[PATCH v2] Kconfig: clean up the efi configuration status

Takahiro AKASHI akashi.tkhro at gmail.com
Fri Sep 20 03:39:36 CEST 2024


On Fri, 30 Aug 2024 at 20:45, Ilias Apalodimas <ilias.apalodimas at linaro.org>
wrote:
>
> The EFI_LOADER and EFI config options are randomly scattered under lib/
> making it cumbersome to navigate and enable options, unless you really
> know what you are doing. On top of that the existing options are in
> random order instead of a logical one.
>
> So let's move things around a bit and move them under boot/. Present a
> generic UEFI entry where people can select Capsules, Protocols,
> Services,  and an option to compile U-Boot as an EFI for X86
>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> ---
> Changes since v1:
> - Move the EFI Loader under boot/ instead of having it on the main menu
> - Fold in the U-Boot as an EFI app option under the new EFI menu
>  boot/Kconfig           |   2 +
>  lib/Kconfig            |   2 -
>  lib/efi/Kconfig        |   5 +
>  lib/efi_loader/Kconfig | 204 +++++++++++++++++++++++------------------
>  4 files changed, 124 insertions(+), 89 deletions(-)
>
> diff --git a/boot/Kconfig b/boot/Kconfig
> index 940389d4882f..a1477eb8c7e1 100644
> --- a/boot/Kconfig
> +++ b/boot/Kconfig
> @@ -1,5 +1,7 @@
>  menu "Boot options"
>
> +source "lib/efi_loader/Kconfig"
> +
>  menu "Boot images"
>
>  config ANDROID_BOOT_IMAGE
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 2059219a1207..06b4e9a73135 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -1081,8 +1081,6 @@ config SMBIOS_PARSER
>         help
>           A simple parser for SMBIOS data.
>
> -source "lib/efi/Kconfig"
> -source "lib/efi_loader/Kconfig"
>  source "lib/optee/Kconfig"
>
>  config TEST_FDTDEC
> diff --git a/lib/efi/Kconfig b/lib/efi/Kconfig
> index c2b9bb73f718..81ed3e66b34d 100644
> --- a/lib/efi/Kconfig
> +++ b/lib/efi/Kconfig
> @@ -1,3 +1,6 @@
> +menu "U-Boot as UEFI application"
> +       depends on X86
> +
>  config EFI
>         bool "Support running U-Boot from EFI"
>         depends on X86
> @@ -72,3 +75,5 @@ config EFI_RAM_SIZE
>           use. U-Boot allocates this from EFI on start-up (along with a
few
>           other smaller amounts) and it can never be increased after that.
>           It is used as the RAM size in with U-Boot.
> +
> +endmenu
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index 6ffefa9103ff..0756be61d688 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -1,3 +1,5 @@
> +menu "UEFI Support"
> +
>  config EFI_LOADER
>         bool "Support running UEFI applications"
>         depends on OF_LIBFDT && ( \
> @@ -41,13 +43,58 @@ config EFI_BINARY_EXEC
>           You may enable CMD_BOOTEFI_BINARY so that you can use bootefi
>           command to do that.
>
> -config EFI_BOOTMGR
> -       bool "UEFI Boot Manager"
> +config EFI_SECURE_BOOT
> +       bool "Enable EFI secure boot support"
> +       depends on EFI_LOADER && FIT_SIGNATURE
> +       select HASH
> +       select SHA256
> +       select RSA
> +       select RSA_VERIFY_WITH_PKEY
> +       select IMAGE_SIGN_INFO
> +       select ASYMMETRIC_KEY_TYPE
> +       select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
> +       select X509_CERTIFICATE_PARSER
> +       select PKCS7_MESSAGE_PARSER
> +       select PKCS7_VERIFY
> +       select MSCODE_PARSER
> +       select EFI_SIGNATURE_SUPPORT
> +       help
> +         Select this option to enable EFI secure boot support.
> +         Once SecureBoot mode is enforced, any EFI binary can run only if
> +         it is signed with a trusted key. To do that, you need to
install,
> +         at least, PK, KEK and db.
> +
> +config EFI_SIGNATURE_SUPPORT
> +       bool
> +
> +menu "UEFI services"
> +
> +config EFI_GET_TIME
> +       bool "GetTime() runtime service"
> +       depends on DM_RTC
>         default y
>         help
> -         Select this option if you want to select the UEFI binary to be
booted
> -         via UEFI variables Boot####, BootOrder, and BootNext. You
should also
> -         normally enable CMD_BOOTEFI_BOOTMGR so that the command is
available.
> +         Provide the GetTime() runtime service at boottime. This service
> +         can be used by an EFI application to read the real time clock.
> +
> +config EFI_SET_TIME
> +       bool "SetTime() runtime service"
> +       depends on EFI_GET_TIME
> +       default y if ARCH_QEMU || SANDBOX
> +       help
> +         Provide the SetTime() runtime service at boottime. This service
> +         can be used by an EFI application to adjust the real time clock.
> +
> +config EFI_HAVE_RUNTIME_RESET
> +       # bool "Reset runtime service is available"
> +       bool
> +       default y
> +       depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
> +                  SANDBOX || SYSRESET_SBI || SYSRESET_X86
> +
> +endmenu
> +
> +menu "UEFI Variables"
>
>  choice
>         prompt "Store for non-volatile UEFI variables"
> @@ -172,30 +219,18 @@ config EFI_VAR_BUF_SIZE
>
>           Minimum 4096, default 131072
>
> -config EFI_GET_TIME
> -       bool "GetTime() runtime service"
> -       depends on DM_RTC
> -       default y
> +config EFI_PLATFORM_LANG_CODES
> +       string "Language codes supported by firmware"
> +       default "en-US"
>         help
> -         Provide the GetTime() runtime service at boottime. This service
> -         can be used by an EFI application to read the real time clock.
> +         This value is used to initialize the PlatformLangCodes
variable. Its
> +         value is a semicolon (;) separated list of language codes in
native
> +         RFC 4646 format, e.g. "en-US;de-DE". The first language code is
used
> +         to initialize the PlatformLang variable.
>
> -config EFI_SET_TIME
> -       bool "SetTime() runtime service"
> -       depends on EFI_GET_TIME
> -       default y if ARCH_QEMU || SANDBOX
> -       help
> -         Provide the SetTime() runtime service at boottime. This service
> -         can be used by an EFI application to adjust the real time clock.
> +endmenu
>
> -config EFI_SCROLL_ON_CLEAR_SCREEN
> -       bool "Avoid overwriting previous output on clear screen"
> -       help
> -         Instead of erasing the screen content when the console screen
should
> -         be cleared, emit blank new lines so that previous output is
scrolled
> -         out of sight rather than overwritten. On serial consoles this
allows
> -         to capture complete boot logs (except for interactive menus
etc.)
> -         and can ease debugging related issues.
> +menu "Capsule support"
>
>  config EFI_HAVE_CAPSULE_SUPPORT
>         bool
> @@ -309,6 +344,10 @@ config EFI_CAPSULE_CRT_FILE
>           embedded in the platform's device tree and used for capsule
>           authentication at the time of capsule update.
>
> +endmenu
> +
> +menu "UEFI protocol support"
> +
>  config EFI_DEVICE_PATH_TO_TEXT
>         bool "Device path to text protocol"
>         default y
> @@ -362,39 +401,6 @@ config EFI_UNICODE_CAPITALIZATION
>
>  endif
>
> -config EFI_LOADER_BOUNCE_BUFFER
> -       bool "EFI Applications use bounce buffers for DMA operations"
> -       help
> -         Some hardware does not support DMA to full 64bit addresses. For
this
> -         hardware we can create a bounce buffer so that payloads don't
have to
> -         worry about platform details.
> -
> -config EFI_PLATFORM_LANG_CODES
> -       string "Language codes supported by firmware"
> -       default "en-US"
> -       help
> -         This value is used to initialize the PlatformLangCodes
variable. Its
> -         value is a semicolon (;) separated list of language codes in
native
> -         RFC 4646 format, e.g. "en-US;de-DE". The first language code is
used
> -         to initialize the PlatformLang variable.
> -
> -config EFI_HAVE_RUNTIME_RESET
> -       # bool "Reset runtime service is available"
> -       bool
> -       default y
> -       depends on ARCH_BCM283X || FSL_LAYERSCAPE || PSCI_RESET || \
> -                  SANDBOX || SYSRESET_SBI || SYSRESET_X86
> -
> -config EFI_GRUB_ARM32_WORKAROUND
> -       bool "Workaround for GRUB on 32bit ARM"
> -       default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
> -       default y
> -       depends on ARM && !ARM64
> -       help
> -         GRUB prior to version 2.04 requires U-Boot to disable caches.
This
> -         workaround currently is also needed on systems with caches that
> -         cannot be managed via CP15.
> -
>  config EFI_RNG_PROTOCOL
>         bool "EFI_RNG_PROTOCOL support"
>         depends on DM_RNG
> @@ -447,29 +453,36 @@ config EFI_LOAD_FILE2_INITRD
>           installed and Linux 5.7+ will ignore any initrd=<ramdisk>
command line
>           argument.
>
> -config EFI_SECURE_BOOT
> -       bool "Enable EFI secure boot support"
> -       depends on EFI_LOADER && FIT_SIGNATURE
> -       select HASH
> -       select SHA256
> -       select RSA
> -       select RSA_VERIFY_WITH_PKEY
> -       select IMAGE_SIGN_INFO
> -       select ASYMMETRIC_KEY_TYPE
> -       select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
> -       select X509_CERTIFICATE_PARSER
> -       select PKCS7_MESSAGE_PARSER
> -       select PKCS7_VERIFY
> -       select MSCODE_PARSER
> -       select EFI_SIGNATURE_SUPPORT
> +config EFI_RISCV_BOOT_PROTOCOL
> +       bool "RISCV_EFI_BOOT_PROTOCOL support"
> +       default y
> +       depends on RISCV
>         help
> -         Select this option to enable EFI secure boot support.
> -         Once SecureBoot mode is enforced, any EFI binary can run only if
> -         it is signed with a trusted key. To do that, you need to
install,
> -         at least, PK, KEK and db.
> +         The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
> +         to the next boot stage. It should be enabled as it is meant to
> +         replace the transfer via the device-tree. The latter is not
> +         possible on systems using ACPI.
>
> -config EFI_SIGNATURE_SUPPORT
> -       bool
> +endmenu
> +
> +menu "Misc options"
> +config EFI_LOADER_BOUNCE_BUFFER
> +       bool "EFI Applications use bounce buffers for DMA operations"
> +       depends on ARM64
> +       help
> +         Some hardware does not support DMA to full 64bit addresses. For
this
> +         hardware we can create a bounce buffer so that payloads don't
have to
> +         worry about platform details.
> +
> +config EFI_GRUB_ARM32_WORKAROUND
> +       bool "Workaround for GRUB on 32bit ARM"
> +       default n if ARCH_BCM283X || ARCH_SUNXI || ARCH_QEMU
> +       default y
> +       depends on ARM && !ARM64
> +       help
> +         GRUB prior to version 2.04 requires U-Boot to disable caches.
This
> +         workaround currently is also needed on systems with caches that
> +         cannot be managed via CP15.
>
>  config EFI_ESRT
>         bool "Enable the UEFI ESRT generation"
> @@ -496,15 +509,26 @@ config EFI_EBBR_2_1_CONFORMANCE
>         help
>           Enabling this option adds the EBBRv2.1 conformance entry to the
ECPT UEFI table.
>
> -config EFI_RISCV_BOOT_PROTOCOL
> -       bool "RISCV_EFI_BOOT_PROTOCOL support"
> +config EFI_SCROLL_ON_CLEAR_SCREEN
> +       bool "Avoid overwriting previous output on clear screen"
> +       help
> +         Instead of erasing the screen content when the console screen
should
> +         be cleared, emit blank new lines so that previous output is
scrolled
> +         out of sight rather than overwritten. On serial consoles this
allows
> +         to capture complete boot logs (except for interactive menus
etc.)
> +         and can ease debugging related issues.
> +
> +endmenu
> +
> +menu "EFI bootmanager"
> +
> +config EFI_BOOTMGR
> +       bool "UEFI Boot Manager"
>         default y
> -       depends on RISCV
>         help
> -         The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
> -         to the next boot stage. It should be enabled as it is meant to
> -         replace the transfer via the device-tree. The latter is not
> -         possible on systems using ACPI.
> +         Select this option if you want to select the UEFI binary to be
booted
> +         via UEFI variables Boot####, BootOrder, and BootNext. You
should also
> +         normally enable CMD_BOOTEFI_BOOTMGR so that the command is
available.
>
>  config EFI_HTTP_BOOT
>         bool "EFI HTTP Boot support"
> @@ -514,5 +538,11 @@ config EFI_HTTP_BOOT
>         help
>           Enabling this option adds EFI HTTP Boot support. It allows to
>           directly boot from network.
> +endmenu
>
>  endif
> +
> +source "lib/efi/Kconfig"

While you might have already discussed the issue, it looks weird to me that
lib/efi/Kconfig
is contained in lib/efi_loader/Kconfig.

-Takahiro AKASHI

> +
> +endmenu
> +
> --
> 2.45.2


More information about the U-Boot mailing list