| blob | 95eda31c9d2b8ceac54fcfe563dfd9e98cc482ad |
1 # SPDX-License-Identifier: GPL-2.0-only
3 config HAVE_INTEL_FIRMWARE
4 bool
5 default y if INTEL_DESCRIPTOR_MODE_CAPABLE
6 help
7 Platform uses the Intel Firmware Descriptor to describe the
8 layout of the SPI ROM chip. Enabling this option will allow you to
9 select further features that rely on this like providing individual
10 firmware blobs.
12 if HAVE_INTEL_FIRMWARE
14 comment "Intel Firmware"
16 config HAVE_IFD_BIN
17 bool "Add Intel descriptor.bin file"
18 select HAVE_EM100_SUPPORT # We use ifdtool to enable this.
19 help
20 The descriptor binary
22 config IFD_BIN_PATH
23 string "Path and filename of the descriptor.bin file"
24 default "3rdparty/blobs/mainboard/\$(MAINBOARDDIR)/descriptor.bin"
25 depends on HAVE_IFD_BIN
27 config HAVE_ME_BIN
28 bool "Add Intel ME/TXE firmware"
29 depends on HAVE_IFD_BIN
30 help
31 The Intel processor in the selected system requires a special firmware
32 for an integrated controller. This might be called the Management
33 Engine (ME), the Trusted Execution Engine (TXE) or something else
34 depending on the chip. This firmware might or might not be available
35 in coreboot's 3rdparty/blobs repository. If it is not and if you don't
36 have access to the firmware from elsewhere, you can still build
37 coreboot without it. In this case however, you'll have to make sure
38 that you don't overwrite your ME/TXE firmware on your flash ROM.
40 config STITCH_ME_BIN
41 bool "Stitch individual ME/CSE components"
42 default n
43 depends on HAVE_ME_BIN
44 help
45 This config can be selected by mainboard if it wants to stitch ME/CSE
46 components during build time instead of supplying a pre-stitched
47 binary.
49 config ME_BIN_PATH
50 string "Path to management engine firmware" if !STITCH_ME_BIN
51 default "3rdparty/blobs/mainboard/\$(MAINBOARDDIR)/me.bin"
52 depends on HAVE_ME_BIN && !STITCH_ME_BIN
54 config CHECK_ME
55 bool "Verify the integrity of the supplied ME/TXE firmware"
56 default n
57 depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_IRONLAKE || \
58 NORTHBRIDGE_INTEL_SANDYBRIDGE || \
59 NORTHBRIDGE_INTEL_HASWELL || \
60 SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \
61 SOC_INTEL_KABYLAKE || SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL)
62 help
63 Verify the integrity of the supplied Intel ME/TXE firmware before
64 proceeding with the build, in order to prevent an accidental loading
65 of a corrupted ME/TXE image.
67 config ME_REGION_ALLOW_CPU_READ_ACCESS
68 bool "Allows HOST/CPU read access to ME region"
69 depends on HAVE_IFD_BIN
70 default y if SOC_INTEL_CSE_LITE_SKU || SOC_INTEL_CSE_LITE_SYNC_BY_PAYLOAD
71 default n
72 help
73 The config ensures Host has read access to the ME region if it is locked
74 through LOCK_MANAGEMENT_ENGINE config. This config is enabled when the CSE
75 Lite SKU is integrated.
77 config USE_ME_CLEANER
78 bool "Strip down the Intel ME/TXE firmware"
79 depends on HAVE_ME_BIN && (NORTHBRIDGE_INTEL_IRONLAKE || \
80 NORTHBRIDGE_INTEL_SANDYBRIDGE || \
81 NORTHBRIDGE_INTEL_HASWELL || \
82 SOC_INTEL_BROADWELL || SOC_INTEL_SKYLAKE || \
83 SOC_INTEL_KABYLAKE || SOC_INTEL_BAYTRAIL || SOC_INTEL_BRASWELL)
84 help
85 Use me_cleaner to remove all the non-fundamental code from the Intel
86 ME/TXE firmware.
87 The resulting Intel ME/TXE firmware will have only the code
88 responsible for the very basic hardware initialization, leaving the
89 ME/TXE subsystem essentially in a disabled state.
91 Don't flash a modified ME/TXE firmware and a new coreboot image at the
92 same time, test them in two different steps.
94 WARNING: this tool isn't based on any official Intel documentation but
95 only on reverse engineering and trial & error.
97 See the project's page
98 https://github.com/corna/me_cleaner
99 or the wiki
100 https://github.com/corna/me_cleaner/wiki/How-to-apply-me_cleaner
101 https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F
102 https://github.com/corna/me_cleaner/wiki/me_cleaner-status
103 for more info about this tool
105 If unsure, say N.
107 comment "Please test coreboot with the original, unmodified ME firmware before using me_cleaner"
108 depends on USE_ME_CLEANER
110 config ME_CLEANER_ARGS
111 string
112 depends on USE_ME_CLEANER
113 default "-S"
115 config MAINBOARD_USES_IFD_GBE_REGION
116 def_bool n
118 config HAVE_GBE_BIN
119 bool "Add gigabit ethernet configuration"
120 depends on HAVE_IFD_BIN && MAINBOARD_USES_IFD_GBE_REGION
121 help
122 The integrated gigabit ethernet controller needs a configuration
123 file. Select this if you are going to use the PCH integrated
124 controller and want to add that file.
126 config GBE_BIN_PATH
127 string "Path to gigabit ethernet configuration"
128 depends on HAVE_GBE_BIN
129 default "3rdparty/blobs/mainboard/\$(MAINBOARDDIR)/gbe.bin"
131 config MAINBOARD_USES_IFD_EC_REGION
132 def_bool n
134 config HAVE_EC_BIN
135 bool "Add EC firmware"
136 depends on HAVE_IFD_BIN && MAINBOARD_USES_IFD_EC_REGION
137 help
138 The embedded controller needs a firmware file.
140 Select this if you are going to use the PCH integrated controller
141 and have the EC firmware. EC firmware will be added to final image
142 through ifdtool.
144 config EC_BIN_PATH
145 string "Path to EC firmware"
146 depends on HAVE_EC_BIN
147 default "3rdparty/blobs/mainboard/\$(MAINBOARDDIR)/ec.bin"
149 config MAINBOARD_USES_IFD_10GBE_0_REGION
150 def_bool n
152 config HAVE_10GBE_0_BIN
153 bool "Add 10GbE Firmware Region 0"
154 depends on HAVE_IFD_BIN && MAINBOARD_USES_IFD_10GBE_0_REGION
155 help
156 The 10GbE region firmware file for LAN device 0.
158 Select this if you are going to use the 10GbE 0 region and have the
159 firmware. The firmware will be added to final image through ifdtool.
161 config 10GBE_0_BIN_PATH
162 string "Path to 10GbE region 0 firmware"
163 depends on HAVE_10GBE_0_BIN
164 default "3rdparty/blobs/mainboard/\$(MAINBOARDDIR)/10gbe0.bin"
166 config MAINBOARD_USES_IFD_10GBE_1_REGION
167 def_bool n
168 depends on MAINBOARD_USES_IFD_10GBE_0_REGION
170 config HAVE_10GBE_1_BIN
171 bool "Add 10GbE Firmware Region 1"
172 depends on HAVE_IFD_BIN && MAINBOARD_USES_IFD_10GBE_1_REGION
173 help
174 The 10GbE region firmware file for LAN device 1.
176 Select this if you are going to use the 10GbE 1 region and have the
177 firmware. The firmware will be added to final image through ifdtool.
179 config 10GBE_1_BIN_PATH
180 string "Path to 10GbE region 1 firmware"
181 depends on HAVE_10GBE_1_BIN
182 default "3rdparty/blobs/mainboard/\$(MAINBOARDDIR)/10gbe1.bin"
184 choice
185 prompt "Protect flash regions" if HAVE_IFD_BIN
186 default UNLOCK_FLASH_REGIONS if HAVE_IFD_BIN
187 help
188 This option allows you to protect flash regions.
190 config DO_NOT_TOUCH_DESCRIPTOR_REGION
191 bool "Use the preset values to protect the regions"
192 help
193 Read and write access permissions to different regions in the flash
194 can be controlled via dedicated bitfields in the flash descriptor.
195 These permissions can be modified with the Intel Flash Descriptor
196 Tool (ifdtool). If you don't want to change these permissions and
197 keep the ones provided in the initial descriptor, use this option.
199 config LOCK_MANAGEMENT_ENGINE
200 bool "Lock ME/TXE section"
201 help
202 The Intel Firmware Descriptor supports preventing write and read
203 accesses from the host to the ME or TXE section. If the section
204 is locked, it can only be overwritten with an external SPI flash
205 programmer or HECI HMRFPO_ENABLE command needs to be sent to CSE
206 before writing to the ME Section. If CSE Lite SKU is integrated,
207 the Kconfig prevents only writing to the ME section.
209 If unsure, select "Unlock flash regions".
211 config UNLOCK_FLASH_REGIONS
212 bool "Unlock flash regions"
213 help
214 All regions are completely unprotected and can be overwritten using
215 a flash programming tool.
217 endchoice
219 config CBFS_SIZE
220 default 0x100000
221 help
222 Reduce CBFS size to give room to the IFD blobs.
224 endif #INTEL_FIRMWARE