doc/usage/cmd/eficonfig.rst at master

jcs.org / u-boot
fork atom
"Das U-Boot" Source Tree
fork atom
u-boot / doc / usage / cmd / eficonfig.rst
at master 106 lines 3.3 kB view raw
wrap content
Heinrich Schuchardt doc: create index entries for commands 2y ago
60971e63
  1.. SPDX-License-Identifier: GPL-2.0+
  2.. (C) Copyright 2022, Masahisa Kojima <masahisa.kojima@linaro.org>
  3
  4.. index::
  5   single: eficonfig (command)
  6
  7eficonfig command
  8=================
  9
 10Synopsis
 11--------
 12::
 13
 14    eficonfig
 15
 16Description
 17-----------
 18
 19The "eficonfig" command uses the U-Boot menu interface to provide a
 20menu-driven UEFI variable maintenance feature. These are the top level menu
 21entries:
 22
 23Add Boot Option
 24    Add a new UEFI Boot Option.
 25    The user can edit description, file path, and optional_data.
 26    The new boot opiton is appended to the boot order in the *BootOrder*
 27    variable. The user may want to update the boot order using the
 28    *Change Boot Order* menu entry.
 29
 30Edit Boot Option
 31    Edit an existing UEFI Boot Option.
 32    The User can edit description, file path, and optional_data.
 33
 34Change Boot Order
 35    Change the boot order updating the UEFI BootOrder variable.
 36
 37Delete Boot Option
 38    Delete a UEFI Boot Option
 39
 40Secure Boot Configuration
 41    Edit the UEFI Secure Boot Configuration
 42
 43How to boot the system with a newly added UEFI Boot Option
 44''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
 45
 46The "eficonfig" command is used to set the UEFI boot options which are stored
 47in the UEFI variable Boot#### where #### is a hexadecimal number.
 48
 49The command *bootefi bootmgr* can be used to boot by trying in sequence all
 50boot options selected by the variable *BootOrder*.
 51
 52If the bootmenu is enabled, CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE is enabled,
 53and "eficonfig" is configured as preboot command, the newly added Boot Options
 54are enumerated in the bootmenu when the user exits from the eficonfig menu.
 55The user may select the entry in the bootmenu to boot the system, or follow
 56the U-Boot configuration the system already has.
 57
 58Auto boot with the UEFI Boot Option
 59'''''''''''''''''''''''''''''''''''
 60
 61To do auto boot according to the UEFI BootOrder variable,
 62add "bootefi bootmgr" entry as a default or first bootmenu entry::
 63
 64    CONFIG_PREBOOT="setenv bootmenu_0 UEFI Boot Manager=bootefi bootmgr; setenv bootmenu_1 UEFI Maintenance Menu=eficonfig"
 65
 66UEFI Secure Boot Configuration
 67''''''''''''''''''''''''''''''
 68
 69The user can enroll the variables PK, KEK, db and dbx by selecting a file.
 70The "eficonfig" command only accepts signed EFI Signature List(s) with an
 71authenticated header, typically a ".auth" file.
 72
 73To clear the PK, KEK, db and dbx, the user needs to enroll a null value
 74signed by PK or KEK.
 75
 76Configuration
 77-------------
 78
 79The "eficonfig" command is enabled by::
 80
 81    CONFIG_CMD_EFICONFIG=y
 82
 83If CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE is enabled, the user can not enter
 84U-Boot console. In this case, the bootmenu can be used to invoke "eficonfig"::
 85
 86    CONFIG_USE_PREBOOT=y
 87    CONFIG_PREBOOT="setenv bootmenu_0 UEFI Maintenance Menu=eficonfig"
 88
 89The only way U-Boot can currently store EFI variables on a tamper
 90resistant medium is via OP-TEE. The Kconfig option that enables that is::
 91
 92    CONFIG_EFI_MM_COMM_TEE=y.
 93
 94It enables storing EFI variables on the RPMB partition of an eMMC device.
 95
 96The UEFI Secure Boot Configuration menu entry is only available if the following
 97options are enabled::
 98
 99    CONFIG_EFI_SECURE_BOOT=y
100    CONFIG_EFI_MM_COMM_TEE=y
101
102See also
103--------
104
105* :doc:`bootmenu<bootmenu>` provides a simple mechanism for creating menus with
106  different boot items