[PATCH V3 INTERNAL 1/2] mkimage: create new ELF Note for SBAT

In order to store the SBAT data, we create a new ELF note. The string "Secure-Boot-Advanced-Targeting", zero-padded to 4 byte alignment, shall be entered in the name field. The string "sbat"'s ASCII values, 0x41536967, should be entered in the type field. Signed-off-by: Sudhakar Kuppusamy Co-au

[PATCH V3 INTERNAL 0/2] Secure Boot Advanced Targeting (SBAT) support on powerpc

In powerpc, PE format Binary are not supported and can't use shim (https://github.com/rhboot/shim/blob/main/SBAT.md). However, ELF binary are supported. So, we created new ELF note for SBAT in ELF binary which store the SBAT data and SBAT verifier will be there in firmware to read SBAT data from

[PATCH V3 INTERNAL 2/2] mkimage: adding sbat metadata into sbat ELF Note on powerpc

The SBAT metadata, which is read from .csv file and transformed into an ELF note, is made into an image using the -s option. Signed-off-by: Sudhakar Kuppusamy Co-authored-by: Daniel Axtens --- util/mkimage.c | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/util

[PATCH v3 2/2] mkimage: adding sbat metadata into sbat ELF Note on powerpc

The SBAT metadata, which is read from .csv file and transformed into an ELF note, is made into an image using the -s option. Signed-off-by: Sudhakar Kuppusamy Co-authored-by: Daniel Axtens --- util/mkimage.c | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/util

[PATCH v3 1/2] mkimage: create new ELF Note for SBAT

In order to store the SBAT data, we create a new ELF note. The string "Secure-Boot-Advanced-Targeting", zero-padded to 4 byte alignment, shall be entered in the name field. The string "sbat"'s ASCII values, 0x41536967, should be entered in the type field. Signed-off-by: Sudhakar Kuppusamy Co-au

[PATCH v3 0/2] Secure Boot Advanced Targeting (SBAT) support on powerpc

In powerpc, PE format Binary are not supported and can't use shim (https://github.com/rhboot/shim/blob/main/SBAT.md). However, ELF binary are supported. So, we created new ELF note for SBAT in ELF binary which store the SBAT data and SBAT verifier will be there in firmware to read SBAT data from

Re: [PATCH v19 33/33] docs: Document TPM2 key protector

On 9/6/24 5:11 AM, Gary Lin wrote: Update the user manual to address TPM2 key protector including the two related commands, tpm2_key_protector_init and tpm2_key_protector_clear, and the user-space utility: grub-protect. Signed-off-by: Gary Lin --- docs/grub.texi | 507 ++

Re: [PATCH v19 00/33] Automatic Disk Unlock with TPM2

On 9/6/24 5:10 AM, Gary Lin wrote: GIT repo for v19: https://github.com/lcp/grub2/tree/tpm2-unlock-v19 This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by Hernan Gatta to introduce the key protector framework and TPM2 stack to GRUB2, and this could be a useful feature for t