From 2a12e2e8da2477d97b8774babd1a74dda65d11a0 Mon Sep 17 00:00:00 2001 From: Furquan Shaikh Date: Mon, 25 Jul 2016 11:48:03 -0700 Subject: vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie --- src/vboot/Kconfig | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 src/vboot/Kconfig (limited to 'src/vboot/Kconfig') diff --git a/src/vboot/Kconfig b/src/vboot/Kconfig new file mode 100644 index 0000000000..6f9e3b9b16 --- /dev/null +++ b/src/vboot/Kconfig @@ -0,0 +1,143 @@ +## This file is part of the coreboot project. +## +## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +config VBOOT_VBNV_OFFSET + hex + default 0x26 + depends on PC80_SYSTEM + help + CMOS offset for VbNv data. This value must match cmos.layout + in the mainboard directory, minus 14 bytes for the RTC. + +config VBOOT_VBNV_CMOS + bool "Vboot non-volatile storage in CMOS." + default n + help + VBNV is stored in CMOS + +config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH + bool "Back up Vboot non-volatile storage from CMOS to flash." + default n + depends on VBOOT_VBNV_CMOS + help + Vboot non-volatile storage data will be backed up from CMOS to flash + and restored from flash if the CMOS is invalid due to power loss. + +config VBOOT_VBNV_EC + bool "Vboot non-volatile storage in EC." + default n + help + VBNV is stored in EC + +config VBOOT_VBNV_FLASH + def_bool n + help + VBNV is stored in flash storage + +config VBOOT_STARTS_IN_BOOTBLOCK + bool "Vboot starts verifying in bootblock" + default n + depends on VBOOT + help + Firmware verification happens during or at the end of bootblock. + +config VBOOT_STARTS_IN_ROMSTAGE + bool "Vboot starts verifying in romstage" + default n + depends on VBOOT && !VBOOT_STARTS_IN_BOOTBLOCK + help + Firmware verification happens during or at the end of romstage. + +config VBOOT_MOCK_SECDATA + bool "Mock secdata for firmware verification" + default n + depends on VBOOT + help + Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware + verification to avoid access to a secdata storage (typically TPM). + All operations for a secdata storage will be successful. This option + can be used during development when a TPM is not present or broken. + THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES. + +config VBOOT_DISABLE_DEV_ON_RECOVERY + bool "Disable dev mode on recovery requests" + default n + depends on VBOOT + help + When this option is enabled, the Chrome OS device leaves the + developer mode as soon as recovery request is detected. This is + handy on embedded devices with limited input capabilities. + +config SEPARATE_VERSTAGE + bool "Vboot verification is built into a separate stage" + default n + depends on VBOOT + +config RETURN_FROM_VERSTAGE + bool "The separate verification stage returns to its caller" + default n + depends on SEPARATE_VERSTAGE + help + If this is set, the verstage returns back to the calling stage instead + of exiting to the succeeding stage so that the verstage space can be + reused by the succeeding stage. This is useful if a ram space is too + small to fit both the verstage and the succeeding stage. + +config CHIPSET_PROVIDES_VERSTAGE_MAIN_SYMBOL + bool "The chipset provides the main() entry point for verstage" + default n + depends on SEPARATE_VERSTAGE + help + The chipset code provides their own main() entry point. + +config VBOOT_DYNAMIC_WORK_BUFFER + bool "Vboot's work buffer is dynamically allocated." + default y if ARCH_ROMSTAGE_X86_32 && !SEPARATE_VERSTAGE + default n + depends on VBOOT + help + This option is used when there isn't enough pre-main memory + ram to allocate the vboot work buffer. That means vboot verification + is after memory init and requires main memory to back the work + buffer. + +config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT + bool + default n + depends on VBOOT + help + This option ensures that the recovery request is not lost because of + reboots caused after vboot verification is run. e.g. reboots caused by + FSP components on Intel platforms. + +config VBOOT_OPROM_MATTERS + bool "Video option ROM matters (= can skip display init)" + default n + depends on VBOOT + help + Set this option to indicate to vboot that this platform will skip its + display initialization on a normal (non-recovery, non-developer) boot. + Vboot calls this "oprom matters" because on x86 devices this + traditionally meant that the video option ROM will not be loaded, but + it works functionally the same for other platforms that can skip their + native display initialization code instead. + +config VBOOT + bool "Verify firmware with vboot." + default n + depends on HAVE_HARD_RESET + help + Enabling VBOOT will use vboot to verify the components of the firmware + (stages, payload, etc). + -- cgit v1.2.3