diff options
Diffstat (limited to 'src/config')
50 files changed, 800 insertions, 288 deletions
diff --git a/src/config/branding.h b/src/config/branding.h index 454bf0c03..f28e1b5d2 100644 --- a/src/config/branding.h +++ b/src/config/branding.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/cloud/aws.ipxe b/src/config/cloud/aws.ipxe index 6c007398e..c1f40f340 100644 --- a/src/config/cloud/aws.ipxe +++ b/src/config/cloud/aws.ipxe @@ -1,7 +1,7 @@ #!ipxe -echo Amazon EC2 - iPXE boot via user-data -echo CPU: ${cpuvendor} ${cpumodel} +echo Amazon EC2 ${product} - iPXE boot via user-data +echo CPU: ${buildarch} ${cpuvendor} ${cpumodel} ifstat || set attempt:int8 1 diff --git a/src/config/cloud/ioapi.h b/src/config/cloud/ioapi.h index ba0896a9a..3ab05082f 100644 --- a/src/config/cloud/ioapi.h +++ b/src/config/cloud/ioapi.h @@ -4,4 +4,17 @@ #ifdef PLATFORM_pcbios #undef PCIAPI_PCBIOS #define PCIAPI_CLOUD +#define PCIAPI_RUNTIME_ECAM +#define PCIAPI_RUNTIME_PCBIOS +#define PCIAPI_RUNTIME_DIRECT +#endif + +/* Work around missing PCI host bridge drivers in the cut-down UEFI found + * in some AWS EC2 instances. + */ +#ifdef PLATFORM_efi +#undef PCIAPI_EFI +#define PCIAPI_CLOUD +#define PCIAPI_RUNTIME_EFI +#define PCIAPI_RUNTIME_ECAM #endif diff --git a/src/config/colour.h b/src/config/colour.h index 98198f12f..bde6f9719 100644 --- a/src/config/colour.h +++ b/src/config/colour.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #define COLOR_NORMAL_FG COLOR_WHITE #define COLOR_NORMAL_BG COLOR_BLUE diff --git a/src/config/config.c b/src/config/config.c index 209336c25..e89b0a9a4 100644 --- a/src/config/config.c +++ b/src/config/config.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> #include <config/console.h> @@ -78,6 +79,9 @@ REQUIRE_OBJECT ( vmconsole ); #ifdef CONSOLE_DEBUGCON REQUIRE_OBJECT ( debugcon ); #endif +#ifdef CONSOLE_SBI +REQUIRE_OBJECT ( sbi_console ); +#endif /* * Drag in all requested network protocols @@ -225,7 +229,10 @@ REQUIRE_OBJECT ( dhcp_cmd ); REQUIRE_OBJECT ( sanboot_cmd ); #endif #ifdef MENU_CMD -REQUIRE_OBJECT ( menu_cmd ); +REQUIRE_OBJECT ( dynui_cmd ); +#endif +#ifdef FORM_CMD +REQUIRE_OBJECT ( dynui_cmd ); #endif #ifdef LOGIN_CMD REQUIRE_OBJECT ( login_cmd ); @@ -263,9 +270,6 @@ REQUIRE_OBJECT ( shell ); #ifdef NSLOOKUP_CMD REQUIRE_OBJECT ( nslookup_cmd ); #endif -#ifdef PCI_CMD -REQUIRE_OBJECT ( pci_cmd ); -#endif #ifdef PARAM_CMD REQUIRE_OBJECT ( param_cmd ); #endif @@ -296,6 +300,12 @@ REQUIRE_OBJECT ( image_mem_cmd ); #ifdef SHIM_CMD REQUIRE_OBJECT ( shim_cmd ); #endif +#ifdef IMAGE_CRYPT_CMD +REQUIRE_OBJECT ( image_crypt_cmd ); +#endif +#ifdef FDT_CMD +REQUIRE_OBJECT ( fdt_cmd ); +#endif /* * Drag in miscellaneous objects @@ -340,9 +350,6 @@ REQUIRE_OBJECT ( efi_bofm ); /* * Drag in relevant settings sources */ -#ifdef PCI_SETTINGS -REQUIRE_OBJECT ( pci_settings ); -#endif #ifdef VMWARE_SETTINGS REQUIRE_OBJECT ( guestinfo ); #endif diff --git a/src/config/config_archive.c b/src/config/config_archive.c index 746fc7e44..71c883dcc 100644 --- a/src/config/config_archive.c +++ b/src/config/config_archive.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> diff --git a/src/config/config_asn1.c b/src/config/config_asn1.c index c4419d04d..ad3e95b96 100644 --- a/src/config/config_asn1.c +++ b/src/config/config_asn1.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> @@ -37,3 +38,6 @@ REQUIRE_OBJECT ( der ); #ifdef IMAGE_PEM REQUIRE_OBJECT ( pem ); #endif +#ifdef IMAGE_EFISIG +REQUIRE_OBJECT ( efi_siglist ); +#endif diff --git a/src/config/config_certs.c b/src/config/config_certs.c new file mode 100644 index 000000000..ad5a2f708 --- /dev/null +++ b/src/config/config_certs.c @@ -0,0 +1,37 @@ +/* + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <config/general.h> + +/** @file + * + * Certificate source configuration + * + */ + +PROVIDE_REQUIRING_SYMBOL(); + +#ifdef CERTS_EFI +REQUIRE_OBJECT ( efi_cacert ); +#endif diff --git a/src/config/config_crypto.c b/src/config/config_crypto.c index 5211224ab..724b95d02 100644 --- a/src/config/config_crypto.c +++ b/src/config/config_crypto.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/crypto.h> @@ -88,6 +89,26 @@ REQUIRE_OBJECT ( oid_sha512_256 ); REQUIRE_OBJECT ( oid_x25519 ); #endif +/* P-256 */ +#if defined ( CRYPTO_CURVE_P256 ) +REQUIRE_OBJECT ( oid_p256 ); +#endif + +/* P-384 */ +#if defined ( CRYPTO_CURVE_P384 ) +REQUIRE_OBJECT ( oid_p384 ); +#endif + +/* AES-CBC */ +#if defined ( CRYPTO_CIPHER_AES_CBC ) +REQUIRE_OBJECT ( oid_aes_cbc ); +#endif + +/* AES-GCM */ +#if defined ( CRYPTO_CIPHER_AES_GCM ) +REQUIRE_OBJECT ( oid_aes_gcm ); +#endif + /* RSA and MD5 */ #if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_DIGEST_MD5 ) REQUIRE_OBJECT ( rsa_md5 ); @@ -195,3 +216,53 @@ REQUIRE_OBJECT ( ecdhe_rsa_aes_gcm_sha256 ); defined ( CRYPTO_CIPHER_AES_GCM ) && defined ( CRYPTO_DIGEST_SHA384 ) REQUIRE_OBJECT ( ecdhe_rsa_aes_gcm_sha384 ); #endif + +/* ECDSA and SHA-224 */ +#if defined ( CRYPTO_PUBKEY_ECDSA ) && defined ( CRYPTO_DIGEST_SHA224 ) +REQUIRE_OBJECT ( ecdsa_sha224 ); +#endif + +/* ECDSA and SHA-256 */ +#if defined ( CRYPTO_PUBKEY_ECDSA ) && defined ( CRYPTO_DIGEST_SHA256 ) +REQUIRE_OBJECT ( ecdsa_sha256 ); +#endif + +/* ECDSA and SHA-384 */ +#if defined ( CRYPTO_PUBKEY_ECDSA ) && defined ( CRYPTO_DIGEST_SHA384 ) +REQUIRE_OBJECT ( ecdsa_sha384 ); +#endif + +/* ECDSA and SHA-512 */ +#if defined ( CRYPTO_PUBKEY_ECDSA ) && defined ( CRYPTO_DIGEST_SHA512 ) +REQUIRE_OBJECT ( ecdsa_sha512 ); +#endif + +/* ECDHE, ECDSA, AES-CBC, and SHA-1 */ +#if defined ( CRYPTO_EXCHANGE_ECDHE ) && defined ( CRYPTO_PUBKEY_ECDSA ) && \ + defined ( CRYPTO_CIPHER_AES_CBC ) && defined ( CRYPTO_DIGEST_SHA1 ) +REQUIRE_OBJECT ( ecdhe_ecdsa_aes_cbc_sha1 ); +#endif + +/* ECDHE, ECDSA, AES-CBC, and SHA-256 */ +#if defined ( CRYPTO_EXCHANGE_ECDHE ) && defined ( CRYPTO_PUBKEY_ECDSA ) && \ + defined ( CRYPTO_CIPHER_AES_CBC ) && defined ( CRYPTO_DIGEST_SHA256 ) +REQUIRE_OBJECT ( ecdhe_ecdsa_aes_cbc_sha256 ); +#endif + +/* ECDHE, ECDSA, AES-CBC, and SHA-384 */ +#if defined ( CRYPTO_EXCHANGE_ECDHE ) && defined ( CRYPTO_PUBKEY_ECDSA ) && \ + defined ( CRYPTO_CIPHER_AES_CBC ) && defined ( CRYPTO_DIGEST_SHA384 ) +REQUIRE_OBJECT ( ecdhe_ecdsa_aes_cbc_sha384 ); +#endif + +/* ECDHE, ECDSA, AES-GCM, and SHA-256 */ +#if defined ( CRYPTO_EXCHANGE_ECDHE ) && defined ( CRYPTO_PUBKEY_ECDSA ) && \ + defined ( CRYPTO_CIPHER_AES_GCM ) && defined ( CRYPTO_DIGEST_SHA256 ) +REQUIRE_OBJECT ( ecdhe_ecdsa_aes_gcm_sha256 ); +#endif + +/* ECDHE, ECDSA, AES-GCM, and SHA-384 */ +#if defined ( CRYPTO_EXCHANGE_ECDHE ) && defined ( CRYPTO_PUBKEY_ECDSA ) && \ + defined ( CRYPTO_CIPHER_AES_GCM ) && defined ( CRYPTO_DIGEST_SHA384 ) +REQUIRE_OBJECT ( ecdhe_ecdsa_aes_gcm_sha384 ); +#endif diff --git a/src/config/config_digest_cmd.c b/src/config/config_digest_cmd.c new file mode 100644 index 000000000..1c4d8dca1 --- /dev/null +++ b/src/config/config_digest_cmd.c @@ -0,0 +1,62 @@ +/* + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <config/crypto.h> + +/** @file + * + * Digest command configuration + * + */ + +PROVIDE_REQUIRING_SYMBOL(); + +/* MD4 */ +#if defined ( CRYPTO_DIGEST_MD4 ) +REQUIRE_OBJECT ( cmd_md4 ); +#endif + +/* MD5 is present by default for historical reasons */ + +/* SHA-1 is present by default for historical reasons */ + +/* SHA-224 */ +#if defined ( CRYPTO_DIGEST_SHA224 ) +REQUIRE_OBJECT ( cmd_sha224 ); +#endif + +/* SHA-256 */ +#if defined ( CRYPTO_DIGEST_SHA256 ) +REQUIRE_OBJECT ( cmd_sha256 ); +#endif + +/* SHA-384 */ +#if defined ( CRYPTO_DIGEST_SHA384 ) +REQUIRE_OBJECT ( cmd_sha384 ); +#endif + +/* SHA-512 */ +#if defined ( CRYPTO_DIGEST_SHA512 ) +REQUIRE_OBJECT ( cmd_sha512 ); +#endif diff --git a/src/config/config_eap.c b/src/config/config_eap.c index e18c48cae..0c9b7b687 100644 --- a/src/config/config_eap.c +++ b/src/config/config_eap.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> diff --git a/src/config/config_efi.c b/src/config/config_efi.c index 29bd14cb5..52bfce839 100644 --- a/src/config/config_efi.c +++ b/src/config/config_efi.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> #include <config/console.h> diff --git a/src/config/config_entropy.c b/src/config/config_entropy.c index 9f12f1fa3..494b19f20 100644 --- a/src/config/config_entropy.c +++ b/src/config/config_entropy.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/entropy.h> @@ -49,3 +50,6 @@ REQUIRE_OBJECT ( linux_entropy ); #ifdef ENTROPY_RDRAND REQUIRE_OBJECT ( rdrand ); #endif +#ifdef ENTROPY_ZKR +REQUIRE_OBJECT ( zkr ); +#endif diff --git a/src/config/config_ethernet.c b/src/config/config_ethernet.c index c1b35bfe6..03ed371a7 100644 --- a/src/config/config_ethernet.c +++ b/src/config/config_ethernet.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> diff --git a/src/config/config_fc.c b/src/config/config_fc.c index 33fc9462a..3aea9b080 100644 --- a/src/config/config_fc.c +++ b/src/config/config_fc.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> diff --git a/src/config/config_fdt.c b/src/config/config_fdt.c index e8d425933..a6fb6f332 100644 --- a/src/config/config_fdt.c +++ b/src/config/config_fdt.c @@ -22,6 +22,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/fdt.h> diff --git a/src/config/config_http.c b/src/config/config_http.c index 4373ea2c0..ee0643c91 100644 --- a/src/config/config_http.c +++ b/src/config/config_http.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> diff --git a/src/config/config_infiniband.c b/src/config/config_infiniband.c index 4da8fe219..9e0826169 100644 --- a/src/config/config_infiniband.c +++ b/src/config/config_infiniband.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> diff --git a/src/config/config_pcbios.c b/src/config/config_pcbios.c index 698c68a8d..c8a7e708b 100644 --- a/src/config/config_pcbios.c +++ b/src/config/config_pcbios.c @@ -22,6 +22,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <config/console.h> +#include <config/general.h> /** @file * @@ -48,3 +49,13 @@ REQUIRE_OBJECT ( vesafb ); #ifdef CONSOLE_INT13 REQUIRE_OBJECT ( int13con ); #endif + +/* + * Drag in all requested image types + * + */ + +/* Allow IMAGE_LKRN to be a synonynm for IMAGE_BZIMAGE */ +#ifdef IMAGE_LKRN +REQUIRE_OBJECT ( bzimage ); +#endif diff --git a/src/config/config_pci.c b/src/config/config_pci.c new file mode 100644 index 000000000..dc5073ef6 --- /dev/null +++ b/src/config/config_pci.c @@ -0,0 +1,55 @@ +/* + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <config/general.h> +#include <config/settings.h> +#include <config/ioapi.h> + +/** @file + * + * PCI configuration options + * + */ + +PROVIDE_REQUIRING_SYMBOL(); + +#ifdef PCI_CMD +REQUIRE_OBJECT ( pci_cmd ); +#endif +#ifdef PCI_SETTINGS +REQUIRE_OBJECT ( pci_settings ); +#endif + +#ifdef PCIAPI_RUNTIME_ECAM +REQUIRE_OBJECT ( ecam ); +#endif +#ifdef PCIAPI_RUNTIME_PCBIOS +REQUIRE_OBJECT ( pcibios ); +#endif +#ifdef PCIAPI_RUNTIME_DIRECT +REQUIRE_OBJECT ( pcidirect ); +#endif +#ifdef PCIAPI_RUNTIME_EFI +REQUIRE_OBJECT ( efi_pci ); +#endif diff --git a/src/config/config_pixbuf.c b/src/config/config_pixbuf.c index f8ff59daf..b2dbd869a 100644 --- a/src/config/config_pixbuf.c +++ b/src/config/config_pixbuf.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> diff --git a/src/config/config_route.c b/src/config/config_route.c index c0b4ee91d..59d8f3550 100644 --- a/src/config/config_route.c +++ b/src/config/config_route.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/general.h> diff --git a/src/config/config_sbi.c b/src/config/config_sbi.c new file mode 100644 index 000000000..901f5d3ab --- /dev/null +++ b/src/config/config_sbi.c @@ -0,0 +1,41 @@ +/* + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <config/general.h> + +/** @file + * + * SBI-specific configuration options + * + */ + +PROVIDE_REQUIRING_SYMBOL(); + +/* + * Drag in all requested image types + * + */ + +#ifdef IMAGE_LKRN +REQUIRE_OBJECT ( lkrn ); +#endif diff --git a/src/config/config_timer.c b/src/config/config_timer.c index d53c39939..12b806129 100644 --- a/src/config/config_timer.c +++ b/src/config/config_timer.c @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/timer.h> @@ -49,3 +50,6 @@ REQUIRE_OBJECT ( linux_timer ); #ifdef TIMER_ACPI REQUIRE_OBJECT ( acpi_timer ); #endif +#ifdef TIMER_ZICNTR +REQUIRE_OBJECT ( zicntr ); +#endif diff --git a/src/config/config_usb.c b/src/config/config_usb.c index b679aeb27..2d88944bd 100644 --- a/src/config/config_usb.c +++ b/src/config/config_usb.c @@ -20,8 +20,11 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); +#include <config/general.h> #include <config/usb.h> +#include <config/settings.h> /** @file * @@ -63,3 +66,17 @@ REQUIRE_OBJECT ( usbblk ); #ifdef USB_EFI REQUIRE_OBJECT ( efi_usb ); #endif + +/* + * Drag in USB settings mechanism + */ +#ifdef USB_SETTINGS +REQUIRE_OBJECT ( usb_settings ); +#endif + +/* + * Drag in USB commands + */ +#ifdef USB_CMD +REQUIRE_OBJECT ( usb_cmd ); +#endif diff --git a/src/config/console.h b/src/config/console.h index 9f770d094..8132e8644 100644 --- a/src/config/console.h +++ b/src/config/console.h @@ -11,55 +11,88 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> -/* - * Default console types +/***************************************************************************** * - * These are all enabled by default for the appropriate platforms. - * You may disable them if needed. + * Console types * */ -//#undef CONSOLE_PCBIOS /* Default BIOS console */ -//#undef CONSOLE_EFI /* Default EFI console */ -//#undef CONSOLE_LINUX /* Default Linux console */ +/* Console types supported on all platforms */ +#define CONSOLE_FRAMEBUFFER /* Graphical framebuffer console */ +#define CONSOLE_SYSLOG /* Syslog console */ +#define CONSOLE_SYSLOGS /* Encrypted syslog console */ -/* - * Additional console types - * - * These are not enabled by default, but may be useful in your - * environment. - * - */ +/* Console types supported only on systems with serial ports */ +#if ! defined ( SERIAL_NULL ) + //#define CONSOLE_SERIAL /* Serial port console */ +#endif + +/* Console types supported only on BIOS platforms */ +#if defined ( PLATFORM_pcbios ) + //#define CONSOLE_INT13 /* INT13 disk log console */ + #define CONSOLE_PCBIOS /* Default BIOS console */ +#endif + +/* Console types supported only on EFI platforms */ +#if defined ( PLATFORM_efi ) + #define CONSOLE_EFI /* Default EFI console */ +#endif + +/* Console types supported only on RISC-V SBI platforms */ +#if defined ( PLATFORM_sbi ) + #define CONSOLE_SBI /* RISC-V SBI debug console */ +#endif + +/* Console types supported only on Linux platforms */ +#if defined ( PLATFORM_linux ) + #define CONSOLE_LINUX /* Default Linux console */ +#endif -//#define CONSOLE_SERIAL /* Serial port console */ -//#define CONSOLE_FRAMEBUFFER /* Graphical framebuffer console */ -//#define CONSOLE_SYSLOG /* Syslog console */ -//#define CONSOLE_SYSLOGS /* Encrypted syslog console */ -//#define CONSOLE_VMWARE /* VMware logfile console */ -//#define CONSOLE_DEBUGCON /* Bochs/QEMU/KVM debug port console */ -//#define CONSOLE_INT13 /* INT13 disk log console */ +/* Console types supported only on x86 CPUs */ +#if defined ( __i386__ ) || defined ( __x86_64__ ) + //#define CONSOLE_DEBUGCON /* Bochs/QEMU/KVM debug port console */ + //#define CONSOLE_DIRECT_VGA /* Direct access to VGA card */ + //#define CONSOLE_PC_KBD /* Direct access to PC keyboard */ + //#define CONSOLE_VMWARE /* VMware logfile console */ +#endif -/* - * Very obscure console types +/* Enable serial console on platforms that are typically headless */ +#if defined ( CONSOLE_SBI ) + #define CONSOLE_SERIAL +#endif + +/* Disable console types not historically included in BIOS builds */ +#if defined ( PLATFORM_pcbios ) + #undef CONSOLE_FRAMEBUFFER + #undef CONSOLE_SYSLOG + #undef CONSOLE_SYSLOGS +#endif + +/***************************************************************************** * - * You almost certainly do not need to enable these. + * Keyboard maps + * + * See hci/keymap/keymap_*.c for available keyboard maps. * */ -//#define CONSOLE_DIRECT_VGA /* Direct access to VGA card */ -//#define CONSOLE_PC_KBD /* Direct access to PC keyboard */ - -/* Keyboard map (available maps in hci/keymap/) */ -#define KEYBOARD_MAP us +#define KEYBOARD_MAP us /* Default US keyboard map */ +//#define KEYBOARD_MAP dynamic /* Runtime selectable keyboard map */ -/* Control which syslog() messages are generated. +/***************************************************************************** + * + * Log levels + * + * Control which syslog() messages are generated. Note that this is + * not related in any way to CONSOLE_SYSLOG. * - * Note that this is not related in any way to CONSOLE_SYSLOG. */ -#define LOG_LEVEL LOG_NONE + +#define LOG_LEVEL LOG_NONE #include <config/named.h> #include NAMED_CONFIG(console.h) diff --git a/src/config/crypto.h b/src/config/crypto.h index 589c4f0da..e28ba2777 100644 --- a/src/config/crypto.h +++ b/src/config/crypto.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** Minimum TLS version */ #define TLS_VERSION_MIN TLS_VERSION_TLS_1_1 @@ -24,6 +25,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** RSA public-key algorithm */ #define CRYPTO_PUBKEY_RSA +/** ECDSA public-key algorithm */ +#define CRYPTO_PUBKEY_ECDSA + /** AES-CBC block cipher */ #define CRYPTO_CIPHER_AES_CBC @@ -60,6 +64,12 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** X25519 elliptic curve */ #define CRYPTO_CURVE_X25519 +/** P-256 elliptic curve */ +#define CRYPTO_CURVE_P256 + +/** P-384 elliptic curve */ +#define CRYPTO_CURVE_P384 + /** Margin of error (in seconds) allowed in signed timestamps * * We default to allowing a reasonable margin of error: 12 hours to diff --git a/src/config/defaults.h b/src/config/defaults.h index 32d6dbcce..767b67fdf 100644 --- a/src/config/defaults.h +++ b/src/config/defaults.h @@ -2,6 +2,7 @@ #define CONFIG_DEFAULTS_H FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #define CONFIG_DEFAULTS(_platform) <config/defaults/_platform.h> diff --git a/src/config/defaults/efi.h b/src/config/defaults/efi.h index b62ddb46a..baacae4f9 100644 --- a/src/config/defaults/efi.h +++ b/src/config/defaults/efi.h @@ -8,14 +8,15 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); -#define UACCESS_EFI +#define UACCESS_FLAT #define IOMAP_VIRT #define PCIAPI_EFI #define DMAAPI_OP -#define CONSOLE_EFI #define TIMER_EFI #define UMALLOC_EFI +#define MEMMAP_NULL #define SMBIOS_EFI #define SANBOOT_EFI #define BOFM_EFI @@ -24,53 +25,30 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define TIME_EFI #define REBOOT_EFI #define ACPI_EFI -#define FDT_EFI #define MPAPI_EFI - -#define NET_PROTO_IPV6 /* IPv6 protocol */ -#define NET_PROTO_LLDP /* Link Layer Discovery protocol */ - -#define DOWNLOAD_PROTO_FILE /* Local filesystem access */ - -#define IMAGE_EFI /* EFI image support */ -#define IMAGE_SCRIPT /* iPXE script image support */ - -#define SANBOOT_PROTO_ISCSI /* iSCSI protocol */ -#define SANBOOT_PROTO_AOE /* AoE protocol */ -#define SANBOOT_PROTO_IB_SRP /* Infiniband SCSI RDMA protocol */ -#define SANBOOT_PROTO_FCP /* Fibre Channel protocol */ -#define SANBOOT_PROTO_HTTP /* HTTP SAN protocol */ - -#define USB_HCD_XHCI /* xHCI USB host controller */ -#define USB_HCD_EHCI /* EHCI USB host controller */ -#define USB_HCD_UHCI /* UHCI USB host controller */ -#define USB_EFI /* Provide EFI_USB_IO_PROTOCOL interface */ -#define USB_BLOCK /* USB block devices */ - -#define REBOOT_CMD /* Reboot command */ - -#define EFI_SETTINGS /* EFI variable settings */ +#define NAP_EFI +#define SERIAL_SPCR #if defined ( __i386__ ) || defined ( __x86_64__ ) #define IOAPI_X86 -#define NAP_EFIX86 #define ENTROPY_RDRAND -#define CPUID_CMD /* x86 CPU feature detection command */ #define UNSAFE_STD /* Avoid setting direction flag */ +#define FDT_NULL #endif #if defined ( __arm__ ) || defined ( __aarch64__ ) #define IOAPI_ARM -#define NAP_EFIARM -#endif - -#if defined ( __aarch64__ ) -#define IMAGE_GZIP /* GZIP image support */ +#define FDT_EFI #endif #if defined ( __loongarch__ ) #define IOAPI_LOONG64 -#define NAP_EFILOONG64 +#define FDT_EFI +#endif + +#if defined ( __riscv ) +#define IOAPI_RISCV +#define FDT_EFI #endif #endif /* CONFIG_DEFAULTS_EFI_H */ diff --git a/src/config/defaults/linux.h b/src/config/defaults/linux.h index fae144b3d..9d8b217d3 100644 --- a/src/config/defaults/linux.h +++ b/src/config/defaults/linux.h @@ -9,10 +9,10 @@ FILE_LICENCE ( GPL2_OR_LATER ); -#define CONSOLE_LINUX #define TIMER_LINUX #define UACCESS_LINUX #define UMALLOC_LINUX +#define MEMMAP_NULL #define NAP_LINUX #define SMBIOS_LINUX #define SANBOOT_DUMMY @@ -23,17 +23,11 @@ FILE_LICENCE ( GPL2_OR_LATER ); #define DMAAPI_FLAT #define ACPI_LINUX #define MPAPI_NULL +#define SERIAL_NULL +#define FDT_NULL #define DRIVERS_LINUX -#define IMAGE_SCRIPT - -#define SANBOOT_PROTO_ISCSI -#define SANBOOT_PROTO_AOE -#define SANBOOT_PROTO_IB_SRP -#define SANBOOT_PROTO_FCP -#define SANBOOT_PROTO_HTTP - #if defined ( __i386__ ) || defined ( __x86_64__ ) #define ENTROPY_RDRAND #endif diff --git a/src/config/defaults/pcbios.h b/src/config/defaults/pcbios.h index fa12a1005..c4d3f7527 100644 --- a/src/config/defaults/pcbios.h +++ b/src/config/defaults/pcbios.h @@ -9,14 +9,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); -#define UACCESS_LIBRM +#define UACCESS_OFFSET #define IOAPI_X86 #define PCIAPI_PCBIOS #define DMAAPI_FLAT #define TIMER_PCBIOS -#define CONSOLE_PCBIOS #define NAP_PCBIOS -#define UMALLOC_MEMTOP +#define UMALLOC_UHEAP +#define MEMMAP_INT15 #define SMBIOS_PCBIOS #define SANBOOT_PCBIOS #define ENTROPY_RTC @@ -25,6 +25,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define REBOOT_PCBIOS #define ACPI_RSDP #define MPAPI_PCBIOS +#define SERIAL_SPCR +#define FDT_NULL #ifdef __x86_64__ #define IOMAP_PAGES @@ -32,28 +34,4 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define IOMAP_VIRT #endif -#define IMAGE_ELF /* ELF image support */ -#define IMAGE_MULTIBOOT /* MultiBoot image support */ -#define IMAGE_PXE /* PXE image support */ -#define IMAGE_SCRIPT /* iPXE script image support */ -#define IMAGE_BZIMAGE /* Linux bzImage image support */ - -#define PXE_STACK /* PXE stack in iPXE - required for PXELINUX */ -#define PXE_MENU /* PXE menu booting */ - -#define SANBOOT_PROTO_ISCSI /* iSCSI protocol */ -#define SANBOOT_PROTO_AOE /* AoE protocol */ -#define SANBOOT_PROTO_IB_SRP /* Infiniband SCSI RDMA protocol */ -#define SANBOOT_PROTO_FCP /* Fibre Channel protocol */ -#define SANBOOT_PROTO_HTTP /* HTTP SAN protocol */ - -#define USB_HCD_XHCI /* xHCI USB host controller */ -#define USB_HCD_EHCI /* EHCI USB host controller */ -#define USB_HCD_UHCI /* UHCI USB host controller */ -#define USB_KEYBOARD /* USB keyboards */ -#define USB_BLOCK /* USB block devices */ - -#define REBOOT_CMD /* Reboot command */ -#define CPUID_CMD /* x86 CPU feature detection command */ - #endif /* CONFIG_DEFAULTS_PCBIOS_H */ diff --git a/src/config/defaults/sbi.h b/src/config/defaults/sbi.h new file mode 100644 index 000000000..f9361c926 --- /dev/null +++ b/src/config/defaults/sbi.h @@ -0,0 +1,39 @@ +#ifndef CONFIG_DEFAULTS_SBI_H +#define CONFIG_DEFAULTS_SBI_H + +/** @file + * + * Configuration defaults for RISC-V SBI + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#define IOAPI_RISCV +#define UACCESS_OFFSET +#define TIMER_ZICNTR +#define ENTROPY_ZKR + +#if __riscv_xlen == 64 +#define IOMAP_SVPAGE +#define DMAAPI_RISCV +#else +#define IOMAP_VIRT +#define DMAAPI_FLAT +#endif + +#define FDT_SBI +#define REBOOT_SBI +#define UMALLOC_UHEAP +#define MEMMAP_FDT +#define SERIAL_FDT + +#define ACPI_NULL +#define MPAPI_NULL +#define NAP_NULL +#define PCIAPI_NULL +#define SANBOOT_NULL +#define SMBIOS_NULL +#define TIME_NULL + +#endif /* CONFIG_DEFAULTS_SBI_H */ diff --git a/src/config/dhcp.h b/src/config/dhcp.h index adfa74a15..65180c38c 100644 --- a/src/config/dhcp.h +++ b/src/config/dhcp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/entropy.h b/src/config/entropy.h index c79060fd5..db180c61a 100644 --- a/src/config/entropy.h +++ b/src/config/entropy.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/fault.h b/src/config/fault.h index 5024a8ff3..ab5503fa2 100644 --- a/src/config/fault.h +++ b/src/config/fault.h @@ -8,12 +8,16 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> /* Drop every N transmitted or received network packets */ #define NETDEV_DISCARD_RATE 0 +/* Delay transmissions to neighbour-resolved destinations (in ms) */ +#define NEIGHBOUR_DELAY_MS 0 + /* Drop every N transmitted or received PeerDist discovery packets */ #define PEERDISC_DISCARD_RATE 0 @@ -29,6 +33,12 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /* Corrupt every N received PeerDist packets */ #define PEERBLK_CORRUPT_RATE 0 +/* Experience virtual machine migration on every N watchdog checks */ +#define VM_MIGRATED_RATE 0 + +/* Poison .bss section before early execution */ +#define POISON_BSS 0 + #include <config/local/fault.h> #endif /* CONFIG_FAULT_H */ diff --git a/src/config/fdt.h b/src/config/fdt.h index 4d13e0535..7f3d39768 100644 --- a/src/config/fdt.h +++ b/src/config/fdt.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/general.h b/src/config/general.h index 6525834e0..8c35601af 100644 --- a/src/config/general.h +++ b/src/config/general.h @@ -8,210 +8,304 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> -/* - * Banner timeout configuration +/***************************************************************************** * - * This controls the timeout for the "Press Ctrl-B for the iPXE - * command line" banner displayed when iPXE starts up. The value is - * specified in tenths of a second for which the banner should appear. - * A value of 0 disables the banner. - * - * ROM_BANNER_TIMEOUT controls the "Press Ctrl-B to configure iPXE" - * banner displayed only by ROM builds of iPXE during POST. This - * defaults to being twice the length of BANNER_TIMEOUT, to allow for - * BIOSes that switch video modes immediately before calling the - * initialisation vector, thus rendering the banner almost invisible - * to the user. - */ -#define BANNER_TIMEOUT 20 -#define ROM_BANNER_TIMEOUT ( 2 * BANNER_TIMEOUT ) - -/* * Network protocols * */ -#define NET_PROTO_IPV4 /* IPv4 protocol */ -//#define NET_PROTO_IPV6 /* IPv6 protocol */ -#undef NET_PROTO_FCOE /* Fibre Channel over Ethernet protocol */ -#define NET_PROTO_STP /* Spanning Tree protocol */ -#define NET_PROTO_LACP /* Link Aggregation control protocol */ -#define NET_PROTO_EAPOL /* EAP over LAN protocol */ -//#define NET_PROTO_LLDP /* Link Layer Discovery protocol */ +/* Protocols supported on all platforms */ +#define NET_PROTO_EAPOL /* EAP over LAN protocol */ +//#define NET_PROTO_FCOE /* Fibre Channel over Ethernet protocol */ +#define NET_PROTO_IPV4 /* IPv4 protocol */ +#define NET_PROTO_IPV6 /* IPv6 protocol */ +#define NET_PROTO_LACP /* Link Aggregation control protocol */ +#define NET_PROTO_LLDP /* Link Layer Discovery protocol */ +#define NET_PROTO_STP /* Spanning Tree protocol */ -/* - * PXE support - * - */ -//#undef PXE_STACK /* PXE stack in iPXE - you want this! */ -//#undef PXE_MENU /* PXE menu booting */ +/* Disable protocols not historically included in BIOS builds */ +#if defined ( PLATFORM_pcbios ) + #undef NET_PROTO_IPV6 + #undef NET_PROTO_LLDP +#endif -/* +/***************************************************************************** + * * Download protocols * */ -#define DOWNLOAD_PROTO_TFTP /* Trivial File Transfer Protocol */ -#define DOWNLOAD_PROTO_HTTP /* Hypertext Transfer Protocol */ -#undef DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */ -#undef DOWNLOAD_PROTO_FTP /* File Transfer Protocol */ -#undef DOWNLOAD_PROTO_SLAM /* Scalable Local Area Multicast */ -#undef DOWNLOAD_PROTO_NFS /* Network File System Protocol */ -//#undef DOWNLOAD_PROTO_FILE /* Local filesystem access */ - -/* - * SAN boot protocols - * - */ +/* Protocols supported on all platforms */ +#define DOWNLOAD_PROTO_TFTP /* Trivial File Transfer Protocol */ +#define DOWNLOAD_PROTO_HTTP /* Hypertext Transfer Protocol */ +#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */ +//#define DOWNLOAD_PROTO_FTP /* File Transfer Protocol */ +//#define DOWNLOAD_PROTO_SLAM /* Scalable Local Area Multicast */ +//#define DOWNLOAD_PROTO_NFS /* Network File System Protocol */ -//#undef SANBOOT_PROTO_ISCSI /* iSCSI protocol */ -//#undef SANBOOT_PROTO_AOE /* AoE protocol */ -//#undef SANBOOT_PROTO_IB_SRP /* Infiniband SCSI RDMA protocol */ -//#undef SANBOOT_PROTO_FCP /* Fibre Channel protocol */ -//#undef SANBOOT_PROTO_HTTP /* HTTP SAN protocol */ +/* Protocols supported only on platforms with filesystem abstractions */ +#if defined ( PLATFORM_efi ) + #define DOWNLOAD_PROTO_FILE /* Local filesystem access */ +#endif -/* - * HTTP extensions - * - */ +/* HTTP(S) protocol extensions */ #define HTTP_AUTH_BASIC /* Basic authentication */ #define HTTP_AUTH_DIGEST /* Digest authentication */ -//#define HTTP_AUTH_NTLM /* NTLM authentication */ +#define HTTP_AUTH_NTLM /* NTLM authentication */ //#define HTTP_ENC_PEERDIST /* PeerDist content encoding */ //#define HTTP_HACK_GCE /* Google Compute Engine hacks */ -/* - * 802.11 cryptosystems and handshaking protocols - * - */ -#define CRYPTO_80211_WEP /* WEP encryption (deprecated and insecure!) */ -#define CRYPTO_80211_WPA /* WPA Personal, authenticating with passphrase */ -#define CRYPTO_80211_WPA2 /* Add support for stronger WPA cryptography */ +/* Disable protocols not historically included in BIOS builds */ +#if defined ( PLATFORM_pcbios ) + #undef DOWNLOAD_PROTO_HTTPS + #undef HTTP_AUTH_NTLM +#endif -/* - * 802.1x EAP authentication methods +/***************************************************************************** * - */ -#define EAP_METHOD_MD5 /* MD5-Challenge port authentication */ -//#define EAP_METHOD_MSCHAPV2 /* MS-CHAPv2 port authentication */ - -/* - * Name resolution modules + * SAN boot protocols * */ -#define DNS_RESOLVER /* DNS resolver */ +/* Protocols supported on all platforms with SAN boot abstractions */ +#if ! defined ( SANBOOT_NULL ) + #define SANBOOT_PROTO_AOE /* AoE protocol */ + #define SANBOOT_PROTO_FCP /* Fibre Channel protocol */ + #define SANBOOT_PROTO_HTTP /* HTTP SAN protocol */ + #define SANBOOT_PROTO_IB_SRP /* Infiniband SCSI RDMA protocol */ + #define SANBOOT_PROTO_ISCSI /* iSCSI protocol */ +#endif -/* - * Image types +/***************************************************************************** * - * Etherboot supports various image formats. Select whichever ones - * you want to use. + * Command-line and script commands * */ -//#define IMAGE_NBI /* NBI image support */ -//#define IMAGE_ELF /* ELF image support */ -//#define IMAGE_MULTIBOOT /* MultiBoot image support */ -//#define IMAGE_PXE /* PXE image support */ -//#define IMAGE_SCRIPT /* iPXE script image support */ -//#define IMAGE_BZIMAGE /* Linux bzImage image support */ -//#define IMAGE_COMBOOT /* SYSLINUX COMBOOT image support */ -//#define IMAGE_EFI /* EFI image support */ -//#define IMAGE_SDI /* SDI image support */ -//#define IMAGE_PNM /* PNM image support */ -#define IMAGE_PNG /* PNG image support */ -#define IMAGE_DER /* DER image support */ -#define IMAGE_PEM /* PEM image support */ -//#define IMAGE_ZLIB /* ZLIB image support */ -//#define IMAGE_GZIP /* GZIP image support */ -//#define IMAGE_UCODE /* Microcode update image support */ - -/* - * Command-line commands to include - * - */ -#define AUTOBOOT_CMD /* Automatic booting */ -#define NVO_CMD /* Non-volatile option storage commands */ -#define CONFIG_CMD /* Option configuration console */ -#define IFMGMT_CMD /* Interface management commands */ -#define IWMGMT_CMD /* Wireless interface management commands */ -#define IBMGMT_CMD /* Infiniband management commands */ + +/* Commands supported on all platforms */ +#define AUTOBOOT_CMD /* Automatic booting */ +#define CERT_CMD /* Certificate management commands */ +#define CONFIG_CMD /* Option configuration console */ +#define CONSOLE_CMD /* Console command */ +#define DIGEST_CMD /* Image crypto digest commands */ +#define DHCP_CMD /* DHCP management commands */ #define FCMGMT_CMD /* Fibre Channel management commands */ -#define ROUTE_CMD /* Routing table management commands */ +#define FORM_CMD /* Form commands */ +#define IBMGMT_CMD /* Infiniband management commands */ +#define IFMGMT_CMD /* Interface management commands */ #define IMAGE_CMD /* Image management commands */ -#define DHCP_CMD /* DHCP management commands */ -#define SANBOOT_CMD /* SAN boot commands */ -#define MENU_CMD /* Menu commands */ +#define IMAGE_ARCHIVE_CMD /* Archive image management commands */ +//#define IMAGE_CRYPT_CMD /* Image encryption management commands */ +//#define IMAGE_MEM_CMD /* Read memory command */ +//#define IMAGE_TRUST_CMD /* Image trust management commands */ +//#define IPSTAT_CMD /* IP statistics commands */ +#define IWMGMT_CMD /* Wireless interface management commands */ #define LOGIN_CMD /* Login command */ -#define SYNC_CMD /* Sync command */ -#define SHELL_CMD /* Shell command */ -//#define NSLOOKUP_CMD /* DNS resolving command */ -//#define TIME_CMD /* Time commands */ -//#define DIGEST_CMD /* Image crypto digest commands */ //#define LOTEST_CMD /* Loopback testing commands */ -//#define VLAN_CMD /* VLAN commands */ -//#define PXE_CMD /* PXE commands */ -//#define REBOOT_CMD /* Reboot command */ -//#define POWEROFF_CMD /* Power off command */ -//#define IMAGE_TRUST_CMD /* Image trust management commands */ -//#define PCI_CMD /* PCI commands */ -//#define PARAM_CMD /* Request parameter commands */ +#define MENU_CMD /* Menu commands */ //#define NEIGHBOUR_CMD /* Neighbour management commands */ +//#define NSLOOKUP_CMD /* DNS resolving command */ +#define NTP_CMD /* NTP commands */ +#define NVO_CMD /* Non-volatile option storage commands */ +#define PARAM_CMD /* Request parameter commands */ +#define PCI_CMD /* PCI commands */ //#define PING_CMD /* Ping command */ -//#define CONSOLE_CMD /* Console command */ -//#define IPSTAT_CMD /* IP statistics commands */ //#define PROFSTAT_CMD /* Profiling commands */ -//#define NTP_CMD /* NTP commands */ -//#define CERT_CMD /* Certificate management commands */ -//#define IMAGE_MEM_CMD /* Read memory command */ -#define IMAGE_ARCHIVE_CMD /* Archive image management commands */ -#define EFIMAP_CMD /* EFI Map command */ +//#define PXE_CMD /* PXE commands */ +#define ROUTE_CMD /* Routing table management commands */ +#define SANBOOT_CMD /* SAN boot commands */ +#define SHELL_CMD /* Shell command */ #define SHIM_CMD /* EFI shim command (or dummy command) */ +#define EFIMAP_CMD /* EFI Map command */ +#define SYNC_CMD /* Sync command */ +//#define TIME_CMD /* Time commands */ +#define USB_CMD /* USB commands */ +#define VLAN_CMD /* VLAN commands */ -/* +/* Commands supported only on systems capable of rebooting */ +#if ! defined ( REBOOT_NULL ) + #define POWEROFF_CMD /* Power off command */ + #define REBOOT_CMD /* Reboot command */ +#endif + +/* Commands supported only on systems that may use FDTs */ +#if ! defined ( FDT_NULL ) + #define FDT_CMD /* Flattened Device Tree commands */ +#endif + +/* Commands supported only on x86 CPUs */ +#if defined ( __i386__ ) || defined ( __x86_64__ ) + #define CPUID_CMD /* x86 CPU feature detection command */ +#endif + +/* Disable commands not historically included in BIOS builds */ +#if defined ( PLATFORM_pcbios ) + #undef CERT_CMD + #undef CONSOLE_CMD + #undef DIGEST_CMD + #undef NTP_CMD + #undef PARAM_CMD + #undef PCI_CMD + #undef USB_CMD + #undef VLAN_CMD +#endif + +/***************************************************************************** + * + * Image types + * + */ + +/* Image types supported on all platforms */ +#define IMAGE_DER /* ASN.1 DER-encoded image support */ +//#define IMAGE_GZIP /* GZIP compressed image support */ +#define IMAGE_PEM /* ASN.1 PEM-encoded image support */ +//#define IMAGE_PNM /* PNM graphical image support */ +#define IMAGE_PNG /* PNG graphical image support */ +#define IMAGE_SCRIPT /* iPXE script image support */ +//#define IMAGE_ZLIB /* ZLIB compressed image support */ + +/* Image types supported only on BIOS platforms */ +#if defined ( PLATFORM_pcbios ) + #define IMAGE_BZIMAGE /* Linux bzImage image support */ + //#define IMAGE_COMBOOT /* SYSLINUX COMBOOT image support */ + #define IMAGE_ELF /* ELF image support */ + #define IMAGE_MULTIBOOT /* MultiBoot image support */ + //#define IMAGE_NBI /* NBI image support */ + #define IMAGE_PXE /* PXE image support */ + //#define IMAGE_SDI /* SDI image support */ +#endif + +/* Image types supported only on EFI platforms */ +#if defined ( PLATFORM_efi ) + #define IMAGE_EFI /* EFI image support */ + #define IMAGE_EFISIG /* EFI signature list image support */ +#endif + +/* Image types supported only on RISC-V SBI platforms */ +#if defined ( PLATFORM_sbi ) + #define IMAGE_LKRN /* Linux kernel image support */ +#endif + +/* Image types supported only on x86 CPUs */ +#if defined ( __i386__ ) || defined ( __x86_64__ ) + //#define IMAGE_UCODE /* Microcode update image support */ +#endif + +/* Enable commonly encountered compressed versions of some image types */ +#if defined ( IMAGE_EFI ) && defined ( __aarch64__ ) + #define IMAGE_GZIP +#endif +#if defined ( IMAGE_LKRN ) && defined ( __riscv ) + #define IMAGE_GZIP +#endif + +/***************************************************************************** + * + * Banner timeout configuration + * + * This controls the timeout for the "Press Ctrl-B for the iPXE + * command line" banner displayed when iPXE starts up. The value is + * specified in tenths of a second for which the banner should appear. + * A value of 0 disables the banner. + * + * ROM_BANNER_TIMEOUT controls the "Press Ctrl-B to configure iPXE" + * banner displayed only by ROM builds of iPXE during POST. This + * defaults to being twice the length of BANNER_TIMEOUT, to allow for + * BIOSes that switch video modes immediately before calling the + * initialisation vector, thus rendering the banner almost invisible + * to the user. + */ + +#define BANNER_TIMEOUT 20 +#define ROM_BANNER_TIMEOUT ( 2 * BANNER_TIMEOUT ) + +/***************************************************************************** + * * ROM-specific options * */ -#undef NONPNP_HOOK_INT19 /* Hook INT19 on non-PnP BIOSes */ -#define AUTOBOOT_ROM_FILTER /* Autoboot only devices matching our ROM */ -/* +#define AUTOBOOT_ROM_FILTER /* Autoboot only devices matching our ROM */ +//#define NONPNP_HOOK_INT19 /* Hook INT19 on non-PnP BIOSes */ + +/***************************************************************************** + * + * PXE support + * + */ + +#if defined ( PLATFORM_pcbios ) + #define PXE_MENU /* PXE menu booting */ + #define PXE_STACK /* PXE stack in iPXE - you want this! */ +#endif + +/***************************************************************************** +* + * Name resolution modules + * + */ + +#define DNS_RESOLVER /* DNS resolver */ + +/***************************************************************************** + * + * Certificate sources + * + */ + +#if defined ( PLATFORM_efi ) + #define CERTS_EFI /* EFI certificate sources */ +#endif + +/***************************************************************************** + * * Virtual network devices * */ + #define VNIC_IPOIB /* Infiniband IPoIB virtual NICs */ //#define VNIC_XSIGO /* Infiniband Xsigo virtual NICs */ -/* - * Error message tables to include +/***************************************************************************** + * + * 802.1x EAP authentication methods + * + */ + +#define EAP_METHOD_MD5 /* MD5-Challenge port authentication */ +//#define EAP_METHOD_MSCHAPV2 /* MS-CHAPv2 port authentication */ + +/***************************************************************************** + * + * 802.11 cryptosystems and handshaking protocols * */ -#undef ERRMSG_80211 /* All 802.11 error descriptions (~3.3kb) */ -/* - * Obscure configuration options +#define CRYPTO_80211_WEP /* WEP encryption (deprecated and insecure!) */ +#define CRYPTO_80211_WPA /* WPA Personal, with passphrase */ +#define CRYPTO_80211_WPA2 /* Add support for stronger WPA cryptography */ + +/***************************************************************************** + * + * Very obscure configuration options * * You probably don't need to touch these. * */ -#undef BUILD_SERIAL /* Include an automatic build serial - * number. Add "bs" to the list of - * make targets. For example: - * "make bin/rtl8139.dsk bs" */ -#undef BUILD_ID /* Include a custom build ID string, - * e.g "test-foo" */ -#undef NULL_TRAP /* Attempt to catch NULL function calls */ -#undef GDBSERIAL /* Remote GDB debugging over serial */ -#undef GDBUDP /* Remote GDB debugging over UDP - * (both may be set) */ +//#define NULL_TRAP /* Attempt to catch NULL function calls */ +//#define GDBSERIAL /* Remote GDB debugging over serial */ +//#define GDBUDP /* Remote GDB debugging over UDP */ //#define EFI_DOWNGRADE_UX /* Downgrade UEFI user experience */ -#define TIVOLI_VMM_WORKAROUND /* Work around the Tivoli VMM's garbling of SSE +#define TIVOLI_VMM_WORKAROUND /* Work around the Tivoli VMM's garbling of SSE * registers when iPXE traps to it due to * privileged instructions */ +//#define ERRMSG_80211 /* All 802.11 error descriptions (~3.3kb) */ #include <config/named.h> #include NAMED_CONFIG(general.h) diff --git a/src/config/ioapi.h b/src/config/ioapi.h index a1498482d..d4ef91f76 100644 --- a/src/config/ioapi.h +++ b/src/config/ioapi.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/isa.h b/src/config/isa.h index e2a05050f..dce9c9b48 100644 --- a/src/config/isa.h +++ b/src/config/isa.h @@ -10,7 +10,7 @@ * */ #undef ISA_PROBE_ADDRS /* e.g. 0x200, 0x300 */ -#undef ISA_PROBE_ONLY /* Do not probe any other addresses */ +#define ISA_PROBE_ONLY /* Do not probe any other addresses */ #include <config/local/isa.h> diff --git a/src/config/named.h b/src/config/named.h index ddde6f0a6..f46524f81 100644 --- a/src/config/named.h +++ b/src/config/named.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /* config/<name>/<header>.h */ #ifdef CONFIG diff --git a/src/config/nap.h b/src/config/nap.h index e4fe97964..55ff64116 100644 --- a/src/config/nap.h +++ b/src/config/nap.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/reboot.h b/src/config/reboot.h index 2d1648e7b..a7f90ead1 100644 --- a/src/config/reboot.h +++ b/src/config/reboot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/sanboot.h b/src/config/sanboot.h index ccc4bda1f..962caec40 100644 --- a/src/config/sanboot.h +++ b/src/config/sanboot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/serial.h b/src/config/serial.h index 27040dc54..a372963aa 100644 --- a/src/config/serial.h +++ b/src/config/serial.h @@ -13,20 +13,28 @@ FILE_LICENCE ( GPL2_OR_LATER ); +#include <config/defaults.h> + #define COMCONSOLE COM1 /* I/O port address */ /* Keep settings from a previous user of the serial port (e.g. lilo or - * LinuxBIOS), ignoring COMSPEED, COMDATA, COMPARITY and COMSTOP. + * LinuxBIOS), ignoring COMSPEED. */ #undef COMPRESERVE #ifndef COMPRESERVE #define COMSPEED 115200 /* Baud rate */ -#define COMDATA 8 /* Data bits */ -#define COMPARITY 0 /* Parity: 0=None, 1=Odd, 2=Even */ -#define COMSTOP 1 /* Stop bits */ #endif +/* Uncomment these to ignore the ACPI SPCR table (if present) */ +//#undef SERIAL_SPCR +//#define SERIAL_FIXED + +/* Early UART configuration (for bare metal prefix debugging only) */ +//#define EARLY_UART_MODEL 8250 +//#define EARLY_UART_REG_BASE 0x10000000 +//#define EARLY_UART_REG_SHIFT 0 + #include <config/named.h> #include NAMED_CONFIG(serial.h) #include <config/local/serial.h> diff --git a/src/config/settings.h b/src/config/settings.h index d7f787d38..3bbe0c9eb 100644 --- a/src/config/settings.h +++ b/src/config/settings.h @@ -8,15 +8,37 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> -#define PCI_SETTINGS /* PCI device settings */ -//#define CPUID_SETTINGS /* CPUID settings */ -//#define MEMMAP_SETTINGS /* Memory map settings */ -//#define VMWARE_SETTINGS /* VMware GuestInfo settings */ -//#define VRAM_SETTINGS /* Video RAM dump settings */ -//#define ACPI_SETTINGS /* ACPI settings */ +/* Settings sources supported on all platforms */ +#define ACPI_SETTINGS /* ACPI settings */ +#define PCI_SETTINGS /* PCI device settings */ +#define USB_SETTINGS /* USB device settings */ + +/* Settings sources supported only on EFI platforms */ +#if defined ( PLATFORM_efi ) + #define EFI_SETTINGS /* EFI variable settings */ +#endif + +/* Settings sources supported only when memory maps are available */ +#if ! defined ( MEMMAP_NULL ) + //#define MEMMAP_SETTINGS /* Memory map settings */ +#endif + +/* Settings sources supported only on x86 CPUs */ +#if defined ( __i386__ ) || defined ( __x86_64__ ) + #define CPUID_SETTINGS /* CPUID settings */ + //#define VMWARE_SETTINGS /* VMware GuestInfo settings */ + //#define VRAM_SETTINGS /* Video RAM dump settings */ +#endif + +/* Disable settings sources not historically included in BIOS builds */ +#if defined ( PLATFORM_pcbios ) + #undef ACPI_SETTINGS + #undef CPUID_SETTINGS +#endif #include <config/named.h> #include NAMED_CONFIG(settings.h) diff --git a/src/config/sideband.h b/src/config/sideband.h index dd704f9bb..039d28df0 100644 --- a/src/config/sideband.h +++ b/src/config/sideband.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); //#define CONFIG_BOFM /* IBM's BladeCenter Open Fabric Manager */ diff --git a/src/config/time.h b/src/config/time.h index 678f6f864..f938f3aa7 100644 --- a/src/config/time.h +++ b/src/config/time.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/timer.h b/src/config/timer.h index 5a54d398c..d2368a13a 100644 --- a/src/config/timer.h +++ b/src/config/timer.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/umalloc.h b/src/config/umalloc.h index 832dd21d1..87fb34527 100644 --- a/src/config/umalloc.h +++ b/src/config/umalloc.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> diff --git a/src/config/usb.h b/src/config/usb.h index 4252ec229..c84f9e195 100644 --- a/src/config/usb.h +++ b/src/config/usb.h @@ -8,30 +8,25 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <config/defaults.h> -/* - * USB host controllers (all enabled by default) - * - */ -//#undef USB_HCD_XHCI /* xHCI USB host controller */ -//#undef USB_HCD_EHCI /* EHCI USB host controller */ -//#undef USB_HCD_UHCI /* UHCI USB host controller */ -//#define USB_HCD_USBIO /* Very slow EFI USB host controller */ - -/* - * USB peripherals - * - */ -//#undef USB_KEYBOARD /* USB keyboards */ -//#undef USB_BLOCK /* USB block devices */ - -/* - * USB external interfaces - * - */ -//#undef USB_EFI /* Provide EFI_USB_IO_PROTOCOL interface */ +/* USB host controllers */ +#define USB_HCD_EHCI /* EHCI USB host controller */ +#define USB_HCD_UHCI /* UHCI USB host controller */ +#define USB_HCD_XHCI /* xHCI USB host controller */ + +/* USB peripherals */ +#define USB_BLOCK /* USB block devices */ +#define USB_KEYBOARD /* USB keyboards */ + +/* USB quirks on EFI platforms */ +#if defined ( PLATFORM_efi ) + #define USB_EFI /* Provide EFI_USB_IO_PROTOCOL interface */ + //#define USB_HCD_USBIO /* Very slow EFI USB pseudo-host controller */ + #undef USB_KEYBOARD /* Use built-in EFI keyboard driver */ +#endif #include <config/named.h> #include NAMED_CONFIG(usb.h) |