| ## SPDX-License-Identifier: GPL-2.0-only |
| |
| menu "Verified Boot (verified_boot)" |
| |
| config VENDORCODE_ELTAN_VBOOT |
| bool "Enable Verified Boot" |
| depends on !VBOOT |
| default n |
| select VBOOT_LIB |
| |
| if VENDORCODE_ELTAN_VBOOT |
| |
| config VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST |
| bool "Enable Signed Manifest" |
| depends on VENDORCODE_ELTAN_VBOOT |
| default n |
| |
| config VENDORCODE_ELTAN_VBOOT_USE_SHA512 |
| bool "SHA512 hashes" |
| depends on VENDORCODE_ELTAN_VBOOT |
| default n |
| help |
| Use SHA512 for the vboot operations, this applies to the digest in |
| the manifest and the manifest digest. |
| |
| config VENDORCODE_ELTAN_OEM_MANIFEST_LOC |
| hex "Manifest Location" |
| default 0xFFFFF840 |
| |
| config VENDORCODE_ELTAN_VBOOT_MANIFEST |
| string "Verified boot manifest file" |
| default "mainboard/\$(MAINBOARD_DIR)/manifest.h" |
| |
| config VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS |
| int "Manifest Items" |
| default 13 if INCLUDE_CONFIG_FILE |
| default 12 |
| |
| config VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE |
| int |
| default 64 if VENDORCODE_ELTAN_VBOOT_USE_SHA512 |
| default 32 |
| |
| config VENDORCODE_ELTAN_VBOOT_KEY_LOCATION |
| hex "Verified boot Key Location" |
| depends on VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST |
| default 0xFFFFF500 |
| |
| config VENDORCODE_ELTAN_VBOOT_KEY_FILE |
| string "Verified boot Key File" |
| depends on VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST |
| default "3rdparty/eltan/verified_boot/Keys/key.vbpubk" |
| |
| config VENDORCODE_ELTAN_VBOOT_KEY_SIZE |
| int |
| default 552 |
| |
| endif # VENDORCODE_ELTAN_VBOOT |
| endmenu # Verified Boot (verified_boot) |