389711b374
This adds a driver to communicate with the firmware running on the secure processor of the Turris Mox router, enabling the kernel to retrieve true random numbers from the Entropy Bit Generator and to read some information burned into eFuses when device was manufactured: and to sign messages with the ECDSA private key burned into each Turris Mox device when manufacturing. This also adds support to read other information burned into eFuses: - serial number - board version - MAC addresses - RAM size - ECDSA public key (this is not read directly from eFuses, rather it is computed by the firmware as pair to the burned private key) The source code of the firmware is open source and can be found at https://gitlab.labs.nic.cz/turris/mox-boot-builder/tree/master/wtmi The firmware is also able to, on demand, sign messages with the burned ECDSA private key, but since Linux's akcipher API is not yet stable (and therefore not exposed to userspace via netlink), this functionality is not supported yet. Link: https://lore.kernel.org/r/20190822014318.19478-3-marek.behun@nic.cz Signed-off-by: Marek Behún <marek.behun@nic.cz> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
300 lines
11 KiB
Plaintext
300 lines
11 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
#
|
|
# For a description of the syntax of this configuration file,
|
|
# see Documentation/kbuild/kconfig-language.rst.
|
|
#
|
|
|
|
menu "Firmware Drivers"
|
|
|
|
config ARM_SCMI_PROTOCOL
|
|
bool "ARM System Control and Management Interface (SCMI) Message Protocol"
|
|
depends on ARM || ARM64 || COMPILE_TEST
|
|
depends on MAILBOX
|
|
help
|
|
ARM System Control and Management Interface (SCMI) protocol is a
|
|
set of operating system-independent software interfaces that are
|
|
used in system management. SCMI is extensible and currently provides
|
|
interfaces for: Discovery and self-description of the interfaces
|
|
it supports, Power domain management which is the ability to place
|
|
a given device or domain into the various power-saving states that
|
|
it supports, Performance management which is the ability to control
|
|
the performance of a domain that is composed of compute engines
|
|
such as application processors and other accelerators, Clock
|
|
management which is the ability to set and inquire rates on platform
|
|
managed clocks and Sensor management which is the ability to read
|
|
sensor data, and be notified of sensor value.
|
|
|
|
This protocol library provides interface for all the client drivers
|
|
making use of the features offered by the SCMI.
|
|
|
|
config ARM_SCMI_POWER_DOMAIN
|
|
tristate "SCMI power domain driver"
|
|
depends on ARM_SCMI_PROTOCOL || (COMPILE_TEST && OF)
|
|
default y
|
|
select PM_GENERIC_DOMAINS if PM
|
|
help
|
|
This enables support for the SCMI power domains which can be
|
|
enabled or disabled via the SCP firmware
|
|
|
|
This driver can also be built as a module. If so, the module
|
|
will be called scmi_pm_domain. Note this may needed early in boot
|
|
before rootfs may be available.
|
|
|
|
config ARM_SCPI_PROTOCOL
|
|
tristate "ARM System Control and Power Interface (SCPI) Message Protocol"
|
|
depends on ARM || ARM64 || COMPILE_TEST
|
|
depends on MAILBOX
|
|
help
|
|
System Control and Power Interface (SCPI) Message Protocol is
|
|
defined for the purpose of communication between the Application
|
|
Cores(AP) and the System Control Processor(SCP). The MHU peripheral
|
|
provides a mechanism for inter-processor communication between SCP
|
|
and AP.
|
|
|
|
SCP controls most of the power managament on the Application
|
|
Processors. It offers control and management of: the core/cluster
|
|
power states, various power domain DVFS including the core/cluster,
|
|
certain system clocks configuration, thermal sensors and many
|
|
others.
|
|
|
|
This protocol library provides interface for all the client drivers
|
|
making use of the features offered by the SCP.
|
|
|
|
config ARM_SCPI_POWER_DOMAIN
|
|
tristate "SCPI power domain driver"
|
|
depends on ARM_SCPI_PROTOCOL || (COMPILE_TEST && OF)
|
|
default y
|
|
select PM_GENERIC_DOMAINS if PM
|
|
help
|
|
This enables support for the SCPI power domains which can be
|
|
enabled or disabled via the SCP firmware
|
|
|
|
config ARM_SDE_INTERFACE
|
|
bool "ARM Software Delegated Exception Interface (SDEI)"
|
|
depends on ARM64
|
|
help
|
|
The Software Delegated Exception Interface (SDEI) is an ARM
|
|
standard for registering callbacks from the platform firmware
|
|
into the OS. This is typically used to implement RAS notifications.
|
|
|
|
config EDD
|
|
tristate "BIOS Enhanced Disk Drive calls determine boot disk"
|
|
depends on X86
|
|
help
|
|
Say Y or M here if you want to enable BIOS Enhanced Disk Drive
|
|
Services real mode BIOS calls to determine which disk
|
|
BIOS tries boot from. This information is then exported via sysfs.
|
|
|
|
This option is experimental and is known to fail to boot on some
|
|
obscure configurations. Most disk controller BIOS vendors do
|
|
not yet implement this feature.
|
|
|
|
config EDD_OFF
|
|
bool "Sets default behavior for EDD detection to off"
|
|
depends on EDD
|
|
default n
|
|
help
|
|
Say Y if you want EDD disabled by default, even though it is compiled into the
|
|
kernel. Say N if you want EDD enabled by default. EDD can be dynamically set
|
|
using the kernel parameter 'edd={on|skipmbr|off}'.
|
|
|
|
config FIRMWARE_MEMMAP
|
|
bool "Add firmware-provided memory map to sysfs" if EXPERT
|
|
default X86
|
|
help
|
|
Add the firmware-provided (unmodified) memory map to /sys/firmware/memmap.
|
|
That memory map is used for example by kexec to set up parameter area
|
|
for the next kernel, but can also be used for debugging purposes.
|
|
|
|
See also Documentation/ABI/testing/sysfs-firmware-memmap.
|
|
|
|
config EFI_PCDP
|
|
bool "Console device selection via EFI PCDP or HCDP table"
|
|
depends on ACPI && EFI && IA64
|
|
default y if IA64
|
|
help
|
|
If your firmware supplies the PCDP table, and you want to
|
|
automatically use the primary console device it describes
|
|
as the Linux console, say Y here.
|
|
|
|
If your firmware supplies the HCDP table, and you want to
|
|
use the first serial port it describes as the Linux console,
|
|
say Y here. If your EFI ConOut path contains only a UART
|
|
device, it will become the console automatically. Otherwise,
|
|
you must specify the "console=hcdp" kernel boot argument.
|
|
|
|
Neither the PCDP nor the HCDP affects naming of serial devices,
|
|
so a serial console may be /dev/ttyS0, /dev/ttyS1, etc, depending
|
|
on how the driver discovers devices.
|
|
|
|
You must also enable the appropriate drivers (serial, VGA, etc.)
|
|
|
|
See DIG64_HCDPv20_042804.pdf available from
|
|
<http://www.dig64.org/specifications/>
|
|
|
|
config DMIID
|
|
bool "Export DMI identification via sysfs to userspace"
|
|
depends on DMI
|
|
default y
|
|
help
|
|
Say Y here if you want to query SMBIOS/DMI system identification
|
|
information from userspace through /sys/class/dmi/id/ or if you want
|
|
DMI-based module auto-loading.
|
|
|
|
config DMI_SYSFS
|
|
tristate "DMI table support in sysfs"
|
|
depends on SYSFS && DMI
|
|
default n
|
|
help
|
|
Say Y or M here to enable the exporting of the raw DMI table
|
|
data via sysfs. This is useful for consuming the data without
|
|
requiring any access to /dev/mem at all. Tables are found
|
|
under /sys/firmware/dmi when this option is enabled and
|
|
loaded.
|
|
|
|
config DMI_SCAN_MACHINE_NON_EFI_FALLBACK
|
|
bool
|
|
|
|
config ISCSI_IBFT_FIND
|
|
bool "iSCSI Boot Firmware Table Attributes"
|
|
depends on X86 && ACPI
|
|
default n
|
|
help
|
|
This option enables the kernel to find the region of memory
|
|
in which the ISCSI Boot Firmware Table (iBFT) resides. This
|
|
is necessary for iSCSI Boot Firmware Table Attributes module to work
|
|
properly.
|
|
|
|
config ISCSI_IBFT
|
|
tristate "iSCSI Boot Firmware Table Attributes module"
|
|
select ISCSI_BOOT_SYSFS
|
|
depends on ISCSI_IBFT_FIND && SCSI && SCSI_LOWLEVEL
|
|
default n
|
|
help
|
|
This option enables support for detection and exposing of iSCSI
|
|
Boot Firmware Table (iBFT) via sysfs to userspace. If you wish to
|
|
detect iSCSI boot parameters dynamically during system boot, say Y.
|
|
Otherwise, say N.
|
|
|
|
config RASPBERRYPI_FIRMWARE
|
|
tristate "Raspberry Pi Firmware Driver"
|
|
depends on BCM2835_MBOX
|
|
help
|
|
This option enables support for communicating with the firmware on the
|
|
Raspberry Pi.
|
|
|
|
config FW_CFG_SYSFS
|
|
tristate "QEMU fw_cfg device support in sysfs"
|
|
depends on SYSFS && (ARM || ARM64 || PPC_PMAC || SPARC || X86)
|
|
depends on HAS_IOPORT_MAP
|
|
default n
|
|
help
|
|
Say Y or M here to enable the exporting of the QEMU firmware
|
|
configuration (fw_cfg) file entries via sysfs. Entries are
|
|
found under /sys/firmware/fw_cfg when this option is enabled
|
|
and loaded.
|
|
|
|
config FW_CFG_SYSFS_CMDLINE
|
|
bool "QEMU fw_cfg device parameter parsing"
|
|
depends on FW_CFG_SYSFS
|
|
help
|
|
Allow the qemu_fw_cfg device to be initialized via the kernel
|
|
command line or using a module parameter.
|
|
WARNING: Using incorrect parameters (base address in particular)
|
|
may crash your system.
|
|
|
|
config INTEL_STRATIX10_SERVICE
|
|
tristate "Intel Stratix10 Service Layer"
|
|
depends on ARCH_STRATIX10 && HAVE_ARM_SMCCC
|
|
default n
|
|
help
|
|
Intel Stratix10 service layer runs at privileged exception level,
|
|
interfaces with the service providers (FPGA manager is one of them)
|
|
and manages secure monitor call to communicate with secure monitor
|
|
software at secure monitor exception level.
|
|
|
|
Say Y here if you want Stratix10 service layer support.
|
|
|
|
config QCOM_SCM
|
|
bool
|
|
depends on ARM || ARM64
|
|
select RESET_CONTROLLER
|
|
|
|
config QCOM_SCM_32
|
|
def_bool y
|
|
depends on QCOM_SCM && ARM
|
|
|
|
config QCOM_SCM_64
|
|
def_bool y
|
|
depends on QCOM_SCM && ARM64
|
|
|
|
config QCOM_SCM_DOWNLOAD_MODE_DEFAULT
|
|
bool "Qualcomm download mode enabled by default"
|
|
depends on QCOM_SCM
|
|
help
|
|
A device with "download mode" enabled will upon an unexpected
|
|
warm-restart enter a special debug mode that allows the user to
|
|
"download" memory content over USB for offline postmortem analysis.
|
|
The feature can be enabled/disabled on the kernel command line.
|
|
|
|
Say Y here to enable "download mode" by default.
|
|
|
|
config TI_SCI_PROTOCOL
|
|
tristate "TI System Control Interface (TISCI) Message Protocol"
|
|
depends on TI_MESSAGE_MANAGER
|
|
help
|
|
TI System Control Interface (TISCI) Message Protocol is used to manage
|
|
compute systems such as ARM, DSP etc with the system controller in
|
|
complex System on Chip(SoC) such as those found on certain keystone
|
|
generation SoC from TI.
|
|
|
|
System controller provides various facilities including power
|
|
management function support.
|
|
|
|
This protocol library is used by client drivers to use the features
|
|
provided by the system controller.
|
|
|
|
config TRUSTED_FOUNDATIONS
|
|
bool "Trusted Foundations secure monitor support"
|
|
depends on ARM && CPU_V7
|
|
help
|
|
Some devices (including most early Tegra-based consumer devices on
|
|
the market) are booted with the Trusted Foundations secure monitor
|
|
active, requiring some core operations to be performed by the secure
|
|
monitor instead of the kernel.
|
|
|
|
This option allows the kernel to invoke the secure monitor whenever
|
|
required on devices using Trusted Foundations. See the functions and
|
|
comments in linux/firmware/trusted_foundations.h or the device tree
|
|
bindings for "tlm,trusted-foundations" for details on how to use it.
|
|
|
|
Choose N if you don't know what this is about.
|
|
|
|
config TURRIS_MOX_RWTM
|
|
tristate "Turris Mox rWTM secure firmware driver"
|
|
depends on ARCH_MVEBU || COMPILE_TEST
|
|
depends on HAS_DMA && OF
|
|
depends on MAILBOX
|
|
select HW_RANDOM
|
|
select ARMADA_37XX_RWTM_MBOX
|
|
help
|
|
This driver communicates with the firmware on the Cortex-M3 secure
|
|
processor of the Turris Mox router. Enable if you are building for
|
|
Turris Mox, and you will be able to read the device serial number and
|
|
other manufacturing data and also utilize the Entropy Bit Generator
|
|
for hardware random number generation.
|
|
|
|
config HAVE_ARM_SMCCC
|
|
bool
|
|
|
|
source "drivers/firmware/psci/Kconfig"
|
|
source "drivers/firmware/broadcom/Kconfig"
|
|
source "drivers/firmware/google/Kconfig"
|
|
source "drivers/firmware/efi/Kconfig"
|
|
source "drivers/firmware/imx/Kconfig"
|
|
source "drivers/firmware/meson/Kconfig"
|
|
source "drivers/firmware/tegra/Kconfig"
|
|
source "drivers/firmware/xilinx/Kconfig"
|
|
|
|
endmenu
|