From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49])
 by mx.groups.io with SMTP id smtpd.web08.1281.1622655594655080015
 for <devel@edk2.groups.io>;
 Wed, 02 Jun 2021 10:39:54 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@akeo-ie.20150623.gappssmtp.com header.s=20150623 header.b=ZdK+/E/H;
 spf=pass (domain: akeo.ie, ip: 209.85.128.49, mailfrom: pete@akeo.ie)
Received: by mail-wm1-f49.google.com with SMTP id n17-20020a7bc5d10000b0290169edfadac9so4279704wmk.1
        for <devel@edk2.groups.io>; Wed, 02 Jun 2021 10:39:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=akeo-ie.20150623.gappssmtp.com; s=20150623;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=QmM0SYZkda0VLOkE/behFo2EVTk4IK9FfvGoTMPs2Z0=;
        b=ZdK+/E/HghbA4Oje16Ixiy44W4cpMpX4cgzbdDOKU+4gE4QUU7CsfgMPQ9EC6DkPT5
         2cpxwhTEWe+cqy+5c6PnFOM3qR/u/rs7X/PlcrBOz9K6OLbRXtpN4yQKPBCNoYH5/naR
         LqkzTo7KdlRpj0gCC4AKFj/JskwrS5wOgJoyc0eL6zQ0UTVv2X39fnmK6ly2s021527w
         ENmSGDvkmhmRDjTIoWYW7V8cF+xzzN94aS9vp8EoXd+Ms2H4NZ5pcyvmE5lQRwRn8f4C
         OJI/C/OLF17ReRTMGnWbsOL0/SykYabOd5mqORp6Cgo5i0MZh5f6gix1Srr1aAqkAaEr
         0yJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=QmM0SYZkda0VLOkE/behFo2EVTk4IK9FfvGoTMPs2Z0=;
        b=fVKgMMFyVzL2nokBfmSxKzge69kZVdv3/CtnK+tKI6GDbpHOFPeZU9my+sBFcQ68QT
         g4b53S0TdsjzziQbUXq9rLK/zjtzgNNGruLgF4FxbNuKAUoOIhnE6ZBuRMMFLi5Mu+Il
         VqK39Jwkx1amQkd8UI7DP3zKIDdPv6uooPF7bm9LhPErR6heslG/KLPGBIenXo/H8PJ8
         vetMeYeQaIvsUVWLz3PyVNpw1aBHxiRXcbw5terp7ymkTXKcbw27szq8Fr8g6FWz49iV
         2j5H3+Mr96NXVpsWBz9oFjoqAB6yaSCwXFxhsc30FvrcXvIqO5rqWtT0ZXmFQTCIlUNl
         3VDg==
X-Gm-Message-State: AOAM531XAHSiRxGZ67j0VjYrjO/dcWO0tjNQG27G/mpSeJYHVDVLV/jI
	wE3IUUNWpZ5TxygEGyv/A3KOPw==
X-Google-Smtp-Source: ABdhPJwvB7XPJw4tlmP9d0rwHGAkVLrSc5JO4DuRpVeIIuiXY8j1BJB2V8qNSi6O5u7BgZ9Q/q5sPw==
X-Received: by 2002:a1c:7c13:: with SMTP id x19mr6282510wmc.96.1622655593143;
        Wed, 02 Jun 2021 10:39:53 -0700 (PDT)
Return-Path: <pete@akeo.ie>
Received: from [10.0.0.122] ([84.203.86.196])
        by smtp.googlemail.com with ESMTPSA id q20sm2979211wmq.2.2021.06.02.10.39.52
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 02 Jun 2021 10:39:52 -0700 (PDT)
Subject: Re: [edk2-devel] [PATCH v2 2/6] SecurityPkg: Create include file for default key content.
To: devel@edk2.groups.io, gjb@semihalf.com
Cc: leif@nuviainc.com, ardb+tianocore@kernel.org,
 Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com,
 upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com,
 min.m.xu@intel.com, lersek@redhat.com
References: <20210601131229.630611-1-gjb@semihalf.com>
 <20210601131229.630611-4-gjb@semihalf.com>
From: "Pete Batard" <pete@akeo.ie>
Message-ID: <65bb4817-b9e1-7dd0-78a5-8311140c380b@akeo.ie>
Date: Wed, 2 Jun 2021 18:39:51 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.2
MIME-Version: 1.0
In-Reply-To: <20210601131229.630611-4-gjb@semihalf.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit

On 2021.06.01 14:12, Grzegorz Bernacki wrote:
> This commits add file which can be included by platform Flash
> Description File. It allows to specify certificate files, which
> will be embedded into binary file. The content of these files
> can be used to initialize Secure Boot default keys and databases.
> 
> Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
> ---
>   SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++++++++++++++++++++
>   1 file changed, 62 insertions(+)
>   create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc
> 
> diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
> new file mode 100644
> index 0000000000..056586b204
> --- /dev/null
> +++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
> @@ -0,0 +1,62 @@
> +
> +!if $(DEFAULT_KEYS) == TRUE
> +  FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
> +  !ifdef $(PK_DEFAULT_FILE)
> +    SECTION RAW = $(PK_DEFAULT_FILE)
> +  !endif
> +    SECTION UI = "PK Default"
> +  }
> +
> +  FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
> +  !ifdef $(KEK_DEFAULT_FILE1)
> +    SECTION RAW = $(KEK_DEFAULT_FILE1)
> +  !endif
> +  !ifdef $(KEK_DEFAULT_FILE2)
> +    SECTION RAW = $(KEK_DEFAULT_FILE2)
> +  !endif
> +  !ifdef $(KEK_DEFAULT_FILE3)
> +    SECTION RAW = $(KEK_DEFAULT_FILE3)
> +  !endif
> +    SECTION UI = "KEK Default"
> +  }
> +
> +  FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
> +  !ifdef $(DB_DEFAULT_FILE1)
> +    SECTION RAW = $(DB_DEFAULT_FILE1)
> +  !endif
> +  !ifdef $(DB_DEFAULT_FILE2)
> +    SECTION RAW = $(DB_DEFAULT_FILE2)
> +  !endif
> +  !ifdef $(DB_DEFAULT_FILE3)
> +    SECTION RAW = $(DB_DEFAULT_FILE3)
> +  !endif
> +    SECTION UI = "DB Default"
> +  }
> +
> +  FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 {
> +  !ifdef $(DBT_DEFAULT_FILE1)
> +    SECTION RAW = $(DBT_DEFAULT_FILE1)
> +  !endif
> +  !ifdef $(DBT_DEFAULT_FILE2)
> +    SECTION RAW = $(DBT_DEFAULT_FILE2)
> +  !endif
> +  !ifdef $(DBT_DEFAULT_FILE3)
> +    SECTION RAW = $(DBT_DEFAULT_FILE3)
> +  !endif
> +    SECTION UI = "DBT Default"
> +  }
> +
> +  FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f {
> +  !ifdef $(DBX_DEFAULT_FILE1)
> +    SECTION RAW = $(DBX_DEFAULT_FILE1)
> +  !endif
> +  !ifdef $(DBX_DEFAULT_FILE2)
> +    SECTION RAW = $(DBX_DEFAULT_FILE2)
> +  !endif
> +  !ifdef $(DBX_DEFAULT_FILE3)
> +    SECTION RAW = $(DBX_DEFAULT_FILE3)
> +  !endif
> +    SECTION UI = "DBX Default"
> +  }
> +
> +!endif
> 

Reviewed-by: Pete Batard <pete@akeo.ie>
Tested-by: Pete Batard <pete@akeo.ie> on Raspberry Pi 4