1# SPDX-License-Identifier: BSD-3-Clause 2 3config VBOOT_LIB 4 bool "Compile verified boot (vboot) library" 5 default y if CHROMEOS 6 default n 7 help 8 This option enables compiling and building vboot libraries vboot_fw and tlcl. 9 10if VBOOT_LIB 11 12config VBOOT_CBFS_INTEGRATION 13 bool "Enable vboot and CBFS integration" 14 default n 15 depends on CBFS_VERIFICATION 16 help 17 Say yes to request reboot on CBFS file hash mismatch in non-recovery mode. 18 19config VBOOT_TPM2_MODE 20 bool "TPM2 Mode" 21 default y 22 help 23 This option enables TPM 2.0 support in vboot. Disabling it allows using TPM 1.2. 24 25config VBOOT_X86_SHA_EXT 26 bool "x86 SHA Extension" 27 default y if CHROMEOS 28 default n 29 depends on ARCH_X86 30 help 31 This option enables SHA256 implementation using x86 SHA processor extension 32 instructions: sha256msg1, sha256msg2, sha256rnds2. 33 34config VBOOT_X86_RSA_ACCELERATION 35 bool "Use SSE2 instructions for RSA signature verification" 36 default y if CHROMEOS 37 default n 38 depends on ARCH_X86 39 help 40 Use paddq, pmuludq, psrlq, punpckldq and punpcklqdq SSE2 41 instructions to accelerate the modulus exponentiation which 42 is part of the RSA signature verification process. 43 44config VBOOT_SHA_ARMV8_CE 45 bool "SHA256 implementation using ARMv8 Crypto Extension" 46 default y if CHROMEOS 47 default n 48 depends on ARCH_ARM64 49 help 50 This option enables SHA256 implementation using ARMv8 Crypto Extension. 51 52config VBOOT_ARM64_RSA_ACCELERATION 53 bool "Use arm64 SIMD instructions to accelerate RSA signature verification" 54 default y 55 depends on ARCH_ARM64 56 help 57 Use arm64 SIMD instructions (NEON) to parallelize two multiplications 58 in the modulus exponentiation algorithm, which speeds up RSA signature 59 verification in vboot. This is supported on all arm64 CPUs so you'd 60 generally always want this enabled, unless your SoC is overriding 61 vboot's hwcrypto API with its own crypto accelerator IP instead (or 62 you're trying really hard to save on code size). 63 64endif 65