From patchwork Sun Jun 19 05:20:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 583000 Delivered-To: patch@linaro.org Received: by 2002:a05:7000:7814:0:0:0:0 with SMTP id b20csp757937mav; Sat, 18 Jun 2022 22:19:33 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uJpbphwXQZ6J6a0s0MpK0XgeoVxa8JbpKIcTGObAYSgSpZx/8M3SndYMDEk/WZRDcSFNCi X-Received: by 2002:a17:906:5344:b0:712:3c7e:cf58 with SMTP id j4-20020a170906534400b007123c7ecf58mr16059756ejo.679.1655615973180; Sat, 18 Jun 2022 22:19:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655615973; cv=none; d=google.com; s=arc-20160816; b=TW4CGsFoQFJwaZNUluUK4WJKFl5X73ez0HwC6JTRFHQWsUzwYWO5A4/dU/IZEUOubq wHyvM/+jUX3PLmsgylUEftdEqejISE/0dxw1SiB9SzFhgZYgNwTI9+zjq53kUOCik2fT BWxUH9yamac2MMx/XXwi56IksMmtnUv494BfJY9tTrpyDpv8fcubondISA5/6nCJ24ci IsTdJZQ//goUdtq63ALRnhLOBglVyDbb3rcw4H5dM2kuYaROGvK9rzWA3mpzAXcot8Ez eE3Dz4hx0hVBNfS2r47MFNKJ0GyQsPnyBcuehQqyC+IjnuSDa09xqW8lPVe5AGsAV0Gr d9Bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=BZxO1rJMGKLWAK0NJk/FfgRu29NCjK+5OQs5NCmzzwk=; b=zDqZxAVP5t1Ynvg3nM4adVioXwaSvtqw7jcfrAlC/pbYZ7jTLuiMfgfGkpWZ+gTZy4 PBARpyRgm6jA9ej/F+KM9toEK2tktAclGc5G2dFHcj9cV+ZmIqM2FNTTfogeVC9c7a2I tKAdjAoTTBrQNlfou6nsN+6x0u8WsQRdBkTySvy4MGTap+ERaYIhj6AhGjN9aT5tMEBM 05t1YR27eiI3ik/XG5Db54WGIkXmHqGQIHAhcEaI+AHYZhhnU/0CVqXDOhYUVbat0Z2b dufbislXgnitxzfQ40l/m/OVfp4STOBW7s2MFfOQ+I8N+Bw4i2mpaP8ta9Vk0x6zgxNI 1w/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YzkAvEUh; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id j36-20020a05640223a400b00435640ca821si6116743eda.539.2022.06.18.22.19.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Jun 2022 22:19:33 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YzkAvEUh; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E00B484280; Sun, 19 Jun 2022 07:19:30 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="YzkAvEUh"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C30E2842FA; Sun, 19 Jun 2022 07:19:29 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2F4C083EA6 for ; Sun, 19 Jun 2022 07:19:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x42e.google.com with SMTP id n12so580052pfq.0 for ; Sat, 18 Jun 2022 22:19:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=BZxO1rJMGKLWAK0NJk/FfgRu29NCjK+5OQs5NCmzzwk=; b=YzkAvEUhpmKCHu9EAL/NqoYvjbslnkhtU4yGsh9eJNKWjkbmNh2K7f82ZmhwcPvFbK ntGa6f5jdIBfu5is3EujDbJImw/LdpoWtSzNySnrxAL9FAExUPk6+1FDqGN7MEgvyOfk IefsHPkdkKXIeZre3qOW5VsQBd6tt9s5U+CmKcfJh5ezp1rMHmTZCvAfrllRIyiCftuJ C0KyJWrZPT5zp5abFU7A32clLmA51yZeR5qDe9eZsGB+c1pZ89Z8l8/5zDRWWCvm4pme fJgvZ/1dOHsnxNHn7av1I6CEoRoJ8ldf2P7nMbemERHW2xEJp7cU1j0xIB79ZbcNR1Mi 0Hwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=BZxO1rJMGKLWAK0NJk/FfgRu29NCjK+5OQs5NCmzzwk=; b=QBiU4QlPTl400pcDixR9Bs5e0OsP8/ckIqpswGroUAsQ3tLC1+jQLX3PXKhgFm+x4q sXSflwHJTHD0hvyyKVx6yA983LezVKB37HGrpc84ixj5XbtklXufZKyCHFexVjFib3vp 8ZNanlaGgZgrTivJbAy9Kic6HxdHOUf3lhVaTVHrp5OZEeox9rtulWvIcq2SlqdX/h3z K9pi67/8lipvavPCR63Zov8nBwQas0BBDDe8uL11YK3CfKOnBq+y3iMN+rOqbrzvThKi tiDUbymlRhSyQNmFoIrML4qadR2w4VpJGeSr2gbIrqfnsi3JFwMvlc2FBnZLtuvvPixS S8Ow== X-Gm-Message-State: AJIora9C89Jf7mLh0nkqJichMlUc/kekE56gU7twqO95OoTdxw6mIdns PUSC3UGtv7VCp7HqUCmyfUmvomPx9upj2g== X-Received: by 2002:a05:6a00:1941:b0:50d:807d:530b with SMTP id s1-20020a056a00194100b0050d807d530bmr18127591pfk.17.1655615965396; Sat, 18 Jun 2022 22:19:25 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id j3-20020a170903024300b001636c0b98a7sm6087243plh.226.2022.06.18.22.19.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Jun 2022 22:19:25 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Francois Ozog , Mark Kettenis , Masahisa Kojima Subject: [RFC PATCH 0/3] eficonfig: add UEFI Secure Boot key maintenance interface Date: Sun, 19 Jun 2022 14:20:19 +0900 Message-Id: <20220619052022.2694-1-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This series adds the UEFI Secure Boot key maintenance interface to the eficonfig command. User can enroll and delete the PK, KEK, db and dbx. Note that this series is RFC since this series is implemented on the top of the "enable menu-driven UEFI variable maintenance" patch series still under review[1]. [1]https://lore.kernel.org/u-boot/20220619045607.1669-1-masahisa.kojima@linaro.org/T/#m7fe16b6044fbb2947b49c26051563c7cbb696fb3 Source code can be cloned with: $ git clone https://git.linaro.org/people/masahisa.kojima/u-boot.git -b kojima/kojima/efi_seckey_menu_upstream_v1_0619 Masahisa Kojima (3): eficonfig: add UEFI Secure Boot Key enrollment interface eficonfig: add "Show Signature Database" menu entry eficonfig: add "Delete Key" menu entry cmd/Makefile | 3 + cmd/eficonfig.c | 3 + cmd/eficonfig_sbkey.c | 701 ++++++++++++++++++++++++++++++++++++++++++ include/efi_config.h | 3 + 4 files changed, 710 insertions(+) create mode 100644 cmd/eficonfig_sbkey.c