[PATCH v5 09/10] SecurityPkg: Add new modules to Security package.

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Grzegorz Bernacki" <gjb@semihalf.com>
To: devel@edk2.groups.io
Cc: leif@nuviainc.com, ardb+tianocore@kernel.org,
	Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com,
	mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com,
	jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com,
	sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com,
	jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org,
	thomas.abraham@arm.com, chasel.chiu@intel.com,
	nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn,
	eric.dong@intel.com, michael.d.kinney@intel.com,
	zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com,
	rad@semihalf.com, pete@akeo.ie,
	Grzegorz Bernacki <gjb@semihalf.com>,
	Sunny Wang <sunny.wang@arm.com>
Subject: [PATCH v5 09/10] SecurityPkg: Add new modules to Security package.
Date: Thu,  1 Jul 2021 11:17:57 +0200	[thread overview]
Message-ID: <20210701091758.1057485-10-gjb@semihalf.com> (raw)
In-Reply-To: <20210701091758.1057485-1-gjb@semihalf.com>

This commits adds modules related to initialization and
usage of default Secure Boot key variables to SecurityPkg.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
Tested-by: Pete Batard <pete@akeo.ie> on Raspberry Pi 4
---
 SecurityPkg/SecurityPkg.dec | 14 ++++++++++++++
 SecurityPkg/SecurityPkg.dsc |  3 +++
 2 files changed, 17 insertions(+)

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 4001650fa2..e6aab4dce7 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -190,6 +190,20 @@
   ## GUID used to enforce loading order between Tcg2Acpi and Tcg2Smm
   gTcg2MmSwSmiRegisteredGuid         = { 0x9d4548b9, 0xa48d, 0x4db4, { 0x9a, 0x68, 0x32, 0xc5, 0x13, 0x9e, 0x20, 0x18 } }
 
+  ## GUID used to specify section with default PK content
+  gDefaultPKFileGuid                 = { 0x85254ea7, 0x4759, 0x4fc4, { 0x82, 0xd4, 0x5e, 0xed, 0x5f, 0xb0, 0xa4, 0xa0 } }
+
+  ## GUID used to specify section with default KEK content
+  gDefaultKEKFileGuid                = { 0x6f64916e, 0x9f7a, 0x4c35, { 0xb9, 0x52, 0xcd, 0x04, 0x1e, 0xfb, 0x05, 0xa3 } }
+
+  ## GUID used to specify section with default db content
+  gDefaultdbFileGuid                 = { 0xc491d352, 0x7623, 0x4843, { 0xac, 0xcc, 0x27, 0x91, 0xa7, 0x57, 0x44, 0x21 } }
+
+  ## GUID used to specify section with default dbx content
+  gDefaultdbxFileGuid                = { 0x5740766a, 0x718e, 0x4dc0, { 0x99, 0x35, 0xc3, 0x6f, 0x7d, 0x3f, 0x88, 0x4f } }
+
+  ## GUID used to specify section with default dbt content
+  gDefaultdbtFileGuid                = { 0x36c513ee, 0xa338, 0x4976, { 0xa0, 0xfb, 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } }
 
 [Ppis]
   ## The PPI GUID for that TPM physical presence should be locked.
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 854f250625..f2f90f49de 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -259,6 +259,9 @@
 
 [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
   SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  SecurityPkg/EnrollFromDefaultKeys/EnrollFromDefaultKeys.inf
+  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys/SecureBootDefaultKeys.inf
 
 [Components.IA32, Components.X64, Components.AARCH64]
   #
-- 
2.25.1

next prev parent reply	other threads:[~2021-07-01  9:18 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-01  9:17 [PATCH v5 00/10] Secure Boot default keys Grzegorz Bernacki
2021-07-01  9:17 ` [PATCH v5 01/10] SecurityPkg: Create library for setting Secure Boot variables Grzegorz Bernacki
2021-07-06 11:55   ` Yao, Jiewen
2021-07-09  9:29   ` Sunny Wang
2021-07-01  9:17 ` [PATCH v5 02/10] ArmVirtPkg: add SecureBootVariableLib class resolution Grzegorz Bernacki
2021-07-01 10:39   ` Laszlo Ersek
2021-07-09  9:32   ` Sunny Wang
2021-07-01  9:17 ` [PATCH v5 03/10] OvmfPkg: " Grzegorz Bernacki
2021-07-01 10:39   ` Laszlo Ersek
2021-07-09  9:37   ` Sunny Wang
2021-07-01  9:17 ` [PATCH v5 04/10] EmulatorPkg: " Grzegorz Bernacki
2021-07-09  9:10   ` Sunny Wang
2021-07-01  9:17 ` [PATCH v5 05/10] SecurityPkg: Remove duplicated functions from SecureBootConfigDxe Grzegorz Bernacki
2021-07-09  9:12   ` Sunny Wang
2021-07-12 11:45   ` Yao, Jiewen
     [not found]   ` <1691088E46D0B29B.19753@groups.io>
2021-07-12 14:01     ` [edk2-devel] " Yao, Jiewen
2021-07-01  9:17 ` [PATCH v5 06/10] ArmPlatformPkg: Create include file for default key content Grzegorz Bernacki
2021-07-09  9:20   ` Sunny Wang
2021-07-01  9:17 ` [PATCH v5 07/10] SecurityPkg: Add SecureBootDefaultKeysDxe driver Grzegorz Bernacki
2021-07-06 11:53   ` Yao, Jiewen
2021-07-01  9:17 ` [PATCH v5 08/10] SecurityPkg: Add EnrollFromDefaultKeys application Grzegorz Bernacki
2021-07-06 11:53   ` Yao, Jiewen
2021-07-09  9:37   ` Sunny Wang
2021-07-01  9:17 ` Grzegorz Bernacki [this message]
2021-07-06 11:57   ` [PATCH v5 09/10] SecurityPkg: Add new modules to Security package Yao, Jiewen
2021-07-01  9:17 ` [PATCH v5 10/10] SecurityPkg: Add option to reset secure boot keys Grzegorz Bernacki
2021-07-06 11:53   ` Yao, Jiewen
2021-07-07  1:17 ` 回复: [edk2-devel] [PATCH v5 00/10] Secure Boot default keys gaoliming
2021-07-07  7:36   ` Grzegorz Bernacki
2021-07-09 10:17 ` Sunny Wang
2021-07-09 18:22 ` [edk2-devel] " Sean
2021-07-09 20:03   ` Samer El-Haj-Mahmoud
2021-07-12 12:02     ` Yao, Jiewen
2021-07-13  7:47       ` Grzegorz Bernacki
2021-07-13  7:54         ` Yao, Jiewen

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4001650fa dfblob:e6aab4dce dfblob:854f25062 dfblob:f2f90f49d )
 OR (
bs:"[PATCH v5 09/10] SecurityPkg: Add new modules to Security package." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210701091758.1057485-10-gjb@semihalf.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox