From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qk1-f176.google.com (mail-qk1-f176.google.com [209.85.222.176]) by mx.groups.io with SMTP id smtpd.web11.164.1623934456793089379 for ; Thu, 17 Jun 2021 05:54:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=g4JuWvlN; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.222.176, mailfrom: gjb@semihalf.com) Received: by mail-qk1-f176.google.com with SMTP id g142so2966061qke.4 for ; Thu, 17 Jun 2021 05:54:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Jy4NlpjW5UBAMo63fcmo5rI2tetbk2O1c5NOdFvoATI=; b=g4JuWvlNUgYD5mHvt7WrXyscUElwJf7ElL1H6y/uCcUr+pF7vAjvuDYmraThVyiEpt pR4e1qXyN5Tg0gQrJk7bgoiVbY9gloAMNXmvtWSZezxGfJOjIsfpnlLnksbA7DRFm4GH 7WfWro+8qsL17zsTggAtRQgpkY+BkFbiCaSMryUln7rQdxwpXcbZy9awApJ5JbFeaZTw /9sX0Qv2XDs873pzwanig4PKYN2oHFJIttctQFsOal8t0kjM+FfqJGKmWCh/PL8QFSrs Sl39bASiX4DpSVSjfug86rPndfP5eYFHAHYRnue8GuKUSqVL8wjNBOHUOux4/0392O47 YoQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Jy4NlpjW5UBAMo63fcmo5rI2tetbk2O1c5NOdFvoATI=; b=nSYXKTiM6v4tDgF5Yru4Si/c9Mxj4oUBvHWJzY0c8HiKTABjkawZ6dDDWC78qp5a6T vw5R80vcB2FzlZKQSoenIFlG3kTfrtcpJsiW7COGUoVTpeqUhmThDPwky8j20VM5HCUr d2X1KAuhRpahyd+0DpSH+vm4j8k5gJyD2/YZuSq0gGKSXxYQ5NVMl4m+6Kt2A02RjSAz XEj/dJy/+hPfOyxhv3o8irY1CDFvpuiU6b/GihFyOlPnxjPwp9fX3mruNNbL4B3pggNn tMPo0pv1rixdLNp4w6fLe/LmHt8HhQvW0ZzH+HALpisiANk2bk8z6DFqNRzut59lUq2n KAbA== X-Gm-Message-State: AOAM531OquKwmHwH1Yl5syhtIykB2PMLLzLPM2V4fNzUYCOMqPoRHcCq XfzQdeThS/NUn/Geq1xP91oVH0L2KLesUnV9wfZQxg== X-Google-Smtp-Source: ABdhPJzqkV90FMqsMdf0cas8R7TNaEk8YasdiavX2OdgkANmbiRLF22RSs1vADRDirNLi/FK8u+3nQDmD8V0HVHu4oE= X-Received: by 2002:a37:4392:: with SMTP id q140mr3680387qka.49.1623934455902; Thu, 17 Jun 2021 05:54:15 -0700 (PDT) MIME-Version: 1.0 References: <20210601131229.630611-1-gjb@semihalf.com> In-Reply-To: From: "Grzegorz Bernacki" Date: Thu, 17 Jun 2021 14:54:05 +0200 Message-ID: Subject: Re: [edk2-devel] [PATCH v2 0/6] Secure Boot default keys To: "Xu, Min M" Cc: "devel@edk2.groups.io" , "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , "Samer.El-Haj-Mahmoud@arm.com" , "sunny.Wang@arm.com" , "mw@semihalf.com" , "upstream@semihalf.com" , "Yao, Jiewen" , "Wang, Jian J" , "lersek@redhat.com" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Min M, Sure, I will send the test result after I make changes for the v4 version. Can you please point me to a few mails with the test result table so I can copy the format? thanks, greg czw., 17 cze 2021 o 03:30 Xu, Min M napisa=C5=82(a): > > On 06/14/2021 5:48 PM, Grzegorz Bernacki Wrote: > > Hi Min M, > > > > Please find log from tests of OvmfX64 built with VS2019 at: > > https://drive.google.com/file/d/18w7s6GxIz3aeId22xABMib7I3JX7G9X1/view= ?u > > sp=3Dsharing > > > Usually we summarize the test in a table which is posted in the mail thr= ead, so that > the test result is clear and easy to read. Also in this way the test res= ult can be recorded in > the review thread. I am afraid the test log in the google drive cannot b= e accessed > one day. > > > thanks, > > greg > > > > pon., 7 cze 2021 o 09:29 Grzegorz Bernacki napisa= =C5=82(a): > > > > > > Hi Min M, > > > > > > I tested it with Ovmf. I will try other compiler and provide you log= s soon. > > > > > > thanks, > > > greg > > > > > > pt., 4 cze 2021 o 10:17 Xu, Min M napisa=C5=82(= a): > > > > > > > > Grzegorz > > > > Have you built this feature with different tool chains, such as > > VS2017/VS2019/GCC5? And test it in IA32/X64/AARCH64? > > > > Would you post your test result in the mail? > > > > Thanks much! > > > > > > > > > -----Original Message----- > > > > > From: Grzegorz Bernacki > > > > > Sent: Tuesday, June 1, 2021 9:12 PM > > > > > To: devel@edk2.groups.io > > > > > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj- > > > > > Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com; > > > > > upstream@semihalf.com; Yao, Jiewen ; Wang, > > > > > Jian J ; Xu, Min M ; > > > > > lersek@redhat.com; Grzegorz Bernacki > > > > > Subject: [PATCH v2 0/6] Secure Boot default keys > > > > > > > > > > This patchset adds support for initialization of default