1config EFI_LOADER
2	bool "Support running UEFI applications"
3	depends on OF_LIBFDT && ( \
4		ARM && (SYS_CPU = arm1136 || \
5			SYS_CPU = arm1176 || \
6			SYS_CPU = armv7   || \
7			SYS_CPU = armv8)  || \
8		X86 || RISCV || SANDBOX)
9	# We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
10	depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
11	# We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
12	depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
13	depends on BLK
14	depends on DM_ETH || !NET
15	default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
16	select LIB_UUID
17	select PARTITION_UUIDS
18	select HAVE_BLOCK_DEVICE
19	select REGEX
20	imply CFB_CONSOLE_ANSI
21	imply FAT
22	imply FAT_WRITE
23	imply USB_KEYBOARD_FN_KEYS
24	imply VIDEO_ANSI
25	help
26	  Select this option if you want to run UEFI applications (like GNU
27	  GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
28	  will expose the UEFI API to a loaded application, enabling it to
29	  reuse U-Boot's device drivers.
30
31if EFI_LOADER
32
33config CMD_BOOTEFI_BOOTMGR
34	bool "UEFI Boot Manager"
35	default y
36	help
37	  Select this option if you want to select the UEFI binary to be booted
38	  via UEFI variables Boot####, BootOrder, and BootNext. This enables the
39	  'bootefi bootmgr' command.
40
41config EFI_SETUP_EARLY
42	bool
43
44choice
45	prompt "Store for non-volatile UEFI variables"
46	default EFI_VARIABLE_FILE_STORE
47	help
48	  Select where non-volatile UEFI variables shall be stored.
49
50config EFI_VARIABLE_FILE_STORE
51	bool "Store non-volatile UEFI variables as file"
52	depends on FAT_WRITE
53	help
54	  Select this option if you want non-volatile UEFI variables to be
55	  stored as file /ubootefi.var on the EFI system partition.
56
57config EFI_MM_COMM_TEE
58	bool "UEFI variables storage service via OP-TEE"
59	depends on OPTEE
60	help
61	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI
62	  variable related operations to that. The application will verify,
63	  authenticate and store the variables on an RPMB.
64
65endchoice
66
67config EFI_VARIABLES_PRESEED
68	bool "Initial values for UEFI variables"
69	depends on EFI_VARIABLE_FILE_STORE
70	help
71	  Include a file with the initial values for non-volatile UEFI variables
72	  into the U-Boot binary. If this configuration option is set, changes
73	  to authentication related variables (PK, KEK, db, dbx) are not
74	  allowed.
75
76if EFI_VARIABLES_PRESEED
77
78config EFI_VAR_SEED_FILE
79	string "File with initial values of non-volatile UEFI variables"
80	default ubootefi.var
81	help
82	  File with initial values of non-volatile UEFI variables. The file must
83	  be in the same format as the storage in the EFI system partition. The
84	  easiest way to create it is by setting the non-volatile variables in
85	  U-Boot. If a relative file path is used, it is relative to the source
86	  directory.
87
88endif
89
90config EFI_VAR_BUF_SIZE
91	int "Memory size of the UEFI variable store"
92	default 16384
93	range 4096 2147483647
94	help
95	  This defines the size in bytes of the memory area reserved for keeping
96	  UEFI variables.
97
98	  When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) this value should
99	  match the value of PcdFlashNvStorageVariableSize used to compile the
100	  StandAloneMM module.
101
102	  Minimum 4096, default 16384.
103
104config EFI_GET_TIME
105	bool "GetTime() runtime service"
106	depends on DM_RTC
107	default y
108	help
109	  Provide the GetTime() runtime service at boottime. This service
110	  can be used by an EFI application to read the real time clock.
111
112config EFI_SET_TIME
113	bool "SetTime() runtime service"
114	depends on EFI_GET_TIME
115	default y if ARCH_QEMU || SANDBOX
116	help
117	  Provide the SetTime() runtime service at boottime. This service
118	  can be used by an EFI application to adjust the real time clock.
119
120config EFI_HAVE_CAPSULE_SUPPORT
121	bool
122
123config EFI_RUNTIME_UPDATE_CAPSULE
124	bool "UpdateCapsule() runtime service"
125	select EFI_HAVE_CAPSULE_SUPPORT
126	help
127	  Select this option if you want to use UpdateCapsule and
128	  QueryCapsuleCapabilities API's.
129
130config EFI_CAPSULE_ON_DISK
131	bool "Enable capsule-on-disk support"
132	select EFI_HAVE_CAPSULE_SUPPORT
133	help
134	  Select this option if you want to use capsule-on-disk feature,
135	  that is, capsules can be fetched and executed from files
136	  under a specific directory on UEFI system partition instead of
137	  via UpdateCapsule API.
138
139config EFI_IGNORE_OSINDICATIONS
140	bool "Ignore OsIndications for CapsuleUpdate on-disk"
141	depends on EFI_CAPSULE_ON_DISK
142	help
143	  There are boards where U-Boot does not support SetVariable at runtime.
144	  Select this option if you want to use the capsule-on-disk feature
145	  without setting the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
146	  flag in variable OsIndications.
147
148config EFI_CAPSULE_ON_DISK_EARLY
149	bool "Initiate capsule-on-disk at U-Boot boottime"
150	depends on EFI_CAPSULE_ON_DISK
151	select EFI_SETUP_EARLY
152	help
153	  Normally, without this option enabled, capsules will be
154	  executed only at the first time of invoking one of efi command.
155	  If this option is enabled, capsules will be enforced to be
156	  executed as part of U-Boot initialisation so that they will
157	  surely take place whatever is set to distro_bootcmd.
158
159config EFI_CAPSULE_FIRMWARE
160	bool
161
162config EFI_CAPSULE_FIRMWARE_MANAGEMENT
163	bool "Capsule: Firmware Management Protocol"
164	depends on EFI_HAVE_CAPSULE_SUPPORT
165	default y
166	help
167	  Select this option if you want to enable capsule-based
168	  firmware update using Firmware Management Protocol.
169
170config EFI_CAPSULE_FIRMWARE_FIT
171	bool "FMP driver for FIT images"
172	depends on FIT
173	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
174	select UPDATE_FIT
175	select DFU
176	select EFI_CAPSULE_FIRMWARE
177	help
178	  Select this option if you want to enable firmware management protocol
179	  driver for FIT image
180
181config EFI_CAPSULE_FIRMWARE_RAW
182	bool "FMP driver for raw images"
183	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
184	depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
185	select DFU_WRITE_ALT
186	select DFU
187	select EFI_CAPSULE_FIRMWARE
188	help
189	  Select this option if you want to enable firmware management protocol
190	  driver for raw image
191
192config EFI_CAPSULE_AUTHENTICATE
193	bool "Update Capsule authentication"
194	depends on EFI_CAPSULE_FIRMWARE
195	depends on EFI_CAPSULE_ON_DISK
196	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
197	select HASH
198	select SHA256
199	select RSA
200	select RSA_VERIFY
201	select RSA_VERIFY_WITH_PKEY
202	select X509_CERTIFICATE_PARSER
203	select PKCS7_MESSAGE_PARSER
204	select PKCS7_VERIFY
205	select IMAGE_SIGN_INFO
206	select EFI_SIGNATURE_SUPPORT
207	help
208	  Select this option if you want to enable capsule
209	  authentication
210
211config EFI_DEVICE_PATH_TO_TEXT
212	bool "Device path to text protocol"
213	default y
214	help
215	  The device path to text protocol converts device nodes and paths to
216	  human readable strings.
217
218config EFI_DEVICE_PATH_UTIL
219	bool "Device path utilities protocol"
220	default y
221	help
222	  The device path utilities protocol creates and manipulates device
223	  paths and device nodes. It is required to run the EFI Shell.
224
225config EFI_DT_FIXUP
226	bool "Device tree fixup protocol"
227	depends on !GENERATE_ACPI_TABLE
228	default y
229	help
230	  The EFI device-tree fix-up protocol provides a function to let the
231	  firmware apply fix-ups. This may be used by boot loaders.
232
233config EFI_LOADER_HII
234	bool "HII protocols"
235	default y
236	help
237	  The Human Interface Infrastructure is a complicated framework that
238	  allows UEFI applications to draw fancy menus and hook strings using
239	  a translation framework.
240
241	  U-Boot implements enough of its features to be able to run the UEFI
242	  Shell, but not more than that.
243
244config EFI_UNICODE_COLLATION_PROTOCOL2
245	bool "Unicode collation protocol"
246	default y
247	help
248	  The Unicode collation protocol is used for lexical comparisons. It is
249	  required to run the UEFI shell.
250
251if EFI_UNICODE_COLLATION_PROTOCOL2
252
253config EFI_UNICODE_CAPITALIZATION
254	bool "Support Unicode capitalization"
255	default y
256	help
257	  Select this option to enable correct handling of the capitalization of
258	  Unicode codepoints in the range 0x0000-0xffff. If this option is not
259	  set, only the the correct handling of the letters of the codepage
260	  used by the FAT file system is ensured.
261
262endif
263
264config EFI_LOADER_BOUNCE_BUFFER
265	bool "EFI Applications use bounce buffers for DMA operations"
266	depends on ARM64
267	help
268	  Some hardware does not support DMA to full 64bit addresses. For this
269	  hardware we can create a bounce buffer so that payloads don't have to
270	  worry about platform details.
271
272config EFI_PLATFORM_LANG_CODES
273	string "Language codes supported by firmware"
274	default "en-US"
275	help
276	  This value is used to initialize the PlatformLangCodes variable. Its
277	  value is a semicolon (;) separated list of language codes in native
278	  RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
279	  to initialize the PlatformLang variable.
280
281config EFI_HAVE_RUNTIME_RESET
282	# bool "Reset runtime service is available"
283	bool
284	default y
285	depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
286		   SANDBOX || SYSRESET_X86
287
288config EFI_GRUB_ARM32_WORKAROUND
289	bool "Workaround for GRUB on 32bit ARM"
290	default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
291	default y
292	depends on ARM && !ARM64
293	help
294	  GRUB prior to version 2.04 requires U-Boot to disable caches. This
295	  workaround currently is also needed on systems with caches that
296	  cannot be managed via CP15.
297
298config EFI_RNG_PROTOCOL
299	bool "EFI_RNG_PROTOCOL support"
300	depends on DM_RNG
301	default y
302	help
303	  Provide a EFI_RNG_PROTOCOL implementation using the hardware random
304	  number generator of the platform.
305
306config EFI_TCG2_PROTOCOL
307	bool "EFI_TCG2_PROTOCOL support"
308	default y
309	depends on TPM_V2
310	select SHA1
311	select SHA256
312	select SHA384
313	select SHA512
314	select HASH
315	select SMBIOS_PARSER
316	help
317	  Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
318	  of the platform.
319
320config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
321	int "EFI_TCG2_PROTOCOL EventLog size"
322	depends on EFI_TCG2_PROTOCOL
323	default 65536
324	help
325		Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
326		this is going to be allocated twice. One for the eventlog it self
327		and one for the configuration table that is required from the spec
328
329config EFI_LOAD_FILE2_INITRD
330	bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
331	default y
332	help
333	  Linux v5.7 and later can make use of this option. If the boot option
334	  selected by the UEFI boot manager specifies an existing file to be used
335	  as initial RAM disk, a Linux specific Load File2 protocol will be
336	  installed and Linux 5.7+ will ignore any initrd=<ramdisk> command line
337	  argument.
338
339config EFI_SECURE_BOOT
340	bool "Enable EFI secure boot support"
341	depends on EFI_LOADER && FIT_SIGNATURE
342	select HASH
343	select SHA256
344	select RSA
345	select RSA_VERIFY_WITH_PKEY
346	select IMAGE_SIGN_INFO
347	select ASYMMETRIC_KEY_TYPE
348	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
349	select X509_CERTIFICATE_PARSER
350	select PKCS7_MESSAGE_PARSER
351	select PKCS7_VERIFY
352	select EFI_SIGNATURE_SUPPORT
353	help
354	  Select this option to enable EFI secure boot support.
355	  Once SecureBoot mode is enforced, any EFI binary can run only if
356	  it is signed with a trusted key. To do that, you need to install,
357	  at least, PK, KEK and db.
358
359config EFI_SIGNATURE_SUPPORT
360	bool
361
362config EFI_ESRT
363	bool "Enable the UEFI ESRT generation"
364	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
365	default y
366	help
367	  Enabling this option creates the ESRT UEFI system table.
368
369endif
370