diff mbox series

[isar-cip-core] Kconfig: Make EFI Boot Guard watchdog configurable

Message ID 977d677c-6e58-4698-8953-dd40c97042b0@siemens.com (mailing list archive)
State Accepted
Headers show
Series [isar-cip-core] Kconfig: Make EFI Boot Guard watchdog configurable | expand

Commit Message

Jan Kiszka June 20, 2024, 9:45 p.m. UTC 
From: Jan Kiszka <jan.kiszka@siemens.com>

In order to run the x86 image on hardware that is not (yet) supported by
EFI Boot Guard's watchdog drivers or the adjust the timeout to slow boot
media, add a Kconfig option to tune the value. This prevents having to
patch the code to achieve this.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 Kconfig | 12 ++++++++++++
 1 file changed, 12 insertions(+)
diff mbox series

Patch

diff --git a/Kconfig b/Kconfig
index 9aa05d2f..96f590a0 100644
--- a/Kconfig
+++ b/Kconfig
@@ -225,6 +225,18 @@  config KAS_INCLUDE_FULL_ENCRYPTION
 	string
 	default "kas/opt/encrypt-all.yml" if IMAGE_FULL_ENCRYPTION
 
+config WDOG_TIMEOUT
+	int "EFI Boot Guard watchdog timeout in seconds"
+	default 60
+	range 0 65535
+	depends on TARGET_QEMU_AMD64 || TARGET_X86_UEFI
+	help
+	  Timeout in seconds that EFI Boot Guard should set during boot. It
+	  needs to be large enough so that systemd can take over the watchdog,
+	  continuing to drive it via Linux.
+
+	  Set to 0 for disabling the watchdog in case hardware lacks support.
+
 endif
 
 endif