[mirror_ubuntu-hirsute-kernel.git] / drivers / firmware / efi / Kconfig

# SPDX-License-Identifier: GPL-2.0-only
menu "EFI (Extensible Firmware Interface) Support"
	depends on EFI

config EFI_VARS
	tristate "EFI Variable Support via sysfs"
	depends on EFI
	default n
	help
	  If you say Y here, you are able to get EFI (Extensible Firmware
	  Interface) variable information via sysfs.  You may read,
	  write, create, and destroy EFI variables through this interface.

	  Note that using this driver in concert with efibootmgr requires
	  at least test release version 0.5.0-test3 or later, which is
	  available from:
	  <http://linux.dell.com/efibootmgr/testing/efibootmgr-0.5.0-test3.tar.gz>

	  Subsequent efibootmgr releases may be found at:
	  <http://github.com/vathpela/efibootmgr>

config EFI_ESRT
	bool
	depends on EFI && !IA64
	default y

config EFI_VARS_PSTORE
	tristate "Register efivars backend for pstore"
	depends on EFI_VARS && PSTORE
	default y
	help
	  Say Y here to enable use efivars as a backend to pstore. This
	  will allow writing console messages, crash dumps, or anything
	  else supported by pstore to EFI variables.

config EFI_VARS_PSTORE_DEFAULT_DISABLE
	bool "Disable using efivars as a pstore backend by default"
	depends on EFI_VARS_PSTORE
	default n
	help
	  Saying Y here will disable the use of efivars as a storage
	  backend for pstore by default. This setting can be overridden
	  using the efivars module's pstore_disable parameter.

config EFI_RUNTIME_MAP
	bool "Export efi runtime maps to sysfs"
	depends on X86 && EFI && KEXEC_CORE
	default y
	help
	  Export efi runtime memory maps to /sys/firmware/efi/runtime-map.
	  That memory map is used for example by kexec to set up efi virtual
	  mapping the 2nd kernel, but can also be used for debugging purposes.

	  See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.

config EFI_FAKE_MEMMAP
	bool "Enable EFI fake memory map"
	depends on EFI && X86
	default n
	help
	  Saying Y here will enable "efi_fake_mem" boot option.
	  By specifying this parameter, you can add arbitrary attribute
	  to specific memory range by updating original (firmware provided)
	  EFI memmap.
	  This is useful for debugging of EFI memmap related feature.
	  e.g. Address Range Mirroring feature.

config EFI_MAX_FAKE_MEM
	int "maximum allowable number of ranges in efi_fake_mem boot option"
	depends on EFI_FAKE_MEMMAP
	range 1 128
	default 8
	help
	  Maximum allowable number of ranges in efi_fake_mem boot option.
	  Ranges can be set up to this value using comma-separated list.
	  The default value is 8.

config EFI_SOFT_RESERVE
	bool "Reserve EFI Specific Purpose Memory"
	depends on EFI && EFI_STUB && ACPI_HMAT
	default ACPI_HMAT
	help
	  On systems that have mixed performance classes of memory EFI
	  may indicate specific purpose memory with an attribute (See
	  EFI_MEMORY_SP in UEFI 2.8). A memory range tagged with this
	  attribute may have unique performance characteristics compared
	  to the system's general purpose "System RAM" pool. On the
	  expectation that such memory has application specific usage,
	  and its base EFI memory type is "conventional" answer Y to
	  arrange for the kernel to reserve it as a "Soft Reserved"
	  resource, and set aside for direct-access (device-dax) by
	  default. The memory range can later be optionally assigned to
	  the page allocator by system administrator policy via the
	  device-dax kmem facility. Say N to have the kernel treat this
	  memory as "System RAM" by default.

	  If unsure, say Y.

config EFI_PARAMS_FROM_FDT
	bool
	help
	  Select this config option from the architecture Kconfig if
	  the EFI runtime support gets system table address, memory
          map address, and other parameters from the device tree.

config EFI_RUNTIME_WRAPPERS
	bool

config EFI_ARMSTUB
	bool

config EFI_ARMSTUB_DTB_LOADER
	bool "Enable the DTB loader"
	depends on EFI_ARMSTUB
	default y
	help
	  Select this config option to add support for the dtb= command
	  line parameter, allowing a device tree blob to be loaded into
	  memory from the EFI System Partition by the stub.

	  If the device tree is provided by the platform or by
	  the bootloader this option may not be needed.
	  But, for various development reasons and to maintain existing
	  functionality for bootloaders that do not have such support
	  this option is necessary.

config EFI_BOOTLOADER_CONTROL
	tristate "EFI Bootloader Control"
	depends on EFI_VARS
	default n
	---help---
	  This module installs a reboot hook, such that if reboot() is
	  invoked with a string argument NNN, "NNN" is copied to the
	  "LoaderEntryOneShot" EFI variable, to be read by the
	  bootloader. If the string matches one of the boot labels
	  defined in its configuration, the bootloader will boot once
	  to that label. The "LoaderEntryRebootReason" EFI variable is
	  set with the reboot reason: "reboot" or "shutdown". The
	  bootloader reads this reboot reason and takes particular
	  action according to its policy.

config EFI_CAPSULE_LOADER
	tristate "EFI capsule loader"
	depends on EFI
	help
	  This option exposes a loader interface "/dev/efi_capsule_loader" for
	  users to load EFI capsules. This driver requires working runtime
	  capsule support in the firmware, which many OEMs do not provide.

	  Most users should say N.

config EFI_CAPSULE_QUIRK_QUARK_CSH
	bool "Add support for Quark capsules with non-standard headers"
	depends on X86 && !64BIT
	select EFI_CAPSULE_LOADER
	default y
	help
	  Add support for processing Quark X1000 EFI capsules, whose header
	  layout deviates from the layout mandated by the UEFI specification.

config EFI_TEST
	tristate "EFI Runtime Service Tests Support"
	depends on EFI
	default n
	help
	  This driver uses the efi.<service> function pointers directly instead
	  of going through the efivar API, because it is not trying to test the
	  kernel subsystem, just for testing the UEFI runtime service
	  interfaces which are provided by the firmware. This driver is used
	  by the Firmware Test Suite (FWTS) for testing the UEFI runtime
	  interfaces readiness of the firmware.
	  Details for FWTS are available from:
	  <https://wiki.ubuntu.com/FirmwareTestSuite>

	  Say Y here to enable the runtime services support via /dev/efi_test.
	  If unsure, say N.

config APPLE_PROPERTIES
	bool "Apple Device Properties"
	depends on EFI_STUB && X86
	select EFI_DEV_PATH_PARSER
	select UCS2_STRING
	help
	  Retrieve properties from EFI on Apple Macs and assign them to
	  devices, allowing for improved support of Apple hardware.
	  Properties that would otherwise be missing include the
	  Thunderbolt Device ROM and GPU configuration data.

	  If unsure, say Y if you have a Mac.  Otherwise N.

config RESET_ATTACK_MITIGATION
	bool "Reset memory attack mitigation"
	depends on EFI_STUB
	help
	  Request that the firmware clear the contents of RAM after a reboot
	  using the TCG Platform Reset Attack Mitigation specification. This
	  protects against an attacker forcibly rebooting the system while it
	  still contains secrets in RAM, booting another OS and extracting the
	  secrets. This should only be enabled when userland is configured to
	  clear the MemoryOverwriteRequest flag on clean shutdown after secrets
	  have been evicted, since otherwise it will trigger even on clean
	  reboots.

config EFI_RCI2_TABLE
	bool "EFI Runtime Configuration Interface Table Version 2 Support"
	depends on X86 || COMPILE_TEST
	help
	  Displays the content of the Runtime Configuration Interface
	  Table version 2 on Dell EMC PowerEdge systems as a binary
	  attribute 'rci2' under /sys/firmware/efi/tables directory.

	  RCI2 table contains BIOS HII in XML format and is used to populate
	  BIOS setup page in Dell EMC OpenManage Server Administrator tool.
	  The BIOS setup page contains BIOS tokens which can be configured.

	  Say Y here for Dell EMC PowerEdge systems.

config EFI_DISABLE_PCI_DMA
       bool "Clear Busmaster bit on PCI bridges during ExitBootServices()"
       help
	  Disable the busmaster bit in the control register on all PCI bridges
	  while calling ExitBootServices() and passing control to the runtime
	  kernel. System firmware may configure the IOMMU to prevent malicious
	  PCI devices from being able to attack the OS via DMA. However, since
	  firmware can't guarantee that the OS is IOMMU-aware, it will tear
	  down IOMMU configuration when ExitBootServices() is called. This
	  leaves a window between where a hostile device could still cause
	  damage before Linux configures the IOMMU again.

	  If you say Y here, the EFI stub will clear the busmaster bit on all
	  PCI bridges before ExitBootServices() is called. This will prevent
	  any malicious PCI devices from being able to perform DMA until the
	  kernel reenables busmastering after configuring the IOMMU.

	  This option will cause failures with some poorly behaved hardware
	  and should not be enabled without testing. The kernel commandline
	  options "efi=disable_early_pci_dma" or "efi=no_disable_early_pci_dma"
	  may be used to override this option.

endmenu

config UEFI_CPER
	bool

config UEFI_CPER_ARM
	bool
	depends on UEFI_CPER && ( ARM || ARM64 )
	default y

config UEFI_CPER_X86
	bool
	depends on UEFI_CPER && X86
	default y

config EFI_DEV_PATH_PARSER
	bool
	depends on ACPI
	default n

config EFI_EARLYCON
	def_bool y
	depends on SERIAL_EARLYCON && !ARM && !IA64
	select FONT_SUPPORT
	select ARCH_USE_MEMREMAP_PROT
Commit	Line	Data
ec8f24b7	1	# SPDX-License-Identifier: GPL-2.0-only
04851772 MF	2	menu "EFI (Extensible Firmware Interface) Support"
	3	depends on EFI
	4
	5	config EFI_VARS
	6	tristate "EFI Variable Support via sysfs"
	7	depends on EFI
	8	default n
	9	help
	10	If you say Y here, you are able to get EFI (Extensible Firmware
	11	Interface) variable information via sysfs. You may read,
	12	write, create, and destroy EFI variables through this interface.
	13
	14	Note that using this driver in concert with efibootmgr requires
	15	at least test release version 0.5.0-test3 or later, which is
0e4ca02b	16	available from:
04851772 MF	17	<http://linux.dell.com/efibootmgr/testing/efibootmgr-0.5.0-test3.tar.gz>
	18
	19	Subsequent efibootmgr releases may be found at:
0e4ca02b	20	<http://github.com/vathpela/efibootmgr>
04851772	21
3846c158 PJ	22	config EFI_ESRT
	23	bool
	24	depends on EFI && !IA64
	25	default y
	26
04851772 MF	27	config EFI_VARS_PSTORE
	28	tristate "Register efivars backend for pstore"
	29	depends on EFI_VARS && PSTORE
	30	default y
	31	help
	32	Say Y here to enable use efivars as a backend to pstore. This
	33	will allow writing console messages, crash dumps, or anything
	34	else supported by pstore to EFI variables.
	35
	36	config EFI_VARS_PSTORE_DEFAULT_DISABLE
	37	bool "Disable using efivars as a pstore backend by default"
	38	depends on EFI_VARS_PSTORE
	39	default n
	40	help
	41	Saying Y here will disable the use of efivars as a storage
	42	backend for pstore by default. This setting can be overridden
	43	using the efivars module's pstore_disable parameter.
	44
926172d4 DY	45	config EFI_RUNTIME_MAP
926172d4 DY	46	bool "Export efi runtime maps to sysfs"
2965faa5	47	depends on X86 && EFI && KEXEC_CORE
926172d4 DY	48	default y
	49	help
	50	Export efi runtime memory maps to /sys/firmware/efi/runtime-map.
	51	That memory map is used for example by kexec to set up efi virtual
	52	mapping the 2nd kernel, but can also be used for debugging purposes.
	53
	54	See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
	55
0f96a99d TI	56	config EFI_FAKE_MEMMAP
	57	bool "Enable EFI fake memory map"
	58	depends on EFI && X86
	59	default n
	60	help
	61	Saying Y here will enable "efi_fake_mem" boot option.
	62	By specifying this parameter, you can add arbitrary attribute
	63	to specific memory range by updating original (firmware provided)
	64	EFI memmap.
	65	This is useful for debugging of EFI memmap related feature.
	66	e.g. Address Range Mirroring feature.
	67
	68	config EFI_MAX_FAKE_MEM
	69	int "maximum allowable number of ranges in efi_fake_mem boot option"
	70	depends on EFI_FAKE_MEMMAP
	71	range 1 128
	72	default 8
	73	help
	74	Maximum allowable number of ranges in efi_fake_mem boot option.
	75	Ranges can be set up to this value using comma-separated list.
	76	The default value is 8.
	77
b617c526 DW	78	config EFI_SOFT_RESERVE
	79	bool "Reserve EFI Specific Purpose Memory"
	80	depends on EFI && EFI_STUB && ACPI_HMAT
	81	default ACPI_HMAT
	82	help
	83	On systems that have mixed performance classes of memory EFI
	84	may indicate specific purpose memory with an attribute (See
	85	EFI_MEMORY_SP in UEFI 2.8). A memory range tagged with this
	86	attribute may have unique performance characteristics compared
	87	to the system's general purpose "System RAM" pool. On the
	88	expectation that such memory has application specific usage,
	89	and its base EFI memory type is "conventional" answer Y to
	90	arrange for the kernel to reserve it as a "Soft Reserved"
	91	resource, and set aside for direct-access (device-dax) by
	92	default. The memory range can later be optionally assigned to
	93	the page allocator by system administrator policy via the
	94	device-dax kmem facility. Say N to have the kernel treat this
	95	memory as "System RAM" by default.
	96
	97	If unsure, say Y.
	98
0302f71c MS	99	config EFI_PARAMS_FROM_FDT
	100	bool
	101	help
	102	Select this config option from the architecture Kconfig if
	103	the EFI runtime support gets system table address, memory
	104	map address, and other parameters from the device tree.
	105
022ee6c5 AB	106	config EFI_RUNTIME_WRAPPERS
	107	bool
	108
f4f75ad5 AB	109	config EFI_ARMSTUB
	110	bool
	111
3d7ee348 AB	112	config EFI_ARMSTUB_DTB_LOADER
	113	bool "Enable the DTB loader"
	114	depends on EFI_ARMSTUB
d3109593	115	default y
3d7ee348 AB	116	help
	117	Select this config option to add support for the dtb= command
	118	line parameter, allowing a device tree blob to be loaded into
	119	memory from the EFI System Partition by the stub.
	120
d3109593 SB	121	If the device tree is provided by the platform or by
	122	the bootloader this option may not be needed.
	123	But, for various development reasons and to maintain existing
	124	functionality for bootloaders that do not have such support
	125	this option is necessary.
3d7ee348	126
06f7d4a1 CJ	127	config EFI_BOOTLOADER_CONTROL
	128	tristate "EFI Bootloader Control"
	129	depends on EFI_VARS
	130	default n
	131	---help---
	132	This module installs a reboot hook, such that if reboot() is
	133	invoked with a string argument NNN, "NNN" is copied to the
	134	"LoaderEntryOneShot" EFI variable, to be read by the
	135	bootloader. If the string matches one of the boot labels
	136	defined in its configuration, the bootloader will boot once
	137	to that label. The "LoaderEntryRebootReason" EFI variable is
	138	set with the reboot reason: "reboot" or "shutdown". The
	139	bootloader reads this reboot reason and takes particular
	140	action according to its policy.
	141
65117f1a KHL	142	config EFI_CAPSULE_LOADER
	143	tristate "EFI capsule loader"
	144	depends on EFI
	145	help
	146	This option exposes a loader interface "/dev/efi_capsule_loader" for
	147	users to load EFI capsules. This driver requires working runtime
	148	capsule support in the firmware, which many OEMs do not provide.
	149
	150	Most users should say N.
	151
2959c95d	152	config EFI_CAPSULE_QUIRK_QUARK_CSH
1ae83c5c	153	bool "Add support for Quark capsules with non-standard headers"
2959c95d JK	154	depends on X86 && !64BIT
	155	select EFI_CAPSULE_LOADER
	156	default y
	157	help
	158	Add support for processing Quark X1000 EFI capsules, whose header
	159	layout deviates from the layout mandated by the UEFI specification.
	160
ff6301da IH	161	config EFI_TEST
	162	tristate "EFI Runtime Service Tests Support"
	163	depends on EFI
	164	default n
	165	help
	166	This driver uses the efi.<service> function pointers directly instead
	167	of going through the efivar API, because it is not trying to test the
	168	kernel subsystem, just for testing the UEFI runtime service
	169	interfaces which are provided by the firmware. This driver is used
	170	by the Firmware Test Suite (FWTS) for testing the UEFI runtime
	171	interfaces readiness of the firmware.
	172	Details for FWTS are available from:
	173	<https://wiki.ubuntu.com/FirmwareTestSuite>
	174
	175	Say Y here to enable the runtime services support via /dev/efi_test.
	176	If unsure, say N.
	177
58c5475a LW	178	config APPLE_PROPERTIES
	179	bool "Apple Device Properties"
	180	depends on EFI_STUB && X86
	181	select EFI_DEV_PATH_PARSER
	182	select UCS2_STRING
	183	help
	184	Retrieve properties from EFI on Apple Macs and assign them to
	185	devices, allowing for improved support of Apple hardware.
	186	Properties that would otherwise be missing include the
	187	Thunderbolt Device ROM and GPU configuration data.
	188
	189	If unsure, say Y if you have a Mac. Otherwise N.
	190
ccc829ba MG	191	config RESET_ATTACK_MITIGATION
	192	bool "Reset memory attack mitigation"
	193	depends on EFI_STUB
	194	help
	195	Request that the firmware clear the contents of RAM after a reboot
	196	using the TCG Platform Reset Attack Mitigation specification. This
	197	protects against an attacker forcibly rebooting the system while it
	198	still contains secrets in RAM, booting another OS and extracting the
a5c03c31 MG	199	secrets. This should only be enabled when userland is configured to
	200	clear the MemoryOverwriteRequest flag on clean shutdown after secrets
	201	have been evicted, since otherwise it will trigger even on clean
	202	reboots.
ccc829ba	203
1c5fecb6 N	204	config EFI_RCI2_TABLE
1c5fecb6 N	205	bool "EFI Runtime Configuration Interface Table Version 2 Support"
0b6b30c6	206	depends on X86 \|\| COMPILE_TEST
1c5fecb6 N	207	help
	208	Displays the content of the Runtime Configuration Interface
	209	Table version 2 on Dell EMC PowerEdge systems as a binary
	210	attribute 'rci2' under /sys/firmware/efi/tables directory.
	211
	212	RCI2 table contains BIOS HII in XML format and is used to populate
	213	BIOS setup page in Dell EMC OpenManage Server Administrator tool.
	214	The BIOS setup page contains BIOS tokens which can be configured.
	215
	216	Say Y here for Dell EMC PowerEdge systems.
	217
4444f854 MG	218	config EFI_DISABLE_PCI_DMA
	219	bool "Clear Busmaster bit on PCI bridges during ExitBootServices()"
	220	help
	221	Disable the busmaster bit in the control register on all PCI bridges
	222	while calling ExitBootServices() and passing control to the runtime
	223	kernel. System firmware may configure the IOMMU to prevent malicious
	224	PCI devices from being able to attack the OS via DMA. However, since
	225	firmware can't guarantee that the OS is IOMMU-aware, it will tear
	226	down IOMMU configuration when ExitBootServices() is called. This
	227	leaves a window between where a hostile device could still cause
	228	damage before Linux configures the IOMMU again.
	229
	230	If you say Y here, the EFI stub will clear the busmaster bit on all
	231	PCI bridges before ExitBootServices() is called. This will prevent
	232	any malicious PCI devices from being able to perform DMA until the
	233	kernel reenables busmastering after configuring the IOMMU.
	234
	235	This option will cause failures with some poorly behaved hardware
	236	and should not be enabled without testing. The kernel commandline
	237	options "efi=disable_early_pci_dma" or "efi=no_disable_early_pci_dma"
	238	may be used to override this option.
	239
04851772	240	endmenu
fce7d3bf JB	241
	242	config UEFI_CPER
	243	bool
46cd4b75	244
c6d8c8ef TB	245	config UEFI_CPER_ARM
	246	bool
	247	depends on UEFI_CPER && ( ARM \|\| ARM64 )
	248	default y
	249
f9e1bdb9 YG	250	config UEFI_CPER_X86
	251	bool
	252	depends on UEFI_CPER && X86
	253	default y
	254
46cd4b75 LW	255	config EFI_DEV_PATH_PARSER
	256	bool
	257	depends on ACPI
	258	default n
69c1f396 AB	259
	260	config EFI_EARLYCON
	261	def_bool y
	262	depends on SERIAL_EARLYCON && !ARM && !IA64
	263	select FONT_SUPPORT
	264	select ARCH_USE_MEMREMAP_PROT