From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+119455+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 52747940ED3
	for <rebecca@openfw.io>; Wed,  5 Jun 2024 01:00:21 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=WON/k9uu5aNGtlr/jVMexlJDh7nIBC/C/npGkwJVTss=;
 c=relaxed/simple; d=groups.io;
 h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type;
 s=20240206; t=1717549221; v=1;
 b=0EieNu2l0nS9NpYHUt/QMPoNf595TH8Csecj6Qkad04hzRfNsU/m5E4Gs/S0s6/mJkGM55pG
 MAH2WwfVPwKSggS/xGTSuJ4YfCtXwVUH3dc0KC7LxgTY8K7MmCIspzZPQosraBR2RNEQvyJ7tv3
 wpqLkEl6Uo1Xj+/Amx7Oo2itTyq139u3LTmZ6PyE833MzB9d893TGUBJoCoOzoSsNyZwSSarik4
 dbRCtaYE1WxZ0NxL+MxV4cRaMbamL1Rm0NlX9LnVUAmlALyGbGJcqEi6RHl4FLQ+TnD3WkLenYj
 G6qiZ/eGk8erjFOiqdssbV2VXqPNIaBmRVhwGwWFb9tcw==
X-Received: by 127.0.0.2 with SMTP id SNy9YY7687511xpogdC5z9cT; Tue, 04 Jun 2024 18:00:19 -0700
X-Received: from NAM04-MW2-obe.outbound.protection.outlook.com (NAM04-MW2-obe.outbound.protection.outlook.com [40.107.101.129])
 by mx.groups.io with SMTP id smtpd.web11.3959.1717549219124129657
 for <devel@edk2.groups.io>;
 Tue, 04 Jun 2024 18:00:19 -0700
X-Received: from PH0PR01MB7287.prod.exchangelabs.com (2603:10b6:510:10a::21) by
 SN4PR01MB7485.prod.exchangelabs.com (2603:10b6:806:201::19) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.7633.30; Wed, 5 Jun 2024 01:00:16 +0000
X-Received: from PH0PR01MB7287.prod.exchangelabs.com
 ([fe80::fc79:e629:93aa:8b8f]) by PH0PR01MB7287.prod.exchangelabs.com
 ([fe80::fc79:e629:93aa:8b8f%4]) with mapi id 15.20.7633.021; Wed, 5 Jun 2024
 01:00:15 +0000
From: "Nhi Pham via groups.io" <nhi=os.amperecomputing.com@groups.io>
To: devel@edk2.groups.io
CC: quic_llindhol@quicinc.com,
	chuong@os.amperecomputing.com,
	rebecca@os.amperecomputing.com,
	nhi@os.amperecomputing.com
Subject: [edk2-devel] [edk2-platforms][PATCH 1/1] Ampere/JadePkg: Add secure boot default keys initialization
Date: Wed,  5 Jun 2024 07:57:52 +0700
Message-ID: <20240605005752.818401-1-nhi@os.amperecomputing.com>
X-ClientProxiedBy: SG2PR01CA0168.apcprd01.prod.exchangelabs.com
 (2603:1096:4:28::24) To PH0PR01MB7287.prod.exchangelabs.com
 (2603:10b6:510:10a::21)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH0PR01MB7287:EE_|SN4PR01MB7485:EE_
X-MS-Office365-Filtering-Correlation-Id: a606388f-a410-4b76-bba4-08dc84fadc7d
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
	=?us-ascii?Q?LDc+n1GYGWfrVgOvQ7ZEqRNGGCDWTzIsWclL0nMk2sCt3IEbbTpGmLbRJuTV?=
 =?us-ascii?Q?7vAB38FsDiM5+/5oK+DSM/xTiOm5tLKfkj8g7qzKYRQnzY5VFzr/OD1MPQSy?=
 =?us-ascii?Q?oLbUnTYOgM3eExBHKd2+lOPrSjSjit+/HNesMElWy7fQY+VmmFnudycitnyH?=
 =?us-ascii?Q?9WlF4h3KIQmOXe9eLhX1V7EOeC6w2eLjETLZBD1C+NAAjFK+IxFUo3TIJhbq?=
 =?us-ascii?Q?Xb7AsoaDKsXSfaVXZcmMcXNJGTRsbedeRioymw2DulKex/rBlBAJlKmOmKyc?=
 =?us-ascii?Q?Foiy0p1FUm4qEMyVaLB05UqQsZT5lhjwoy+b74NAE3QsaRgNI9snNJ24axW8?=
 =?us-ascii?Q?g/B13ePL9L+v6Q/+6papJK5txcZfFqBjImWpl55Kavn3qxNiJ+10Vq+mDBK1?=
 =?us-ascii?Q?ko4KieCKSxO73W23KRBU0qepkHD9Wnn/05Nc4ZGYexA8fhkgLsEKhb7hHqxO?=
 =?us-ascii?Q?ywEPHa3s7lC0zCmNmFucrQQr6c42wFRe+nMq6XQS3atV6Xyfu4jA3kGSWmrG?=
 =?us-ascii?Q?ZCJ6DGKvZtDj9kggwNUFh/VUXtO1nnIGXNtmcVqROc4a/WLIzbXFicS7k9o8?=
