Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

efibootmgr: add support for listing cryptographic signature types. #200

Merged
merged 1 commit into from
Mar 15, 2024

Conversation

vathpela
Copy link
Contributor

Since UEFI 2.2, firmware has provided a list of supported signature types for Secure Boot binaries in a global variable named "SignatureSupport".

This patch adds a new command line flag to efibootmgr, "--list-signature-types" ("-s") which collects that information from the firmware and displays it to the user, either by symbolic name if libefivar knows about that signature type or by GUID if it does not.

On the system in front of me, that looks something like this:

random:efibootmgr/signaturesupport$ ./src/efibootmgr -s x509_sha256
x509_sha384
x509_sha512
sha256
x509_cert
rsa2048
rsa2048_sha256
rsa2048_sha1
external_management
random:efibootmgr/signaturesupport$

@vathpela vathpela force-pushed the signaturesupport branch 2 times, most recently from 2bc2fe5 to 6413d02 Compare January 23, 2024 15:06
Since UEFI 2.2, firmware has provided a list of supported signature
types for Secure Boot binaries in a global variable named
"SignatureSupport".

This patch adds a new command line flag to efibootmgr,
"--list-signature-types" ("-s") which collects that information from the
firmware and displays it to the user, either by symbolic name if
libefivar knows about that signature type or by GUID if it does not.

On the system in front of me, that looks something like this:

random:efibootmgr/signaturesupport$ ./src/efibootmgr -s
x509_sha256
x509_sha384
x509_sha512
sha256
x509_cert
rsa2048
rsa2048_sha256
rsa2048_sha1
external_management
random:efibootmgr/signaturesupport$ ./src/efibootmgr -s -v
x509_sha256 3bd2a492-96c0-4079-b420-fcf98ef103ed
x509_sha384 7076876e-80c2-4ee6-aad2-28b349a6865b
x509_sha512 446dbf63-2502-4cda-bcfa-2465d2b0fe9d
sha256 c1c41626-504c-4092-aca9-41f936934328
x509_cert a5c059a1-94e4-4aa7-87b5-ab155c2bf072
rsa2048 3c5766e8-269c-4e34-aa14-ed776e85b3b6
rsa2048_sha256 e2b36190-879b-4a3d-ad8d-f2e7bba32784
rsa2048_sha1 67f8444f-8743-48f1-a328-1eaab8736080
external_management 452e8ced-dfff-4b8c-ae01-5118862e682c
random:efibootmgr/signaturesupport$

Signed-off-by: Peter Jones <[email protected]>
@vathpela vathpela merged commit 1a4a912 into rhboot:main Mar 15, 2024
2 checks passed
@vathpela vathpela deleted the signaturesupport branch March 15, 2024 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant