From: "Kun Qin" <kuqin12@gmail.com>
To: Ard Biesheuvel <ardb@kernel.org>,
edk2-devel-groups-io <devel@edk2.groups.io>,
Jiewen Yao <jiewen.yao@intel.com>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
"Xu, Min M" <min.m.xu@intel.com>,
Sean Brogan <sean.brogan@microsoft.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
"Justen, Jordan L" <jordan.l.justen@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Rebecca Cran <rebecca@bsdio.com>,
Peter Grehan <grehan@freebsd.org>,
"Boeuf, Sebastien" <sebastien.boeuf@intel.com>,
Andrew Fish <afish@apple.com>, "Ni, Ray" <ray.ni@intel.com>
Subject: Re: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries
Date: Fri, 8 Jul 2022 13:03:12 -0700 [thread overview]
Message-ID: <5d3bd6e5-e447-5db1-a2c8-931ac5ed8ae2@gmail.com> (raw)
In-Reply-To: <CAMj1kXF+515DJ7haOkcWe+EvtwDPOtwi3PFYHiKa0J4N=JPPrQ@mail.gmail.com>
Hi Ard,
I thought pipeline should have caught this type of errors. Sorry for the
inconvenience.
A patch was sent here to fix this issue:
https://edk2.groups.io/g/devel/message/91189
Regards,
Kun
On 7/8/2022 9:38 AM, Ard Biesheuvel wrote:
> I think this series has broken some ARM platforms, please double check.
>
> https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/4573/console
>
>
> On Thu, 7 Jul 2022 at 03:09, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>> Merged https://github.com/tianocore/edk2/pull/3050
>>
>>
>>
>> From: Kun Qin <kuqin12@gmail.com>
>> Sent: Thursday, July 7, 2022 1:44 AM
>> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; Sean Brogan <sean.brogan@microsoft.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Justen, Jordan L <jordan.l.justen@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Rebecca Cran <rebecca@bsdio.com>; Peter Grehan <grehan@freebsd.org>; Boeuf, Sebastien <sebastien.boeuf@intel.com>; Andrew Fish <afish@apple.com>; Ni, Ray <ray.ni@intel.com>
>> Subject: Re: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries
>>
>>
>>
>> Hi Jiewen,
>>
>> Yes, the "https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3" is the branch I generate these patch series. And they have not been changed after sending v3 patches.
>>
>> I confirm that:
>> 1. the latest update 256220d82191effae32d91897ab0f65a4fa0641b is identical to the one I submitted to mailing list;
>> 2. the branch passed EDKII CI when I prepared this branch and the PR is Secure boot enhance v3 by kuqin12 · Pull Request #3035 · tianocore/edk2 (github.com).
>>
>> Thanks a lot for the help! Please let me know if you encounter any issues when merging these patches.
>>
>> Regards,
>> Kun
>>
>> On 7/5/2022 10:19 PM, Yao, Jiewen wrote:
>>
>> Hi
>>
>> I am going to merge this. However, I realize that my mailbox filtered patch 6/11 and 10/11.
>>
>> So I am going to merge the one in https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3
>>
>>
>>
>> Please double confirm:
>>
>> 1) the latest one 256220d82191effae32d91897ab0f65a4fa0641b is identical to the one you submitted to EDKII mailing list.
>>
>> 2) the latest one passed the EDKII CI.
>>
>>
>>
>> Once you confirm above, I will start merging process.
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>> -----Original Message-----
>>
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Kun Qin
>>
>> Sent: Friday, July 1, 2022 7:54 AM
>>
>> To: devel@edk2.groups.io
>>
>> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
>>
>> Xu, Min M <min.m.xu@intel.com>; Sean Brogan <sean.brogan@microsoft.com>;
>>
>> Ard Biesheuvel <ardb+tianocore@kernel.org>; Justen, Jordan L
>>
>> <jordan.l.justen@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Rebecca
>>
>> Cran <rebecca@bsdio.com>; Peter Grehan <grehan@freebsd.org>; Boeuf,
>>
>> Sebastien <sebastien.boeuf@intel.com>; Andrew Fish <afish@apple.com>; Ni,
>>
>> Ray <ray.ni@intel.com>
>>
>> Subject: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries
>>
>>
>>
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909
>>
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910
>>
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911
>>
>>
>>
>> This is a follow-up of a previously submitted patch series based on top
>>
>> of master branch: https://edk2.groups.io/g/devel/message/90491.
>>
>>
>>
>> The main changes between v2 and v3 patches are:
>>
>> - Added reviewed-by and acked-by tags collected from previous iteration
>>
>> - Updated default timestamp for default secure boot variable enrollment
>>
>>
>>
>> The updated changes are verified on QEMU based Q35 virtual platform as
>>
>> well as proprietary physical platforms.
>>
>>
>>
>> Patch v3 branch:
>>
>> https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3
>>
>>
>>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>>
>> Cc: Min Xu <min.m.xu@intel.com>
>>
>> Cc: Sean Brogan <sean.brogan@microsoft.com>
>>
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>>
>> Cc: Rebecca Cran <rebecca@bsdio.com>
>>
>> Cc: Peter Grehan <grehan@freebsd.org>
>>
>> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
>>
>> Cc: Andrew Fish <afish@apple.com>
>>
>> Cc: Ray Ni <ray.ni@intel.com>
>>
>>
>>
>> Kun Qin (8):
>>
>> SecurityPkg: UefiSecureBoot: Definitions of cert and payload
>>
>> structures
>>
>> SecurityPkg: PlatformPKProtectionLib: Added PK protection interface
>>
>> SecurityPkg: SecureBootVariableLib: Updated time based payload creator
>>
>> SecurityPkg: SecureBootVariableProvisionLib: Updated implementation
>>
>> SecurityPkg: Secure Boot Drivers: Added common header files
>>
>> SecurityPkg: SecureBootConfigDxe: Updated invocation pattern
>>
>> OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency
>>
>> EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency
>>
>>
>>
>> kuqin (3):
>>
>> SecurityPkg: SecureBootVariableLib: Updated signature list creator
>>
>> SecurityPkg: SecureBootVariableLib: Added newly supported interfaces
>>
>> SecurityPkg: SecureBootVariableLib: Added unit tests
>>
>>
>>
>> SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
>>
>> | 1 +
>>
>>
>>
>> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib
>>
>> VarPolicy.c | 51 +
>>
>> SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
>>
>> | 485 ++++-
>>
>>
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio
>>
>> nLib.c | 36 +
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
>>
>> | 201 ++
>>
>>
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices
>>
>> TableLib.c | 13 +
>>
>>
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnit
>>
>> Test.c | 2037 ++++++++++++++++++++
>>
>>
>>
>> SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisi
>>
>> onLib.c | 145 +-
>>
>>
>>
>> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigIm
>>
>> pl.c | 128 +-
>>
>>
>>
>> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefa
>>
>> ultKeysDxe.c | 1 +
>>
>> EmulatorPkg/EmulatorPkg.dsc | 1 +
>>
>> OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
>>
>> OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
>>
>> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
>>
>> OvmfPkg/OvmfPkgIa32.dsc | 1 +
>>
>> OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
>>
>> OvmfPkg/OvmfPkgX64.dsc | 1 +
>>
>> SecurityPkg/Include/Library/PlatformPKProtectionLib.h |
>>
>> 31 +
>>
>> SecurityPkg/Include/Library/SecureBootVariableLib.h |
>>
>> 103 +-
>>
>> SecurityPkg/Include/UefiSecureBoot.h | 94 +
>>
>>
>>
>> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib
>>
>> VarPolicy.inf | 36 +
>>
>> SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
>>
>> | 14 +-
>>
>>
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio
>>
>> nLib.inf | 33 +
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
>>
>> | 45 +
>>
>>
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices
>>
>> TableLib.inf | 25 +
>>
>>
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnit
>>
>> Test.inf | 36 +
>>
>> SecurityPkg/SecurityPkg.ci.yaml | 11 +
>>
>> SecurityPkg/SecurityPkg.dec | 5 +
>>
>> SecurityPkg/SecurityPkg.dsc | 2 +
>>
>> SecurityPkg/Test/SecurityPkgHostTest.dsc | 38 +
>>
>>
>>
>> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx
>>
>> e.inf | 1 +
>>
>> 31 files changed, 3467 insertions(+), 112 deletions(-)
>>
>> create mode 100644
>>
>> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib
>>
>> VarPolicy.c
>>
>> create mode 100644
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio
>>
>> nLib.c
>>
>> create mode 100644
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
>>
>> create mode 100644
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices
>>
>> TableLib.c
>>
>> create mode 100644
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnit
>>
>> Test.c
>>
>> create mode 100644 SecurityPkg/Include/Library/PlatformPKProtectionLib.h
>>
>> create mode 100644 SecurityPkg/Include/UefiSecureBoot.h
>>
>> create mode 100644
>>
>> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib
>>
>> VarPolicy.inf
>>
>> create mode 100644
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio
>>
>> nLib.inf
>>
>> create mode 100644
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
>>
>> create mode 100644
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices
>>
>> TableLib.inf
>>
>> create mode 100644
>>
>> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnit
>>
>> Test.inf
>>
>> create mode 100644 SecurityPkg/Test/SecurityPkgHostTest.dsc
>>
>>
>>
>> --
>>
>> 2.36.0.windows.1
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
prev parent reply other threads:[~2022-07-08 20:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-30 23:53 [PATCH v3 00/11] Enhance Secure Boot Variable Libraries Kun Qin
2022-06-30 23:53 ` [PATCH v3 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures Kun Qin
2022-06-30 23:53 ` [PATCH v3 02/11] SecurityPkg: PlatformPKProtectionLib: Added PK protection interface Kun Qin
2022-06-30 23:53 ` [PATCH v3 03/11] SecurityPkg: SecureBootVariableLib: Updated time based payload creator Kun Qin
2022-06-30 23:53 ` [PATCH v3 04/11] SecurityPkg: SecureBootVariableLib: Updated signature list creator Kun Qin
2022-06-30 23:53 ` [PATCH v3 05/11] SecurityPkg: SecureBootVariableLib: Added newly supported interfaces Kun Qin
2022-06-30 23:53 ` [PATCH v3 06/11] SecurityPkg: SecureBootVariableProvisionLib: Updated implementation Kun Qin
2022-06-30 23:53 ` [PATCH v3 07/11] SecurityPkg: Secure Boot Drivers: Added common header files Kun Qin
2022-06-30 23:53 ` [PATCH v3 08/11] SecurityPkg: SecureBootConfigDxe: Updated invocation pattern Kun Qin
2022-06-30 23:53 ` [PATCH v3 09/11] SecurityPkg: SecureBootVariableLib: Added unit tests Kun Qin
2022-06-30 23:53 ` [PATCH v3 10/11] OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency Kun Qin
2022-06-30 23:53 ` [PATCH v3 11/11] EmulatorPkg: " Kun Qin
2022-07-06 5:19 ` [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries Yao, Jiewen
2022-07-06 17:44 ` Kun Qin
2022-07-07 1:09 ` Yao, Jiewen
2022-07-07 1:10 ` Kun Qin
2022-07-08 16:38 ` Ard Biesheuvel
2022-07-08 20:03 ` Kun Qin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5d3bd6e5-e447-5db1-a2c8-931ac5ed8ae2@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox