diff options
author | Matt DeVillier <matt.devillier@gmail.com> | 2023-04-30 15:10:57 -0500 |
---|---|---|
committer | Matt DeVillier <matt.devillier@amd.corp-partner.google.com> | 2023-05-02 13:46:59 +0000 |
commit | a38e2484ac74c04684a2bd4339d4f43c721294c8 (patch) | |
tree | 76b3bfb8a757f7fabbec97f7ff79640bdcaa1c21 | |
parent | b8fd41b4416dc955e44b6e7c455d8d64e94a4fd8 (diff) |
payloads/edk2: Add Kconfig to enable UEFI Secure Boot support
Now that MrChromebox's default edk2 branch supports Secure Boot, add a
Kconfig to enable it, and do so by default when MrChromebox's branch
is used and SMMSTORE_V2 is enabled (which is a prerequisite).
TEST=build/boot google boards link, panther, lulu,reef, ampton, akemi,
and banshee, verify Secure Boot options available in payload, Secure
Boot status reported properly by Linux/Windows.
Change-Id: I4be58c3315cabe08729d717c59203fdc6a3e2958
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74869
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
-rw-r--r-- | payloads/external/Makefile.inc | 1 | ||||
-rw-r--r-- | payloads/external/edk2/Kconfig | 8 | ||||
-rw-r--r-- | payloads/external/edk2/Makefile | 4 |
3 files changed, 13 insertions, 0 deletions
diff --git a/payloads/external/Makefile.inc b/payloads/external/Makefile.inc index effab43818..5f29063bfe 100644 --- a/payloads/external/Makefile.inc +++ b/payloads/external/Makefile.inc @@ -188,6 +188,7 @@ $(obj)/UEFIPAYLOAD.fd: $(DOTCONFIG) CONFIG_ECAM_MMCONF_LENGTH=$(CONFIG_ECAM_MMCONF_LENGTH) \ CONFIG_CPU_XTAL_HZ=$(CONFIG_CPU_XTAL_HZ) \ CONFIG_SMMSTORE_V2=$(CONFIG_SMMSTORE_v2) \ + CONFIG_EDK2_SECURE_BOOT_SUPPORT=$(CONFIG_EDK2_SECURE_BOOT_SUPPORT) \ GCC_CC_x86_32=$(GCC_CC_x86_32) \ GCC_CC_x86_64=$(GCC_CC_x86_64) \ GCC_CC_arm=$(GCC_CC_arm) \ diff --git a/payloads/external/edk2/Kconfig b/payloads/external/edk2/Kconfig index 2c8152f27d..c166975f81 100644 --- a/payloads/external/edk2/Kconfig +++ b/payloads/external/edk2/Kconfig @@ -242,6 +242,14 @@ config EDK2_SERIAL_SUPPORT Enable serial port output in edk2. Serial output limits the performance of edk2's FrontPage. +config EDK2_SECURE_BOOT_SUPPORT + bool "Enable UEFI Secure Boot support" + depends on EDK2_REPO_MRCHROMEBOX && SMMSTORE_V2 + default y if EDK2_REPO_MRCHROMEBOX && SMMSTORE_V2 + help + Select this option to enable UEFI SecureBoot support in edk2. + UEFI SecureBoot will be disabled by default and can be enabled from the menu option. + config EDK2_CUSTOM_BUILD_PARAMS string "edk2 additional custom build parameters" default "-D VARIABLE_SUPPORT=SMMSTORE" if EDK2_REPO_MRCHROMEBOX && SMMSTORE_V2 diff --git a/payloads/external/edk2/Makefile b/payloads/external/edk2/Makefile index b241cf9688..21812422fb 100644 --- a/payloads/external/edk2/Makefile +++ b/payloads/external/edk2/Makefile @@ -111,6 +111,10 @@ endif ifneq ($(CONFIG_EDK2_SD_MMC_TIMEOUT),) BUILD_STR += -D SD_MMC_TIMEOUT=$(shell echo $$(( $(CONFIG_EDK2_SD_MMC_TIMEOUT) * 1000)) ) endif +# EDK2_SECURE_BOOT_SUPPORT = FALSE +ifeq ($(CONFIG_EDK2_SECURE_BOOT_SUPPORT), y) +BUILD_STR += -D SECURE_BOOT_ENABLE=TRUE +endif # # EDKII has the below PCDs that are relevant to coreboot: |