eficonfig: add UEFI Secure Boot Key enrollment interface

This commit adds the menu-driven UEFI Secure Boot Key enrollment interface. User can enroll PK, KEK, db and dbx by selecting file. Only the signed EFI Signature List(s) with an authenticated header, typically '.auth' file, is accepted. To clear the PK, KEK, db and dbx, user needs to enroll the null key signed by PK or KEK. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
author: Masahisa Kojima <masahisa.kojima@linaro.org> 2022-11-20 09:21:18 +0900
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 2022-11-22 12:00:45 +0100
commit: c3b5af63d1cb9bf5ebcfe04c1fe9880edb62bcac (patch)
tree: 489cb2bcab10628bdd178e3880133ec87c26763e /cmd/eficonfig.c
parent: 21faf4ef67d29fca2f1ecc64350ba63e45481e37 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/cmd/eficonfig.c b/cmd/eficonfig.c
index ae0fada7d8..97d35597a2 100644
--- a/cmd/eficonfig.c
+++ b/cmd/eficonfig.c
@@ -2436,6 +2436,9 @@ static const struct eficonfig_item maintenance_menu_items[] = {
 	{"Edit Boot Option", eficonfig_process_edit_boot_option},
 	{"Change Boot Order", eficonfig_process_change_boot_order},
 	{"Delete Boot Option", eficonfig_process_delete_boot_option},
+#if (CONFIG_IS_ENABLED(EFI_SECURE_BOOT) && CONFIG_IS_ENABLED(EFI_MM_COMM_TEE))
+	{"Secure Boot Configuration", eficonfig_process_secure_boot_config},
+#endif
 	{"Quit", eficonfig_process_quit},
 };
author	Masahisa Kojima <masahisa.kojima@linaro.org>	2022-11-20 09:21:18 +0900
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	2022-11-22 12:00:45 +0100
commit	c3b5af63d1cb9bf5ebcfe04c1fe9880edb62bcac (patch)
tree	489cb2bcab10628bdd178e3880133ec87c26763e /cmd/eficonfig.c
parent	21faf4ef67d29fca2f1ecc64350ba63e45481e37 (diff)