From c3b5af63d1cb9bf5ebcfe04c1fe9880edb62bcac Mon Sep 17 00:00:00 2001
From: Masahisa Kojima <masahisa.kojima@linaro.org>
Date: Sun, 20 Nov 2022 09:21:18 +0900
Subject: eficonfig: add UEFI Secure Boot Key enrollment interface

This commit adds the menu-driven UEFI Secure Boot Key
enrollment interface. User can enroll PK, KEK, db
and dbx by selecting file.
Only the signed EFI Signature List(s) with an authenticated
header, typically '.auth' file, is accepted.

To clear the PK, KEK, db and dbx, user needs to enroll the null key
signed by PK or KEK.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 include/efi_config.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'include')

diff --git a/include/efi_config.h b/include/efi_config.h
index 934de41e85b..fd699263436 100644
--- a/include/efi_config.h
+++ b/include/efi_config.h
@@ -101,5 +101,9 @@ efi_status_t eficonfig_append_menu_entry(struct efimenu *efi_menu,
 efi_status_t eficonfig_append_quit_entry(struct efimenu *efi_menu);
 struct efi_device_path *eficonfig_create_device_path(struct efi_device_path *dp_volume,
 						     u16 *current_path);
+void *eficonfig_create_fixed_menu(const struct eficonfig_item *items, int count);
+#ifdef CONFIG_EFI_SECURE_BOOT
+efi_status_t eficonfig_process_secure_boot_config(void *data);
+#endif
 
 #endif
-- 
cgit v1.2.3