Martin Roth | 59aa2b1 | 2015-06-20 16:17:12 -0600 | [diff] [blame] | 1 | ## |
| 2 | ## This file is part of the coreboot project. |
| 3 | ## |
| 4 | ## Copyright (C) 2011 Google Inc. |
| 5 | ## Copyright (C) 2013-2014 Sage Electronic Engineering, LLC. |
| 6 | ## |
| 7 | ## This program is free software; you can redistribute it and/or modify |
| 8 | ## it under the terms of the GNU General Public License as published by |
| 9 | ## the Free Software Foundation; version 2 of the License. |
| 10 | ## |
| 11 | ## This program is distributed in the hope that it will be useful, |
| 12 | ## but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | ## GNU General Public License for more details. |
| 15 | ## |
Martin Roth | 59aa2b1 | 2015-06-20 16:17:12 -0600 | [diff] [blame] | 16 | |
| 17 | config HAVE_INTEL_FIRMWARE |
| 18 | bool |
Stefan Tauner | ef8b957 | 2018-09-06 00:34:28 +0200 | [diff] [blame] | 19 | default y if INTEL_DESCRIPTOR_MODE_CAPABLE |
Martin Roth | 59aa2b1 | 2015-06-20 16:17:12 -0600 | [diff] [blame] | 20 | help |
Stefan Tauner | ef8b957 | 2018-09-06 00:34:28 +0200 | [diff] [blame] | 21 | Platform uses the Intel Firmware Descriptor to describe the |
| 22 | layout of the SPI ROM chip. Enabling this option will allow you to |
| 23 | select further features that rely on this like providing individual |
| 24 | firmware blobs. |
Martin Roth | 59aa2b1 | 2015-06-20 16:17:12 -0600 | [diff] [blame] | 25 | |
| 26 | if HAVE_INTEL_FIRMWARE |
| 27 | |
| 28 | comment "Intel Firmware" |
| 29 | |
| 30 | config HAVE_IFD_BIN |
| 31 | bool "Add Intel descriptor.bin file" |
Simon Glass | 46255f7 | 2018-07-12 15:26:07 -0600 | [diff] [blame] | 32 | select HAVE_EM100_SUPPORT # We use ifdtool to enable this. |
Martin Roth | 59aa2b1 | 2015-06-20 16:17:12 -0600 | [diff] [blame] | 33 | help |
| 34 | The descriptor binary |
| 35 | |
| 36 | config IFD_BIN_PATH |
| 37 | string "Path and filename of the descriptor.bin file" |
Stefan Reinauer | cecabc1 | 2015-07-01 17:37:57 -0700 | [diff] [blame] | 38 | default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin" |
Angel Pons | 240eaaa | 2018-08-20 16:32:22 +0200 | [diff] [blame] | 39 | depends on HAVE_IFD_BIN |
Martin Roth | 59aa2b1 | 2015-06-20 16:17:12 -0600 | [diff] [blame] | 40 | |
| 41 | config HAVE_ME_BIN |
Martin Roth | c407cb9 | 2015-06-23 19:59:30 -0600 | [diff] [blame] | 42 | bool "Add Intel ME/TXE firmware" |
Martin Roth | c528c2e | 2015-06-27 08:59:10 -0600 | [diff] [blame] | 43 | depends on HAVE_IFD_BIN |
Martin Roth | 59aa2b1 | 2015-06-20 16:17:12 -0600 | [diff] [blame] | 44 | help |
| 45 | The Intel processor in the selected system requires a special firmware |
Martin Roth | c407cb9 | 2015-06-23 19:59:30 -0600 | [diff] [blame] | 46 | for an integrated controller. This might be called the Management |
| 47 | Engine (ME), the Trusted Execution Engine (TXE) or something else |
| 48 | depending on the chip. This firmware might or might not be available |
| 49 | in coreboot's 3rdparty/blobs repository. If it is not and if you don't |
| 50 | have access to the firmware from elsewhere, you can still build |
| 51 | coreboot without it. In this case however, you'll have to make sure |
| 52 | that you don't overwrite your ME/TXE firmware on your flash ROM. |
Martin Roth | 59aa2b1 | 2015-06-20 16:17:12 -0600 | [diff] [blame] | 53 | |
| 54 | config ME_BIN_PATH |
| 55 | string "Path to management engine firmware" |
Stefan Reinauer | cecabc1 | 2015-07-01 17:37:57 -0700 | [diff] [blame] | 56 | default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin" |
Martin Roth | 59aa2b1 | 2015-06-20 16:17:12 -0600 | [diff] [blame] | 57 | depends on HAVE_ME_BIN |
| 58 | |
Nicola Corna | 16719ad | 2017-03-10 11:27:39 +0100 | [diff] [blame] | 59 | config CHECK_ME |
| 60 | bool "Verify the integrity of the supplied ME/TXE firmware" |
Naresh G Solanki | 95d6dd2 | 2017-04-12 20:15:53 +0530 | [diff] [blame] | 61 | default n |
Nicola Corna | 16719ad | 2017-03-10 11:27:39 +0100 | [diff] [blame] | 62 | depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_NEHALEM || \ |
| 63 | NORTHBRIDGE_INTEL_SANDYBRIDGE || \ |
| 64 | NORTHBRIDGE_INTEL_IVYBRIDGE || NORTHBRIDGE_INTEL_HASWELL || \ |
| 65 | SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \ |
Nicola Corna | d58dd5c | 2018-03-31 16:40:03 +0200 | [diff] [blame] | 66 | SOC_INTEL_KABYLAKE || SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL) |
Nicola Corna | 16719ad | 2017-03-10 11:27:39 +0100 | [diff] [blame] | 67 | help |
| 68 | Verify the integrity of the supplied Intel ME/TXE firmware before |
| 69 | proceeding with the build, in order to prevent an accidental loading |
| 70 | of a corrupted ME/TXE image. |
| 71 | |
Nicola Corna | 92e95ca | 2017-01-23 15:29:03 +0100 | [diff] [blame] | 72 | config USE_ME_CLEANER |
| 73 | bool "Strip down the Intel ME/TXE firmware" |
Nicola Corna | 04d2601 | 2018-06-21 14:57:26 +0200 | [diff] [blame] | 74 | depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_NEHALEM || \ |
| 75 | NORTHBRIDGE_INTEL_SANDYBRIDGE || \ |
Nicola Corna | 92e95ca | 2017-01-23 15:29:03 +0100 | [diff] [blame] | 76 | NORTHBRIDGE_INTEL_IVYBRIDGE || NORTHBRIDGE_INTEL_HASWELL || \ |
| 77 | SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \ |
Nicola Corna | d58dd5c | 2018-03-31 16:40:03 +0200 | [diff] [blame] | 78 | SOC_INTEL_KABYLAKE || SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL) |
Nicola Corna | 92e95ca | 2017-01-23 15:29:03 +0100 | [diff] [blame] | 79 | help |
| 80 | Use me_cleaner to remove all the non-fundamental code from the Intel |
| 81 | ME/TXE firmware. |
| 82 | The resulting Intel ME/TXE firmware will have only the code |
| 83 | responsible for the very basic hardware initialization, leaving the |
| 84 | ME/TXE subsystem essentially in a disabled state. |
| 85 | |
| 86 | Don't flash a modified ME/TXE firmware and a new coreboot image at the |
| 87 | same time, test them in two different steps. |
| 88 | |
| 89 | WARNING: this tool isn't based on any official Intel documentation but |
| 90 | only on reverse engineering and trial & error. |
| 91 | |
| 92 | See the project's page |
Nicola Corna | 98f3034 | 2017-08-08 21:24:49 +0200 | [diff] [blame] | 93 | https://github.com/corna/me_cleaner |
Nicola Corna | 92e95ca | 2017-01-23 15:29:03 +0100 | [diff] [blame] | 94 | or the wiki |
Nicola Corna | 98f3034 | 2017-08-08 21:24:49 +0200 | [diff] [blame] | 95 | https://github.com/corna/me_cleaner/wiki/How-to-apply-me_cleaner |
| 96 | https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F |
| 97 | https://github.com/corna/me_cleaner/wiki/me_cleaner-status |
Nicola Corna | 92e95ca | 2017-01-23 15:29:03 +0100 | [diff] [blame] | 98 | for more info about this tool |
| 99 | |
| 100 | If unsure, say N. |
| 101 | |
| 102 | comment "Please test the modified ME/TXE firmware and coreboot in two steps" |
| 103 | depends on USE_ME_CLEANER |
| 104 | |
Nicola Corna | 364f2e1 | 2018-03-31 18:24:44 +0200 | [diff] [blame] | 105 | config ME_CLEANER_ARGS |
| 106 | string |
| 107 | depends on USE_ME_CLEANER |
| 108 | default "-S" |
| 109 | |
Martin Roth | c6a177d | 2015-07-09 20:50:51 -0600 | [diff] [blame] | 110 | config HAVE_GBE_BIN |
| 111 | bool "Add gigabit ethernet firmware" |
| 112 | depends on HAVE_IFD_BIN |
| 113 | help |
| 114 | The integrated gigabit ethernet controller needs a firmware file. |
| 115 | Select this if you are going to use the PCH integrated controller |
| 116 | and have the firmware. |
| 117 | |
| 118 | config GBE_BIN_PATH |
| 119 | string "Path to gigabit ethernet firmware" |
| 120 | depends on HAVE_GBE_BIN |
| 121 | default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/gbe.bin" |
| 122 | |
Lijian Zhao | 0fb6568 | 2017-05-16 12:11:45 -0700 | [diff] [blame] | 123 | config HAVE_EC_BIN |
| 124 | bool "Add EC firmware" |
| 125 | depends on HAVE_IFD_BIN |
| 126 | help |
| 127 | The embedded controller needs a firmware file. |
| 128 | |
| 129 | Select this if you are going to use the PCH integrated controller |
| 130 | and have the EC firmware. EC firmware will be added to final image |
| 131 | through ifdtool. |
| 132 | |
| 133 | config EC_BIN_PATH |
| 134 | string "Path to EC firmware" |
| 135 | depends on HAVE_EC_BIN |
| 136 | default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/ec.bin" |
| 137 | |
Martin Roth | 775d508 | 2015-06-23 21:47:19 -0600 | [diff] [blame] | 138 | config LOCK_MANAGEMENT_ENGINE |
| 139 | bool "Lock ME/TXE section" |
Martin Roth | 775d508 | 2015-06-23 21:47:19 -0600 | [diff] [blame] | 140 | default n |
| 141 | help |
| 142 | The Intel Firmware Descriptor supports preventing write accesses |
| 143 | from the host to the ME or TXE section in the firmware |
| 144 | descriptor. If the section is locked, it can only be overwritten |
| 145 | with an external SPI flash programmer. You will want this if you |
| 146 | want to increase security of your ROM image once you are sure |
| 147 | that the ME/TXE firmware is no longer going to change. |
| 148 | |
| 149 | If unsure, say N. |
| 150 | |
Martin Roth | 59ff340 | 2016-02-09 09:06:46 -0700 | [diff] [blame] | 151 | config CBFS_SIZE |
| 152 | hex |
| 153 | default 0x100000 |
| 154 | help |
| 155 | Reduce CBFS size to give room to the IFD blobs. |
| 156 | |
Martin Roth | 59aa2b1 | 2015-06-20 16:17:12 -0600 | [diff] [blame] | 157 | endif #INTEL_FIRMWARE |