Secure > > > > > Boot variables based on keys content embedded in flash binary. > > > > > This feature is active only if Secure Boot is enabled and > > > > > DEFAULT_KEY is defined. The patchset consist also application to > > > > > enroll keys from default variables and secure boot menu change t= o allow > > user to reset key content to default values. > > > > > Discussion on design can be found at: > > > > > https://edk2.groups.io/g/rfc/topic/82139806#600 > > > > > > > > > > I also added patch for RPi4 which enables this feature for that = platform. > > > > > > > > > > Changes since v1: > > > > > - change names: > > > > > SecBootVariableLib =3D> SecureBootVariableLib > > > > > SecBootDefaultKeysDxe =3D> SecureBootDefaultKeysDxe > > > > > SecEnrollDefaultKeysApp =3D> EnrollFromDefaultKeysApp > > > > > - change name of function CheckSetupMode to GetSetupMode > > > > > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > > > > > - rebase to master > > > > > > > > > > Grzegorz Bernacki (6): > > > > > [edk2] > > > > > SecurityPkg: Create library for setting Secure Boot variables. > > > > > SecurityPkg: Create include file for default key content. > > > > > SecurityPkg: Add SecureBootDefaultKeysDxe driver > > > > > SecurityPkg: Add EnrollFromDefaultKeys application. > > > > > SecurityPkg: Add new modules to Security package. > > > > > SecurityPkg: Add option to reset secure boot keys. > > > > > [edk2-platform] > > > > > Platform/RaspberryPi: Enable default Secure Boot variables > > > > > initialization > > > > > > > > > > SecurityPkg/SecurityPkg.dec = | 14 + > > > > > SecurityPkg/SecurityPkg.dsc = | 5 + > > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.i= nf > > > > > | 47 + > > > > > > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.= in > > > > > f > > > > > | 79 ++ > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > > > > Dxe.inf | 2 + > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/Secur= eB > > > > > ootD > > > > > efaultKeysDxe.inf | 46 + > > > > > SecurityPkg/Include/Library/SecureBootVariableLib.h = | > > > > > 252 +++++ > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > > > > NvData.h | 2 + > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= . > > > > > vfr | 6 + > > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > > > | 107 +++ > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib= .c > > > > > | 979 ++++++++++++++++++++ > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= I > > > > > mpl.c | 343 ++++--- > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > > > > efaultKeysDxe.c | 69 ++ > > > > > > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.= un > > > > > i > > > > > | 16 + > > > > > SecurityPkg/SecureBootDefaultKeys.fdf.inc = | 62 > > ++ > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= S > > > > > trings.uni | 4 + > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/Secur= eB > > > > > ootD > > > > > efaultKeysDxe.uni | 17 + > > > > > 17 files changed, 1862 insertions(+), 188 deletions(-) create > > > > > mode 100644 > > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.in= f > > > > > create mode 100644 > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.= in > > > > > f > > > > > create mode 100644 > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/Secur= eB > > > > > ootD > > > > > efaultKeysDxe.inf > > > > > create mode 100644 > > > > > SecurityPkg/Include/Library/SecureBootVariableLib.h > > > > > create mode 100644 > > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > > > create mode 100644 > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.= c > > > > > create mode 100644 > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/Secur= eB > > > > > ootD > > > > > efaultKeysDxe.c > > > > > create mode 100644 > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.= un > > > > > i create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc > > > > > create mode 100644 > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/Secur= eB > > > > > ootD > > > > > efaultKeysDxe.uni > > > > > > > > > > -- > > > > > 2.25.1 > > > > > > > > > >=20 > > >