On Wed, Jun 28, 2023 at 04:26:58PM +0000, Neil Jones wrote:
> Please can someone describe the format of the file needed for the default /
> built-in EFI secure boot keys (ubootefi.var)
>
> The only docs I have found suggest its best to enroll the keys from within
> u-boot onto some removable media, then copy this off and use this as the
> default, this is not very helpful and doesn't work for me:
>
> => fatload mmc 0:1 ${loadaddr} PK.aut
> 2053 bytes read in 18 ms (111.3 KiB/s)
> => setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize PK
> setenv - set environment variables
>
> Usage:
> setenv setenv [-f] name value ...
> - [forcibly] set environment variable 'name' to 'value ...'
> setenv [-f] name
> - [forcibly] delete environment variable 'name'
>
> my setenv doesn't support all the extra switches ? This is with 2022.04, all
> other EFI options seem to be in this release and I can boot unsigned EFI
> images ok.
Please turn on CONFIG_CMD_NVEDIT_EFI when building your U-Boot.
This option was disabled by the commit:
commit 3b728f8728fa (tag: efi-2020-01-rc1)
Author: Heinrich Schuchardt <xypron.g...@gmx.de>
Date: Sun Oct 6 15:44:22 2019 +0200
cmd: disable CMD_NVEDIT_EFI by default
The binary size of efi has grown much since in the past, though.
-Takahiro Akashi
> Cheers,
>
> Neil
>
>
>
