI_VAR_SEED_FILE
	string "File with initial values of non-volatile UEFI variables"
	default ubootefi.var
	help
	  File with initial values of non-volatile UEFI variables. The file must
	  be in the same format as the storage in the EFI system partition. The
	  easiest way to create it is by setting the non-volatile variables in
	  U-Boot. If a relative file path is used, it is relative to the source
	  directory.

endif

config EFI_VAR_BUF_SIZE
	int "Memory size of the UEFI variable store"
	default 16384
	range 4096 2147483647
	help
	  This defines the size in bytes of the memory area reserved for keeping
	  UEFI variables.

	  When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) this value should
	  match the value of PcdFlashNvStorageVariableSize used to compile the
	  StandAloneMM module.

	  Minimum 4096, default 16384.

config EFI_GET_TIME
	bool "GetTime() runtime service"
	depends on DM_RTC
	default y
	help
	  Provide the GetTime() runtime service at boottime. This service
	  can be used by an EFI application to read the real time clock.

config EFI_SET_TIME
	bool "SetTime() runtime service"
	depends on EFI_GET_TIME
	default y if ARCH_QEMU || SANDBOX
	help
	  Provide the SetTime() runtime service at boottime. This service
	  can be used by an EFI application to adjust the real time clock.

config EFI_HAVE_CAPSULE_SUPPORT
	bool

config EFI_RUNTIME_UPDATE_CAPSULE
	bool "UpdateCapsule() runtime service"
	select EFI_HAVE_CAPSULE_SUPPORT
	help
	  Select this option if you want to use UpdateCapsule and
	  QueryCapsuleCapabilities API's.

config EFI_CAPSULE_ON_DISK
	bool "Enable capsule-on-disk support"
	depends on SYSRESET
	select EFI_HAVE_CAPSULE_SUPPORT
	help
	  Select this option if you want to use capsule-on-disk feature,
	  that is, capsules can be fetched and executed from files
	  under a specific directory on UEFI system partition instead of
	  via UpdateCapsule API.

config EFI_IGNORE_OSINDICATIONS
	bool "Ignore OsIndications for CapsuleUpdate on-disk"
	depends on EFI_CAPSULE_ON_DISK
	help
	  There are boards where U-Boot does not support SetVariable at runtime.
	  Select this option if you want to use the capsule-on-disk feature
	  without setting the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
	  flag in variable OsIndications.

config EFI_CAPSULE_ON_DISK_EARLY
	bool "Initiate capsule-on-disk at U-Boot boottime"
	depends on EFI_CAPSULE_ON_DISK
	help
	  Normally, without this option enabled, capsules will be
	  executed only at the first time of invoking one of efi command.
	  If this option is enabled, capsules will be enforced to be
	  executed as part of U-Boot initialisation so that they will
	  surely take place whatever is set to distro_bootcmd.

config EFI_CAPSULE_FIRMWARE
	bool

config EFI_CAPSULE_FIRMWARE_MANAGEMENT
	bool "Capsule: Firmware Management Protocol"
	depends on EFI_HAVE_CAPSULE_SUPPORT
	default y
	help
	  Select this option if you want to enable capsule-based
	  firmware update using Firmware Management Protocol.

config EFI_CAPSULE_FIRMWARE_FIT
	bool "FMP driver for FIT images"
	depends on FIT
	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
	select UPDATE_FIT
	select DFU
	select SET_DFU_ALT_INFO
	select EFI_CAPSULE_FIRMWARE
	help
	  Select this option if you want to enable firmware management protocol
	  driver for FIT image

config EFI_CAPSULE_FIRMWARE_RAW
	bool "FMP driver for raw images"
	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
	depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
	select DFU_WRITE_ALT
	select DFU
	select SET_DFU_ALT_INFO
	select EFI_CAPSULE_FIRMWARE
	help
	  Select this option if you want to enable firmware management protocol
	  driver for raw image

config EFI_CAPSULE_AUTHENTICATE
	bool "Update Capsule authentication"
	depends on EFI_CAPSULE_FIRMWARE
	depends on EFI_CAPSULE_ON_DISK
	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
	select HASH
	select SHA256
	select RSA
	select RSA_VERIFY
	select RSA_VERIFY_WITH_PKEY
	select X509_CERTIFICATE_PARSER
	select PKCS7_MESSAGE_PARSER
	select PKCS7_VERIFY
	select IMAGE_SIGN_INFO
	select EFI_SIGNATURE_SUPPORT
	help
	  Select this option if you want to enable capsule
	  authentication

config EFI_DEVICE_PATH_TO_TEXT
	bool "Device path to text protocol"
	default y
	help
	  The device path to text protocol converts device nodes and paths to
	  human readable strings.

config EFI_DEVICE_PATH_UTIL
	bool "Device path utilities protocol"
	default y
	help
	  The device path utilities protocol creates and manipulates device
	  paths and device nodes. It is required to run the EFI Shell.

config EFI_DT_FIXUP
	bool "Device tree fixup protocol"
	depends on !GENERATE_ACPI_TABLE
	default y
	help
	  The EFI device-tree fix-up protocol provides a function to let the
	  firmware apply fix-ups. This may be used by boot loaders.

config EFI_LOADER_HII
	bool "HII protocols"
	default y
	help
	  The Human Interface Infrastructure is a complicated framework that
	  allows UEFI applications to draw fancy menus and hook strings using
	  a translation framework.

	  U-Boot implements enough of its features to be able to run the UEFI
	  Shell, but not more than that.

config EFI_UNICODE_COLLATION_PROTOCOL2
	bool "Unicode collation protocol"
	default y
	help
	  The Unicode collation protocol is used for lexical comparisons. It is
	  required to run the UEFI shell.

if EFI_UNICODE_COLLATION_PROTOCOL2

config EFI_UNICODE_CAPITALIZATION
	bool "Support Unicode capitalization"
	default y
	help
	  Select this option to enable correct handling of the capitalization of
	  Unicode codepoints in the range 0x0000-0xffff. If this option is not
	  set, only the the correct handling of the letters of the codepage
	  used by the FAT file system is ensured.

endif

config EFI_LOADER_BOUNCE_BUFFER
	bool "EFI Applications use bounce buffers for DMA operations"
	depends on ARM64
	help
	  Some hardware does not support DMA to full 64bit addresses. For this
	  hardware we can create a bounce buffer so that payloads don't have to
	  worry about platform details.

config EFI_PLATFORM_LANG_CODES
	string "Language codes supported by firmware"
	default "en-US"
	help
	  This value is used to initialize the PlatformLangCodes variable. Its
	  value is a semicolon (;) separated list of language codes in native
	  RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
	  to initialize the PlatformLang variable.

config EFI_HAVE_RUNTIME_RESET
	# bool "Reset runtime service is available"
	bool
	default y
	depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
		   SANDBOX || SYSRESET_X86

config EFI_GRUB_ARM32_WORKAROUND
	bool "Workaround for GRUB on 32bit ARM"
	default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
	default y
	depends on ARM && !ARM64
	help
	  GRUB prior to version 2.04 requires U-Boot to disable caches. This
	  workaround currently is also needed on systems with caches that
	  cannot be managed via CP15.

config EFI_RNG_PROTOCOL
	bool "EFI_RNG_PROTOCOL support"
	depends on DM_RNG
	default y
	help
	  Provide a EFI_RNG_PROTOCOL implementation using the hardware random
	  number generator of the platform.

config EFI_TCG2_PROTOCOL
	bool "EFI_TCG2_PROTOCOL support"
	default y
	depends on TPM_V2
	# Sandbox TPM currently fails on GetCapabilities needed for TCG2
	depends on !SANDBOX
	select SHA1
	select SHA256
	select SHA384
	select SHA512
	select HASH
	select SMBIOS_PARSER
	help
	  Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
	  of the platform.

config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
	int "EFI_TCG2_PROTOCOL EventLog size"
	depends on EFI_TCG2_PROTOCOL
	default 65536
	help
		Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
		this is going to be allocated twice. One for the eventlog it self
		and one for the configuration table that is required from the spec

config EFI_LOAD_FILE2_INITRD
	bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
	default y
	help
	  Linux v5.7 and later can make use of this option. If the boot option
	  selected by the UEFI boot manager specifies an existing file to be used
	  as initial RAM disk, a Linux specific Load File2 protocol will be
	  installed and Linux 5.7+ will ignore any initrd=<ramdisk> command line
	  argument.

