1## SPDX-License-Identifier: GPL-2.0-only 2 3menu "Verified Boot (verified_boot)" 4 5config VENDORCODE_ELTAN_VBOOT 6 bool "Enable Verified Boot" 7 depends on !VBOOT 8 default n 9 select VBOOT_LIB 10 11if VENDORCODE_ELTAN_VBOOT 12 13config VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST 14 bool "Enable Signed Manifest" 15 depends on VENDORCODE_ELTAN_VBOOT 16 default n 17 18config VENDORCODE_ELTAN_VBOOT_USE_SHA512 19 bool "SHA512 hashes" 20 depends on VENDORCODE_ELTAN_VBOOT 21 default n 22 help 23 Use SHA512 for the vboot operations, this applies to the digest in 24 the manifest and the manifest digest. 25 26config VENDORCODE_ELTAN_OEM_MANIFEST_LOC 27 hex "Manifest Location" 28 default 0xFFFFF840 29 30config VENDORCODE_ELTAN_VBOOT_MANIFEST 31 string "Verified boot manifest file" 32 default "mainboard/\$(MAINBOARD_DIR)/manifest.h" 33 34config VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS 35 int "Manifest Items" 36 default 13 if INCLUDE_CONFIG_FILE 37 default 12 38 39config VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE 40 int 41 default 64 if VENDORCODE_ELTAN_VBOOT_USE_SHA512 42 default 32 43 44config VENDORCODE_ELTAN_VBOOT_KEY_LOCATION 45 hex "Verified boot Key Location" 46 depends on VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST 47 default 0xFFFFF500 48 49config VENDORCODE_ELTAN_VBOOT_KEY_FILE 50 string "Verified boot Key File" 51 depends on VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST 52 default "3rdparty/eltan/verified_boot/Keys/key.vbpubk" 53 54config VENDORCODE_ELTAN_VBOOT_KEY_SIZE 55 int 56 default 552 57 58endif # VENDORCODE_ELTAN_VBOOT 59endmenu # Verified Boot (verified_boot) 60