1# SPDX-License-Identifier: GPL-2.0-only 2menu "EFI (Extensible Firmware Interface) Support" 3 depends on EFI 4 5config EFI_VARS 6 tristate "EFI Variable Support via sysfs" 7 depends on EFI && (X86 || IA64) 8 default n 9 help 10 If you say Y here, you are able to get EFI (Extensible Firmware 11 Interface) variable information via sysfs. You may read, 12 write, create, and destroy EFI variables through this interface. 13 Note that this driver is only retained for compatibility with 14 legacy users: new users should use the efivarfs filesystem 15 instead. 16 17config EFI_ESRT 18 bool 19 depends on EFI && !IA64 20 default y 21 22config EFI_VARS_PSTORE 23 tristate "Register efivars backend for pstore" 24 depends on PSTORE 25 default y 26 help 27 Say Y here to enable use efivars as a backend to pstore. This 28 will allow writing console messages, crash dumps, or anything 29 else supported by pstore to EFI variables. 30 31config EFI_VARS_PSTORE_DEFAULT_DISABLE 32 bool "Disable using efivars as a pstore backend by default" 33 depends on EFI_VARS_PSTORE 34 default n 35 help 36 Saying Y here will disable the use of efivars as a storage 37 backend for pstore by default. This setting can be overridden 38 using the efivars module's pstore_disable parameter. 39 40config EFI_RUNTIME_MAP 41 bool "Export efi runtime maps to sysfs" 42 depends on X86 && EFI && KEXEC_CORE 43 default y 44 help 45 Export efi runtime memory maps to /sys/firmware/efi/runtime-map. 46 That memory map is used for example by kexec to set up efi virtual 47 mapping the 2nd kernel, but can also be used for debugging purposes. 48 49 See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map. 50 51config EFI_FAKE_MEMMAP 52 bool "Enable EFI fake memory map" 53 depends on EFI && X86 54 default n 55 help 56 Saying Y here will enable "efi_fake_mem" boot option. 57 By specifying this parameter, you can add arbitrary attribute 58 to specific memory range by updating original (firmware provided) 59 EFI memmap. 60 This is useful for debugging of EFI memmap related feature. 61 e.g. Address Range Mirroring feature. 62 63config EFI_MAX_FAKE_MEM 64 int "maximum allowable number of ranges in efi_fake_mem boot option" 65 depends on EFI_FAKE_MEMMAP 66 range 1 128 67 default 8 68 help 69 Maximum allowable number of ranges in efi_fake_mem boot option. 70 Ranges can be set up to this value using comma-separated list. 71 The default value is 8. 72 73config EFI_SOFT_RESERVE 74 bool "Reserve EFI Specific Purpose Memory" 75 depends on EFI && EFI_STUB && ACPI_HMAT 76 default ACPI_HMAT 77 help 78 On systems that have mixed performance classes of memory EFI 79 may indicate specific purpose memory with an attribute (See 80 EFI_MEMORY_SP in UEFI 2.8). A memory range tagged with this 81 attribute may have unique performance characteristics compared 82 to the system's general purpose "System RAM" pool. On the 83 expectation that such memory has application specific usage, 84 and its base EFI memory type is "conventional" answer Y to 85 arrange for the kernel to reserve it as a "Soft Reserved" 86 resource, and set aside for direct-access (device-dax) by 87 default. The memory range can later be optionally assigned to 88 the page allocator by system administrator policy via the 89 device-dax kmem facility. Say N to have the kernel treat this 90 memory as "System RAM" by default. 91 92 If unsure, say Y. 93 94config EFI_DXE_MEM_ATTRIBUTES 95 bool "Adjust memory attributes in EFISTUB" 96 depends on EFI && EFI_STUB && X86 97 default y 98 help 99 UEFI specification does not guarantee all memory to be 100 accessible for both write and execute as the kernel expects 101 it to be. 102 Use DXE services to check and alter memory protection 103 attributes during boot via EFISTUB to ensure that memory 104 ranges used by the kernel are writable and executable. 105 106config EFI_PARAMS_FROM_FDT 107 bool 108 help 109 Select this config option from the architecture Kconfig if 110 the EFI runtime support gets system table address, memory 111 map address, and other parameters from the device tree. 112 113config EFI_RUNTIME_WRAPPERS 114 bool 115 116config EFI_GENERIC_STUB 117 bool 118 119config EFI_ARMSTUB_DTB_LOADER 120 bool "Enable the DTB loader" 121 depends on EFI_GENERIC_STUB && !RISCV 122 default y 123 help 124 Select this config option to add support for the dtb= command 125 line parameter, allowing a device tree blob to be loaded into 126 memory from the EFI System Partition by the stub. 127 128 If the device tree is provided by the platform or by 129 the bootloader this option may not be needed. 130 But, for various development reasons and to maintain existing 131 functionality for bootloaders that do not have such support 132 this option is necessary. 133 134config EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER 135 bool "Enable the command line initrd loader" if !X86 136 depends on EFI_STUB && (EFI_GENERIC_STUB || X86) 137 default y if X86 138 depends on !RISCV 139 help 140 Select this config option to add support for the initrd= command 141 line parameter, allowing an initrd that resides on the same volume 142 as the kernel image to be loaded into memory. 143 144 This method is deprecated. 145 146config EFI_BOOTLOADER_CONTROL 147 tristate "EFI Bootloader Control" 148 default n 149 help 150 This module installs a reboot hook, such that if reboot() is 151 invoked with a string argument NNN, "NNN" is copied to the 152 "LoaderEntryOneShot" EFI variable, to be read by the 153 bootloader. If the string matches one of the boot labels 154 defined in its configuration, the bootloader will boot once 155 to that label. The "LoaderEntryRebootReason" EFI variable is 156 set with the reboot reason: "reboot" or "shutdown". The 157 bootloader reads this reboot reason and takes particular 158 action according to its policy. 159 160config EFI_CAPSULE_LOADER 161 tristate "EFI capsule loader" 162 depends on EFI && !IA64 163 help 164 This option exposes a loader interface "/dev/efi_capsule_loader" for 165 users to load EFI capsules. This driver requires working runtime 166 capsule support in the firmware, which many OEMs do not provide. 167 168 Most users should say N. 169 170config EFI_CAPSULE_QUIRK_QUARK_CSH 171 bool "Add support for Quark capsules with non-standard headers" 172 depends on X86 && !64BIT 173 select EFI_CAPSULE_LOADER 174 default y 175 help 176 Add support for processing Quark X1000 EFI capsules, whose header 177 layout deviates from the layout mandated by the UEFI specification. 178 179config EFI_TEST 180 tristate "EFI Runtime Service Tests Support" 181 depends on EFI 182 default n 183 help 184 This driver uses the efi.<service> function pointers directly instead 185 of going through the efivar API, because it is not trying to test the 186 kernel subsystem, just for testing the UEFI runtime service 187 interfaces which are provided by the firmware. This driver is used 188 by the Firmware Test Suite (FWTS) for testing the UEFI runtime 189 interfaces readiness of the firmware. 190 Details for FWTS are available from: 191 <https://wiki.ubuntu.com/FirmwareTestSuite> 192 193 Say Y here to enable the runtime services support via /dev/efi_test. 194 If unsure, say N. 195 196config EFI_DEV_PATH_PARSER 197 bool 198 199config APPLE_PROPERTIES 200 bool "Apple Device Properties" 201 depends on EFI_STUB && X86 202 select EFI_DEV_PATH_PARSER 203 select UCS2_STRING 204 help 205 Retrieve properties from EFI on Apple Macs and assign them to 206 devices, allowing for improved support of Apple hardware. 207 Properties that would otherwise be missing include the 208 Thunderbolt Device ROM and GPU configuration data. 209 210 If unsure, say Y if you have a Mac. Otherwise N. 211 212config RESET_ATTACK_MITIGATION 213 bool "Reset memory attack mitigation" 214 depends on EFI_STUB 215 help 216 Request that the firmware clear the contents of RAM after a reboot 217 using the TCG Platform Reset Attack Mitigation specification. This 218 protects against an attacker forcibly rebooting the system while it 219 still contains secrets in RAM, booting another OS and extracting the 220 secrets. This should only be enabled when userland is configured to 221 clear the MemoryOverwriteRequest flag on clean shutdown after secrets 222 have been evicted, since otherwise it will trigger even on clean 223 reboots. 