openslx-ng/ipxe.git/src/include/ipxe/efi, branch openslx Fork of ipxe; additional commands and features https://git.openslx.org/openslx-ng/ipxe.git/atom/src/include/ipxe/efi?h=openslx 2026-01-14T16:10:29+00:00 [build] Mark known reviewed files as permitted for UEFI Secure Boot 2026-01-14T16:10:29+00:00 Michael Brown 2026-01-14T14:36:49+00:00 urn:sha1:adcaaf9b93f9de14ba93bea54aecef103fe16b5f Some past security reviews carried out for UEFI Secure Boot signing submissions have covered specific drivers or functional areas of iPXE. Mark all of the files comprising these areas as permitted for UEFI Secure Boot. Signed-off-by: Michael Brown <mcb30@ipxe.org> [build] Mark core files as permitted for UEFI Secure Boot 2026-01-14T13:25:34+00:00 Michael Brown 2026-01-14T13:25:34+00:00 urn:sha1:6cccb3bdc00359068c07125258d71ce24db5118a Mark all files used in a standard build of bin-x86_64-efi/snponly.efi as permitted for UEFI Secure Boot. These files represent the core functionality of iPXE that is guaranteed to have been included in every binary that was previously subject to a security review and signed by Microsoft. It is therefore legitimate to assume that at least these files have already been reviewed to the required standard multiple times. Signed-off-by: Michael Brown <mcb30@ipxe.org> [efi] Mark imported EDK2 headers as permitted for Secure Boot 2026-01-13T15:18:16+00:00 Michael Brown 2026-01-13T14:00:40+00:00 urn:sha1:b09af00fab6ec193d2cb7488825bf1a95015497f Signed-off-by: Michael Brown <mcb30@ipxe.org> [efi] Update to current EDK2 headers 2026-01-13T13:58:17+00:00 Michael Brown 2026-01-13T13:58:17+00:00 urn:sha1:c5ae9ec99c0c59a08c82a2c504b5e1ad374b8453 Signed-off-by: Michael Brown <mcb30@ipxe.org> [efi] Allow for creating devices with no EFI parent device 2025-11-25T12:04:43+00:00 Michael Brown 2025-11-25T11:59:03+00:00 urn:sha1:19dffdc836d0cbfd79ec475160e4a22600f67584 On some systems (observed on an AWS m8g.medium instance in eu-west-2), the UEFI firmware fails to enumerate some of the underlying hardware devices. On these systems, we cannot comply with the UEFI device model by adding our SNP device as a child of the hardware device and appending to the parent hardware device path, since no parent hardware device has been created. Work around these systems by allowing for the creation of SNP devices with no parent device. Signed-off-by: Michael Brown <mcb30@ipxe.org> [pci] Allow probing permission to vary by range 2025-11-24T23:16:32+00:00 Michael Brown 2025-11-24T23:09:53+00:00 urn:sha1:9c1ac48bcff1a623cc5422fb57c540d910ac9734 Make pci_can_probe() part of the runtime selectable PCI I/O API, and defer this check to the per-range API. Signed-off-by: Michael Brown <mcb30@ipxe.org> [efi] Wrap a selection of runtime services calls 2025-11-13T15:02:03+00:00 Michael Brown 2025-11-13T14:38:12+00:00 urn:sha1:33834746537d18e899559470970706d37ae2722b Allow DEBUG=efi_wrap to trace various runtime services calls as well as the existing boot services calls. Signed-off-by: Michael Brown <mcb30@ipxe.org> [efi] Add image security database GUID definition 2025-11-12T12:09:40+00:00 Michael Brown 2025-11-12T12:09:40+00:00 urn:sha1:0a8e34657ea3e266d6e62c0ee2f839fde56be805 Signed-off-by: Michael Brown <mcb30@ipxe.org> [efi] Add Microsoft vendor GUID definition 2025-11-12T12:01:37+00:00 Michael Brown 2025-11-12T12:01:37+00:00 urn:sha1:5c135240bc2cc0e4d885f65f9a20cfa76bd8916a Signed-off-by: Michael Brown <mcb30@ipxe.org> [efi] Add storage security command protocol header and GUID definition 2025-11-11T23:24:22+00:00 Michael Brown 2025-11-11T16:22:21+00:00 urn:sha1:5154b6fcc50a73eedf78ad4bb4a619054d77ed97 Signed-off-by: Michael Brown <mcb30@ipxe.org>