From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by mx.groups.io with SMTP id smtpd.web08.16127.1627880939434066428 for ; Sun, 01 Aug 2021 22:09:00 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: byosoft.com.cn, ip: 58.240.74.242, mailfrom: gaoliming@byosoft.com.cn) Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP for ; Mon, 02 Aug 2021 13:08:30 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming" To: "'Ard Biesheuvel'" , "'Grzegorz Bernacki'" Cc: "'edk2-devel-groups-io'" , "'Leif Lindholm'" , "'Ard Biesheuvel'" , "'Samer El-Haj-Mahmoud'" , "'Sunny Wang'" , "'Marcin Wojtas'" , , "'Jiewen Yao'" , "'Jian J Wang'" , "'Min Xu'" , "'Laszlo Ersek'" , "'Sami Mujawar'" , "'Andrew Fish'" , "'Ray Ni'" , "'Jordan Justen'" , "'Rebecca Cran'" , "'Peter Grehan'" , "'Thomas Abraham'" , "'Chasel Chiu'" , "'Nate DeSimone'" , "'Eric Dong'" , "'Michael Kinney'" , , , "'Graeme Gregory'" , "'Radoslaw Biernacki'" , "'Peter Batard'" References: <20210730102326.2814466-1-gjb@semihalf.com> In-Reply-To: Subject: =?UTF-8?B?5Zue5aSNOiBbUEFUQ0ggdjcgMDAvMTFdIFNlY3VyZSBCb290IGRlZmF1bHQga2V5cw==?= Date: Mon, 2 Aug 2021 13:08:31 +0800 Message-ID: <024901d7875c$70220e20$50662a60$@byosoft.com.cn> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQH+Y0ZF6eHEBH3ZZKL849GobCANBwLuS1aAqvp/N0A= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn I see most failures are coding style. The function header comment style = is /** .. **/.=20 --*/ should be replaced by **/ Thanks Liming > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: Ard Biesheuvel > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: = 2021=E5=B9=B48=E6=9C=882=E6=97=A5 2:04 > =E6=94=B6=E4=BB=B6=E4=BA=BA: Grzegorz Bernacki > =E6=8A=84=E9=80=81: edk2-devel-groups-io ; Leif = Lindholm > ; Ard Biesheuvel ; Samer > El-Haj-Mahmoud ; Sunny Wang > ; Marcin Wojtas ; > upstream@semihalf.com; Jiewen Yao ; Jian J Wang > ; Min Xu ; Laszlo Ersek > ; Sami Mujawar ; Andrew > Fish ; Ray Ni ; Jordan Justen > ; Rebecca Cran ; Peter > Grehan ; Thomas Abraham > ; Chasel Chiu ; Nate > DeSimone ; Liming Gao (Byosoft = address) > ; Eric Dong ; Michael > Kinney ; zailiang.sun@intel.com; > yi.qian@intel.com; Graeme Gregory ; Radoslaw > Biernacki ; Peter Batard > =E4=B8=BB=E9=A2=98: Re: [PATCH v7 00/11] Secure Boot default keys >=20 > On Fri, 30 Jul 2021 at 12:23, Grzegorz Bernacki = wrote: > > > > This patchset adds support for initialization of default > > Secure Boot variables based on keys content embedded in > > flash binary. This feature is active only if Secure Boot > > is enabled and DEFAULT_KEY is defined. The patchset > > consist also application to enroll keys from default > > variables and secure boot menu change to allow user > > to reset key content to default values. > > Discussion on design can be found at: > > https://edk2.groups.io/g/rfc/topic/82139806#600 > > > > Built with: > > GCC > > - RISC-V (U500, U540) [requires fixes in dsc to build] > > - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg, > > EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32)) > > - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4) > > > > RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to = be > built, > > will be post on edk2 maillist later > > > > VS2019 > > - Intel (OvmfPkgX64) > > > > Test with: > > GCC5/RPi4 > > VS2019/OvmfX64 (requires changes to enable feature) > > > > Tests: > > 1. Try to enroll key in incorrect format. > > 2. Enroll with only PKDefault keys specified. > > 3. Enroll with all keys specified. > > 4. Enroll when keys are enrolled. > > 5. Reset keys values. > > 6. Running signed & unsigned app after enrollment. > > > > Changes since v1: > > - change names: > > SecBootVariableLib =3D> SecureBootVariableLib > > SecBootDefaultKeysDxe =3D> SecureBootDefaultKeysDxe > > SecEnrollDefaultKeysApp =3D> EnrollFromDefaultKeysApp > > - change name of function CheckSetupMode to GetSetupMode > > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > > - rebase to master > > > > Changes since v2: > > - fix coding style for functions headers in SecureBootVariableLib.h > > - add header to SecureBootDefaultKeys.fdf.inc > > - remove empty line spaces in SecureBootDefaultKeysDxe files > > - revert FAIL macro in EnrollFromDefaultKeysApp > > - remove functions duplicates and add SecureBootVariableLib > > to platforms which used it > > > > Changes since v3: > > - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg > > - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib > > - fix typo in guid description > > > > Changes since v4: > > - reorder patches to make it bisectable > > - split commits related to more than one platform > > - move edk2-platform commits to separate patchset > > > > Changes since v5: > > - split SecureBootVariableLib into SecureBootVariableLib and > > SecureBootVariableProvisionLib > > > > Changes since v6: > > - fix problems found by CI > > - add correct modules to SecurityPkg.dsc > > - update SecurityPkg.dec > > - fix coding style issues > > >=20 > This still generates CI errors: >=20 > https://github.com/tianocore/edk2/pull/1850 >=20 > Note that you can create PRs against tianocore/edk2 directly from your > own branch, which will result in the CI checks to be performed on the > code, without your branch being merged even if all checks pass (that > requires the push label which only maintainers can set) >=20 >=20 > > NOTE: edk2-platform has not been changed and v6 platform patches > > are still valid > > > > Grzegorz Bernacki (11): > > SecurityPkg: Create SecureBootVariableLib. > > SecurityPkg: Create library for enrolling Secure Boot variables. > > ArmVirtPkg: add SecureBootVariableLib class resolution > > OvmfPkg: add SecureBootVariableLib class resolution > > EmulatorPkg: add SecureBootVariableLib class resolution > > SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. > > ArmPlatformPkg: Create include file for default key content. > > SecurityPkg: Add SecureBootDefaultKeysDxe driver > > SecurityPkg: Add EnrollFromDefaultKeys application. > > SecurityPkg: Add new modules to Security package. > > SecurityPkg: Add option to reset secure boot keys. > > > > SecurityPkg/SecurityPkg.dec > | 22 + > > ArmVirtPkg/ArmVirt.dsc.inc > | 2 + > > EmulatorPkg/EmulatorPkg.dsc > | 2 + > > OvmfPkg/Bhyve/BhyveX64.dsc > | 2 + > > OvmfPkg/OvmfPkgIa32.dsc > | 2 + > > OvmfPkg/OvmfPkgIa32X64.dsc > | 2 + > > OvmfPkg/OvmfPkgX64.dsc > | 2 + > > SecurityPkg/SecurityPkg.dsc > | 9 +- > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > | 48 ++ > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > | 80 +++ > > > = SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProv= i > sionLib.inf | 80 +++ > > > = SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD > xe.inf | 3 + > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.inf | 46 ++ > > SecurityPkg/Include/Library/SecureBootVariableLib.h > | 153 ++++++ > > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > | 134 +++++ > > > = SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigN > vData.h | 2 + > > > = SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.v > fr | 6 + > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > | 115 +++++ > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > | 510 ++++++++++++++++++++ > > > = SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProv= i > sionLib.c | 482 ++++++++++++++++++ > > > = SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > mpl.c | 344 ++++++------- > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.c | 69 +++ > > ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > | 70 +++ > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > | 17 + > > > = SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProv= i > sionLib.uni | 16 + > > > = SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigS > trings.uni | 4 + > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.uni | 16 + > > 27 files changed, 2049 insertions(+), 189 deletions(-) > > create mode 100644 > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > create mode 100644 > = SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProv= i > sionLib.inf > > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.inf > > create mode 100644 > SecurityPkg/Include/Library/SecureBootVariableLib.h > > create mode 100644 > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > > create mode 100644 > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > create mode 100644 > = SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProv= i > sionLib.c > > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.c > > create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > create mode 100644 > = SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProv= i > sionLib.uni > > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.uni > > > > -- > > 2.25.1 > >