summaryrefslogtreecommitdiff
path: root/lib/efi_loader/efi_var_file.c
AgeCommit message (Collapse)AuthorFilesLines
2021-10-21efi_loader: don't load Shim's MOK database from fileHeinrich Schuchardt1-0/+8
When using a file to store UEFI variables we must make sure that secure boot related variables are not loaded from this file. With commit 9ef82e29478c ("efi_loader: don't load signature database from file") this has already been implemented for variables defined in the UEFI specification. As most Linux distributions use Shim we should do the same for Shim's MOK database. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04efi_loader: don't load signature database from fileHeinrich Schuchardt1-16/+25
The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-06-09efi_loader: partition numbers are hexadecimalHeinrich Schuchardt1-1/+1
If we want to address partition 15 of virtio block device 11, we have to write: virtio b:f When calling sprintf() we must use %x for the device and partition numbers. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01efi_loader: Enable run-time variable support for tee based variablesIlias Apalodimas1-18/+7
We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16efi_loader: pre-seed UEFI variablesHeinrich Schuchardt1-7/+1
Include a file with the initial values for non-volatile UEFI variables into the U-Boot binary. If this variable is set, changes to variable PK will not be allowed. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-12efi_loader: enable UEFI variables at runtimeHeinrich Schuchardt1-3/+3
Enable UEFI variables at runtime. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-12efi_loader: UEFI variable persistenceHeinrich Schuchardt1-0/+239
Persist non-volatile UEFI variables in a file on the EFI system partition. The file is written whenever a non-volatile UEFI variable is changed after initialization of the UEFI sub-system. The file is read during the UEFI sub-system initialization to restore non-volatile UEFI variables. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
generated by cgit v1.2.3 (git 2.39.0) at 2024-07-14 17:13:52 +0300