From: Simon Glass <simon.glass@canonical.com> This series integrates the TKey disk-unlock features into the bootctl UI, as a demonstration of how this might work. The user is prompted for a passphrase, which is then used as a user-supplied secret (USS) for the TKey. This series includes support for using a pre-derived master key, so that the TKey emulator can be used in tests. Future work will continue this effort. Simon Glass (19): tpm: Fix missing log size when using bloblist bootctl: Drop unnecessary calls to calculate dimensions bootctl: Set the password flag on the passphrase edit text video: Add a lock image bootctl: Bring in another image bootctl: Allow switching between logos bootctl: Show a lock symbol for locked disks bootctl: Provide passphrase and message objects in the expo bootctl: Enhance the UI to support a TKey bootctl: Provide an extra poll between select and booting bootctl: Clean up some unwanted debugging in the logic bootctl: Add the logic for disk unlock using a TKey bootctl: Fix up the header-inclusion order in the test tkey: Correct handling of the USS tkey: Allow using the selected TKey from luks luks: Add -p flag for pre-derived master key bootctl: Allow unlocking LUKS2 partitions bootctl: Add a TKey for testing bootctl: Enable the tests boot/bootctl/canonical.bmp | Bin 0 -> 41634 bytes boot/bootctl/logic.c | 695 +++++++++++++++++++++++++++++++++- boot/bootctl/multi_ui.c | 118 +++++- boot/bootctl/simple_ui.c | 11 +- boot/bootctl/util.c | 60 +++ boot/bootflow_menu.c | 16 +- cmd/luks.c | 42 +- cmd/tkey.c | 2 +- configs/sandbox_defconfig | 1 + doc/usage/cmd/luks.rst | 18 +- drivers/misc/tkey-uclass.c | 16 +- drivers/misc/tkey_emul.c | 9 +- drivers/video/images/Makefile | 1 + drivers/video/images/lock.bmp | Bin 0 -> 2454 bytes include/bootctl.dtsi | 8 + include/bootctl/logic.h | 58 ++- include/bootctl/ui.h | 80 ++++ include/tkey.h | 7 + lib/tpm_tcg2.c | 1 + test/Kconfig | 1 - test/boot/Makefile | 1 + test/boot/bootctl/bootctl.c | 8 +- test/dm/video.c | 3 +- 23 files changed, 1097 insertions(+), 59 deletions(-) create mode 100644 boot/bootctl/canonical.bmp create mode 100644 drivers/video/images/lock.bmp -- 2.43.0 base-commit: 593009a032cbf0f8ffb7d9cbad609c2d13d089b5 branch: seci