1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
|
## This file is part of the coreboot project.
##
## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
menu "Verified Boot (vboot)"
config VBOOT
bool "Verify firmware with vboot."
default n
select TPM if !MAINBOARD_HAS_TPM2 && !VBOOT_MOCK_SECDATA
select TPM2 if MAINBOARD_HAS_TPM2 && !VBOOT_MOCK_SECDATA
select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM
select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM
depends on HAVE_HARD_RESET
help
Enabling VBOOT will use vboot to verify the components of the firmware
(stages, payload, etc).
if VBOOT
config VBOOT_VBNV_CMOS
bool
default n
depends on PC80_SYSTEM
help
VBNV is stored in CMOS
config VBOOT_VBNV_OFFSET
hex
default 0x26
depends on VBOOT_VBNV_CMOS
help
CMOS offset for VbNv data. This value must match cmos.layout
in the mainboard directory, minus 14 bytes for the RTC.
config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
bool
default n
depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES
help
Vboot non-volatile storage data will be backed up from CMOS to flash
and restored from flash if the CMOS is invalid due to power loss.
config VBOOT_VBNV_EC
bool
default n
help
VBNV is stored in EC
config VBOOT_VBNV_FLASH
bool
default n
depends on BOOT_DEVICE_SUPPORTS_WRITES
help
VBNV is stored in flash storage
config VBOOT_STARTS_IN_BOOTBLOCK
bool
default n
help
Firmware verification happens during the end of or right after the
bootblock. This implies that a static VBOOT2_WORK() buffer must be
allocated in memlayout.
config VBOOT_STARTS_IN_ROMSTAGE
bool
default n
depends on !VBOOT_STARTS_IN_BOOTBLOCK
help
Firmware verification happens during the end of romstage (after
memory initialization). This implies that vboot working data is
allocated in CBMEM.
config VBOOT_MOCK_SECDATA
bool "Mock secdata for firmware verification"
default n
help
Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
verification to avoid access to a secdata storage (typically TPM).
All operations for a secdata storage will be successful. This option
can be used during development when a TPM is not present or broken.
THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
config VBOOT_DISABLE_DEV_ON_RECOVERY
bool
default n
help
When this option is enabled, the Chrome OS device leaves the
developer mode as soon as recovery request is detected. This is
handy on embedded devices with limited input capabilities.
config VBOOT_SEPARATE_VERSTAGE
bool
default n
depends on VBOOT_STARTS_IN_BOOTBLOCK
help
If this option is set, vboot verification runs in a standalone stage
that is loaded from the bootblock and exits into romstage. If it is
not set, the verification code is linked directly into the bootblock
or the romstage and runs as part of that stage (cf. related options
VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and VBOOT_RETURN_FROM_VERSTAGE).
config VBOOT_RETURN_FROM_VERSTAGE
bool
default n
depends on VBOOT_SEPARATE_VERSTAGE
help
If this is set, the verstage returns back to the calling stage instead
of exiting to the succeeding stage so that the verstage space can be
reused by the succeeding stage. This is useful if a RAM space is too
small to fit both the verstage and the succeeding stage.
config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
bool
default n
help
This option ensures that the recovery request is not lost because of
reboots caused after vboot verification is run. e.g. reboots caused by
FSP components on Intel platforms.
config VBOOT_OPROM_MATTERS
bool
default n
help
Set this option to indicate to vboot that this platform will skip its
display initialization on a normal (non-recovery, non-developer) boot.
Vboot calls this "oprom matters" because on x86 devices this
traditionally meant that the video option ROM will not be loaded, but
it works functionally the same for other platforms that can skip their
native display initialization code instead.
config VBOOT_HAS_REC_HASH_SPACE
bool
default n
help
Set this option to indicate to vboot that recovery data hash space
is present in TPM.
config VBOOT_SOFT_REBOOT_WORKAROUND
bool
default n
config VBOOT_EC_SOFTWARE_SYNC
bool "Enable EC software sync"
default y if EC_GOOGLE_CHROMEEC
default n
help
EC software sync is a mechanism where the AP helps the EC verify its
firmware similar to how vboot verifies the main system firmware. This
option selects whether vboot should support EC software sync.
config VBOOT_EC_SLOW_UPDATE
bool
default n
depends on VBOOT_EC_SOFTWARE_SYNC
help
Whether the EC (or PD) is slow to update and needs to display a
screen that informs the user the update is happening.
config VBOOT_EC_EFS
bool
default n
depends on VBOOT_EC_SOFTWARE_SYNC
help
CrosEC can support EFS: Early Firmware Selection. If it's enabled,
software sync need to also support it. This setting tells vboot to
perform EFS software sync.
config VBOOT_PHYSICAL_DEV_SWITCH
bool
default n
help
Whether this platform has a physical developer switch. Note that this
disables virtual dev switch functionality (through secdata). Operation
where both a physical pin and the virtual switch get sampled is not
supported by coreboot.
config VBOOT_PHYSICAL_REC_SWITCH
bool
default n
help
Whether this platform has a physical recovery switch.
config VBOOT_LID_SWITCH
bool
default n
help
Whether this platform has a lid switch. If it does, vboot will not
decrement try counters for boot failures if the lid is closed.
config VBOOT_WIPEOUT_SUPPORTED
bool
default n
help
When this option is enabled, the firmware provides the ability to
signal the application the need for factory reset (a.k.a. wipe
out) of the device
config VBOOT_FWID_MODEL
string "Firmware ID model"
default "Google_$(CONFIG_MAINBOARD_PART_NUMBER)" if CHROMEOS
default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)"
help
This is the first part of the FWID written to various regions of a
vboot firmware image to identify its version.
config VBOOT_FWID_VERSION
string "Firmware ID version"
default ".$(KERNELVERSION)"
help
This is the second part of the FWID written to various regions of a
vboot firmware image to identify its version.
config RO_REGION_ONLY
string "Additional files that should not be copied to RW"
default ""
help
Add a space delimited list of filenames that should only be in the
RO section.
menu "GBB configuration"
config GBB_HWID
string "Hardware ID"
default "NOCONF HWID"
config GBB_BMPFV_FILE
string "Path to bmpfv image"
default ""
config GBB_FLAG_DEV_SCREEN_SHORT_DELAY
bool "Reduce dev screen delay"
default n
config GBB_FLAG_LOAD_OPTION_ROMS
bool "Load option ROMs"
default n
config GBB_FLAG_ENABLE_ALTERNATE_OS
bool "Allow booting a non-Chrome OS kernel if dev switch is on"
default n
config GBB_FLAG_FORCE_DEV_SWITCH_ON
bool "Force dev switch on"
default n
config GBB_FLAG_FORCE_DEV_BOOT_USB
bool "Allow booting from USB in dev mode even if dev_boot_usb=0"
default y
config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK
bool "Disable firmware rollback protection"
default y
config GBB_FLAG_ENTER_TRIGGERS_TONORM
bool "Return to normal boot with Enter"
default n
config GBB_FLAG_FORCE_DEV_BOOT_LEGACY
bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0"
default n
config GBB_FLAG_FAFT_KEY_OVERIDE
bool "Allow booting using alternative keys for FAFT servo testing"
default n
config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC
bool "Disable EC software sync"
default n
config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY
bool "Default to booting to legacy in dev mode"
default n
config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC
bool "Disable PD software sync"
default n
config GBB_FLAG_DISABLE_LID_SHUTDOWN
bool "Disable shutdown on closed lid"
default n
config GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP
bool "Allow fastboot even if dev_boot_fastboot_full_cap=0"
default n
config GBB_FLAG_ENABLE_SERIAL
bool "Tell vboot to enable serial console"
default n
endmenu # GBB
menu "Vboot Keys"
config VBOOT_ROOT_KEY
string "Root key (public)"
default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk"
config VBOOT_RECOVERY_KEY
string "Recovery key (public)"
default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk"
config VBOOT_FIRMWARE_PRIVKEY
string "Firmware key (private)"
default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk"
config VBOOT_KERNEL_KEY
string "Kernel subkey (public)"
default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk"
config VBOOT_KEYBLOCK
string "Keyblock to use for the RW regions"
default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock"
config VBOOT_KEYBLOCK_VERSION
int "Keyblock version number"
default 1
config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
hex "Keyblock preamble flags"
default 0x0
endmenu # Keys
endif # VBOOT
endmenu # Verified Boot (vboot)
|