diff options
author | Masahisa Kojima <masahisa.kojima@linaro.org> | 2022-11-20 09:21:18 +0900 |
---|---|---|
committer | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2022-11-22 12:00:45 +0100 |
commit | c3b5af63d1cb9bf5ebcfe04c1fe9880edb62bcac (patch) | |
tree | 489cb2bcab10628bdd178e3880133ec87c26763e /cmd/eficonfig.c | |
parent | 21faf4ef67d29fca2f1ecc64350ba63e45481e37 (diff) |
eficonfig: add UEFI Secure Boot Key enrollment interface
This commit adds the menu-driven UEFI Secure Boot Key
enrollment interface. User can enroll PK, KEK, db
and dbx by selecting file.
Only the signed EFI Signature List(s) with an authenticated
header, typically '.auth' file, is accepted.
To clear the PK, KEK, db and dbx, user needs to enroll the null key
signed by PK or KEK.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Diffstat (limited to 'cmd/eficonfig.c')
-rw-r--r-- | cmd/eficonfig.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/cmd/eficonfig.c b/cmd/eficonfig.c index ae0fada7d8..97d35597a2 100644 --- a/cmd/eficonfig.c +++ b/cmd/eficonfig.c @@ -2436,6 +2436,9 @@ static const struct eficonfig_item maintenance_menu_items[] = { {"Edit Boot Option", eficonfig_process_edit_boot_option}, {"Change Boot Order", eficonfig_process_change_boot_order}, {"Delete Boot Option", eficonfig_process_delete_boot_option}, +#if (CONFIG_IS_ENABLED(EFI_SECURE_BOOT) && CONFIG_IS_ENABLED(EFI_MM_COMM_TEE)) + {"Secure Boot Configuration", eficonfig_process_secure_boot_config}, +#endif {"Quit", eficonfig_process_quit}, }; |