From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [PATCH v6 01/16] efi_loader: add CONFIG_EFI_SECURE_BOOT config option
Date: Wed, 26 Feb 2020 13:54:33 +0900 [thread overview]
Message-ID: <20200226045448.2453-2-takahiro.akashi@linaro.org> (raw)
In-Reply-To: <20200226045448.2453-1-takahiro.akashi@linaro.org>
Under this configuration, UEFI secure boot support will be added
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
lib/efi_loader/Kconfig | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index a7afa3f29e88..4b09a07f1b0a 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -130,4 +130,22 @@ config EFI_RNG_PROTOCOL
"Support for EFI_RNG_PROTOCOL implementation. Uses the rng
device on the platform"
+config EFI_SECURE_BOOT
+ bool "Enable EFI secure boot support"
+ depends on EFI_LOADER
+ select SHA256
+ select RSA
+ select RSA_VERIFY_WITH_PKEY
+ select IMAGE_SIGN_INFO
+ select ASYMMETRIC_KEY_TYPE
+ select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select X509_CERTIFICATE_PARSER
+ select PKCS7_MESSAGE_PARSER
+ default n
+ help
+ Select this option to enable EFI secure boot support.
+ Once SecureBoot mode is enforced, any EFI binary can run only if
+ it is signed with a trusted key. To do that, you need to install,
+ at least, PK, KEK and db.
+
endif
--
2.24.0
next prev parent reply other threads:[~2020-02-26 4:54 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-26 4:54 [PATCH v6 00/16] efi_loader: add secure boot support AKASHI Takahiro
2020-02-26 4:54 ` AKASHI Takahiro [this message]
2020-02-26 4:54 ` [PATCH v6 02/16] efi_loader: add signature verification functions AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 03/16] efi_loader: add signature database parser AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 04/16] efi_loader: variable: support variable authentication AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 05/16] efi_loader: variable: add secure boot state transition AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 06/16] efi_loader: variable: add VendorKeys variable AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 07/16] efi_loader: image_loader: support image authentication AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 08/16] efi_loader: set up secure boot AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 09/16] cmd: env: use appropriate guid for authenticated UEFI variable AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 10/16] cmd: env: add "-at" option to "env set -e" command AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 11/16] cmd: efidebug: add "test bootmgr" sub-command AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 12/16] efi_loader, pytest: set up secure boot environment AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 13/16] efi_loader, pytest: add UEFI secure boot tests (authenticated variables) AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 14/16] efi_loader, pytest: add UEFI secure boot tests (image) AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 15/16] sandbox: add extra configurations for UEFI and related tests AKASHI Takahiro
2020-02-26 4:54 ` [PATCH v6 16/16] travis: add packages for UEFI secure boot test AKASHI Takahiro
2020-02-26 14:28 ` Tom Rini
2020-02-27 5:17 ` AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200226045448.2453-2-takahiro.akashi@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.