From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.web08.1281.1622655594655080015 for ; Wed, 02 Jun 2021 10:39:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@akeo-ie.20150623.gappssmtp.com header.s=20150623 header.b=ZdK+/E/H; spf=pass (domain: akeo.ie, ip: 209.85.128.49, mailfrom: pete@akeo.ie) Received: by mail-wm1-f49.google.com with SMTP id n17-20020a7bc5d10000b0290169edfadac9so4279704wmk.1 for ; Wed, 02 Jun 2021 10:39:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akeo-ie.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=QmM0SYZkda0VLOkE/behFo2EVTk4IK9FfvGoTMPs2Z0=; b=ZdK+/E/HghbA4Oje16Ixiy44W4cpMpX4cgzbdDOKU+4gE4QUU7CsfgMPQ9EC6DkPT5 2cpxwhTEWe+cqy+5c6PnFOM3qR/u/rs7X/PlcrBOz9K6OLbRXtpN4yQKPBCNoYH5/naR LqkzTo7KdlRpj0gCC4AKFj/JskwrS5wOgJoyc0eL6zQ0UTVv2X39fnmK6ly2s021527w ENmSGDvkmhmRDjTIoWYW7V8cF+xzzN94aS9vp8EoXd+Ms2H4NZ5pcyvmE5lQRwRn8f4C OJI/C/OLF17ReRTMGnWbsOL0/SykYabOd5mqORp6Cgo5i0MZh5f6gix1Srr1aAqkAaEr 0yJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=QmM0SYZkda0VLOkE/behFo2EVTk4IK9FfvGoTMPs2Z0=; b=fVKgMMFyVzL2nokBfmSxKzge69kZVdv3/CtnK+tKI6GDbpHOFPeZU9my+sBFcQ68QT g4b53S0TdsjzziQbUXq9rLK/zjtzgNNGruLgF4FxbNuKAUoOIhnE6ZBuRMMFLi5Mu+Il VqK39Jwkx1amQkd8UI7DP3zKIDdPv6uooPF7bm9LhPErR6heslG/KLPGBIenXo/H8PJ8 vetMeYeQaIvsUVWLz3PyVNpw1aBHxiRXcbw5terp7ymkTXKcbw27szq8Fr8g6FWz49iV 2j5H3+Mr96NXVpsWBz9oFjoqAB6yaSCwXFxhsc30FvrcXvIqO5rqWtT0ZXmFQTCIlUNl 3VDg== X-Gm-Message-State: AOAM531XAHSiRxGZ67j0VjYrjO/dcWO0tjNQG27G/mpSeJYHVDVLV/jI wE3IUUNWpZ5TxygEGyv/A3KOPw== X-Google-Smtp-Source: ABdhPJwvB7XPJw4tlmP9d0rwHGAkVLrSc5JO4DuRpVeIIuiXY8j1BJB2V8qNSi6O5u7BgZ9Q/q5sPw== X-Received: by 2002:a1c:7c13:: with SMTP id x19mr6282510wmc.96.1622655593143; Wed, 02 Jun 2021 10:39:53 -0700 (PDT) Return-Path: Received: from [10.0.0.122] ([84.203.86.196]) by smtp.googlemail.com with ESMTPSA id q20sm2979211wmq.2.2021.06.02.10.39.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 02 Jun 2021 10:39:52 -0700 (PDT) Subject: Re: [edk2-devel] [PATCH v2 2/6] SecurityPkg: Create include file for default key content. To: devel@edk2.groups.io, gjb@semihalf.com Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com References: <20210601131229.630611-1-gjb@semihalf.com> <20210601131229.630611-4-gjb@semihalf.com> From: "Pete Batard" Message-ID: <65bb4817-b9e1-7dd0-78a5-8311140c380b@akeo.ie> Date: Wed, 2 Jun 2021 18:39:51 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 MIME-Version: 1.0 In-Reply-To: <20210601131229.630611-4-gjb@semihalf.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit On 2021.06.01 14:12, Grzegorz Bernacki wrote: > This commits add file which can be included by platform Flash > Description File. It allows to specify certificate files, which > will be embedded into binary file. The content of these files > can be used to initialize Secure Boot default keys and databases. > > Signed-off-by: Grzegorz Bernacki > --- > SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++++++++++++++++++++ > 1 file changed, 62 insertions(+) > create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc > > diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc b/SecurityPkg/SecureBootDefaultKeys.fdf.inc > new file mode 100644 > index 0000000000..056586b204 > --- /dev/null > +++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc > @@ -0,0 +1,62 @@ > + > +!if $(DEFAULT_KEYS) == TRUE > + FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { > + !ifdef $(PK_DEFAULT_FILE) > + SECTION RAW = $(PK_DEFAULT_FILE) > + !endif > + SECTION UI = "PK Default" > + } > + > + FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { > + !ifdef $(KEK_DEFAULT_FILE1) > + SECTION RAW = $(KEK_DEFAULT_FILE1) > + !endif > + !ifdef $(KEK_DEFAULT_FILE2) > + SECTION RAW = $(KEK_DEFAULT_FILE2) > + !endif > + !ifdef $(KEK_DEFAULT_FILE3) > + SECTION RAW = $(KEK_DEFAULT_FILE3) > + !endif > + SECTION UI = "KEK Default" > + } > + > + FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { > + !ifdef $(DB_DEFAULT_FILE1) > + SECTION RAW = $(DB_DEFAULT_FILE1) > + !endif > + !ifdef $(DB_DEFAULT_FILE2) > + SECTION RAW = $(DB_DEFAULT_FILE2) > + !endif > + !ifdef $(DB_DEFAULT_FILE3) > + SECTION RAW = $(DB_DEFAULT_FILE3) > + !endif > + SECTION UI = "DB Default" > + } > + > + FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 { > + !ifdef $(DBT_DEFAULT_FILE1) > + SECTION RAW = $(DBT_DEFAULT_FILE1) > + !endif > + !ifdef $(DBT_DEFAULT_FILE2) > + SECTION RAW = $(DBT_DEFAULT_FILE2) > + !endif > + !ifdef $(DBT_DEFAULT_FILE3) > + SECTION RAW = $(DBT_DEFAULT_FILE3) > + !endif > + SECTION UI = "DBT Default" > + } > + > + FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { > + !ifdef $(DBX_DEFAULT_FILE1) > + SECTION RAW = $(DBX_DEFAULT_FILE1) > + !endif > + !ifdef $(DBX_DEFAULT_FILE2) > + SECTION RAW = $(DBX_DEFAULT_FILE2) > + !endif > + !ifdef $(DBX_DEFAULT_FILE3) > + SECTION RAW = $(DBX_DEFAULT_FILE3) > + !endif > + SECTION UI = "DBX Default" > + } > + > +!endif > Reviewed-by: Pete Batard Tested-by: Pete Batard on Raspberry Pi 4