git.ipfire.org Git - thirdparty/systemd.git/commit

author	Ani Sinha <anisinha@redhat.com>
	Fri, 8 Nov 2024 06:31:51 +0000 (12:01 +0530)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 31 Jan 2025 09:05:00 +0000 (10:05 +0100)
commit	83bf58f39dbe947c1b4f394667f42a0c557fd94c
tree	365bf203a9f75e1894fde18c66f1a93ef735cdfb	tree \| snapshot
parent	b66a4c157e9754528eec16c235265b4ce94d31e8	commit \| diff

uki: introduce support for a .efifw section

UKIs can be used to bundle uefi firmwares that can be measured and
used on a confidential computing environment. There can be more than one
firmware blob bundle, each one for a specific platform. Also firmware images
can themselves be containers like IGVM files that can in turn bundle the
actual firmware blob. This change is specifically for uefi firmwares, not
IGVM container files.

This change adds support to introduce a .efifw section in UKI that can be
used for firmware blobs/images. There can be multiple such sections and each
section can contain a single firmware image.

The matching .hwids entry for a specific platform can be used to select the
most appropriate firmware blob.

ukify tool has been also changed to support addition of a firmware image
in UKI.

Since firmware gets measured automatically, we do not need to measure it
separately as a part of the UKI.

man/systemd-stub.xml		diff \| blob \| blame \| history
src/boot/efifirmware.c	[new file with mode: 0644]	blob
src/boot/efifirmware.h	[new file with mode: 0644]	blob
src/boot/meson.build		diff \| blob \| blame \| history
src/boot/pe.c		diff \| blob \| blame \| history
src/fundamental/uki.c		diff \| blob \| blame \| history
src/fundamental/uki.h		diff \| blob \| blame \| history
src/measure/measure.c		diff \| blob \| blame \| history
src/ukify/ukify.py		diff \| blob \| blame \| history