blob: 8d8e120abbfdc1045c196e96795baa1cbe0871aa [file] [log] [blame]
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -07001## This file is part of the coreboot project.
2##
3## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
4##
5## This program is free software; you can redistribute it and/or modify
6## it under the terms of the GNU General Public License as published by
7## the Free Software Foundation; version 2 of the License.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12## GNU General Public License for more details.
13##
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -070014
Julius Werner58c39382017-02-13 17:53:29 -080015menu "Verified Boot (vboot)"
Lee Leahy33efd982017-03-13 17:25:36 -070016
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -070017config VBOOT
18 bool "Verify firmware with vboot."
19 default n
Furquan Shaikh00f360e2017-04-25 22:32:34 -070020 select TPM if !MAINBOARD_HAS_TPM2 && !VBOOT_MOCK_SECDATA
21 select TPM2 if MAINBOARD_HAS_TPM2 && !VBOOT_MOCK_SECDATA
Julius Werner4157bd82016-08-15 16:10:27 -070022 select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM
23 select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -070024 depends on HAVE_HARD_RESET
25 help
26 Enabling VBOOT will use vboot to verify the components of the firmware
27 (stages, payload, etc).
Julius Werner58c39382017-02-13 17:53:29 -080028
29if VBOOT
30
31config VBOOT_VBNV_CMOS
32 bool
33 default n
34 depends on PC80_SYSTEM
35 help
36 VBNV is stored in CMOS
37
38config VBOOT_VBNV_OFFSET
39 hex
40 default 0x26
41 depends on VBOOT_VBNV_CMOS
42 help
43 CMOS offset for VbNv data. This value must match cmos.layout
44 in the mainboard directory, minus 14 bytes for the RTC.
45
46config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
47 bool
48 default n
49 depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES
50 help
51 Vboot non-volatile storage data will be backed up from CMOS to flash
52 and restored from flash if the CMOS is invalid due to power loss.
53
54config VBOOT_VBNV_EC
55 bool
56 default n
57 help
58 VBNV is stored in EC
59
60config VBOOT_VBNV_FLASH
61 bool
62 default n
63 depends on BOOT_DEVICE_SUPPORTS_WRITES
64 help
65 VBNV is stored in flash storage
66
67config VBOOT_STARTS_IN_BOOTBLOCK
68 bool
69 default n
70 help
71 Firmware verification happens during the end of or right after the
72 bootblock. This implies that a static VBOOT2_WORK() buffer must be
73 allocated in memlayout.
74
75config VBOOT_STARTS_IN_ROMSTAGE
76 bool
77 default n
78 depends on !VBOOT_STARTS_IN_BOOTBLOCK
79 help
80 Firmware verification happens during the end of romstage (after
81 memory initialization). This implies that vboot working data is
82 allocated in CBMEM.
83
84config VBOOT_MOCK_SECDATA
85 bool "Mock secdata for firmware verification"
86 default n
87 help
88 Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
89 verification to avoid access to a secdata storage (typically TPM).
90 All operations for a secdata storage will be successful. This option
91 can be used during development when a TPM is not present or broken.
92 THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
93
94config VBOOT_DISABLE_DEV_ON_RECOVERY
95 bool
96 default n
97 help
98 When this option is enabled, the Chrome OS device leaves the
99 developer mode as soon as recovery request is detected. This is
100 handy on embedded devices with limited input capabilities.
101
102config VBOOT_SEPARATE_VERSTAGE
103 bool
104 default n
105 depends on VBOOT_STARTS_IN_BOOTBLOCK
106 help
107 If this option is set, vboot verification runs in a standalone stage
108 that is loaded from the bootblock and exits into romstage. If it is
109 not set, the verification code is linked directly into the bootblock
110 or the romstage and runs as part of that stage (cf. related options
111 VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and VBOOT_RETURN_FROM_VERSTAGE).
112
113config VBOOT_RETURN_FROM_VERSTAGE
114 bool
115 default n
116 depends on VBOOT_SEPARATE_VERSTAGE
117 help
118 If this is set, the verstage returns back to the calling stage instead
119 of exiting to the succeeding stage so that the verstage space can be
120 reused by the succeeding stage. This is useful if a RAM space is too
121 small to fit both the verstage and the succeeding stage.
122
123config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
124 bool
125 default n
126 help
127 This option ensures that the recovery request is not lost because of
128 reboots caused after vboot verification is run. e.g. reboots caused by
129 FSP components on Intel platforms.
130
131config VBOOT_OPROM_MATTERS
132 bool
133 default n
134 help
135 Set this option to indicate to vboot that this platform will skip its
136 display initialization on a normal (non-recovery, non-developer) boot.
137 Vboot calls this "oprom matters" because on x86 devices this
138 traditionally meant that the video option ROM will not be loaded, but
139 it works functionally the same for other platforms that can skip their
140 native display initialization code instead.
141
142config VBOOT_HAS_REC_HASH_SPACE
143 bool
144 default n
145 help
146 Set this option to indicate to vboot that recovery data hash space
147 is present in TPM.
148
149config VBOOT_SOFT_REBOOT_WORKAROUND
150 bool
151 default n
152
153config VBOOT_EC_SOFTWARE_SYNC
154 bool "Enable EC software sync"
155 default y if EC_GOOGLE_CHROMEEC
156 default n
157 help
158 EC software sync is a mechanism where the AP helps the EC verify its
159 firmware similar to how vboot verifies the main system firmware. This
160 option selects whether vboot should support EC software sync.
161
162config VBOOT_EC_SLOW_UPDATE
163 bool
164 default n
165 depends on VBOOT_EC_SOFTWARE_SYNC
166 help
167 Whether the EC (or PD) is slow to update and needs to display a
168 screen that informs the user the update is happening.
169
Daisuke Nojiri6732b4f2017-08-18 13:05:56 -0700170config VBOOT_EC_EFS
171 bool
172 default n
173 depends on VBOOT_EC_SOFTWARE_SYNC
174 help
175 CrosEC can support EFS: Early Firmware Selection. If it's enabled,
176 software sync need to also support it. This setting tells vboot to
177 perform EFS software sync.
178
Julius Werner58c39382017-02-13 17:53:29 -0800179config VBOOT_PHYSICAL_DEV_SWITCH
180 bool
181 default n
182 help
183 Whether this platform has a physical developer switch. Note that this
184 disables virtual dev switch functionality (through secdata). Operation
185 where both a physical pin and the virtual switch get sampled is not
186 supported by coreboot.
187
188config VBOOT_PHYSICAL_REC_SWITCH
189 bool
190 default n
191 help
192 Whether this platform has a physical recovery switch.
193
194config VBOOT_LID_SWITCH
195 bool
196 default n
197 help
198 Whether this platform has a lid switch. If it does, vboot will not
199 decrement try counters for boot failures if the lid is closed.
200
201config VBOOT_WIPEOUT_SUPPORTED
202 bool
203 default n
204 help
205 When this option is enabled, the firmware provides the ability to
206 signal the application the need for factory reset (a.k.a. wipe
207 out) of the device
208
209config VBOOT_FWID_MODEL
210 string "Firmware ID model"
Furquan Shaikhc18aa1c2017-09-08 15:14:30 -0700211 default "Google_$(CONFIG_MAINBOARD_PART_NUMBER)" if CHROMEOS
Julius Werner58c39382017-02-13 17:53:29 -0800212 default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)"
213 help
214 This is the first part of the FWID written to various regions of a
215 vboot firmware image to identify its version.
216
217config VBOOT_FWID_VERSION
218 string "Firmware ID version"
Julius Werner46f292f2017-04-27 16:29:02 -0700219 default ".$(KERNELVERSION)"
Julius Werner58c39382017-02-13 17:53:29 -0800220 help
221 This is the second part of the FWID written to various regions of a
222 vboot firmware image to identify its version.
223
Philipp Deppenwiese7410f8b2017-10-18 15:29:26 +0200224config VBOOT_NO_BOARD_SUPPORT
225 bool "Allow the use of vboot without board support"
226 default n
227 help
228 Enable weak functions for get_write_protect_state and
229 get_recovery_mode_switch in order to proceed with refactoring
230 of the vboot2 code base. Later on this code is removed and replaced
231 by interfaces.
232
Martin Rothbbd5ee412017-10-05 13:53:16 -0600233config RO_REGION_ONLY
234 string "Additional files that should not be copied to RW"
235 default ""
236 help
237 Add a space delimited list of filenames that should only be in the
238 RO section.
239
Julius Werner58c39382017-02-13 17:53:29 -0800240menu "GBB configuration"
241
242config GBB_HWID
243 string "Hardware ID"
244 default "NOCONF HWID"
245
246config GBB_BMPFV_FILE
247 string "Path to bmpfv image"
248 default ""
249
250config GBB_FLAG_DEV_SCREEN_SHORT_DELAY
251 bool "Reduce dev screen delay"
252 default n
253
254config GBB_FLAG_LOAD_OPTION_ROMS
255 bool "Load option ROMs"
256 default n
257
258config GBB_FLAG_ENABLE_ALTERNATE_OS
259 bool "Allow booting a non-Chrome OS kernel if dev switch is on"
260 default n
261
262config GBB_FLAG_FORCE_DEV_SWITCH_ON
263 bool "Force dev switch on"
264 default n
265
266config GBB_FLAG_FORCE_DEV_BOOT_USB
267 bool "Allow booting from USB in dev mode even if dev_boot_usb=0"
268 default y
269
270config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK
271 bool "Disable firmware rollback protection"
272 default y
273
274config GBB_FLAG_ENTER_TRIGGERS_TONORM
275 bool "Return to normal boot with Enter"
276 default n
277
278config GBB_FLAG_FORCE_DEV_BOOT_LEGACY
279 bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0"
280 default n
281
282config GBB_FLAG_FAFT_KEY_OVERIDE
283 bool "Allow booting using alternative keys for FAFT servo testing"
284 default n
285
286config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC
287 bool "Disable EC software sync"
288 default n
289
290config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY
291 bool "Default to booting to legacy in dev mode"
292 default n
293
294config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC
295 bool "Disable PD software sync"
296 default n
297
298config GBB_FLAG_DISABLE_LID_SHUTDOWN
299 bool "Disable shutdown on closed lid"
300 default n
301
302config GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP
303 bool "Allow fastboot even if dev_boot_fastboot_full_cap=0"
304 default n
305
Julius Wernerae423852018-03-23 21:02:48 -0700306config GBB_FLAG_FORCE_MANUAL_RECOVERY
307 bool "Always assume manual recovery in recovery mode"
308 default n
309
310config GBB_FLAG_DISABLE_FWMP
311 bool "Disable Firmware Management Parameters (FWMP)"
Julius Werner58c39382017-02-13 17:53:29 -0800312 default n
313
314endmenu # GBB
315
316menu "Vboot Keys"
317config VBOOT_ROOT_KEY
318 string "Root key (public)"
319 default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk"
320
321config VBOOT_RECOVERY_KEY
322 string "Recovery key (public)"
323 default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk"
324
325config VBOOT_FIRMWARE_PRIVKEY
326 string "Firmware key (private)"
327 default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk"
328
329config VBOOT_KERNEL_KEY
330 string "Kernel subkey (public)"
331 default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk"
332
333config VBOOT_KEYBLOCK
334 string "Keyblock to use for the RW regions"
335 default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock"
336
337config VBOOT_KEYBLOCK_VERSION
338 int "Keyblock version number"
339 default 1
340
341config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
342 hex "Keyblock preamble flags"
343 default 0x0
344
345endmenu # Keys
346endif # VBOOT
347endmenu # Verified Boot (vboot)