public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [edk2-devel] [edk2-platforms][PATCH 1/1] Ampere/JadePkg: Add secure boot default keys initialization
@ 2024-06-05  0:57 Nhi Pham via groups.io
  2024-06-05  4:10 ` Rebecca Cran via groups.io
  0 siblings, 1 reply; 4+ messages in thread
From: Nhi Pham via groups.io @ 2024-06-05  0:57 UTC (permalink / raw)
  To: devel; +Cc: quic_llindhol, chuong, rebecca, nhi

This allows to initialize secure boot with the default factory keys
embedded in firmware flash image.

For example, to incorporate PK, KEK, and DB default keys, specify the
corresponding key files in the Jade.dsc as follows:

DEFINE DEFAULT_KEYS        = TRUE
DEFINE PK_DEFAULT_FILE     = path/to/PK.crt
DEFINE KEK_DEFAULT_FILE1   = path/to/KEK.crt
DEFINE DB_DEFAULT_FILE1    = path/to/DB1.crt
DEFINE DB_DEFAULT_FILE2    = path/to/DB2.crt

Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
---
 Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 2 ++
 Platform/Ampere/JadePkg/Jade.fdf                     | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc
index 23579497661d..93b4d1d99dcd 100644
--- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc
+++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc
@@ -590,6 +590,8 @@ [Components.common]
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
+  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 !endif
   MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
   MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
diff --git a/Platform/Ampere/JadePkg/Jade.fdf b/Platform/Ampere/JadePkg/Jade.fdf
index 7795f0e11115..1e2df5ba6142 100644
--- a/Platform/Ampere/JadePkg/Jade.fdf
+++ b/Platform/Ampere/JadePkg/Jade.fdf
@@ -219,7 +219,9 @@ [FV.FvMain]
   INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
   INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
 !if $(SECURE_BOOT_ENABLE) == TRUE
+!include ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
   INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+  INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 !endif
   INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
   INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119455): https://edk2.groups.io/g/devel/message/119455
Mute This Topic: https://groups.io/mt/106495161/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [edk2-devel] [edk2-platforms][PATCH 1/1] Ampere/JadePkg: Add secure boot default keys initialization
  2024-06-05  0:57 [edk2-devel] [edk2-platforms][PATCH 1/1] Ampere/JadePkg: Add secure boot default keys initialization Nhi Pham via groups.io
@ 2024-06-05  4:10 ` Rebecca Cran via groups.io
  2024-06-05  4:31   ` Nhi Pham via groups.io
  2024-07-31  9:41   ` Nhi Pham via groups.io
  0 siblings, 2 replies; 4+ messages in thread
From: Rebecca Cran via groups.io @ 2024-06-05  4:10 UTC (permalink / raw)
  To: Nhi Pham, devel; +Cc: quic_llindhol, chuong

Reviewed-by: Rebecca Cran <rebecca@os.amperecomputing.com>

-- 
Rebecca Cran

On 6/4/2024 6:57 PM, Nhi Pham wrote:
> This allows to initialize secure boot with the default factory keys
> embedded in firmware flash image.
>
> For example, to incorporate PK, KEK, and DB default keys, specify the
> corresponding key files in the Jade.dsc as follows:
>
> DEFINE DEFAULT_KEYS        = TRUE
> DEFINE PK_DEFAULT_FILE     = path/to/PK.crt
> DEFINE KEK_DEFAULT_FILE1   = path/to/KEK.crt
> DEFINE DB_DEFAULT_FILE1    = path/to/DB1.crt
> DEFINE DB_DEFAULT_FILE2    = path/to/DB2.crt
>
> Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
> ---
>   Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 2 ++
>   Platform/Ampere/JadePkg/Jade.fdf                     | 2 ++
>   2 files changed, 4 insertions(+)
>
> diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc
> index 23579497661d..93b4d1d99dcd 100644
> --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc
> +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc
> @@ -590,6 +590,8 @@ [Components.common]
>   
>   !if $(SECURE_BOOT_ENABLE) == TRUE
>     SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> +  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
> +  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
>   !endif
>     MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
>     MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> diff --git a/Platform/Ampere/JadePkg/Jade.fdf b/Platform/Ampere/JadePkg/Jade.fdf
> index 7795f0e11115..1e2df5ba6142 100644
> --- a/Platform/Ampere/JadePkg/Jade.fdf
> +++ b/Platform/Ampere/JadePkg/Jade.fdf
> @@ -219,7 +219,9 @@ [FV.FvMain]
>     INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
>     INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
>   !if $(SECURE_BOOT_ENABLE) == TRUE
> +!include ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
>     INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> +  INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
>   !endif
>     INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
>     INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119465): https://edk2.groups.io/g/devel/message/119465
Mute This Topic: https://groups.io/mt/106495161/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [edk2-devel] [edk2-platforms][PATCH 1/1] Ampere/JadePkg: Add secure boot default keys initialization
  2024-06-05  4:10 ` Rebecca Cran via groups.io
@ 2024-06-05  4:31   ` Nhi Pham via groups.io
  2024-07-31  9:41   ` Nhi Pham via groups.io
  1 sibling, 0 replies; 4+ messages in thread
From: Nhi Pham via groups.io @ 2024-06-05  4:31 UTC (permalink / raw)
  To: Rebecca Cran, devel; +Cc: quic_llindhol, chuong

Could you help push my patch to Tianocore/edk2-platforms once approved, 
while I don't have write permission?

Thanks,
Nhi

On 6/5/2024 11:10 AM, Rebecca Cran wrote:
> Reviewed-by: Rebecca Cran <rebecca@os.amperecomputing.com>
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119467): https://edk2.groups.io/g/devel/message/119467
Mute This Topic: https://groups.io/mt/106495161/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [edk2-devel] [edk2-platforms][PATCH 1/1] Ampere/JadePkg: Add secure boot default keys initialization
  2024-06-05  4:10 ` Rebecca Cran via groups.io
  2024-06-05  4:31   ` Nhi Pham via groups.io
@ 2024-07-31  9:41   ` Nhi Pham via groups.io
  1 sibling, 0 replies; 4+ messages in thread
From: Nhi Pham via groups.io @ 2024-07-31  9:41 UTC (permalink / raw)
  To: Rebecca Cran, devel; +Cc: quic_llindhol, chuong

Pushed as 6c78047349e2..443eb9601190

-Nhi

On 6/5/2024 11:10 AM, Rebecca Cran wrote:
> Reviewed-by: Rebecca Cran <rebecca@os.amperecomputing.com>
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120137): https://edk2.groups.io/g/devel/message/120137
Mute This Topic: https://groups.io/mt/106495161/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-07-31  9:41 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-05  0:57 [edk2-devel] [edk2-platforms][PATCH 1/1] Ampere/JadePkg: Add secure boot default keys initialization Nhi Pham via groups.io
2024-06-05  4:10 ` Rebecca Cran via groups.io
2024-06-05  4:31   ` Nhi Pham via groups.io
2024-07-31  9:41   ` Nhi Pham via groups.io

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox