From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f50.google.com (mail-lf1-f50.google.com [209.85.167.50]) by mx.groups.io with SMTP id smtpd.web12.5225.1622022160599736514 for ; Wed, 26 May 2021 02:42:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=eEOcHebu; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.167.50, mailfrom: gjb@semihalf.com) Received: by mail-lf1-f50.google.com with SMTP id q1so1589906lfo.3 for ; Wed, 26 May 2021 02:42:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=k3560TeAdaPU+L3+jKVv8TKTNngwGiEWtFlYjQz34Ao=; b=eEOcHebu7D2YE1cb7MchrHvPEJMhJ1zdBeRKBh2MpwfqldMYhhaqaFlI4ZPJp26A8F T7X2byZF49Izlg4V3Of3lHQZ6jVyDlzPpkH6Cp3TYU8sNdkTLIIBMs6CR5l6+qkN1YXf wjG/mYNfRw6I8rgkI1q3ecJqEmhXUgKtbe4G9uEKbJfjV3z99KGPe8e9qXI/uIpyEgX8 sNMkk4zUGGaqBmBNayBnYr6JpPEROMOcFBuIcuwA9+Q94H/S/uB54gpwdm5PizIT1oRB BYLi2Qd3wGvwraHsMx+DtEAVmEl4WfdUkHiRVB3N/yuNIBNcU6XzqbjBVoUTikIB58aS hh9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=k3560TeAdaPU+L3+jKVv8TKTNngwGiEWtFlYjQz34Ao=; b=MGy+5kKnsrGB4XeAQ0ow9hYuscXZ5/WPKwEuQZiWXSvcvGED0tzTcWBr9nZ2X/PGuh JgtJlJ7HZWQn3GAlL4kpubDlrtUmoxHuYY39ATsb0absHJzRwTyDyUtfUEGaexoKtiTb qfrekYU+8QdkiJtn9e3Re9PN7BQCT6EXvKMYuC6MOuQYQPyX9jm2IO/GO+JNL08GkLEr QEBu6o5KhQuTVr0M5b/Z3RqKmusXB3oMH9O6cGVZILB03oxGUvuxlh/snwHqrfBBAbTF G6q7MdaYYEslXUt3NlrOIvtlNQeGWATTYYezAOqvGefXLkOjFEYoWe1Cv0TkquCJfKHN p45g== X-Gm-Message-State: AOAM532l61fyc2F6TxK2UE1WH9tIi3vN5UE1ZrJJX+0ZHnlR+kqv3YfA XSBfr8LGCOcN5+v2nleOLYujdu2K3XbHdMaKIIY= X-Google-Smtp-Source: ABdhPJzRdtxBBhoAomeH8/qGJpHPk8ygUqz2tqeMYgH15wpYys+hEHvVxftdLqZJVw1++NNGSEJiCQ== X-Received: by 2002:ac2:5faa:: with SMTP id s10mr1524132lfe.48.1622022158512; Wed, 26 May 2021 02:42:38 -0700 (PDT) Return-Path: Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id y19sm2380268ljy.32.2021.05.26.02.42.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 May 2021 02:42:38 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, gjb@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com Subject: [PATCH 2/6] SecurityPkg: Create include file for default key content. Date: Wed, 26 May 2021 11:42:00 +0200 Message-Id: <20210526094204.73600-4-gjb@semihalf.com> X-Mailer: git-send-email 2.29.0 In-Reply-To: <20210526094204.73600-1-gjb@semihalf.com> References: <20210526094204.73600-1-gjb@semihalf.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This commits add file which can be included by platform Flash Description File. It allows to specify certificate files, which will be embedded into binary file. The content of these files can be used to initialize Secure Boot default keys and databases. Signed-off-by: Grzegorz Bernacki --- SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc b/SecurityPkg/SecureBootDefaultKeys.fdf.inc new file mode 100644 index 0000000000..056586b204 --- /dev/null +++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc @@ -0,0 +1,62 @@ + +!if $(DEFAULT_KEYS) == TRUE + FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { + !ifdef $(PK_DEFAULT_FILE) + SECTION RAW = $(PK_DEFAULT_FILE) + !endif + SECTION UI = "PK Default" + } + + FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { + !ifdef $(KEK_DEFAULT_FILE1) + SECTION RAW = $(KEK_DEFAULT_FILE1) + !endif + !ifdef $(KEK_DEFAULT_FILE2) + SECTION RAW = $(KEK_DEFAULT_FILE2) + !endif + !ifdef $(KEK_DEFAULT_FILE3) + SECTION RAW = $(KEK_DEFAULT_FILE3) + !endif + SECTION UI = "KEK Default" + } + + FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { + !ifdef $(DB_DEFAULT_FILE1) + SECTION RAW = $(DB_DEFAULT_FILE1) + !endif + !ifdef $(DB_DEFAULT_FILE2) + SECTION RAW = $(DB_DEFAULT_FILE2) + !endif + !ifdef $(DB_DEFAULT_FILE3) + SECTION RAW = $(DB_DEFAULT_FILE3) + !endif + SECTION UI = "DB Default" + } + + FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 { + !ifdef $(DBT_DEFAULT_FILE1) + SECTION RAW = $(DBT_DEFAULT_FILE1) + !endif + !ifdef $(DBT_DEFAULT_FILE2) + SECTION RAW = $(DBT_DEFAULT_FILE2) + !endif + !ifdef $(DBT_DEFAULT_FILE3) + SECTION RAW = $(DBT_DEFAULT_FILE3) + !endif + SECTION UI = "DBT Default" + } + + FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { + !ifdef $(DBX_DEFAULT_FILE1) + SECTION RAW = $(DBX_DEFAULT_FILE1) + !endif + !ifdef $(DBX_DEFAULT_FILE2) + SECTION RAW = $(DBX_DEFAULT_FILE2) + !endif + !ifdef $(DBX_DEFAULT_FILE3) + SECTION RAW = $(DBX_DEFAULT_FILE3) + !endif + SECTION UI = "DBX Default" + } + +!endif -- 2.25.1