Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

efitools: move the UEFI secure boot provisioning to a bbappend #1587

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

efitools: move the UEFI secure boot provisioning to a bbappend #1587

wants to merge 2 commits into from

Conversation

quaresmajose
Copy link
Member

@quaresmajose quaresmajose commented Feb 18, 2025
edited
Loading

This readd the EFI secure boot provisioning specific only to intel-x86-common machines.

This avoid to use it in CI with overrides

UEFI_SIGN_ENABLE:intel-x86-common = "1"

and make it possible to just use

UEFI_SIGN_ENABLE = "1"

that will only work where it is needed, for now just in intel-x86-common

@quaresmajose quaresmajose requested a review from a team February 18, 2025 17:01
@MrCry0
Copy link
Contributor

MrCry0 commented Feb 18, 2025

@quaresmajose Shoudln't the include file name ends with .inc? efitools-UEFI-secure-boot-provisioning.inc instead of just efitools-UEFI-secure-boot-provisioning

@quaresmajose
Copy link
Member Author

yes I forgot to push the last change. also have changed the include to require to fail if the file name is wrong, which is the case you are reporting

@quaresmajose quaresmajose force-pushed the efitools branch 2 times, most recently from 9156fad to f471404 Compare February 18, 2025 17:33
MrCry0
MrCry0 approved these changes Feb 18, 2025
View reviewed changes
Copy link
Contributor

@MrCry0 MrCry0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, not tested

@quaresmajose
base: efitools: remove UEFI secure boot provisioning
c58626d 
This revert back the efitools to:
- 2e72b67 base: drop SRCPV variable
- 79fc49a base: add efitools

The UEFI secure boot provisioning will be moved and implemented
in a machine specific bsp bbappend. The bellow commits will be included:

- 022fc36 base: efitools: make it machine specific
- 882f1a5 efitools: generate the revocation keys if not present
- a135ad2 base: efitools: verify the signing keys
- fcd7286 efitools: unlock: must have UEFI_SIGN_ENABLE
- 026661d efitools: provide an unlock.efi solution
- c23ebb7 base: UEFI Secure Boot Provisioning

Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
bsp: efitools: readd UEFI secure boot provisioning
af7f2e3 
This add the UEFI secure boot provisioning specific only to intel-x86-common
machines and at the same it makes the recipe machine specific.

The implementation inludes the bellow commits:

- 022fc36 base: efitools: make it machine specific
- 882f1a5 efitools: generate the revocation keys if not present
- a135ad2 base: efitools: verify the signing keys
- fcd7286 efitools: unlock: must have UEFI_SIGN_ENABLE
- 026661d efitools: provide an unlock.efi solution
- c23ebb7 base: UEFI Secure Boot Provisioning

Signed-off-by: Jose Quaresma <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrCry0 MrCry0 MrCry0 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@quaresmajose @MrCry0