From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=Iw1amAX4; spf=pass (domain: linaro.org, ip: 209.85.210.193, mailfrom: ard.biesheuvel@linaro.org) Received: from mail-pf1-f193.google.com (mail-pf1-f193.google.com [209.85.210.193]) by groups.io with SMTP; Wed, 10 Apr 2019 11:06:06 -0700 Received: by mail-pf1-f193.google.com with SMTP id t21so1957205pfh.2 for ; Wed, 10 Apr 2019 11:06:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=lsEntOF6wlGJf2+RZM3ItxjZHK1KmLC/2fW1DSIctGM=; b=Iw1amAX4n9naDXZBvEzcujLEpiF4hv6NAtYo2DLGPSOsV/BJMWPcnmAnmAwwgWmcSh zDHpCXVfEBrZQTedmbwEzkenVvetSJ4tk2Cq+DWUsjioGn1W9LuJVUHSbu1q3KDvN+04 mkWrf2s+OrqhFykJQpDOzFrLzz87loT5db7lw9n1YDEgb65l5hGMA2wvtunhO2INE42j a5u79S0BpEpHbrJZIu92DkJ03SgmKSdutsBJp+7DCInxuZhBenE5edukB2wRTGsa492l y2E5+NyqifLRw4ZvncbgZ837ujnlzRrEnNWUsDo8OtBNtrR3toz9HE4pQcb/DXVBuf3D 2BGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=lsEntOF6wlGJf2+RZM3ItxjZHK1KmLC/2fW1DSIctGM=; b=aBP1k4IsmBNahcMp2NU9x04jePaHjvv/1EmU3gYcXuT3QIwOkQs+itEPoSFXKM4HvO +k8adoIYfy1Og6F8gJByGgGmAlA272mKgst5HC/3O5S8tYDFliS5YxF6OxYpxZNx7Fvs V72NTL5Vav1R8lFDKZzpjhM7j5944aG/j1y8hhuNSc/tJizxcI+SKx/MhP7OqgV7SP+5 pWEHfHnQioyr9KPSf19tj+nnP6P/ZLVgykd+TlV08nlk/Muaomrriy61KL+9S1sKWTE/ CCi6n3ps0G2RG9rosd+3FVyLvDnmcAEKOdQNvUSvNyG4cquDxZ1eG13ZxhnhH9Ls4P/1 /b6w== X-Gm-Message-State: APjAAAVWwCIZj5DQR/Vjm5p2/y4JMQhRrMKhQQ+rc8XDXTzoNvs1KAn5 /bSCfNoDJ3WJBxRESfO+6W2zQUNDkbt9a5xo X-Google-Smtp-Source: APXvYqzOuVUYOqeHRhNPg1gG9nJEkRkgpKb1p/muEvhq0Wd57h8NMCt2hUFf7b9mdwQ0B4V/7uQpXw== X-Received: by 2002:a63:2b03:: with SMTP id r3mr41839120pgr.105.1554919565795; Wed, 10 Apr 2019 11:06:05 -0700 (PDT) Return-Path: Received: from localhost.localdomain (50-205-23-12-static.hfc.comcastbusiness.net. [50.205.23.12]) by smtp.gmail.com with ESMTPSA id s19sm51257845pfe.74.2019.04.10.11.06.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Apr 2019 11:06:04 -0700 (PDT) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: leif.lindholm@linaro.org, Ard Biesheuvel Subject: [PATCH edk2-platforms] Platform/DeveloperBox: actually enable secure boot checking Date: Wed, 10 Apr 2019 11:06:02 -0700 Message-Id: <20190410180602.10799-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 The current secure boot enabled DeveloperBox build contains all the pieces to maintain the authenticated variable store, but doesn't actually bother to check the signature on anything it boots. Fix that. Signed-off-by: Ard Biesheuvel --- Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc index 39077ab5ee79..4ddb0d427f13 100644 --- a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc +++ b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc @@ -245,7 +245,12 @@ } MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { + +!if $(SECURE_BOOT_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +!endif + } ArmPkg/Drivers/TimerDxe/TimerDxe.inf ArmPkg/Drivers/GenericWatchdogDxe/GenericWatchdogDxe.inf MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf -- 2.17.1