From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lj1-f173.google.com (mail-lj1-f173.google.com [209.85.208.173]) by mx.groups.io with SMTP id smtpd.web12.5199.1625056476534248827 for ; Wed, 30 Jun 2021 05:34:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=kbWPVHve; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.208.173, mailfrom: gjb@semihalf.com) Received: by mail-lj1-f173.google.com with SMTP id u20so3013663ljo.12 for ; Wed, 30 Jun 2021 05:34:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=EDnlEevRN2vPktEEXNuH6WKRIjdDAInmOm9n3Pz40+s=; b=kbWPVHvex9J4VusEj83GrFmIFyQwEFInRUJ5arcKorNfLwXnzb2TUiJmLo4wMuNRLJ QS58o/A0sU0L9WXa0avzy159+3tlCiLetRcq3LinoLuqMXK2lbNkXkSkzOn7bxBnIJCS miu8bn1558zJd1xztHrnZyRvAg0ce2SaapNgu0qSaFgQ6LbNwYVLPorpE9LWwbepzMQq X4iJBp7Dn1l6USJPkzel5nfzzu3vz2Wr4yerQLTAkMAHvzUV5jZqIW/ECBqWMd3oY17U UYxTK5h03P3Jr8nQSb+sDWLK3fwq5c6zq4tFQARI05IeDNQFVckRFse9nFf19hYKcdXE nxVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EDnlEevRN2vPktEEXNuH6WKRIjdDAInmOm9n3Pz40+s=; b=PvhR4unNy+C5Iz9+ueQYp2PxvaHAkICGfLOp4hpU7DrI291GS5sadDdvXHcJVPvoyD l1i5Cjsu/ljtIgoauHR1vOJAFkWMj026uHffqRZOT0WmLsXYepT274IRGVKr7X54WIIw 4YT6qoSKHr+wsoaH8BwdElK6gosU8Z1HJRZqYFI6Y920KpePfxdNBsCgtiZjcSYVmn+Q 32VudVhrnhfkWJC2H7pWLMEnEiaLrdT54wSoxtgPo7zDtt8kD0U/7WCtLtvYpSaIVC9u xFjm2Sr7s9HBivKZU3ahuzcG51vmM0JsBoRpEGiNd8+YabeG7jymBEKnC8HP5hGCREWz 6DcQ== X-Gm-Message-State: AOAM533+ki8axySqel1wsynJznogZcKw5mfncN6bO8axBtNrUg7a9sWh VdH4CxPoShBnccRd58cxaf1RLw+PIE25C9X7 X-Google-Smtp-Source: ABdhPJwfKHmlyvgUfVn/a09WY1FUFuG04XJmxr66m7NPiZKYRmD/ABzXr9jFywkMZfIh8bZ1FXH1rA== X-Received: by 2002:a2e:b5d4:: with SMTP id g20mr7640916ljn.509.1625056474445; Wed, 30 Jun 2021 05:34:34 -0700 (PDT) Return-Path: Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id d29sm1285624lfv.20.2021.06.30.05.34.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jun 2021 05:34:34 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki Subject: [PATCH v4 4/8] ArmPlatformPkg: Create include file for default key content. Date: Wed, 30 Jun 2021 14:34:04 +0200 Message-Id: <20210630123412.996158-5-gjb@semihalf.com> X-Mailer: git-send-email 2.29.0 In-Reply-To: <20210630123412.996158-1-gjb@semihalf.com> References: <20210630123412.996158-1-gjb@semihalf.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This commits add file which can be included by platform Flash Description File. It allows to specify certificate files, which will be embedded into binary file. The content of these files can be used to initialize Secure Boot default keys and databases. Signed-off-by: Grzegorz Bernacki --- ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc | 70 ++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc diff --git a/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc new file mode 100644 index 0000000000..bf4f2d42de --- /dev/null +++ b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc @@ -0,0 +1,70 @@ +## @file +# FDF include file which allows to embed Secure Boot keys +# +# Copyright (c) 2021, ARM Limited. All rights reserved. +# Copyright (c) 2021, Semihalf. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +!if $(DEFAULT_KEYS) == TRUE + FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { + !ifdef $(PK_DEFAULT_FILE) + SECTION RAW = $(PK_DEFAULT_FILE) + !endif + SECTION UI = "PK Default" + } + + FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { + !ifdef $(KEK_DEFAULT_FILE1) + SECTION RAW = $(KEK_DEFAULT_FILE1) + !endif + !ifdef $(KEK_DEFAULT_FILE2) + SECTION RAW = $(KEK_DEFAULT_FILE2) + !endif + !ifdef $(KEK_DEFAULT_FILE3) + SECTION RAW = $(KEK_DEFAULT_FILE3) + !endif + SECTION UI = "KEK Default" + } + + FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { + !ifdef $(DB_DEFAULT_FILE1) + SECTION RAW = $(DB_DEFAULT_FILE1) + !endif + !ifdef $(DB_DEFAULT_FILE2) + SECTION RAW = $(DB_DEFAULT_FILE2) + !endif + !ifdef $(DB_DEFAULT_FILE3) + SECTION RAW = $(DB_DEFAULT_FILE3) + !endif + SECTION UI = "DB Default" + } + + FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 { + !ifdef $(DBT_DEFAULT_FILE1) + SECTION RAW = $(DBT_DEFAULT_FILE1) + !endif + !ifdef $(DBT_DEFAULT_FILE2) + SECTION RAW = $(DBT_DEFAULT_FILE2) + !endif + !ifdef $(DBT_DEFAULT_FILE3) + SECTION RAW = $(DBT_DEFAULT_FILE3) + !endif + SECTION UI = "DBT Default" + } + + FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { + !ifdef $(DBX_DEFAULT_FILE1) + SECTION RAW = $(DBX_DEFAULT_FILE1) + !endif + !ifdef $(DBX_DEFAULT_FILE2) + SECTION RAW = $(DBX_DEFAULT_FILE2) + !endif + !ifdef $(DBX_DEFAULT_FILE3) + SECTION RAW = $(DBX_DEFAULT_FILE3) + !endif + SECTION UI = "DBX Default" + } + +!endif -- 2.25.1