The 'bfcfg' command is used to program the MFG and configure the UEFI settings and other parameters. As of today the MFG is programed through sysfs interfaces. Once programed, the data is SW protected against writes and can only be reset through UEFI. Hence a method is then required to re-program the MFG data which can be safely initiated by 'bcfg'.
For this puprose, an EFI Capsule is generated and may contain MFG data, MFG extension data and other configuration dependencies such as the UEFI system attributes and the Redfish parameters.
This commit implements the following:
Redfish parameters configuration support.
4KB Binary generation to contain MFG data and MFG extension data, optionally BfSysCfg and BfRedfish EFI variables data.
Capsule generation using the configuration binary.
Configuration dependency management while MFG re-programing; BfSysCfg and BfRedfish may be deleted if MFG data is reprogramed and no UEFI system attributes nor Refish parameters are specified in the /etc/bf.cfg file.
Configuration tasks re-order to manage MFG configuration dependencies with regards to BfSysCfg and BfRedfish.
UEFI Secure Boot enablement support through EnrollKeysCap, default NVIDIA signed capsule.
Bump up the version of 'bfcfg' to 2.0.
Note that the capsule file generated to program the MFG and its dependenices must be processed first. Thus it has a static name, expected '.bfcfg-mfg.cap'. The UEFI Capsule Runtime DXE sorts the capsule files by name; since the 'bfcfg' can also apply EnrollKeysCap to enable UEFI secure boot, the unsigned capsule file '.bfcfg-mfg.cap' won't be processed after the PK is enrolled.
Also note that the MFG reprograming is limited by the state of the UEFI Secure Boot and whether the PK is configured or not.
The 'bfcfg' command is used to program the MFG and configure the UEFI settings and other parameters. As of today the MFG is programed through sysfs interfaces. Once programed, the data is SW protected against writes and can only be reset through UEFI. Hence a method is then required to re-program the MFG data which can be safely initiated by 'bcfg'.
For this puprose, an EFI Capsule is generated and may contain MFG data, MFG extension data and other configuration dependencies such as the UEFI system attributes and the Redfish parameters.
This commit implements the following:
Note that the capsule file generated to program the MFG and its dependenices must be processed first. Thus it has a static name, expected '.bfcfg-mfg.cap'. The UEFI Capsule Runtime DXE sorts the capsule files by name; since the 'bfcfg' can also apply EnrollKeysCap to enable UEFI secure boot, the unsigned capsule file '.bfcfg-mfg.cap' won't be processed after the PK is enrolled.
Also note that the MFG reprograming is limited by the state of the UEFI Secure Boot and whether the PK is configured or not.