eficonfig: add UEFI Secure Boot Key enrollment interface

This commit adds the menu-driven UEFI Secure Boot Key enrollment interface. User can enroll PK, KEK, db and dbx by selecting file. Only the signed EFI Signature List(s) with an authenticated header, typically '.auth' file, is accepted. To clear the PK, KEK, db and dbx, user needs to enroll the null key signed by PK or KEK. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
author: Masahisa Kojima <masahisa.kojima@linaro.org> 2022-11-20 09:21:18 +0900
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 2022-11-22 12:00:45 +0100
commit: c3b5af63d1cb9bf5ebcfe04c1fe9880edb62bcac (patch)
tree: 489cb2bcab10628bdd178e3880133ec87c26763e /include
parent: 21faf4ef67d29fca2f1ecc64350ba63e45481e37 (diff)
download: u-boot-c3b5af63d1cb9bf5ebcfe04c1fe9880edb62bcac.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/include/efi_config.h b/include/efi_config.h
index 934de41e85b..fd699263436 100644
--- a/include/efi_config.h
+++ b/include/efi_config.h
@@ -101,5 +101,9 @@ efi_status_t eficonfig_append_menu_entry(struct efimenu *efi_menu,
 efi_status_t eficonfig_append_quit_entry(struct efimenu *efi_menu);
 struct efi_device_path *eficonfig_create_device_path(struct efi_device_path *dp_volume,
 						     u16 *current_path);
+void *eficonfig_create_fixed_menu(const struct eficonfig_item *items, int count);
+#ifdef CONFIG_EFI_SECURE_BOOT
+efi_status_t eficonfig_process_secure_boot_config(void *data);
+#endif
 
 #endif
author	Masahisa Kojima <masahisa.kojima@linaro.org>	2022-11-20 09:21:18 +0900
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	2022-11-22 12:00:45 +0100
commit	c3b5af63d1cb9bf5ebcfe04c1fe9880edb62bcac (patch)
tree	489cb2bcab10628bdd178e3880133ec87c26763e /include
parent	21faf4ef67d29fca2f1ecc64350ba63e45481e37 (diff)
download	u-boot-c3b5af63d1cb9bf5ebcfe04c1fe9880edb62bcac.tar.gz