[PATCH v2] Kconfig: clean up the efi configuration status
Takahiro AKASHI
akashi.tkhro at gmail.com
Fri Sep 20 03:39:36 CEST 2024
On Fri, 30 Aug 2024 at 20:45, Ilias Apalodimas <ilias.apalodimas at linaro.org>
wrote:
>
> The EFI_LOADER and EFI config options are randomly scattered under lib/
> making it cumbersome to navigate and enable options, unless you really
> know what you are doing. On top of that the existing options are in
> random order instead of a logical one.
>
> So let's move things around a bit and move them under boot/. Present a
> generic UEFI entry where people can select Capsules, Protocols,
> Services, and an option to compile U-Boot as an EFI for X86
>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> ---
> Changes since v1:
> - Move the EFI Loader under boot/ instead of having it on the main menu
> - Fold in the U-Boot as an EFI app option under the new EFI menu
> boot/Kconfig | 2 +
> lib/Kconfig | 2 -
> lib/efi/Kconfig | 5 +
> lib/efi_loader/Kconfig | 204 +++++++++++++++++++++++------------------
> 4 files changed, 124 insertions(+), 89 deletions(-)
>
> diff --git a/boot/Kconfig b/boot/Kconfig
> index 940389d4882f..a1477eb8c7e1 100644
> --- a/boot/Kconfig
> +++ b/boot/Kconfig
> @@ -1,5 +1,7 @@
> menu "Boot options"
>
> +source "lib/efi_loader/Kconfig"
> +
> menu "Boot images"
>
> config ANDROID_BOOT_IMAGE
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 2059219a1207..06b4e9a73135 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -1081,8 +1081,6 @@ config SMBIOS_PARSER
> help
> A simple parser for SMBIOS data.
>
> -source "lib/efi/Kconfig"
> -source "lib/efi_loader/Kconfig"
> source "lib/optee/Kconfig"
>
> config TEST_FDTDEC
> diff --git a/lib/efi/Kconfig b/lib/efi/Kconfig
> index c2b9bb73f718..81ed3e66b34d 100644
> --- a/lib/efi/Kconfig
> +++ b/lib/efi/Kconfig
> @@ -1,3 +1,6 @@
> +menu "U-Boot as UEFI application"
> + depends on X86
> +
> config EFI
> bool "Support running U-Boot from EFI"
> depends on X86
> @@ -72,3 +75,5 @@ config EFI_RAM_SIZE
> use. U-Boot allocates this from EFI on start-up (along with a
few
> other smaller amounts) and it can never be increased after that.
> It is used as the RAM size in with U-Boot.
> +
> +endmenu
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index 6ffefa9103ff..0756be61d688 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -1,3 +1,5 @@
> +menu "UEFI Support"
> +
> config EFI_LOADER
> bool "Support running UEFI applications"
> depends on OF_LIBFDT && ( \
> @@ -41,13 +43,58 @@ config EFI_BINARY_EXEC
> You may enable CMD_BOOTEFI_BINARY so that you can use bootefi
> command to do that.
>
> -config EFI_BOOTMGR
> - bool "UEFI Boot Manager"
> +config EFI_SECURE_BOOT
> + bool "Enable EFI secure boot support"
> + depends on EFI_LOADER && FIT_SIGNATURE
> + select HASH
> + select SHA256
> + select RSA
> + select RSA_VERIFY_WITH_PKEY
> + select IMAGE_SIGN_INFO
> + select ASYMMETRIC_KEY_TYPE
> + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
> + select X509_CERTIFICATE_PARSER
> + select PKCS7_MESSAGE_PARSER
> + select PKCS7_VERIFY
> + select MSCODE_PARSER
> + select EFI_SIGNATURE_SUPPORT
> + help
> + Select this option to enable EFI secure boot support.
> + Once SecureBoot mode is enforced, any EFI binary can run only if
> + it is signed with a trusted key. To do that, you need to
install,
> + at least, PK, KEK and db.
> +
> +config EFI_SIGNATURE_SUPPORT
> + bool
> +
> +menu "UEFI services"
> +
> +config EFI_GET_TIME
> + bool "GetTime() runtime service"
> + depends on DM_RTC
> default y
> help
> - Select this option if you want to select the UEFI binary to be
booted
> - via UEFI variables Boot####, BootOrder, and BootNext. You
should also
> - normally enable CMD_BOOTEFI_BOOTMGR so that the command is
available.
> + Provide the GetTime() runtime service at boottime. This service
> + can be used by an EFI application to read the real time clock.
> +
> +config EFI_SET_TIME
> + bool "SetTime() runtime service"
> + depends on EFI_GET_TIME
> + default y if ARCH_QEMU || SANDBOX
> + help
> + Provide the SetTime() runtime service at boottime. This service
> + can be used by an EFI application to adjust the real time clock.
> +
> +config EFI_HAVE_RUNTIME_RESET
> + # bool "Reset runtime service is available"
> + bool
> + default y
> + depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
> + SANDBOX || SYSRESET_SBI || SYSRESET_X86
> +
> +endmenu
> +
> +menu "UEFI Variables"
>
> choice
> prompt "Store for non-volatile UEFI variables"
> @@ -172,30 +219,18 @@ config EFI_VAR_BUF_SIZE
>
> Minimum 4096, default 131072
>
> -config EFI_GET_TIME
> - bool "GetTime() runtime service"
> - depends on DM_RTC
> - default y
> +config EFI_PLATFORM_LANG_CODES
> + string "Language codes supported by firmware"
> + default "en-US"
> help
> - Provide the GetTime() runtime service at boottime. This service
> - can be used by an EFI application to read the real time clock.
> + This value is used to initialize the PlatformLangCodes
variable. Its
> + value is a semicolon (;) separated list of language codes in
native
> + RFC 4646 format, e.g. "en-US;de-DE". The first language code is
used
> + to initialize the PlatformLang variable.
>
> -config EFI_SET_TIME
> - bool "SetTime() runtime service"
> - depends on EFI_GET_TIME
> - default y if ARCH_QEMU || SANDBOX
> - help
> - Provide the SetTime() runtime service at boottime. This service
> - can be used by an EFI application to adjust the real time clock.
> +endmenu
>
> -config EFI_SCROLL_ON_CLEAR_SCREEN
> - bool "Avoid overwriting previous output on clear screen"
> - help
> - Instead of erasing the screen content when the console screen
should
> - be cleared, emit blank new lines so that previous output is
scrolled
> - out of sight rather than overwritten. On serial consoles this
allows
> - to capture complete boot logs (except for interactive menus
etc.)
> - and can ease debugging related issues.
> +menu "Capsule support"
>
> config EFI_HAVE_CAPSULE_SUPPORT
> bool
> @@ -309,6 +344,10 @@ config EFI_CAPSULE_CRT_FILE
> embedded in the platform's device tree and used for capsule
> authentication at the time of capsule update.
>
> +endmenu
> +
> +menu "UEFI protocol support"
> +
> config EFI_DEVICE_PATH_TO_TEXT
> bool "Device path to text protocol"
> default y
> @@ -362,39 +401,6 @@ config EFI_UNICODE_CAPITALIZATION
>
> endif
>
> -config EFI_LOADER_BOUNCE_BUFFER
> - bool "EFI Applications use bounce buffers for DMA operations"
> - help
> - Some hardware does not support DMA to full 64bit addresses. For
this
> - hardware we can create a bounce buffer so that payloads don't
have to
> - worry about platform details.
> -
> -config EFI_PLATFORM_LANG_CODES
> - string "Language codes supported by firmware"
> - default "en-US"
> - help
> - This value is used to initialize the PlatformLangCodes
variable. Its
> - value is a semicolon (;) separated list of language codes in
native
> - RFC 4646 format, e.g. "en-US;de-DE". The first language code is
used
> - to initialize the PlatformLang variable.
> -
> -config EFI_HAVE_RUNTIME_RESET
> - # bool "Reset runtime service is available"
> - bool
> - default y
> - depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
> - SANDBOX || SYSRESET_SBI || SYSRESET_X86
> -
> -config EFI_GRUB_ARM32_WORKAROUND
> - bool "Workaround for GRUB on 32bit ARM"
> - default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
> - default y
> - depends on ARM && !ARM64
> - help
> - GRUB prior to version 2.04 requires U-Boot to disable caches.
This
> - workaround currently is also needed on systems with caches that
> - cannot be managed via CP15.
> -
> config EFI_RNG_PROTOCOL
> bool "EFI_RNG_PROTOCOL support"
> depends on DM_RNG
> @@ -447,29 +453,36 @@ config EFI_LOAD_FILE2_INITRD
> installed and Linux 5.7+ will ignore any initrd=<ramdisk>
command line
> argument.
>
> -config EFI_SECURE_BOOT
> - bool "Enable EFI secure boot support"
> - depends on EFI_LOADER && FIT_SIGNATURE
> - select HASH
> - select SHA256
> - select RSA
> - select RSA_VERIFY_WITH_PKEY
> - select IMAGE_SIGN_INFO
> - select ASYMMETRIC_KEY_TYPE
> - select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
> - select X509_CERTIFICATE_PARSER
> - select PKCS7_MESSAGE_PARSER
> - select PKCS7_VERIFY
> - select MSCODE_PARSER
> - select EFI_SIGNATURE_SUPPORT
> +config EFI_RISCV_BOOT_PROTOCOL
> + bool "RISCV_EFI_BOOT_PROTOCOL support"
> + default y
> + depends on RISCV
> help
> - Select this option to enable EFI secure boot support.
> - Once SecureBoot mode is enforced, any EFI binary can run only if
> - it is signed with a trusted key. To do that, you need to
install,
> - at least, PK, KEK and db.
> + The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
> + to the next boot stage. It should be enabled as it is meant to
> + replace the transfer via the device-tree. The latter is not
> + possible on systems using ACPI.
>
> -config EFI_SIGNATURE_SUPPORT
> - bool
> +endmenu
> +
> +menu "Misc options"
> +config EFI_LOADER_BOUNCE_BUFFER
> + bool "EFI Applications use bounce buffers for DMA operations"
> + depends on ARM64
> + help
> + Some hardware does not support DMA to full 64bit addresses. For
this
> + hardware we can create a bounce buffer so that payloads don't
have to
> + worry about platform details.
> +
> +config EFI_GRUB_ARM32_WORKAROUND
> + bool "Workaround for GRUB on 32bit ARM"
> + default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
> + default y
> + depends on ARM && !ARM64
> + help
> + GRUB prior to version 2.04 requires U-Boot to disable caches.
This
> + workaround currently is also needed on systems with caches that
> + cannot be managed via CP15.
>
> config EFI_ESRT
> bool "Enable the UEFI ESRT generation"
> @@ -496,15 +509,26 @@ config EFI_EBBR_2_1_CONFORMANCE
> help
> Enabling this option adds the EBBRv2.1 conformance entry to the
ECPT UEFI table.
>
> -config EFI_RISCV_BOOT_PROTOCOL
> - bool "RISCV_EFI_BOOT_PROTOCOL support"
> +config EFI_SCROLL_ON_CLEAR_SCREEN
> + bool "Avoid overwriting previous output on clear screen"
> + help
> + Instead of erasing the screen content when the console screen
should
> + be cleared, emit blank new lines so that previous output is
scrolled
> + out of sight rather than overwritten. On serial consoles this
allows
> + to capture complete boot logs (except for interactive menus
etc.)
> + and can ease debugging related issues.
> +
> +endmenu
> +
> +menu "EFI bootmanager"
> +
> +config EFI_BOOTMGR
> + bool "UEFI Boot Manager"
> default y
> - depends on RISCV
> help
> - The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
> - to the next boot stage. It should be enabled as it is meant to
> - replace the transfer via the device-tree. The latter is not
> - possible on systems using ACPI.
> + Select this option if you want to select the UEFI binary to be
booted
> + via UEFI variables Boot####, BootOrder, and BootNext. You
should also
> + normally enable CMD_BOOTEFI_BOOTMGR so that the command is
available.
>
> config EFI_HTTP_BOOT
> bool "EFI HTTP Boot support"
> @@ -514,5 +538,11 @@ config EFI_HTTP_BOOT
> help
> Enabling this option adds EFI HTTP Boot support. It allows to
> directly boot from network.
> +endmenu
>
> endif
> +
> +source "lib/efi/Kconfig"
While you might have already discussed the issue, it looks weird to me that
lib/efi/Kconfig
is contained in lib/efi_loader/Kconfig.
-Takahiro AKASHI
> +
> +endmenu
> +
> --
> 2.45.2
More information about the U-Boot
mailing list