[PATCH v7 10/11] SecurityPkg: Add new modules to Security package.

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Grzegorz Bernacki" <gjb@semihalf.com>
To: devel@edk2.groups.io
Cc: leif@nuviainc.com, ardb+tianocore@kernel.org,
	Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com,
	mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com,
	jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com,
	sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com,
	jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org,
	thomas.abraham@arm.com, chasel.chiu@intel.com,
	nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn,
	eric.dong@intel.com, michael.d.kinney@intel.com,
	zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com,
	rad@semihalf.com, pete@akeo.ie,
	Grzegorz Bernacki <gjb@semihalf.com>,
	Sunny Wang <sunny.wang@arm.com>,
	Jiewen Yao <Jiewen.yao@intel.com>
Subject: [PATCH v7 10/11] SecurityPkg: Add new modules to Security package.
Date: Fri, 30 Jul 2021 12:23:25 +0200	[thread overview]
Message-ID: <20210730102326.2814466-11-gjb@semihalf.com> (raw)
In-Reply-To: <20210730102326.2814466-1-gjb@semihalf.com>

This commits adds modules and dependencies  related
to initialization and usage of default Secure Boot
 key variables to SecurityPkg.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
Tested-by: Pete Batard <pete@akeo.ie> on Raspberry Pi 4
---
 SecurityPkg/SecurityPkg.dec | 14 ++++++++++++++
 SecurityPkg/SecurityPkg.dsc |  7 ++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index e30c39f321..d5ace6f654 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -198,6 +198,20 @@
   ## GUID used to enforce loading order between Tcg2Acpi and Tcg2Smm
   gTcg2MmSwSmiRegisteredGuid         = { 0x9d4548b9, 0xa48d, 0x4db4, { 0x9a, 0x68, 0x32, 0xc5, 0x13, 0x9e, 0x20, 0x18 } }
 
+  ## GUID used to specify section with default PK content
+  gDefaultPKFileGuid                 = { 0x85254ea7, 0x4759, 0x4fc4, { 0x82, 0xd4, 0x5e, 0xed, 0x5f, 0xb0, 0xa4, 0xa0 } }
+
+  ## GUID used to specify section with default KEK content
+  gDefaultKEKFileGuid                = { 0x6f64916e, 0x9f7a, 0x4c35, { 0xb9, 0x52, 0xcd, 0x04, 0x1e, 0xfb, 0x05, 0xa3 } }
+
+  ## GUID used to specify section with default db content
+  gDefaultdbFileGuid                 = { 0xc491d352, 0x7623, 0x4843, { 0xac, 0xcc, 0x27, 0x91, 0xa7, 0x57, 0x44, 0x21 } }
+
+  ## GUID used to specify section with default dbx content
+  gDefaultdbxFileGuid                = { 0x5740766a, 0x718e, 0x4dc0, { 0x99, 0x35, 0xc3, 0x6f, 0x7d, 0x3f, 0x88, 0x4f } }
+
+  ## GUID used to specify section with default dbt content
+  gDefaultdbtFileGuid                = { 0x36c513ee, 0xa338, 0x4976, { 0xa0, 0xfb, 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } }
 
 [Ppis]
   ## The PPI GUID for that TPM physical presence should be locked.
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 99c227dad2..64157e20f9 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -73,7 +73,7 @@
   SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
   SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
 
-[LibraryClasses.ARM]
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
   #
   # It is not possible to prevent the ARM compiler for generic intrinsic functions.
   # This library provides the intrinsic functions generate by a given compiler.
@@ -149,6 +149,7 @@
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
 !endif
   HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
   Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
 
@@ -260,6 +261,10 @@
 
 [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
   SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
+  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
+  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 
 [Components.IA32, Components.X64, Components.AARCH64]
   #
-- 
2.25.1

next prev parent reply	other threads:[~2021-07-30 10:24 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-30 10:23 [PATCH v7 00/11] Secure Boot default keys Grzegorz Bernacki
2021-07-30 10:23 ` [PATCH v7 01/11] SecurityPkg: Create SecureBootVariableLib Grzegorz Bernacki
2021-07-30 10:23 ` [PATCH v7 02/11] SecurityPkg: Create library for enrolling Secure Boot variables Grzegorz Bernacki
2021-07-30 10:23 ` [PATCH v7 03/11] ArmVirtPkg: add SecureBootVariableLib class resolution Grzegorz Bernacki
2021-07-30 10:23 ` [PATCH v7 04/11] OvmfPkg: " Grzegorz Bernacki
2021-07-30 10:23 ` [PATCH v7 05/11] EmulatorPkg: " Grzegorz Bernacki
2021-07-30 10:23 ` [PATCH v7 06/11] SecurityPkg: Remove duplicated functions from SecureBootConfigDxe Grzegorz Bernacki
2021-07-30 10:23 ` [PATCH v7 07/11] ArmPlatformPkg: Create include file for default key content Grzegorz Bernacki
2021-07-30 10:23 ` [PATCH v7 08/11] SecurityPkg: Add SecureBootDefaultKeysDxe driver Grzegorz Bernacki
2021-07-30 10:23 ` [PATCH v7 09/11] SecurityPkg: Add EnrollFromDefaultKeys application Grzegorz Bernacki
2021-07-30 10:23 ` Grzegorz Bernacki [this message]
2021-07-30 10:23 ` [PATCH v7 11/11] SecurityPkg: Add option to reset secure boot keys Grzegorz Bernacki
2021-08-01 18:03 ` [PATCH v7 00/11] Secure Boot default keys Ard Biesheuvel
2021-08-02  5:08   ` 回复: " gaoliming
2021-08-02  7:27     ` [edk2-devel] " Grzegorz Bernacki
2021-08-02  8:35       ` Ard Biesheuvel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e30c39f32 dfblob:d5ace6f65 dfblob:99c227dad dfblob:64157e20f )
 OR (
bs:"[PATCH v7 10/11] SecurityPkg: Add new modules to Security package." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210730102326.2814466-11-gjb@semihalf.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox