## SPDX-License-Identifier: GPL-2.0-only

menu "Verified Boot (verified_boot)"

config VENDORCODE_ELTAN_VBOOT
	bool "Enable Verified Boot"
	depends on !VBOOT
	default n
	select VBOOT_LIB

if VENDORCODE_ELTAN_VBOOT

config VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST
	bool "Enable Signed Manifest"
	depends on VENDORCODE_ELTAN_VBOOT
	default n

config VENDORCODE_ELTAN_VBOOT_USE_SHA512
	bool "SHA512 hashes"
	depends on VENDORCODE_ELTAN_VBOOT
	default n
	help
	  Use SHA512 for the vboot operations, this applies to the digest in
	  the manifest and the manifest digest.

config VENDORCODE_ELTAN_OEM_MANIFEST_LOC
	hex "Manifest Location"
	default 0xFFFFF840

config VENDORCODE_ELTAN_VBOOT_MANIFEST
	string "Verified boot manifest file"
	default "mainboard/\$(MAINBOARD_DIR)/manifest.h"

config VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS
	int "Manifest Items"
	default 13 if INCLUDE_CONFIG_FILE
	default 12

config VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE
	int
	default 64 if VENDORCODE_ELTAN_VBOOT_USE_SHA512
	default 32

config VENDORCODE_ELTAN_VBOOT_KEY_LOCATION
	hex "Verified boot Key Location"
	depends on VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST
	default 0xFFFFF500

config VENDORCODE_ELTAN_VBOOT_KEY_FILE
	string "Verified boot Key File"
	depends on VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST
	default "3rdparty/eltan/verified_boot/Keys/key.vbpubk"

config VENDORCODE_ELTAN_VBOOT_KEY_SIZE
	int
	default 552

endif # VENDORCODE_ELTAN_VBOOT
endmenu # Verified Boot (verified_boot)
