| #
cd160b27 |
|
23-Jan-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
eficonfig: refactor eficonfig_process_common function
Current change boot order implementation does not call
eficonfig_process_common() and call own menu functions
for display_statusline, item_data_print and item_choice.
Change boot order functionality should call
eficonfig_process_common() to improve maintenanceability.
This commit is a preparation to remove the change boot
order specific implementation. The menu functions
(display_statusline, item_data_print and item_choice) are
added as argument of eficonfig_process_common().
The menu description string displayed at the bottom of
the menu is also added as argument.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
| #
ad50ca50 |
|
20-Dec-2022 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
eficonfig: EFI_VARIABLE_APPEND_WRITE is not set for null key
The signed null key with authenticated header is used to clear
the PK, KEK, db and dbx. When CONFIG_EFI_MM_COMM_TEE is enabled
(StMM and OP-TEE based RPMB storage is used as the EFI variable
storage), clearing KEK, db and dbx by enrolling a signed null
key does not work as expected if EFI_VARIABLE_APPEND_WRITE
attritube is set.
This commit checks the selected file is null key, then
EFI_VARIABLE_APPEND_WRITE attibute will not be used for the null key.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
| #
d0f9ae35 |
|
19-Nov-2022 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
eficonfig: add "Show Signature Database" menu entry
This commit adds the menu-driven interface to show the
signature list content.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
| #
c3b5af63 |
|
19-Nov-2022 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
eficonfig: add UEFI Secure Boot Key enrollment interface
This commit adds the menu-driven UEFI Secure Boot Key
enrollment interface. User can enroll PK, KEK, db
and dbx by selecting file.
Only the signed EFI Signature List(s) with an authenticated
header, typically '.auth' file, is accepted.
To clear the PK, KEK, db and dbx, user needs to enroll the null key
signed by PK or KEK.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
| #
ad50ca50 |
|
20-Dec-2022 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
eficonfig: EFI_VARIABLE_APPEND_WRITE is not set for null key
The signed null key with authenticated header is used to clear
the PK, KEK, db and dbx. When CONFIG_EFI_MM_COMM_TEE is enabled
(StMM and OP-TEE based RPMB storage is used as the EFI variable
storage), clearing KEK, db and dbx by enrolling a signed null
key does not work as expected if EFI_VARIABLE_APPEND_WRITE
attritube is set.
This commit checks the selected file is null key, then
EFI_VARIABLE_APPEND_WRITE attibute will not be used for the null key.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
| #
d0f9ae35 |
|
19-Nov-2022 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
eficonfig: add "Show Signature Database" menu entry
This commit adds the menu-driven interface to show the
signature list content.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
| #
c3b5af63 |
|
19-Nov-2022 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
eficonfig: add UEFI Secure Boot Key enrollment interface
This commit adds the menu-driven UEFI Secure Boot Key
enrollment interface. User can enroll PK, KEK, db
and dbx by selecting file.
Only the signed EFI Signature List(s) with an authenticated
header, typically '.auth' file, is accepted.
To clear the PK, KEK, db and dbx, user needs to enroll the null key
signed by PK or KEK.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
| #
d0f9ae35 |
|
19-Nov-2022 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
eficonfig: add "Show Signature Database" menu entry
This commit adds the menu-driven interface to show the
signature list content.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
| #
c3b5af63 |
|
19-Nov-2022 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
eficonfig: add UEFI Secure Boot Key enrollment interface
This commit adds the menu-driven UEFI Secure Boot Key
enrollment interface. User can enroll PK, KEK, db
and dbx by selecting file.
Only the signed EFI Signature List(s) with an authenticated
header, typically '.auth' file, is accepted.
To clear the PK, KEK, db and dbx, user needs to enroll the null key
signed by PK or KEK.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |