summaryrefslogtreecommitdiff
path: root/cmd/eficonfig_sbkey.c
AgeCommit message (Collapse)AuthorFilesLines
2023-01-27eficonfig: refactor eficonfig_process_common functionMasahisa Kojima1-3/+15
Current change boot order implementation does not call eficonfig_process_common() and call own menu functions for display_statusline, item_data_print and item_choice. Change boot order functionality should call eficonfig_process_common() to improve maintenanceability. This commit is a preparation to remove the change boot order specific implementation. The menu functions (display_statusline, item_data_print and item_choice) are added as argument of eficonfig_process_common(). The menu description string displayed at the bottom of the menu is also added as argument. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-12-20eficonfig: EFI_VARIABLE_APPEND_WRITE is not set for null keyMasahisa Kojima1-2/+36
The signed null key with authenticated header is used to clear the PK, KEK, db and dbx. When CONFIG_EFI_MM_COMM_TEE is enabled (StMM and OP-TEE based RPMB storage is used as the EFI variable storage), clearing KEK, db and dbx by enrolling a signed null key does not work as expected if EFI_VARIABLE_APPEND_WRITE attritube is set. This commit checks the selected file is null key, then EFI_VARIABLE_APPEND_WRITE attibute will not be used for the null key. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-11-22eficonfig: add "Show Signature Database" menu entryMasahisa Kojima1-0/+235
This commit adds the menu-driven interface to show the signature list content. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-11-22eficonfig: add UEFI Secure Boot Key enrollment interfaceMasahisa Kojima1-0/+263
This commit adds the menu-driven UEFI Secure Boot Key enrollment interface. User can enroll PK, KEK, db and dbx by selecting file. Only the signed EFI Signature List(s) with an authenticated header, typically '.auth' file, is accepted. To clear the PK, KEK, db and dbx, user needs to enroll the null key signed by PK or KEK. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
generated by cgit v1.2.3 (git 2.39.0) at 2024-09-13 21:49:23 +0300