rpms/edk2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

enroll sb keys for tdx image

Browse Source
This commit is contained in:
Gerd Hoffmann 2023-11-27 11:05:52 +01:00
parent 78febee518
commit 3cc1097f10
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
60-edk2-ovmf-x64-inteltdx.json
View File

@ -7,7 +7,7 @@
"device": "flash", "device": "flash",
"mode": "stateless", "mode": "stateless",
"executable": { "executable": {
"filename": "/usr/share/edk2/ovmf/OVMF.inteltdx.fd", "filename": "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd",
"format": "raw" "format": "raw"
} }
}, },
@ -20,7 +20,9 @@
} }
], ],
"features": [ "features": [
"enrolled-keys",
"intel-tdx", "intel-tdx",
"secure-boot",
"verbose-dynamic" "verbose-dynamic"
], ],
"tags": [ "tags": [

9
edk2.spec
View File

@ -385,6 +385,10 @@ virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \
--output RHEL-9/ovmf/OVMF_VARS.secboot.fd \ --output RHEL-9/ovmf/OVMF_VARS.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot --enroll-redhat --secure-boot
virt-fw-vars --input RHEL-9/ovmf/OVMF.inteltdx.fd \
--output RHEL-9/ovmf/OVMF.inteltdx.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot
build_iso RHEL-9/ovmf build_iso RHEL-9/ovmf
cp DBXUpdate-%{DBXDATE}.x64.bin RHEL-9/ovmf cp DBXUpdate-%{DBXDATE}.x64.bin RHEL-9/ovmf
@ -400,6 +404,10 @@ virt-fw-vars --input Fedora/ovmf/OVMF_VARS_4M.fd \
--output Fedora/ovmf/OVMF_VARS_4M.secboot.fd \ --output Fedora/ovmf/OVMF_VARS_4M.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot --enroll-redhat --secure-boot
virt-fw-vars --input Fedora/ovmf/OVMF.inteltdx.fd \
--output Fedora/ovmf/OVMF.inteltdx.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot
virt-fw-vars --input Fedora/ovmf-ia32/OVMF_VARS.fd \ virt-fw-vars --input Fedora/ovmf-ia32/OVMF_VARS.fd \
--output Fedora/ovmf-ia32/OVMF_VARS.secboot.fd \ --output Fedora/ovmf-ia32/OVMF_VARS.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.ia32.bin \ --set-dbx DBXUpdate-%{DBXDATE}.ia32.bin \
@ -621,6 +629,7 @@ done
%{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd %{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd
%{_datadir}/%{name}/ovmf/OVMF.amdsev.fd %{_datadir}/%{name}/ovmf/OVMF.amdsev.fd
%{_datadir}/%{name}/ovmf/OVMF.inteltdx.fd %{_datadir}/%{name}/ovmf/OVMF.inteltdx.fd
%{_datadir}/%{name}/ovmf/OVMF.inteltdx.secboot.fd
%{_datadir}/%{name}/ovmf/UefiShell.iso %{_datadir}/%{name}/ovmf/UefiShell.iso
%{_datadir}/%{name}/ovmf/Shell.efi %{_datadir}/%{name}/ovmf/Shell.efi
%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi %{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi