src/southbridge/intel/common/firmware/Kconfig

##
## This file is part of the coreboot project.
##
## Copyright (C) 2011 Google Inc.
## Copyright (C) 2013-2014 Sage Electronic Engineering, LLC.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
## GNU General Public License for more details.
##

config HAVE_INTEL_FIRMWARE
	bool
	default y if INTEL_DESCRIPTOR_MODE_CAPABLE
	help
	  Platform uses the Intel Firmware Descriptor to describe the
	  layout of the SPI ROM chip. Enabling this option will allow you to
	  select further features that rely on this like providing individual
	  firmware blobs.

if HAVE_INTEL_FIRMWARE

comment "Intel Firmware"

config HAVE_IFD_BIN
	bool "Add Intel descriptor.bin file"
	select HAVE_EM100_SUPPORT  # We use ifdtool to enable this.
	help
	  The descriptor binary

config IFD_BIN_PATH
	string "Path and filename of the descriptor.bin file"
	default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin"
	depends on HAVE_IFD_BIN

config HAVE_ME_BIN
	bool "Add Intel ME/TXE firmware"
	depends on HAVE_IFD_BIN
	help
	  The Intel processor in the selected system requires a special firmware
	  for an integrated controller.  This might be called the Management
	  Engine (ME), the Trusted Execution Engine (TXE) or something else
	  depending on the chip. This firmware might or might not be available
	  in coreboot's 3rdparty/blobs repository. If it is not and if you don't
	  have access to the firmware from elsewhere, you can still build
	  coreboot without it. In this case however, you'll have to make sure
	  that you don't overwrite your ME/TXE firmware on your flash ROM.

config ME_BIN_PATH
	string "Path to management engine firmware"
	default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin"
	depends on HAVE_ME_BIN

config CHECK_ME
	bool "Verify the integrity of the supplied ME/TXE firmware"
	default n
	depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_NEHALEM || \
		NORTHBRIDGE_INTEL_SANDYBRIDGE || \
		NORTHBRIDGE_INTEL_IVYBRIDGE || NORTHBRIDGE_INTEL_HASWELL || \
		SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \
		SOC_INTEL_KABYLAKE || SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL)
	help
	  Verify the integrity of the supplied Intel ME/TXE firmware before
	  proceeding with the build, in order to prevent an accidental loading
	  of a corrupted ME/TXE image.

config USE_ME_CLEANER
	bool "Strip down the Intel ME/TXE firmware"
	depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_NEHALEM || \
		NORTHBRIDGE_INTEL_SANDYBRIDGE || \
		NORTHBRIDGE_INTEL_IVYBRIDGE || NORTHBRIDGE_INTEL_HASWELL || \
		SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \
		SOC_INTEL_KABYLAKE || SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL)
	help
	  Use me_cleaner to remove all the non-fundamental code from the Intel
	  ME/TXE firmware.
	  The resulting Intel ME/TXE firmware will have only the code
	  responsible for the very basic hardware initialization, leaving the
	  ME/TXE subsystem essentially in a disabled state.

	  Don't flash a modified ME/TXE firmware and a new coreboot image at the
	  same time, test them in two different steps.

	  WARNING: this tool isn't based on any official Intel documentation but
	           only on reverse engineering and trial & error.

	  See the project's page
	   https://github.com/corna/me_cleaner
	  or the wiki
	   https://github.com/corna/me_cleaner/wiki/How-to-apply-me_cleaner
	   https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F
	   https://github.com/corna/me_cleaner/wiki/me_cleaner-status
	  for more info about this tool

	  If unsure, say N.

comment "Please test the modified ME/TXE firmware and coreboot in two steps"
	depends on USE_ME_CLEANER

config ME_CLEANER_ARGS
	string
	depends on USE_ME_CLEANER
	default "-S"

config HAVE_GBE_BIN
	bool "Add gigabit ethernet firmware"
	depends on HAVE_IFD_BIN
	help
	  The integrated gigabit ethernet controller needs a firmware file.
	  Select this if you are going to use the PCH integrated controller
	  and have the firmware.

config GBE_BIN_PATH
	string "Path to gigabit ethernet firmware"
	depends on HAVE_GBE_BIN
	default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/gbe.bin"

config HAVE_EC_BIN
	bool "Add EC firmware"
	depends on HAVE_IFD_BIN
	help
	  The embedded controller needs a firmware file.

	  Select this if you are going to use the PCH integrated controller
	  and have the EC firmware. EC firmware will be added to final image
	  through ifdtool.

config EC_BIN_PATH
	string "Path to EC firmware"
	depends on HAVE_EC_BIN
	default "3rdparty/blobs/mainboard/$(MAINBOARDDIR)/ec.bin"

config LOCK_MANAGEMENT_ENGINE
	bool "Lock ME/TXE section"
	default n
	help
	  The Intel Firmware Descriptor supports preventing write accesses
	  from the host to the ME or TXE section in the firmware
	  descriptor. If the section is locked, it can only be overwritten
	  with an external SPI flash programmer. You will want this if you
	  want to increase security of your ROM image once you are sure
	  that the ME/TXE firmware is no longer going to change.

	  If unsure, say N.

config CBFS_SIZE
	hex
	default 0x100000
	help
	  Reduce CBFS size to give room to the IFD blobs.

endif #INTEL_FIRMWARE