From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.107]) by mx.groups.io with SMTP id smtpd.web11.28004.1632728906739086199 for ; Mon, 27 Sep 2021 00:48:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@os.amperecomputing.com header.s=selector2 header.b=h04JX4y5; spf=pass (domain: os.amperecomputing.com, ip: 40.107.243.107, mailfrom: nhi@os.amperecomputing.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K1HoIiXf/+SANBa6otiqbSvrxvy5+raro0oAzVlVGjLC4pmW0It09r67I6xce2X3q1Z/I3rguNFK9mrX3rOZ5uZvtNV2aYkSUecj+P+axbASY0hyNrkx9ZxQBiIiIcOn46g4iqQKbV9rJTDfP4y10ezydCodPIV6EJbPnl93RG7Pw4HkNpiumkqRHitnVB1dyuTZCqATDlXGZf4Ia2xZsIKgI75vXuP1dsbbRnXQ44hv3PvdNHDYUIrSmnVfThEPCubmoBeQG6QgaCdhEsruen/dWT1IxYwaK+/eQ2LFvGc7FmzAPMWAJ24iciAiT71y7PDEGS8iVPITj2Q+KpBPIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=gaYCHPCVWjx8+ZiK6ltu1Ht4bAjVjBr8qOIRTfnqqp8=; b=McHCE1WSPD6BeqFZv1soOQI5J7tHtDRlZhabMIvxGlNSMlOUosEMqNkmn270Qt40mmiRgvy+4LZqTIPnAqLSuWFa6V+lmm3zyxVXzEfITvt30zIu9YRIPPYNBAdQZTvZFlIaoJNBNP0JrjinB9/Fgm6zuJKErR/kfe+zEvZJstNQkg6Z/VFJyzt0DYV6CuuLtqQPD5r1QnxZRl1K198I9pU3gNe+dmiwGR1Ba1XrNFc/YQZF0M4oBPqZwAtHw0iqSYZ2Dg0Bzev1//Z5TCqVRWgGqMK01zE+gjm/gBZZab837p/dl9eeNhGOFijBTGEbqi2wFPUKdo45x+wrjrv54w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=os.amperecomputing.com; dmarc=pass action=none header.from=os.amperecomputing.com; dkim=pass header.d=os.amperecomputing.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=os.amperecomputing.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gaYCHPCVWjx8+ZiK6ltu1Ht4bAjVjBr8qOIRTfnqqp8=; b=h04JX4y5LEJLMudaArwfavy6cUX52AtzD4YILuczAVJT1oM1k5gU7Pz8iiXmO3XFB2eEH2f12nmGmPdXjJvnX89qFT0Q03dfHd8aI9fMD9aANEHpv9m1OO/KFUPYV+0ci+xoFIMztc2JZ5yMaOTvLmyYfZi52lbEddWZE+ipAhI= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=os.amperecomputing.com; Received: from DM6PR01MB5849.prod.exchangelabs.com (2603:10b6:5:205::20) by DM5PR01MB3225.prod.exchangelabs.com (2603:10b6:3:f8::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Mon, 27 Sep 2021 07:48:25 +0000 Received: from DM6PR01MB5849.prod.exchangelabs.com ([fe80::8eb:704f:2ba7:9bc3]) by DM6PR01MB5849.prod.exchangelabs.com ([fe80::8eb:704f:2ba7:9bc3%4]) with mapi id 15.20.4544.021; Mon, 27 Sep 2021 07:48:22 +0000 From: "Nhi Pham" To: devel@edk2.groups.io Cc: patches@amperecomputing.com, Nhi Pham , Jiewen Yao , Jian J Wang , Grzegorz Bernacki Subject: [PATCH 1/1] SecurityPkg: Fix SecureBootDefaultKeysDxe failed to start Date: Mon, 27 Sep 2021 14:46:27 +0700 Message-Id: <20210927074627.3569-1-nhi@os.amperecomputing.com> X-Mailer: git-send-email 2.17.1 X-ClientProxiedBy: HK2PR04CA0056.apcprd04.prod.outlook.com (2603:1096:202:14::24) To DM6PR01MB5849.prod.exchangelabs.com (2603:10b6:5:205::20) Return-Path: nhi@os.amperecomputing.com MIME-Version: 1.0 Received: from sw004.amperecomputing.com (118.69.219.201) by HK2PR04CA0056.apcprd04.prod.outlook.com (2603:1096:202:14::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15 via Frontend Transport; Mon, 27 Sep 2021 07:48:19 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8749f511-382b-44fb-ee61-08d9818b2dbc X-MS-TrafficTypeDiagnostic: DM5PR01MB3225: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:255; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Du973YUt/c8Vhh85oM6nyQFVjY/46AfETqEM1RRt0Ns/RChTJyRQ9SNo6wHGgN+SqRGkQ2Hx6UrkKiLaE3Dhd++KChXs5kxo9nADN1gdu0+1hnqRFAmzp2xiMNsLpL2TE5tp/udU9npR0csw3IKxc5B34DLZbuLqXrGQf9FG/b5n8WUvd0N8AUmc+T3vZ59Vg/zATvQtffQ99Pcb77Eg97MF5BXtBCMAtta5TUuLqKQfaWFkg19TeBaAzER0UGmQRLivEVI5y0AosZnO3CIGjuZJ9fl4b2A29NT2LpdB/BVW9cC03yaMMHDec5c2O8wlzclMRRiBdmXC/LQQhQcGJKZx7xnN8MtqGzcsT07uh+qrdJYRc/SbUzUs+wj+KfCcFic13EhKgakcADZ/hwtE2JvyM8Z25VzFUCFhqcMycRKzsCj3qgEGuAskQREJ7UdXL7xjMATQDjNZoa6f8TgBIWYVRhddD9KICoMjH7mjqgfUlxgC0qz7NgpTUA9Vr9utCHd4zQ2xPeAiC/z3auPOpTHXY/iJBflaFcRpFCtp+HRxhC9WfPKn6080aky5PTed6EHONjVKfvLLf39PsSHEhRWvvPv/mMK3ADQej39jzFds53r+0zqNiYGxXpJNAkxfAQFiA9kjZtcrD4EXy6nFU5+9rKhy8W1614JxfgnFK/89ZEnqHOM+9SWf/NRKoq2B4iZPSyDzujZH/KA5QxOu46aTBnIgo2j5NRhs9evmsSQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR01MB5849.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(4326008)(316002)(38100700002)(956004)(8936002)(52116002)(66556008)(66476007)(2616005)(6666004)(6512007)(66946007)(6486002)(1076003)(38350700002)(26005)(8676002)(15650500001)(186003)(5660300002)(6506007)(6916009)(2906002)(54906003)(86362001)(83380400001)(508600001)(213903007);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?JeEgiC3vv7ZGV+GABa+n9/wGjEqOdcf9RdU0pSHGZoWznLH56IY2A8K2Opr2?= =?us-ascii?Q?Lix4oti9dUpRZxtbwPNfVN6GtobRxZc4KJHfGHM4KAm+t2OcuiTq9uSwDIkY?= =?us-ascii?Q?lTTHQpKS/inuWBYvBL8HYp/Bfe4V69gX8VFIu3n+LEPD2UTw/UNC88bORKP9?= =?us-ascii?Q?bjTpxpcP8E5fVGOCMEh7dj8eO2vJ3K3yY+WQX2ctE9jkinUAydPSTf8+RhAP?= =?us-ascii?Q?/3mF87tEgv1bdVAEAgh07r1lx1dul5vGYKN6eJ8PUbf8UPThqezB1mAkcJGo?= =?us-ascii?Q?SN4Q9plbKC1Vfr2bWEJgp31z/NpaGHbyEQl19pmPScmyy8bqh0LuT3/WVBdB?= =?us-ascii?Q?m6Zffucdo2m1AtsoqKJKT9qNIaDfTlGj7md74Bx2li761Tt1Ai54gbLDUR0r?= =?us-ascii?Q?RtjHPDHZ7LI6TnuMLC4c8Pigi0JxST/ZYvrzNBZb3BORUUM/rMvBjRNvCuk1?= =?us-ascii?Q?LM8vwGV+YiqazxCQ/5ilI6d894HApDFigldVy5Pc0nwB2gOM/cLP8NUyZ/OS?= =?us-ascii?Q?DJ0A6kskM84B2T6d0KEqIU8mpas8WQ4ET+zp5UnP0j4scILu83H0xeI0nVMh?= =?us-ascii?Q?aV8hEYv0qOmbRGwsoA0rJ/EuxYXFHfQbq995urbTW4VP1Ox1CBNLmFHVxXAJ?= =?us-ascii?Q?+weL7ebAKmQnVeEDZi2S66J0rY4o0Ah4kYK876q3qHpGHEGtXs6vOycjfgJ3?= =?us-ascii?Q?DByRVowF5+r1FFeTCQquD+HMKhoyZ7Z1ZtHgwV++wJqFTmei6xMAyNE182WQ?= =?us-ascii?Q?q2GpV9Eb6c01znQK7EFgBifuO+dvkBxasq9lLTJ8dsGy9yfYf8bM8L/RJlk6?= =?us-ascii?Q?n/RCez3+c5tCtEXsg/CHQkogWPEyeCaq9B2eMd4EQBGbI/H8VsCJfi7BIDfN?= =?us-ascii?Q?jn4MUxRnIi0DjIg0ghv296GyA/jQtudw8Lw3ghggiPzCb2X1zMOmgJveFsC/?= =?us-ascii?Q?xEyT0dBpzaeJUwB0keXu7oikjyS4I7DR0I/MBoJSY8ohDzW9e99dQ0nef5SM?= =?us-ascii?Q?m2epftx/hwWzeMOAs2DOjy+uAlSySSTGUwvVM4/QA1gNMad5C+e/njrNeneE?= =?us-ascii?Q?MJxXk4S5uM5wD44Q5FZkjCY1WU0q3TaZJJJuTFAbHnXyvH+TYVSMzLfeOr8w?= =?us-ascii?Q?7/dQEpzKyCl62eGbvzE9V7pDMsEOAi0BWkpVB2X9v7HhJpVMfMBtPCRt/FHW?= =?us-ascii?Q?KbfiR2CjVX7Mf4SqDtK9qYpfwyqbSTLVgqSJ37Yvt7BiT+HlfTaJTouD+SHf?= =?us-ascii?Q?hlZGvRR/Omcniak4IrpugwZhhROglIZXyQ47mr6sSGqIUSi4kcbyRYkowt9A?= =?us-ascii?Q?B2P268d/yfQ18NlHNSp1YF2B?= X-OriginatorOrg: os.amperecomputing.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8749f511-382b-44fb-ee61-08d9818b2dbc X-MS-Exchange-CrossTenant-AuthSource: DM6PR01MB5849.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Sep 2021 07:48:22.1936 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3bc2b170-fd94-476d-b0ce-4229bdc904a7 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: yqnz/xbpgPrutuE719Cav0+Ueq9fTDDjxGtMCm0vMLKYuQvVZpyeHvmzZ1LW6xa7E3mkKU6HpI29kbgXlk5LHGWbl70Jhz2JLn+xNafIhf0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR01MB3225 Content-Type: text/plain The dbt and dbx keys are optional, the driver entry should return EFI_SUCCESS to start if they are not found in the firmware flash. This patch is to fix it and update the description of retval as well. Cc: Jiewen Yao Cc: Jian J Wang Cc: Grzegorz Bernacki Signed-off-by: Nhi Pham --- SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c | 21 +++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c index f51d5243b7e8..10bdb1b58e6f 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c @@ -3,6 +3,7 @@ Copyright (c) 2021, ARM Ltd. All rights reserved.
Copyright (c) 2021, Semihalf All rights reserved.
+Copyright (c) 2021, Ampere Computing LLC. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -23,10 +24,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @param[in] ImageHandle The image handle of the driver. @param[in] SystemTable The system table. - @retval EFI_ALREADY_STARTED The driver already exists in system. - @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack of resources. - @retval EFI_SUCCESS All the related protocols are installed on the driver. - @retval Others Fail to get the SecureBootEnable variable. + @retval EFI_SUCCESS The secure default keys are initialized successfully. + @retval EFI_UNSUPPORTED One of the secure default keys already exists. + @retval EFI_NOT_FOUND One of the PK, KEK, or DB default keys is not found. + @retval Others Fail to initialize the secure default keys. **/ EFI_STATUS @@ -56,14 +57,20 @@ SecureBootDefaultKeysEntryPoint ( } Status = SecureBootInitDbtDefault (); - if (EFI_ERROR (Status)) { + if (Status == EFI_NOT_FOUND) { DEBUG ((DEBUG_INFO, "%a: dbtDefault not initialized\n", __FUNCTION__)); + } else if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbtDefault: %r\n", __FUNCTION__, Status)); + return Status; } Status = SecureBootInitDbxDefault (); - if (EFI_ERROR (Status)) { + if (Status == EFI_NOT_FOUND) { DEBUG ((DEBUG_INFO, "%a: dbxDefault not initialized\n", __FUNCTION__)); + } else if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbxDefault: %r\n", __FUNCTION__, Status)); + return Status; } - return Status; + return EFI_SUCCESS; } -- 2.17.1