From patchwork Tue Oct 25 03:16:49 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Masahisa Kojima <masahisa.kojima@linaro.org>
X-Patchwork-Id: 618108
Delivered-To: patch@linaro.org
Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp3124208pvb; 
 Mon, 24 Oct 2022 20:17:04 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7SmpBnUA9aJI+RUIQu7LmMP59zT+4nH+tZgt/YqaztSq0eckyswEjy33clAtYt5foWvGsk
X-Received: by 2002:a17:907:2c78:b0:78d:eacd:1060 with SMTP id
 ib24-20020a1709072c7800b0078deacd1060mr29685439ejc.244.1666667824583;
 Mon, 24 Oct 2022 20:17:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666667824; cv=none;
 d=google.com; s=arc-20160816;
 b=r43GrGPPEZiH4xOeJUfhyuTOt2nZ+W6QZMn1wzJvp0K3ymh2VOwRsolwM/sXuUOjez
 aPx1nqW4+isLpzWU5ze9y2/uZ69wRfMzbfDGVQuBd90SXB4dE1ZqkzX+hUdyaOvBzPpQ
 /qO68X+5ck611zMHwTzVv6WvodNaqpnmFk4gl5jDvc6IhNb29cRbFUAtU78krneyvOm4
 ldQAb/mQAg0SP2NT44zhG+TXciva014dI6WttNszEGA0wiuDjbRqCPiSoPaI+HrF8gmI
 Ujw4TTC8no+Rer6C68ESPA/kDtB7aP2kokXs2QSE0ajsVDvasubZx8QWKen1+ETt0460
 pzow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:message-id:date:subject:cc:to
 :from:dkim-signature;
 bh=ee9p7kP5zgv1uf+kUTzhMVOMIe0eXrpj85mOxwm8UqY=;
 b=uWYkmJhUH1Xd6HuMpYuMqSKzx6BcKzrwo4ccC4R/MNGeFntaRgfAFmqjnPOwOFJ/Xb
 Vpq6x7126NSDjtCvEnNuZr0U3gqov27oytHOZ6reJ+Qg3x0F7lMjSx3XULlO7q8Lm4Sf
 CvU2kmCQ3ZxvNwx/WKHrn1l4/N2krPIVY7XqJQhYYYAk4QXjiUZcOAWannrUu4ABF7ss
 uJy8exlAR1QWSPNZsNoKGacbKyWmr5T0IlbzRnFbRjneiCBQ4a7leWeRIGHQOlfxOfrR
 6Y03DWvvnWkDS5lfP9L6rdVkbuk7/L+QEO7bFGWlYuF394Pcsou5LoPxelEDCOLpMFJs
 qkjw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=cW9SVt2K;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates
 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61])
 by mx.google.com with ESMTPS id
 r7-20020a05640251c700b00461d2ed78afsi1914673edd.563.2022.10.24.20.17.04
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 24 Oct 2022 20:17:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=cW9SVt2K;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates
 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
 by phobos.denx.de (Postfix) with ESMTP id C7F0880F10;
 Tue, 25 Oct 2022 05:16:48 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key;
 unprotected) header.d=linaro.org header.i=@linaro.org header.b="cW9SVt2K";
 dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 5C06F84CB2; Tue, 25 Oct 2022 05:16:35 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
 autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com
 [IPv6:2607:f8b0:4864:20::22d])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 59CCA8440E
 for <u-boot@lists.denx.de>; Tue, 25 Oct 2022 05:16:30 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=masahisa.kojima@linaro.org
Received: by mail-oi1-x22d.google.com with SMTP id n130so12871611oia.6
 for <u-boot@lists.denx.de>; Mon, 24 Oct 2022 20:16:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=ee9p7kP5zgv1uf+kUTzhMVOMIe0eXrpj85mOxwm8UqY=;
