Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bios-settings-mgr / 627c99dec58b6c5012b6c271935ad7902def9e64^! / . / meson.build
commit627c99dec58b6c5012b6c271935ad7902def9e64[log] [tgz]
authorPrithvi Pai <ppai@nvidia.com>Sat Feb 08 14:05:25 2025 +0530
committerPrithvi Pai <ppai@nvidia.com>Tue May 06 14:37:23 2025 +0530
treeb2af46a7a765fcfd4170092fa341c7cdda448796
parentddb22e22446e2fef6e63298cbfd0f6b05d934442 [diff] [blame]
Support to remotely configure UEFI SecureBoot Settings

Redfish added schema for SecureBoot contains UEFI Secure Boot
information and represents properties for managing the UEFI Secure
Boot functionality of a system. This patch adds support to configure
the settings from BMC.

Introduced option 'ENABLE_BIOS_SECUREBOOT` to selectively create
SecureBoot object.

The PDI Changes for SecureBoot:
[1]: https://github.com/openbmc/phosphor-dbus-interfaces/commit/b235159e0acc9943bc5f4e428ba6536f2e3cb621#diff-dbd3a29b95a6a0d436ba19696c3db9852172311f363b6781cc48b49d62ee28fa

Redfish URI enabled with this change
`/redfish/v1/Systems/<system>/SecureBoot`

Tested:
1) Dbus tree view with the change
```
busctl tree xyz.openbmc_project.BIOSConfigManager
`- /xyz
  `- /xyz/openbmc_project
    `- /xyz/openbmc_project/bios_config
      |- /xyz/openbmc_project/bios_config/manager
      |- /xyz/openbmc_project/bios_config/password
      `- /xyz/openbmc_project/bios_config/secure_boot
```
2) Runtime Check at Redfish Level:
On platforms where the ENABLE_BIOS_SECUREBOOT is disabled the
redfish URI at the redfish level is disabled as the dbus path
does not exists.
3) For persistence of BIOS secureboot values the data is written to
separate file `securebootData` under
`/var/lib/bios-settings-manager`. This will avoid any issues for
current platforms.

Change-Id: I51cb42671bb7c62ef51f8d77b17265ab24edbcff
Signed-off-by: Prithvi Pai <ppai@nvidia.com>

diff --git a/meson.build b/meson.build
index 1314efe..5d3df88 100644
--- a/meson.build
+++ b/meson.build

@@ -18,6 +18,12 @@
 # project uses the same compiler, we can safely ignmore these info notes.
 add_project_arguments('-Wno-psabi', language: 'cpp')
 
+conf_data = configuration_data()
+if (get_option('enable-bios-secureboot').allowed())
+    add_project_arguments('-DENABLE_BIOS_SECUREBOOT', language: 'cpp')
+endif
+configure_file(output: 'configuration.h', configuration: conf_data)
+
 boost_args = [
     '-DBOOST_ALL_NO_LIB',
     '-DBOOST_ASIO_DISABLE_THREADS',
@@ -65,6 +71,7 @@
     'src/manager.cpp',
     'src/manager_serialize.cpp',
     'src/password.cpp',
+    'src/secureboot.cpp',
 ]
 
 executable(