224 225config EFI_RCI2_TABLE 226 bool "EFI Runtime Configuration Interface Table Version 2 Support" 227 depends on X86 || COMPILE_TEST 228 help 229 Displays the content of the Runtime Configuration Interface 230 Table version 2 on Dell EMC PowerEdge systems as a binary 231 attribute 'rci2' under /sys/firmware/efi/tables directory. 232 233 RCI2 table contains BIOS HII in XML format and is used to populate 234 BIOS setup page in Dell EMC OpenManage Server Administrator tool. 235 The BIOS setup page contains BIOS tokens which can be configured. 236 237 Say Y here for Dell EMC PowerEdge systems. 238 239config EFI_DISABLE_PCI_DMA 240 bool "Clear Busmaster bit on PCI bridges during ExitBootServices()" 241 help 242 Disable the busmaster bit in the control register on all PCI bridges 243 while calling ExitBootServices() and passing control to the runtime 244 kernel. System firmware may configure the IOMMU to prevent malicious 245 PCI devices from being able to attack the OS via DMA. However, since 246 firmware can't guarantee that the OS is IOMMU-aware, it will tear 247 down IOMMU configuration when ExitBootServices() is called. This 248 leaves a window between where a hostile device could still cause 249 damage before Linux configures the IOMMU again. 250 251 If you say Y here, the EFI stub will clear the busmaster bit on all 252 PCI bridges before ExitBootServices() is called. This will prevent 253 any malicious PCI devices from being able to perform DMA until the 254 kernel reenables busmastering after configuring the IOMMU. 255 256 This option will cause failures with some poorly behaved hardware 257 and should not be enabled without testing. The kernel commandline 258 options "efi=disable_early_pci_dma" or "efi=no_disable_early_pci_dma" 259 may be used to override this option. 260 261config EFI_EARLYCON 262 def_bool y 263 depends on SERIAL_EARLYCON && !ARM && !IA64 264 select FONT_SUPPORT 265 select ARCH_USE_MEMREMAP_PROT 266 267config EFI_CUSTOM_SSDT_OVERLAYS 268 bool "Load custom ACPI SSDT overlay from an EFI variable" 269 depends on ACPI 270 default ACPI_TABLE_UPGRADE 271 help 272 Allow loading of an ACPI SSDT overlay from an EFI variable specified 273 by a kernel command line option. 274 275 See Documentation/admin-guide/acpi/ssdt-overlays.rst for more 276 information. 277 278config EFI_DISABLE_RUNTIME 279 bool "Disable EFI runtime services support by default" 280 default y if PREEMPT_RT 281 help 282 Allow to disable the EFI runtime services support by default. This can 283 already be achieved by using the efi=noruntime option, but it could be 284 useful to have this default without any kernel command line parameter. 285 286 The EFI runtime services are disabled by default when PREEMPT_RT is 287 enabled, because measurements have shown that some EFI functions calls 288 might take too much time to complete, causing large latencies which is 289 an issue for Real-Time kernels. 290 291 This default can be overridden by using the efi=runtime option. 292 293config EFI_COCO_SECRET 294 bool "EFI Confidential Computing Secret Area Support" 295 help 296 Confidential Computing platforms (such as AMD SEV) allow the 297 Guest Owner to securely inject secrets during guest VM launch. 298 The secrets are placed in a designated EFI reserved memory area. 299 300 In order to use the secrets in the kernel, the location of the secret 301 area (as published in the EFI config table) must be kept. 302 303 If you say Y here, the address of the EFI secret area will be kept 304 for usage inside the kernel. This will allow the 305 virt/coco/efi_secret module to access the secrets, which in turn 306 allows userspace programs to access the injected secrets. 307 308config EFI_EMBEDDED_FIRMWARE 309 bool 310 select CRYPTO_LIB_SHA256 311 312endmenu 313 314config UEFI_CPER 315 bool 316 317config UEFI_CPER_ARM 318 bool 319 depends on UEFI_CPER && ( ARM || ARM64 ) 320 default y 321 322config UEFI_CPER_X86 323 bool 324 depends on UEFI_CPER && X86 325 default y 326