 b=cW9SVt2K6Hv9RER2StD60qOFKmHosDJgCEPNQF5UlS9D/3D05xL0HAOH9OBcfnBFEv
 OJYUXJyPQfF0BAie9KDeukKL5ZOy07iklpIknDQYM5yfPEJMgzfbra0SrqRnhYttb1kT
 eD2ySXP/Z7Ri9oIOj6OQ4rZu11lDi1kfeLtaSuSgUY3ubYJUJo3nPncEzwx7CYO0CfK2
 1JEKbEoFgMN2k9OeSp9AWaeM1NLMcqa7Vc2vSqDdB632VspOnslyUj4CCA7Zw6bmzMHw
 /XEGOVACatr6J7I6/rLFG9uhIdu7hNK67Jo2E3E6twHRlYig2nY6+rGdhNpOsF/QFGX7
 JQKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=ee9p7kP5zgv1uf+kUTzhMVOMIe0eXrpj85mOxwm8UqY=;
 b=xBlyI0XiCadrwJL/FAQctyRXy7JAvEfxV0RDOInmrwOYNMLrgfE7lYo6QFIv9Dgw9V
 BpyCqPLdDKktKIkj6v9V3tDuAfLBcj/CahqWsu+7S7JtoSc+/EEqiM3vClm8LInTDB1L
 jYcicVYz5U7fU2Qoy4/6BeIWsggiqPfDRs2aORhmxEKM0256no4kDXUo+ML/m+vvy8ec
 PLNqiQCdiWLEeYWt8n7mUDvqkmYIidyl7IbQlvnaNQyUiKcNrOYekYwHQxgA6gTytN9c
 XIxtI0A/NOlK/TAtoYJ+ullOuAxypzk82ca1cSMCLnBzAnBvHun4yZpY0JEF9qd+ZNux
 3FcA==
X-Gm-Message-State: ACrzQf2jbAdpGluy3VVCDrqKANjs+YO0YAiw1VvxEgR3/RPBtZTVFnQP
 NTax3JEiJn5NSOHMG+UFeG4WllnkJM9CYg==
X-Received: by 2002:a17:90b:4ac1:b0:20a:de32:3650 with SMTP id
 mh1-20020a17090b4ac100b0020ade323650mr76265805pjb.142.1666667777573;
 Mon, 24 Oct 2022 20:16:17 -0700 (PDT)
Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1])
 by smtp.gmail.com with ESMTPSA id
 w2-20020a170902e88200b00181e55d02dcsm391262plg.139.2022.10.24.20.16.15
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 24 Oct 2022 20:16:16 -0700 (PDT)
From: Masahisa Kojima <masahisa.kojima@linaro.org>
To: u-boot@lists.denx.de
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Simon Glass <sjg@chromium.org>,
 Takahiro Akashi <takahiro.akashi@linaro.org>,
 Masahisa Kojima <masahisa.kojima@linaro.org>
Subject: [PATCH v5 0/5] eficonfig: add UEFI Secure Boot key maintenance
 interface
Date: Tue, 25 Oct 2022 12:16:49 +0900
Message-Id: <20221025031654.22321-1-masahisa.kojima@linaro.org>
X-Mailer: git-send-email 2.17.1
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

This series adds the UEFI Secure Boot key maintenance interface
to the eficonfig command.
User can enroll and delete the PK, KEK, db and dbx.

Source code can be cloned with:
$ git clone https://git.linaro.org/people/masahisa.kojima/u-boot.git -b kojima/eficonfig_sbkey_v5

[Major Changes]
- remove shortcut key implemenation, this work will continue
  as a separate series

Masahisa Kojima (5):
  eficonfig: refactor eficonfig_select_file_handler()
  eficonfig: expose append entry function
  eficonfig: refactor change boot order implementation
  eficonfig: add UEFI Secure Boot Key enrollment interface
  eficonfig: add "Show/Delete Signature Database" menu entry

 cmd/Makefile                                  |   5 +
 cmd/eficonfig.c                               | 177 +++--
 cmd/eficonfig_sbkey.c                         | 751 ++++++++++++++++++
 include/efi_config.h                          |  10 +
 .../py/tests/test_eficonfig/test_eficonfig.py |   1 +
 5 files changed, 859 insertions(+), 85 deletions(-)
 create mode 100644 cmd/eficonfig_sbkey.c