| config DISABLE_HECI1_AT_PRE_BOOT |
| bool "Disable HECI1 at the end of boot" |
| depends on SOC_INTEL_COMMON_BLOCK_CSE |
| default n |
| help |
| This config decides the state of HECI1(CSE) device at the end of boot. |
| Mainboard users to select this config to make HECI1 `function disable` |
| prior to handing off to payload. |
| |
| config MAX_HECI_DEVICES |
| int |
| default 6 |
| |
| config SOC_INTEL_COMMON_BLOCK_CSE |
| bool |
| default n |
| help |
| Driver for communication with Converged Security Engine (CSE) |
| over Host Embedded Controller Interface (HECI) |
| |
| config SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_SBI |
| bool |
| default y if HECI_DISABLE_USING_SMM |
| select SOC_INTEL_COMMON_BLOCK_P2SB |
| help |
| Use this config to allow common CSE block to make HECI1 function disable |
| in the SMM mode. From CNL PCH onwards,`HECI1` disabling can only be done |
| using the non-posted sideband write after FSP-S sets the postboot_sai |
| attribute. |
| |
| config SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC |
| bool |
| default n |
| select SOC_INTEL_COMMON_BLOCK_PMC |
| help |
| Use this config to allow common CSE block to make HECI1 function disable |
| using PMC IPC command `0xA9`. From TGL PCH onwards, disabling heci1 |
| device using PMC IPC doesn't required to run the operation in SMM. |
| |
| config SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PCR |
| bool |
| default n |
| select SOC_INTEL_COMMON_BLOCK_PCR |
| help |
| Use this config for SoC platform prior to CNL PCH (with postboot_sai implemented) |
| to make `HECI1` device disable using private configuration register (PCR) write. |
| |
| config SOC_INTEL_CSE_SEND_EOP_EARLY |
| bool "CSE send EOP early" |
| depends on SOC_INTEL_COMMON_BLOCK_CSE |
| help |
| Use this config to send End Of Post (EOP) earlier through SoC code in order to |
| reduce time required to send EOP and getting CSE response. |
| In later stages, CSE might be busy and might require more time to process EOP command. |
| SoC can use this Kconfig to send EOP earlier by itself. |
| |
| config SOC_INTEL_CSE_SEND_EOP_LATE |
| bool |
| depends on SOC_INTEL_COMMON_BLOCK_CSE |
| help |
| Use this config to send End Of Post (EOP) late (even after CSE `final` operation) |
| using boot state either `BS_PAYLOAD_BOOT` or `BS_PAYLOAD_LOAD` from common code |
| in order to reduce time required to send EOP and getting CSE response. |
| It has been observed that CSE might be busy and might require more time to |
| process the EOP command. |
| SoC can use this Kconfig to send EOP later by itself. |
| Starting with Jasper Lake, coreboot sends EOP before loading payload hence, this |
| config is applicable for those platforms. |
| |
| config SOC_INTEL_CSE_LITE_SKU |
| bool |
| default n |
| help |
| Enables CSE Lite SKU |
| |
| config SOC_INTEL_CSE_RW_UPDATE |
| bool "Enable the CSE RW Update Feature" |
| default n |
| depends on SOC_INTEL_CSE_LITE_SKU |
| help |
| This config will enable CSE RW firmware update feature and also will be used ensure |
| all the required configs are provided by mainboard. |
| |
| config SOC_INTEL_CSE_FMAP_NAME |
| string "Name of CSE Region in FMAP" if SOC_INTEL_CSE_RW_UPDATE |
| default "SI_ME" |
| help |
| Name of CSE region in FMAP |
| |
| config SOC_INTEL_CSE_RW_A_FMAP_NAME |
| string "Location of CSE RW A in FMAP" if SOC_INTEL_CSE_RW_UPDATE |
| default "ME_RW_A" |
| help |
| Name of CSE RW A region in FMAP |
| |
| config SOC_INTEL_CSE_RW_B_FMAP_NAME |
| string "Location of CSE RW B in FMAP" if SOC_INTEL_CSE_RW_UPDATE |
| default "ME_RW_B" |
| help |
| Name of CSE RW B region in FMAP |
| |
| config SOC_INTEL_CSE_RW_CBFS_NAME |
| string "CBFS entry name for CSE RW blob" if SOC_INTEL_CSE_RW_UPDATE |
| default "me_rw" |
| help |
| CBFS entry name for Intel CSE CBFS RW blob |
| |
| config SOC_INTEL_CSE_RW_HASH_CBFS_NAME |
| string "CBFS name for CSE RW hash file" if SOC_INTEL_CSE_RW_UPDATE |
| default "me_rw.hash" |
| help |
| CBFS name for Intel CSE CBFS RW hash file |
| |
| config SOC_INTEL_CSE_RW_VERSION_CBFS_NAME |
| string "CBFS name for CSE RW version file" if SOC_INTEL_CSE_RW_UPDATE |
| default "me_rw.version" |
| help |
| CBFS name for Intel CSE CBFS RW version file |
| |
| config SOC_INTEL_CSE_RW_FILE |
| string "Intel CSE CBFS RW path and filename" if SOC_INTEL_CSE_RW_UPDATE && !STITCH_ME_BIN |
| default "" |
| help |
| Intel CSE CBFS RW blob path and file name |
| |
| config SOC_INTEL_CSE_RW_VERSION |
| string "Intel CSE RW firmware version" if SOC_INTEL_CSE_RW_UPDATE |
| default "" |
| help |
| This config contains the Intel CSE RW version of the blob that is provided by |
| SOC_INTEL_CSE_RW_FILE config and the version must be set in the format |
| major.minor.hotfix.build (ex: 14.0.40.1209). |
| |
| config SOC_INTEL_CSE_SET_EOP |
| bool |
| default n |
| select PMC_IPC_ACPI_INTERFACE |
| help |
| This config ensures coreboot will send the CSE the End-of-POST message |
| just prior to loading the payload. This is a security feature so the |
| CSE will no longer respond to Pre-Boot commands. |
| |
| config SOC_INTEL_CSE_SUB_PART_UPDATE |
| bool "Enable the CSE sub-partition update Feature" |
| default n |
| depends on SOC_INTEL_CSE_LITE_SKU |
| help |
| This config will enable CSE sub-partition firmware update feature and also will be used ensure |
| all the required configs are provided by mainboard. |
| |
| config SOC_INTEL_CSE_IOM_CBFS_NAME |
| string "CBFS name for CSE sub-partition IOM binary" if SOC_INTEL_CSE_SUB_PART_UPDATE |
| default "cse_iom" |
| help |
| CBFS entry name for Intel CSE sub-partition IOM binary |
| |
| config SOC_INTEL_CSE_IOM_CBFS_FILE |
| string "Intel CBFS path and file name for CSE sub-partition IOM binary" if SOC_INTEL_CSE_SUB_PART_UPDATE |
| default "" |
| help |
| CBFS path and file name for Intel CSE sub-partition IOM binary |
| |
| config SOC_INTEL_CSE_NPHY_CBFS_NAME |
| string "CBFS name for CSE sub-partition NPHY binary" if SOC_INTEL_CSE_SUB_PART_UPDATE |
| default "cse_nphy" |
| help |
| CBFS entry name for Intel CSE sub-partition NPHY binary |
| |
| config SOC_INTEL_CSE_NPHY_CBFS_FILE |
| string "Intel CBFS path and file name for CSE sub-partition NPHY binary" if SOC_INTEL_CSE_SUB_PART_UPDATE |
| default "" |
| help |
| CBFS path and file name for Intel CSE sub-partition NPHY binary |
| |
| config SOC_INTEL_CSE_LITE_COMPRESS_ME_RW |
| bool |
| default n |
| depends on SOC_INTEL_CSE_LITE_SKU |
| help |
| Enable compression on Intel CSE CBFS RW blob |
| |
| config SOC_INTEL_CSE_PRE_CPU_RESET_TELEMETRY |
| def_bool n |
| depends on SOC_INTEL_CSE_LITE_SKU |
| help |
| Mainboard user to select this Kconfig in order to capture pre-cpu |
| reset boot performance telemetry data. |
| |
| config SOC_INTEL_CSE_LITE_SYNC_IN_ROMSTAGE |
| bool |
| default y |
| depends on SOC_INTEL_CSE_LITE_SKU && !SOC_INTEL_CSE_LITE_COMPRESS_ME_RW |
| help |
| Use default flow of CSE FW Update in romstage when uncompressed ME_RW blobs are used. |
| |
| config SOC_INTEL_CSE_LITE_SYNC_IN_RAMSTAGE |
| bool |
| default n |
| depends on SOC_INTEL_CSE_LITE_COMPRESS_ME_RW |
| help |
| Use this option for CSE FW Update when compressed blobs are used. |
| |
| if STITCH_ME_BIN |
| |
| config CSE_COMPONENTS_PATH |
| string "Path to directory containing all CSE input components to stitch" |
| default "3rdparty/blobs/mainboard/\$(CONFIG_MAINBOARD_DIR)/firmware" |
| help |
| This is the file path containing all the input CSE component files. |
| These will be used by cse_serger tool to stitch CSE image. |
| |
| config CSE_FPT_FILE |
| string "Name of CSE FPT file" |
| default "cse_fpt.bin" |
| help |
| This file is the CSE input binary as released by Intel in a CSE kit. |
| |
| config CSE_DATA_FILE |
| string "Name of CSE data file" |
| default "cse_data.bin" |
| help |
| This file is the CSE data binary typically generated by Intel FIT tool. |
| |
| config CSE_PMCP_FILE |
| string "Name of PMC file" |
| default "pmc.bin" |
| help |
| This file is the PMC input binary as released by Intel in a CSE kit. |
| |
| config CSE_IOMP_FILE |
| string "Name of IOM file" |
| default "iom.bin" |
| help |
| This file is the IOM input binary as released by Intel in a CSE kit. |
| |
| config CSE_TBTP_FILE |
| string "Name of TBT file" |
| default "tbt.bin" |
| help |
| This file is the TBT input binary as released by Intel in a CSE kit. |
| |
| config CSE_NPHY_FILE |
| string "Name of NPHY file" |
| default "nphy.bin" |
| help |
| This file is the NPHY input binary as released by Intel in a CSE kit. |
| |
| config CSE_PCHC_FILE |
| string "Name of PCHC file" |
| default "pchc.bin" |
| help |
| This file is the PCHC input binary as released by Intel in a CSE kit. |
| |
| config CSE_IUNP_FILE |
| string "Name of IUNIT file" |
| default "iunit.bin" |
| help |
| This file is the PCHC input binary as released by Intel in a CSE kit. |
| |
| config CSE_BPDT_VERSION |
| string |
| help |
| This config indicates the BPDT version used by CSE for a given SoC. |
| |
| config CSE_OEMP_FILE |
| string "Name of OEM Key Manifest file" |
| default "oem_km.bin" |
| help |
| OEM Key Manifest lists the public key hashes used for authenticating the |
| OEM created binaries to be loaded. This binary is generated by signing with |
| the key owned by trusted owner. |
| |
| endif |