From: "Grzegorz Bernacki" <gjb@semihalf.com>
To: devel@edk2.groups.io
Cc: leif@nuviainc.com, ardb+tianocore@kernel.org,
Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com,
mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com,
jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com,
sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com,
jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org,
thomas.abraham@arm.com, chasel.chiu@intel.com,
nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn,
eric.dong@intel.com, michael.d.kinney@intel.com,
zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com,
rad@semihalf.com, pete@akeo.ie,
Grzegorz Bernacki <gjb@semihalf.com>,
Sunny Wang <sunny.wang@arm.com>
Subject: [edk2-platforms PATCH v5 4/4] Platform/RaspberryPi: Enable default Secure Boot variables initialization
Date: Thu, 1 Jul 2021 11:20:51 +0200 [thread overview]
Message-ID: <20210701092051.1057606-5-gjb@semihalf.com> (raw)
In-Reply-To: <20210701092051.1057606-1-gjb@semihalf.com>
This commit allows to initialize Secure Boot default key
and databases from data embedded in firmware binary.
Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
Tested-by: Pete Batard <pete@akeo.ie> on Raspberry Pi 4
---
Platform/RaspberryPi/RPi4/RPi4.dsc | 3 +++
Platform/RaspberryPi/RPi4/RPi4.fdf | 2 ++
2 files changed, 5 insertions(+)
diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc
index d38fee8fb8..54bb282ff2 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.dsc
+++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
@@ -218,6 +218,7 @@
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
[LibraryClasses.common.UEFI_DRIVER]
@@ -621,6 +622,8 @@
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
}
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+ SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
+ SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
!else
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
!endif
diff --git a/Platform/RaspberryPi/RPi4/RPi4.fdf b/Platform/RaspberryPi/RPi4/RPi4.fdf
index 1e13909a57..8508065a77 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.fdf
+++ b/Platform/RaspberryPi/RPi4/RPi4.fdf
@@ -189,7 +189,9 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
+!include ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+ INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
!endif
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
--
2.25.1
next prev parent reply other threads:[~2021-07-01 9:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-01 9:20 [edk2-platforms PATCH v5 0/4] Secure Boot default keys Grzegorz Bernacki
2021-07-01 9:20 ` [edk2-platforms PATCH v5 1/4] Intel Platforms: add SecureBootVariableLib class resolution Grzegorz Bernacki
2021-07-09 9:09 ` Sunny Wang
2021-07-12 13:24 ` 回复: [edk2-devel] " gaoliming
2021-07-01 9:20 ` [edk2-platforms PATCH v5 2/4] ARM Silicon and " Grzegorz Bernacki
2021-07-05 10:17 ` [edk2-devel] " Sami Mujawar
2021-07-01 9:20 ` [edk2-platforms PATCH v5 3/4] RISC-V " Grzegorz Bernacki
2021-07-02 4:11 ` Abner Chang
2021-07-02 6:24 ` Grzegorz Bernacki
2021-07-01 9:20 ` Grzegorz Bernacki [this message]
2021-07-12 8:20 ` [edk2-platforms PATCH v5 0/4] Secure Boot default keys Sunny Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210701092051.1057606-5-gjb@semihalf.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox