[PATCH v6 4/5] eficonfig: add UEFI Secure Boot Key enrollment interface

2022-11-08 Thread Masahisa Kojima
This commit adds the menu-driven UEFI Secure Boot Key enrollment interface. User can enroll the PK, KEK, db and dbx by selecting EFI Signature Lists file. After the PK is enrolled, UEFI Secure Boot is enabled and EFI Signature Lists file must be signed by KEK or PK. Signed-off-by: Masahisa Kojima

Re: [PATCH v6 4/5] eficonfig: add UEFI Secure Boot Key enrollment interface

2022-11-07 Thread Ilias Apalodimas
Replying to myself here for a clarification on sign-efi-sig-list On Mon, 7 Nov 2022 at 15:27, Ilias Apalodimas wrote: > > Hi Kojima-san > > [...] > > > > > + } > > > > + > > > > + if (!file_have_auth_header(buf, size)) { > > > > > > Can you explain why we need this? I would expect the us

Re: [PATCH v6 4/5] eficonfig: add UEFI Secure Boot Key enrollment interface

2022-11-07 Thread Ilias Apalodimas
Hi Kojima-san [...] > > > + } > > > + > > > + if (!file_have_auth_header(buf, size)) { > > > > Can you explain why we need this? I would expect the user to prepare an > > .esl file with ./tools/efivar.py > > This is for the case that the user selects the .auth file > signed by 'sign-efi

Re: [PATCH v6 4/5] eficonfig: add UEFI Secure Boot Key enrollment interface

2022-11-06 Thread Masahisa Kojima
Hi Ilias, On Sat, 5 Nov 2022 at 06:46, Ilias Apalodimas wrote: > > Hi Kojima-san > > On Wed, Oct 26, 2022 at 07:43:44PM +0900, Masahisa Kojima wrote: > > This commit adds the menu-driven UEFI Secure Boot Key > > enrollment interface. User can enroll the PK, KEK, db > > and dbx by selecting EFI Si

Re: [PATCH v6 4/5] eficonfig: add UEFI Secure Boot Key enrollment interface

2022-11-04 Thread Ilias Apalodimas
Hi Kojima-san On Wed, Oct 26, 2022 at 07:43:44PM +0900, Masahisa Kojima wrote: > This commit adds the menu-driven UEFI Secure Boot Key > enrollment interface. User can enroll the PK, KEK, db > and dbx by selecting EFI Signature Lists file. > After the PK is enrolled, UEFI Secure Boot is enabled an

[PATCH v6 4/5] eficonfig: add UEFI Secure Boot Key enrollment interface

2022-10-26 Thread Masahisa Kojima
This commit adds the menu-driven UEFI Secure Boot Key enrollment interface. User can enroll the PK, KEK, db and dbx by selecting EFI Signature Lists file. After the PK is enrolled, UEFI Secure Boot is enabled and EFI Signature Lists file must be signed by KEK or PK. Signed-off-by: Masahisa Kojima