 =?us-ascii?Q?JWFvKsq+5cgS1ZDzQFIqIIbVEee3Z+IF+kO6zJtJHz7GcOjHymYOaQNZHI6r?=
 =?us-ascii?Q?CcvaodpXvoudzZSSaaV7JuKyVg/x2FLz4NHFeACWReLyB7BWQjMXTY76FNI/?=
 =?us-ascii?Q?HpGUuHAc1HYJLVzG8yxgSDrlkLjGGZurtGXgbJYXlBDdb5892Wvx5m00uJOB?=
 =?us-ascii?Q?IjK87XsIRY449uVQLI5BlyyPj6srrf0uRnee+eHSMnI/zg6LOmGSnCDSROSC?=
 =?us-ascii?Q?LblqtHNjGNz4oarcshFAxS0uec950BGVdBYYwmYxShbWMSO21A+QijVoKgr2?=
 =?us-ascii?Q?hRyp2XC7A39WDgn/vS8+uu9KUjTaWEYKmzpqN0Xe8kvylRJAi2w0OAjIUL0a?=
 =?us-ascii?Q?sImWRDGj5zxWnTH9CfcZNXVgA/GCwCa0F88XnhS63ZsXhVyKU29cCQA22Mk0?=
 =?us-ascii?Q?uqu0hBuQsH4kJ63sYQOBA5KghS9TdggyLOatk+2w/G7B8b7tbP6cspilpFXQ?=
 =?us-ascii?Q?DKvS2nAbIouFrP8vweAb8H1+qNyeCCAmZraTmcVHoqBzrrmOvW2N2zkmdcjU?=
 =?us-ascii?Q?6UkpHANhPGM2Kx7/zWOmLffNz9+axKk1Uo2IkPpXEF4qAimEUVT5biLL1C2L?=
 =?us-ascii?Q?9j3XZyeAb56WnvZFz+ZnL6QEEBj0ZaKw58qCIOj8WDAWsIKEhecdras1cXtp?=
 =?us-ascii?Q?joI8MlDb/icHixABjQKUSVxq4Cn9MuRjHVGMsk3UCObn+X8NB0UOtJz2E+ge?=
 =?us-ascii?Q?FF/WvayQC7BkPWUYFBFt3x3NbCZOf14sc5H0CRp6j4gUQA=3D=3D?=
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?jgmWog1/hUaq6rxYvF4NLXhsmrawHPRaFSNra+/JEWFQutm5M5a/GvT8cLik?=
 =?us-ascii?Q?WnWNHbmsqo/Ft0HyUxD2/CVC5LOaBUHngYlWXFqGolKnCYZNRoyWPeHbAGra?=
 =?us-ascii?Q?Xv/fYg/B9dmYEM5o8nV3bsUwqbGT9SXIcEjpzlmtPg/rxayjtQozkfkRbHQy?=
 =?us-ascii?Q?6POi0us21gYGr+zgsBkeDLHK9OkrBVQxeL9o7LWGcTWZIQms1BirSCpO95kP?=
 =?us-ascii?Q?nga8V1iF8q2L36ZYEBBmP0uvj+uWfPDVTN7MjpqcgF+o67epFo9ZthAyxKE3?=
 =?us-ascii?Q?jxRjLqbvPXiPmAaAfp1FC5msYQa3Pj4HU6fXezKDAMxoBPIbGBWxUeISSMgc?=
 =?us-ascii?Q?d8g6KMtKcj4szOjXjriKezofXmLw3WMHHBSXXe8Uz+e1xkqfp4mWT4MFfNUf?=
 =?us-ascii?Q?Ti563+3aFyYa/C0mbuj+L1CQqn9D2zVDOzY1CzDM9xIl8D/JNXsUm/eb4vg4?=
 =?us-ascii?Q?13y/8eBoBA9sBy2+hSqgn/X8mijKjCaWv2GXSOFAUeH62SJTboEYbMAGeTvl?=
 =?us-ascii?Q?rgyA/Tmu4oMYLohLteZaA/HN7MsHxB92HJPzAt3J4IUUUgjxlyOPaXoKk12R?=
 =?us-ascii?Q?Z7rDH3/9p8/NLx+5ZzH6mxS6Xa62ZPf3mtNg0U0tv/oY3hyHXEgRyVDZEgQ7?=
 =?us-ascii?Q?U2QGATwbkJI3G6DcwC2yvV2PCAGPrw3K9n5FVn4atZcMyWwRpXCRT8w3wAtm?=
 =?us-ascii?Q?owkoa+J/NDGYWyijKheGmkYyIns+VV7yRuI+vv/rRWJSn+s4oXxqLFtfI3is?=
 =?us-ascii?Q?Xcqzcr4m0MMZpf5xGq0rjaZhHE5ycKRyY/RnbnOBdJIqcdEsUU86mSEZ0orS?=
 =?us-ascii?Q?U9IRPza2dcg0qXve9834bu2yfmBI2WliWZUZUB9OjFrHV/ZK4+f/r2qG8jXT?=
 =?us-ascii?Q?jHxVdIrJCzCdmYS3UmkkILI/lXAVYW3ZLwXzuGQ+Ezme6W7qVj+4PY4tNwB/?=
 =?us-ascii?Q?Hr76UmP/LL6yHeOJpFoA0KXX/ZsPHyuUMY/1WX7/F+2TaPmzHQGHlPAzPGcE?=
 =?us-ascii?Q?jfT7xuisr0zoL8+K41O9IocvYXtekhhjo4DoT17zS7IKNoYlD8AamaZ9lk9x?=
 =?us-ascii?Q?oNN6jaYAIvubUeHbfeHe785eHjjnW45pE6nF/hsT9e8Z5QCmwp0WH3yyLMfT?=
 =?us-ascii?Q?mSaL4h/DVEm4kCuM0hXwDJzdoMLo/EtSv8JxJkliVTpf2I8C5XZkdFjRXT6m?=
 =?us-ascii?Q?cQ1i5TF9umL07cLwdi0peiBJIrazcS+Be58sgm6mzJn5m8TR1mJEgu0I4k9z?=
 =?us-ascii?Q?Ool6/vdjpssDqEGg2Ma0qxLFD7mFNZf4oUMGqmwGot1rneKtii/pG42A2ug3?=
 =?us-ascii?Q?gBD/ejnJyOv0/SOqkAT2wd/2xEA/TpOariNZxikFW+LW6XqRsElp/reNsVHw?=
 =?us-ascii?Q?Eoe0FOXo1SoIxFaGzRoPTUwOV8GvEyFkpkzfv3d9UlDZa8q/cTzv6k5NTCOC?=
 =?us-ascii?Q?y8KY1MBQer+yw9XIvq4R4Mw5bxy0SowxaS7EYmRnBms2WTb5wLUy/uEHbO3V?=
 =?us-ascii?Q?4CTVl+gBy5aiHfwPL/UYymhUdhcmerUJSqOCDoZOn0Rnj8sI9afep1OJ7TAh?=
 =?us-ascii?Q?Xuv2pixU/padl2FAfkcEjg6RV1IcMxGltZkIpfrEw9K8t+aJVmpagR5nWnkb?=
 =?us-ascii?Q?bXYNPqXuN/aDOk5itjUQcXE=3D?=
X-OriginatorOrg: os.amperecomputing.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a606388f-a410-4b76-bba4-08dc84fadc7d
X-MS-Exchange-CrossTenant-AuthSource: PH0PR01MB7287.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jun 2024 01:00:15.8902
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3bc2b170-fd94-476d-b0ce-4229bdc904a7
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: VW7uS502X6DRRkW0XFfOM8578O4hrZFYjGLz5dXxV+PkrFUl3bg0CDp+wTw1IoYSbp+yczMCi20wDoGbRM/k3AJCS4+4RvxZQ6yBq5Y7IMI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR01MB7485
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Tue, 04 Jun 2024 18:00:19 -0700
Resent-From: nhi@os.amperecomputing.com
Reply-To: devel@edk2.groups.io,nhi@os.amperecomputing.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: KHvgRI8wIVEbrOtu606lgLdox7686176AA=
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=0EieNu2l;
	dmarc=pass (policy=none) header.from=groups.io;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

This allows to initialize secure boot with the default factory keys
embedded in firmware flash image.

For example, to incorporate PK, KEK, and DB default keys, specify the
corresponding key files in the Jade.dsc as follows:

DEFINE DEFAULT_KEYS        =3D TRUE
DEFINE PK_DEFAULT_FILE     =3D path/to/PK.crt
DEFINE KEK_DEFAULT_FILE1   =3D path/to/KEK.crt
DEFINE DB_DEFAULT_FILE1    =3D path/to/DB1.crt
DEFINE DB_DEFAULT_FILE2    =3D path/to/DB2.crt

Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
---
 Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 2 ++
 Platform/Ampere/JadePkg/Jade.fdf                     | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon=
/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc
index 23579497661d..93b4d1d99dcd 100644
--- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc
+++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc
@@ -590,6 +590,8 @@ [Components.common]
=20
 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx=
e.inf
+  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
+  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDef=
aultKeysDxe.inf
 !endif
   MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
   MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntim=
eDxe.inf
diff --git a/Platform/Ampere/JadePkg/Jade.fdf b/Platform/Ampere/JadePkg/Jad=
e.fdf
index 7795f0e11115..1e2df5ba6142 100644
--- a/Platform/Ampere/JadePkg/Jade.fdf
+++ b/Platform/Ampere/JadePkg/Jade.fdf
@@ -219,7 +219,9 @@ [FV.FvMain]
   INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
   INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
+!include ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
   INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf=
igDxe.inf
+  INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoo=
tDefaultKeysDxe.inf
 !endif
   INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRu=
ntimeDxe.inf
   INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119455): https://edk2.groups.io/g/devel/message/119455
Mute This Topic: https://groups.io/mt/106495161/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-