summaryrefslogtreecommitdiff
path: root/payloads/libpayload/vboot/Kconfig
blob: 6d71a7ca50736cbae1447d24fe595bd934d13afb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# SPDX-License-Identifier: BSD-3-Clause

config VBOOT_LIB
	bool "Compile verified boot (vboot) library"
	default y if CHROMEOS
	default n
	help
	  This option enables compiling and building vboot libraries vboot_fw and tlcl.

if VBOOT_LIB

config VBOOT_CBFS_INTEGRATION
	bool "Enable vboot and CBFS integration"
	default n
	depends on CBFS_VERIFICATION
	help
	  Say yes to request reboot on CBFS file hash mismatch in non-recovery mode.

config VBOOT_TPM2_MODE
	bool "TPM2 Mode"
	default y
	help
	  This option enables TPM 2.0 support in vboot. Disabling it allows using TPM 1.2.

config VBOOT_X86_SHA_EXT
	bool "x86 SHA Extension"
	default y if CHROMEOS
	default n
	depends on ARCH_X86
	help
	  This option enables SHA256 implementation using x86 SHA processor extension
	  instructions: sha256msg1, sha256msg2, sha256rnds2.

config VBOOT_X86_RSA_ACCELERATION
	bool "Use SSE2 instructions for RSA signature verification"
	default y if CHROMEOS
	default n
	depends on ARCH_X86
	help
	  Use paddq, pmuludq, psrlq, punpckldq and punpcklqdq SSE2
	  instructions to accelerate the modulus exponentiation which
	  is part of the RSA signature verification process.

config VBOOT_SHA_ARMV8_CE
	bool "SHA256 implementation using ARMv8 Crypto Extension"
	default y if CHROMEOS
	default n
	depends on ARCH_ARM64
	help
	  This option enables SHA256 implementation using ARMv8 Crypto Extension.

config VBOOT_ARM64_RSA_ACCELERATION
	bool "Use arm64 SIMD instructions to accelerate RSA signature verification"
	default y
	depends on ARCH_ARM64
	help
	  Use arm64 SIMD instructions (NEON) to parallelize two multiplications
	  in the modulus exponentiation algorithm, which speeds up RSA signature
	  verification in vboot. This is supported on all arm64 CPUs so you'd
	  generally always want this enabled, unless your SoC is overriding
	  vboot's hwcrypto API with its own crypto accelerator IP instead (or
	  you're trying really hard to save on code size).

endif