From: "Kun Qin" <kuqin12@gmail.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>, Min Xu <min.m.xu@intel.com>,
Sean Brogan <sean.brogan@microsoft.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Jordan Justen <jordan.l.justen@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Rebecca Cran <rebecca@bsdio.com>,
Peter Grehan <grehan@freebsd.org>,
Sebastien Boeuf <sebastien.boeuf@intel.com>,
Andrew Fish <afish@apple.com>, Ray Ni <ray.ni@intel.com>
Subject: [PATCH v3 00/11] Enhance Secure Boot Variable Libraries
Date: Thu, 30 Jun 2022 16:53:30 -0700 [thread overview]
Message-ID: <20220630235341.1746-1-kuqin12@gmail.com> (raw)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911
This is a follow-up of a previously submitted patch series based on top
of master branch: https://edk2.groups.io/g/devel/message/90491.
The main changes between v2 and v3 patches are:
- Added reviewed-by and acked-by tags collected from previous iteration
- Updated default timestamp for default secure boot variable enrollment
The updated changes are verified on QEMU based Q35 virtual platform as
well as proprietary physical platforms.
Patch v3 branch: https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Kun Qin (8):
SecurityPkg: UefiSecureBoot: Definitions of cert and payload
structures
SecurityPkg: PlatformPKProtectionLib: Added PK protection interface
SecurityPkg: SecureBootVariableLib: Updated time based payload creator
SecurityPkg: SecureBootVariableProvisionLib: Updated implementation
SecurityPkg: Secure Boot Drivers: Added common header files
SecurityPkg: SecureBootConfigDxe: Updated invocation pattern
OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency
EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency
kuqin (3):
SecurityPkg: SecureBootVariableLib: Updated signature list creator
SecurityPkg: SecureBootVariableLib: Added newly supported interfaces
SecurityPkg: SecureBootVariableLib: Added unit tests
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c | 1 +
SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c | 51 +
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c | 485 ++++-
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c | 36 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c | 201 ++
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c | 13 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c | 2037 ++++++++++++++++++++
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c | 145 +-
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 128 +-
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c | 1 +
EmulatorPkg/EmulatorPkg.dsc | 1 +
OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
SecurityPkg/Include/Library/PlatformPKProtectionLib.h | 31 +
SecurityPkg/Include/Library/SecureBootVariableLib.h | 103 +-
SecurityPkg/Include/UefiSecureBoot.h | 94 +
SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf | 36 +
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf | 14 +-
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf | 33 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf | 45 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf | 25 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf | 36 +
SecurityPkg/SecurityPkg.ci.yaml | 11 +
SecurityPkg/SecurityPkg.dec | 5 +
SecurityPkg/SecurityPkg.dsc | 2 +
SecurityPkg/Test/SecurityPkgHostTest.dsc | 38 +
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf | 1 +
31 files changed, 3467 insertions(+), 112 deletions(-)
create mode 100644 SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
create mode 100644 SecurityPkg/Include/Library/PlatformPKProtectionLib.h
create mode 100644 SecurityPkg/Include/UefiSecureBoot.h
create mode 100644 SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
create mode 100644 SecurityPkg/Test/SecurityPkgHostTest.dsc
--
2.36.0.windows.1
next reply other threads:[~2022-06-30 23:53 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-30 23:53 Kun Qin [this message]
2022-06-30 23:53 ` [PATCH v3 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures Kun Qin
2022-06-30 23:53 ` [PATCH v3 02/11] SecurityPkg: PlatformPKProtectionLib: Added PK protection interface Kun Qin
2022-06-30 23:53 ` [PATCH v3 03/11] SecurityPkg: SecureBootVariableLib: Updated time based payload creator Kun Qin
2022-06-30 23:53 ` [PATCH v3 04/11] SecurityPkg: SecureBootVariableLib: Updated signature list creator Kun Qin
2022-06-30 23:53 ` [PATCH v3 05/11] SecurityPkg: SecureBootVariableLib: Added newly supported interfaces Kun Qin
2022-06-30 23:53 ` [PATCH v3 06/11] SecurityPkg: SecureBootVariableProvisionLib: Updated implementation Kun Qin
2022-06-30 23:53 ` [PATCH v3 07/11] SecurityPkg: Secure Boot Drivers: Added common header files Kun Qin
2022-06-30 23:53 ` [PATCH v3 08/11] SecurityPkg: SecureBootConfigDxe: Updated invocation pattern Kun Qin
2022-06-30 23:53 ` [PATCH v3 09/11] SecurityPkg: SecureBootVariableLib: Added unit tests Kun Qin
2022-06-30 23:53 ` [PATCH v3 10/11] OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency Kun Qin
2022-06-30 23:53 ` [PATCH v3 11/11] EmulatorPkg: " Kun Qin
2022-07-06 5:19 ` [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries Yao, Jiewen
2022-07-06 17:44 ` Kun Qin
2022-07-07 1:09 ` Yao, Jiewen
2022-07-07 1:10 ` Kun Qin
2022-07-08 16:38 ` Ard Biesheuvel
2022-07-08 20:03 ` Kun Qin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220630235341.1746-1-kuqin12@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox