blob: 7580d8d50c9694ee78b638050fe34b8335eb8177 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
## This file is part of the coreboot project.
##
## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
config VBOOT_STARTS_IN_BOOTBLOCK
bool "Vboot starts verifying in bootblock"
default n
depends on VBOOT_VERIFY_FIRMWARE
help
Firmware verification happens during or at the end of bootblock.
config VBOOT_STARTS_IN_ROMSTAGE
bool "Vboot starts verifying in romstage"
default n
depends on VBOOT_VERIFY_FIRMWARE && !VBOOT_STARTS_IN_BOOTBLOCK
help
Firmware verification happens during or at the end of romstage.
config VBOOT2_MOCK_SECDATA
bool "Mock secdata for firmware verification"
default n
depends on VBOOT_VERIFY_FIRMWARE
help
Enabling VBOOT2_MOCK_SECDATA will mock secdata for the firmware
verification to avoid access to a secdata storage (typically TPM).
All operations for a secdata storage will be successful. This option
can be used during development when a TPM is not present or broken.
THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
config VBOOT_DISABLE_DEV_ON_RECOVERY
bool "Disable dev mode on recovery requests"
default n
depends on VBOOT_VERIFY_FIRMWARE
help
When this option is enabled, the Chrome OS device leaves the
developer mode as soon as recovery request is detected. This is
handy on embedded devices with limited input capabilities.
config SEPARATE_VERSTAGE
bool "Vboot verification is built into a separate stage"
default n
depends on VBOOT_VERIFY_FIRMWARE
config RETURN_FROM_VERSTAGE
bool "The separate verification stage returns to its caller"
default n
depends on SEPARATE_VERSTAGE
help
If this is set, the verstage returns back to the calling stage instead
of exiting to the succeeding stage so that the verstage space can be
reused by the succeeding stage. This is useful if a ram space is too
small to fit both the verstage and the succeeding stage.
config CHIPSET_PROVIDES_VERSTAGE_MAIN_SYMBOL
bool "The chipset provides the main() entry point for verstage"
default n
depends on SEPARATE_VERSTAGE
help
The chipset code provides their own main() entry point.
config VBOOT_DYNAMIC_WORK_BUFFER
bool "Vboot's work buffer is dynamically allocated."
default y if ARCH_ROMSTAGE_X86_32 && !SEPARATE_VERSTAGE
default n
depends on VBOOT_VERIFY_FIRMWARE
help
This option is used when there isn't enough pre-main memory
ram to allocate the vboot work buffer. That means vboot verification
is after memory init and requires main memory to back the work
buffer.
|