config EFI_SECURE_BOOT
	bool "Enable EFI secure boot support"
	depends on EFI_LOADER && FIT_SIGNATURE
	select HASH
	select SHA256
	select RSA
	select RSA_VERIFY_WITH_PKEY
	select IMAGE_SIGN_INFO
	select ASYMMETRIC_KEY_TYPE
	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select X509_CERTIFICATE_PARSER
	select PKCS7_MESSAGE_PARSER
	select PKCS7_VERIFY
	select MSCODE_PARSER
	select EFI_SIGNATURE_SUPPORT
	help
	  Select this option to enable EFI secure boot support.
	  Once SecureBoot mode is enforced, any EFI binary can run only if
	  it is signed with a trusted key. To do that, you need to install,
	  at least, PK, KEK and db.

config EFI_SIGNATURE_SUPPORT
	bool

config EFI_ESRT
	bool "Enable the UEFI ESRT generation"
	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
	default y
	help
	  Enabling this option creates the ESRT UEFI system table.

config EFI_ECPT
	bool "Enable the UEFI ECPT generation"
	default y
	help
	  Enabling this option created the ECPT UEFI table.

config EFI_EBBR_2_1_CONFORMANCE
	bool "Add the EBBRv2.1 conformance entry to the ECPT table"
	depends on EFI_ECPT
	depends on EFI_LOADER_HII
	depends on EFI_RISCV_BOOT_PROTOCOL || !RISCV
	depends on EFI_RNG_PROTOCOL || !DM_RNG
	depends on EFI_UNICODE_COLLATION_PROTOCOL2
	default y
	help
	  Enabling this option adds the EBBRv2.1 conformance entry to the ECPT UEFI table.

config EFI_RISCV_BOOT_PROTOCOL
	bool "RISCV_EFI_BOOT_PROTOCOL support"
	default y
	depends on RISCV
	help
	  The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
	  to the next boot stage. It should be enabled as it is meant to
	  replace the transfer via the device-tree. The latter is not
	  possible on systems using ACPI.

endif
Commit	Line	Data
ed980b8c	1	config EFI_LOADER
9363fd22	2	bool "Support running UEFI applications"
b20bb09b	3	depends on OF_LIBFDT && ( \
38064ee0 HS	4	ARM && (SYS_CPU = arm1136 \|\| \
	5	SYS_CPU = arm1176 \|\| \
	6	SYS_CPU = armv7 \|\| \
	7	SYS_CPU = armv8) \|\| \
b20bb09b	8	X86 \|\| RISCV \|\| SANDBOX)
6698bb34 AG	9	# We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
	10	depends on !EFI_STUB \|\| !X86_64 \|\| EFI_STUB_64BIT
	11	# We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
	12	depends on !EFI_STUB \|\| !X86 \|\| X86_64 \|\| EFI_STUB_32BIT
6919619f	13	depends on BLK
e16c47fa	14	depends on !EFI_APP
b7cdecfc	15	default y if !ARM \|\| SYS_CPU = armv7 \|\| SYS_CPU = armv8
d30924f1	16	select CHARSET
448e2b63	17	# We need to send DM events, dynamically, in the EFI block driver
a9bf024b AT	18	select DM_EVENT
a9bf024b AT	19	select EVENT_DYNAMIC
a451bc27	20	select LIB_UUID
7a06fd75	21	imply PARTITION_UUIDS
dba51480	22	select REGEX
93f6201a HS	23	imply FAT
93f6201a HS	24	imply FAT_WRITE
8876e1bc	25	imply USB_KEYBOARD_FN_KEYS
faadc041	26	imply VIDEO_ANSI
ed980b8c	27	help
9363fd22 HS	28	Select this option if you want to run UEFI applications (like GNU
	29	GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
	30	will expose the UEFI API to a loaded application, enabling it to
	31	reuse U-Boot's device drivers.
51735ae0	32
5684c8d1 HS	33	if EFI_LOADER
5684c8d1 HS	34
ff2f532f HS	35	config CMD_BOOTEFI_BOOTMGR
	36	bool "UEFI Boot Manager"
	37	default y
bc06aa03	38	select BOOTMETH_GLOBAL if BOOTSTD
ff2f532f HS	39	help
	40	Select this option if you want to select the UEFI binary to be booted
	41	via UEFI variables Boot####, BootOrder, and BootNext. This enables the
	42	'bootefi bootmgr' command.
	43
be66b89d HS	44	choice
	45	prompt "Store for non-volatile UEFI variables"
	46	default EFI_VARIABLE_FILE_STORE
	47	help
	48	Select where non-volatile UEFI variables shall be stored.
	49
5f7dcf07 HS	50	config EFI_VARIABLE_FILE_STORE
	51	bool "Store non-volatile UEFI variables as file"
	52	depends on FAT_WRITE
5f7dcf07	53	help
be66b89d HS	54	Select this option if you want non-volatile UEFI variables to be
	55	stored as file /ubootefi.var on the EFI system partition.
	56
	57	config EFI_MM_COMM_TEE
	58	bool "UEFI variables storage service via OP-TEE"
	59	depends on OPTEE
	60	help
	61	If OP-TEE is present and running StandAloneMM, dispatch all UEFI
	62	variable related operations to that. The application will verify,
	63	authenticate and store the variables on an RPMB.
	64
f2288a26 TS	65	config EFI_VARIABLE_NO_STORE
	66	bool "Don't persist non-volatile UEFI variables"
	67	help
	68	If you choose this option, non-volatile variables cannot be persisted.
	69	You could still provide non-volatile variables via
	70	EFI_VARIABLES_PRESEED.
	71
be66b89d	72	endchoice
5f7dcf07	73
7dda1634 HS	74	config EFI_VARIABLES_PRESEED
7dda1634 HS	75	bool "Initial values for UEFI variables"
f2288a26	76	depends on !EFI_MM_COMM_TEE
7dda1634 HS	77	help
	78	Include a file with the initial values for non-volatile UEFI variables
	79	into the U-Boot binary. If this configuration option is set, changes
	80	to authentication related variables (PK, KEK, db, dbx) are not
	81	allowed.
	82
	83	if EFI_VARIABLES_PRESEED
	84
	85	config EFI_VAR_SEED_FILE
	86	string "File with initial values of non-volatile UEFI variables"
	87	default ubootefi.var
	88	help
	89	File with initial values of non-volatile UEFI variables. The file must
	90	be in the same format as the storage in the EFI system partition. The
	91	easiest way to create it is by setting the non-volatile variables in
	92	U-Boot. If a relative file path is used, it is relative to the source
	93	directory.
	94
	95	endif
	96
c0c21d67 HS	97	config EFI_VAR_BUF_SIZE
	98	int "Memory size of the UEFI variable store"
	99	default 16384
	100	range 4096 2147483647
	101	help
