efibootmgr: add support for listing cryptographic signature types. #200
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vathpela
force-pushed
the
signaturesupport
branch
2 times, most recently
from
2bc2fe5
to
6413d02
Compare
Since UEFI 2.2, firmware has provided a list of supported signature
types for Secure Boot binaries in a global variable named
"SignatureSupport".
This patch adds a new command line flag to efibootmgr,
"--list-signature-types" ("-s") which collects that information from the
firmware and displays it to the user, either by symbolic name if
libefivar knows about that signature type or by GUID if it does not.
On the system in front of me, that looks something like this:
random:efibootmgr/signaturesupport$ ./src/efibootmgr -s
x509_sha256
x509_sha384
x509_sha512
sha256
x509_cert
rsa2048
rsa2048_sha256
rsa2048_sha1
external_management
random:efibootmgr/signaturesupport$ ./src/efibootmgr -s -v
x509_sha256 3bd2a492-96c0-4079-b420-fcf98ef103ed
x509_sha384 7076876e-80c2-4ee6-aad2-28b349a6865b
x509_sha512 446dbf63-2502-4cda-bcfa-2465d2b0fe9d
sha256 c1c41626-504c-4092-aca9-41f936934328
x509_cert a5c059a1-94e4-4aa7-87b5-ab155c2bf072
rsa2048 3c5766e8-269c-4e34-aa14-ed776e85b3b6
rsa2048_sha256 e2b36190-879b-4a3d-ad8d-f2e7bba32784
rsa2048_sha1 67f8444f-8743-48f1-a328-1eaab8736080
external_management 452e8ced-dfff-4b8c-ae01-5118862e682c
random:efibootmgr/signaturesupport$
Signed-off-by: Peter Jones <pjones@redhat.com>
vathpela
force-pushed
the
signaturesupport
branch
from
6413d02
to
e0f944c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since UEFI 2.2, firmware has provided a list of supported signature types for Secure Boot binaries in a global variable named "SignatureSupport".
This patch adds a new command line flag to efibootmgr, "--list-signature-types" ("-s") which collects that information from the firmware and displays it to the user, either by symbolic name if libefivar knows about that signature type or by GUID if it does not.
On the system in front of me, that looks something like this:
random:efibootmgr/signaturesupport$ ./src/efibootmgr -s x509_sha256
x509_sha384
x509_sha512
sha256
x509_cert
rsa2048
rsa2048_sha256
rsa2048_sha1
external_management
random:efibootmgr/signaturesupport$