diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2019-01-11 11:01:11 +0100 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@bootlin.com> | 2019-01-12 17:38:25 +0100 |
| commit | 18c463e124c8a607ed336cc96e4fe39d3a64d2da (patch) | |
| tree | 531a65fca139f21406e6a56dbb53940ab0a98385 /boot/shim/Config.in | |
| parent | 8064b12ff9d0a28091513e338d0f5b59a95d1396 (diff) | |
| download | buildroot-18c463e124c8a607ed336cc96e4fe39d3a64d2da.tar.gz buildroot-18c463e124c8a607ed336cc96e4fe39d3a64d2da.zip | |
boot/shim: new package
This commit adds a package for 'shim', an EFI bootloader for secure
boot chain loading.
While gnu-efi supports 32bit ARM, this is currently broken in shim.
Patches to fix this have been submitted upstream but are not included
here for now.
https://github.com/rhboot/shim/pull/162
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Thomas: use BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS, add separate depends
on to exclude ARM32 build.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'boot/shim/Config.in')
| -rw-r--r-- | boot/shim/Config.in | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/boot/shim/Config.in b/boot/shim/Config.in new file mode 100644 index 0000000000..ea6650f54c --- /dev/null +++ b/boot/shim/Config.in @@ -0,0 +1,19 @@ +config BR2_TARGET_SHIM + bool "shim" + depends on BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS + # ARM32 build currently broken + depends on !BR2_ARM_CPU_HAS_ARM + select BR2_PACKAGE_GNU_EFI + help + Boot loader to chain-load signed boot loaders under Secure + Boot. + + This package provides a minimalist boot loader which allows + verifying signatures of other UEFI binaries against either + the Secure Boot DB/DBX or against a built-in signature + database. Its purpose is to allow a small, + infrequently-changing binary to be signed by the UEFI CA, + while allowing an OS distributor to revision their main + bootloader independently of the CA. + + https://github.com/rhboot/shim |
