blob: b6bf542ee69a202122f6d7a3749aefac43778c83 [file] [log] [blame]
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -07001## This file is part of the coreboot project.
2##
3## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +02004## Copyright (C) 2018 Siemens AG
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -07005##
6## This program is free software; you can redistribute it and/or modify
7## it under the terms of the GNU General Public License as published by
8## the Free Software Foundation; version 2 of the License.
9##
10## This program is distributed in the hope that it will be useful,
11## but WITHOUT ANY WARRANTY; without even the implied warranty of
12## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13## GNU General Public License for more details.
14##
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -070015
Julius Werner58c39382017-02-13 17:53:29 -080016menu "Verified Boot (vboot)"
Lee Leahy33efd982017-03-13 17:25:36 -070017
Bill XIEcdf6f3a2019-12-17 15:56:43 +080018config VBOOT_LIB
19 bool
Bill XIEcdf6f3a2019-12-17 15:56:43 +080020 help
21 Build and link the vboot library. Makes the vboot API accessible across
22 all coreboot stages, without enabling vboot verification. For verification,
23 please see the VBOOT option below.
24
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -070025config VBOOT
26 bool "Verify firmware with vboot."
27 default n
Bill XIEcdf6f3a2019-12-17 15:56:43 +080028 select VBOOT_LIB
Philipp Deppenwiesec07f8fb2018-02-27 19:40:52 +010029 select VBOOT_MOCK_SECDATA if !TPM1 && !TPM2
Julius Wernerb38586f2020-01-14 16:25:56 -080030 depends on 0 = 0 # Must have a 'depends on' or board overrides will break it.
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -070031 help
32 Enabling VBOOT will use vboot to verify the components of the firmware
33 (stages, payload, etc).
Julius Werner58c39382017-02-13 17:53:29 -080034
35if VBOOT
36
Christian Walter0bd84ed2019-07-23 10:26:30 +020037comment "Anti-Rollback Protection disabled because mocking secdata is enabled."
38 depends on VBOOT_MOCK_SECDATA
39
Philipp Deppenwiese66f9a092018-11-08 10:59:40 +010040config VBOOT_MEASURED_BOOT
41 bool "Enable Measured Boot"
42 default n
Christian Walter0bd84ed2019-07-23 10:26:30 +020043 depends on TPM1 || TPM2
Philipp Deppenwiese66f9a092018-11-08 10:59:40 +010044 depends on !VBOOT_RETURN_FROM_VERSTAGE
45 help
46 Enables measured boot mode in vboot (experimental)
47
48config VBOOT_MEASURED_BOOT_RUNTIME_DATA
49 string "Runtime data whitelist"
50 default ""
51 depends on VBOOT_MEASURED_BOOT
52 help
53 Runtime data whitelist of cbfs filenames. Needs to be a comma separated
54 list
55
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +020056config VBOOT_SLOTS_RW_A
57 bool "Firmware RO + RW_A"
58 help
59 Have one update partition beside the RO partition.
60
61config VBOOT_SLOTS_RW_AB
62 bool "Firmware RO + RW_A + RW_B"
63 select VBOOT_SLOTS_RW_A
64 help
65 Have two update partitions beside the RO partition.
66
Julius Werner58c39382017-02-13 17:53:29 -080067config VBOOT_VBNV_CMOS
68 bool
69 default n
70 depends on PC80_SYSTEM
71 help
72 VBNV is stored in CMOS
73
74config VBOOT_VBNV_OFFSET
75 hex
76 default 0x26
77 depends on VBOOT_VBNV_CMOS
78 help
79 CMOS offset for VbNv data. This value must match cmos.layout
80 in the mainboard directory, minus 14 bytes for the RTC.
81
82config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
83 bool
84 default n
85 depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES
86 help
87 Vboot non-volatile storage data will be backed up from CMOS to flash
88 and restored from flash if the CMOS is invalid due to power loss.
89
90config VBOOT_VBNV_EC
91 bool
92 default n
93 help
94 VBNV is stored in EC
95
96config VBOOT_VBNV_FLASH
97 bool
98 default n
99 depends on BOOT_DEVICE_SUPPORTS_WRITES
100 help
101 VBNV is stored in flash storage
102
103config VBOOT_STARTS_IN_BOOTBLOCK
104 bool
105 default n
106 help
107 Firmware verification happens during the end of or right after the
108 bootblock. This implies that a static VBOOT2_WORK() buffer must be
109 allocated in memlayout.
110
111config VBOOT_STARTS_IN_ROMSTAGE
112 bool
113 default n
114 depends on !VBOOT_STARTS_IN_BOOTBLOCK
115 help
116 Firmware verification happens during the end of romstage (after
Yu-Ping Wu214fb9b2020-02-14 17:16:53 +0800117 memory initialization). This implies that the vboot work buffer is
118 in CBMEM from the start and doesn't need to be reserved in memlayout.
Julius Werner58c39382017-02-13 17:53:29 -0800119
120config VBOOT_MOCK_SECDATA
121 bool "Mock secdata for firmware verification"
122 default n
123 help
124 Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
125 verification to avoid access to a secdata storage (typically TPM).
126 All operations for a secdata storage will be successful. This option
127 can be used during development when a TPM is not present or broken.
128 THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
129
130config VBOOT_DISABLE_DEV_ON_RECOVERY
131 bool
132 default n
133 help
134 When this option is enabled, the Chrome OS device leaves the
135 developer mode as soon as recovery request is detected. This is
136 handy on embedded devices with limited input capabilities.
137
138config VBOOT_SEPARATE_VERSTAGE
139 bool
140 default n
141 depends on VBOOT_STARTS_IN_BOOTBLOCK
142 help
143 If this option is set, vboot verification runs in a standalone stage
144 that is loaded from the bootblock and exits into romstage. If it is
145 not set, the verification code is linked directly into the bootblock
146 or the romstage and runs as part of that stage (cf. related options
147 VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and VBOOT_RETURN_FROM_VERSTAGE).
148
149config VBOOT_RETURN_FROM_VERSTAGE
150 bool
151 default n
152 depends on VBOOT_SEPARATE_VERSTAGE
153 help
154 If this is set, the verstage returns back to the calling stage instead
155 of exiting to the succeeding stage so that the verstage space can be
156 reused by the succeeding stage. This is useful if a RAM space is too
157 small to fit both the verstage and the succeeding stage.
158
Joel Kitching6672bd82019-04-10 16:06:21 +0800159config VBOOT_MUST_REQUEST_DISPLAY
Julius Werner58c39382017-02-13 17:53:29 -0800160 bool
Julius Werner9993b6f2019-03-28 18:01:26 -0700161 default y if VGA_ROM_RUN
Julius Werner58c39382017-02-13 17:53:29 -0800162 default n
163 help
164 Set this option to indicate to vboot that this platform will skip its
165 display initialization on a normal (non-recovery, non-developer) boot.
Joel Kitching6672bd82019-04-10 16:06:21 +0800166 Unless display is specifically requested, the video option ROM is not
167 loaded, and any other native display initialization code is not run.
Julius Werner58c39382017-02-13 17:53:29 -0800168
Wim Vervoorne7087a12019-11-15 14:02:02 +0100169config VBOOT_ALWAYS_ENABLE_DISPLAY
170 bool "Force to always enable display"
171 default n
172 help
173 Set this option to indicate to vboot that display should always be enabled.
174
Wim Vervoorn50337f162020-01-14 16:18:27 +0100175config VBOOT_ALWAYS_ALLOW_UDC
176 bool "Always allow UDC"
177 default n
178 depends on !CHROMEOS
179 help
180 This option allows UDC to be enabled regardless of the vboot state.
181
Julius Werner58c39382017-02-13 17:53:29 -0800182config VBOOT_HAS_REC_HASH_SPACE
183 bool
184 default n
185 help
186 Set this option to indicate to vboot that recovery data hash space
187 is present in TPM.
188
Julius Werner58c39382017-02-13 17:53:29 -0800189config VBOOT_LID_SWITCH
190 bool
191 default n
192 help
193 Whether this platform has a lid switch. If it does, vboot will not
194 decrement try counters for boot failures if the lid is closed.
195
196config VBOOT_WIPEOUT_SUPPORTED
197 bool
198 default n
199 help
200 When this option is enabled, the firmware provides the ability to
201 signal the application the need for factory reset (a.k.a. wipe
202 out) of the device
203
204config VBOOT_FWID_MODEL
205 string "Firmware ID model"
Furquan Shaikhc18aa1c2017-09-08 15:14:30 -0700206 default "Google_$(CONFIG_MAINBOARD_PART_NUMBER)" if CHROMEOS
Julius Werner58c39382017-02-13 17:53:29 -0800207 default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)"
208 help
209 This is the first part of the FWID written to various regions of a
210 vboot firmware image to identify its version.
211
212config VBOOT_FWID_VERSION
213 string "Firmware ID version"
Julius Werner46f292f2017-04-27 16:29:02 -0700214 default ".$(KERNELVERSION)"
Julius Werner58c39382017-02-13 17:53:29 -0800215 help
216 This is the second part of the FWID written to various regions of a
217 vboot firmware image to identify its version.
218
Philipp Deppenwiese7410f8b2017-10-18 15:29:26 +0200219config VBOOT_NO_BOARD_SUPPORT
220 bool "Allow the use of vboot without board support"
221 default n
222 help
223 Enable weak functions for get_write_protect_state and
224 get_recovery_mode_switch in order to proceed with refactoring
225 of the vboot2 code base. Later on this code is removed and replaced
226 by interfaces.
227
Martin Rothbbd5ee412017-10-05 13:53:16 -0600228config RO_REGION_ONLY
229 string "Additional files that should not be copied to RW"
230 default ""
231 help
232 Add a space delimited list of filenames that should only be in the
233 RO section.
234
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100235config RW_REGION_ONLY
236 string
237 default ""
238 depends on VBOOT_SLOTS_RW_A
239 help
240 Add a space delimited list of filenames that should only be in the
241 RW sections.
Wim Vervoorn114e2e82019-11-05 14:09:16 +0100242
243config VBOOT_ENABLE_CBFS_FALLBACK
244 bool
245 default n
246 depends on VBOOT_SLOTS_RW_A
247 help
248 When this option is enabled cbfs_boot_locate will look for a file in the RO
249 (COREBOOT) region if it isn't available in the active RW region.
250
Tim Wawrzynczakd6fc5572019-10-25 14:58:15 -0600251config VBOOT_EARLY_EC_SYNC
252 bool
253 default n
254 depends on EC_GOOGLE_CHROMEEC
255 help
256 Enables CrOS EC software sync in romstage, before memory training
257 runs. This is useful mainly as a way to achieve full USB-PD
258 negotiation earlier in the boot flow, as the EC will only do this once
259 it has made the sysjump to its RW firmware. It should not
260 significantly impact boot time, as this operation will be performed
261 later in the boot flow if it is disabled here.
262
Sam McNallyeded5002020-03-04 16:08:06 +1100263config VBOOT_EC_EFS
264 bool "Early firmware selection (EFS) EC"
265 default n
266 help
267 CrosEC can support EFS: Early Firmware Selection. If it's enabled,
268 software sync needs to also support it. This setting tells vboot to
269 perform EFS software sync.
270
Julius Werner58c39382017-02-13 17:53:29 -0800271menu "GBB configuration"
272
273config GBB_HWID
274 string "Hardware ID"
Hung-Te Lin117453e2019-09-27 12:23:20 +0800275 default ""
276 help
277 A hardware identifier for device. On Chrome OS this is used for auto
278 update and recovery, and will be generated when manufacturing by the
279 factory software, in a strictly defined format.
280 Leave empty to get a test-only Chrome OS HWID v2 string generated.
Julius Werner58c39382017-02-13 17:53:29 -0800281
282config GBB_BMPFV_FILE
283 string "Path to bmpfv image"
284 default ""
285
286config GBB_FLAG_DEV_SCREEN_SHORT_DELAY
287 bool "Reduce dev screen delay"
288 default n
289
290config GBB_FLAG_LOAD_OPTION_ROMS
291 bool "Load option ROMs"
292 default n
293
294config GBB_FLAG_ENABLE_ALTERNATE_OS
295 bool "Allow booting a non-Chrome OS kernel if dev switch is on"
296 default n
297
298config GBB_FLAG_FORCE_DEV_SWITCH_ON
299 bool "Force dev switch on"
300 default n
301
302config GBB_FLAG_FORCE_DEV_BOOT_USB
303 bool "Allow booting from USB in dev mode even if dev_boot_usb=0"
304 default y
305
306config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK
307 bool "Disable firmware rollback protection"
308 default y
309
310config GBB_FLAG_ENTER_TRIGGERS_TONORM
311 bool "Return to normal boot with Enter"
312 default n
313
314config GBB_FLAG_FORCE_DEV_BOOT_LEGACY
315 bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0"
316 default n
317
Joel Kitching984d0c62019-12-04 15:33:57 +0800318config GBB_FLAG_RUNNING_FAFT
319 bool "Running FAFT tests; used as a hint to disable other debug features"
Julius Werner58c39382017-02-13 17:53:29 -0800320 default n
321
322config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC
323 bool "Disable EC software sync"
324 default n
325
326config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY
327 bool "Default to booting to legacy in dev mode"
328 default n
329
330config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC
331 bool "Disable PD software sync"
332 default n
333
334config GBB_FLAG_DISABLE_LID_SHUTDOWN
335 bool "Disable shutdown on closed lid"
336 default n
337
Julius Wernerae423852018-03-23 21:02:48 -0700338config GBB_FLAG_FORCE_MANUAL_RECOVERY
339 bool "Always assume manual recovery in recovery mode"
340 default n
341
342config GBB_FLAG_DISABLE_FWMP
343 bool "Disable Firmware Management Parameters (FWMP)"
Julius Werner58c39382017-02-13 17:53:29 -0800344 default n
345
346endmenu # GBB
347
348menu "Vboot Keys"
349config VBOOT_ROOT_KEY
350 string "Root key (public)"
351 default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk"
352
353config VBOOT_RECOVERY_KEY
354 string "Recovery key (public)"
355 default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk"
356
357config VBOOT_FIRMWARE_PRIVKEY
358 string "Firmware key (private)"
359 default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk"
360
361config VBOOT_KERNEL_KEY
362 string "Kernel subkey (public)"
363 default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk"
364
365config VBOOT_KEYBLOCK
366 string "Keyblock to use for the RW regions"
367 default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock"
368
369config VBOOT_KEYBLOCK_VERSION
370 int "Keyblock version number"
371 default 1
372
373config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
374 hex "Keyblock preamble flags"
375 default 0x0
376
377endmenu # Keys
378endif # VBOOT
379endmenu # Verified Boot (vboot)