[U-Boot] [PATCH 04/16] efi_loader: add CONFIG_EFI_SECURE_BOOT config option

AKASHI Takahiro Tue, 12 Nov 2019 17:02:57 -0800

Under this configuration, UEFI secure boot support will be added
in later patches.


Signed-off-by: AKASHI Takahiro <takahiro.aka...@linaro.org>
---
 lib/efi_loader/Kconfig | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index c7027a967653..fb66766d2b7a 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -115,4 +115,17 @@ config EFI_GRUB_ARM32_WORKAROUND
          GRUB prior to version 2.04 requires U-Boot to disable caches. This
          workaround currently is also needed on systems with caches that
          cannot be managed via CP15.
+
+config EFI_SECURE_BOOT
+       bool "Enable EFI secure boot support"
+       depends on EFI_LOADER
+       depends on SECURE_BOOT
+       imply RSA_VERIFY_WITH_PKEY
+       default n
+       help
+         Select this option to enable EFI secure boot support.
+         Once SecureBoot mode is enforced, any EFI binary can run only if
+         it is signed with a trusted key. To do that, you need to install,
+         at least, PK, KEK and db.
+
 endif
-- 
2.21.0

_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 04/16] efi_loader: add CONFIG_EFI_SECURE_BOOT config option

Reply via email to