Pull request for UEFI sub-system for efi-2020-07-rc1
Heinrich Schuchardt
xypron.glpk at gmx.de
Thu Apr 16 19:01:54 CEST 2020
The following changes since commit 9cb3ce2558ba1fc058dfb26a07fc02603773a211:
Merge branch 'master' of git://git.denx.de/u-boot-marvell (2020-04-15
08:30:16 -0400)
are available in the Git repository at:
https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git
tags/efi-2020-07-rc1
for you to fetch changes up to b2ace8753d0048487ab6e8955ae9067a6af91559:
efi_loader: add some description about UEFI secure boot (2020-04-16
08:12:47 +0200)
----------------------------------------------------------------
Pull request for UEFI sub-system for efi-2020-07-rc1
This pull request
* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
from booting when CONFIG_RSA is enabled which is needed for UEFI
secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
No problems where reported by Gitlab and Travis:
https://gitlab.denx.de/u-boot/custodians/u-boot-efi/pipelines/2782
https://travis-ci.org/github/xypron2/u-boot/builds/675602621
----------------------------------------------------------------
AKASHI Takahiro (17):
efi_loader: add CONFIG_EFI_SECURE_BOOT config option
efi_loader: add signature verification functions
efi_loader: add signature database parser
efi_loader: variable: support variable authentication
efi_loader: variable: add secure boot state transition
efi_loader: variable: add VendorKeys variable
efi_loader: image_loader: support image authentication
efi_loader: set up secure boot
cmd: env: use appropriate guid for authenticated UEFI variable
cmd: env: add "-at" option to "env set -e" command
cmd: efidebug: add "test bootmgr" sub-command
efi_loader, pytest: set up secure boot environment
efi_loader, pytest: add UEFI secure boot tests (authenticated
variables)
efi_loader, pytest: add UEFI secure boot tests (image)
sandbox: add extra configurations for UEFI and related tests
travis: add packages for UEFI secure boot test
efi_loader: add some description about UEFI secure boot
Heinrich Schuchardt (4):
efi_loader: function descriptions efi_unicode_collation.c
efi_loader: add missing doc comments in efi_disk.c
efi_loader: function descriptions efi_watchdog.c
drivers: crypto: rsa_mod_exp: avoid DM_FLAG_PRE_RELOC
Peter Robinson (1):
efi_loader: enable RNG if DM_RNG is enabled
.travis.yml | 11 +-
cmd/efidebug.c | 78 +-
cmd/nvedit.c | 5 +-
cmd/nvedit_efi.c | 23 +-
configs/sandbox64_defconfig | 3 +
configs/sandbox_defconfig | 3 +
doc/api/efi.rst | 12 +
doc/uefi/uefi.rst | 77 ++
drivers/crypto/fsl/fsl_rsa.c | 1 -
drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 -
include/efi_api.h | 87 +++
include/efi_loader.h | 91 ++-
lib/efi_loader/Kconfig | 19 +
lib/efi_loader/Makefile | 1 +
lib/efi_loader/efi_boottime.c | 10 +-
lib/efi_loader/efi_disk.c | 52 +-
lib/efi_loader/efi_image_loader.c | 462 +++++++++++-
lib/efi_loader/efi_setup.c | 38 +
lib/efi_loader/efi_signature.c | 804 ++++++++++++++++++++
lib/efi_loader/efi_unicode_collation.c | 6 +-
lib/efi_loader/efi_variable.c | 952
+++++++++++++++++++++---
lib/efi_loader/efi_watchdog.c | 18 +-
test/py/README.md | 8 +
test/py/tests/test_efi_secboot/conftest.py | 151 ++++
test/py/tests/test_efi_secboot/defs.py | 21 +
test/py/tests/test_efi_secboot/test_authvar.py | 282 +++++++
test/py/tests/test_efi_secboot/test_signed.py | 117 +++
test/py/tests/test_efi_secboot/test_unsigned.py | 121 +++
28 files changed, 3307 insertions(+), 147 deletions(-)
create mode 100644 lib/efi_loader/efi_signature.c
create mode 100644 test/py/tests/test_efi_secboot/conftest.py
create mode 100644 test/py/tests/test_efi_secboot/defs.py
create mode 100644 test/py/tests/test_efi_secboot/test_authvar.py
create mode 100644 test/py/tests/test_efi_secboot/test_signed.py
create mode 100644 test/py/tests/test_efi_secboot/test_unsigned.py
More information about the U-Boot
mailing list