From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f50.google.com (mail-lf1-f50.google.com [209.85.167.50]) by mx.groups.io with SMTP id smtpd.web12.22090.1627640635647480413 for ; Fri, 30 Jul 2021 03:23:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=mZPK9Lt2; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.167.50, mailfrom: gjb@semihalf.com) Received: by mail-lf1-f50.google.com with SMTP id g13so16866866lfj.12 for ; Fri, 30 Jul 2021 03:23:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gdl1GbqunWQEpDlDFOzz3T2Tafcm/Ju4axYxl4revqs=; b=mZPK9Lt2+OigLDQf+rwnH7f9QSPdLMYHphsVayPGwGnl8cIMGJPPskj/BJVIVjZYHx M8zTMo7aHAT5Txa5aW/bXgpqUVbiKmXb8bEvhO6PwQiVYZCkiNOxULRf7Bq0R9mcrzsi 3AkwaqCMn/h0fdVWpU9lZCBmMorcJ1+pwrLNg6KrvTcLf3Ep8Ba6zZNbMjoYH74y6I8s ELbBE/95gO+ByAKLFZd9CMS7prUz/RSSav/woRUR/aHx1fQzSyUWncs3YPXL3kngmjvw 4v7ZRw19sHLDwVmZuEAKOs7++UA4738u+eN5A1Pxq5ZC9UKgmMkzFHwe6y1tys9HoF4K ixyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gdl1GbqunWQEpDlDFOzz3T2Tafcm/Ju4axYxl4revqs=; b=nRyeYDy8HhQbBC/f5sUuGmQ5gXG72l7rLlgq254dai3rYMFFLlNIczSUh/lU7ull4W +ZvAkNdPx9+eYjmFS4RK6ca45LKhu+9UDAc+1xkAK0GJSb+WhzgGbNKr1v4ZYPRJcpuh jfu9gvDaYwOV97umgdwXGnTVzGK6N58PxRRL3Tiwf/SyV4Ub7cnmsuJsm1L9C3MbFUwD PLULlRvpApxY8ppsS2QbwEVAmu2Q8bJgPkIYtjnPJU5hBEdydudMY5LlmOiH8wS3VVQ2 ZcG7So6+cH5hIrMBhOJ0LCimHsSzxEksua+KPyPnOMa+C6OTn6UZx0AAEb/bGQKOeSBz f9CA== X-Gm-Message-State: AOAM530JyVKCz5dye1JeWKO/zsL89EUNynO/MoUC/HVp1QMS3QiW10Rm ak9WObdrNRkGlWb97FJnF+zhwQhDFY1hqude X-Google-Smtp-Source: ABdhPJwromBacAfbJsXJITtDdyFG8mn9gYfb8UWhnJgcZPNDCpN+ebqmuqZevlQVmzLgABL5UpwINA== X-Received: by 2002:ac2:5de3:: with SMTP id z3mr1357888lfq.193.1627640633853; Fri, 30 Jul 2021 03:23:53 -0700 (PDT) Return-Path: Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id d5sm114174lfs.61.2021.07.30.03.23.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jul 2021 03:23:53 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki , Sunny Wang Subject: [PATCH v7 07/11] ArmPlatformPkg: Create include file for default key content. Date: Fri, 30 Jul 2021 12:23:22 +0200 Message-Id: <20210730102326.2814466-8-gjb@semihalf.com> X-Mailer: git-send-email 2.29.0 In-Reply-To: <20210730102326.2814466-1-gjb@semihalf.com> References: <20210730102326.2814466-1-gjb@semihalf.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This commits add file which can be included by platform Flash Description File. It allows to specify certificate files, which will be embedded into binary file. The content of these files can be used to initialize Secure Boot default keys and databases. Signed-off-by: Grzegorz Bernacki Reviewed-by: Sunny Wang --- ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc | 70 ++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc diff --git a/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc new file mode 100644 index 0000000000..bf4f2d42de --- /dev/null +++ b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc @@ -0,0 +1,70 @@ +## @file +# FDF include file which allows to embed Secure Boot keys +# +# Copyright (c) 2021, ARM Limited. All rights reserved. +# Copyright (c) 2021, Semihalf. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +!if $(DEFAULT_KEYS) == TRUE + FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { + !ifdef $(PK_DEFAULT_FILE) + SECTION RAW = $(PK_DEFAULT_FILE) + !endif + SECTION UI = "PK Default" + } + + FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { + !ifdef $(KEK_DEFAULT_FILE1) + SECTION RAW = $(KEK_DEFAULT_FILE1) + !endif + !ifdef $(KEK_DEFAULT_FILE2) + SECTION RAW = $(KEK_DEFAULT_FILE2) + !endif + !ifdef $(KEK_DEFAULT_FILE3) + SECTION RAW = $(KEK_DEFAULT_FILE3) + !endif + SECTION UI = "KEK Default" + } + + FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { + !ifdef $(DB_DEFAULT_FILE1) + SECTION RAW = $(DB_DEFAULT_FILE1) + !endif + !ifdef $(DB_DEFAULT_FILE2) + SECTION RAW = $(DB_DEFAULT_FILE2) + !endif + !ifdef $(DB_DEFAULT_FILE3) + SECTION RAW = $(DB_DEFAULT_FILE3) + !endif + SECTION UI = "DB Default" + } + + FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 { + !ifdef $(DBT_DEFAULT_FILE1) + SECTION RAW = $(DBT_DEFAULT_FILE1) + !endif + !ifdef $(DBT_DEFAULT_FILE2) + SECTION RAW = $(DBT_DEFAULT_FILE2) + !endif + !ifdef $(DBT_DEFAULT_FILE3) + SECTION RAW = $(DBT_DEFAULT_FILE3) + !endif + SECTION UI = "DBT Default" + } + + FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { + !ifdef $(DBX_DEFAULT_FILE1) + SECTION RAW = $(DBX_DEFAULT_FILE1) + !endif + !ifdef $(DBX_DEFAULT_FILE2) + SECTION RAW = $(DBX_DEFAULT_FILE2) + !endif + !ifdef $(DBX_DEFAULT_FILE3) + SECTION RAW = $(DBX_DEFAULT_FILE3) + !endif + SECTION UI = "DBX Default" + } + +!endif -- 2.25.1