summaryrefslogtreecommitdiff
path: root/src/security/vboot/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/vboot/Kconfig')
-rw-r--r--src/security/vboot/Kconfig334
1 files changed, 334 insertions, 0 deletions
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
new file mode 100644
index 0000000000..d5b5de291e
--- /dev/null
+++ b/src/security/vboot/Kconfig
@@ -0,0 +1,334 @@
+## This file is part of the coreboot project.
+##
+## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; version 2 of the License.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+##
+
+menu "Verified Boot (vboot)"
+
+config VBOOT
+ bool "Verify firmware with vboot."
+ default n
+ select TPM if !MAINBOARD_HAS_TPM2 && !VBOOT_MOCK_SECDATA
+ select TPM2 if MAINBOARD_HAS_TPM2 && !VBOOT_MOCK_SECDATA
+ select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM
+ select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM
+ depends on HAVE_HARD_RESET
+ help
+ Enabling VBOOT will use vboot to verify the components of the firmware
+ (stages, payload, etc).
+
+if VBOOT
+
+config VBOOT_VBNV_CMOS
+ bool
+ default n
+ depends on PC80_SYSTEM
+ help
+ VBNV is stored in CMOS
+
+config VBOOT_VBNV_OFFSET
+ hex
+ default 0x26
+ depends on VBOOT_VBNV_CMOS
+ help
+ CMOS offset for VbNv data. This value must match cmos.layout
+ in the mainboard directory, minus 14 bytes for the RTC.
+
+config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
+ bool
+ default n
+ depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES
+ help
+ Vboot non-volatile storage data will be backed up from CMOS to flash
+ and restored from flash if the CMOS is invalid due to power loss.
+
+config VBOOT_VBNV_EC
+ bool
+ default n
+ help
+ VBNV is stored in EC
+
+config VBOOT_VBNV_FLASH
+ bool
+ default n
+ depends on BOOT_DEVICE_SUPPORTS_WRITES
+ help
+ VBNV is stored in flash storage
+
+config VBOOT_STARTS_IN_BOOTBLOCK
+ bool
+ default n
+ help
+ Firmware verification happens during the end of or right after the
+ bootblock. This implies that a static VBOOT2_WORK() buffer must be
+ allocated in memlayout.
+
+config VBOOT_STARTS_IN_ROMSTAGE
+ bool
+ default n
+ depends on !VBOOT_STARTS_IN_BOOTBLOCK
+ help
+ Firmware verification happens during the end of romstage (after
+ memory initialization). This implies that vboot working data is
+ allocated in CBMEM.
+
+config VBOOT_MOCK_SECDATA
+ bool "Mock secdata for firmware verification"
+ default n
+ help
+ Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
+ verification to avoid access to a secdata storage (typically TPM).
+ All operations for a secdata storage will be successful. This option
+ can be used during development when a TPM is not present or broken.
+ THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
+
+config VBOOT_DISABLE_DEV_ON_RECOVERY
+ bool
+ default n
+ help
+ When this option is enabled, the Chrome OS device leaves the
+ developer mode as soon as recovery request is detected. This is
+ handy on embedded devices with limited input capabilities.
+
+config VBOOT_SEPARATE_VERSTAGE
+ bool
+ default n
+ depends on VBOOT_STARTS_IN_BOOTBLOCK
+ help
+ If this option is set, vboot verification runs in a standalone stage
+ that is loaded from the bootblock and exits into romstage. If it is
+ not set, the verification code is linked directly into the bootblock
+ or the romstage and runs as part of that stage (cf. related options
+ VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and VBOOT_RETURN_FROM_VERSTAGE).
+
+config VBOOT_RETURN_FROM_VERSTAGE
+ bool
+ default n
+ depends on VBOOT_SEPARATE_VERSTAGE
+ help
+ If this is set, the verstage returns back to the calling stage instead
+ of exiting to the succeeding stage so that the verstage space can be
+ reused by the succeeding stage. This is useful if a RAM space is too
+ small to fit both the verstage and the succeeding stage.
+
+config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
+ bool
+ default n
+ help
+ This option ensures that the recovery request is not lost because of
+ reboots caused after vboot verification is run. e.g. reboots caused by
+ FSP components on Intel platforms.
+
+config VBOOT_OPROM_MATTERS
+ bool
+ default n
+ help
+ Set this option to indicate to vboot that this platform will skip its
+ display initialization on a normal (non-recovery, non-developer) boot.
+ Vboot calls this "oprom matters" because on x86 devices this
+ traditionally meant that the video option ROM will not be loaded, but
+ it works functionally the same for other platforms that can skip their
+ native display initialization code instead.
+
+config VBOOT_HAS_REC_HASH_SPACE
+ bool
+ default n
+ help
+ Set this option to indicate to vboot that recovery data hash space
+ is present in TPM.
+
+config VBOOT_SOFT_REBOOT_WORKAROUND
+ bool
+ default n
+
+config VBOOT_EC_SOFTWARE_SYNC
+ bool "Enable EC software sync"
+ default y if EC_GOOGLE_CHROMEEC
+ default n
+ help
+ EC software sync is a mechanism where the AP helps the EC verify its
+ firmware similar to how vboot verifies the main system firmware. This
+ option selects whether vboot should support EC software sync.
+
+config VBOOT_EC_SLOW_UPDATE
+ bool
+ default n
+ depends on VBOOT_EC_SOFTWARE_SYNC
+ help
+ Whether the EC (or PD) is slow to update and needs to display a
+ screen that informs the user the update is happening.
+
+config VBOOT_EC_EFS
+ bool
+ default n
+ depends on VBOOT_EC_SOFTWARE_SYNC
+ help
+ CrosEC can support EFS: Early Firmware Selection. If it's enabled,
+ software sync need to also support it. This setting tells vboot to
+ perform EFS software sync.
+
+config VBOOT_PHYSICAL_DEV_SWITCH
+ bool
+ default n
+ help
+ Whether this platform has a physical developer switch. Note that this
+ disables virtual dev switch functionality (through secdata). Operation
+ where both a physical pin and the virtual switch get sampled is not
+ supported by coreboot.
+
+config VBOOT_PHYSICAL_REC_SWITCH
+ bool
+ default n
+ help
+ Whether this platform has a physical recovery switch.
+
+config VBOOT_LID_SWITCH
+ bool
+ default n
+ help
+ Whether this platform has a lid switch. If it does, vboot will not
+ decrement try counters for boot failures if the lid is closed.
+
+config VBOOT_WIPEOUT_SUPPORTED
+ bool
+ default n
+ help
+ When this option is enabled, the firmware provides the ability to
+ signal the application the need for factory reset (a.k.a. wipe
+ out) of the device
+
+config VBOOT_FWID_MODEL
+ string "Firmware ID model"
+ default "Google_$(CONFIG_MAINBOARD_PART_NUMBER)" if CHROMEOS
+ default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)"
+ help
+ This is the first part of the FWID written to various regions of a
+ vboot firmware image to identify its version.
+
+config VBOOT_FWID_VERSION
+ string "Firmware ID version"
+ default ".$(KERNELVERSION)"
+ help
+ This is the second part of the FWID written to various regions of a
+ vboot firmware image to identify its version.
+
+config RO_REGION_ONLY
+ string "Additional files that should not be copied to RW"
+ default ""
+ help
+ Add a space delimited list of filenames that should only be in the
+ RO section.
+
+menu "GBB configuration"
+
+config GBB_HWID
+ string "Hardware ID"
+ default "NOCONF HWID"
+
+config GBB_BMPFV_FILE
+ string "Path to bmpfv image"
+ default ""
+
+config GBB_FLAG_DEV_SCREEN_SHORT_DELAY
+ bool "Reduce dev screen delay"
+ default n
+
+config GBB_FLAG_LOAD_OPTION_ROMS
+ bool "Load option ROMs"
+ default n
+
+config GBB_FLAG_ENABLE_ALTERNATE_OS
+ bool "Allow booting a non-Chrome OS kernel if dev switch is on"
+ default n
+
+config GBB_FLAG_FORCE_DEV_SWITCH_ON
+ bool "Force dev switch on"
+ default n
+
+config GBB_FLAG_FORCE_DEV_BOOT_USB
+ bool "Allow booting from USB in dev mode even if dev_boot_usb=0"
+ default y
+
+config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK
+ bool "Disable firmware rollback protection"
+ default y
+
+config GBB_FLAG_ENTER_TRIGGERS_TONORM
+ bool "Return to normal boot with Enter"
+ default n
+
+config GBB_FLAG_FORCE_DEV_BOOT_LEGACY
+ bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0"
+ default n
+
+config GBB_FLAG_FAFT_KEY_OVERIDE
+ bool "Allow booting using alternative keys for FAFT servo testing"
+ default n
+
+config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC
+ bool "Disable EC software sync"
+ default n
+
+config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY
+ bool "Default to booting to legacy in dev mode"
+ default n
+
+config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC
+ bool "Disable PD software sync"
+ default n
+
+config GBB_FLAG_DISABLE_LID_SHUTDOWN
+ bool "Disable shutdown on closed lid"
+ default n
+
+config GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP
+ bool "Allow fastboot even if dev_boot_fastboot_full_cap=0"
+ default n
+
+config GBB_FLAG_ENABLE_SERIAL
+ bool "Tell vboot to enable serial console"
+ default n
+
+endmenu # GBB
+
+menu "Vboot Keys"
+config VBOOT_ROOT_KEY
+ string "Root key (public)"
+ default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk"
+
+config VBOOT_RECOVERY_KEY
+ string "Recovery key (public)"
+ default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk"
+
+config VBOOT_FIRMWARE_PRIVKEY
+ string "Firmware key (private)"
+ default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk"
+
+config VBOOT_KERNEL_KEY
+ string "Kernel subkey (public)"
+ default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk"
+
+config VBOOT_KEYBLOCK
+ string "Keyblock to use for the RW regions"
+ default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock"
+
+config VBOOT_KEYBLOCK_VERSION
+ int "Keyblock version number"
+ default 1
+
+config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
+ hex "Keyblock preamble flags"
+ default 0x0
+
+endmenu # Keys
+endif # VBOOT
+endmenu # Verified Boot (vboot)