]> git.dujemihanovic.xyz Git - u-boot.git/commit
projects / u-boot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 17a50bd) | patch
efi_loader: add secure boot variable measurement
authorMasahisa Kojima <masahisa.kojima@linaro.org>
Fri, 13 Aug 2021 07:12:39 +0000 (16:12 +0900)
committerHeinrich Schuchardt <xypron.glpk@gmx.de>
Sat, 14 Aug 2021 18:54:41 +0000 (20:54 +0200)
commitcfbcf054a323b692e85e73fc2a57400ee92f6b63
tree109598db349ecabe1bb4264c3fef415ba5da33abtree | snapshot
parent17a50bd689ab7e506c71df0856fed5935cf323d1commit | diff
efi_loader: add secure boot variable measurement

TCG PC Client PFP spec requires to measure the secure
boot policy before validating the UEFI image.
This commit adds the secure boot variable measurement
of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr".

Note that this implementation assumes that secure boot
variables are pre-configured and not be set/updated in runtime.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
include/efi_tcg2.h diff | blob | history
lib/efi_loader/efi_tcg2.c diff | blob | history
My U-Boot fork