1config EFI_LOADER
2	bool "Support running UEFI applications"
3	depends on OF_LIBFDT && ( \
4		ARM && (SYS_CPU = arm1136 || \
5			SYS_CPU = arm1176 || \
6			SYS_CPU = armv7   || \
7			SYS_CPU = armv8)  || \
8		X86 || RISCV || SANDBOX)
9	# We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
10	depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
11	# We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
12	depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
13	default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
14	select LIB_UUID
15	select HAVE_BLOCK_DEVICE
16	select REGEX
17	imply CFB_CONSOLE_ANSI
18	imply FAT
19	imply FAT_WRITE
20	imply USB_KEYBOARD_FN_KEYS
21	imply VIDEO_ANSI
22	help
23	  Select this option if you want to run UEFI applications (like GNU
24	  GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
25	  will expose the UEFI API to a loaded application, enabling it to
26	  reuse U-Boot's device drivers.
27
28if EFI_LOADER
29
30config CMD_BOOTEFI_BOOTMGR
31	bool "UEFI Boot Manager"
32	default y
33	help
34	  Select this option if you want to select the UEFI binary to be booted
35	  via UEFI variables Boot####, BootOrder, and BootNext. This enables the
36	  'bootefi bootmgr' command.
37
38config EFI_SETUP_EARLY
39	bool
40	default n
41
42choice
43	prompt "Store for non-volatile UEFI variables"
44	default EFI_VARIABLE_FILE_STORE
45	help
46	  Select where non-volatile UEFI variables shall be stored.
47
48config EFI_VARIABLE_FILE_STORE
49	bool "Store non-volatile UEFI variables as file"
50	depends on FAT_WRITE
51	help
52	  Select this option if you want non-volatile UEFI variables to be
53	  stored as file /ubootefi.var on the EFI system partition.
54
55config EFI_MM_COMM_TEE
56	bool "UEFI variables storage service via OP-TEE"
57	depends on OPTEE
58	help
59	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI
60	  variable related operations to that. The application will verify,
61	  authenticate and store the variables on an RPMB.
62
63endchoice
64
65config EFI_VARIABLES_PRESEED
66	bool "Initial values for UEFI variables"
67	depends on EFI_VARIABLE_FILE_STORE
68	help
69	  Include a file with the initial values for non-volatile UEFI variables
70	  into the U-Boot binary. If this configuration option is set, changes
71	  to authentication related variables (PK, KEK, db, dbx) are not
72	  allowed.
73
74if EFI_VARIABLES_PRESEED
75
76config EFI_VAR_SEED_FILE
77	string "File with initial values of non-volatile UEFI variables"
78	default ubootefi.var
79	help
80	  File with initial values of non-volatile UEFI variables. The file must
81	  be in the same format as the storage in the EFI system partition. The
82	  easiest way to create it is by setting the non-volatile variables in
83	  U-Boot. If a relative file path is used, it is relative to the source
84	  directory.
85
86endif
87
88config EFI_VAR_BUF_SIZE
89	int "Memory size of the UEFI variable store"
90	default 16384
91	range 4096 2147483647
92	help
93	  This defines the size in bytes of the memory area reserved for keeping
94	  UEFI variables.
95
96	  When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) this value should
97	  match the value of PcdFlashNvStorageVariableSize used to compile the
98	  StandAloneMM module.
99
100	  Minimum 4096, default 16384.
101
102config EFI_GET_TIME
103	bool "GetTime() runtime service"
104	depends on DM_RTC
105	default y
106	help
107	  Provide the GetTime() runtime service at boottime. This service
108	  can be used by an EFI application to read the real time clock.
109
110config EFI_SET_TIME
111	bool "SetTime() runtime service"
112	depends on EFI_GET_TIME
113	default y if ARCH_QEMU || SANDBOX
114	default n
115	help
116	  Provide the SetTime() runtime service at boottime. This service
117	  can be used by an EFI application to adjust the real time clock.
118
119config EFI_HAVE_CAPSULE_SUPPORT
120	bool
121
122config EFI_RUNTIME_UPDATE_CAPSULE
123	bool "UpdateCapsule() runtime service"
124	default n
125	select EFI_HAVE_CAPSULE_SUPPORT
126	help
127	  Select this option if you want to use UpdateCapsule and
128	  QueryCapsuleCapabilities API's.
129
130config EFI_CAPSULE_ON_DISK
131	bool "Enable capsule-on-disk support"
132	select EFI_HAVE_CAPSULE_SUPPORT
133	default n
134	help
135	  Select this option if you want to use capsule-on-disk feature,
136	  that is, capsules can be fetched and executed from files
137	  under a specific directory on UEFI system partition instead of
138	  via UpdateCapsule API.
139
140config EFI_CAPSULE_ON_DISK_EARLY
141	bool "Initiate capsule-on-disk at U-Boot boottime"
142	depends on EFI_CAPSULE_ON_DISK
143	default n
144	select EFI_SETUP_EARLY
145	help
146	  Normally, without this option enabled, capsules will be
147	  executed only at the first time of invoking one of efi command.
148	  If this option is enabled, capsules will be enforced to be
149	  executed as part of U-Boot initialisation so that they will
150	  surely take place whatever is set to distro_bootcmd.
151
152config EFI_CAPSULE_FIRMWARE
153	bool
154	default n
155
156config EFI_CAPSULE_FIRMWARE_MANAGEMENT
157	bool "Capsule: Firmware Management Protocol"
158	depends on EFI_HAVE_CAPSULE_SUPPORT
159	default y
160	help
161	  Select this option if you want to enable capsule-based
162	  firmware update using Firmware Management Protocol.
163
164config EFI_CAPSULE_AUTHENTICATE
165	bool "Update Capsule authentication"
166	depends on EFI_CAPSULE_FIRMWARE
167	depends on EFI_CAPSULE_ON_DISK
168	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
169	select SHA256
170	select RSA
171	select RSA_VERIFY
172	select RSA_VERIFY_WITH_PKEY
173	select X509_CERTIFICATE_PARSER
174	select PKCS7_MESSAGE_PARSER
175	select PKCS7_VERIFY
176	default n
177	help
178	  Select this option if you want to enable capsule
179	  authentication
180
181config EFI_CAPSULE_FIRMWARE_FIT
182	bool "FMP driver for FIT image"
183	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
184	depends on FIT
185	select UPDATE_FIT
186	select DFU
187	select EFI_CAPSULE_FIRMWARE
188	default n
189	help
190	  Select this option if you want to enable firmware management protocol
191	  driver for FIT image
192
193config EFI_CAPSULE_FIRMWARE_RAW
194	bool "FMP driver for raw image"
195	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
196	select DFU
197	select DFU_WRITE_ALT
198	select EFI_CAPSULE_FIRMWARE
199	default n
200	help
201	  Select this option if you want to enable firmware management protocol
202	  driver for raw image
203
204config EFI_DEVICE_PATH_TO_TEXT
205	bool "Device path to text protocol"
206	default y
207	help
208	  The device path to text protocol converts device nodes and paths to
209	  human readable strings.
210
211config EFI_DEVICE_PATH_UTIL
212	bool "Device path utilities protocol"
213	default y
214	help
215	  The device path utilities protocol creates and manipulates device
216	  paths and device nodes. It is required to run the EFI Shell.
217
218config EFI_DT_FIXUP
219	bool "Device tree fixup protocol"
220	depends on !GENERATE_ACPI_TABLE
221	default y
222	help
223	  The EFI device-tree fix-up protocol provides a function to let the
224	  firmware apply fix-ups. This may be used by boot loaders.
225
226config EFI_LOADER_HII
227	bool "HII protocols"
228	default y
229	help
230	  The Human Interface Infrastructure is a complicated framework that
231	  allows UEFI applications to draw fancy menus and hook strings using
232	  a translation framework.
233
234	  U-Boot implements enough of its features to be able to run the UEFI
235	  Shell, but not more than that.
236
237config EFI_UNICODE_COLLATION_PROTOCOL2
238	bool "Unicode collation protocol"
239	default y
240	help
241	  The Unicode collation protocol is used for lexical comparisons. It is
242	  required to run the UEFI shell.
243
244if EFI_UNICODE_COLLATION_PROTOCOL2
245
246config EFI_UNICODE_CAPITALIZATION
247	bool "Support Unicode capitalization"
248	default y
249	help
250	  Select this option to enable correct handling of the capitalization of
251	  Unicode codepoints in the range 0x0000-0xffff. If this option is not
252	  set, only the the correct handling of the letters of the codepage
253	  used by the FAT file system is ensured.
254
255endif
256
257config EFI_LOADER_BOUNCE_BUFFER
258	bool "EFI Applications use bounce buffers for DMA operations"
259	depends on ARM64
260	default n
261	help
262	  Some hardware does not support DMA to full 64bit addresses. For this
263	  hardware we can create a bounce buffer so that payloads don't have to
264	  worry about platform details.
265
266config EFI_PLATFORM_LANG_CODES
267	string "Language codes supported by firmware"
268	default "en-US"
269	help
270	  This value is used to initialize the PlatformLangCodes variable. Its
271	  value is a semicolon (;) separated list of language codes in native
272	  RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
273	  to initialize the PlatformLang variable.
274
275config EFI_HAVE_RUNTIME_RESET
276	# bool "Reset runtime service is available"
277	bool
278	default y
279	depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
280		   SANDBOX || SYSRESET_X86
281
282config EFI_GRUB_ARM32_WORKAROUND
283	bool "Workaround for GRUB on 32bit ARM"
284	default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
285	default y
286	depends on ARM && !ARM64
287	help
288	  GRUB prior to version 2.04 requires U-Boot to disable caches. This
289	  workaround currently is also needed on systems with caches that
290	  cannot be managed via CP15.
291
292config EFI_RNG_PROTOCOL
293	bool "EFI_RNG_PROTOCOL support"
294	depends on DM_RNG
295	default y
296	help
297	  Provide a EFI_RNG_PROTOCOL implementation using the hardware random
298	  number generator of the platform.
299
300config EFI_TCG2_PROTOCOL
301	bool "EFI_TCG2_PROTOCOL support"
302	depends on TPM_V2
303	help
304	  Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
305	  of the platform.
306
307config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
308	int "EFI_TCG2_PROTOCOL EventLog size"
309	depends on EFI_TCG2_PROTOCOL
310	default 4096
311	help
312		Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
313		this is going to be allocated twice. One for the eventlog it self
314		and one for the configuration table that is required from the spec
315
316config EFI_LOAD_FILE2_INITRD
317	bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
318	default n
319	help
320	  Expose a EFI_FILE_LOAD2_PROTOCOL that the Linux UEFI stub can
321	  use to load the initial ramdisk. Once this is enabled using
322	  initrd=<ramdisk> will stop working.
323
324config EFI_INITRD_FILESPEC
325	string "initramfs path"
326	default "host 0:1 initrd"
327	depends on EFI_LOAD_FILE2_INITRD
328	help
329	  Full path of the initramfs file, e.g. mmc 0:2 initramfs.cpio.gz.
330
331config EFI_SECURE_BOOT
332	bool "Enable EFI secure boot support"
333	depends on EFI_LOADER
334	select SHA256
335	select RSA
336	select RSA_VERIFY_WITH_PKEY
337	select IMAGE_SIGN_INFO
338	select ASYMMETRIC_KEY_TYPE
339	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
340	select X509_CERTIFICATE_PARSER
341	select PKCS7_MESSAGE_PARSER
342	select PKCS7_VERIFY
343	default n
344	help
345	  Select this option to enable EFI secure boot support.
346	  Once SecureBoot mode is enforced, any EFI binary can run only if
347	  it is signed with a trusted key. To do that, you need to install,
348	  at least, PK, KEK and db.
349
350endif
351