From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45]) by mx.groups.io with SMTP id smtpd.web08.5957.1626265826146611864 for ; Wed, 14 Jul 2021 05:30:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=qQaQfP/m; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.167.45, mailfrom: gjb@semihalf.com) Received: by mail-lf1-f45.google.com with SMTP id n14so3281366lfu.8 for ; Wed, 14 Jul 2021 05:30:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gdl1GbqunWQEpDlDFOzz3T2Tafcm/Ju4axYxl4revqs=; b=qQaQfP/mIsuYCjArEUfCv+T3T5aK0RkjX2RNc9y1mclTKFcwZocj048p1wzho/1Cbv eqIpkOwSWwHkkkqVBnmzoVZSHLFfymoc04mqts/fL0R5Eo3w82SA2ll7fehn+H0XidxM RARIiuhagEBnjfUkTiMt35gCF0NHG8dG5tQFvxiFTVaF5cbKo9yuTOifFrM/MUZMlrd8 z4rV74uP5d+0HvahLtNfpfI258IkUzGa8pdvCx70EaUAbwtPSb4qgpnLRS/XOOzcaWji 5aTyl0cMrA/X+NdlS4bKp4VsHGHazH9Xy4swrZ6TxUUOMv7wIAlAphhgRnTm1jekH3dS Wbgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gdl1GbqunWQEpDlDFOzz3T2Tafcm/Ju4axYxl4revqs=; b=g7UTlFQhPcXg9sBXwYumvNcS35GA1VX8D3QJkAQAlSAsWS2jlmlEKE1jZemFqeNekL S2E9tjpVo3b1ajcdUAEtOW+LyF19mkF/QpsoaLuaHQnyIHnvyTCt+OwRxisyniK5b9m6 IEU9iagW/Uej9v7kjhB9kMlAWImT9hYVGtGqLqfbdrGp8eXTj1SCro4ryNl0ZmBqaJuV f/feCREXmJ5RuKxcCLL3oH6yCtyU9xGCBnmTV3/wbRkDnrAnByiloX6xgIMw5q8JNBpb SrOR3FOzyV4qLVuKh25KITbpEUCgl1bYbvaeIc8h/wRiuQSiH2jYtjeMGaKe346SLY2r tK2w== X-Gm-Message-State: AOAM532UCXIZz0DyLIILtSJTGMV52H1DDTQkTCtVutCqDf2FKVgxD6nj KqMz4AOeT+2FKjDVQqSNL68PJnL0/UIGdTQK X-Google-Smtp-Source: ABdhPJyLjT2ZTpetBmwyGBSYvqw95fj0TLgqLuksf5Qt9FoaavA3hHSNNIvzOJ/vLmPf9+SUd+f0sQ== X-Received: by 2002:a05:6512:3e21:: with SMTP id i33mr344478lfv.32.1626265824283; Wed, 14 Jul 2021 05:30:24 -0700 (PDT) Return-Path: Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id j2sm224846ljc.49.2021.07.14.05.30.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jul 2021 05:30:23 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki , Sunny Wang Subject: [PATCH v6 07/11] ArmPlatformPkg: Create include file for default key content. Date: Wed, 14 Jul 2021 14:29:48 +0200 Message-Id: <20210714122952.1340890-8-gjb@semihalf.com> X-Mailer: git-send-email 2.29.0 In-Reply-To: <20210714122952.1340890-1-gjb@semihalf.com> References: <20210714122952.1340890-1-gjb@semihalf.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This commits add file which can be included by platform Flash Description File. It allows to specify certificate files, which will be embedded into binary file. The content of these files can be used to initialize Secure Boot default keys and databases. Signed-off-by: Grzegorz Bernacki Reviewed-by: Sunny Wang --- ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc | 70 ++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc diff --git a/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc new file mode 100644 index 0000000000..bf4f2d42de --- /dev/null +++ b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc @@ -0,0 +1,70 @@ +## @file +# FDF include file which allows to embed Secure Boot keys +# +# Copyright (c) 2021, ARM Limited. All rights reserved. +# Copyright (c) 2021, Semihalf. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +!if $(DEFAULT_KEYS) == TRUE + FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { + !ifdef $(PK_DEFAULT_FILE) + SECTION RAW = $(PK_DEFAULT_FILE) + !endif + SECTION UI = "PK Default" + } + + FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { + !ifdef $(KEK_DEFAULT_FILE1) + SECTION RAW = $(KEK_DEFAULT_FILE1) + !endif + !ifdef $(KEK_DEFAULT_FILE2) + SECTION RAW = $(KEK_DEFAULT_FILE2) + !endif + !ifdef $(KEK_DEFAULT_FILE3) + SECTION RAW = $(KEK_DEFAULT_FILE3) + !endif + SECTION UI = "KEK Default" + } + + FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { + !ifdef $(DB_DEFAULT_FILE1) + SECTION RAW = $(DB_DEFAULT_FILE1) + !endif + !ifdef $(DB_DEFAULT_FILE2) + SECTION RAW = $(DB_DEFAULT_FILE2) + !endif + !ifdef $(DB_DEFAULT_FILE3) + SECTION RAW = $(DB_DEFAULT_FILE3) + !endif + SECTION UI = "DB Default" + } + + FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 { + !ifdef $(DBT_DEFAULT_FILE1) + SECTION RAW = $(DBT_DEFAULT_FILE1) + !endif + !ifdef $(DBT_DEFAULT_FILE2) + SECTION RAW = $(DBT_DEFAULT_FILE2) + !endif + !ifdef $(DBT_DEFAULT_FILE3) + SECTION RAW = $(DBT_DEFAULT_FILE3) + !endif + SECTION UI = "DBT Default" + } + + FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { + !ifdef $(DBX_DEFAULT_FILE1) + SECTION RAW = $(DBX_DEFAULT_FILE1) + !endif + !ifdef $(DBX_DEFAULT_FILE2) + SECTION RAW = $(DBX_DEFAULT_FILE2) + !endif + !ifdef $(DBX_DEFAULT_FILE3) + SECTION RAW = $(DBX_DEFAULT_FILE3) + !endif + SECTION UI = "DBX Default" + } + +!endif -- 2.25.1