diff options
Diffstat (limited to 'src/security/intel/cbnt/Kconfig')
-rw-r--r-- | src/security/intel/cbnt/Kconfig | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/security/intel/cbnt/Kconfig b/src/security/intel/cbnt/Kconfig new file mode 100644 index 0000000000..f13f6ec59c --- /dev/null +++ b/src/security/intel/cbnt/Kconfig @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: GPL-2.0-only + +config INTEL_CBNT_SUPPORT + bool "Intel CBnT support" + default n + depends on CPU_INTEL_FIRMWARE_INTERFACE_TABLE + #depends on PLATFORM_HAS_DRAM_CLEAR + select INTEL_TXT + help + Enables Intel Converged Bootguard and Trusted Execution Technology + Support. This will enable one to add a Key Manifest (KM) and a Boot + Policy Manifest (BPM) to the filesystem. It will also wrap a FIT around + the firmware and update appropriate entries. + +if INTEL_CBNT_SUPPORT + +config INTEL_CBNT_KEY_MANIFEST_BINARY + string "KM (Key Manifest) binary location" + help + Location of the Key Manifest (KM) + +config INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY + string "BPM (Boot Policy Manifest) binary location" + help + Location of the Boot Policy Manifest (BPM) + +endif # INTEL_CBNT_SUPPORT |