From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53]) by mx.groups.io with SMTP id smtpd.web10.18276.1627901231509880635 for ; Mon, 02 Aug 2021 03:47:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=Rf8SE6L7; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.167.53, mailfrom: gjb@semihalf.com) Received: by mail-lf1-f53.google.com with SMTP id t9so19926499lfc.6 for ; Mon, 02 Aug 2021 03:47:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gdl1GbqunWQEpDlDFOzz3T2Tafcm/Ju4axYxl4revqs=; b=Rf8SE6L7tCR12kanaIrmrlO3rVWCbdoV/cjMWXhr5aVcHDhhMesw/qu8xlWlOlvt/L irkYS6U5ZRbJx5l9sTi/GhATpW0/o2Hh9WAibbdhDpCpuKqEiCJpJrQGAnZfHuGLUczh 1uB+Pn3m3DLN/q4bFmy/RWvUUev3gwKZ2NtQGQeUqla9Cj2QauAu/1n2nlI84hC53uHM jLHS5kOQYCPJ0lZ01osXiqR48Myfu4hov/j2+K8lN9lBNmxt8jRZiM2V8UHR4hIgWwry rbYaKBjon0nFLY0wugx/KdaOOsJV5ZMLJJLiMFgFVvTfgE4hdi2UxaenIrQUd1iqp+cx fV/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gdl1GbqunWQEpDlDFOzz3T2Tafcm/Ju4axYxl4revqs=; b=aIJcmHRFag0l2rO2fppQmpON02PnfsGBSCJRxMOsYbT8HGl4H30hcUDEVuhw4RxHF/ 6FRCFlIhp/HEN52mIspwNyfonEH+1e3MpY320aMSpgA5nCZQQ5vjw++lFb5NFmIqDOS5 VfCkFX37rZqfsvIK8dYreMX1wGShbDZ1XlUYyCPKCj8f85+C9hb4RjQGAxLYt2QhrpUs skUFY6k5djt5XeHIQ2BsxZ+Hc6u7jCVauDO0lyhkJ1eDUt3Of5Z/eM+/d9GhXTms6IOm PxoeW17rNRrbG/fV0RRFEU15n//FX7wHD9t9HHqU+R5Pv7kO+ixu+TweG8y3T4hFEQlb N/jQ== X-Gm-Message-State: AOAM533hAFvH4RtBL7SmEfTrt9DAWiVYhaS1vICnQMSbcjX53hkpm3si iLooaN55Qy1sfW5EMXBaqMpLW7urGkja/gBr X-Google-Smtp-Source: ABdhPJyZLpW7cui39N9hC9MWapNGQYjwCXzTcRp/20sm/3ITc9JJ56Db318Jnb1XuWJlPGF8Y+kFbg== X-Received: by 2002:a19:6407:: with SMTP id y7mr12734650lfb.594.1627901229721; Mon, 02 Aug 2021 03:47:09 -0700 (PDT) Return-Path: Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id t27sm570174lfl.302.2021.08.02.03.47.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Aug 2021 03:47:09 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki , Sunny Wang Subject: [PATCH v8 07/11] ArmPlatformPkg: Create include file for default key content. Date: Mon, 2 Aug 2021 12:46:29 +0200 Message-Id: <20210802104633.2833333-8-gjb@semihalf.com> X-Mailer: git-send-email 2.29.0 In-Reply-To: <20210802104633.2833333-1-gjb@semihalf.com> References: <20210802104633.2833333-1-gjb@semihalf.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This commits add file which can be included by platform Flash Description File. It allows to specify certificate files, which will be embedded into binary file. The content of these files can be used to initialize Secure Boot default keys and databases. Signed-off-by: Grzegorz Bernacki Reviewed-by: Sunny Wang --- ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc | 70 ++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc diff --git a/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc new file mode 100644 index 0000000000..bf4f2d42de --- /dev/null +++ b/ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc @@ -0,0 +1,70 @@ +## @file +# FDF include file which allows to embed Secure Boot keys +# +# Copyright (c) 2021, ARM Limited. All rights reserved. +# Copyright (c) 2021, Semihalf. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +!if $(DEFAULT_KEYS) == TRUE + FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { + !ifdef $(PK_DEFAULT_FILE) + SECTION RAW = $(PK_DEFAULT_FILE) + !endif + SECTION UI = "PK Default" + } + + FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { + !ifdef $(KEK_DEFAULT_FILE1) + SECTION RAW = $(KEK_DEFAULT_FILE1) + !endif + !ifdef $(KEK_DEFAULT_FILE2) + SECTION RAW = $(KEK_DEFAULT_FILE2) + !endif + !ifdef $(KEK_DEFAULT_FILE3) + SECTION RAW = $(KEK_DEFAULT_FILE3) + !endif + SECTION UI = "KEK Default" + } + + FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { + !ifdef $(DB_DEFAULT_FILE1) + SECTION RAW = $(DB_DEFAULT_FILE1) + !endif + !ifdef $(DB_DEFAULT_FILE2) + SECTION RAW = $(DB_DEFAULT_FILE2) + !endif + !ifdef $(DB_DEFAULT_FILE3) + SECTION RAW = $(DB_DEFAULT_FILE3) + !endif + SECTION UI = "DB Default" + } + + FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 { + !ifdef $(DBT_DEFAULT_FILE1) + SECTION RAW = $(DBT_DEFAULT_FILE1) + !endif + !ifdef $(DBT_DEFAULT_FILE2) + SECTION RAW = $(DBT_DEFAULT_FILE2) + !endif + !ifdef $(DBT_DEFAULT_FILE3) + SECTION RAW = $(DBT_DEFAULT_FILE3) + !endif + SECTION UI = "DBT Default" + } + + FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { + !ifdef $(DBX_DEFAULT_FILE1) + SECTION RAW = $(DBX_DEFAULT_FILE1) + !endif + !ifdef $(DBX_DEFAULT_FILE2) + SECTION RAW = $(DBX_DEFAULT_FILE2) + !endif + !ifdef $(DBX_DEFAULT_FILE3) + SECTION RAW = $(DBX_DEFAULT_FILE3) + !endif + SECTION UI = "DBX Default" + } + +!endif -- 2.25.1