This commit adds the menu-driven UEFI Secure Boot Key
enrollment interface. User can enroll the PK, KEK, db
and dbx by selecting EFI Signature Lists file.
After the PK is enrolled, UEFI Secure Boot is enabled and
EFI Signature Lists file must be signed by KEK or PK.
Signed-off-by: Masahisa Kojima
Replying to myself here for a clarification on sign-efi-sig-list
On Mon, 7 Nov 2022 at 15:27, Ilias Apalodimas
wrote:
>
> Hi Kojima-san
>
> [...]
>
> > > > + }
> > > > +
> > > > + if (!file_have_auth_header(buf, size)) {
> > >
> > > Can you explain why we need this? I would expect the us
Hi Kojima-san
[...]
> > > + }
> > > +
> > > + if (!file_have_auth_header(buf, size)) {
> >
> > Can you explain why we need this? I would expect the user to prepare an
> > .esl file with ./tools/efivar.py
>
> This is for the case that the user selects the .auth file
> signed by 'sign-efi
Hi Ilias,
On Sat, 5 Nov 2022 at 06:46, Ilias Apalodimas
wrote:
>
> Hi Kojima-san
>
> On Wed, Oct 26, 2022 at 07:43:44PM +0900, Masahisa Kojima wrote:
> > This commit adds the menu-driven UEFI Secure Boot Key
> > enrollment interface. User can enroll the PK, KEK, db
> > and dbx by selecting EFI Si
Hi Kojima-san
On Wed, Oct 26, 2022 at 07:43:44PM +0900, Masahisa Kojima wrote:
> This commit adds the menu-driven UEFI Secure Boot Key
> enrollment interface. User can enroll the PK, KEK, db
> and dbx by selecting EFI Signature Lists file.
> After the PK is enrolled, UEFI Secure Boot is enabled an
This commit adds the menu-driven UEFI Secure Boot Key
enrollment interface. User can enroll the PK, KEK, db
and dbx by selecting EFI Signature Lists file.
After the PK is enrolled, UEFI Secure Boot is enabled and
EFI Signature Lists file must be signed by KEK or PK.
Signed-off-by: Masahisa Kojima
6 matches
Mail list logo