From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web08.14982.1656526015524043851
 for <devel@edk2.groups.io>;
 Wed, 29 Jun 2022 11:06:55 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=Hn5G6Qe0;
 spf=pass (domain: gmail.com, ip: 209.85.214.175, mailfrom: kuqin12@gmail.com)
Received: by mail-pl1-f175.google.com with SMTP id m2so14841557plx.3
        for <devel@edk2.groups.io>; Wed, 29 Jun 2022 11:06:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=message-id:date:mime-version:user-agent:subject:content-language:to
         :cc:references:from:in-reply-to;
        bh=A1N776sq1Gn6RZIqRL9gkMbCyyZBJbcHbaUQa/AzbIw=;
        b=Hn5G6Qe0LX1pK0skPQju+rGNruZ//Y7RRbS4SzRolgDZgtH3oK5keyrdmmMvw6i1MA
         G0z2miWBc/kczbMoPZ1DHQwoJRrcy1CKYBZ1aq25n5gTzfPdMsth/yEwH3HWrwrxpYMO
         KxA4QkCmD8uIYt0nsSxF9c759y0Oz1gsLDl7rYKjuJSH8Wd8vxAsJSk16QlQwIR6XPvL
         UKYW8ce5DO87fDSiuQzNxM7zYfD2oOwnuBJbBu2sFFfUxXpCwXCImDPFAgIlLQxfUFeu
         UBVpdaVeBjJXooLeOkbkUjxKBd/meR3unwyZgyvsWOwg7zWlK7sugLwWFmIh/DAUqDyN
         APRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
         :content-language:to:cc:references:from:in-reply-to;
        bh=A1N776sq1Gn6RZIqRL9gkMbCyyZBJbcHbaUQa/AzbIw=;
        b=lkdsPn5lO/RZ//hQoCGWm7AyPwPdXolQOg/RcmQVXhxs8XN3uHS6aIu4MNC8kiUpx9
         yL2ROswbeYCaKmU6c6uDXAhMu6MWW4u/laGokP+NW3866lyTbdU6+oBwPSfp6WgpgKVb
         XkuDRSeB8uweypn8DoUl+teWqDDsggQ1SagJdutwFkAGBzzYKl9+IFJKM6E+l8JddvmZ
         KDMk2nZRFMSRaWUSM0oia5z2+BjIxNDCYmXXoSTE6QivkPQjoIyvbNX6S59YvClXngDr
         z+jhhNNRTLuUbXYmNbC08WIRrzZNp8BEzt5zjJQ8q57LETQCniShMzBqGheFQdvxWaam
         3OLA==
X-Gm-Message-State: AJIora907CFT7h04mHhvDJvntVnPx0Mka5ySkZEwa7Sd+KrBVeSorNm5
	qLvUn7Rcgwl3L+/jZoRLb71VIUGJKjg=
X-Google-Smtp-Source: AGRyM1vyIhWQF13N3oOvhZorknODwZXDpA+uywHBauXy6Fl9ZIb9jlrFdbNDT+jprbsV/Ldoq+IUug==
X-Received: by 2002:a17:902:dccb:b0:16b:9891:3c82 with SMTP id t11-20020a170902dccb00b0016b98913c82mr7313019pll.129.1656526014485;
        Wed, 29 Jun 2022 11:06:54 -0700 (PDT)
Return-Path: <kuqin12@gmail.com>
Received: from ?IPV6:2001:4898:d8:33:c53a:708e:c461:45a1? ([2001:4898:80e8:9:4554:708e:c461:45a1])
        by smtp.gmail.com with ESMTPSA id u1-20020a1709026e0100b00163d4c3ffabsm7633724plk.304.2022.06.29.11.06.53
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 29 Jun 2022 11:06:54 -0700 (PDT)
Message-ID: <83ae9d42-6089-0da5-6c58-8090b6d4cd60@gmail.com>
Date: Wed, 29 Jun 2022 11:06:53 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.10.0
Subject: Re: [edk2-devel] [PATCH v2 00/11] Enhance Secure Boot Variable Libraries
To: devel@edk2.groups.io, jiewen.yao@intel.com
Cc: "Wang, Jian J" <jian.j.wang@intel.com>, "Xu, Min M" <min.m.xu@intel.com>,
 Sean Brogan <sean.brogan@microsoft.com>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>,
 "Justen, Jordan L" <jordan.l.justen@intel.com>,
 Gerd Hoffmann <kraxel@redhat.com>, Rebecca Cran <rebecca@bsdio.com>,
 Peter Grehan <grehan@freebsd.org>,
 "Boeuf, Sebastien" <sebastien.boeuf@intel.com>, Andrew Fish
 <afish@apple.com>, "Ni, Ray" <ray.ni@intel.com>
References: <16F848B3160A57C1.5246@groups.io>
 <CABhrWrQaLp2UPiMmUXThMODVe7+Hn=0JqXqmj=_zvgNioJ8y1Q@mail.gmail.com>
 <MW4PR11MB5872B6173B1F4BBC882AAF038CBB9@MW4PR11MB5872.namprd11.prod.outlook.com>
From: "Kun Qin" <kuqin12@gmail.com>
In-Reply-To: <MW4PR11MB5872B6173B1F4BBC882AAF038CBB9@MW4PR11MB5872.namprd11.prod.outlook.com>
Content-Type: multipart/alternative;
 boundary="------------gsZw0Ah000K0WOXstofjUGgH"
Content-Language: en-US

--------------gsZw0Ah000K0WOXstofjUGgH
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Hi Jiewen,

Thanks for reading through these patches.

For #1, yes, we implemented these changes in project MU and validated 
them on both our virtual platform 
(https://github.com/microsoft/mu_tiano_platforms) and other proprietary 
hardware platforms. I will leave the acked-by or tested-by to others on 
the MU teams.

For #2, this is just an arbitrary timestamp from a previous date so that 
we can create time based payload without hard dependency on time 
protocol (which could result in potential executing sequence issue). I 
will update comment to avoid confusion in the next round of patch. But 
should you have other suggestions to improve this, please let me know.

Regards,
Kun

On 6/29/2022 1:50 AM, Yao, Jiewen wrote:
>
> Hi Kun
>
> Thank you to make the redesign.
>
> Overall the patch set looks good to me. Some questions:
>
>  1. Is that from project MU? If so, I would like to see acked-by or
>     tested-by from project MU owner. That can give me more confidence
>     to accept it. 😊
>
>  2. Is below data from some document? If so, would please add URL?
>     Also, why do we have to use this timestamp? What if a different
>     timestamp is used?
>
> +// MS Default Time-Based Payload Creation Date
>
> +// This is the date that is used when creating SecureBoot default 
> variables.
>
> +// NOTE: This is a placeholder date that doesn't correspond to 
> anything else.
>
> +//
>
> +EFI_TIME  mDefaultPayloadTimestamp = {
>
> +  15,   // Year (2015)
>
> +  8,    // Month (Aug)
>
> +  28,   // Day (28)
>
> +  0,    // Hour
>
> +  0,    // Minute
>
> +  0,    // Second
>
> +  0,    // Pad1
>
> +  0,    // Nanosecond
>
> +  0,    // Timezone (Dummy value)
>
> +  0,    // Daylight (Dummy value)
>
> +  0     // Pad2
>
> +};
>
> *From:* Kun Qin <kuqin12@gmail.com>
> *Sent:* Wednesday, June 29, 2022 5:19 AM
> *To:* edk2-devel-groups-io <devel@edk2.groups.io>; kuqin12@gmail.com
> *Cc:* Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J 
> <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; Sean Brogan 
> <sean.brogan@microsoft.com>; Ard Biesheuvel 
> <ardb+tianocore@kernel.org>; Justen, Jordan L 
> <jordan.l.justen@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; 
> Rebecca Cran <rebecca@bsdio.com>; Peter Grehan <grehan@freebsd.org>; 
> Boeuf, Sebastien <sebastien.boeuf@intel.com>; Andrew Fish 
> <afish@apple.com>; Ni, Ray <ray.ni@intel.com>
> *Subject:* Re: [edk2-devel] [PATCH v2 00/11] Enhance Secure Boot 
> Variable Libraries
>
> Hi SecurityPkg maintainers & reviewers,
>
> I posted this patch series a while back intending to generalize the 
> usage of a few interfaces from secure boot libraries. Could you please 
> help reviewing them and provide feedback? Any input is appreciated.
>
> Regards,
>
> Kun
>
> On Mon, Jun 13, 2022 at 1:39 PM Kun Qin via groups.io 
> <http://groups.io> <kuqin12=gmail.com@groups.io> wrote:
>
>     REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909
>     REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910
>     REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911
>
>     This is a revamp of a previously submitted patch series based on
>     top of
>     master branch: https://edk2.groups.io/g/devel/message/89507. No
>     changes
>     added.
>
>     Current SecureBootVariableLib provide great support for deleting
>     secure
>     boot related variables, creating time-based payloads.
>
>     However, for secure boot enrollment, the
>     SecureBootVariableProvisionLib
>     interfaces always assume the changes from variable storage,
>     limiting the
>     usage, requiring existing platforms to change key initialization
>     process
>     to adapt to the new methods, as well as bringing in extra dependencies
>     such as FV protocol, time protocols.
>
>     This patch series proposes to update the implementation for Secure
>     Boot
>     Variable libraries and their consumers to better support the related
>     variables operations.
>
>     Patch v2 branch:
>     https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v2
>
>     Cc: Jiewen Yao <jiewen.yao@intel.com>
>     Cc: Jian J Wang <jian.j.wang@intel.com>
>     Cc: Min Xu <min.m.xu@intel.com>
>     Cc: Sean Brogan <sean.brogan@microsoft.com>
>     Cc: Ard Biesheuvel <ardb+tianocore@kernel.org
>     <mailto:ardb%2Btianocore@kernel.org>>
>     Cc: Jordan Justen <jordan.l.justen@intel.com>
>     Cc: Gerd Hoffmann <kraxel@redhat.com>
>     Cc: Rebecca Cran <rebecca@bsdio.com>
>     Cc: Peter Grehan <grehan@freebsd.org>
>     Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
>     Cc: Andrew Fish <afish@apple.com>
>     Cc: Ray Ni <ray.ni@intel.com>
>
>     Kun Qin (8):
>       SecurityPkg: UefiSecureBoot: Definitions of cert and payload
>         structures
>       SecurityPkg: PlatformPKProtectionLib: Added PK protection interface
>       SecurityPkg: SecureBootVariableLib: Updated time based payload
>     creator
>       SecurityPkg: SecureBootVariableProvisionLib: Updated implementation
>       SecurityPkg: Secure Boot Drivers: Added common header files
>       SecurityPkg: SecureBootConfigDxe: Updated invocation pattern
>       OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency
>       EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency
>
>     kuqin (3):
>       SecurityPkg: SecureBootVariableLib: Updated signature list creator
>       SecurityPkg: SecureBootVariableLib: Added newly supported interfaces
>       SecurityPkg: SecureBootVariableLib: Added unit tests
>
>      SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c  
>                      |    1 +
>      SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
>      |   51 +
>      SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
>                        |  486 ++++-
>      SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
>             |   36 +
>      SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
>                       |  201 ++
>      SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
>         |   13 +
>      SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
>           | 2037 ++++++++++++++++++++
>      SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
>          |  145 +-
>      SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
>                 |  128 +-
>      SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
>        |    1 +
>      EmulatorPkg/EmulatorPkg.dsc                                    
>      |    1 +
>      OvmfPkg/Bhyve/BhyveX64.dsc                                     | 
>       1 +
>      OvmfPkg/CloudHv/CloudHvX64.dsc                                  
>       |    1 +
>      OvmfPkg/IntelTdx/IntelTdxX64.dsc                                
>         |    1 +
>      OvmfPkg/OvmfPkgIa32.dsc                                      |    1 +
>      OvmfPkg/OvmfPkgIa32X64.dsc                                     | 
>       1 +
>      OvmfPkg/OvmfPkgX64.dsc                                     |    1 +
>      SecurityPkg/Include/Library/PlatformPKProtectionLib.h            
>            |   31 +
>      SecurityPkg/Include/Library/SecureBootVariableLib.h              
>                            |  103 +-
>      SecurityPkg/Include/UefiSecureBoot.h                            
>             |   94 +
>      SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
>     |   36 +
>      SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
>                        |   14 +-
>      SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
>           |   33 +
>      SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
>                       |   45 +
>      SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
>       |   25 +
>      SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
>         |   36 +
>      SecurityPkg/SecurityPkg.ci.yaml                                  
>        |   11 +
>      SecurityPkg/SecurityPkg.dec                                    
>      |    5 +
>      SecurityPkg/SecurityPkg.dsc                                    
>      |    2 +
>      SecurityPkg/Test/SecurityPkgHostTest.dsc                        
>                 |   38 +
>      SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>                |    1 +
>      31 files changed, 3468 insertions(+), 112 deletions(-)
>      create mode 100644
>     SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
>      create mode 100644
>     SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
>      create mode 100644
>     SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
>      create mode 100644
>     SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
>      create mode 100644
>     SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
>      create mode 100644
>     SecurityPkg/Include/Library/PlatformPKProtectionLib.h
>      create mode 100644 SecurityPkg/Include/UefiSecureBoot.h
>      create mode 100644
>     SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
>      create mode 100644
>     SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
>      create mode 100644
>     SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
>      create mode 100644
>     SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
>      create mode 100644
>     SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
>      create mode 100644 SecurityPkg/Test/SecurityPkgHostTest.dsc
>
>     -- 
>     2.35.1.windows.2
>
>
>
>
>
> 

--------------gsZw0Ah000K0WOXstofjUGgH
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi Jiewen,</p>
    <p>Thanks for reading through these patches.</p>
    <p>For #1, yes, we implemented these changes in project MU and
      validated them on both our virtual platform
      (<a class="moz-txt-link-freetext" href="https://github.com/microsoft/mu_tiano_platforms">https://github.com/microsoft/mu_tiano_platforms</a>) and other
      proprietary hardware platforms. I will leave the acked-by or
      tested-by to others on the MU teams.</p>
    <p>For #2, this is just an arbitrary timestamp from a previous date
      so that we can create time based payload without hard dependency
      on time protocol (which could result in potential executing
      sequence issue). I will update comment to avoid confusion in the
      next round of patch. But should you have other suggestions to
      improve this, please let me know.</p>
    <p>Regards,<br>
      Kun<br>
    </p>
    <div class="moz-cite-prefix">On 6/29/2022 1:50 AM, Yao, Jiewen
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:MW4PR11MB5872B6173B1F4BBC882AAF038CBB9@MW4PR11MB5872.namprd11.prod.outlook.com">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style>@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
	{font-family:DengXian;
	panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
	{font-family:"\@DengXian";
	panose-1:2 1 6 0 3 1 1 1 1 1;}p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0in;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:.5in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}.MsoChpDefault
	{mso-style-type:export-only;}div.WordSection1
	{page:WordSection1;}ol
	{margin-bottom:0in;}ul
	{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal">Hi Kun<o:p></o:p></p>
        <p class="MsoNormal">Thank you to make the redesign.<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Overall the patch set looks good to me.
          Some questions:<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <ol style="margin-top:0in" type="1" start="1">
          <li class="MsoListParagraph"
            style="margin-left:0in;mso-list:l0 level1 lfo1">Is that from
            project MU? If so, I would like to see acked-by or tested-by
            from project MU owner. That can give me more confidence to
            accept it.
            <span style="font-family:&quot;Segoe UI
              Emoji&quot;,sans-serif">😊</span><o:p></o:p></li>
        </ol>
        <p class="MsoNormal"><o:p> </o:p></p>
        <ol style="margin-top:0in" type="1" start="2">
          <li class="MsoListParagraph"
            style="margin-left:0in;mso-list:l0 level1 lfo1">Is below
            data from some document? If so, would please add URL? Also,
            why do we have to use this timestamp? What if a different
            timestamp is used?
            <o:p></o:p></li>
        </ol>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">+// MS Default Time-Based Payload Creation
          Date<o:p></o:p></p>
        <p class="MsoNormal">+// This is the date that is used when
          creating SecureBoot default variables.<o:p></o:p></p>
        <p class="MsoNormal">+// NOTE: This is a placeholder date that
          doesn't correspond to anything else.<o:p></o:p></p>
        <p class="MsoNormal">+//<o:p></o:p></p>
        <p class="MsoNormal">+EFI_TIME  mDefaultPayloadTimestamp = {<o:p></o:p></p>
        <p class="MsoNormal">+  15,   // Year (2015)<o:p></o:p></p>
        <p class="MsoNormal">+  8,    // Month (Aug)<o:p></o:p></p>
        <p class="MsoNormal">+  28,   // Day (28)<o:p></o:p></p>
        <p class="MsoNormal">+  0,    // Hour<o:p></o:p></p>
        <p class="MsoNormal">+  0,    // Minute<o:p></o:p></p>
        <p class="MsoNormal">+  0,    // Second<o:p></o:p></p>
        <p class="MsoNormal">+  0,    // Pad1<o:p></o:p></p>
        <p class="MsoNormal">+  0,    // Nanosecond<o:p></o:p></p>
        <p class="MsoNormal">+  0,    // Timezone (Dummy value)<o:p></o:p></p>
        <p class="MsoNormal">+  0,    // Daylight (Dummy value)<o:p></o:p></p>
        <p class="MsoNormal">+  0     // Pad2<o:p></o:p></p>
        <p class="MsoNormal">+};<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <div style="border:none;border-left:solid blue 1.5pt;padding:0in
          0in 0in 4.0pt">
          <div>
            <div style="border:none;border-top:solid #E1E1E1
              1.0pt;padding:3.0pt 0in 0in 0in">
              <p class="MsoNormal"><b>From:</b> Kun Qin
                <a class="moz-txt-link-rfc2396E" href="mailto:kuqin12@gmail.com">&lt;kuqin12@gmail.com&gt;</a> <br>
                <b>Sent:</b> Wednesday, June 29, 2022 5:19 AM<br>
                <b>To:</b> edk2-devel-groups-io
                <a class="moz-txt-link-rfc2396E" href="mailto:devel@edk2.groups.io">&lt;devel@edk2.groups.io&gt;</a>; <a class="moz-txt-link-abbreviated" href="mailto:kuqin12@gmail.com">kuqin12@gmail.com</a><br>
                <b>Cc:</b> Yao, Jiewen <a class="moz-txt-link-rfc2396E" href="mailto:jiewen.yao@intel.com">&lt;jiewen.yao@intel.com&gt;</a>;
                Wang, Jian J <a class="moz-txt-link-rfc2396E" href="mailto:jian.j.wang@intel.com">&lt;jian.j.wang@intel.com&gt;</a>; Xu, Min M
                <a class="moz-txt-link-rfc2396E" href="mailto:min.m.xu@intel.com">&lt;min.m.xu@intel.com&gt;</a>; Sean Brogan
                <a class="moz-txt-link-rfc2396E" href="mailto:sean.brogan@microsoft.com">&lt;sean.brogan@microsoft.com&gt;</a>; Ard Biesheuvel
                <a class="moz-txt-link-rfc2396E" href="mailto:ardb+tianocore@kernel.org">&lt;ardb+tianocore@kernel.org&gt;</a>; Justen, Jordan L
                <a class="moz-txt-link-rfc2396E" href="mailto:jordan.l.justen@intel.com">&lt;jordan.l.justen@intel.com&gt;</a>; Gerd Hoffmann
                <a class="moz-txt-link-rfc2396E" href="mailto:kraxel@redhat.com">&lt;kraxel@redhat.com&gt;</a>; Rebecca Cran
                <a class="moz-txt-link-rfc2396E" href="mailto:rebecca@bsdio.com">&lt;rebecca@bsdio.com&gt;</a>; Peter Grehan
                <a class="moz-txt-link-rfc2396E" href="mailto:grehan@freebsd.org">&lt;grehan@freebsd.org&gt;</a>; Boeuf, Sebastien
                <a class="moz-txt-link-rfc2396E" href="mailto:sebastien.boeuf@intel.com">&lt;sebastien.boeuf@intel.com&gt;</a>; Andrew Fish
                <a class="moz-txt-link-rfc2396E" href="mailto:afish@apple.com">&lt;afish@apple.com&gt;</a>; Ni, Ray
                <a class="moz-txt-link-rfc2396E" href="mailto:ray.ni@intel.com">&lt;ray.ni@intel.com&gt;</a><br>
                <b>Subject:</b> Re: [edk2-devel] [PATCH v2 00/11]
                Enhance Secure Boot Variable Libraries<o:p></o:p></p>
            </div>
          </div>
          <p class="MsoNormal"><o:p> </o:p></p>
          <div>
            <div>
              <p class="MsoNormal">Hi SecurityPkg maintainers &amp;
                reviewers,<o:p></o:p></p>
              <div>
                <p class="MsoNormal"><o:p> </o:p></p>
              </div>
              <div>
                <p class="MsoNormal">I posted this patch series a while
                  back intending to generalize the usage of a few
                  interfaces from secure boot libraries. Could you
                  please help reviewing them and provide feedback? Any
                  input is appreciated.<o:p></o:p></p>
              </div>
              <div>
                <p class="MsoNormal"><o:p> </o:p></p>
              </div>
              <div>
                <p class="MsoNormal">Regards,<o:p></o:p></p>
              </div>
              <div>
                <p class="MsoNormal">Kun<o:p></o:p></p>
              </div>
            </div>
            <p class="MsoNormal"><o:p> </o:p></p>
            <div>
              <div>
                <p class="MsoNormal">On Mon, Jun 13, 2022 at 1:39 PM Kun
                  Qin via <a href="http://groups.io"
                    moz-do-not-send="true">
                    groups.io</a> &lt;kuqin12=<a
                    href="mailto:gmail.com@groups.io"
                    moz-do-not-send="true" class="moz-txt-link-freetext">gmail.com@groups.io</a>&gt;
                  wrote:<o:p></o:p></p>
              </div>
              <blockquote style="border:none;border-left:solid #CCCCCC
                1.0pt;padding:0in 0in 0in
                6.0pt;margin-left:4.8pt;margin-right:0in">
                <p class="MsoNormal" style="margin-bottom:12.0pt">REF: <a
href="https://bugzilla.tianocore.org/show_bug.cgi?id=3909"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">
                    https://bugzilla.tianocore.org/show_bug.cgi?id=3909</a><br>
                  REF: <a
                    href="https://bugzilla.tianocore.org/show_bug.cgi?id=3910"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">
                    https://bugzilla.tianocore.org/show_bug.cgi?id=3910</a><br>
                  REF: <a
                    href="https://bugzilla.tianocore.org/show_bug.cgi?id=3911"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">
                    https://bugzilla.tianocore.org/show_bug.cgi?id=3911</a><br>
                  <br>
                  This is a revamp of a previously submitted patch
                  series based on top of<br>
                  master branch: <a
                    href="https://edk2.groups.io/g/devel/message/89507"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">
                    https://edk2.groups.io/g/devel/message/89507</a>. No
                  changes<br>
                  added.<br>
                  <br>
                  Current SecureBootVariableLib provide great support
                  for deleting secure<br>
                  boot related variables, creating time-based payloads.<br>
                  <br>
                  However, for secure boot enrollment, the
                  SecureBootVariableProvisionLib<br>
                  interfaces always assume the changes from variable
                  storage, limiting the<br>
                  usage, requiring existing platforms to change key
                  initialization process<br>
                  to adapt to the new methods, as well as bringing in
                  extra dependencies<br>
                  such as FV protocol, time protocols.<br>
                  <br>
                  This patch series proposes to update the
                  implementation for Secure Boot<br>
                  Variable libraries and their consumers to better
                  support the related<br>
                  variables operations.<br>
                  <br>
                  Patch v2 branch: <a
                    href="https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v2"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">
https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v2</a><br>
                  <br>
                  Cc: Jiewen Yao &lt;<a
                    href="mailto:jiewen.yao@intel.com" target="_blank"
                    moz-do-not-send="true" class="moz-txt-link-freetext">jiewen.yao@intel.com</a>&gt;<br>
                  Cc: Jian J Wang &lt;<a
                    href="mailto:jian.j.wang@intel.com" target="_blank"
                    moz-do-not-send="true" class="moz-txt-link-freetext">jian.j.wang@intel.com</a>&gt;<br>
                  Cc: Min Xu &lt;<a href="mailto:min.m.xu@intel.com"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">min.m.xu@intel.com</a>&gt;<br>
                  Cc: Sean Brogan &lt;<a
                    href="mailto:sean.brogan@microsoft.com"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">sean.brogan@microsoft.com</a>&gt;<br>
                  Cc: Ard Biesheuvel &lt;<a
                    href="mailto:ardb%2Btianocore@kernel.org"
                    target="_blank" moz-do-not-send="true">ardb+tianocore@kernel.org</a>&gt;<br>
                  Cc: Jordan Justen &lt;<a
                    href="mailto:jordan.l.justen@intel.com"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">jordan.l.justen@intel.com</a>&gt;<br>
                  Cc: Gerd Hoffmann &lt;<a
                    href="mailto:kraxel@redhat.com" target="_blank"
                    moz-do-not-send="true" class="moz-txt-link-freetext">kraxel@redhat.com</a>&gt;<br>
                  Cc: Rebecca Cran &lt;<a
                    href="mailto:rebecca@bsdio.com" target="_blank"
                    moz-do-not-send="true" class="moz-txt-link-freetext">rebecca@bsdio.com</a>&gt;<br>
                  Cc: Peter Grehan &lt;<a
                    href="mailto:grehan@freebsd.org" target="_blank"
                    moz-do-not-send="true" class="moz-txt-link-freetext">grehan@freebsd.org</a>&gt;<br>
                  Cc: Sebastien Boeuf &lt;<a
                    href="mailto:sebastien.boeuf@intel.com"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">sebastien.boeuf@intel.com</a>&gt;<br>
                  Cc: Andrew Fish &lt;<a href="mailto:afish@apple.com"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">afish@apple.com</a>&gt;<br>
                  Cc: Ray Ni &lt;<a href="mailto:ray.ni@intel.com"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">ray.ni@intel.com</a>&gt;<br>
                  <br>
                  Kun Qin (8):<br>
                    SecurityPkg: UefiSecureBoot: Definitions of cert and
                  payload<br>
                      structures<br>
                    SecurityPkg: PlatformPKProtectionLib: Added PK
                  protection interface<br>
                    SecurityPkg: SecureBootVariableLib: Updated time
                  based payload creator<br>
                    SecurityPkg: SecureBootVariableProvisionLib: Updated
                  implementation<br>
                    SecurityPkg: Secure Boot Drivers: Added common
                  header files<br>
                    SecurityPkg: SecureBootConfigDxe: Updated invocation
                  pattern<br>
                    OvmfPkg: Pipeline: Resolve SecureBootVariableLib
                  dependency<br>
                    EmulatorPkg: Pipeline: Resolve SecureBootVariableLib
                  dependency<br>
                  <br>
                  kuqin (3):<br>
                    SecurityPkg: SecureBootVariableLib: Updated
                  signature list creator<br>
                    SecurityPkg: SecureBootVariableLib: Added newly
                  supported interfaces<br>
                    SecurityPkg: SecureBootVariableLib: Added unit tests<br>
                  <br>
 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c       
                                     |    1 +<br>
 SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c 
                   |   51 +<br>
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c     
                                     |  486 ++++-<br>
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c 
                          |   36 +<br>
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c       
                                    |  201 ++<br>
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c 
                      |   13 +<br>
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c 
                        | 2037 ++++++++++++++++++++<br>
 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c 
                       |  145 +-<br>
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c 
                              |  128 +-<br>
 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c 
                     |    1 +<br>
                   EmulatorPkg/EmulatorPkg.dsc                         
                                                       |    1 +<br>
                   OvmfPkg/Bhyve/BhyveX64.dsc                           
                                                      |    1 +<br>
                   OvmfPkg/CloudHv/CloudHvX64.dsc                       
                                                      |    1 +<br>
                   OvmfPkg/IntelTdx/IntelTdxX64.dsc                     
                                                      |    1 +<br>
                   OvmfPkg/OvmfPkgIa32.dsc                             
                                                       |    1 +<br>
                   OvmfPkg/OvmfPkgIa32X64.dsc                           
                                                      |    1 +<br>
                   OvmfPkg/OvmfPkgX64.dsc                               
                                                      |    1 +<br>
 SecurityPkg/Include/Library/PlatformPKProtectionLib.h                 
                                     |   31 +<br>
                   SecurityPkg/Include/Library/SecureBootVariableLib.h 
                                                       |  103 +-<br>
                   SecurityPkg/Include/UefiSecureBoot.h                 
                                                      |   94 +<br>
 SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
                  |   36 +<br>
 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf   
                                     |   14 +-<br>
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf 
                        |   33 +<br>
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf     
                                    |   45 +<br>
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf 
                    |   25 +<br>
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf 
                      |   36 +<br>
                   SecurityPkg/SecurityPkg.ci.yaml                     
                                                       |   11 +<br>
                   SecurityPkg/SecurityPkg.dec                         
                                                       |    5 +<br>
                   SecurityPkg/SecurityPkg.dsc                         
                                                       |    2 +<br>
                   SecurityPkg/Test/SecurityPkgHostTest.dsc             
                                                      |   38 +<br>
 SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf 
                             |    1 +<br>
                   31 files changed, 3468 insertions(+), 112
                  deletions(-)<br>
                   create mode 100644
SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c<br>
                   create mode 100644
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c<br>
                   create mode 100644
                  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c<br>
                   create mode 100644
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c<br>
                   create mode 100644
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c<br>
                   create mode 100644
                  SecurityPkg/Include/Library/PlatformPKProtectionLib.h<br>
                   create mode 100644
                  SecurityPkg/Include/UefiSecureBoot.h<br>
                   create mode 100644
SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf<br>
                   create mode 100644
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf<br>
                   create mode 100644
                  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf<br>
                   create mode 100644
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf<br>
                   create mode 100644
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf<br>
                   create mode 100644
                  SecurityPkg/Test/SecurityPkgHostTest.dsc<br>
                  <br>
                  -- <br>
                  2.35.1.windows.2<br>
                  <br>
                  <br>
                  <br>
                  <br>
                  <br>
                  <o:p></o:p></p>
              </blockquote>
            </div>
          </div>
        </div>
      </div>
      
    </blockquote>
  </body>
</html>

--------------gsZw0Ah000K0WOXstofjUGgH--