From patchwork Tue Oct 4 14:35:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 612272 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp216721pvb; Tue, 4 Oct 2022 07:35:31 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5a95i5PI5IJr1mU8t9F73Bqz4oVDkvh3YCRhls5uP1PnW68yf/GYjXcgTVPp9BfsLG5edf X-Received: by 2002:a05:6402:2802:b0:43a:9098:55a0 with SMTP id h2-20020a056402280200b0043a909855a0mr23413730ede.179.1664894131285; Tue, 04 Oct 2022 07:35:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664894131; cv=none; d=google.com; s=arc-20160816; b=vTaYtjmYsZsge45C54BQNieTvCepbJ49h3/3n8DV2z7ePqFYxt5h0/Y0yFcvqUsNmw hkcq3P22GrZp0yrHEmpTaQp4cFmpkObDv94Z0XJ2EYmw/m7YRF2HXGfOZ+hKik86ytxB 6PKm0WOD+oYLjDgqsKq8NodZoDdCptNN2Jwynxr+QtlQoLweBMykItZI1HF1AGwPeBhq HfgxORRrfdvmOJIt51yg5AtQGphsNg9G8z0UBsAbsUFFwYKF73Ne8OEdxmQMA/Z5IHji h3WtpO2eHXq3iHqp+55rx5KluNo1ow9SkxDn1PC88nF5f8hZp5WctynGeX+bzHclp3A2 8Sng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=VWtW+2pPeJPaMU/u7E4ijWjGU9x3Nqn993x8V0SB0Aw=; b=CXPeruZB/ToMR0fon+chJk37WXhxZ0IT1iWpeJ2k7AJO4aSYvwF6GUzdeeVsoZbQKT wyw1LVLpDwvWI/YVsrLYyORLXoY2Uf/ef3dcjmjR4Z0p4+cS1FTo9XqhfkxWoSBkz7DU rHXXx1Ai3/1FZgQyVpW64L183397CuoGEqZq30D5WsuC7KWPB9ibmONi/DPDVJlko5+q xgzmiYjmwZrtyQR1MLIAlSoOHSi99YFPdNYXprhGdFabvsskmcWDCkFIUWeyvjV85ufG e/dpGRuK5a37mMdYiP5T765bzqd3pVjJ+o4m3ILGZq8gcktjc2YI6mBHnV+MrOapDtNR yWkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=d55KYQev; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id e19-20020a056402149300b00458cba4c78bsi7060472edv.416.2022.10.04.07.35.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Oct 2022 07:35:31 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=d55KYQev; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 73EE784D45; Tue, 4 Oct 2022 16:35:28 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="d55KYQev"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 16D6A84D45; Tue, 4 Oct 2022 16:35:27 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B454E84C2D for ; Tue, 4 Oct 2022 16:35:23 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pl1-x62e.google.com with SMTP id l1so9599pld.13 for ; Tue, 04 Oct 2022 07:35:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=message-id:date:subject:cc:to:from:from:to:cc:subject:date; bh=VWtW+2pPeJPaMU/u7E4ijWjGU9x3Nqn993x8V0SB0Aw=; b=d55KYQevEvE3/7EDf3g2+j/K/paw1YFctQNg0wo2THmycooREBQtIqdseNn4assn6Z LnFBPJyVyKtdw8thxDV6BiBGYWNx68MlRnOeOLir9PuODBdlXr/tvnORJGVZzyhyFpeF bSzypIINDBanPt2xP+3T3Ki6Q5ZXmsA5mPIDrdiUpvp94MHPbSu82XeOGEqSg/SNqyds 5zzCxc3FZehpz+z6IN5xOlGfXDqr0O3FzWkZNLfCCYVs7YmlI8PuXKYJvoMotrDSDYi0 +E+Sm4SGJGsyY5XtZEkVo4IGlGqmhaYoPjoZnP1SJJbo48f66tmp6RTRstCqk+Gm8v3a aZbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date; bh=VWtW+2pPeJPaMU/u7E4ijWjGU9x3Nqn993x8V0SB0Aw=; b=NcZfSauvC5VSQuxtakoTUp2V9tqlrr46gGsk1xPKWZdt5YrxWPXjZ0nthui18Yqdxq n3bHHelabtdvv24TY60B0tAJmXCzvTVTCxBYRvhqD1tX0WYldj+ul7/uJoCIKvx8qarQ pZTdINO7Brq/qey53zMt0qH9lWeFqrwav/AHuWRXHFq8QbLQSw9vAQANeyxafc/k0nEm jEwG20ldbJIv9Lv/FJBLiiHu8n/M94A+HHqAQU3mnCdCCHVgvEittr3m/EibpWLdzNYn JHxv9+8Hh6pF91rVXDaA3tzDlU8e59huQsh3XSPT/QIEXJVxuzG4IPAb3cEqL90uZOtM b1Zw== X-Gm-Message-State: ACrzQf1dcls2WdukMg6sY4Cc2lh0zWwPmgoiOWXBX4Vgz7sZqNFFCpYm lQk5WbkmnI6IKliL2bFsDgEipvXahFoa9g== X-Received: by 2002:a17:902:b194:b0:17a:ccae:4ceb with SMTP id s20-20020a170902b19400b0017accae4cebmr27890519plr.36.1664894121429; Tue, 04 Oct 2022 07:35:21 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id u6-20020a170902e80600b001783a917b9asm9044119plg.127.2022.10.04.07.35.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Oct 2022 07:35:20 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v2 0/6] eficonfig: add UEFI Secure Boot key maintenance interface Date: Tue, 4 Oct 2022 23:35:36 +0900 Message-Id: <20221004143543.30000-1-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean This series adds the UEFI Secure Boot key maintenance interface to the eficonfig command. User can enroll and delete the PK, KEK, db and dbx. This series is based on the u-boot/next branch since 'eficonfig' command is not merged in u-boot/master. Source code can be cloned with: $ git clone https://git.linaro.org/people/masahisa.kojima/u-boot.git -b kojima/eficonfig_sbkey_v2 Masahisa Kojima (6): eficonfig: refactor eficonfig_select_file_handler() eficonfig: expose append entry function eficonfig: add UEFI Secure Boot Key enrollment interface eficonfig: add "Show/Delete Signature Database" menu entry test/eficonfig: support secure boot key maintenance menu test: add test for eficonfig secure boot key management cmd/Makefile | 3 + cmd/eficonfig.c | 48 +- cmd/eficonfig_sbkey.c | 743 ++++++++++++++++++ include/efi_config.h | 10 + test/py/tests/test_eficonfig/conftest.py | 84 +- test/py/tests/test_eficonfig/defs.py | 14 + .../py/tests/test_eficonfig/test_eficonfig.py | 4 +- .../test_eficonfig/test_eficonfig_sbkey.py | 472 +++++++++++ 8 files changed, 1352 insertions(+), 26 deletions(-) create mode 100644 cmd/eficonfig_sbkey.c create mode 100644 test/py/tests/test_eficonfig/defs.py create mode 100644 test/py/tests/test_eficonfig/test_eficonfig_sbkey.py