summaryrefslogtreecommitdiff
path: root/src/security/intel/txt/Kconfig
blob: 3dd912ea6eb768d8626c942c438cf955bcf67287 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# SPDX-License-Identifier: GPL-2.0-only

config INTEL_TXT
	bool "Intel TXT support"
	default n
	select MRC_SETTINGS_PROTECT if CACHE_MRC_SETTINGS
	select ENABLE_VMX if CPU_INTEL_COMMON
	select AP_IN_SIPI_WAIT
	depends on (TPM1 || TPM2)
	depends on CPU_INTEL_FIRMWARE_INTERFACE_TABLE
	depends on PLATFORM_HAS_DRAM_CLEAR
	depends on (SOC_INTEL_COMMON_BLOCK_SA || HAVE_CF9_RESET)

if INTEL_TXT

menu "Intel"

config INTEL_TXT_BIOSACM_FILE
	string "BIOS ACM file"
	default "3rdparty/blobs/soc/intel/skylake/biosacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE
	help
	  Intel TXT BIOS ACM file. This file can be obtained through privileged
	  access to Intel resources. Or for some platforms found inside the
	  blob repository.

config INTEL_TXT_SINITACM_FILE
	string "SINIT ACM file"
	default "3rdparty/blobs/soc/intel/skylake/sinitacm.bin" if SOC_INTEL_COMMON_SKYLAKE_BASE
	help
	  Intel TXT SINIT ACM file. This file can be obtained through privileged
	  access to Intel resources. Or for some platforms found inside the
	  blob repository.

config INTEL_TXT_LOGGING
	bool "Enable verbose logging"
	help
	  Print more TXT related debug output.
	  Use in pre-production environments only!

config INTEL_TXT_BIOSACM_ALIGNMENT
	hex
	default 0x20000 # 128 KiB
	help
	  Exceptions are Ivy and Sandy Bridge with 64 KiB and Purley with 256 KiB
	  alignment size. If necessary, override from platform-specific Kconfig.

config INTEL_TXT_CBFS_BIOS_POLICY
	string
	default "txt_bios_policy.bin"

config INTEL_TXT_CBFS_BIOS_ACM
	string
	default "txt_bios_acm.bin"

config INTEL_TXT_CBFS_SINIT_ACM
	string
	default "txt_sinit_acm.bin"

endmenu # Intel

endif