Kconfig: Add Kconfig for signed secure blobs
Adds QC_SECURE_BOOT_BLOBS to enable inclusion of OEM-signed components for fused Qualcomm hardware. Depends on USE_QC_BLOBS. BUG=b:488573654 TEST=Able to build google/quenbih. Change-Id: Id08d83fc82c9441560b1afaa333b3b7fd5a9bfca Signed-off-by: Subrata Banik <subratabanik@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/91475 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kapil Porwal <kapilporwal@google.com>
This commit is contained in:
Subrata Banik
parent
0a6142dfbe
commit
6de3d04c4e
1 changed files with 19 additions and 0 deletions
19
src/Kconfig
19
src/Kconfig
|
|
@ -360,6 +360,25 @@ config USE_QC_BLOBS
|
|||
mainboards cannot be built and will be hidden from the "Mainboards"
|
||||
section.
|
||||
|
||||
config QC_SECURE_BOOT_BLOBS
|
||||
bool "Enable Qualcomm secure/signed blobs for fused SoCs"
|
||||
depends on USE_QC_BLOBS
|
||||
help
|
||||
This option enables the inclusion of OEM-signed binaries and
|
||||
secure-world components required for booting fused Qualcomm SoCs.
|
||||
|
||||
When enabled, the build system will look for signed versions of
|
||||
QcLib, QC-SEC, and secondary bootloader stages that match the
|
||||
Root of Trust (RoT) fused into the SoC.
|
||||
|
||||
Select this if you are building firmware for production hardware
|
||||
or "fused" development units that enforce OEM signature
|
||||
verification at the hardware level.
|
||||
|
||||
Note: Using this option without the correct signing keys or
|
||||
signed blobs will result in a bricked boot process on fused
|
||||
hardware.
|
||||
|
||||
config COVERAGE
|
||||
bool "Code coverage support"
|
||||
depends on COMPILER_GCC
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue