summaryrefslogtreecommitdiff
path: root/src/security/intel/cbnt/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/intel/cbnt/Kconfig')
-rw-r--r--src/security/intel/cbnt/Kconfig27
1 files changed, 27 insertions, 0 deletions
diff --git a/src/security/intel/cbnt/Kconfig b/src/security/intel/cbnt/Kconfig
new file mode 100644
index 0000000000..f13f6ec59c
--- /dev/null
+++ b/src/security/intel/cbnt/Kconfig
@@ -0,0 +1,27 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+config INTEL_CBNT_SUPPORT
+ bool "Intel CBnT support"
+ default n
+ depends on CPU_INTEL_FIRMWARE_INTERFACE_TABLE
+ #depends on PLATFORM_HAS_DRAM_CLEAR
+ select INTEL_TXT
+ help
+ Enables Intel Converged Bootguard and Trusted Execution Technology
+ Support. This will enable one to add a Key Manifest (KM) and a Boot
+ Policy Manifest (BPM) to the filesystem. It will also wrap a FIT around
+ the firmware and update appropriate entries.
+
+if INTEL_CBNT_SUPPORT
+
+config INTEL_CBNT_KEY_MANIFEST_BINARY
+ string "KM (Key Manifest) binary location"
+ help
+ Location of the Key Manifest (KM)
+
+config INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY
+ string "BPM (Boot Policy Manifest) binary location"
+ help
+ Location of the Boot Policy Manifest (BPM)
+
+endif # INTEL_CBNT_SUPPORT