Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 2a600263dcd49249467bec43c483ddfae91a4cde / . / src / vboot / Kconfig
blob: a0082082bd25384e75ce47446a420f8605285121 [file] [log] [blame]
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]1## This file is part of the coreboot project.
2##
3## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
4##
5## This program is free software; you can redistribute it and/or modify
6## it under the terms of the GNU General Public License as published by
7## the Free Software Foundation; version 2 of the License.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12## GNU General Public License for more details.
13##
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]14
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]15config VBOOT_VBNV_OFFSET
16 hex
17 default 0x26
18 depends on PC80_SYSTEM
19 help
20 CMOS offset for VbNv data. This value must match cmos.layout
21 in the mainboard directory, minus 14 bytes for the RTC.
22
23config VBOOT_VBNV_CMOS
24 bool "Vboot non-volatile storage in CMOS."
25 default n
26 help
27 VBNV is stored in CMOS
28
29config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
30 bool "Back up Vboot non-volatile storage from CMOS to flash."
31 default n
32 depends on VBOOT_VBNV_CMOS
33 help
34 Vboot non-volatile storage data will be backed up from CMOS to flash
35 and restored from flash if the CMOS is invalid due to power loss.
36
37config VBOOT_VBNV_EC
38 bool "Vboot non-volatile storage in EC."
39 default n
40 help
41 VBNV is stored in EC
42
43config VBOOT_VBNV_FLASH
44 def_bool n
45 help
46 VBNV is stored in flash storage
47
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]48config VBOOT_STARTS_IN_BOOTBLOCK
Aaron Durbind2ab4e42015-05-08 16:01:31 -0500[diff] [blame]49 bool "Vboot starts verifying in bootblock"
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]50 default n
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]51 depends on VBOOT
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]52 help
53 Firmware verification happens during or at the end of bootblock.
54
55config VBOOT_STARTS_IN_ROMSTAGE
Aaron Durbind2ab4e42015-05-08 16:01:31 -0500[diff] [blame]56 bool "Vboot starts verifying in romstage"
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]57 default n
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]58 depends on VBOOT && !VBOOT_STARTS_IN_BOOTBLOCK
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]59 help
60 Firmware verification happens during or at the end of romstage.
61
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]62config VBOOT_MOCK_SECDATA
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]63 bool "Mock secdata for firmware verification"
64 default n
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]65 depends on VBOOT
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]66 help
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]67 Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]68 verification to avoid access to a secdata storage (typically TPM).
69 All operations for a secdata storage will be successful. This option
70 can be used during development when a TPM is not present or broken.
71 THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
72
Vadim Bendebury30773d22015-03-20 16:11:13 -0700[diff] [blame]73config VBOOT_DISABLE_DEV_ON_RECOVERY
74 bool "Disable dev mode on recovery requests"
75 default n
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]76 depends on VBOOT
Vadim Bendebury30773d22015-03-20 16:11:13 -0700[diff] [blame]77 help
78 When this option is enabled, the Chrome OS device leaves the
79 developer mode as soon as recovery request is detected. This is
80 handy on embedded devices with limited input capabilities.
Patrick Georgiefc6aa02015-04-27 18:13:50 +0200[diff] [blame]81
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]82config SEPARATE_VERSTAGE
Aaron Durbind2ab4e42015-05-08 16:01:31 -0500[diff] [blame]83 bool "Vboot verification is built into a separate stage"
Patrick Georgiefc6aa02015-04-27 18:13:50 +0200[diff] [blame]84 default n
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]85 depends on VBOOT
Patrick Georgiefc6aa02015-04-27 18:13:50 +0200[diff] [blame]86
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]87config RETURN_FROM_VERSTAGE
Aaron Durbind2ab4e42015-05-08 16:01:31 -0500[diff] [blame]88 bool "The separate verification stage returns to its caller"
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]89 default n
90 depends on SEPARATE_VERSTAGE
91 help
92 If this is set, the verstage returns back to the calling stage instead
93 of exiting to the succeeding stage so that the verstage space can be
Elyes HAOUAS2a600262016-07-30 16:18:46 +0200[diff] [blame^]94 reused by the succeeding stage. This is useful if a RAM space is too
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]95 small to fit both the verstage and the succeeding stage.
Aaron Durbin5abcba72015-04-28 16:02:17 -0500[diff] [blame]96
Aaron Durbin3c96e802015-10-01 16:27:55 -0500[diff] [blame]97config CHIPSET_PROVIDES_VERSTAGE_MAIN_SYMBOL
98 bool "The chipset provides the main() entry point for verstage"
99 default n
100 depends on SEPARATE_VERSTAGE
101 help
102 The chipset code provides their own main() entry point.
103
Aaron Durbin0e571fd2015-05-08 17:14:15 -0500[diff] [blame]104config VBOOT_DYNAMIC_WORK_BUFFER
105 bool "Vboot's work buffer is dynamically allocated."
Aaron Durbin75c51d92015-09-29 16:31:20 -0500[diff] [blame]106 default y if ARCH_ROMSTAGE_X86_32 && !SEPARATE_VERSTAGE
Aaron Durbin0e571fd2015-05-08 17:14:15 -0500[diff] [blame]107 default n
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]108 depends on VBOOT
Aaron Durbin0e571fd2015-05-08 17:14:15 -0500[diff] [blame]109 help
110 This option is used when there isn't enough pre-main memory
Elyes HAOUAS2a600262016-07-30 16:18:46 +0200[diff] [blame^]111 RAM to allocate the vboot work buffer. That means vboot verification
Aaron Durbin0e571fd2015-05-08 17:14:15 -0500[diff] [blame]112 is after memory init and requires main memory to back the work
113 buffer.
Furquan Shaikh85aa1352016-07-22 08:56:43 -0700[diff] [blame]114
115config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
116 bool
117 default n
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]118 depends on VBOOT
Furquan Shaikh85aa1352016-07-22 08:56:43 -0700[diff] [blame]119 help
120 This option ensures that the recovery request is not lost because of
121 reboots caused after vboot verification is run. e.g. reboots caused by
122 FSP components on Intel platforms.
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]123
124config VBOOT_OPROM_MATTERS
125 bool "Video option ROM matters (= can skip display init)"
126 default n
127 depends on VBOOT
128 help
129 Set this option to indicate to vboot that this platform will skip its
130 display initialization on a normal (non-recovery, non-developer) boot.
131 Vboot calls this "oprom matters" because on x86 devices this
132 traditionally meant that the video option ROM will not be loaded, but
133 it works functionally the same for other platforms that can skip their
134 native display initialization code instead.
135
136config VBOOT
137 bool "Verify firmware with vboot."
138 default n
139 depends on HAVE_HARD_RESET
140 help
141 Enabling VBOOT will use vboot to verify the components of the firmware
142 (stages, payload, etc).