^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) # SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) menu "EFI (Extensible Firmware Interface) Support"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) depends on EFI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) config EFI_VARS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) tristate "EFI Variable Support via sysfs"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) depends on EFI && (X86 || IA64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) If you say Y here, you are able to get EFI (Extensible Firmware
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) Interface) variable information via sysfs. You may read,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) write, create, and destroy EFI variables through this interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) Note that this driver is only retained for compatibility with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) legacy users: new users should use the efivarfs filesystem
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) instead.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) config EFI_ESRT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) depends on EFI && !IA64
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) config EFI_VARS_PSTORE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) tristate "Register efivars backend for pstore"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) depends on PSTORE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) Say Y here to enable use efivars as a backend to pstore. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) will allow writing console messages, crash dumps, or anything
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) else supported by pstore to EFI variables.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) config EFI_VARS_PSTORE_DEFAULT_DISABLE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) bool "Disable using efivars as a pstore backend by default"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) depends on EFI_VARS_PSTORE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) Saying Y here will disable the use of efivars as a storage
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) backend for pstore by default. This setting can be overridden
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) using the efivars module's pstore_disable parameter.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) config EFI_RUNTIME_MAP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) bool "Export efi runtime maps to sysfs"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) depends on X86 && EFI && KEXEC_CORE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) Export efi runtime memory maps to /sys/firmware/efi/runtime-map.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) That memory map is used for example by kexec to set up efi virtual
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) mapping the 2nd kernel, but can also be used for debugging purposes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) config EFI_FAKE_MEMMAP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) bool "Enable EFI fake memory map"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) depends on EFI && X86
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) Saying Y here will enable "efi_fake_mem" boot option.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) By specifying this parameter, you can add arbitrary attribute
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) to specific memory range by updating original (firmware provided)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) EFI memmap.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) This is useful for debugging of EFI memmap related feature.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) e.g. Address Range Mirroring feature.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) config EFI_MAX_FAKE_MEM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) int "maximum allowable number of ranges in efi_fake_mem boot option"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) depends on EFI_FAKE_MEMMAP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) range 1 128
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) default 8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) Maximum allowable number of ranges in efi_fake_mem boot option.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) Ranges can be set up to this value using comma-separated list.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) The default value is 8.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) config EFI_SOFT_RESERVE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) bool "Reserve EFI Specific Purpose Memory"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) depends on EFI && EFI_STUB && ACPI_HMAT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) default ACPI_HMAT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) On systems that have mixed performance classes of memory EFI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) may indicate specific purpose memory with an attribute (See
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) EFI_MEMORY_SP in UEFI 2.8). A memory range tagged with this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) attribute may have unique performance characteristics compared
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) to the system's general purpose "System RAM" pool. On the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) expectation that such memory has application specific usage,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) and its base EFI memory type is "conventional" answer Y to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) arrange for the kernel to reserve it as a "Soft Reserved"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) resource, and set aside for direct-access (device-dax) by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) default. The memory range can later be optionally assigned to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) the page allocator by system administrator policy via the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) device-dax kmem facility. Say N to have the kernel treat this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) memory as "System RAM" by default.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) If unsure, say Y.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) config EFI_PARAMS_FROM_FDT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) Select this config option from the architecture Kconfig if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) the EFI runtime support gets system table address, memory
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) map address, and other parameters from the device tree.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) config EFI_RUNTIME_WRAPPERS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) config EFI_GENERIC_STUB
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) config EFI_ARMSTUB_DTB_LOADER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) bool "Enable the DTB loader"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) depends on EFI_GENERIC_STUB && !RISCV
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) Select this config option to add support for the dtb= command
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) line parameter, allowing a device tree blob to be loaded into
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) memory from the EFI System Partition by the stub.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) If the device tree is provided by the platform or by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) the bootloader this option may not be needed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) But, for various development reasons and to maintain existing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) functionality for bootloaders that do not have such support
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) this option is necessary.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) config EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) bool "Enable the command line initrd loader" if !X86
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) depends on EFI_STUB && (EFI_GENERIC_STUB || X86)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) depends on !RISCV
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) Select this config option to add support for the initrd= command
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) line parameter, allowing an initrd that resides on the same volume
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) as the kernel image to be loaded into memory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) This method is deprecated.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) config EFI_BOOTLOADER_CONTROL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) tristate "EFI Bootloader Control"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) This module installs a reboot hook, such that if reboot() is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) invoked with a string argument NNN, "NNN" is copied to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) "LoaderEntryOneShot" EFI variable, to be read by the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) bootloader. If the string matches one of the boot labels
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) defined in its configuration, the bootloader will boot once
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) to that label. The "LoaderEntryRebootReason" EFI variable is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) set with the reboot reason: "reboot" or "shutdown". The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) bootloader reads this reboot reason and takes particular
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) action according to its policy.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) config EFI_CAPSULE_LOADER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) tristate "EFI capsule loader"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) depends on EFI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) This option exposes a loader interface "/dev/efi_capsule_loader" for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) users to load EFI capsules. This driver requires working runtime
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) capsule support in the firmware, which many OEMs do not provide.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) Most users should say N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) config EFI_CAPSULE_QUIRK_QUARK_CSH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) bool "Add support for Quark capsules with non-standard headers"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) depends on X86 && !64BIT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) select EFI_CAPSULE_LOADER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) Add support for processing Quark X1000 EFI capsules, whose header
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) layout deviates from the layout mandated by the UEFI specification.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) config EFI_TEST
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) tristate "EFI Runtime Service Tests Support"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) depends on EFI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) This driver uses the efi.<service> function pointers directly instead
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) of going through the efivar API, because it is not trying to test the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) kernel subsystem, just for testing the UEFI runtime service
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) interfaces which are provided by the firmware. This driver is used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) by the Firmware Test Suite (FWTS) for testing the UEFI runtime
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) interfaces readiness of the firmware.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) Details for FWTS are available from:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) <https://wiki.ubuntu.com/FirmwareTestSuite>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) Say Y here to enable the runtime services support via /dev/efi_test.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) If unsure, say N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) config APPLE_PROPERTIES
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) bool "Apple Device Properties"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) depends on EFI_STUB && X86
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) select EFI_DEV_PATH_PARSER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) select UCS2_STRING
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) Retrieve properties from EFI on Apple Macs and assign them to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) devices, allowing for improved support of Apple hardware.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) Properties that would otherwise be missing include the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) Thunderbolt Device ROM and GPU configuration data.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) If unsure, say Y if you have a Mac. Otherwise N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) config RESET_ATTACK_MITIGATION
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) bool "Reset memory attack mitigation"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) depends on EFI_STUB
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) Request that the firmware clear the contents of RAM after a reboot
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) using the TCG Platform Reset Attack Mitigation specification. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) protects against an attacker forcibly rebooting the system while it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) still contains secrets in RAM, booting another OS and extracting the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) secrets. This should only be enabled when userland is configured to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) clear the MemoryOverwriteRequest flag on clean shutdown after secrets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) have been evicted, since otherwise it will trigger even on clean
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) reboots.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) config EFI_RCI2_TABLE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) bool "EFI Runtime Configuration Interface Table Version 2 Support"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) depends on X86 || COMPILE_TEST
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) Displays the content of the Runtime Configuration Interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) Table version 2 on Dell EMC PowerEdge systems as a binary
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) attribute 'rci2' under /sys/firmware/efi/tables directory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) RCI2 table contains BIOS HII in XML format and is used to populate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) BIOS setup page in Dell EMC OpenManage Server Administrator tool.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) The BIOS setup page contains BIOS tokens which can be configured.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) Say Y here for Dell EMC PowerEdge systems.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) config EFI_DISABLE_PCI_DMA
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) bool "Clear Busmaster bit on PCI bridges during ExitBootServices()"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) Disable the busmaster bit in the control register on all PCI bridges
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) while calling ExitBootServices() and passing control to the runtime
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) kernel. System firmware may configure the IOMMU to prevent malicious
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) PCI devices from being able to attack the OS via DMA. However, since
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) firmware can't guarantee that the OS is IOMMU-aware, it will tear
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) down IOMMU configuration when ExitBootServices() is called. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) leaves a window between where a hostile device could still cause
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) damage before Linux configures the IOMMU again.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) If you say Y here, the EFI stub will clear the busmaster bit on all
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) PCI bridges before ExitBootServices() is called. This will prevent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) any malicious PCI devices from being able to perform DMA until the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) kernel reenables busmastering after configuring the IOMMU.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) This option will cause failures with some poorly behaved hardware
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) and should not be enabled without testing. The kernel commandline
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) options "efi=disable_early_pci_dma" or "efi=no_disable_early_pci_dma"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) may be used to override this option.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) endmenu
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) config EFI_EMBEDDED_FIRMWARE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) depends on EFI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) select CRYPTO_LIB_SHA256
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) config UEFI_CPER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) config UEFI_CPER_ARM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) depends on UEFI_CPER && ( ARM || ARM64 )
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) config UEFI_CPER_X86
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) depends on UEFI_CPER && X86
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) config EFI_DEV_PATH_PARSER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) depends on ACPI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) config EFI_EARLYCON
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) def_bool y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) depends on EFI && SERIAL_EARLYCON && !ARM && !IA64
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) select FONT_SUPPORT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) select ARCH_USE_MEMREMAP_PROT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) config EFI_CUSTOM_SSDT_OVERLAYS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) bool "Load custom ACPI SSDT overlay from an EFI variable"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) depends on EFI && ACPI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) default ACPI_TABLE_UPGRADE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) Allow loading of an ACPI SSDT overlay from an EFI variable specified
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) by a kernel command line option.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) See Documentation/admin-guide/acpi/ssdt-overlays.rst for more
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) information.
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags