From patchwork Fri Oct 14 06:56:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 615059 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp112750pvb; Thu, 13 Oct 2022 23:57:27 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4oBEhkgtkFaLJKoMMUUi5ux6D1yMUrVjxNq23M8tigaghGGzN3rJdiy9RkN8y/ffhEMXmN X-Received: by 2002:a17:907:7e94:b0:78d:4997:9d5e with SMTP id qb20-20020a1709077e9400b0078d49979d5emr2495508ejc.436.1665730647414; Thu, 13 Oct 2022 23:57:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665730647; cv=none; d=google.com; s=arc-20160816; b=GwVCWO9QiL86dBZyclzlYjOcU7NyIR0ck9IQmF+BOw/YVnRD8160CNL5ggwsXEURrR AorgVEl9DrzuW/HP6WTLEf7D75wuMviGr6RGz30sG0w3tX0YIMZ5WAd1Pil1d1feZZvx YukDj2PGthMAzQeXDaQR6wSnttVtqLm/6J5LJEFbGy1++7lREr/bWWpk9E2PI4qyQJzU o39tJ+p6o6gSh0nDZ7zKc5a8dhcey6OXcfCLWg+mM/mWec/0UK2ItVknt+fI0lVoyvlG 40a0ONSzPQkHNe/yH53QYEp22pydck4sXzAHkLsw9u3JvlGuvOKJkDP75rfWQupE2YV2 ffjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=YLbV2mBCmlVbzPXsU0nyFcrgI9z9fSQfrAX8cYJukM0=; b=PWiqdTIMlxvy0zGAIDeQiFiSW+xjJlS/fQKt0uWmeCzxy//T3BmS7nx2TDG905QVRd 4IiJD1S5BCDgeVJnVHBV9HB4UOfzvbKKccf797w38sGZ9eyBcv4WKMsDs3wCUKJfDVSP yRqOuf3Zl0ScX5Yii5YX6mx0urIpuJ/MyPnMo/g89FjB4xiUI8cR2+WElTfjmy0XfDGZ Ywrp6G5B0R6kgA8cggoRIYfjsfPrbmiKWYHNOxxvnBKeTTcQAcoADXJhXrKV0NcYIFJt Erk0WssgI0ffN+VEhdj1hkkpqrwavh63WcCuBhT8ym6WBm7IeC3vYca3urUSgMIE0EfQ 536Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FeJ4oWF4; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id hp19-20020a1709073e1300b0078212b2e6e2si1828748ejc.75.2022.10.13.23.57.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:57:27 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FeJ4oWF4; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 96BD384F14; Fri, 14 Oct 2022 08:57:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="FeJ4oWF4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 60F3384EF9; Fri, 14 Oct 2022 08:57:22 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 5D60484EAE for ; Fri, 14 Oct 2022 08:57:19 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pl1-x636.google.com with SMTP id l1so3898177pld.13 for ; Thu, 13 Oct 2022 23:57:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YLbV2mBCmlVbzPXsU0nyFcrgI9z9fSQfrAX8cYJukM0=; b=FeJ4oWF4IAfvaiz3X4fsk/VqLjGKrlAPZPqvUe/WpBp8OzZyyzcAq0xkzL7RU3Wfmt aIL+NLqTXmMeT4U4bnMEk+gTiOvFYA9R3kaMz4MF5Xsd2+Lnz9zGCZLUnQ2AQqvmyohu 8KUF1dOSWLkchTz0fHeA6vFUR5Hfm+wRRs9Im5Z309BlKd/TXes2bAnLfrewdCidjDnm WCocLkofBvw23BTr1gpCzT2zLNtSGgD0yYVyIF9nZ7fjH5lXSiv4t/77T2gxTKKj4fjp cjR8yxX0UEWBXhQyWYyq7AHno4D1wYNVUktj6fyez6T5xtV0rtq8EE5jitBluSUhemBM tjCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YLbV2mBCmlVbzPXsU0nyFcrgI9z9fSQfrAX8cYJukM0=; b=M5rv2noDmFkbNJCUVzJWBmitMCmKwXp8ZXoaFK7bQjn19Mp1oqoFEQxolK+KEjhnnc leJQcZ3xQQ+gmaCs7FF/La0Rzf09rmo7xMWon2bHIaiP1w1GcaIsKFZVklYWsWfbvZr6 Rr/I4IBKAbQooqhoYvUpOPDQaRCMlal/U2qak8MUDXUqC3nbl7GT91/a7I1kjwjpo86Q 6jZ+L/lmvuf4A7rKajx4UOmGzpEuqWDCGz25OXLKe/PoxcFiQdqjQun9Z7c7nfeGk9tp XKI80m6Q57wJJAn2wmHkuJZ1ahbVjG+RDit9xhRFpSiiEzlY1HKR53D8MZDY34HBP9/L R7oQ== X-Gm-Message-State: ACrzQf243GBzNvXed6nLfo+WDz8afELIFRjAJrwRMfzwV+bQhP+kiT2J qmWEiTYB4ztSOBLKWGwFbGMGtEvsE0y45A== X-Received: by 2002:a17:903:41cb:b0:183:1648:be0f with SMTP id u11-20020a17090341cb00b001831648be0fmr3896770ple.18.1665730637253; Thu, 13 Oct 2022 23:57:17 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id d67-20020a621d46000000b00550724f8ea0sm850581pfd.128.2022.10.13.23.57.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:57:16 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v3 0/6] eficonfig: add UEFI Secure Boot key maintenance interface Date: Fri, 14 Oct 2022 15:56:54 +0900 Message-Id: <20221014065705.5249-1-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean This series adds the UEFI Secure Boot key maintenance interface to the eficonfig command. User can enroll and delete the PK, KEK, db and dbx. Source code can be cloned with: $ git clone https://git.linaro.org/people/masahisa.kojima/u-boot.git -b kojima/eficonfig_sbkey_v3 [Major Changes] - rebased on top of u-boot/master Masahisa Kojima (6): eficonfig: refactor eficonfig_select_file_handler() eficonfig: expose append entry function eficonfig: add UEFI Secure Boot Key enrollment interface eficonfig: add "Show/Delete Signature Database" menu entry test/eficonfig: support secure boot key maintenance menu test: add test for eficonfig secure boot key management cmd/Makefile | 3 + cmd/eficonfig.c | 48 +- cmd/eficonfig_sbkey.c | 751 ++++++++++++++++++ include/efi_config.h | 10 + test/py/tests/test_eficonfig/conftest.py | 84 +- test/py/tests/test_eficonfig/defs.py | 14 + .../py/tests/test_eficonfig/test_eficonfig.py | 4 +- .../test_eficonfig/test_eficonfig_sbkey.py | 472 +++++++++++ 8 files changed, 1360 insertions(+), 26 deletions(-) create mode 100644 cmd/eficonfig_sbkey.c create mode 100644 test/py/tests/test_eficonfig/defs.py create mode 100644 test/py/tests/test_eficonfig/test_eficonfig_sbkey.py