public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Grzegorz Bernacki" <gjb@semihalf.com>
To: devel@edk2.groups.io
Cc: leif@nuviainc.com, ardb+tianocore@kernel.org,
	Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com,
	mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com,
	jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com,
	sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com,
	jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org,
	thomas.abraham@arm.com, chasel.chiu@intel.com,
	nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn,
	eric.dong@intel.com, michael.d.kinney@intel.com,
	zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com,
	rad@semihalf.com, pete@akeo.ie,
	Grzegorz Bernacki <gjb@semihalf.com>,
	Sunny Wang <sunny.wang@arm.com>
Subject: [edk2-platforms PATCH v5 4/4] Platform/RaspberryPi: Enable default Secure Boot variables initialization
Date: Thu,  1 Jul 2021 11:20:51 +0200	[thread overview]
Message-ID: <20210701092051.1057606-5-gjb@semihalf.com> (raw)
In-Reply-To: <20210701092051.1057606-1-gjb@semihalf.com>

This commit allows to initialize Secure Boot default key
and databases from data embedded in firmware binary.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
Tested-by: Pete Batard <pete@akeo.ie> on Raspberry Pi 4
---
 Platform/RaspberryPi/RPi4/RPi4.dsc | 3 +++
 Platform/RaspberryPi/RPi4/RPi4.fdf | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc
index d38fee8fb8..54bb282ff2 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.dsc
+++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
@@ -218,6 +218,7 @@
   MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
   HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
+  ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
 
 [LibraryClasses.common.UEFI_DRIVER]
@@ -621,6 +622,8 @@
       NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
   }
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
+  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 !else
   MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
 !endif
diff --git a/Platform/RaspberryPi/RPi4/RPi4.fdf b/Platform/RaspberryPi/RPi4/RPi4.fdf
index 1e13909a57..8508065a77 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.fdf
+++ b/Platform/RaspberryPi/RPi4/RPi4.fdf
@@ -189,7 +189,9 @@ READ_LOCK_STATUS   = TRUE
   INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
   INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(SECURE_BOOT_ENABLE) == TRUE
+!include ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
   INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+  INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 !endif
   INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
   INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
-- 
2.25.1


  parent reply	other threads:[~2021-07-01  9:21 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-01  9:20 [edk2-platforms PATCH v5 0/4] Secure Boot default keys Grzegorz Bernacki
2021-07-01  9:20 ` [edk2-platforms PATCH v5 1/4] Intel Platforms: add SecureBootVariableLib class resolution Grzegorz Bernacki
2021-07-09  9:09   ` Sunny Wang
2021-07-12 13:24     ` 回复: [edk2-devel] " gaoliming
2021-07-01  9:20 ` [edk2-platforms PATCH v5 2/4] ARM Silicon and " Grzegorz Bernacki
2021-07-05 10:17   ` [edk2-devel] " Sami Mujawar
2021-07-01  9:20 ` [edk2-platforms PATCH v5 3/4] RISC-V " Grzegorz Bernacki
2021-07-02  4:11   ` Abner Chang
2021-07-02  6:24     ` Grzegorz Bernacki
2021-07-01  9:20 ` Grzegorz Bernacki [this message]
2021-07-12  8:20 ` [edk2-platforms PATCH v5 0/4] Secure Boot default keys Sunny Wang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210701092051.1057606-5-gjb@semihalf.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox