Under this configuration, UEFI secure boot support will be added in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.aka...@linaro.org> --- lib/efi_loader/Kconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index c7027a967653..fb66766d2b7a 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -115,4 +115,17 @@ config EFI_GRUB_ARM32_WORKAROUND GRUB prior to version 2.04 requires U-Boot to disable caches. This workaround currently is also needed on systems with caches that cannot be managed via CP15. + +config EFI_SECURE_BOOT + bool "Enable EFI secure boot support" + depends on EFI_LOADER + depends on SECURE_BOOT + imply RSA_VERIFY_WITH_PKEY + default n + help + Select this option to enable EFI secure boot support. + Once SecureBoot mode is enforced, any EFI binary can run only if + it is signed with a trusted key. To do that, you need to install, + at least, PK, KEK and db. + endif -- 2.21.0 _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot