Mirrors/u-boot
2
0
Fork 0
mirror of https://github.com/AsahiLinux/u-boot synced 2024-11-11 07:34:31 +00:00
Code Issues Projects Releases Packages Wiki Activity

efi_loader: add CONFIG_EFI_SECURE_BOOT config option

Browse source 
Under this configuration, UEFI secure boot support will be added
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This commit is contained in:
AKASHI Takahiro 2020-04-14 11:51:38 +09:00 committed by Heinrich Schuchardt
parent 17e1174085
commit 9bf09b5120
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
lib/efi_loader/Kconfig
View file

@ -146,4 +146,22 @@ config EFI_INITRD_FILESPEC
help
Full path of the initramfs file, e.g. mmc 0:2 initramfs.cpio.gz.
config EFI_SECURE_BOOT
bool "Enable EFI secure boot support"
depends on EFI_LOADER
select SHA256
select RSA
select RSA_VERIFY_WITH_PKEY
select IMAGE_SIGN_INFO
select ASYMMETRIC_KEY_TYPE
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
select X509_CERTIFICATE_PARSER
select PKCS7_MESSAGE_PARSER
default n
help
Select this option to enable EFI secure boot support.
Once SecureBoot mode is enforced, any EFI binary can run only if
it is signed with a trusted key. To do that, you need to install,
at least, PK, KEK and db.
endif