From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com [209.85.208.175]) by mx.groups.io with SMTP id smtpd.web11.27821.1623663824687978470 for ; Mon, 14 Jun 2021 02:43:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=kOzk53eZ; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.208.175, mailfrom: gjb@semihalf.com) Received: by mail-lj1-f175.google.com with SMTP id bn21so19313350ljb.1 for ; Mon, 14 Jun 2021 02:43:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=bA6F0FmMyRuFWV7vLFfBGdqtcSRdVF6dsRB7CCSpe9I=; b=kOzk53eZTyUUWSD7TMchHPchEGTZF+p4Om5XtcYmf/QIGw2JGI2OoTRAai4Q+cXxch e7JrActNfGzcsKvjevraRj09HLVygONN3hSYMRATfynujwkLmbnAFVlI2pr42YBNxn64 1d5kVX27CZSLT+UJcJ7cd6aXEDhpa44igR8pR1kj9fLhMNHWTLZEB/NPKjkz/frTpHdl duXWQBxKWD4M3gC0mqki1EMVEGr+vBnz9v70AHvl7Qk32ik9kRqjisUUhqNFJiSDuPAv Hr9EM+dbi1u4HfNoYTWbUswA+gYpwBDiHaCGiSF8phS2xieJ+Cby6oT+ecVsfw9ULf3P w91w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bA6F0FmMyRuFWV7vLFfBGdqtcSRdVF6dsRB7CCSpe9I=; b=V/QYLltU6sNgQ3m05JRVEhy++4KrtATWRZ6q0qgxC+3exB7UT8688s2c3m0ZxoflZA 4ZSAXwr2i8ncuMd+E94B2Mothr45HRlvWO27L+WUMWwCN8sS5u/qlSZkiqANeF+92YtW R2M+Yu4ncPSzHfPMh4/kgULUIWO1H/okK1tRRnhzq88nvCgMASO5difNRkqLQc0JJTcb 00KCD7GQqJlPOJ87s+NRJeYWCHDzow7nOT2Gjm8Z1Ssfz+WP7K945BUlrT6d7A3cKvM9 C9AqCR4D/OmQ1OTNF+04A+6JxLwRjH3jBBv9OddT+Ro2K0IZLLRB2TDmJ5TBXM2EnDgh Os3g== X-Gm-Message-State: AOAM532miasivwxWV3oBlWn+CaR/I4Gd4kjkFAt3LyCKPTqZiVxqpcgf DjpLaNVKzukzp6dupZNU9fL9Y3LIJDJEunp4 X-Google-Smtp-Source: ABdhPJzdFns0HvZBP/K0bJGj16pdP70DhDHLZ7VRrHOrPWFF4vhg+qJacilzYJTHgtwjjAqA/KW15Q== X-Received: by 2002:a2e:9251:: with SMTP id v17mr13341104ljg.193.1623663822675; Mon, 14 Jun 2021 02:43:42 -0700 (PDT) Return-Path: Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id c32sm367777lfv.30.2021.06.14.02.43.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Jun 2021 02:43:42 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki Subject: [PATCH v3 3/8] SecurityPkg: Create include file for default key content. Date: Mon, 14 Jun 2021 11:43:03 +0200 Message-Id: <20210614094308.2314345-6-gjb@semihalf.com> X-Mailer: git-send-email 2.29.0 In-Reply-To: <20210614094308.2314345-1-gjb@semihalf.com> References: <20210614094308.2314345-1-gjb@semihalf.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This commits add file which can be included by platform Flash Description File. It allows to specify certificate files, which will be embedded into binary file. The content of these files can be used to initialize Secure Boot default keys and databases. Signed-off-by: Grzegorz Bernacki --- SecurityPkg/SecureBootDefaultKeys.fdf.inc | 70 ++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc b/SecurityPkg/SecureBootDefaultKeys.fdf.inc new file mode 100644 index 0000000000..bf4f2d42de --- /dev/null +++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc @@ -0,0 +1,70 @@ +## @file +# FDF include file which allows to embed Secure Boot keys +# +# Copyright (c) 2021, ARM Limited. All rights reserved. +# Copyright (c) 2021, Semihalf. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +!if $(DEFAULT_KEYS) == TRUE + FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { + !ifdef $(PK_DEFAULT_FILE) + SECTION RAW = $(PK_DEFAULT_FILE) + !endif + SECTION UI = "PK Default" + } + + FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { + !ifdef $(KEK_DEFAULT_FILE1) + SECTION RAW = $(KEK_DEFAULT_FILE1) + !endif + !ifdef $(KEK_DEFAULT_FILE2) + SECTION RAW = $(KEK_DEFAULT_FILE2) + !endif + !ifdef $(KEK_DEFAULT_FILE3) + SECTION RAW = $(KEK_DEFAULT_FILE3) + !endif + SECTION UI = "KEK Default" + } + + FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { + !ifdef $(DB_DEFAULT_FILE1) + SECTION RAW = $(DB_DEFAULT_FILE1) + !endif + !ifdef $(DB_DEFAULT_FILE2) + SECTION RAW = $(DB_DEFAULT_FILE2) + !endif + !ifdef $(DB_DEFAULT_FILE3) + SECTION RAW = $(DB_DEFAULT_FILE3) + !endif + SECTION UI = "DB Default" + } + + FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 { + !ifdef $(DBT_DEFAULT_FILE1) + SECTION RAW = $(DBT_DEFAULT_FILE1) + !endif + !ifdef $(DBT_DEFAULT_FILE2) + SECTION RAW = $(DBT_DEFAULT_FILE2) + !endif + !ifdef $(DBT_DEFAULT_FILE3) + SECTION RAW = $(DBT_DEFAULT_FILE3) + !endif + SECTION UI = "DBT Default" + } + + FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { + !ifdef $(DBX_DEFAULT_FILE1) + SECTION RAW = $(DBX_DEFAULT_FILE1) + !endif + !ifdef $(DBX_DEFAULT_FILE2) + SECTION RAW = $(DBX_DEFAULT_FILE2) + !endif + !ifdef $(DBX_DEFAULT_FILE3) + SECTION RAW = $(DBX_DEFAULT_FILE3) + !endif + SECTION UI = "DBX Default" + } + +!endif -- 2.25.1