1config EFI_LOADER
2	bool "Support running UEFI applications"
3	depends on OF_LIBFDT && ( \
4		ARM && (SYS_CPU = arm1136 || \
5			SYS_CPU = arm1176 || \
6			SYS_CPU = armv7   || \
7			SYS_CPU = armv8)  || \
8		X86 || RISCV || SANDBOX)
9	# We need EFI_STUB_64BIT to be set on x86_64 with EFI_STUB
10	depends on !EFI_STUB || !X86_64 || EFI_STUB_64BIT
11	# We need EFI_STUB_32BIT to be set on x86_32 with EFI_STUB
12	depends on !EFI_STUB || !X86 || X86_64 || EFI_STUB_32BIT
13	default y if !ARM || SYS_CPU = armv7 || SYS_CPU = armv8
14	select LIB_UUID
15	select HAVE_BLOCK_DEVICE
16	select REGEX
17	imply CFB_CONSOLE_ANSI
18	imply FAT
19	imply FAT_WRITE
20	imply USB_KEYBOARD_FN_KEYS
21	imply VIDEO_ANSI
22	help
23	  Select this option if you want to run UEFI applications (like GNU
24	  GRUB or iPXE) on top of U-Boot. If this option is enabled, U-Boot
25	  will expose the UEFI API to a loaded application, enabling it to
26	  reuse U-Boot's device drivers.
27
28if EFI_LOADER
29
30config CMD_BOOTEFI_BOOTMGR
31	bool "UEFI Boot Manager"
32	default y
33	help
34	  Select this option if you want to select the UEFI binary to be booted
35	  via UEFI variables Boot####, BootOrder, and BootNext. This enables the
36	  'bootefi bootmgr' command.
37
38config EFI_SETUP_EARLY
39	bool
40	default n
41
42choice
43	prompt "Store for non-volatile UEFI variables"
44	default EFI_VARIABLE_FILE_STORE
45	help
46	  Select where non-volatile UEFI variables shall be stored.
47
48config EFI_VARIABLE_FILE_STORE
49	bool "Store non-volatile UEFI variables as file"
50	depends on FAT_WRITE
51	help
52	  Select this option if you want non-volatile UEFI variables to be
53	  stored as file /ubootefi.var on the EFI system partition.
54
55config EFI_MM_COMM_TEE
56	bool "UEFI variables storage service via OP-TEE"
57	depends on OPTEE
58	help
59	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI
60	  variable related operations to that. The application will verify,
61	  authenticate and store the variables on an RPMB.
62
63endchoice
64
65config EFI_VARIABLES_PRESEED
66	bool "Initial values for UEFI variables"
67	depends on EFI_VARIABLE_FILE_STORE
68	help
69	  Include a file with the initial values for non-volatile UEFI variables
70	  into the U-Boot binary. If this configuration option is set, changes
71	  to authentication related variables (PK, KEK, db, dbx) are not
72	  allowed.
73
74if EFI_VARIABLES_PRESEED
75
76config EFI_VAR_SEED_FILE
77	string "File with initial values of non-volatile UEFI variables"
78	default ubootefi.var
79	help
80	  File with initial values of non-volatile UEFI variables. The file must
81	  be in the same format as the storage in the EFI system partition. The
82	  easiest way to create it is by setting the non-volatile variables in
83	  U-Boot. If a relative file path is used, it is relative to the source
84	  directory.
85
86endif
87
88config EFI_VAR_BUF_SIZE
89	int "Memory size of the UEFI variable store"
90	default 16384
91	range 4096 2147483647
92	help
93	  This defines the size in bytes of the memory area reserved for keeping
94	  UEFI variables.
95
96	  When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) this value should
97	  match the value of PcdFlashNvStorageVariableSize used to compile the
98	  StandAloneMM module.
99
100	  Minimum 4096, default 16384.
101
102config EFI_GET_TIME
103	bool "GetTime() runtime service"
104	depends on DM_RTC
105	default y
106	help
107	  Provide the GetTime() runtime service at boottime. This service
108	  can be used by an EFI application to read the real time clock.
109
110config EFI_SET_TIME
111	bool "SetTime() runtime service"
112	depends on EFI_GET_TIME
113	default y if ARCH_QEMU || SANDBOX
114	default n
115	help
116	  Provide the SetTime() runtime service at boottime. This service
117	  can be used by an EFI application to adjust the real time clock.
118
119config EFI_HAVE_CAPSULE_SUPPORT
120	bool
121
122config EFI_RUNTIME_UPDATE_CAPSULE
123	bool "UpdateCapsule() runtime service"
124	default n
125	select EFI_HAVE_CAPSULE_SUPPORT
126	help
127	  Select this option if you want to use UpdateCapsule and
128	  QueryCapsuleCapabilities API's.
129
130config EFI_CAPSULE_ON_DISK
131	bool "Enable capsule-on-disk support"
132	select EFI_HAVE_CAPSULE_SUPPORT
133	default n
134	help
135	  Select this option if you want to use capsule-on-disk feature,
136	  that is, capsules can be fetched and executed from files
137	  under a specific directory on UEFI system partition instead of
138	  via UpdateCapsule API.
139
140config EFI_IGNORE_OSINDICATIONS
141	bool "Ignore OsIndications for CapsuleUpdate on-disk"
142	depends on EFI_CAPSULE_ON_DISK
143	default n
144	help
145	  There are boards where U-Boot does not support SetVariable at runtime.
146	  Select this option if you want to use the capsule-on-disk feature
147	  without setting the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
148	  flag in variable OsIndications.
149
150config EFI_CAPSULE_ON_DISK_EARLY
151	bool "Initiate capsule-on-disk at U-Boot boottime"
152	depends on EFI_CAPSULE_ON_DISK
153	default n
154	select EFI_SETUP_EARLY
155	help
156	  Normally, without this option enabled, capsules will be
157	  executed only at the first time of invoking one of efi command.
158	  If this option is enabled, capsules will be enforced to be
159	  executed as part of U-Boot initialisation so that they will
160	  surely take place whatever is set to distro_bootcmd.
161
162config EFI_CAPSULE_FIRMWARE
163	bool
164	default n
165
166config EFI_CAPSULE_FIRMWARE_MANAGEMENT
167	bool "Capsule: Firmware Management Protocol"
168	depends on EFI_HAVE_CAPSULE_SUPPORT
169	default y
170	help
171	  Select this option if you want to enable capsule-based
172	  firmware update using Firmware Management Protocol.
173
174config EFI_CAPSULE_FIRMWARE_FIT
175	bool "FMP driver for FIT images"
176	depends on FIT
177	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
178	select UPDATE_FIT
179	select DFU
180	select EFI_CAPSULE_FIRMWARE
181	help
182	  Select this option if you want to enable firmware management protocol
183	  driver for FIT image
184
185config EFI_CAPSULE_FIRMWARE_RAW
186	bool "FMP driver for raw images"
187	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
188	depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
189	select DFU_WRITE_ALT
190	select DFU
191	select EFI_CAPSULE_FIRMWARE
192	help
193	  Select this option if you want to enable firmware management protocol
194	  driver for raw image
195
196config EFI_CAPSULE_AUTHENTICATE
197	bool "Update Capsule authentication"
198	depends on EFI_CAPSULE_FIRMWARE
199	depends on EFI_CAPSULE_ON_DISK
200	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
201	select HASH
202	select SHA256
203	select RSA
204	select RSA_VERIFY
205	select RSA_VERIFY_WITH_PKEY
206	select X509_CERTIFICATE_PARSER
207	select PKCS7_MESSAGE_PARSER
208	select PKCS7_VERIFY
209	select IMAGE_SIGN_INFO
210	select EFI_SIGNATURE_SUPPORT
211	default n
212	help
213	  Select this option if you want to enable capsule
214	  authentication
215
216config EFI_DEVICE_PATH_TO_TEXT
217	bool "Device path to text protocol"
218	default y
219	help
220	  The device path to text protocol converts device nodes and paths to
221	  human readable strings.
222
223config EFI_DEVICE_PATH_UTIL
224	bool "Device path utilities protocol"
225	default y
226	help
227	  The device path utilities protocol creates and manipulates device
228	  paths and device nodes. It is required to run the EFI Shell.
229
230config EFI_DT_FIXUP
231	bool "Device tree fixup protocol"
232	depends on !GENERATE_ACPI_TABLE
233	default y
234	help
235	  The EFI device-tree fix-up protocol provides a function to let the
236	  firmware apply fix-ups. This may be used by boot loaders.
237
238config EFI_LOADER_HII
239	bool "HII protocols"
240	default y
241	help
242	  The Human Interface Infrastructure is a complicated framework that
243	  allows UEFI applications to draw fancy menus and hook strings using
244	  a translation framework.
245
246	  U-Boot implements enough of its features to be able to run the UEFI
247	  Shell, but not more than that.
248
249config EFI_UNICODE_COLLATION_PROTOCOL2
250	bool "Unicode collation protocol"
251	default y
252	help
253	  The Unicode collation protocol is used for lexical comparisons. It is
254	  required to run the UEFI shell.
255
256if EFI_UNICODE_COLLATION_PROTOCOL2
257
258config EFI_UNICODE_CAPITALIZATION
259	bool "Support Unicode capitalization"
260	default y
261	help
262	  Select this option to enable correct handling of the capitalization of
263	  Unicode codepoints in the range 0x0000-0xffff. If this option is not
264	  set, only the the correct handling of the letters of the codepage
265	  used by the FAT file system is ensured.
266
267endif
268
269config EFI_LOADER_BOUNCE_BUFFER
270	bool "EFI Applications use bounce buffers for DMA operations"
271	depends on ARM64
272	default n
273	help
274	  Some hardware does not support DMA to full 64bit addresses. For this
275	  hardware we can create a bounce buffer so that payloads don't have to
276	  worry about platform details.
277
278config EFI_PLATFORM_LANG_CODES
279	string "Language codes supported by firmware"
280	default "en-US"
281	help
282	  This value is used to initialize the PlatformLangCodes variable. Its
283	  value is a semicolon (;) separated list of language codes in native
284	  RFC 4646 format, e.g. "en-US;de-DE". The first language code is used
285	  to initialize the PlatformLang variable.
286
287config EFI_HAVE_RUNTIME_RESET
288	# bool "Reset runtime service is available"
289	bool
290	default y
291	depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
292		   SANDBOX || SYSRESET_X86
293
294config EFI_GRUB_ARM32_WORKAROUND
295	bool "Workaround for GRUB on 32bit ARM"
296	default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
297	default y
298	depends on ARM && !ARM64
299	help
300	  GRUB prior to version 2.04 requires U-Boot to disable caches. This
301	  workaround currently is also needed on systems with caches that
302	  cannot be managed via CP15.
303
304config EFI_RNG_PROTOCOL
305	bool "EFI_RNG_PROTOCOL support"
306	depends on DM_RNG
307	default y
308	help
309	  Provide a EFI_RNG_PROTOCOL implementation using the hardware random
310	  number generator of the platform.
311
312config EFI_TCG2_PROTOCOL
313	bool "EFI_TCG2_PROTOCOL support"
314	default y
315	depends on TPM_V2
316	select SHA1
317	select SHA256
318	select SHA512_ALGO
319	select SHA384
320	select SHA512
321	select HASH
322	help
323	  Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
324	  of the platform.
325
326config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
327	int "EFI_TCG2_PROTOCOL EventLog size"
328	depends on EFI_TCG2_PROTOCOL
329	default 4096
330	help
331		Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
332		this is going to be allocated twice. One for the eventlog it self
333		and one for the configuration table that is required from the spec
334
335config EFI_LOAD_FILE2_INITRD
336	bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk"
337	default y
338	help
339	  Linux v5.7 and later can make use of this option. If the boot option
340	  selected by the UEFI boot manager specifies an existing file to be used
341	  as initial RAM disk, a Linux specific Load File2 protocol will be
342	  installed and Linux 5.7+ will ignore any initrd=<ramdisk> command line
343	  argument.
344
345config EFI_SECURE_BOOT
346	bool "Enable EFI secure boot support"
347	depends on EFI_LOADER
348	select HASH
349	select SHA256
350	select RSA
351	select RSA_VERIFY_WITH_PKEY
352	select IMAGE_SIGN_INFO
353	select ASYMMETRIC_KEY_TYPE
354	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
355	select X509_CERTIFICATE_PARSER
356	select PKCS7_MESSAGE_PARSER
357	select PKCS7_VERIFY
358	select EFI_SIGNATURE_SUPPORT
359	default n
360	help
361	  Select this option to enable EFI secure boot support.
362	  Once SecureBoot mode is enforced, any EFI binary can run only if
363	  it is signed with a trusted key. To do that, you need to install,
364	  at least, PK, KEK and db.
365
366config EFI_SIGNATURE_SUPPORT
367	bool
368
369config EFI_ESRT
370	bool "Enable the UEFI ESRT generation"
371	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
372	default y
373	help
374	  Enabling this option creates the ESRT UEFI system table.
375
376endif
377