aboutsummaryrefslogtreecommitdiffstats
path: root/src/vendorcode/google/chromeos/vboot2/Kconfig
blob: 16b811069e76a1f7328f0688280d3c1876ad6747 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
## This file is part of the coreboot project.
##
## Copyright (C) 2014 The ChromiumOS Authors.  All rights reserved.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
##

config VBOOT2_VERIFY_FIRMWARE
	bool "Firmware Verification with vboot2"
	default n
	depends on CHROMEOS && HAVE_HARD_RESET
	help
	  Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage
	  and boot loader.

config VBOOT2_MOCK_SECDATA
	bool "Mock secdata for firmware verification"
	default n
	depends on VBOOT2_VERIFY_FIRMWARE
	help
	  Enabling VBOOT2_MOCK_SECDATA will mock secdata for the firmware
	  verification to avoid access to a secdata storage (typically TPM).
	  All operations for a secdata storage will be successful. This option
	  can be used during development when a TPM is not present or broken.
	  THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.

config RETURN_FROM_VERSTAGE
	bool "return from verstage"
	default n
	depends on VBOOT2_VERIFY_FIRMWARE
	help
	  If this is set, the verstage returns back to the bootblock instead of
	  exits to the romstage so that the verstage space can be reused by the
	  romstage. Useful if a ram space is too small to fit both the verstage
	  and the romstage.

config VBOOT_ROMSTAGE_INDEX
	hex
	default 2
	depends on VBOOT2_VERIFY_FIRMWARE
	help
	  This is the index of the romstage component in the verified
	  firmware block.

config VBOOT_DISABLE_DEV_ON_RECOVERY
	bool "Disable dev mode on recovery requests"
	default n
	depends on VBOOT2_VERIFY_FIRMWARE
	help
	  When this option is enabled, the Chrome OS device leaves the
	  developer mode as soon as recovery request is detected. This is
	  handy on embedded devices with limited input capabilities.