From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com [209.85.167.43]) by mx.groups.io with SMTP id smtpd.web11.57659.1622553177134695328 for ; Tue, 01 Jun 2021 06:12:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=Eacv9LEi; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.167.43, mailfrom: gjb@semihalf.com) Received: by mail-lf1-f43.google.com with SMTP id v8so21721727lft.8 for ; Tue, 01 Jun 2021 06:12:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=k3560TeAdaPU+L3+jKVv8TKTNngwGiEWtFlYjQz34Ao=; b=Eacv9LEiEAba3GuI4oXjDswVf4jvTjEHTgv4tqfKefW3Xz1lFPbN26wPIn7S47o3Ar p3rN9W6s6Xt0OU2YfDbTA0aAcE7zy2hDa+ay15yrDj6ctsogfakDN3d3c5baES/QbEJG daSx44K9oiOO3TxpTULDrKQqtZLTkXtYC9FdGA4c12RYyNe+ikYfaAanmU4yAZRxXnH0 7uXnvV5Nh0HtKE31TnlwT2J5AgZeF713eHNtaeafuO+CCD8TZt2cApTS1d/5OpN/55Hd XwiMy1f8oG0e9O3bVErzFGu2u1D6Gpq27AcOGh1hOlqFjUH/ZXQWba2uOtnVQvOLrJLx z6Ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=k3560TeAdaPU+L3+jKVv8TKTNngwGiEWtFlYjQz34Ao=; b=Pv61sU7cmS1k8h+Ufr3ehul4iy6DycQq3u/Zanc1ZL6K8+hQAs8SEScqN1lhXvwicV EG+Sv+uiA/yRZlzzNZ5x0nIhwa2KGlG3BkOWBUrI2fvJ++ScLhij8C+8vGh1/fl1YGiq MOfYMsy/UmTtad0pU0pGLB+q5GzIhFZparFpsLOlcrqnF5rWkPTJAKvzaMT4FYSqzPlY 9UhlJnTWLI6m/lStrY2zOti/oeo6TLw9I5KakrDMRrPMkgdanE2llhSkOaC0L4tE7tkB 1yRBp/KVQtQ2D7Xsh8KCdBo8OILvBqtzfKlkFWs+Cx3w5emp+H0PXh8skQSM/f3U4Nzh Y+Gw== X-Gm-Message-State: AOAM531+obdF4m5dAtBCbwzHWWq8TEHd9TweSZuemZu/hWeG4c9092jW p5pmlyBZ+0vbYzR4r7LyajudXg9gYaQEkRmG X-Google-Smtp-Source: ABdhPJz1QtaCvr5j02nyizEDRN3UBiukWji8t5QszHSmP6lyj4ZbkxQgU3l7jqZp8fTBsGYbt1nJbg== X-Received: by 2002:ac2:5e33:: with SMTP id o19mr18376897lfg.11.1622553175073; Tue, 01 Jun 2021 06:12:55 -0700 (PDT) Return-Path: Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id y5sm1681460lfa.148.2021.06.01.06.12.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jun 2021 06:12:54 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, Grzegorz Bernacki Subject: [PATCH v2 2/6] SecurityPkg: Create include file for default key content. Date: Tue, 1 Jun 2021 15:12:25 +0200 Message-Id: <20210601131229.630611-4-gjb@semihalf.com> X-Mailer: git-send-email 2.29.0 In-Reply-To: <20210601131229.630611-1-gjb@semihalf.com> References: <20210601131229.630611-1-gjb@semihalf.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This commits add file which can be included by platform Flash Description File. It allows to specify certificate files, which will be embedded into binary file. The content of these files can be used to initialize Secure Boot default keys and databases. Signed-off-by: Grzegorz Bernacki --- SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc b/SecurityPkg/SecureBootDefaultKeys.fdf.inc new file mode 100644 index 0000000000..056586b204 --- /dev/null +++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc @@ -0,0 +1,62 @@ + +!if $(DEFAULT_KEYS) == TRUE + FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { + !ifdef $(PK_DEFAULT_FILE) + SECTION RAW = $(PK_DEFAULT_FILE) + !endif + SECTION UI = "PK Default" + } + + FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { + !ifdef $(KEK_DEFAULT_FILE1) + SECTION RAW = $(KEK_DEFAULT_FILE1) + !endif + !ifdef $(KEK_DEFAULT_FILE2) + SECTION RAW = $(KEK_DEFAULT_FILE2) + !endif + !ifdef $(KEK_DEFAULT_FILE3) + SECTION RAW = $(KEK_DEFAULT_FILE3) + !endif + SECTION UI = "KEK Default" + } + + FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { + !ifdef $(DB_DEFAULT_FILE1) + SECTION RAW = $(DB_DEFAULT_FILE1) + !endif + !ifdef $(DB_DEFAULT_FILE2) + SECTION RAW = $(DB_DEFAULT_FILE2) + !endif + !ifdef $(DB_DEFAULT_FILE3) + SECTION RAW = $(DB_DEFAULT_FILE3) + !endif + SECTION UI = "DB Default" + } + + FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 { + !ifdef $(DBT_DEFAULT_FILE1) + SECTION RAW = $(DBT_DEFAULT_FILE1) + !endif + !ifdef $(DBT_DEFAULT_FILE2) + SECTION RAW = $(DBT_DEFAULT_FILE2) + !endif + !ifdef $(DBT_DEFAULT_FILE3) + SECTION RAW = $(DBT_DEFAULT_FILE3) + !endif + SECTION UI = "DBT Default" + } + + FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { + !ifdef $(DBX_DEFAULT_FILE1) + SECTION RAW = $(DBX_DEFAULT_FILE1) + !endif + !ifdef $(DBX_DEFAULT_FILE2) + SECTION RAW = $(DBX_DEFAULT_FILE2) + !endif + !ifdef $(DBX_DEFAULT_FILE3) + SECTION RAW = $(DBX_DEFAULT_FILE3) + !endif + SECTION UI = "DBX Default" + } + +!endif -- 2.25.1