From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qv1-f52.google.com (mail-qv1-f52.google.com [209.85.219.52]) by mx.groups.io with SMTP id smtpd.web09.6133.1632904594782199790 for ; Wed, 29 Sep 2021 01:36:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20210112.gappssmtp.com header.s=20210112 header.b=v5kMuA6N; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.219.52, mailfrom: gjb@semihalf.com) Received: by mail-qv1-f52.google.com with SMTP id x9so993044qvn.12 for ; Wed, 29 Sep 2021 01:36:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=2Jb3pXyANBK85XOcBABR5xJTjPPerSjRJ5p6sC7Njfc=; b=v5kMuA6Nl4CNsy00i8uIHkD1d4zxRSk6Tas4IusTH2O4eWa4v8/YJGzox1OXsPUGf6 KX+enhcyUi2hL+PiX21huW79SeZw7LeecNzI9WoTVYtuMO8rpUlBFqEoPb1bynmKQilb B2SSTKLtxl+dWfQVeYEBcvLEt4WdWdakT6RlpNT5LE4ZFVuwLiVd7qrP7E3YqtSa17f3 WFvY8355lgpDUUJXNotXLzuQJtXh/yQMikbLTQ9jgrNxo5c2QPFCxzLRrC6LLKbZXu5G Patbw/6Lq768s/DwUIjJtWp02tKl2FVM+37ygK1K0+EJxOup3h3Ua1mVFopbgYmSv3Sz Hl0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=2Jb3pXyANBK85XOcBABR5xJTjPPerSjRJ5p6sC7Njfc=; b=w7Llmx7Mu34i0jctLKgXymYnJqCkoBLkcoatB8N9eKSckOwC3zjGZYiUZuaEDaZYQB F9vN6r9qv1wXMXsMG8NAtryDEsLoPA8Q6kHdErLscXmm/XKrm8txVHpnQcGPO1PFkE18 jE6ul8JqnINQZXtJg4dSnI/C9ogC2ARzBpeX7SgRdhJiuuQ3R0hxLOiPkO+fifTOKyVY 4q2zDAu4/lopoRPIDUf4L7nQR2HU1ErWgS5HTO+VcDS0sGMcTziABEHoO8ehINJ/P1eA GHV9DCQjzxzyrSyThr2sgxrNWC1omLzcAJLo/Z8smOqGEzxbsfD0oBg4eCAm/U/R8uBt QfDw== X-Gm-Message-State: AOAM531du0YqYPTwa6eipZeI17HVlzeZ9BkzeMxhpdaY8EoGGvC75Hwd 53b5k+xVZJq/jAwRXFkeji1Ap/mMqCcO/ISmpa7Q2qoniKPgow== X-Google-Smtp-Source: ABdhPJzIeOTuMA0xNFjbxeQOrS0hjiyV8t5ebbDaV4tZvl+bSeeAEYgoaN6f4q+o4aA+amv4vnGsBJRVecBW8ArjVeo= X-Received: by 2002:a0c:f294:: with SMTP id k20mr9975996qvl.61.1632904593751; Wed, 29 Sep 2021 01:36:33 -0700 (PDT) MIME-Version: 1.0 References: <20210927074627.3569-1-nhi@os.amperecomputing.com> In-Reply-To: <20210927074627.3569-1-nhi@os.amperecomputing.com> From: "Grzegorz Bernacki" Date: Wed, 29 Sep 2021 10:36:23 +0200 Message-ID: Subject: Re: [edk2-devel] [PATCH 1/1] SecurityPkg: Fix SecureBootDefaultKeysDxe failed to start To: edk2-devel-groups-io , nhi@os.amperecomputing.com Cc: patches@amperecomputing.com, Jiewen Yao , Jian J Wang Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, Looks good to me... Reviewed-by: Grzegorz Bernacki pon., 27 wrz 2021 o 09:48 Nhi Pham via groups.io napisa=C5=82(a): > > The dbt and dbx keys are optional, the driver entry should return > EFI_SUCCESS to start if they are not found in the firmware flash. This > patch is to fix it and update the description of retval as well. > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Grzegorz Bernacki > Signed-off-by: Nhi Pham > --- > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDef= aultKeysDxe.c | 21 +++++++++++++------- > 1 file changed, 14 insertions(+), 7 deletions(-) > > diff --git a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/S= ecureBootDefaultKeysDxe.c b/SecurityPkg/VariableAuthenticated/SecureBootDef= aultKeysDxe/SecureBootDefaultKeysDxe.c > index f51d5243b7e8..10bdb1b58e6f 100644 > --- a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBo= otDefaultKeysDxe.c > +++ b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBo= otDefaultKeysDxe.c > @@ -3,6 +3,7 @@ > > Copyright (c) 2021, ARM Ltd. All rights reserved.
> Copyright (c) 2021, Semihalf All rights reserved.
> +Copyright (c) 2021, Ampere Computing LLC. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -23,10 +24,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > @param[in] ImageHandle The image handle of the driver. > @param[in] SystemTable The system table. > > - @retval EFI_ALREADY_STARTED The driver already exists in system. > - @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack= of resources. > - @retval EFI_SUCCESS All the related protocols are installed= on the driver. > - @retval Others Fail to get the SecureBootEnable variab= le. > + @retval EFI_SUCCESS The secure default keys are initialized= successfully. > + @retval EFI_UNSUPPORTED One of the secure default keys already = exists. > + @retval EFI_NOT_FOUND One of the PK, KEK, or DB default keys = is not found. > + @retval Others Fail to initialize the secure default k= eys. > > **/ > EFI_STATUS > @@ -56,14 +57,20 @@ SecureBootDefaultKeysEntryPoint ( > } > > Status =3D SecureBootInitDbtDefault (); > - if (EFI_ERROR (Status)) { > + if (Status =3D=3D EFI_NOT_FOUND) { > DEBUG ((DEBUG_INFO, "%a: dbtDefault not initialized\n", __FUNCTION__= )); > + } else if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbtDefault: %r\n", __FUN= CTION__, Status)); > + return Status; > } > > Status =3D SecureBootInitDbxDefault (); > - if (EFI_ERROR (Status)) { > + if (Status =3D=3D EFI_NOT_FOUND) { > DEBUG ((DEBUG_INFO, "%a: dbxDefault not initialized\n", __FUNCTION__= )); > + } else if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbxDefault: %r\n", __FUN= CTION__, Status)); > + return Status; > } > > - return Status; > + return EFI_SUCCESS; > } > -- > 2.17.1 > > > >=20 > >