diff options
author | Sughosh Ganu <sughosh.ganu@linaro.org> | 2020-12-30 19:27:09 +0530 |
---|---|---|
committer | Heinrich Schuchardt <xypron.glpk@gmx.de> | 2020-12-31 14:41:31 +0100 |
commit | 04be98bd6bcfccf3ab028fda0ca962dd00f61260 (patch) | |
tree | 3c5364e835613770b47a069ca9dd398ac0ac4ceb /lib/efi_loader/Kconfig | |
parent | b4f20a5d83f0b8a5c30128966eabe68748631e66 (diff) |
efi: capsule: Add support for uefi capsule authentication
Add support for authenticating uefi capsules. Most of the signature
verification functionality is shared with the uefi secure boot
feature.
The root certificate containing the public key used for the signature
verification is stored as part of the device tree blob. The root
certificate is stored as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Diffstat (limited to 'lib/efi_loader/Kconfig')
-rw-r--r-- | lib/efi_loader/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index e780491357..fdf245dea3 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -153,6 +153,23 @@ config EFI_CAPSULE_FIRMWARE_MANAGEMENT Select this option if you want to enable capsule-based firmware update using Firmware Management Protocol. +config EFI_CAPSULE_AUTHENTICATE + bool "Update Capsule authentication" + depends on EFI_CAPSULE_FIRMWARE + depends on EFI_CAPSULE_ON_DISK + depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT + select SHA256 + select RSA + select RSA_VERIFY + select RSA_VERIFY_WITH_PKEY + select X509_CERTIFICATE_PARSER + select PKCS7_MESSAGE_PARSER + select PKCS7_VERIFY + default n + help + Select this option if you want to enable capsule + authentication + config EFI_CAPSULE_FIRMWARE_FIT bool "FMP driver for FIT image" depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT |