new file mode 100644
@@ -0,0 +1,18 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+SRC_URI += "file://uefi-secureboot.cfg"
+
+UBOOT_BOARDDIR = "${S}/board/emulation/qemu-arm"
+UBOOT_ENV_NAME = "qemu-arm.env"
+
+DEPENDS += 'python3-pyopenssl-native'
+
+do_compile:prepend() {
+ export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
+
+ "${S}"/tools/efivar.py set -i "${S}"/ubootefi.var -n pk -d "${UEFI_SB_KEYS_DIR}"/PK.esl -t file
+ "${S}"/tools/efivar.py set -i "${S}"/ubootefi.var -n kek -d "${UEFI_SB_KEYS_DIR}"/KEK.esl -t file
+ "${S}"/tools/efivar.py set -i "${S}"/ubootefi.var -n db -d "${UEFI_SB_KEYS_DIR}"/db.esl -t file
+ "${S}"/tools/efivar.py set -i "${S}"/ubootefi.var -n dbx -d "${UEFI_SB_KEYS_DIR}"/dbx.esl -t file
+ "${S}"/tools/efivar.py print -i "${S}"/ubootefi.var
+}
new file mode 100644
@@ -0,0 +1,10 @@
+CONFIG_CMD_BOOTMENU=y
+CONFIG_USE_BOOTCOMMAND=y
+CONFIG_BOOTCOMMAND="bootmenu"
+CONFIG_USE_PREBOOT=y
+CONFIG_EFI_VAR_BUF_SIZE=65536
+CONFIG_FIT_SIGNATURE=y
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_VARIABLES_PRESEED=y
+CONFIG_PREBOOT="setenv bootmenu_0 UEFI Boot Manager=bootefi bootmgr; setenv bootmenu_1 UEFI Maintenance Menu=eficonfig"
+CONFIG_PREBOOT_DEFINED=y
\ No newline at end of file
@@ -5,6 +5,6 @@ MACHINE_U-BOOT_REQUIRE:corstone1000 = "u-boot-corstone1000.inc"
MACHINE_U-BOOT_REQUIRE:fvp-base = "u-boot-fvp-base.inc"
MACHINE_U-BOOT_REQUIRE:juno = "u-boot-juno.inc"
MACHINE_U-BOOT_REQUIRE:tc = "u-boot-tc.inc"
+MACHINE_U-BOOT_REQUIRE += "${@bb.utils.contains('MACHINE_FEATURES', 'uefi-secureboot', 'u-boot-qemuarm64-secureboot.inc', '', d)}"
require ${MACHINE_U-BOOT_REQUIRE}
-
Add U-Boot minimal UEFI definitions. Embedded UEFI variables with the keys previously generated. It's to enable UEFI Secure Boot and verify the authenticity of the firmware and operating system. When U-Boot is built with UEFI support, it includes a set of efivars that are used to store the Secure Boot variables. These efivars are embedded in the U-Boot binary and are stored in the flash memory of the system. Signed-off-by: Javier Tia <javier.tia@linaro.org> --- .../u-boot/u-boot-qemuarm64-secureboot.inc | 18 ++++++++++++++++++ .../u-boot/u-boot/uefi-secureboot.cfg | 10 ++++++++++ .../recipes-bsp/u-boot/u-boot_%.bbappend | 2 +- 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot-qemuarm64-secureboot.inc create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/uefi-secureboot.cfg