eficonfig: add UEFI Secure Boot Key enrollment interface This commit adds the menu-driven UEFI Secure Boot Key enrollment interface. User can enroll PK, KEK, db and dbx by selecting file. Only the signed EFI Signature List(s) with an authenticated header, typically '.auth' file, is accepted. To clear the PK, KEK, db and dbx, user needs to enroll the null key signed by PK or KEK. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

commit: cbdbcb4c53f4ebb89463c178d9ff10f77090cb39 [log] [tgz]
author: Masahisa Kojima <masahisa.kojima@linaro.org> Sun Nov 20 09:21:18 2022 +0900
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tue Nov 22 12:00:45 2022 +0100
tree: 489cb2bcab10628bdd178e3880133ec87c26763e
parent: a75c8c907c4da9d653d1abee397df997a6b96642 [diff] [blame]
diff --git a/include/efi_config.h b/include/efi_config.h
index 934de41..fd69926 100644
--- a/include/efi_config.h
+++ b/include/efi_config.h

@@ -101,5 +101,9 @@
 efi_status_t eficonfig_append_quit_entry(struct efimenu *efi_menu);
 struct efi_device_path *eficonfig_create_device_path(struct efi_device_path *dp_volume,
 						     u16 *current_path);
+void *eficonfig_create_fixed_menu(const struct eficonfig_item *items, int count);
+#ifdef CONFIG_EFI_SECURE_BOOT
+efi_status_t eficonfig_process_secure_boot_config(void *data);
+#endif
 
 #endif
commit	cbdbcb4c53f4ebb89463c178d9ff10f77090cb39	[log] [tgz]
author	Masahisa Kojima <masahisa.kojima@linaro.org>	Sun Nov 20 09:21:18 2022 +0900
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Tue Nov 22 12:00:45 2022 +0100
tree	489cb2bcab10628bdd178e3880133ec87c26763e
parent	a75c8c907c4da9d653d1abee397df997a6b96642 [diff] [blame]