summaryrefslogtreecommitdiff
path: root/src/vboot/Kconfig
diff options
context:
space:
mode:
authorFurquan Shaikh <furquan@google.com>2016-07-25 11:48:03 -0700
committerFurquan Shaikh <furquan@google.com>2016-07-28 00:36:00 +0200
commit2a12e2e8da2477d97b8774babd1a74dda65d11a0 (patch)
treec8bbdc94b777269dcdaa2c5070c61432b1001986 /src/vboot/Kconfig
parentaf8ef2a810f97b762d30de2b6f30d6ffefa0ae0e (diff)
downloadcoreboot-2a12e2e8da2477d97b8774babd1a74dda65d11a0.tar.xz
vboot: Separate vboot from chromeos
VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Diffstat (limited to 'src/vboot/Kconfig')
-rw-r--r--src/vboot/Kconfig143
1 files changed, 143 insertions, 0 deletions
diff --git a/src/vboot/Kconfig b/src/vboot/Kconfig
new file mode 100644
index 0000000000..6f9e3b9b16
--- /dev/null
+++ b/src/vboot/Kconfig
@@ -0,0 +1,143 @@
+## This file is part of the coreboot project.
+##
+## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; version 2 of the License.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+##
+
+config VBOOT_VBNV_OFFSET
+ hex
+ default 0x26
+ depends on PC80_SYSTEM
+ help
+ CMOS offset for VbNv data. This value must match cmos.layout
+ in the mainboard directory, minus 14 bytes for the RTC.
+
+config VBOOT_VBNV_CMOS
+ bool "Vboot non-volatile storage in CMOS."
+ default n
+ help
+ VBNV is stored in CMOS
+
+config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
+ bool "Back up Vboot non-volatile storage from CMOS to flash."
+ default n
+ depends on VBOOT_VBNV_CMOS
+ help
+ Vboot non-volatile storage data will be backed up from CMOS to flash
+ and restored from flash if the CMOS is invalid due to power loss.
+
+config VBOOT_VBNV_EC
+ bool "Vboot non-volatile storage in EC."
+ default n
+ help
+ VBNV is stored in EC
+
+config VBOOT_VBNV_FLASH
+ def_bool n
+ help
+ VBNV is stored in flash storage
+
+config VBOOT_STARTS_IN_BOOTBLOCK
+ bool "Vboot starts verifying in bootblock"
+ default n
+ depends on VBOOT
+ help
+ Firmware verification happens during or at the end of bootblock.
+
+config VBOOT_STARTS_IN_ROMSTAGE
+ bool "Vboot starts verifying in romstage"
+ default n
+ depends on VBOOT && !VBOOT_STARTS_IN_BOOTBLOCK
+ help
+ Firmware verification happens during or at the end of romstage.
+
+config VBOOT_MOCK_SECDATA
+ bool "Mock secdata for firmware verification"
+ default n
+ depends on VBOOT
+ help
+ Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
+ verification to avoid access to a secdata storage (typically TPM).
+ All operations for a secdata storage will be successful. This option
+ can be used during development when a TPM is not present or broken.
+ THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
+
+config VBOOT_DISABLE_DEV_ON_RECOVERY
+ bool "Disable dev mode on recovery requests"
+ default n
+ depends on VBOOT
+ help
+ When this option is enabled, the Chrome OS device leaves the
+ developer mode as soon as recovery request is detected. This is
+ handy on embedded devices with limited input capabilities.
+
+config SEPARATE_VERSTAGE
+ bool "Vboot verification is built into a separate stage"
+ default n
+ depends on VBOOT
+
+config RETURN_FROM_VERSTAGE
+ bool "The separate verification stage returns to its caller"
+ default n
+ depends on SEPARATE_VERSTAGE
+ help
+ If this is set, the verstage returns back to the calling stage instead
+ of exiting to the succeeding stage so that the verstage space can be
+ reused by the succeeding stage. This is useful if a ram space is too
+ small to fit both the verstage and the succeeding stage.
+
+config CHIPSET_PROVIDES_VERSTAGE_MAIN_SYMBOL
+ bool "The chipset provides the main() entry point for verstage"
+ default n
+ depends on SEPARATE_VERSTAGE
+ help
+ The chipset code provides their own main() entry point.
+
+config VBOOT_DYNAMIC_WORK_BUFFER
+ bool "Vboot's work buffer is dynamically allocated."
+ default y if ARCH_ROMSTAGE_X86_32 && !SEPARATE_VERSTAGE
+ default n
+ depends on VBOOT
+ help
+ This option is used when there isn't enough pre-main memory
+ ram to allocate the vboot work buffer. That means vboot verification
+ is after memory init and requires main memory to back the work
+ buffer.
+
+config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
+ bool
+ default n
+ depends on VBOOT
+ help
+ This option ensures that the recovery request is not lost because of
+ reboots caused after vboot verification is run. e.g. reboots caused by
+ FSP components on Intel platforms.
+
+config VBOOT_OPROM_MATTERS
+ bool "Video option ROM matters (= can skip display init)"
+ default n
+ depends on VBOOT
+ help
+ Set this option to indicate to vboot that this platform will skip its
+ display initialization on a normal (non-recovery, non-developer) boot.
+ Vboot calls this "oprom matters" because on x86 devices this
+ traditionally meant that the video option ROM will not be loaded, but
+ it works functionally the same for other platforms that can skip their
+ native display initialization code instead.
+
+config VBOOT
+ bool "Verify firmware with vboot."
+ default n
+ depends on HAVE_HARD_RESET
+ help
+ Enabling VBOOT will use vboot to verify the components of the firmware
+ (stages, payload, etc).
+