# SPDX-License-Identifier: GPL-2.0-only

config INTEL_TXT
	bool "Intel TXT support"
	default n
	select MRC_SETTINGS_PROTECT if CACHE_MRC_SETTINGS
	select ENABLE_VMX if CPU_INTEL_COMMON
	select AP_IN_SIPI_WAIT
	depends on (TPM1 || TPM2)
	depends on CPU_INTEL_FIRMWARE_INTERFACE_TABLE
	depends on PLATFORM_HAS_DRAM_CLEAR
	depends on (SOC_INTEL_COMMON_BLOCK_SA || HAVE_CF9_RESET)

if INTEL_TXT

menu "Intel"

config INTEL_TXT_BIOSACM_FILE
	string "BIOS ACM file"
	default "3rdparty/blobs/soc/intel/skylake/biosacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE
	help
	  Intel TXT BIOS ACM file. This file can be obtained through privileged
	  access to Intel resources. Or for some platforms found inside the
	  blob repository.

config INTEL_TXT_SINITACM_FILE
	string "SINIT ACM file"
	default "3rdparty/blobs/soc/intel/skylake/sinitacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE
	help
	  Intel TXT SINIT ACM file. This file can be obtained through privileged
	  access to Intel resources. Or for some platforms found inside the
	  blob repository.

config INTEL_TXT_LOGGING
	bool "Enable verbose logging"
	help
	  Print more TXT related debug output.
	  Use in pre-production environments only!

config INTEL_TXT_BIOSACM_ALIGNMENT
	hex
	default 0x20000 # 128 KiB
	help
	  Exceptions are Ivy and Sandy Bridge with 64 KiB and Purley with 256 KiB
	  alignment size. If necessary, override from platform-specific Kconfig.

config INTEL_TXT_CBFS_BIOS_POLICY
	string
	default "txt_bios_policy.bin"

config INTEL_TXT_CBFS_BIOS_ACM
	string
	default "txt_bios_acm.bin"

config INTEL_TXT_CBFS_SINIT_ACM
	string
	default "txt_sinit_acm.bin"

endmenu # Intel

endif