Compare commits

..

2 Commits

Author SHA1 Message Date
Ani Sinha 8d3209a28d
Merge 360aced7de into f28e16d14e 2024-11-23 18:10:34 +05:30
Ani Sinha 360aced7de uki: introduce support for a .efifwauto section
UKIs can be used to bundle firmware blobs that can be measured and
used on a confidential computing environment. There can be more than one
firmware blob bundle, each one for a specific platform. Also firmware images
can themselves be containers like IGVM files that can in turn bundle the
actual firmware blob.

Add support to introduce a .efifwauto section in UKI that can be used for
firmware blobs/images. There can be multiple such sections and each section
can contain a single firmware image.

The matching .hwids entry for a specific platform can be used to select the
most appropriate firmware blob. Subsequent patches will add full support
for this selection mechanism.

ukify tool has been also changed to support addition of a firmware image
in UKI. For example:

ukify.py build \
        --stub ./build/src/boot/efi/linuxx64.efi.stub \
        --linux bzImage \
        --cmdline='blah blah debug' \
        --firmware ~/OVMF.fd \
        --output=root/efi/boot/bootx64.efi

Co-authored-by: harald.hoyer@gmail.com
2024-11-23 11:36:38 +05:30
1 changed files with 13 additions and 14 deletions

View File

@ -109,7 +109,6 @@ static int help(int argc, char *argv[], void *userdata) {
" --ucode=PATH Path to microcode image file %7$s .ucode\n"
" --splash=PATH Path to splash bitmap file %7$s .splash\n"
" --dtb=PATH Path to DeviceTree file %7$s .dtb\n"
" --dtbauto=PATH Path to DeviceTree file for auto selection %7$s .dtbauto\n"
" --uname=PATH Path to 'uname -r' file %7$s .uname\n"
" --sbat=PATH Path to SBAT file %7$s .sbat\n"
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"