From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lj1-f182.google.com (mail-lj1-f182.google.com [209.85.208.182]) by mx.groups.io with SMTP id smtpd.web08.4642.1625131095525913185 for ; Thu, 01 Jul 2021 02:18:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=v7X70OPu; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.208.182, mailfrom: gjb@semihalf.com) Received: by mail-lj1-f182.google.com with SMTP id u25so7427896ljj.11 for ; Thu, 01 Jul 2021 02:18:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=EDnlEevRN2vPktEEXNuH6WKRIjdDAInmOm9n3Pz40+s=; b=v7X70OPuh9mMG+iOMTb2nTdTARisf94SknomAO7AtBCbAgNyqvvlByy4aDVkMhOvC5 +6XNTqslftbsfND1ZR7C54io/lDO59qZ8rdoLPMydRcXnFntAWS1JxsZb+NKPcgNfb48 T+GPa/2aRSX/UOKC+/fRopXfcfDVUERy1j6VmLjwBS1RzOPTmqRoCmhpp9VH2nvnzmiP z/srYuxMjP39Do3yPMw+sA1C2rUaEggxgDfgHCQAQmkzvTrWBASS1rhL7z58G23O6irn 4v6eFks+7V9MpYy9RwYOAqOLRC/o8Y9Vu5sUkNcTnLKclOPLJ0p++7q/xysrqAI6zwOr O2SQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EDnlEevRN2vPktEEXNuH6WKRIjdDAInmOm9n3Pz40+s=; b=pCEDeNTlcF+bS5dCLTAYUJ5TLvJJFsoiZAiJ/mAyaW7vN9RchH0nq3der1WK2TH5HO aEG/vV+TSMXs50YStGNqxGVlD51UbO8Udf1g0BCdxCIQ21WBNoId5ef3dj5Fb4ngE6Pi ZjXQ6e6+JvaWaP2EszL58RoO2G+8802xguYSUZnnf8jkYzwLR622atQ5at7rRRK+Vavj T8Ac/LqwjXZ1VBPhnUve4qmtkmN75HO+nXCd02PO3Y1uCRWLwwDaAoz8ll+x50+TeJDe 55SitNF/Tm1RhLHZHpHJrgYiwM9YcevemtOXkHol8IDShtlT7S2aDVQ9gzCBdZ3P797h a3Jw== X-Gm-Message-State: AOAM531KmMzqoUqzVV6UEGX+ojNBpftdPKOHJRpVbRfmthFXFqOL0onG DorgsmoZ45y8P3JLelPpjLF6c5qOcZC3Cs66 X-Google-Smtp-Source: ABdhPJwL4f+0E3wGMhQ5ldrTMVuWerT39g4ltAw3GUS2YxhXkqxdmmWg/4ZODLezLOBFprBJ4Qr09w== X-Received: by 2002:a2e:bc06:: with SMTP id b6mr125337ljf.327.1625131093570; Thu, 01 Jul 2021 02:18:13 -0700 (PDT) Return-Path: Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id c5sm2527215ljj.17.2021.07.01.02.18.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jul 2021 02:18:13 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki Subject: [PATCH v5 06/10] ArmPlatformPkg: Create include file for default key content. Date: Thu, 1 Jul 2021 11:17:54 +0200 Message-Id: <20210701091758.1057485-7-gjb@semihalf.com> X-Mailer: git-send-email 2.29.0 In-Reply-To: <20210701091758.1057485-1-gjb@semihalf.com> References: <20210701091758.1057485-1-gjb@semihalf.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This commits add file which can be included by platform Flash Description File. It allows to specify certificate files, which will be embedded into binary file. The content of these files can be used to initialize Secure Boot default keys and databases. Signed-off-by: Grzegorz Bernacki --- ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc | 70 ++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc diff --git a/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc new file mode 100644 index 0000000000..bf4f2d42de --- /dev/null +++ b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc @@ -0,0 +1,70 @@ +## @file +# FDF include file which allows to embed Secure Boot keys +# +# Copyright (c) 2021, ARM Limited. All rights reserved. +# Copyright (c) 2021, Semihalf. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +!if $(DEFAULT_KEYS) == TRUE + FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { + !ifdef $(PK_DEFAULT_FILE) + SECTION RAW = $(PK_DEFAULT_FILE) + !endif + SECTION UI = "PK Default" + } + + FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { + !ifdef $(KEK_DEFAULT_FILE1) + SECTION RAW = $(KEK_DEFAULT_FILE1) + !endif + !ifdef $(KEK_DEFAULT_FILE2) + SECTION RAW = $(KEK_DEFAULT_FILE2) + !endif + !ifdef $(KEK_DEFAULT_FILE3) + SECTION RAW = $(KEK_DEFAULT_FILE3) + !endif + SECTION UI = "KEK Default" + } + + FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { + !ifdef $(DB_DEFAULT_FILE1) + SECTION RAW = $(DB_DEFAULT_FILE1) + !endif + !ifdef $(DB_DEFAULT_FILE2) + SECTION RAW = $(DB_DEFAULT_FILE2) + !endif + !ifdef $(DB_DEFAULT_FILE3) + SECTION RAW = $(DB_DEFAULT_FILE3) + !endif + SECTION UI = "DB Default" + } + + FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 { + !ifdef $(DBT_DEFAULT_FILE1) + SECTION RAW = $(DBT_DEFAULT_FILE1) + !endif + !ifdef $(DBT_DEFAULT_FILE2) + SECTION RAW = $(DBT_DEFAULT_FILE2) + !endif + !ifdef $(DBT_DEFAULT_FILE3) + SECTION RAW = $(DBT_DEFAULT_FILE3) + !endif + SECTION UI = "DBT Default" + } + + FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { + !ifdef $(DBX_DEFAULT_FILE1) + SECTION RAW = $(DBX_DEFAULT_FILE1) + !endif + !ifdef $(DBX_DEFAULT_FILE2) + SECTION RAW = $(DBX_DEFAULT_FILE2) + !endif + !ifdef $(DBX_DEFAULT_FILE3) + SECTION RAW = $(DBX_DEFAULT_FILE3) + !endif + SECTION UI = "DBX Default" + } + +!endif -- 2.25.1