1config EFI_LOADER
2	bool "Support running UEFI applications"
3	depends on OF_LIBFDT && ( \
4		ARM && (SYS_CPU = arm1136 || \
5			SYS_CPU = arm1176 || \
6			SYS_CPU = armv7   || \
7			SYS_CPU = armv8)  || \
8		X86 || RISCV || SANDBOX)
9	# We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
10	depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
11	# We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
12	depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
13	depends on BLK
14	depends on !EFI_APP
15	default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
16	select CHARSET
17	# We need to send DM events, dynamically, in the EFI block driver
18	select DM_EVENT
19	select EVENT_DYNAMIC
20	select LIB_UUID
21	imply PARTITION_UUIDS
22	select REGEX
23	imply FAT
24	imply FAT_WRITE
25	imply USB_KEYBOARD_FN_KEYS
26	imply VIDEO_ANSI
27	help
28	  Select this option if you want to run UEFI applications (like GNU
29	  GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
30	  will expose the UEFI API to a loaded application, enabling it to
31	  reuse U-Boot's device drivers.
32
33if EFI_LOADER
34
35config EFI_BINARY_EXEC
36	bool "Execute UEFI binary"
37	default y
38	help
39	  Select this option if you want to execute the UEFI binary after
40	  loading it with U-Boot load commands or other methods.
41	  You may enable CMD_BOOTEFI_BINARY so that you can use bootefi
42	  command to do that.
43
44config EFI_BOOTMGR
45	bool "UEFI Boot Manager"
46	default y
47	help
48	  Select this option if you want to select the UEFI binary to be booted
49	  via UEFI variables Boot####, BootOrder, and BootNext. You should also
50	  normally enable CMD_BOOTEFI_BOOTMGR so that the command is available.
51
52choice
53	prompt "Store for non-volatile UEFI variables"
54	default EFI_VARIABLE_FILE_STORE
55	help
56	  Select where non-volatile UEFI variables shall be stored.
57
58config EFI_VARIABLE_FILE_STORE
59	bool "Store non-volatile UEFI variables as file"
60	depends on FAT_WRITE
61	help
62	  Select this option if you want non-volatile UEFI variables to be
63	  stored as file /ubootefi.var on the EFI system partition.
64
65config EFI_RT_VOLATILE_STORE
66	bool "Allow variable runtime services in volatile storage (e.g RAM)"
67	depends on EFI_VARIABLE_FILE_STORE
68	help
69	  When EFI variables are stored on file we don't allow SetVariableRT,
70	  since the OS doesn't know how to write that file. At he same time
71	  we copy runtime variables in DRAM and support GetVariableRT
72
73	  Enable this option to allow SetVariableRT on the RAM backend of
74	  the EFI variable storage. The OS will be responsible for syncing
75	  the RAM contents to the file, otherwise any changes made during
76	  runtime won't persist reboots.
77	  Authenticated variables are not supported. Note that this will
78	  violate the EFI spec since writing auth variables will return
79	  EFI_INVALID_PARAMETER
80
81config EFI_MM_COMM_TEE
82	bool "UEFI variables storage service via the trusted world"
83	depends on OPTEE
84	help
85	  Allowing access to the MM SP services (SPs such as  StandAlonneMM, smm-gateway).
86	  When using the u-boot OP-TEE driver, StandAlonneMM is supported.
87	  When using the u-boot FF-A  driver any MM SP is supported.
88
89	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI
90	  variable related operations to that. The application will verify,
91	  authenticate and store the variables on an RPMB.
92
93	  When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related
94	  operations to the MM SP running in the secure world.
95	  A door bell mechanism is used to notify the SP when there is data in the shared
96	  MM buffer. The data is copied by u-boot to the shared buffer before issuing
97	  the door bell event.
98
99config FFA_SHARED_MM_BUF_SIZE
100	int "Memory size of the shared MM communication buffer"
101	depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
102	help
103	  This defines the size in bytes of the memory area reserved for the shared
104	  buffer used for communication between the MM feature in U-Boot and
105	  the MM SP in secure world.
106	  The size of the memory region must be a multiple of the size of the maximum
107	  translation granule size that is specified in the ID_AA64MMFR0_EL1 System register.
108	  It is assumed that the MM SP knows the size of the shared MM communication buffer.
109
110config FFA_SHARED_MM_BUF_OFFSET
111	int "Data offset in the shared MM communication buffer"
112	depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
113	help
114	  This defines the offset in bytes of the data read or written to in the shared
115	  buffer by the MM SP.
116
117config FFA_SHARED_MM_BUF_ADDR
118	hex "Define the address of the shared MM communication buffer"
119	depends on EFI_MM_COMM_TEE && ARM_FFA_TRANSPORT
120	help
121	  This defines the address of the shared MM communication buffer
122	  used for communication between the MM feature in U-Boot and
123	  the MM SP in secure world.
124	  It is assumed that the MM SP knows the address of the shared MM communication buffer.
125
126config EFI_VARIABLE_NO_STORE
127	bool "Don't persist non-volatile UEFI variables"
128	help
129	  If you choose this option, non-volatile variables cannot be persisted.
130	  You could still provide non-volatile variables via
131	  EFI_VARIABLES_PRESEED.
132
133endchoice
134
135config EFI_VARIABLES_PRESEED
136	bool "Initial values for UEFI variables"
137	depends on !EFI_MM_COMM_TEE
138	help
139	  Include a file with the initial values for non-volatile UEFI variables
140	  into the U-Boot binary. If this configuration option is set, changes
141	  to authentication related variables (PK, KEK, db, dbx) are not
142	  allowed.
143
144if EFI_VARIABLES_PRESEED
145
146config EFI_VAR_SEED_FILE
147	string "File with initial values of non-volatile UEFI variables"
148	default "ubootefi.var"
149	help
150	  File with initial values of non-volatile UEFI variables. The file must
151	  be in the same format as the storage in the EFI system partition. The
152	  easiest way to create it is by setting the non-volatile variables in
153	  U-Boot. If a relative file path is used, it is relative to the source
154	  directory.
155
156endif
157
158config EFI_VAR_BUF_SIZE
159	int "Memory size of the UEFI variable store"
160	default 131072
161	range 4096 2147483647
162	help
163	  This defines the size in bytes of the memory area reserved for keeping
164	  UEFI variables.
165
166	  When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) is used the
167	  available size for storing variables is defined in
168	  PcdFlashNvStorageVariableSize.
169	  That value is probed at runtime from U-Boot. In that case,
170	  EFI_VAR_BUF_SIZE represents the memory U-Boot reserves to present
171	  runtime variables to the OS.
172
173	  Minimum 4096, default 131072
174
175config EFI_GET_TIME
176	bool "GetTime() runtime service"
177	depends on DM_RTC
178	default y
179	help
180	  Provide the GetTime() runtime service at boottime. This service
181	  can be used by an EFI application to read the real time clock.
182
183config EFI_SET_TIME
184	bool "SetTime() runtime service"
185	depends on EFI_GET_TIME
186	default y if ARCH_QEMU || SANDBOX
187	help
188	  Provide the SetTime() runtime service at boottime. This service
189	  can be used by an EFI application to adjust the real time clock.
190
191config EFI_SCROLL_ON_CLEAR_SCREEN
192	bool "Avoid overwriting previous output on clear screen"
193	help
194	  Instead of erasing the screen content when the console screen should
195	  be cleared, emit blank new lines so that previous output is scrolled
196	  out of sight rather than overwritten. On serial consoles this allows
197	  to capture complete boot logs (except for interactive menus etc.)
198	  and can ease debugging related issues.
199
200config EFI_HAVE_CAPSULE_SUPPORT
201	bool
202
203config EFI_RUNTIME_UPDATE_CAPSULE
204	bool "UpdateCapsule() runtime service"
205	select EFI_HAVE_CAPSULE_SUPPORT
206	help
207	  Select this option if you want to use UpdateCapsule and
208	  QueryCapsuleCapabilities API's.
209
210config EFI_CAPSULE_ON_DISK
211	bool "Enable capsule-on-disk support"
212	depends on SYSRESET
213	select EFI_HAVE_CAPSULE_SUPPORT
214	help
215	  Select this option if you want to use capsule-on-disk feature,
216	  that is, capsules can be fetched and executed from files
217	  under a specific directory on UEFI system partition instead of
218	  via UpdateCapsule API.
219
220config EFI_IGNORE_OSINDICATIONS
221	bool "Ignore OsIndications for CapsuleUpdate on-disk"
222	depends on EFI_CAPSULE_ON_DISK
223	help
224	  There are boards where U-Boot does not support SetVariable at runtime.
225	  Select this option if you want to use the capsule-on-disk feature
226	  without setting the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
227	  flag in variable OsIndications.
228
229config EFI_CAPSULE_ON_DISK_EARLY
230	bool "Initiate capsule-on-disk at U-Boot boottime"
231	depends on EFI_CAPSULE_ON_DISK
232	help
233	  Normally, without this option enabled, capsules will be
234	  executed only at the first time of invoking one of efi command.
235	  If this option is enabled, capsules will be enforced to be
236	  executed as part of U-Boot initialisation so that they will
237	  surely take place whatever is set to distro_bootcmd.
238
239config EFI_CAPSULE_FIRMWARE
240	bool
241
242config EFI_CAPSULE_FIRMWARE_MANAGEMENT
243	bool "Capsule: Firmware Management Protocol"
244	depends on EFI_HAVE_CAPSULE_SUPPORT
245	default y
246	help
247	  Select this option if you want to enable capsule-based
248	  firmware update using Firmware Management Protocol.
249
250config EFI_CAPSULE_FIRMWARE_FIT
251	bool "FMP driver for FIT images"
252	depends on FIT
253	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
254	select UPDATE_FIT
255	select DFU
256	select SET_DFU_ALT_INFO
257	select EFI_CAPSULE_FIRMWARE
258	help
259	  Select this option if you want to enable firmware management protocol
260	  driver for FIT image
261
262config EFI_CAPSULE_FIRMWARE_RAW
263	bool "FMP driver for raw images"
264	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
265	depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
266	select DFU_WRITE_ALT
267	select DFU
268	select SET_DFU_ALT_INFO
269	select EFI_CAPSULE_FIRMWARE
270	help
271	  Select this option if you want to enable firmware management protocol
272	  driver for raw image
273
274config EFI_CAPSULE_AUTHENTICATE
275	bool "Update Capsule authentication"
276	depends on EFI_CAPSULE_FIRMWARE
277	depends on EFI_CAPSULE_ON_DISK
278	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
279	select HASH
280	select SHA256
281	select RSA
282	select RSA_VERIFY
283	select RSA_VERIFY_WITH_PKEY
284	select X509_CERTIFICATE_PARSER
285	select PKCS7_MESSAGE_PARSER
286	select PKCS7_VERIFY
287	select IMAGE_SIGN_INFO
288	select EFI_SIGNATURE_SUPPORT
289	help
290	  Select this option if you want to enable capsule
291	  authentication
292
293config EFI_CAPSULE_MAX
294	int "Max value for capsule index"
295	default 15
296	range 0 65535
297	help
298	  Select the max capsule index value used for capsule report
299	  variables. This value is used to create CapsuleMax variable.
300
301config EFI_CAPSULE_ESL_FILE
302	string "Path to the EFI Signature List File"
303	depends on EFI_CAPSULE_AUTHENTICATE
304	help
305	  Provides the path to the EFI Signature List file which will
306	  be embedded in the platform's device tree and used for
307	  capsule authentication at the time of capsule update.
308
309config EFI_DEVICE_PATH_TO_TEXT
310	bool "Device path to text protocol"
311	default y
312	help
313	  The device path to text protocol converts device nodes and paths to
314	  human readable strings.
315
316config EFI_DEVICE_PATH_UTIL
317	bool "Device path utilities protocol"
318	default y
319	help
320	  The device path utilities protocol creates and manipulates device
321	  paths and device nodes. It is required to run the EFI Shell.
322
323config EFI_DT_FIXUP
324	bool "Device tree fixup protocol"
325	depends on !GENERATE_ACPI_TABLE
326	default y
327	help
328	  The EFI device-tree fix-up protocol provides a function to let the
329	  firmware apply fix-ups. This may be used by boot loaders.
330
331config EFI_LOADER_HII
332	bool "HII protocols"
333	default y
334	help
335	  The Human Interface Infrastructure is a complicated framework that
336	  allows UEFI applications to draw fancy menus and hook strings using
337	  a translation framework.
338
339	  U-Boot implements enough of its features to be able to run the UEFI
340	  Shell, but not more than that.
341
342config EFI_UNICODE_COLLATION_PROTOCOL2
343	bool "Unicode collation protocol"
344	default y
345	help
346	  The Unicode collation protocol is used for lexical comparisons. It is
347	  required to run the UEFI shell.
348
349if EFI_UNICODE_COLLATION_PROTOCOL2
350
351config EFI_UNICODE_CAPITALIZATION
352	bool "Support Unicode capitalization"
353	default y
354	help
355	  Select this option to enable correct handling of the capitalization of
356	  Unicode codepoints in the range 0x0000-0xffff. If this option is not
357	  set, only the the correct handling of the letters of the codepage
358	  used by the FAT file system is ensured.
359
360endif
361
362config EFI_LOADER_BOUNCE_BUFFER
363	bool "EFI Applications use bounce buffers for DMA operations"
364	depends on ARM64
365	help
366	  Some hardware does not support DMA to full 64bit addresses. For this
367	  hardware we can create a bounce buffer so that payloads don't have to
368	  worry about platform details.
369
370config EFI_PLATFORM_LANG_CODES
371	string "Language codes supported by firmware"
372	default "en-US"
373	help
374	  This value is used to initialize the PlatformLangCodes variable. Its
375	  value is a semicolon (;) separated list of language codes in native
376	  RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
377	  to initialize the PlatformLang variable.
378
379config EFI_HAVE_RUNTIME_RESET
380	# bool "Reset runtime service is available"
381	bool
382	default y
383	depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
384		   SANDBOX || SYSRESET_SBI || SYSRESET_X86
385
386config EFI_GRUB_ARM32_WORKAROUND
387	bool "Workaround for GRUB on 32bit ARM"
388	default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
389	default y
390	depends on ARM && !ARM64
391	help
392	  GRUB prior to version 2.04 requires U-Boot to disable caches. This
393	  workaround currently is also needed on systems with caches that
394	  cannot be managed via CP15.
395
396config EFI_RNG_PROTOCOL
397	bool "EFI_RNG_PROTOCOL support"
398	depends on DM_RNG
399	default y
400	help
401	  Provide a EFI_RNG_PROTOCOL implementation using the hardware random
402	  number generator of the platform.
403
404config EFI_TCG2_PROTOCOL
405	bool "EFI_TCG2_PROTOCOL support"
406	default y
407	depends on TPM_V2
408	select SHA1
409	select SHA256
410	select SHA384
411	select SHA512
412	select HASH
413	select SMBIOS_PARSER
414	help
415	  Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
416	  of the platform.
417
418config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
419	int "EFI_TCG2_PROTOCOL EventLog size"
420	depends on EFI_TCG2_PROTOCOL
421	default 65536
422	help
423		Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
424		this is going to be allocated twice. One for the eventlog it self
425		and one for the configuration table that is required from the spec
426
427config EFI_TCG2_PROTOCOL_MEASURE_DTB
428	bool "Measure DTB with EFI_TCG2_PROTOCOL"
429	depends on EFI_TCG2_PROTOCOL
430	help
431	  When enabled, the DTB image passed to the booted EFI image is
432	  measured using the EFI TCG2 protocol. Do not enable this feature if
433	  the passed DTB contains data that change across platform reboots
434	  and cannot be used has a predictable measurement. Otherwise
435	  this feature allows better measurement of the system boot
436	  sequence.
437
438config EFI_LOAD_FILE2_INITRD
439	bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
440	default y
441	help
442	  Linux v5.7 and later can make use of this option. If the boot option
443	  selected by the UEFI boot manager specifies an existing file to be used
444	  as initial RAM disk, a Linux specific Load File2 protocol will be
445	  installed and Linux 5.7+ will ignore any initrd=<ramdisk> command line
446	  argument.
447
448config EFI_SECURE_BOOT
449	bool "Enable EFI secure boot support"
450	depends on EFI_LOADER && FIT_SIGNATURE
451	select HASH
452	select SHA256
453	select RSA
454	select RSA_VERIFY_WITH_PKEY
455	select IMAGE_SIGN_INFO
456	select ASYMMETRIC_KEY_TYPE
457	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
458	select X509_CERTIFICATE_PARSER
459	select PKCS7_MESSAGE_PARSER
460	select PKCS7_VERIFY
461	select MSCODE_PARSER
462	select EFI_SIGNATURE_SUPPORT
463	help
464	  Select this option to enable EFI secure boot support.
465	  Once SecureBoot mode is enforced, any EFI binary can run only if
466	  it is signed with a trusted key. To do that, you need to install,
467	  at least, PK, KEK and db.
468
469config EFI_SIGNATURE_SUPPORT
470	bool
471
472config EFI_ESRT
473	bool "Enable the UEFI ESRT generation"
474	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
475	default y
476	help
477	  Enabling this option creates the ESRT UEFI system table.
478
479config EFI_ECPT
480	bool "Enable the UEFI ECPT generation"
481	default y
482	help
483	  Enabling this option created the ECPT UEFI table.
484
485config EFI_EBBR_2_1_CONFORMANCE
486	bool "Add the EBBRv2.1 conformance entry to the ECPT table"
487	depends on EFI_ECPT
488	depends on EFI_LOADER_HII
489	depends on EFI_RISCV_BOOT_PROTOCOL || !RISCV
490	depends on EFI_RNG_PROTOCOL || !DM_RNG
491	depends on EFI_UNICODE_COLLATION_PROTOCOL2
492	default y
493	help
494	  Enabling this option adds the EBBRv2.1 conformance entry to the ECPT UEFI table.
495
496config EFI_RISCV_BOOT_PROTOCOL
497	bool "RISCV_EFI_BOOT_PROTOCOL support"
498	default y
499	depends on RISCV
500	help
501	  The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
502	  to the next boot stage. It should be enabled as it is meant to
503	  replace the transfer via the device-tree. The latter is not
504	  possible on systems using ACPI.
505
506config EFI_HTTP_BOOT
507	bool "EFI HTTP Boot support"
508	select CMD_DNS
509	select CMD_WGET
510	select BLKMAP
511	help
512	  Enabling this option adds EFI HTTP Boot support. It allows to
513	  directly boot from network.
514
515endif
516