From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=BilIeJMo; spf=pass (domain: linaro.org, ip: 209.85.221.68, mailfrom: leif.lindholm@linaro.org) Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by groups.io with SMTP; Thu, 11 Apr 2019 12:29:58 -0700 Received: by mail-wr1-f68.google.com with SMTP id k11so8857046wro.5 for ; Thu, 11 Apr 2019 12:29:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=/uAZsgJcYsTaroga0aSFkU/HXCJD+aLhXWhYyTVIyPQ=; b=BilIeJMoeMx/aYLpeTSMiXpg3XPa/Dmbj7lpZFsg2aGzj5wc9jZNFD4q4p8/SYu1Df EPVJ7gCGRkCthUU02r2RCWD122Wa6UJR8Ox2ZeQoUZKzO+YoVey8wiTej3sBymEcwQ9a +0aIt+KlVjei7JgLEqd9PeRvYV1y6xAnsulKK1pR6VpHK8rV9E8iLI1DTdcK8hZRMub5 /2i/3Esna0piRwc3cB5R2vMubk0OCek0PNdWAn/S7PrYfWKn8seuzfo3QcbKCsOCvWGR 7OliMR7l0+sYll/LdCRDTgLs9tujDRL5wjx6EZp+lfTqUCaG8vXP34gU4QmB71sYAuFZ aJUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=/uAZsgJcYsTaroga0aSFkU/HXCJD+aLhXWhYyTVIyPQ=; b=Y3ykDmQ9E7OZvfF0qo2r+/dJNmDazM4yjMjShV8+d5JNHOT/QdPf1Ggb94xeFr3y+5 /akr3+5uBj9amV+0a+366/O8zplWlZaMkWgWzEhbLjM567bb7mTgEElWJYstYn5F7kLe BeqOolQMC557Y2CkupOyY2K5jHXcQlY5UXwmHUp4iNZ3Xa/8pPiPT1VA/TKgQ72omIp9 1/Bj2a449XbmPQ333+nYlaKqEuEVgoIBAv+jWL+hXcbUgsG7YIwFHhgipuVHK2VMLx2z +BjInVfxk69gg3cFb7jjsRRKbdTBAh/EX41wahrTD4gErgh/WZlVE4YRQWMrNz7zPMQ3 HXHw== X-Gm-Message-State: APjAAAX70A/i2z5A+EbmSH6GPVbImRfp1d0AOjtiuO0NWJVIlS9v9MgB aPmTgJ+GkIno9zhm9doHVycTAw== X-Google-Smtp-Source: APXvYqwTrWkH7axFFZc0oDhnYf44W6e/CK/cL9MDjMphqRay9qEEH3afoWK+G+LOsUPqeQsAvkJ2/A== X-Received: by 2002:a5d:530e:: with SMTP id e14mr29651004wrv.18.1555010996985; Thu, 11 Apr 2019 12:29:56 -0700 (PDT) Return-Path: Received: from bivouac.eciton.net (bivouac.eciton.net. [2a00:1098:0:86:1000:23:0:2]) by smtp.gmail.com with ESMTPSA id y127sm9227553wmg.29.2019.04.11.12.29.55 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 11 Apr 2019 12:29:55 -0700 (PDT) Date: Thu, 11 Apr 2019 20:29:54 +0100 From: "Leif Lindholm" To: Ard Biesheuvel Cc: devel@edk2.groups.io Subject: Re: [PATCH edk2-platforms] Platform/DeveloperBox: actually enable secure boot checking Message-ID: <20190411192954.yajsgfd3qfatgpqf@bivouac.eciton.net> References: <20190410180602.10799-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 In-Reply-To: <20190410180602.10799-1-ard.biesheuvel@linaro.org> User-Agent: NeoMutt/20170113 (1.7.2) Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Apr 10, 2019 at 11:06:02AM -0700, Ard Biesheuvel wrote: > The current secure boot enabled DeveloperBox build contains all the > pieces to maintain the authenticated variable store, but doesn't > actually bother to check the signature on anything it boots. Fix that. > > Signed-off-by: Ard Biesheuvel We haven't actually dropped the CLA from edk2-platforms (yet), so we probably still need the contributed-under for now. If you add that before committing: Reviewed-by: Leif Lindholm > --- > Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc > index 39077ab5ee79..4ddb0d427f13 100644 > --- a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc > +++ b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc > @@ -245,7 +245,12 @@ > } > MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf > MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf > - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf > + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > + > +!if $(SECURE_BOOT_ENABLE) == TRUE > + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > +!endif > + } > ArmPkg/Drivers/TimerDxe/TimerDxe.inf > ArmPkg/Drivers/GenericWatchdogDxe/GenericWatchdogDxe.inf > MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > -- > 2.17.1 >