Pull request for UEFI sub-system for efi-2020-07-rc1

Heinrich Schuchardt xypron.glpk at gmx.de
Thu Apr 16 19:01:54 CEST 2020


The following changes since commit 9cb3ce2558ba1fc058dfb26a07fc02603773a211:

  Merge branch 'master' of git://git.denx.de/u-boot-marvell (2020-04-15
08:30:16 -0400)

are available in the Git repository at:

  https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git
tags/efi-2020-07-rc1

for you to fetch changes up to b2ace8753d0048487ab6e8955ae9067a6af91559:

  efi_loader: add some description about UEFI secure boot (2020-04-16
08:12:47 +0200)

----------------------------------------------------------------
Pull request for UEFI sub-system for efi-2020-07-rc1

This pull request

* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
  from booting when CONFIG_RSA is enabled which is needed for UEFI
  secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments

No problems where reported by Gitlab and Travis:
https://gitlab.denx.de/u-boot/custodians/u-boot-efi/pipelines/2782
https://travis-ci.org/github/xypron2/u-boot/builds/675602621

----------------------------------------------------------------
AKASHI Takahiro (17):
      efi_loader: add CONFIG_EFI_SECURE_BOOT config option
      efi_loader: add signature verification functions
      efi_loader: add signature database parser
      efi_loader: variable: support variable authentication
      efi_loader: variable: add secure boot state transition
      efi_loader: variable: add VendorKeys variable
      efi_loader: image_loader: support image authentication
      efi_loader: set up secure boot
      cmd: env: use appropriate guid for authenticated UEFI variable
      cmd: env: add "-at" option to "env set -e" command
      cmd: efidebug: add "test bootmgr" sub-command
      efi_loader, pytest: set up secure boot environment
      efi_loader, pytest: add UEFI secure boot tests (authenticated
variables)
      efi_loader, pytest: add UEFI secure boot tests (image)
      sandbox: add extra configurations for UEFI and related tests
      travis: add packages for UEFI secure boot test
      efi_loader: add some description about UEFI secure boot

Heinrich Schuchardt (4):
      efi_loader: function descriptions efi_unicode_collation.c
      efi_loader: add missing doc comments in efi_disk.c
      efi_loader: function descriptions efi_watchdog.c
      drivers: crypto: rsa_mod_exp: avoid DM_FLAG_PRE_RELOC

Peter Robinson (1):
      efi_loader: enable RNG if DM_RNG is enabled

 .travis.yml                                     |  11 +-
 cmd/efidebug.c                                  |  78 +-
 cmd/nvedit.c                                    |   5 +-
 cmd/nvedit_efi.c                                |  23 +-
 configs/sandbox64_defconfig                     |   3 +
 configs/sandbox_defconfig                       |   3 +
 doc/api/efi.rst                                 |  12 +
 doc/uefi/uefi.rst                               |  77 ++
 drivers/crypto/fsl/fsl_rsa.c                    |   1 -
 drivers/crypto/rsa_mod_exp/mod_exp_sw.c         |   1 -
 include/efi_api.h                               |  87 +++
 include/efi_loader.h                            |  91 ++-
 lib/efi_loader/Kconfig                          |  19 +
 lib/efi_loader/Makefile                         |   1 +
 lib/efi_loader/efi_boottime.c                   |  10 +-
 lib/efi_loader/efi_disk.c                       |  52 +-
 lib/efi_loader/efi_image_loader.c               | 462 +++++++++++-
 lib/efi_loader/efi_setup.c                      |  38 +
 lib/efi_loader/efi_signature.c                  | 804 ++++++++++++++++++++
 lib/efi_loader/efi_unicode_collation.c          |   6 +-
 lib/efi_loader/efi_variable.c                   | 952
+++++++++++++++++++++---
 lib/efi_loader/efi_watchdog.c                   |  18 +-
 test/py/README.md                               |   8 +
 test/py/tests/test_efi_secboot/conftest.py      | 151 ++++
 test/py/tests/test_efi_secboot/defs.py          |  21 +
 test/py/tests/test_efi_secboot/test_authvar.py  | 282 +++++++
 test/py/tests/test_efi_secboot/test_signed.py   | 117 +++
 test/py/tests/test_efi_secboot/test_unsigned.py | 121 +++
 28 files changed, 3307 insertions(+), 147 deletions(-)
 create mode 100644 lib/efi_loader/efi_signature.c
 create mode 100644 test/py/tests/test_efi_secboot/conftest.py
 create mode 100644 test/py/tests/test_efi_secboot/defs.py
 create mode 100644 test/py/tests/test_efi_secboot/test_authvar.py
 create mode 100644 test/py/tests/test_efi_secboot/test_signed.py
 create mode 100644 test/py/tests/test_efi_secboot/test_unsigned.py


More information about the U-Boot mailing list