blob: d6d74cac734926ceb1a8ea868c55fa6d558b863f [file] [log] [blame]
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -07001## This file is part of the coreboot project.
2##
3## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +02004## Copyright (C) 2018 Siemens AG
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -07005##
6## This program is free software; you can redistribute it and/or modify
7## it under the terms of the GNU General Public License as published by
8## the Free Software Foundation; version 2 of the License.
9##
10## This program is distributed in the hope that it will be useful,
11## but WITHOUT ANY WARRANTY; without even the implied warranty of
12## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13## GNU General Public License for more details.
14##
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -070015
Julius Werner58c39382017-02-13 17:53:29 -080016menu "Verified Boot (vboot)"
Lee Leahy33efd982017-03-13 17:25:36 -070017
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -070018config VBOOT
19 bool "Verify firmware with vboot."
20 default n
Philipp Deppenwiesec07f8fb2018-02-27 19:40:52 +010021 select VBOOT_MOCK_SECDATA if !TPM1 && !TPM2
Nico Huber718c6fa2018-10-11 22:54:25 +020022 depends on !MISSING_BOARD_RESET
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -070023 help
24 Enabling VBOOT will use vboot to verify the components of the firmware
25 (stages, payload, etc).
Julius Werner58c39382017-02-13 17:53:29 -080026
27if VBOOT
28
Christian Walter0bd84ed2019-07-23 10:26:30 +020029comment "Anti-Rollback Protection disabled because mocking secdata is enabled."
30 depends on VBOOT_MOCK_SECDATA
31
Philipp Deppenwiese66f9a092018-11-08 10:59:40 +010032config VBOOT_MEASURED_BOOT
33 bool "Enable Measured Boot"
34 default n
Christian Walter0bd84ed2019-07-23 10:26:30 +020035 depends on TPM1 || TPM2
Philipp Deppenwiese66f9a092018-11-08 10:59:40 +010036 depends on !VBOOT_RETURN_FROM_VERSTAGE
37 help
38 Enables measured boot mode in vboot (experimental)
39
40config VBOOT_MEASURED_BOOT_RUNTIME_DATA
41 string "Runtime data whitelist"
42 default ""
43 depends on VBOOT_MEASURED_BOOT
44 help
45 Runtime data whitelist of cbfs filenames. Needs to be a comma separated
46 list
47
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +020048config VBOOT_SLOTS_RW_A
49 bool "Firmware RO + RW_A"
50 help
51 Have one update partition beside the RO partition.
52
53config VBOOT_SLOTS_RW_AB
54 bool "Firmware RO + RW_A + RW_B"
55 select VBOOT_SLOTS_RW_A
56 help
57 Have two update partitions beside the RO partition.
58
Julius Werner58c39382017-02-13 17:53:29 -080059config VBOOT_VBNV_CMOS
60 bool
61 default n
62 depends on PC80_SYSTEM
63 help
64 VBNV is stored in CMOS
65
66config VBOOT_VBNV_OFFSET
67 hex
68 default 0x26
69 depends on VBOOT_VBNV_CMOS
70 help
71 CMOS offset for VbNv data. This value must match cmos.layout
72 in the mainboard directory, minus 14 bytes for the RTC.
73
74config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
75 bool
76 default n
77 depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES
78 help
79 Vboot non-volatile storage data will be backed up from CMOS to flash
80 and restored from flash if the CMOS is invalid due to power loss.
81
82config VBOOT_VBNV_EC
83 bool
84 default n
85 help
86 VBNV is stored in EC
87
88config VBOOT_VBNV_FLASH
89 bool
90 default n
91 depends on BOOT_DEVICE_SUPPORTS_WRITES
92 help
93 VBNV is stored in flash storage
94
95config VBOOT_STARTS_IN_BOOTBLOCK
96 bool
97 default n
Aaron Durbin318fb802018-05-01 20:54:53 -060098 depends on C_ENVIRONMENT_BOOTBLOCK
Julius Werner58c39382017-02-13 17:53:29 -080099 help
100 Firmware verification happens during the end of or right after the
101 bootblock. This implies that a static VBOOT2_WORK() buffer must be
102 allocated in memlayout.
103
104config VBOOT_STARTS_IN_ROMSTAGE
105 bool
106 default n
107 depends on !VBOOT_STARTS_IN_BOOTBLOCK
108 help
109 Firmware verification happens during the end of romstage (after
110 memory initialization). This implies that vboot working data is
111 allocated in CBMEM.
112
113config VBOOT_MOCK_SECDATA
114 bool "Mock secdata for firmware verification"
115 default n
116 help
117 Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
118 verification to avoid access to a secdata storage (typically TPM).
119 All operations for a secdata storage will be successful. This option
120 can be used during development when a TPM is not present or broken.
121 THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
122
123config VBOOT_DISABLE_DEV_ON_RECOVERY
124 bool
125 default n
126 help
127 When this option is enabled, the Chrome OS device leaves the
128 developer mode as soon as recovery request is detected. This is
129 handy on embedded devices with limited input capabilities.
130
131config VBOOT_SEPARATE_VERSTAGE
132 bool
133 default n
134 depends on VBOOT_STARTS_IN_BOOTBLOCK
135 help
136 If this option is set, vboot verification runs in a standalone stage
137 that is loaded from the bootblock and exits into romstage. If it is
138 not set, the verification code is linked directly into the bootblock
139 or the romstage and runs as part of that stage (cf. related options
140 VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and VBOOT_RETURN_FROM_VERSTAGE).
141
142config VBOOT_RETURN_FROM_VERSTAGE
143 bool
144 default n
145 depends on VBOOT_SEPARATE_VERSTAGE
146 help
147 If this is set, the verstage returns back to the calling stage instead
148 of exiting to the succeeding stage so that the verstage space can be
149 reused by the succeeding stage. This is useful if a RAM space is too
150 small to fit both the verstage and the succeeding stage.
151
152config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
153 bool
154 default n
155 help
156 This option ensures that the recovery request is not lost because of
157 reboots caused after vboot verification is run. e.g. reboots caused by
158 FSP components on Intel platforms.
159
Joel Kitching6672bd82019-04-10 16:06:21 +0800160config VBOOT_MUST_REQUEST_DISPLAY
Julius Werner58c39382017-02-13 17:53:29 -0800161 bool
Julius Werner9993b6f2019-03-28 18:01:26 -0700162 default y if VGA_ROM_RUN
Julius Werner58c39382017-02-13 17:53:29 -0800163 default n
164 help
165 Set this option to indicate to vboot that this platform will skip its
166 display initialization on a normal (non-recovery, non-developer) boot.
Joel Kitching6672bd82019-04-10 16:06:21 +0800167 Unless display is specifically requested, the video option ROM is not
168 loaded, and any other native display initialization code is not run.
Julius Werner58c39382017-02-13 17:53:29 -0800169
170config VBOOT_HAS_REC_HASH_SPACE
171 bool
172 default n
173 help
174 Set this option to indicate to vboot that recovery data hash space
175 is present in TPM.
176
177config VBOOT_SOFT_REBOOT_WORKAROUND
178 bool
179 default n
180
Julius Werner58c39382017-02-13 17:53:29 -0800181config VBOOT_LID_SWITCH
182 bool
183 default n
184 help
185 Whether this platform has a lid switch. If it does, vboot will not
186 decrement try counters for boot failures if the lid is closed.
187
188config VBOOT_WIPEOUT_SUPPORTED
189 bool
190 default n
191 help
192 When this option is enabled, the firmware provides the ability to
193 signal the application the need for factory reset (a.k.a. wipe
194 out) of the device
195
196config VBOOT_FWID_MODEL
197 string "Firmware ID model"
Furquan Shaikhc18aa1c2017-09-08 15:14:30 -0700198 default "Google_$(CONFIG_MAINBOARD_PART_NUMBER)" if CHROMEOS
Julius Werner58c39382017-02-13 17:53:29 -0800199 default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)"
200 help
201 This is the first part of the FWID written to various regions of a
202 vboot firmware image to identify its version.
203
204config VBOOT_FWID_VERSION
205 string "Firmware ID version"
Julius Werner46f292f2017-04-27 16:29:02 -0700206 default ".$(KERNELVERSION)"
Julius Werner58c39382017-02-13 17:53:29 -0800207 help
208 This is the second part of the FWID written to various regions of a
209 vboot firmware image to identify its version.
210
Philipp Deppenwiese7410f8b2017-10-18 15:29:26 +0200211config VBOOT_NO_BOARD_SUPPORT
212 bool "Allow the use of vboot without board support"
213 default n
214 help
215 Enable weak functions for get_write_protect_state and
216 get_recovery_mode_switch in order to proceed with refactoring
217 of the vboot2 code base. Later on this code is removed and replaced
218 by interfaces.
219
Martin Rothbbd5ee412017-10-05 13:53:16 -0600220config RO_REGION_ONLY
221 string "Additional files that should not be copied to RW"
222 default ""
223 help
224 Add a space delimited list of filenames that should only be in the
225 RO section.
226
Julius Werner58c39382017-02-13 17:53:29 -0800227menu "GBB configuration"
228
229config GBB_HWID
230 string "Hardware ID"
Hung-Te Lin117453e2019-09-27 12:23:20 +0800231 default ""
232 help
233 A hardware identifier for device. On Chrome OS this is used for auto
234 update and recovery, and will be generated when manufacturing by the
235 factory software, in a strictly defined format.
236 Leave empty to get a test-only Chrome OS HWID v2 string generated.
Julius Werner58c39382017-02-13 17:53:29 -0800237
238config GBB_BMPFV_FILE
239 string "Path to bmpfv image"
240 default ""
241
242config GBB_FLAG_DEV_SCREEN_SHORT_DELAY
243 bool "Reduce dev screen delay"
244 default n
245
246config GBB_FLAG_LOAD_OPTION_ROMS
247 bool "Load option ROMs"
248 default n
249
250config GBB_FLAG_ENABLE_ALTERNATE_OS
251 bool "Allow booting a non-Chrome OS kernel if dev switch is on"
252 default n
253
254config GBB_FLAG_FORCE_DEV_SWITCH_ON
255 bool "Force dev switch on"
256 default n
257
258config GBB_FLAG_FORCE_DEV_BOOT_USB
259 bool "Allow booting from USB in dev mode even if dev_boot_usb=0"
260 default y
261
262config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK
263 bool "Disable firmware rollback protection"
264 default y
265
266config GBB_FLAG_ENTER_TRIGGERS_TONORM
267 bool "Return to normal boot with Enter"
268 default n
269
270config GBB_FLAG_FORCE_DEV_BOOT_LEGACY
271 bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0"
272 default n
273
274config GBB_FLAG_FAFT_KEY_OVERIDE
275 bool "Allow booting using alternative keys for FAFT servo testing"
276 default n
277
278config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC
279 bool "Disable EC software sync"
280 default n
281
282config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY
283 bool "Default to booting to legacy in dev mode"
284 default n
285
286config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC
287 bool "Disable PD software sync"
288 default n
289
290config GBB_FLAG_DISABLE_LID_SHUTDOWN
291 bool "Disable shutdown on closed lid"
292 default n
293
Julius Wernerae423852018-03-23 21:02:48 -0700294config GBB_FLAG_FORCE_MANUAL_RECOVERY
295 bool "Always assume manual recovery in recovery mode"
296 default n
297
298config GBB_FLAG_DISABLE_FWMP
299 bool "Disable Firmware Management Parameters (FWMP)"
Julius Werner58c39382017-02-13 17:53:29 -0800300 default n
301
302endmenu # GBB
303
304menu "Vboot Keys"
305config VBOOT_ROOT_KEY
306 string "Root key (public)"
307 default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk"
308
309config VBOOT_RECOVERY_KEY
310 string "Recovery key (public)"
311 default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk"
312
313config VBOOT_FIRMWARE_PRIVKEY
314 string "Firmware key (private)"
315 default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk"
316
317config VBOOT_KERNEL_KEY
318 string "Kernel subkey (public)"
319 default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk"
320
321config VBOOT_KEYBLOCK
322 string "Keyblock to use for the RW regions"
323 default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock"
324
325config VBOOT_KEYBLOCK_VERSION
326 int "Keyblock version number"
327 default 1
328
329config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
330 hex "Keyblock preamble flags"
331 default 0x0
332
333endmenu # Keys
334endif # VBOOT
335endmenu # Verified Boot (vboot)