1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
|
config EFI_LOADER
bool "Support running UEFI applications"
depends on OF_LIBFDT && ( \
ARM && (SYS_CPU = arm1136 || \
SYS_CPU = arm1176 || \
SYS_CPU = armv7 || \
SYS_CPU = armv8) || \
X86 || RISCV || SANDBOX)
# We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
# We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
select LIB_UUID
select HAVE_BLOCK_DEVICE
select REGEX
imply CFB_CONSOLE_ANSI
imply FAT
imply FAT_WRITE
imply USB_KEYBOARD_FN_KEYS
imply VIDEO_ANSI
help
Select this option if you want to run UEFI applications (like GNU
GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
will expose the UEFI API to a loaded application, enabling it to
reuse U-Boot's device drivers.
if EFI_LOADER
config EFI_SETUP_EARLY
bool
default n
choice
prompt "Store for non-volatile UEFI variables"
default EFI_VARIABLE_FILE_STORE
help
Select where non-volatile UEFI variables shall be stored.
config EFI_VARIABLE_FILE_STORE
bool "Store non-volatile UEFI variables as file"
depends on FAT_WRITE
help
Select this option if you want non-volatile UEFI variables to be
stored as file /ubootefi.var on the EFI system partition.
config EFI_MM_COMM_TEE
bool "UEFI variables storage service via OP-TEE"
depends on OPTEE
help
If OP-TEE is present and running StandAloneMM, dispatch all UEFI
variable related operations to that. The application will verify,
authenticate and store the variables on an RPMB.
endchoice
config EFI_VARIABLES_PRESEED
bool "Initial values for UEFI variables"
depends on EFI_VARIABLE_FILE_STORE
help
Include a file with the initial values for non-volatile UEFI variables
into the U-Boot binary. If this configuration option is set, changes
to authentication related variables (PK, KEK, db, dbx) are not
allowed.
if EFI_VARIABLES_PRESEED
config EFI_VAR_SEED_FILE
string "File with initial values of non-volatile UEFI variables"
default ubootefi.var
help
File with initial values of non-volatile UEFI variables. The file must
be in the same format as the storage in the EFI system partition. The
easiest way to create it is by setting the non-volatile variables in
U-Boot. If a relative file path is used, it is relative to the source
directory.
endif
config EFI_GET_TIME
bool "GetTime() runtime service"
depends on DM_RTC
default y
help
Provide the GetTime() runtime service at boottime. This service
can be used by an EFI application to read the real time clock.
config EFI_SET_TIME
bool "SetTime() runtime service"
depends on EFI_GET_TIME
default n
help
Provide the SetTime() runtime service at boottime. This service
can be used by an EFI application to adjust the real time clock.
config EFI_DEVICE_PATH_TO_TEXT
bool "Device path to text protocol"
default y
help
The device path to text protocol converts device nodes and paths to
human readable strings.
config EFI_LOADER_HII
bool "HII protocols"
default y
help
The Human Interface Infrastructure is a complicated framework that
allows UEFI applications to draw fancy menus and hook strings using
a translation framework.
U-Boot implements enough of its features to be able to run the UEFI
Shell, but not more than that.
config EFI_UNICODE_COLLATION_PROTOCOL2
bool "Unicode collation protocol"
default y
help
The Unicode collation protocol is used for lexical comparisons. It is
required to run the UEFI shell.
if EFI_UNICODE_COLLATION_PROTOCOL2
config EFI_UNICODE_CAPITALIZATION
bool "Support Unicode capitalization"
default y
help
Select this option to enable correct handling of the capitalization of
Unicode codepoints in the range 0x0000-0xffff. If this option is not
set, only the the correct handling of the letters of the codepage
used by the FAT file system is ensured.
config EFI_UNICODE_COLLATION_PROTOCOL
bool "Deprecated version of the Unicode collation protocol"
default n
help
In EFI 1.10 a version of the Unicode collation protocol using ISO
639-2 language codes existed. This protocol is not part of the UEFI
specification any longer. Unfortunately it is required to run the
UEFI Self Certification Test (SCT) II, version 2.6, 2017.
Choose this option for testing only. It is bound to be removed.
endif
config EFI_LOADER_BOUNCE_BUFFER
bool "EFI Applications use bounce buffers for DMA operations"
depends on ARM64
default n
help
Some hardware does not support DMA to full 64bit addresses. For this
hardware we can create a bounce buffer so that payloads don't have to
worry about platform details.
config EFI_PLATFORM_LANG_CODES
string "Language codes supported by firmware"
default "en-US"
help
This value is used to initialize the PlatformLangCodes variable. Its
value is a semicolon (;) separated list of language codes in native
RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
to initialize the PlatformLang variable.
config EFI_HAVE_RUNTIME_RESET
# bool "Reset runtime service is available"
bool
default y
depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || SYSRESET_X86
config EFI_GRUB_ARM32_WORKAROUND
bool "Workaround for GRUB on 32bit ARM"
default n if ARCH_QEMU
default y
depends on ARM && !ARM64
help
GRUB prior to version 2.04 requires U-Boot to disable caches. This
workaround currently is also needed on systems with caches that
cannot be managed via CP15.
config EFI_RNG_PROTOCOL
bool "EFI_RNG_PROTOCOL support"
depends on DM_RNG
default y
help
Provide a EFI_RNG_PROTOCOL implementation using the hardware random
number generator of the platform.
config EFI_TCG2_PROTOCOL
bool "EFI_TCG2_PROTOCOL support"
depends on TPM_V2
help
Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
of the platform.
config EFI_LOAD_FILE2_INITRD
bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
default n
help
Expose a EFI_FILE_LOAD2_PROTOCOL that the Linux UEFI stub can
use to load the initial ramdisk. Once this is enabled using
initrd=<ramdisk> will stop working.
config EFI_INITRD_FILESPEC
string "initramfs path"
default "host 0:1 initrd"
depends on EFI_LOAD_FILE2_INITRD
help
Full path of the initramfs file, e.g. mmc 0:2 initramfs.cpio.gz.
config EFI_SECURE_BOOT
bool "Enable EFI secure boot support"
depends on EFI_LOADER
select SHA256
select RSA
select RSA_VERIFY_WITH_PKEY
select IMAGE_SIGN_INFO
select ASYMMETRIC_KEY_TYPE
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
select X509_CERTIFICATE_PARSER
select PKCS7_MESSAGE_PARSER
select PKCS7_VERIFY
default n
help
Select this option to enable EFI secure boot support.
Once SecureBoot mode is enforced, any EFI binary can run only if
it is signed with a trusted key. To do that, you need to install,
at least, PK, KEK and db.
endif
|
