projects / platform / kernel / u-boot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 21faf4e) | patch
eficonfig: add UEFI Secure Boot Key enrollment interface
authorMasahisa Kojima <masahisa.kojima@linaro.org>
Sun, 20 Nov 2022 00:21:18 +0000 (09:21 +0900)
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tue, 22 Nov 2022 11:00:45 +0000 (12:00 +0100)
commitc3b5af63d1cb9bf5ebcfe04c1fe9880edb62bcac
tree489cb2bcab10628bdd178e3880133ec87c26763etree | snapshot
parent21faf4ef67d29fca2f1ecc64350ba63e45481e37commit | diff
eficonfig: add UEFI Secure Boot Key enrollment interface

This commit adds the menu-driven UEFI Secure Boot Key
enrollment interface. User can enroll PK, KEK, db
and dbx by selecting file.
Only the signed EFI Signature List(s) with an authenticated
header, typically '.auth' file, is accepted.

To clear the PK, KEK, db and dbx, user needs to enroll the null key
signed by PK or KEK.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
cmd/Makefile diff | blob | history
cmd/eficonfig.c diff | blob | history
cmd/eficonfig_sbkey.c [new file with mode: 0644] blob
include/efi_config.h diff | blob | history
Domain: System / Kernel;