From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web08.14982.1656526015524043851 for ; Wed, 29 Jun 2022 11:06:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Hn5G6Qe0; spf=pass (domain: gmail.com, ip: 209.85.214.175, mailfrom: kuqin12@gmail.com) Received: by mail-pl1-f175.google.com with SMTP id m2so14841557plx.3 for ; Wed, 29 Jun 2022 11:06:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to; bh=A1N776sq1Gn6RZIqRL9gkMbCyyZBJbcHbaUQa/AzbIw=; b=Hn5G6Qe0LX1pK0skPQju+rGNruZ//Y7RRbS4SzRolgDZgtH3oK5keyrdmmMvw6i1MA G0z2miWBc/kczbMoPZ1DHQwoJRrcy1CKYBZ1aq25n5gTzfPdMsth/yEwH3HWrwrxpYMO KxA4QkCmD8uIYt0nsSxF9c759y0Oz1gsLDl7rYKjuJSH8Wd8vxAsJSk16QlQwIR6XPvL UKYW8ce5DO87fDSiuQzNxM7zYfD2oOwnuBJbBu2sFFfUxXpCwXCImDPFAgIlLQxfUFeu UBVpdaVeBjJXooLeOkbkUjxKBd/meR3unwyZgyvsWOwg7zWlK7sugLwWFmIh/DAUqDyN APRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to; bh=A1N776sq1Gn6RZIqRL9gkMbCyyZBJbcHbaUQa/AzbIw=; b=lkdsPn5lO/RZ//hQoCGWm7AyPwPdXolQOg/RcmQVXhxs8XN3uHS6aIu4MNC8kiUpx9 yL2ROswbeYCaKmU6c6uDXAhMu6MWW4u/laGokP+NW3866lyTbdU6+oBwPSfp6WgpgKVb XkuDRSeB8uweypn8DoUl+teWqDDsggQ1SagJdutwFkAGBzzYKl9+IFJKM6E+l8JddvmZ KDMk2nZRFMSRaWUSM0oia5z2+BjIxNDCYmXXoSTE6QivkPQjoIyvbNX6S59YvClXngDr z+jhhNNRTLuUbXYmNbC08WIRrzZNp8BEzt5zjJQ8q57LETQCniShMzBqGheFQdvxWaam 3OLA== X-Gm-Message-State: AJIora907CFT7h04mHhvDJvntVnPx0Mka5ySkZEwa7Sd+KrBVeSorNm5 qLvUn7Rcgwl3L+/jZoRLb71VIUGJKjg= X-Google-Smtp-Source: AGRyM1vyIhWQF13N3oOvhZorknODwZXDpA+uywHBauXy6Fl9ZIb9jlrFdbNDT+jprbsV/Ldoq+IUug== X-Received: by 2002:a17:902:dccb:b0:16b:9891:3c82 with SMTP id t11-20020a170902dccb00b0016b98913c82mr7313019pll.129.1656526014485; Wed, 29 Jun 2022 11:06:54 -0700 (PDT) Return-Path: Received: from ?IPV6:2001:4898:d8:33:c53a:708e:c461:45a1? ([2001:4898:80e8:9:4554:708e:c461:45a1]) by smtp.gmail.com with ESMTPSA id u1-20020a1709026e0100b00163d4c3ffabsm7633724plk.304.2022.06.29.11.06.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 29 Jun 2022 11:06:54 -0700 (PDT) Message-ID: <83ae9d42-6089-0da5-6c58-8090b6d4cd60@gmail.com> Date: Wed, 29 Jun 2022 11:06:53 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0 Subject: Re: [edk2-devel] [PATCH v2 00/11] Enhance Secure Boot Variable Libraries To: devel@edk2.groups.io, jiewen.yao@intel.com Cc: "Wang, Jian J" , "Xu, Min M" , Sean Brogan , Ard Biesheuvel , "Justen, Jordan L" , Gerd Hoffmann , Rebecca Cran , Peter Grehan , "Boeuf, Sebastien" , Andrew Fish , "Ni, Ray" References: <16F848B3160A57C1.5246@groups.io> From: "Kun Qin" In-Reply-To: Content-Type: multipart/alternative; boundary="------------gsZw0Ah000K0WOXstofjUGgH" Content-Language: en-US --------------gsZw0Ah000K0WOXstofjUGgH Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi Jiewen, Thanks for reading through these patches. For #1, yes, we implemented these changes in project MU and validated them on both our virtual platform (https://github.com/microsoft/mu_tiano_platforms) and other proprietary hardware platforms. I will leave the acked-by or tested-by to others on the MU teams. For #2, this is just an arbitrary timestamp from a previous date so that we can create time based payload without hard dependency on time protocol (which could result in potential executing sequence issue). I will update comment to avoid confusion in the next round of patch. But should you have other suggestions to improve this, please let me know. Regards, Kun On 6/29/2022 1:50 AM, Yao, Jiewen wrote: > > Hi Kun > > Thank you to make the redesign. > > Overall the patch set looks good to me. Some questions: > > 1. Is that from project MU? If so, I would like to see acked-by or > tested-by from project MU owner. That can give me more confidence > to accept it. 😊 > > 2. Is below data from some document? If so, would please add URL? > Also, why do we have to use this timestamp? What if a different > timestamp is used? > > +// MS Default Time-Based Payload Creation Date > > +// This is the date that is used when creating SecureBoot default > variables. > > +// NOTE: This is a placeholder date that doesn't correspond to > anything else. > > +// > > +EFI_TIME  mDefaultPayloadTimestamp = { > > +  15,   // Year (2015) > > +  8,    // Month (Aug) > > +  28,   // Day (28) > > +  0,    // Hour > > +  0,    // Minute > > +  0,    // Second > > +  0,    // Pad1 > > +  0,    // Nanosecond > > +  0,    // Timezone (Dummy value) > > +  0,    // Daylight (Dummy value) > > +  0     // Pad2 > > +}; > > *From:* Kun Qin > *Sent:* Wednesday, June 29, 2022 5:19 AM > *To:* edk2-devel-groups-io ; kuqin12@gmail.com > *Cc:* Yao, Jiewen ; Wang, Jian J > ; Xu, Min M ; Sean Brogan > ; Ard Biesheuvel > ; Justen, Jordan L > ; Gerd Hoffmann ; > Rebecca Cran ; Peter Grehan ; > Boeuf, Sebastien ; Andrew Fish > ; Ni, Ray > *Subject:* Re: [edk2-devel] [PATCH v2 00/11] Enhance Secure Boot > Variable Libraries > > Hi SecurityPkg maintainers & reviewers, > > I posted this patch series a while back intending to generalize the > usage of a few interfaces from secure boot libraries. Could you please > help reviewing them and provide feedback? Any input is appreciated. > > Regards, > > Kun > > On Mon, Jun 13, 2022 at 1:39 PM Kun Qin via groups.io > wrote: > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911 > > This is a revamp of a previously submitted patch series based on > top of > master branch: https://edk2.groups.io/g/devel/message/89507. No > changes > added. > > Current SecureBootVariableLib provide great support for deleting > secure > boot related variables, creating time-based payloads. > > However, for secure boot enrollment, the > SecureBootVariableProvisionLib > interfaces always assume the changes from variable storage, > limiting the > usage, requiring existing platforms to change key initialization > process > to adapt to the new methods, as well as bringing in extra dependencies > such as FV protocol, time protocols. > > This patch series proposes to update the implementation for Secure > Boot > Variable libraries and their consumers to better support the related > variables operations. > > Patch v2 branch: > https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v2 > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Sean Brogan > Cc: Ard Biesheuvel > > Cc: Jordan Justen > Cc: Gerd Hoffmann > Cc: Rebecca Cran > Cc: Peter Grehan > Cc: Sebastien Boeuf > Cc: Andrew Fish > Cc: Ray Ni > > Kun Qin (8): >   SecurityPkg: UefiSecureBoot: Definitions of cert and payload >     structures >   SecurityPkg: PlatformPKProtectionLib: Added PK protection interface >   SecurityPkg: SecureBootVariableLib: Updated time based payload > creator >   SecurityPkg: SecureBootVariableProvisionLib: Updated implementation >   SecurityPkg: Secure Boot Drivers: Added common header files >   SecurityPkg: SecureBootConfigDxe: Updated invocation pattern >   OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency >   EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency > > kuqin (3): >   SecurityPkg: SecureBootVariableLib: Updated signature list creator >   SecurityPkg: SecureBootVariableLib: Added newly supported interfaces >   SecurityPkg: SecureBootVariableLib: Added unit tests > >  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c   >                  |    1 + >  SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c >  |   51 + >  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c >                    |  486 ++++- >  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c >         |   36 + >  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c >                   |  201 ++ >  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c >     |   13 + >  SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c >       | 2037 ++++++++++++++++++++ >  SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c >      |  145 +- >  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c >             |  128 +- >  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c >    |    1 + >  EmulatorPkg/EmulatorPkg.dsc                                     >  |    1 + >  OvmfPkg/Bhyve/BhyveX64.dsc                                     |  >   1 + >  OvmfPkg/CloudHv/CloudHvX64.dsc                                   >   |    1 + >  OvmfPkg/IntelTdx/IntelTdxX64.dsc                                 >     |    1 + >  OvmfPkg/OvmfPkgIa32.dsc                                      |    1 + >  OvmfPkg/OvmfPkgIa32X64.dsc                                     |  >   1 + >  OvmfPkg/OvmfPkgX64.dsc                                     |    1 + >  SecurityPkg/Include/Library/PlatformPKProtectionLib.h             >        |   31 + >  SecurityPkg/Include/Library/SecureBootVariableLib.h               >                        |  103 +- >  SecurityPkg/Include/UefiSecureBoot.h                             >         |   94 + >  SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf > |   36 + >  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf >                    |   14 +- >  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf >       |   33 + >  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf >                   |   45 + >  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf >   |   25 + >  SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf >     |   36 + >  SecurityPkg/SecurityPkg.ci.yaml                                   >    |   11 + >  SecurityPkg/SecurityPkg.dec                                     >  |    5 + >  SecurityPkg/SecurityPkg.dsc                                     >  |    2 + >  SecurityPkg/Test/SecurityPkgHostTest.dsc                         >             |   38 + >  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf >            |    1 + >  31 files changed, 3468 insertions(+), 112 deletions(-) >  create mode 100644 > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c >  create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c >  create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c >  create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c >  create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c >  create mode 100644 > SecurityPkg/Include/Library/PlatformPKProtectionLib.h >  create mode 100644 SecurityPkg/Include/UefiSecureBoot.h >  create mode 100644 > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf >  create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf >  create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf >  create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf >  create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf >  create mode 100644 SecurityPkg/Test/SecurityPkgHostTest.dsc > > -- > 2.35.1.windows.2 > > > > > > --------------gsZw0Ah000K0WOXstofjUGgH Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

Hi Jiewen,

Thanks for reading through these patches.

For #1, yes, we implemented these changes in project MU and validated them on both our virtual platform (https://github.com/microsoft/mu_tiano_platforms) and other proprietary hardware platforms. I will leave the acked-by or tested-by to others on the MU teams.

For #2, this is just an arbitrary timestamp from a previous date so that we can create time based payload without hard dependency on time protocol (which could result in potential executing sequence issue). I will update comment to avoid confusion in the next round of patch. But should you have other suggestions to improve this, please let me know.

Regards,
Kun

On 6/29/2022 1:50 AM, Yao, Jiewen wrote:

Hi Kun

Thank you to make the redesign.

 

Overall the patch set looks good to me. Some questions:

 

  1. Is that from project MU? If so, I would like to see acked-by or tested-by from project MU owner. That can give me more confidence to accept it. 😊

 

  1. Is below data from some document? If so, would please add URL? Also, why do we have to use this timestamp? What if a different timestamp is used?

 

+// MS Default Time-Based Payload Creation Date

+// This is the date that is used when creating SecureBoot default variables.

+// NOTE: This is a placeholder date that doesn't correspond to anything else.

+//

+EFI_TIME  mDefaultPayloadTimestamp = {

+  15,   // Year (2015)

+  8,    // Month (Aug)

+  28,   // Day (28)

+  0,    // Hour

+  0,    // Minute

+  0,    // Second

+  0,    // Pad1

+  0,    // Nanosecond

+  0,    // Timezone (Dummy value)

+  0,    // Daylight (Dummy value)

+  0     // Pad2

+};

 

 

From: Kun Qin <kuqin12@gmail.com>
Sent: Wednesday, June 29, 2022 5:19 AM
To: edk2-devel-groups-io <devel@edk2.groups.io>; kuqin12@gmail.com
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; Sean Brogan <sean.brogan@microsoft.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Justen, Jordan L <jordan.l.justen@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Rebecca Cran <rebecca@bsdio.com>; Peter Grehan <grehan@freebsd.org>; Boeuf, Sebastien <sebastien.boeuf@intel.com>; Andrew Fish <afish@apple.com>; Ni, Ray <ray.ni@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 00/11] Enhance Secure Boot Variable Libraries

 

Hi SecurityPkg maintainers & reviewers,

 

I posted this patch series a while back intending to generalize the usage of a few interfaces from secure boot libraries. Could you please help reviewing them and provide feedback? Any input is appreciated.

 

Regards,

Kun

 

On Mon, Jun 13, 2022 at 1:39 PM Kun Qin via groups.io <kuqin12=gmail.com@groups.io> wrote:

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911

This is a revamp of a previously submitted patch series based on top of
master branch: https://edk2.groups.io/g/devel/message/89507. No changes
added.

Current SecureBootVariableLib provide great support for deleting secure
boot related variables, creating time-based payloads.

However, for secure boot enrollment, the SecureBootVariableProvisionLib
interfaces always assume the changes from variable storage, limiting the
usage, requiring existing platforms to change key initialization process
to adapt to the new methods, as well as bringing in extra dependencies
such as FV protocol, time protocols.

This patch series proposes to update the implementation for Secure Boot
Variable libraries and their consumers to better support the related
variables operations.

Patch v2 branch: https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v2

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>

Kun Qin (8):
  SecurityPkg: UefiSecureBoot: Definitions of cert and payload
    structures
  SecurityPkg: PlatformPKProtectionLib: Added PK protection interface
  SecurityPkg: SecureBootVariableLib: Updated time based payload creator
  SecurityPkg: SecureBootVariableProvisionLib: Updated implementation
  SecurityPkg: Secure Boot Drivers: Added common header files
  SecurityPkg: SecureBootConfigDxe: Updated invocation pattern
  OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency
  EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency

kuqin (3):
  SecurityPkg: SecureBootVariableLib: Updated signature list creator
  SecurityPkg: SecureBootVariableLib: Added newly supported interfaces
  SecurityPkg: SecureBootVariableLib: Added unit tests

 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c                           |    1 +
 SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c   |   51 +
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c                         |  486 ++++-
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c          |   36 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c                          |  201 ++
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c      |   13 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c        | 2037 ++++++++++++++++++++
 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c       |  145 +-
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c              |  128 +-
 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c     |    1 +
 EmulatorPkg/EmulatorPkg.dsc                                                               |    1 +
 OvmfPkg/Bhyve/BhyveX64.dsc                                                                |    1 +
 OvmfPkg/CloudHv/CloudHvX64.dsc                                                            |    1 +
 OvmfPkg/IntelTdx/IntelTdxX64.dsc                                                          |    1 +
 OvmfPkg/OvmfPkgIa32.dsc                                                                   |    1 +
 OvmfPkg/OvmfPkgIa32X64.dsc                                                                |    1 +
 OvmfPkg/OvmfPkgX64.dsc                                                                    |    1 +
 SecurityPkg/Include/Library/PlatformPKProtectionLib.h                                     |   31 +
 SecurityPkg/Include/Library/SecureBootVariableLib.h                                       |  103 +-
 SecurityPkg/Include/UefiSecureBoot.h                                                      |   94 +
 SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf |   36 +
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf                       |   14 +-
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf        |   33 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf                        |   45 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf    |   25 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf      |   36 +
 SecurityPkg/SecurityPkg.ci.yaml                                                           |   11 +
 SecurityPkg/SecurityPkg.dec                                                               |    5 +
 SecurityPkg/SecurityPkg.dsc                                                               |    2 +
 SecurityPkg/Test/SecurityPkgHostTest.dsc                                                  |   38 +
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf             |    1 +
 31 files changed, 3468 insertions(+), 112 deletions(-)
 create mode 100644 SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
 create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
 create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
 create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
 create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
 create mode 100644 SecurityPkg/Include/Library/PlatformPKProtectionLib.h
 create mode 100644 SecurityPkg/Include/UefiSecureBoot.h
 create mode 100644 SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
 create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
 create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
 create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
 create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
 create mode 100644 SecurityPkg/Test/SecurityPkgHostTest.dsc

--
2.35.1.windows.2





--------------gsZw0Ah000K0WOXstofjUGgH--