On Sun, Jun 19, 2022 at 02:20:19PM +0900, Masahisa Kojima wrote:
This series adds the UEFI Secure Boot key maintenance interface to the eficonfig command. User can enroll and delete the PK, KEK, db and dbx.
Note that this series is RFC since this series is implemented on the top of the "enable menu-driven UEFI variable maintenance" patch series still under review[1].
[1]https://lore.kernel.org/u-boot/20220619045607.1669-1-masahisa.kojima@linaro....
Source code can be cloned with: $ git clone https://git.linaro.org/people/masahisa.kojima/u-boot.git -b kojima/kojima/efi_seckey_menu_upstream_v1_0619
Thanks Kojima-san. This is an important step in removing console access for EFI-enabled devices.
Regards /Ilias
Masahisa Kojima (3): eficonfig: add UEFI Secure Boot Key enrollment interface eficonfig: add "Show Signature Database" menu entry eficonfig: add "Delete Key" menu entry
cmd/Makefile | 3 + cmd/eficonfig.c | 3 + cmd/eficonfig_sbkey.c | 701 ++++++++++++++++++++++++++++++++++++++++++ include/efi_config.h | 3 + 4 files changed, 710 insertions(+) create mode 100644 cmd/eficonfig_sbkey.c
-- 2.17.1