u-boot on raspberry pi with secure boot
Jonas Kvinge
jonaski at opensuse.org
Wed Aug 28 16:44:33 CEST 2024
Hi,
I have produced a signed linux UKI image.
But I need to build u-boot to only allow booting with the signed
certificate.
So I need a ubootefi.var for (EFI_VAR_SEED_FILE) according
tohttps://github.com/u-boot/u-boot/blob/ee2af844ba1b27b2e959c4e649e4b769fbeb4074/lib/efi_loader/Kconfig#L146
How do I produce this file?
https://lists.denx.de/pipermail/u-boot/2020-December/433925.html
If I type saveenv on the u-boot console, I get "uboot.env", is this the
file that's needed?
I've tried to sign the file using the efivar.py script, but I find very
little information on this topic, I've found this from the
mailinglist:(https://lists.denx.de/pipermail/u-boot/2020-December/433925.html).
Here's what I've tried:
./tools/efivar.py set --infile uboot.env -n db -d secureboot-db.esl -t
file
err: invalid magic number: 0x756162006d72613d
I've produced the certificates according to the instructions on
https://github.com/u-boot/u-boot/blob/master/doc/develop/uefi/uefi.rst
Jonas
More information about the U-Boot
mailing list