	102	This defines the size in bytes of the memory area reserved for keeping
	103	UEFI variables.
	104
	105	When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) this value should
	106	match the value of PcdFlashNvStorageVariableSize used to compile the
	107	StandAloneMM module.
	108
	109	Minimum 4096, default 16384.
	110
5ec48e38 HS	111	config EFI_GET_TIME
	112	bool "GetTime() runtime service"
	113	depends on DM_RTC
	114	default y
	115	help
	116	Provide the GetTime() runtime service at boottime. This service
	117	can be used by an EFI application to read the real time clock.
	118
	119	config EFI_SET_TIME
	120	bool "SetTime() runtime service"
	121	depends on EFI_GET_TIME
31cadc36	122	default y if ARCH_QEMU \|\| SANDBOX
5ec48e38 HS	123	help
	124	Provide the SetTime() runtime service at boottime. This service
	125	can be used by an EFI application to adjust the real time clock.
	126
2bc27ca8 AT	127	config EFI_HAVE_CAPSULE_SUPPORT
	128	bool
	129
	130	config EFI_RUNTIME_UPDATE_CAPSULE
	131	bool "UpdateCapsule() runtime service"
2bc27ca8 AT	132	select EFI_HAVE_CAPSULE_SUPPORT
	133	help
	134	Select this option if you want to use UpdateCapsule and
	135	QueryCapsuleCapabilities API's.
	136
c74cd8bd AT	137	config EFI_CAPSULE_ON_DISK
c74cd8bd AT	138	bool "Enable capsule-on-disk support"
7660cfee	139	depends on SYSRESET
c74cd8bd	140	select EFI_HAVE_CAPSULE_SUPPORT
c74cd8bd AT	141	help
	142	Select this option if you want to use capsule-on-disk feature,
	143	that is, capsules can be fetched and executed from files
	144	under a specific directory on UEFI system partition instead of
	145	via UpdateCapsule API.
	146
0fa5020c IA	147	config EFI_IGNORE_OSINDICATIONS
	148	bool "Ignore OsIndications for CapsuleUpdate on-disk"
	149	depends on EFI_CAPSULE_ON_DISK
0fa5020c IA	150	help
	151	There are boards where U-Boot does not support SetVariable at runtime.
	152	Select this option if you want to use the capsule-on-disk feature
	153	without setting the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
	154	flag in variable OsIndications.
	155
c74cd8bd AT	156	config EFI_CAPSULE_ON_DISK_EARLY
	157	bool "Initiate capsule-on-disk at U-Boot boottime"
	158	depends on EFI_CAPSULE_ON_DISK
c74cd8bd AT	159	help
	160	Normally, without this option enabled, capsules will be
	161	executed only at the first time of invoking one of efi command.
	162	If this option is enabled, capsules will be enforced to be
	163	executed as part of U-Boot initialisation so that they will
	164	surely take place whatever is set to distro_bootcmd.
	165
bb7e71d3 AT	166	config EFI_CAPSULE_FIRMWARE
bb7e71d3 AT	167	bool
bb7e71d3	168
8d99026f AT	169	config EFI_CAPSULE_FIRMWARE_MANAGEMENT
	170	bool "Capsule: Firmware Management Protocol"
	171	depends on EFI_HAVE_CAPSULE_SUPPORT
	172	default y
	173	help
	174	Select this option if you want to enable capsule-based
	175	firmware update using Firmware Management Protocol.
	176
b891ff18 IA	177	config EFI_CAPSULE_FIRMWARE_FIT
	178	bool "FMP driver for FIT images"
	179	depends on FIT
	180	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
	181	select UPDATE_FIT
	182	select DFU
a9e6f01a	183	select SET_DFU_ALT_INFO
b891ff18 IA	184	select EFI_CAPSULE_FIRMWARE
	185	help
	186	Select this option if you want to enable firmware management protocol
	187	driver for FIT image
	188
	189	config EFI_CAPSULE_FIRMWARE_RAW
	190	bool "FMP driver for raw images"
	191	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
	192	depends on SANDBOX \|\| (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
	193	select DFU_WRITE_ALT
	194	select DFU
a9e6f01a	195	select SET_DFU_ALT_INFO
b891ff18 IA	196	select EFI_CAPSULE_FIRMWARE
	197	help
	198	Select this option if you want to enable firmware management protocol
	199	driver for raw image
	200
04be98bd SG	201	config EFI_CAPSULE_AUTHENTICATE
	202	bool "Update Capsule authentication"
	203	depends on EFI_CAPSULE_FIRMWARE
	204	depends on EFI_CAPSULE_ON_DISK
	205	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
464010b0	206	select HASH
04be98bd SG	207	select SHA256
	208	select RSA
	209	select RSA_VERIFY
	210	select RSA_VERIFY_WITH_PKEY
	211	select X509_CERTIFICATE_PARSER
	212	select PKCS7_MESSAGE_PARSER
	213	select PKCS7_VERIFY
dd40cf6f	214	select IMAGE_SIGN_INFO
f6081a8a	215	select EFI_SIGNATURE_SUPPORT
04be98bd SG	216	help
	217	Select this option if you want to enable capsule
	218	authentication
	219
64b5ba4d HS	220	config EFI_DEVICE_PATH_TO_TEXT
	221	bool "Device path to text protocol"
	222	default y
	223	help
	224	The device path to text protocol converts device nodes and paths to
	225	human readable strings.
	226
59593a52 HS	227	config EFI_DEVICE_PATH_UTIL
	228	bool "Device path utilities protocol"
	229	default y
	230	help
	231	The device path utilities protocol creates and manipulates device
	232	paths and device nodes. It is required to run the EFI Shell.
	233
4cb07d8d HS	234	config EFI_DT_FIXUP
	235	bool "Device tree fixup protocol"
	236	depends on !GENERATE_ACPI_TABLE
	237	default y
	238	help
	239	The EFI device-tree fix-up protocol provides a function to let the
	240	firmware apply fix-ups. This may be used by boot loaders.
	241
5684c8d1 HS	242	config EFI_LOADER_HII
	243	bool "HII protocols"
	244	default y
	245	help
	246	The Human Interface Infrastructure is a complicated framework that
	247	allows UEFI applications to draw fancy menus and hook strings using
	248	a translation framework.
	249
	250	U-Boot implements enough of its features to be able to run the UEFI
	251	Shell, but not more than that.
	252
95ab3816	253	config EFI_UNICODE_COLLATION_PROTOCOL2
33499735 HS	254	bool "Unicode collation protocol"
	255	default y
	256	help
	257	The Unicode collation protocol is used for lexical comparisons. It is
	258	required to run the UEFI shell.
	259
95ab3816	260	if EFI_UNICODE_COLLATION_PROTOCOL2
33499735	261
b5130a81 HS	262	config EFI_UNICODE_CAPITALIZATION
b5130a81 HS	263	bool "Support Unicode capitalization"
b5130a81 HS	264	default y
	265	help
	266	Select this option to enable correct handling of the capitalization of
	267	Unicode codepoints in the range 0x0000-0xffff. If this option is not
	268	set, only the the correct handling of the letters of the codepage
	269	used by the FAT file system is ensured.
	270
33499735 HS	271	endif
33499735 HS	272
51735ae0 AG	273	config EFI_LOADER_BOUNCE_BUFFER
51735ae0 AG	274	bool "EFI Applications use bounce buffers for DMA operations"
5684c8d1	275	depends on ARM64
51735ae0 AG	276	help
	277	Some hardware does not support DMA to full 64bit addresses. For this
	278	hardware we can create a bounce buffer so that payloads don't have to
	279	worry about platform details.
5fbb2895	280
5684c8d1 HS	281	config EFI_PLATFORM_LANG_CODES
	282	string "Language codes supported by firmware"
	283	default "en-US"
5fbb2895	284	help
5684c8d1 HS	285	This value is used to initialize the PlatformLangCodes variable. Its
	286	value is a semicolon (;) separated list of language codes in native
	287	RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
	288	to initialize the PlatformLang variable.
5fbb2895	289
953661a9 HS	290	config EFI_HAVE_RUNTIME_RESET
	291	# bool "Reset runtime service is available"
	292	bool
	293	default y
9c54729c HS	294	depends on ARCH_BCM283X \|\| FSL_LAYERSCAPE \|\| PSCI_RESET \|\| \
9c54729c HS	295	SANDBOX \|\| SYSRESET_X86
953661a9	296
6f3badb6 HS	297	config EFI_GRUB_ARM32_WORKAROUND
6f3badb6 HS	298	bool "Workaround for GRUB on 32bit ARM"
4bad14ae	299	default n if ARCH_BCM283X \|\| ARCH_SUNXI \|\| ARCH_QEMU
6f3badb6 HS	300	default y
	301	depends on ARM && !ARM64
	302	help
	303	GRUB prior to version 2.04 requires U-Boot to disable caches. This
	304	workaround currently is also needed on systems with caches that
	305	cannot be managed via CP15.
f552fa49 SG	306
	307	config EFI_RNG_PROTOCOL
	308	bool "EFI_RNG_PROTOCOL support"
	309	depends on DM_RNG
bdf329e4	310	default y
f552fa49	311	help
0e228853 HS	312	Provide a EFI_RNG_PROTOCOL implementation using the hardware random
0e228853 HS	313	number generator of the platform.
c1c02105 IA	314
	315	config EFI_TCG2_PROTOCOL
	316	bool "EFI_TCG2_PROTOCOL support"
48ee0846	317	default y
c1c02105	318	depends on TPM_V2
54bec17f MK	319	# Sandbox TPM currently fails on GetCapabilities needed for TCG2
54bec17f MK	320	depends on !SANDBOX
48ee0846 IA	321	select SHA1
48ee0846 IA	322	select SHA256
48ee0846 IA	323	select SHA384
48ee0846 IA	324	select SHA512
163a0d7e	325	select HASH
3d49ee85	326	select SMBIOS_PARSER
c1c02105 IA	327	help
	328	Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
	329	of the platform.
f552fa49	330
c8d0fd58 IA	331	config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
	332	int "EFI_TCG2_PROTOCOL EventLog size"
	333	depends on EFI_TCG2_PROTOCOL
d934ed57	334	default 65536
c8d0fd58 IA	335	help
	336	Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
	337	this is going to be allocated twice. One for the eventlog it self
	338	and one for the configuration table that is required from the spec
	339
ec80b473 IA	340	config EFI_LOAD_FILE2_INITRD
ec80b473 IA	341	bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
53f6a5aa	342	default y
ec80b473	343	help
53f6a5aa IA	344	Linux v5.7 and later can make use of this option. If the boot option
	345	selected by the UEFI boot manager specifies an existing file to be used
	346	as initial RAM disk, a Linux specific Load File2 protocol will be
	347	installed and Linux 5.7+ will ignore any initrd=<ramdisk> command line
	348	argument.
ec80b473	349
9bf09b51 AT	350	config EFI_SECURE_BOOT
9bf09b51 AT	351	bool "Enable EFI secure boot support"
1eccbb16	352	depends on EFI_LOADER && FIT_SIGNATURE
464010b0	353	select HASH
9bf09b51 AT	354	select SHA256
	355	select RSA
	356	select RSA_VERIFY_WITH_PKEY
	357	select IMAGE_SIGN_INFO
	358	select ASYMMETRIC_KEY_TYPE
	359	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	360	select X509_CERTIFICATE_PARSER
	361	select PKCS7_MESSAGE_PARSER
1115edd8	362	select PKCS7_VERIFY
634f6b2f	363	select MSCODE_PARSER
f6081a8a	364	select EFI_SIGNATURE_SUPPORT
9bf09b51 AT	365	help
	366	Select this option to enable EFI secure boot support.
	367	Once SecureBoot mode is enforced, any EFI binary can run only if
	368	it is signed with a trusted key. To do that, you need to install,
	369	at least, PK, KEK and db.
	370
f6081a8a MK	371	config EFI_SIGNATURE_SUPPORT
	372	bool
	373
64a8aae1 JM	374	config EFI_ESRT
	375	bool "Enable the UEFI ESRT generation"
	376	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
	377	default y
	378	help
	379	Enabling this option creates the ESRT UEFI system table.
	380
6b92c173 JM	381	config EFI_ECPT
	382	bool "Enable the UEFI ECPT generation"
	383	default y
	384	help
	385	Enabling this option created the ECPT UEFI table.
	386
63db1561 VS	387	config EFI_EBBR_2_1_CONFORMANCE
63db1561 VS	388	bool "Add the EBBRv2.1 conformance entry to the ECPT table"
648a8dcb JM	389	depends on EFI_ECPT
	390	depends on EFI_LOADER_HII
	391	depends on EFI_RISCV_BOOT_PROTOCOL \|\| !RISCV
	392	depends on EFI_RNG_PROTOCOL \|\| !DM_RNG
	393	depends on EFI_UNICODE_COLLATION_PROTOCOL2
	394	default y
	395	help
63db1561	396	Enabling this option adds the EBBRv2.1 conformance entry to the ECPT UEFI table.
648a8dcb	397
1ccf8716 S	398	config EFI_RISCV_BOOT_PROTOCOL
	399	bool "RISCV_EFI_BOOT_PROTOCOL support"
	400	default y
	401	depends on RISCV
	402	help
	403	The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
	404	to the next boot stage. It should be enabled as it is meant to
	405	replace the transfer via the device-tree. The latter is not
	406	possible on systems using ACPI.
	407
5684c8d1	408	endif