From d8d261aba6c95a3ad73759cacca0c5d8a2a22b47 Mon Sep 17 00:00:00 2001 From: Mateusz Maciejewski Date: Mon, 28 Apr 2025 16:44:50 +0200 Subject: [PATCH] README.md: added more details on hello-dasharo.efi building and signing hello-dasharo/README.md - added list of dependencies, artifacts and detailed instructions on build process secure-boot/README.md - added image creation instructions and reference to hello-dasharo/README.md Signed-off-by: Mateusz Maciejewski --- hello-dasharo/README.md | 23 +++++++++++++++++++++++ secure-boot/README.md | 17 +++++++++++++---- 2 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 hello-dasharo/README.md diff --git a/hello-dasharo/README.md b/hello-dasharo/README.md new file mode 100644 index 0000000..d2f8e8c --- /dev/null +++ b/hello-dasharo/README.md @@ -0,0 +1,23 @@ +## Hello, Dasharo Universe! - Secure Boot test program +An UEFI hello-world program, but with intentionally-added delays: pre- and post; +output to capture in tests: `UEFI Hello, Dasharo Universe!` + +Build prerequisites for Fedora: +- mingw64-gcc +- openssl +- sbsigntools + +Installation of mingw64-gcc compiler, or any other required package on Fedora: +`sudo dnf install mingw64-gcc` + +Building `dist/` sub-directory, containing complete set of files for BAD_INFLUE Secure Boot USB stick: +`make clean && make dist` + +List of files created in `dist/` sub-directory: +- `cert_fake.der` - fake certificate file with bad contents. +- `cert_good.der` - proper certificate file, can be enrolled with Secure Boot menu. +- `hello-dasharo.efi` - unsigned program binary, can be executed with Secure Boot disabled. +- `hello-dasharo-signed-bad.efi` - program binary signed with some other certificate. +- `hello-dasharo-signed-good.efi` - program binary signed with `cert_good.der`. + +For more information on available Makefile targets, please run `make help`. diff --git a/secure-boot/README.md b/secure-boot/README.md index 6307542..6bd1000 100644 --- a/secure-boot/README.md +++ b/secure-boot/README.md @@ -1,9 +1,18 @@ -# Secure Boot - -## sb_test_data.img +## BAD_INFLUE - Secure Boot test image +### sb_test_data.img features: * Single FAT32 partition, labeled BAD_INFLUE, on MBR disk image * Contains files from `../hello-dasharo/dist` directory -* Run `create_img.sh` to re-create * Can be safely transferred with dd command to USB stick +### How to generate image: +1. Go to `../hello-dasharo/` directory. +2. Refer to `README.md` file located there on how to prepare contents od `dist/` sub-directory. +3. Go back here - `secure-boot/` +4. Run `create_img.sh`, observe the output, especially list of files transferred to the image. +5. Script execution should finish with `Image creation and setup completed successfully.` + +### How to transfer image to USB stick: +1. Use `lsblk` command to identify target USB stick device node and any active mount points. +2. Use `sudo dd of=./sb_test_data.img if=/dev/X bs=1M status=progress` where X is identified target device node. +3. Use `sync` command to finalize write operations before stick removal.