src/southbridge/intel/common/firmware/Kconfig

##
## This file is part of the coreboot project.
##
## Copyright (C) 2011 Google Inc.
## Copyright (C) 2013-2014 Sage Electronic Engineering, LLC.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
## GNU General Public License for more details.
##

config HAVE_INTEL_FIRMWARE
	bool
	help
	  Chipset uses the Intel Firmware Descriptor to describe the
	  layout of the SPI ROM chip.

if HAVE_INTEL_FIRMWARE

comment "Intel Firmware"

config HAVE_IFD_BIN
	bool "Add Intel descriptor.bin file"
	help
	  The descriptor binary

config IFD_BIN_PATH
	string "Path and filename of the descriptor.bin file"
	default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin"
	depends on HAVE_IFD_BIN && !BUILD_WITH_FAKE_IFD

config EM100
	bool "Configure IFD for EM100 usage"
	depends on HAVE_IFD_BIN && !BUILD_WITH_FAKE_IFD
	help
	  Set SPI frequency to 20MHz and disable Dual Output Fast Read Support

config HAVE_ME_BIN
	bool "Add Intel ME/TXE firmware"
	depends on HAVE_IFD_BIN
	help
	  The Intel processor in the selected system requires a special firmware
	  for an integrated controller.  This might be called the Management
	  Engine (ME), the Trusted Execution Engine (TXE) or something else
	  depending on the chip. This firmware might or might not be available
	  in coreboot's 3rdparty/blobs repository. If it is not and if you don't
	  have access to the firmware from elsewhere, you can still build
	  coreboot without it. In this case however, you'll have to make sure
	  that you don't overwrite your ME/TXE firmware on your flash ROM.

config ME_BIN_PATH
	string "Path to management engine firmware"
	default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin"
	depends on HAVE_ME_BIN

config CHECK_ME
	bool "Verify the integrity of the supplied ME/TXE firmware"
	default n
	depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_NEHALEM || \
		NORTHBRIDGE_INTEL_SANDYBRIDGE || \
		NORTHBRIDGE_INTEL_IVYBRIDGE || NORTHBRIDGE_INTEL_HASWELL || \
		SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \
		SOC_INTEL_KABYLAKE || SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL)
	help
	  Verify the integrity of the supplied Intel ME/TXE firmware before
	  proceeding with the build, in order to prevent an accidental loading
	  of a corrupted ME/TXE image.

config USE_ME_CLEANER
	bool "Strip down the Intel ME/TXE firmware"
	depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_SANDYBRIDGE || \
		NORTHBRIDGE_INTEL_IVYBRIDGE || NORTHBRIDGE_INTEL_HASWELL || \
		SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \
		SOC_INTEL_KABYLAKE || SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL)
	help
	  Use me_cleaner to remove all the non-fundamental code from the Intel
	  ME/TXE firmware.
	  The resulting Intel ME/TXE firmware will have only the code
	  responsible for the very basic hardware initialization, leaving the
	  ME/TXE subsystem essentially in a disabled state.

	  Don't flash a modified ME/TXE firmware and a new coreboot image at the
	  same time, test them in two different steps.

	  WARNING: this tool isn't based on any official Intel documentation but
	           only on reverse engineering and trial & error.

	  See the project's page
	   https://github.com/corna/me_cleaner
	  or the wiki
	   https://github.com/corna/me_cleaner/wiki/How-to-apply-me_cleaner
	   https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F
	   https://github.com/corna/me_cleaner/wiki/me_cleaner-status
	  for more info about this tool

	  If unsure, say N.

comment "Please test the modified ME/TXE firmware and coreboot in two steps"
	depends on USE_ME_CLEANER

config ME_CLEANER_ARGS
	string
	depends on USE_ME_CLEANER
	default "-S"

config HAVE_GBE_BIN
	bool "Add gigabit ethernet firmware"
	depends on HAVE_IFD_BIN
	help
	  The integrated gigabit ethernet controller needs a firmware file.
	  Select this if you are going to use the PCH integrated controller
	  and have the firmware.

config GBE_BIN_PATH
	string "Path to gigabit ethernet firmware"
	depends on HAVE_GBE_BIN
	default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/gbe.bin"

config HAVE_EC_BIN
	bool "Add EC firmware"
	depends on HAVE_IFD_BIN
	help
	  The embedded controller needs a firmware file.

	  Select this if you are going to use the PCH integrated controller
	  and have the EC firmware. EC firmware will be added to final image
	  through ifdtool.

config EC_BIN_PATH
	string "Path to EC firmware"
	depends on HAVE_EC_BIN
	default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/ec.bin"

##### Fake IFD #####

config BUILD_WITH_FAKE_IFD
	bool "Build with a fake IFD" if !HAVE_IFD_BIN
	help
	  If you don't have an Intel Firmware Descriptor (descriptor.bin) for your
	  board, you can select this option and coreboot will build without it.
	  The resulting coreboot.rom will not contain all parts required
	  to get coreboot running on your board. You can however write only the
	  BIOS section to your board's flash ROM and keep the other sections
	  untouched. Unfortunately the current version of flashrom doesn't
	  support this yet. But there is a patch pending [1].

	  WARNING: Never write a complete coreboot.rom to your flash ROM if it
	           was built with a fake IFD. It just won't work.

	  [1] http://www.flashrom.org/pipermail/flashrom/2013-June/011083.html

config IFD_BIOS_SECTION
	depends on BUILD_WITH_FAKE_IFD
	string "BIOS Region Starting:Ending addresses within the ROM"
	default ""
	help
	  The BIOS region is typically the size of the CBFS area, and is located
	  at the end of the ROM space.

	  For an 8MB ROM with a 3MB CBFS area, this would look like:
	  0x00500000:0x007fffff

config IFD_ME_SECTION
	depends on BUILD_WITH_FAKE_IFD
	string "ME/TXE Region Starting:Ending addresses within the ROM"
	default ""
	help
	  The ME/TXE region typically starts at around 0x1000 and often fills the
	  ROM space not used by CBFS.

	  For an 8MB ROM with a 3MB CBFS area, this might look like:
	  0x00001000:0x004fffff

config IFD_GBE_SECTION
	depends on BUILD_WITH_FAKE_IFD
	string "GBE Region Starting:Ending addresses within the ROM"
	default ""
	help
	  The Gigabit Ethernet ROM region is used when an Intel NIC is built into
	  the Southbridge/SOC and the platform uses this device instead of an external
	  PCIe NIC.  It will be located between the ME/TXE and the BIOS region.

	  Leave this empty if you're unsure.

config IFD_PLATFORM_SECTION
	depends on BUILD_WITH_FAKE_IFD
	string "Platform Region Starting:Ending addresses within the Rom"
	default ""
	help
	  The Platform region is used for platform specific data.
	  It will be located between the ME/TXE and the BIOS region.

	  Leave this empty if you're unsure.

config LOCK_MANAGEMENT_ENGINE
	bool "Lock ME/TXE section"
	default n
	help
	  The Intel Firmware Descriptor supports preventing write accesses
	  from the host to the ME or TXE section in the firmware
	  descriptor. If the section is locked, it can only be overwritten
	  with an external SPI flash programmer. You will want this if you
	  want to increase security of your ROM image once you are sure
	  that the ME/TXE firmware is no longer going to change.

	  If unsure, say N.

config CBFS_SIZE
	hex
	default 0x100000
	help
	  Reduce CBFS size to give room to the IFD blobs.

endif #INTEL_FIRMWARE