From: "gaoliming" <gaoliming@byosoft.com.cn>
To: <devel@edk2.groups.io>, <Sunny.Wang@arm.com>,
"'Samer El-Haj-Mahmoud'" <Samer.El-Haj-Mahmoud@arm.com>,
<gjb@semihalf.com>,
"'Ard Biesheuvel'" <ardb+tianocore@kernel.org>,
<ray.ni@intel.com>
Cc: <leif@nuviainc.com>, <mw@semihalf.com>, <upstream@semihalf.com>,
<jiewen.yao@intel.com>, <jian.j.wang@intel.com>,
<min.m.xu@intel.com>, <lersek@redhat.com>,
"'Sami Mujawar'" <Sami.Mujawar@arm.com>, <afish@apple.com>,
<jordan.l.justen@intel.com>, <rebecca@bsdio.com>,
<grehan@freebsd.org>, "'Thomas Abraham'" <thomas.abraham@arm.com>,
<chasel.chiu@intel.com>, <nathaniel.l.desimone@intel.com>,
<eric.dong@intel.com>, <michael.d.kinney@intel.com>,
<zailiang.sun@intel.com>, <yi.qian@intel.com>,
<graeme@nuviainc.com>, <rad@semihalf.com>, <pete@akeo.ie>
Subject: 回复: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys
Date: Wed, 28 Jul 2021 15:44:05 +0800 [thread overview]
Message-ID: <020201d78384$57add210$07097630$@byosoft.com.cn> (raw)
In-Reply-To: <DB8PR08MB399327DCA0F3EE618EF4CB0C85E39@DB8PR08MB3993.eurprd08.prod.outlook.com>
Sunny:
Yes. This patch set is ready to be merged.
Samer:
Would you help merge this patch set?
Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Sunny Wang
> 发送时间: 2021年7月21日 11:41
> 收件人: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>;
> devel@edk2.groups.io; gjb@semihalf.com; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; gaoliming@byosoft.com.cn; ray.ni@intel.com
> 抄送: leif@nuviainc.com; mw@semihalf.com; upstream@semihalf.com;
> jiewen.yao@intel.com; jian.j.wang@intel.com; min.m.xu@intel.com;
> lersek@redhat.com; Sami Mujawar <Sami.Mujawar@arm.com>;
> afish@apple.com; jordan.l.justen@intel.com; rebecca@bsdio.com;
> grehan@freebsd.org; Thomas Abraham <thomas.abraham@arm.com>;
> chasel.chiu@intel.com; nathaniel.l.desimone@intel.com;
> eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com;
> yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie;
> Sunny Wang <Sunny.Wang@arm.com>
> 主题: Re: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys
>
> Ard, Liming, Ray, Thanks for your review for ArmVirtPkg, ArmPlatformPkg,
and
> EmulatorPkg patches.
>
> As for the patch for Intel Platforms below, it is in another series for
> edk2-platforms.
> - [edk2-platforms PATCH v6 1/4] Intel Platforms: add
> SecureBootVariableLib class resolution
> https://edk2.groups.io/g/devel/message/77781
>
> Therefore, I think this series already got all the necessary Reviewed-By
and
> Acked-By of all parts and is ready to be pushed now.
>
> Best Regards,
> Sunny Wang
>
> -----Original Message-----
> From: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
> Sent: Friday, July 16, 2021 8:00 PM
> To: devel@edk2.groups.io; gjb@semihalf.com
> Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Sunny Wang
> <Sunny.Wang@arm.com>; mw@semihalf.com; upstream@semihalf.com;
> jiewen.yao@intel.com; jian.j.wang@intel.com; min.m.xu@intel.com;
> lersek@redhat.com; Sami Mujawar <Sami.Mujawar@arm.com>;
> afish@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com;
> rebecca@bsdio.com; grehan@freebsd.org; Thomas Abraham
> <thomas.abraham@arm.com>; chasel.chiu@intel.com;
> nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn;
> eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com;
> yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie;
> Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
> Subject: RE: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys
>
> The v6 of this series seems to have all the necessary Reviewed-By (and
some
> Tested-By) of all parts, except the following platform specific parts.
Could we
> get help from maintainers to review these please?
>
> Much appreciated!
>
> - ArmVirtPkg : https://edk2.groups.io/g/devel/message/77772
> - ArmPlatformPkg: https://edk2.groups.io/g/devel/message/77775
> - EmulatorPkg: https://edk2.groups.io/g/devel/message/77773
> - Intel Platforms (Platform/Intel/QuarkPlatformPkg,
> Platform/Intel/MinPlatformPkg, Platform/Intel/Vlv2TbltDevicePkg):
> https://edk2.groups.io/g/devel/message/77781
>
> Thanks,
> --Samer
>
>
>
>
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > Grzegorz Bernacki via groups.io
> > Sent: Wednesday, July 14, 2021 8:30 AM
> > To: devel@edk2.groups.io
> > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer
> El-Haj-Mahmoud
> > <Samer.El-Haj-Mahmoud@arm.com>; Sunny Wang
> > <Sunny.Wang@arm.com>; mw@semihalf.com; upstream@semihalf.com;
> > jiewen.yao@intel.com; jian.j.wang@intel.com; min.m.xu@intel.com;
> > lersek@redhat.com; Sami Mujawar <Sami.Mujawar@arm.com>;
> > afish@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com;
> > rebecca@bsdio.com; grehan@freebsd.org; Thomas Abraham
> > <thomas.abraham@arm.com>; chasel.chiu@intel.com;
> > nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn;
> > eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com;
> > yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com;
> > pete@akeo.ie; Grzegorz Bernacki <gjb@semihalf.com>
> > Subject: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys
> >
> > This patchset adds support for initialization of default
> > Secure Boot variables based on keys content embedded in
> > flash binary. This feature is active only if Secure Boot
> > is enabled and DEFAULT_KEY is defined. The patchset
> > consist also application to enroll keys from default
> > variables and secure boot menu change to allow user
> > to reset key content to default values.
> > Discussion on design can be found at:
> > https://edk2.groups.io/g/rfc/topic/82139806#600
> >
> > Built with:
> > GCC
> > - RISC-V (U500, U540) [requires fixes in dsc to build]
> > - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg,
> > EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32))
> > - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4)
> >
> > RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be
> built,
> > will be post on edk2 maillist later
> >
> > VS2019
> > - Intel (OvmfPkgX64)
> >
> > Test with:
> > GCC5/RPi4
> > VS2019/OvmfX64 (requires changes to enable feature)
> >
> > Tests:
> > 1. Try to enroll key in incorrect format.
> > 2. Enroll with only PKDefault keys specified.
> > 3. Enroll with all keys specified.
> > 4. Enroll when keys are enrolled.
> > 5. Reset keys values.
> > 6. Running signed & unsigned app after enrollment.
> >
> > Changes since v1:
> > - change names:
> > SecBootVariableLib => SecureBootVariableLib
> > SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe
> > SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp
> > - change name of function CheckSetupMode to GetSetupMode
> > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp
> > - rebase to master
> >
> > Changes since v2:
> > - fix coding style for functions headers in SecureBootVariableLib.h
> > - add header to SecureBootDefaultKeys.fdf.inc
> > - remove empty line spaces in SecureBootDefaultKeysDxe files
> > - revert FAIL macro in EnrollFromDefaultKeysApp
> > - remove functions duplicates and add SecureBootVariableLib
> > to platforms which used it
> >
> > Changes since v3:
> > - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg
> > - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib
> > - fix typo in guid description
> >
> > Changes since v4:
> > - reorder patches to make it bisectable
> > - split commits related to more than one platform
> > - move edk2-platform commits to separate patchset
> >
> > Changes since v5:
> > - split SecureBootVariableLib into SecureBootVariableLib and
> > SecureBootVariableProvisionLib
> >
> > Grzegorz Bernacki (11):
> > SecurityPkg: Create SecureBootVariableLib.
> > SecurityPkg: Create library for enrolling Secure Boot variables.
> > ArmVirtPkg: add SecureBootVariableLib class resolution
> > OvmfPkg: add SecureBootVariableLib class resolution
> > EmulatorPkg: add SecureBootVariableLib class resolution
> > SecurityPkg: Remove duplicated functions from SecureBootConfigDxe.
> > ArmPlatformPkg: Create include file for default key content.
> > SecurityPkg: Add SecureBootDefaultKeysDxe driver
> > SecurityPkg: Add EnrollFromDefaultKeys application.
> > SecurityPkg: Add new modules to Security package.
> > SecurityPkg: Add option to reset secure boot keys.
> >
> > SecurityPkg/SecurityPkg.dec
> | 14 +
> > ArmVirtPkg/ArmVirt.dsc.inc
> | 2 +
> > EmulatorPkg/EmulatorPkg.dsc
> | 2 +
> > OvmfPkg/Bhyve/BhyveX64.dsc
> | 2 +
> > OvmfPkg/OvmfPkgIa32.dsc
> | 2 +
> > OvmfPkg/OvmfPkgIa32X64.dsc
> | 2 +
> > OvmfPkg/OvmfPkgX64.dsc
> | 2 +
> > SecurityPkg/SecurityPkg.dsc
> | 5 +
> > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
> > | 48 ++
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
> > | 80 +++
> >
> >
> SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
> > visionLib.inf | 80 +++
> >
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
> > gDxe.inf | 3 +
> >
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
> > DefaultKeysDxe.inf | 46 ++
> > SecurityPkg/Include/Library/SecureBootVariableLib.h
> | 153
> > ++++++
> > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
> > | 134 +++++
> >
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
> > gNvData.h | 2 +
> >
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
> > g.vfr | 6 +
> > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
> > | 110 +++++
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
> > | 511 ++++++++++++++++++++
> >
> >
> SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
> > visionLib.c | 491 +++++++++++++++++++
> >
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
> > gImpl.c | 344 ++++++-------
> >
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
> > DefaultKeysDxe.c | 69 +++
> > ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
> | 70
> > +++
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni
> > | 17 +
> >
> >
> SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
> > visionLib.uni | 16 +
> >
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
> > gStrings.uni | 4 +
> >
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
> > DefaultKeysDxe.uni | 16 +
> > 27 files changed, 2043 insertions(+), 188 deletions(-)
> > create mode 100644
> > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
> > create mode 100644
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
> > create mode 100644
> >
> SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
> > visionLib.inf
> > create mode 100644
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
> > DefaultKeysDxe.inf
> > create mode 100644
> SecurityPkg/Include/Library/SecureBootVariableLib.h
> > create mode 100644
> > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
> > create mode 100644
> > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
> > create mode 100644
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
> > create mode 100644
> >
> SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
> > visionLib.c
> > create mode 100644
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
> > DefaultKeysDxe.c
> > create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
> > create mode 100644
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni
> > create mode 100644
> >
> SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
> > visionLib.uni
> > create mode 100644
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
> > DefaultKeysDxe.uni
> >
> > --
> > 2.25.1
> >
> >
> >
> >
> >
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
recipient,
> please notify the sender immediately and do not disclose the contents to
any
> other person, use it for any purpose, or store or copy the information in
any
> medium. Thank you.
>
>
>
>
next prev parent reply other threads:[~2021-07-28 7:44 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-14 12:29 [PATCH v6 00/11] Secure Boot default keys Grzegorz Bernacki
2021-07-14 12:29 ` [PATCH v6 01/11] SecurityPkg: Create SecureBootVariableLib Grzegorz Bernacki
2021-07-14 12:29 ` [PATCH v6 02/11] SecurityPkg: Create library for enrolling Secure Boot variables Grzegorz Bernacki
2021-07-14 12:29 ` [PATCH v6 03/11] ArmVirtPkg: add SecureBootVariableLib class resolution Grzegorz Bernacki
2021-07-14 12:29 ` [PATCH v6 04/11] OvmfPkg: " Grzegorz Bernacki
2021-07-14 12:29 ` [PATCH v6 05/11] EmulatorPkg: " Grzegorz Bernacki
2021-07-21 2:53 ` [edk2-devel] " Ni, Ray
2021-07-14 12:29 ` [PATCH v6 06/11] SecurityPkg: Remove duplicated functions from SecureBootConfigDxe Grzegorz Bernacki
2021-07-14 12:29 ` [PATCH v6 07/11] ArmPlatformPkg: Create include file for default key content Grzegorz Bernacki
2021-07-14 12:29 ` [PATCH v6 08/11] SecurityPkg: Add SecureBootDefaultKeysDxe driver Grzegorz Bernacki
2021-07-14 12:29 ` [PATCH v6 09/11] SecurityPkg: Add EnrollFromDefaultKeys application Grzegorz Bernacki
2021-07-14 12:29 ` [PATCH v6 10/11] SecurityPkg: Add new modules to Security package Grzegorz Bernacki
2021-07-14 12:29 ` [PATCH v6 11/11] SecurityPkg: Add option to reset secure boot keys Grzegorz Bernacki
2021-07-15 3:16 ` [edk2-devel] [PATCH v6 00/11] Secure Boot default keys Yao, Jiewen
2021-07-16 12:00 ` Samer El-Haj-Mahmoud
2021-07-16 17:28 ` Ard Biesheuvel
2021-07-20 1:32 ` 回复: " gaoliming
2021-07-21 3:40 ` Sunny Wang
2021-07-28 7:44 ` gaoliming [this message]
2021-07-28 10:39 ` Ard Biesheuvel
2021-07-28 11:07 ` Ard Biesheuvel
2021-07-29 8:54 ` Grzegorz Bernacki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='020201d78384$57add210$07097630$@byosoft.com.cn' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox