0001 # SPDX-License-Identifier: GPL-2.0-only
0002 menu "EFI (Extensible Firmware Interface) Support"
0003 depends on EFI
0004
0005 config EFI_ESRT
0006 bool
0007 depends on EFI && !IA64
0008 default y
0009
0010 config EFI_VARS_PSTORE
0011 tristate "Register efivars backend for pstore"
0012 depends on PSTORE
0013 select UCS2_STRING
0014 default y
0015 help
0016 Say Y here to enable use efivars as a backend to pstore. This
0017 will allow writing console messages, crash dumps, or anything
0018 else supported by pstore to EFI variables.
0019
0020 config EFI_VARS_PSTORE_DEFAULT_DISABLE
0021 bool "Disable using efivars as a pstore backend by default"
0022 depends on EFI_VARS_PSTORE
0023 default n
0024 help
0025 Saying Y here will disable the use of efivars as a storage
0026 backend for pstore by default. This setting can be overridden
0027 using the efivars module's pstore_disable parameter.
0028
0029 config EFI_RUNTIME_MAP
0030 bool "Export efi runtime maps to sysfs"
0031 depends on X86 && EFI && KEXEC_CORE
0032 default y
0033 help
0034 Export efi runtime memory maps to /sys/firmware/efi/runtime-map.
0035 That memory map is used for example by kexec to set up efi virtual
0036 mapping the 2nd kernel, but can also be used for debugging purposes.
0037
0038 See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
0039
0040 config EFI_FAKE_MEMMAP
0041 bool "Enable EFI fake memory map"
0042 depends on EFI && X86
0043 default n
0044 help
0045 Saying Y here will enable "efi_fake_mem" boot option.
0046 By specifying this parameter, you can add arbitrary attribute
0047 to specific memory range by updating original (firmware provided)
0048 EFI memmap.
0049 This is useful for debugging of EFI memmap related feature.
0050 e.g. Address Range Mirroring feature.
0051
0052 config EFI_MAX_FAKE_MEM
0053 int "maximum allowable number of ranges in efi_fake_mem boot option"
0054 depends on EFI_FAKE_MEMMAP
0055 range 1 128
0056 default 8
0057 help
0058 Maximum allowable number of ranges in efi_fake_mem boot option.
0059 Ranges can be set up to this value using comma-separated list.
0060 The default value is 8.
0061
0062 config EFI_SOFT_RESERVE
0063 bool "Reserve EFI Specific Purpose Memory"
0064 depends on EFI && EFI_STUB && ACPI_HMAT
0065 default ACPI_HMAT
0066 help
0067 On systems that have mixed performance classes of memory EFI
0068 may indicate specific purpose memory with an attribute (See
0069 EFI_MEMORY_SP in UEFI 2.8). A memory range tagged with this
0070 attribute may have unique performance characteristics compared
0071 to the system's general purpose "System RAM" pool. On the
0072 expectation that such memory has application specific usage,
0073 and its base EFI memory type is "conventional" answer Y to
0074 arrange for the kernel to reserve it as a "Soft Reserved"
0075 resource, and set aside for direct-access (device-dax) by
0076 default. The memory range can later be optionally assigned to
0077 the page allocator by system administrator policy via the
0078 device-dax kmem facility. Say N to have the kernel treat this
0079 memory as "System RAM" by default.
0080
0081 If unsure, say Y.
0082
0083 config EFI_DXE_MEM_ATTRIBUTES
0084 bool "Adjust memory attributes in EFISTUB"
0085 depends on EFI && EFI_STUB && X86
0086 default y
0087 help
0088 UEFI specification does not guarantee all memory to be
0089 accessible for both write and execute as the kernel expects
0090 it to be.
0091 Use DXE services to check and alter memory protection
0092 attributes during boot via EFISTUB to ensure that memory
0093 ranges used by the kernel are writable and executable.
0094
0095 config EFI_PARAMS_FROM_FDT
0096 bool
0097 help
0098 Select this config option from the architecture Kconfig if
0099 the EFI runtime support gets system table address, memory
0100 map address, and other parameters from the device tree.
0101
0102 config EFI_RUNTIME_WRAPPERS
0103 bool
0104
0105 config EFI_GENERIC_STUB
0106 bool
0107
0108 config EFI_ARMSTUB_DTB_LOADER
0109 bool "Enable the DTB loader"
0110 depends on EFI_GENERIC_STUB && !RISCV
0111 default y
0112 help
0113 Select this config option to add support for the dtb= command
0114 line parameter, allowing a device tree blob to be loaded into
0115 memory from the EFI System Partition by the stub.
0116
0117 If the device tree is provided by the platform or by
0118 the bootloader this option may not be needed.
0119 But, for various development reasons and to maintain existing
0120 functionality for bootloaders that do not have such support
0121 this option is necessary.
0122
0123 config EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER
0124 bool "Enable the command line initrd loader" if !X86
0125 depends on EFI_STUB && (EFI_GENERIC_STUB || X86)
0126 default y if X86
0127 depends on !RISCV
0128 help
0129 Select this config option to add support for the initrd= command
0130 line parameter, allowing an initrd that resides on the same volume
0131 as the kernel image to be loaded into memory.
0132
0133 This method is deprecated.
0134
0135 config EFI_BOOTLOADER_CONTROL
0136 tristate "EFI Bootloader Control"
0137 select UCS2_STRING
0138 default n
0139 help
0140 This module installs a reboot hook, such that if reboot() is
0141 invoked with a string argument NNN, "NNN" is copied to the
0142 "LoaderEntryOneShot" EFI variable, to be read by the
0143 bootloader. If the string matches one of the boot labels
0144 defined in its configuration, the bootloader will boot once
0145 to that label. The "LoaderEntryRebootReason" EFI variable is
0146 set with the reboot reason: "reboot" or "shutdown". The
0147 bootloader reads this reboot reason and takes particular
0148 action according to its policy.
0149
0150 config EFI_CAPSULE_LOADER
0151 tristate "EFI capsule loader"
0152 depends on EFI && !IA64
0153 help
0154 This option exposes a loader interface "/dev/efi_capsule_loader" for
0155 users to load EFI capsules. This driver requires working runtime
0156 capsule support in the firmware, which many OEMs do not provide.
0157
0158 Most users should say N.
0159
0160 config EFI_CAPSULE_QUIRK_QUARK_CSH
0161 bool "Add support for Quark capsules with non-standard headers"
0162 depends on X86 && !64BIT
0163 select EFI_CAPSULE_LOADER
0164 default y
0165 help
0166 Add support for processing Quark X1000 EFI capsules, whose header
0167 layout deviates from the layout mandated by the UEFI specification.
0168
0169 config EFI_TEST
0170 tristate "EFI Runtime Service Tests Support"
0171 depends on EFI
0172 default n
0173 help
0174 This driver uses the efi.<service> function pointers directly instead
0175 of going through the efivar API, because it is not trying to test the
0176 kernel subsystem, just for testing the UEFI runtime service
0177 interfaces which are provided by the firmware. This driver is used
0178 by the Firmware Test Suite (FWTS) for testing the UEFI runtime
0179 interfaces readiness of the firmware.
0180 Details for FWTS are available from:
0181 <https://wiki.ubuntu.com/FirmwareTestSuite>
0182
0183 Say Y here to enable the runtime services support via /dev/efi_test.
0184 If unsure, say N.
0185
0186 config EFI_DEV_PATH_PARSER
0187 bool
0188
0189 config APPLE_PROPERTIES
0190 bool "Apple Device Properties"
0191 depends on EFI_STUB && X86
0192 select EFI_DEV_PATH_PARSER
0193 select UCS2_STRING
0194 help
0195 Retrieve properties from EFI on Apple Macs and assign them to
0196 devices, allowing for improved support of Apple hardware.
0197 Properties that would otherwise be missing include the
0198 Thunderbolt Device ROM and GPU configuration data.
0199
0200 If unsure, say Y if you have a Mac. Otherwise N.
0201
0202 config RESET_ATTACK_MITIGATION
0203 bool "Reset memory attack mitigation"
0204 depends on EFI_STUB
0205 help
0206 Request that the firmware clear the contents of RAM after a reboot
0207 using the TCG Platform Reset Attack Mitigation specification. This
0208 protects against an attacker forcibly rebooting the system while it
0209 still contains secrets in RAM, booting another OS and extracting the
0210 secrets. This should only be enabled when userland is configured to
0211 clear the MemoryOverwriteRequest flag on clean shutdown after secrets
0212 have been evicted, since otherwise it will trigger even on clean
0213 reboots.
0214
0215 config EFI_RCI2_TABLE
0216 bool "EFI Runtime Configuration Interface Table Version 2 Support"
0217 depends on X86 || COMPILE_TEST
0218 help
0219 Displays the content of the Runtime Configuration Interface
0220 Table version 2 on Dell EMC PowerEdge systems as a binary
0221 attribute 'rci2' under /sys/firmware/efi/tables directory.
0222
0223 RCI2 table contains BIOS HII in XML format and is used to populate
0224 BIOS setup page in Dell EMC OpenManage Server Administrator tool.
0225 The BIOS setup page contains BIOS tokens which can be configured.
0226
0227 Say Y here for Dell EMC PowerEdge systems.
0228
0229 config EFI_DISABLE_PCI_DMA
0230 bool "Clear Busmaster bit on PCI bridges during ExitBootServices()"
0231 help
0232 Disable the busmaster bit in the control register on all PCI bridges
0233 while calling ExitBootServices() and passing control to the runtime
0234 kernel. System firmware may configure the IOMMU to prevent malicious
0235 PCI devices from being able to attack the OS via DMA. However, since
0236 firmware can't guarantee that the OS is IOMMU-aware, it will tear
0237 down IOMMU configuration when ExitBootServices() is called. This
0238 leaves a window between where a hostile device could still cause
0239 damage before Linux configures the IOMMU again.
0240
0241 If you say Y here, the EFI stub will clear the busmaster bit on all
0242 PCI bridges before ExitBootServices() is called. This will prevent
0243 any malicious PCI devices from being able to perform DMA until the
0244 kernel reenables busmastering after configuring the IOMMU.
0245
0246 This option will cause failures with some poorly behaved hardware
0247 and should not be enabled without testing. The kernel commandline
0248 options "efi=disable_early_pci_dma" or "efi=no_disable_early_pci_dma"
0249 may be used to override this option.
0250
0251 config EFI_EARLYCON
0252 def_bool y
0253 depends on SERIAL_EARLYCON && !ARM && !IA64
0254 select FONT_SUPPORT
0255 select ARCH_USE_MEMREMAP_PROT
0256
0257 config EFI_CUSTOM_SSDT_OVERLAYS
0258 bool "Load custom ACPI SSDT overlay from an EFI variable"
0259 depends on ACPI
0260 default ACPI_TABLE_UPGRADE
0261 help
0262 Allow loading of an ACPI SSDT overlay from an EFI variable specified
0263 by a kernel command line option.
0264
0265 See Documentation/admin-guide/acpi/ssdt-overlays.rst for more
0266 information.
0267
0268 config EFI_DISABLE_RUNTIME
0269 bool "Disable EFI runtime services support by default"
0270 default y if PREEMPT_RT
0271 help
0272 Allow to disable the EFI runtime services support by default. This can
0273 already be achieved by using the efi=noruntime option, but it could be
0274 useful to have this default without any kernel command line parameter.
0275
0276 The EFI runtime services are disabled by default when PREEMPT_RT is
0277 enabled, because measurements have shown that some EFI functions calls
0278 might take too much time to complete, causing large latencies which is
0279 an issue for Real-Time kernels.
0280
0281 This default can be overridden by using the efi=runtime option.
0282
0283 config EFI_COCO_SECRET
0284 bool "EFI Confidential Computing Secret Area Support"
0285 help
0286 Confidential Computing platforms (such as AMD SEV) allow the
0287 Guest Owner to securely inject secrets during guest VM launch.
0288 The secrets are placed in a designated EFI reserved memory area.
0289
0290 In order to use the secrets in the kernel, the location of the secret
0291 area (as published in the EFI config table) must be kept.
0292
0293 If you say Y here, the address of the EFI secret area will be kept
0294 for usage inside the kernel. This will allow the
0295 virt/coco/efi_secret module to access the secrets, which in turn
0296 allows userspace programs to access the injected secrets.
0297
0298 config EFI_EMBEDDED_FIRMWARE
0299 bool
0300 select CRYPTO_LIB_SHA256
0301
0302 endmenu
0303
0304 config UEFI_CPER
0305 bool
0306
0307 config UEFI_CPER_ARM
0308 bool
0309 depends on UEFI_CPER && ( ARM || ARM64 )
0310 default y
0311
0312 config UEFI_CPER_X86
0313 bool
0314 depends on UEFI_CPER && X86
0315 default y
