sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

payloads/edk2: Add Kconfig to enable UEFI Secure Boot support

Browse Source 
Now that MrChromebox's default edk2 branch supports Secure Boot, add a
Kconfig to enable it, and do so by default when MrChromebox's branch
is used and SMMSTORE_V2 is enabled (which is a prerequisite).

TEST=build/boot google boards link, panther, lulu,reef, ampton, akemi,
and banshee, verify Secure Boot options available in payload, Secure
Boot status reported properly by Linux/Windows.

Change-Id: I4be58c3315cabe08729d717c59203fdc6a3e2958
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74869
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Matt DeVillier
2023-04-30 15:10:57 -05:00
committed by Matt DeVillier
parent b8fd41b441
commit a38e2484ac
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
payloads/external/Makefile.inc vendored
View File

@@ -188,6 +188,7 @@ $(obj)/UEFIPAYLOAD.fd: $(DOTCONFIG)
CONFIG_ECAM_MMCONF_LENGTH=$(CONFIG_ECAM_MMCONF_LENGTH) \ CONFIG_ECAM_MMCONF_LENGTH=$(CONFIG_ECAM_MMCONF_LENGTH) \
CONFIG_CPU_XTAL_HZ=$(CONFIG_CPU_XTAL_HZ) \ CONFIG_CPU_XTAL_HZ=$(CONFIG_CPU_XTAL_HZ) \
CONFIG_SMMSTORE_V2=$(CONFIG_SMMSTORE_v2) \ CONFIG_SMMSTORE_V2=$(CONFIG_SMMSTORE_v2) \
CONFIG_EDK2_SECURE_BOOT_SUPPORT=$(CONFIG_EDK2_SECURE_BOOT_SUPPORT) \
GCC_CC_x86_32=$(GCC_CC_x86_32) \ GCC_CC_x86_32=$(GCC_CC_x86_32) \
GCC_CC_x86_64=$(GCC_CC_x86_64) \ GCC_CC_x86_64=$(GCC_CC_x86_64) \
GCC_CC_arm=$(GCC_CC_arm) \ GCC_CC_arm=$(GCC_CC_arm) \

8
payloads/external/edk2/Kconfig vendored
View File

@@ -242,6 +242,14 @@ config EDK2_SERIAL_SUPPORT
Enable serial port output in edk2. Serial output limits the performance of edk2's Enable serial port output in edk2. Serial output limits the performance of edk2's
FrontPage. FrontPage.
config EDK2_SECURE_BOOT_SUPPORT
bool "Enable UEFI Secure Boot support"
depends on EDK2_REPO_MRCHROMEBOX && SMMSTORE_V2
default y if EDK2_REPO_MRCHROMEBOX && SMMSTORE_V2
help
Select this option to enable UEFI SecureBoot support in edk2.
UEFI SecureBoot will be disabled by default and can be enabled from the menu option.
config EDK2_CUSTOM_BUILD_PARAMS config EDK2_CUSTOM_BUILD_PARAMS
string "edk2 additional custom build parameters" string "edk2 additional custom build parameters"
default "-D VARIABLE_SUPPORT=SMMSTORE" if EDK2_REPO_MRCHROMEBOX && SMMSTORE_V2 default "-D VARIABLE_SUPPORT=SMMSTORE" if EDK2_REPO_MRCHROMEBOX && SMMSTORE_V2

4
payloads/external/edk2/Makefile vendored
View File

@@ -111,6 +111,10 @@ endif
ifneq ($(CONFIG_EDK2_SD_MMC_TIMEOUT),) ifneq ($(CONFIG_EDK2_SD_MMC_TIMEOUT),)
BUILD_STR += -D SD_MMC_TIMEOUT=$(shell echo $$(( $(CONFIG_EDK2_SD_MMC_TIMEOUT) * 1000)) ) BUILD_STR += -D SD_MMC_TIMEOUT=$(shell echo $$(( $(CONFIG_EDK2_SD_MMC_TIMEOUT) * 1000)) )
endif endif
# EDK2_SECURE_BOOT_SUPPORT = FALSE
ifeq ($(CONFIG_EDK2_SECURE_BOOT_SUPPORT), y)
BUILD_STR += -D SECURE_BOOT_ENABLE=TRUE
endif
# #
# EDKII has the below PCDs that are relevant to coreboot: # EDKII has the below PCDs that are relevant to coreboot: