From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by mx.groups.io with SMTP id smtpd.web11.3673.1657310594548520294 for ; Fri, 08 Jul 2022 13:03:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ogrSNzoC; spf=pass (domain: gmail.com, ip: 209.85.216.48, mailfrom: kuqin12@gmail.com) Received: by mail-pj1-f48.google.com with SMTP id v4-20020a17090abb8400b001ef966652a3so2978606pjr.4 for ; Fri, 08 Jul 2022 13:03:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=EPdctBeZCMZYKjpJ6CHbND9tTPEECHvGVHi8Bw6ejaA=; b=ogrSNzoCCS3/YBUaHccIQfFIrgCkYaq5AR9r8Fwc1GVquu4838M9ctxQg0lq6uJLQX 0N+SJR+3tNgZ9+KZwhwxpmtd0vLZYCsfqvhaekCtGSb9d+TpShcD1SCb30qLsPKXOopX ypkUen1++vqoz146Vuz1KRADUW1ih2nJz5cQJBmpDv/8im4+an/5P+0FMTTJ6O4f+Ln7 s2777y0PCkCEX7diUTK9cR9jANstNTKEVZocvohu0AVgjoDW+6RdO1mPc3EZdZ8B6ShM aH1/YiC4plVS8mJYgF2Y7B9HgOrpOlcQghebsLNR95GTfpn9m76XukwgMoSG7o0/17i8 rh/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=EPdctBeZCMZYKjpJ6CHbND9tTPEECHvGVHi8Bw6ejaA=; b=dHEuqLnsMh9q5gJqNVl8qkq2a+w3vvBdmhoKcES6b+yo2R4+GPpqSyMWPTPd3neS1d EswOOlQ9MMnfu18OFYSjF1CEug0lgrlHnVLUisWC7dhcLRZqH20sZFb6tCPnXq7dxoV6 lS2ld+p/Fq++/IZGRCMdQBtWQSFideJDYjoehNJ1r2Kr6Aq4yGtT/AYpR73ib8ekZlsa jTyv/RJe3xB4ug4e0p+r0ryazh6Sh/b7tahjZ5w6XdQaTbd7VVZD2YaivNw55fIxLi0K 98NzlZGLPDvrAbQtx6NZu+VY/8EeMP8gejGnWyvfjZeY5oCzW9J57ArtiQbVs3Kxfpnv tJQQ== X-Gm-Message-State: AJIora+a4A/N5ZtqxtDfCq0uTRrkHQiP8+vZ9W4+uxOZpUrcvhAVeOjk m/xeANJddAySPie7igi06WU= X-Google-Smtp-Source: AGRyM1u4jCx1oQjhUkyFDOc/oqHZRSvFUWDqMuvQ+4EIXfJd6DcS7bfeVr8xofglSZ1hdqB2N/wBmQ== X-Received: by 2002:a17:903:2409:b0:16b:c062:87ea with SMTP id e9-20020a170903240900b0016bc06287eamr5272503plo.73.1657310593922; Fri, 08 Jul 2022 13:03:13 -0700 (PDT) Return-Path: Received: from ?IPV6:2001:4898:d8:33:9d91:5aa0:28ec:18d4? ([2001:4898:80e8:7:1dad:5aa0:28ec:18d4]) by smtp.gmail.com with ESMTPSA id 188-20020a6204c5000000b0052aaf7fdf2esm2061256pfe.137.2022.07.08.13.03.13 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 08 Jul 2022 13:03:13 -0700 (PDT) Message-ID: <5d3bd6e5-e447-5db1-a2c8-931ac5ed8ae2@gmail.com> Date: Fri, 8 Jul 2022 13:03:12 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries To: Ard Biesheuvel , edk2-devel-groups-io , Jiewen Yao Cc: "Wang, Jian J" , "Xu, Min M" , Sean Brogan , Ard Biesheuvel , "Justen, Jordan L" , Gerd Hoffmann , Rebecca Cran , Peter Grehan , "Boeuf, Sebastien" , Andrew Fish , "Ni, Ray" References: <20220630235341.1746-1-kuqin12@gmail.com> <6769a533-64a8-e920-cce7-b228dbac2f92@gmail.com> From: "Kun Qin" In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi Ard, I thought pipeline should have caught this type of errors. Sorry for the inconvenience. A patch was sent here to fix this issue: https://edk2.groups.io/g/devel/message/91189 Regards, Kun On 7/8/2022 9:38 AM, Ard Biesheuvel wrote: > I think this series has broken some ARM platforms, please double check. > > https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/4573/console > > > On Thu, 7 Jul 2022 at 03:09, Yao, Jiewen wrote: >> Merged https://github.com/tianocore/edk2/pull/3050 >> >> >> >> From: Kun Qin >> Sent: Thursday, July 7, 2022 1:44 AM >> To: devel@edk2.groups.io; Yao, Jiewen >> Cc: Wang, Jian J ; Xu, Min M ; Sean Brogan ; Ard Biesheuvel ; Justen, Jordan L ; Gerd Hoffmann ; Rebecca Cran ; Peter Grehan ; Boeuf, Sebastien ; Andrew Fish ; Ni, Ray >> Subject: Re: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries >> >> >> >> Hi Jiewen, >> >> Yes, the "https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3" is the branch I generate these patch series. And they have not been changed after sending v3 patches. >> >> I confirm that: >> 1. the latest update 256220d82191effae32d91897ab0f65a4fa0641b is identical to the one I submitted to mailing list; >> 2. the branch passed EDKII CI when I prepared this branch and the PR is Secure boot enhance v3 by kuqin12 · Pull Request #3035 · tianocore/edk2 (github.com). >> >> Thanks a lot for the help! Please let me know if you encounter any issues when merging these patches. >> >> Regards, >> Kun >> >> On 7/5/2022 10:19 PM, Yao, Jiewen wrote: >> >> Hi >> >> I am going to merge this. However, I realize that my mailbox filtered patch 6/11 and 10/11. >> >> So I am going to merge the one in https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3 >> >> >> >> Please double confirm: >> >> 1) the latest one 256220d82191effae32d91897ab0f65a4fa0641b is identical to the one you submitted to EDKII mailing list. >> >> 2) the latest one passed the EDKII CI. >> >> >> >> Once you confirm above, I will start merging process. >> >> >> >> Thank you >> >> Yao Jiewen >> >> >> >> -----Original Message----- >> >> From: devel@edk2.groups.io On Behalf Of Kun Qin >> >> Sent: Friday, July 1, 2022 7:54 AM >> >> To: devel@edk2.groups.io >> >> Cc: Yao, Jiewen ; Wang, Jian J ; >> >> Xu, Min M ; Sean Brogan ; >> >> Ard Biesheuvel ; Justen, Jordan L >> >> ; Gerd Hoffmann ; Rebecca >> >> Cran ; Peter Grehan ; Boeuf, >> >> Sebastien ; Andrew Fish ; Ni, >> >> Ray >> >> Subject: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries >> >> >> >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909 >> >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 >> >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911 >> >> >> >> This is a follow-up of a previously submitted patch series based on top >> >> of master branch: https://edk2.groups.io/g/devel/message/90491. >> >> >> >> The main changes between v2 and v3 patches are: >> >> - Added reviewed-by and acked-by tags collected from previous iteration >> >> - Updated default timestamp for default secure boot variable enrollment >> >> >> >> The updated changes are verified on QEMU based Q35 virtual platform as >> >> well as proprietary physical platforms. >> >> >> >> Patch v3 branch: >> >> https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3 >> >> >> >> Cc: Jiewen Yao >> >> Cc: Jian J Wang >> >> Cc: Min Xu >> >> Cc: Sean Brogan >> >> Cc: Ard Biesheuvel >> >> Cc: Jordan Justen >> >> Cc: Gerd Hoffmann >> >> Cc: Rebecca Cran >> >> Cc: Peter Grehan >> >> Cc: Sebastien Boeuf >> >> Cc: Andrew Fish >> >> Cc: Ray Ni >> >> >> >> Kun Qin (8): >> >> SecurityPkg: UefiSecureBoot: Definitions of cert and payload >> >> structures >> >> SecurityPkg: PlatformPKProtectionLib: Added PK protection interface >> >> SecurityPkg: SecureBootVariableLib: Updated time based payload creator >> >> SecurityPkg: SecureBootVariableProvisionLib: Updated implementation >> >> SecurityPkg: Secure Boot Drivers: Added common header files >> >> SecurityPkg: SecureBootConfigDxe: Updated invocation pattern >> >> OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency >> >> EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency >> >> >> >> kuqin (3): >> >> SecurityPkg: SecureBootVariableLib: Updated signature list creator >> >> SecurityPkg: SecureBootVariableLib: Added newly supported interfaces >> >> SecurityPkg: SecureBootVariableLib: Added unit tests >> >> >> >> SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c >> >> | 1 + >> >> >> >> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib >> >> VarPolicy.c | 51 + >> >> SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c >> >> | 485 ++++- >> >> >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio >> >> nLib.c | 36 + >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c >> >> | 201 ++ >> >> >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices >> >> TableLib.c | 13 + >> >> >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnit >> >> Test.c | 2037 ++++++++++++++++++++ >> >> >> >> SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisi >> >> onLib.c | 145 +- >> >> >> >> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigIm >> >> pl.c | 128 +- >> >> >> >> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefa >> >> ultKeysDxe.c | 1 + >> >> EmulatorPkg/EmulatorPkg.dsc | 1 + >> >> OvmfPkg/Bhyve/BhyveX64.dsc | 1 + >> >> OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + >> >> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 + >> >> OvmfPkg/OvmfPkgIa32.dsc | 1 + >> >> OvmfPkg/OvmfPkgIa32X64.dsc | 1 + >> >> OvmfPkg/OvmfPkgX64.dsc | 1 + >> >> SecurityPkg/Include/Library/PlatformPKProtectionLib.h | >> >> 31 + >> >> SecurityPkg/Include/Library/SecureBootVariableLib.h | >> >> 103 +- >> >> SecurityPkg/Include/UefiSecureBoot.h | 94 + >> >> >> >> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib >> >> VarPolicy.inf | 36 + >> >> SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf >> >> | 14 +- >> >> >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio >> >> nLib.inf | 33 + >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf >> >> | 45 + >> >> >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices >> >> TableLib.inf | 25 + >> >> >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnit >> >> Test.inf | 36 + >> >> SecurityPkg/SecurityPkg.ci.yaml | 11 + >> >> SecurityPkg/SecurityPkg.dec | 5 + >> >> SecurityPkg/SecurityPkg.dsc | 2 + >> >> SecurityPkg/Test/SecurityPkgHostTest.dsc | 38 + >> >> >> >> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx >> >> e.inf | 1 + >> >> 31 files changed, 3467 insertions(+), 112 deletions(-) >> >> create mode 100644 >> >> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib >> >> VarPolicy.c >> >> create mode 100644 >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio >> >> nLib.c >> >> create mode 100644 >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c >> >> create mode 100644 >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices >> >> TableLib.c >> >> create mode 100644 >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnit >> >> Test.c >> >> create mode 100644 SecurityPkg/Include/Library/PlatformPKProtectionLib.h >> >> create mode 100644 SecurityPkg/Include/UefiSecureBoot.h >> >> create mode 100644 >> >> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib >> >> VarPolicy.inf >> >> create mode 100644 >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio >> >> nLib.inf >> >> create mode 100644 >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf >> >> create mode 100644 >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices >> >> TableLib.inf >> >> create mode 100644 >> >> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnit >> >> Test.inf >> >> create mode 100644 SecurityPkg/Test/SecurityPkgHostTest.dsc >> >> >> >> -- >> >> 2.36.0.windows.1 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >>