blob: 5674c2f397ea8c5365064b7da72a418cd0de67d8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
config SOUTHBRIDGE_INTEL_COMMON
def_bool n
config SOUTHBRIDGE_INTEL_COMMON_RESET
def_bool n
select HAVE_CF9_RESET
config SOUTHBRIDGE_INTEL_COMMON_RTC
def_bool n
depends on SOUTHBRIDGE_INTEL_COMMON
config SOUTHBRIDGE_INTEL_COMMON_PMCLIB
def_bool n
depends on SOUTHBRIDGE_INTEL_COMMON
depends on SOUTHBRIDGE_INTEL_COMMON_PMBASE
config SOUTHBRIDGE_INTEL_COMMON_PMBASE
def_bool n
depends on SOUTHBRIDGE_INTEL_COMMON
config SOUTHBRIDGE_INTEL_COMMON_GPIO
def_bool n
config SOUTHBRIDGE_INTEL_COMMON_SMBUS
def_bool n
select HAVE_DEBUG_SMBUS
config SOUTHBRIDGE_INTEL_COMMON_SPI
def_bool n
select SPI_FLASH
select BOOT_DEVICE_SUPPORTS_WRITES
config SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN
def_bool n
config SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ
def_bool n
select SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN
config HAVE_INTEL_CHIPSET_LOCKDOWN
def_bool n
config SOUTHBRIDGE_INTEL_COMMON_SMM
def_bool n
select HAVE_POWER_STATE_AFTER_FAILURE
select HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE
select SOUTHBRIDGE_INTEL_COMMON_PMBASE
config SOUTHBRIDGE_INTEL_COMMON_ACPI_MADT
bool
config SOUTHBRIDGE_INTEL_COMMON_FINALIZE
bool
config INTEL_DESCRIPTOR_MODE_CAPABLE
def_bool n
help
This config simply states that the platform is *capable* of running in
descriptor mode (when the descriptor in flash is valid).
config INTEL_DESCRIPTOR_MODE_REQUIRED
def_bool y if INTEL_DESCRIPTOR_MODE_CAPABLE
help
This config states descriptor mode is *required* for the platform to
function properly, or to function at all.
config VALIDATE_INTEL_DESCRIPTOR
depends on INTEL_DESCRIPTOR_MODE_CAPABLE
bool "Validate Intel firmware descriptor"
default n
help
This config enables validating the Intel firmware descriptor against the
fmap layout. If the firmware descriptor layout does not match the fmap
then the bootimage cannot be built.
config INTEL_CHIPSET_LOCKDOWN
depends on HAVE_INTEL_CHIPSET_LOCKDOWN && HAVE_SMI_HANDLER && !CHROMEOS
#ChromeOS's payload seems to handle finalization on its on.
bool "Lock down chipset in coreboot"
default y
help
Some registers within host bridge on particular chipsets should be
locked down on each normal boot path (done by either coreboot or payload)
and S3 resume (always done by coreboot). Select this to let coreboot
to do this on normal boot path.
config SOUTHBRIDGE_INTEL_COMMON_WATCHDOG
bool
depends on SOUTHBRIDGE_INTEL_COMMON
depends on SOUTHBRIDGE_INTEL_COMMON_PMBASE
if SOUTHBRIDGE_INTEL_COMMON_FINALIZE
choice
prompt "Flash locking during chipset lockdown"
default LOCK_SPI_FLASH_NONE
config LOCK_SPI_FLASH_NONE
bool "Don't lock flash sections"
config LOCK_SPI_FLASH_RO
bool "Write-protect all flash sections"
help
Select this if you want to write-protect the whole firmware flash
chip. The locking will take place during the chipset lockdown, which
is either triggered by coreboot (when INTEL_CHIPSET_LOCKDOWN is set)
or has to be triggered later (e.g. by the payload or the OS).
NOTE: If you trigger the chipset lockdown unconditionally,
you won't be able to write to the flash chip using the
internal programmer any more.
config LOCK_SPI_FLASH_NO_ACCESS
bool "Write-protect all flash sections and read-protect non-BIOS sections"
help
Select this if you want to protect the firmware flash against all
further accesses (with the exception of the memory mapped BIOS re-
gion which is always readable). The locking will take place during
the chipset lockdown, which is either triggered by coreboot (when
INTEL_CHIPSET_LOCKDOWN is set) or has to be triggered later (e.g.
by the payload or the OS).
NOTE: If you trigger the chipset lockdown unconditionally,
you won't be able to write to the flash chip using the
internal programmer any more.
endchoice
endif
|