From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qk1-f179.google.com (mail-qk1-f179.google.com [209.85.222.179]) by mx.groups.io with SMTP id smtpd.web10.16949.1627889273110500710 for ; Mon, 02 Aug 2021 00:27:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=O4wI+eFi; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.222.179, mailfrom: gjb@semihalf.com) Received: by mail-qk1-f179.google.com with SMTP id z24so15761015qkz.7 for ; Mon, 02 Aug 2021 00:27:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Zi4HrotqrtjDxqj21+KBNO3VKQwFJIMhYQlftaC9mBw=; b=O4wI+eFiFkPFKCCCS8JuhOqmuOnrFIY6rNi5JqKtvq3g4RiRnVrIo93wZGixk2mXrV q7JWRTlikKyIa71zQcdqRDt+NIjoh2EraCsE2CfsMKv5GMyNAk1x4ZLeNUSFonFgcOys MFSdt2S55mQvBvZrCKMprzsg7qAyRK0H16pV3nBF337aosN35pbIm3wwcGQfOOQm78E1 FgosAMxgUDXzKw/0py4P8PnpgTAb34aeeiF7tQ7GpMnD0iB3TOQxAwaVBoF2JVggtI1c fp830NlvDKhrfW0JOAjY9kPKpmuMnQ477FLHATKQ04x9v+TRjo2KgGldT+06A1m2u8Zq 3Zyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Zi4HrotqrtjDxqj21+KBNO3VKQwFJIMhYQlftaC9mBw=; b=GNDRyOmvEKj2C/NZtA4M7X2p3WMOb46lRgNqZh7r0/UQlDexRIiAAN9q4Y4WTeCMAz HawNHuEoi0cQd2Ouw/0nos2CN4ENjdg+tw982scZQ+oq12nhFqB7d7pQLBDwvcKqUg9w SxADs98stmk5J4X0i9a41FqLa7vXqohL7bk2TgejJLIVNbmtuonl7RyFCQPEpTqOl2Hd wptKio2BqLeZYehrOvjgPVSe9uFFiV9iqonlSeHxVx0QAYBiQCqvOW7fin7FHH0J/ZU5 U/kC/cIEHcH4bTp4VKVZ4m1hqe8rruQ213GsE6xRURYRkxlsvDc0DB1faSz9V/PkzMAk uZtw== X-Gm-Message-State: AOAM532KGcTMaitSExWtj5MU7dcrq6HNMA4Ty+oeDgyf4b9lQAHTk4un v4076SQjI7Q532OZIeZVepAkLvrQzT9zzkyRTlwTMy7onEAWQA== X-Google-Smtp-Source: ABdhPJzvetnbiR7zP4YFEoe3q681+yHMbZSLVLBu14QjuEgTcUpRpGKJA8QYZp//d5SegNl5cKbHHU8JxjDJ+tE6Sz4= X-Received: by 2002:a37:9586:: with SMTP id x128mr14499175qkd.49.1627889271995; Mon, 02 Aug 2021 00:27:51 -0700 (PDT) MIME-Version: 1.0 References: <20210730102326.2814466-1-gjb@semihalf.com> <024901d7875c$70220e20$50662a60$@byosoft.com.cn> In-Reply-To: <024901d7875c$70220e20$50662a60$@byosoft.com.cn> From: "Grzegorz Bernacki" Date: Mon, 2 Aug 2021 09:27:41 +0200 Message-ID: Subject: =?UTF-8?B?UmU6IFtlZGsyLWRldmVsXSDlm57lpI06IFtQQVRDSCB2NyAwMC8xMV0gU2VjdXJlIEJvb3QgZGVmYXVsdCBrZXlz?= To: edk2-devel-groups-io , "Liming Gao (Byosoft address)" Cc: Ard Biesheuvel , Leif Lindholm , Ard Biesheuvel , Samer El-Haj-Mahmoud , Sunny Wang , Marcin Wojtas , upstream@semihalf.com, Jiewen Yao , Jian J Wang , Min Xu , Laszlo Ersek , Sami Mujawar , Andrew Fish , Ray Ni , Jordan Justen , Rebecca Cran , Peter Grehan , Thomas Abraham , Chasel Chiu , Nate DeSimone , Eric Dong , Michael Kinney , "Sun, Zailiang" , "Qian, Yi" , Graeme Gregory , Radoslaw Biernacki , Peter Batard Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, I took the template for function header from: https://edk2-docs.gitbook.io/edk-ii-c-coding-standards-specification/5_sou= rce_files/57_c_programming (5.7.1.10) It is incorrect? Where I can found the correct one? I run CI test locally and it did not show that kind of errors. Anyway, I will send a new version soon. thanks, greg pon., 2 sie 2021 o 07:09 gaoliming napisa=C5=82= (a): > > I see most failures are coding style. The function header comment style = is /** .. **/. > > --*/ should be replaced by **/ > > Thanks > Liming > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > > =E5=8F=91=E4=BB=B6=E4=BA=BA: Ard Biesheuvel > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2021=E5=B9=B48=E6=9C=882=E6=97= =A5 2:04 > > =E6=94=B6=E4=BB=B6=E4=BA=BA: Grzegorz Bernacki > > =E6=8A=84=E9=80=81: edk2-devel-groups-io ; Leif = Lindholm > > ; Ard Biesheuvel ; Samer > > El-Haj-Mahmoud ; Sunny Wang > > ; Marcin Wojtas ; > > upstream@semihalf.com; Jiewen Yao ; Jian J Wang > > ; Min Xu ; Laszlo Ersek > > ; Sami Mujawar ; Andrew > > Fish ; Ray Ni ; Jordan Justen > > ; Rebecca Cran ; Peter > > Grehan ; Thomas Abraham > > ; Chasel Chiu ; Nate > > DeSimone ; Liming Gao (Byosoft address= ) > > ; Eric Dong ; Michael > > Kinney ; zailiang.sun@intel.com; > > yi.qian@intel.com; Graeme Gregory ; Radoslaw > > Biernacki ; Peter Batard > > =E4=B8=BB=E9=A2=98: Re: [PATCH v7 00/11] Secure Boot default keys > > > > On Fri, 30 Jul 2021 at 12:23, Grzegorz Bernacki wro= te: > > > > > > This patchset adds support for initialization of default > > > Secure Boot variables based on keys content embedded in > > > flash binary. This feature is active only if Secure Boot > > > is enabled and DEFAULT_KEY is defined. The patchset > > > consist also application to enroll keys from default > > > variables and secure boot menu change to allow user > > > to reset key content to default values. > > > Discussion on design can be found at: > > > https://edk2.groups.io/g/rfc/topic/82139806#600 > > > > > > Built with: > > > GCC > > > - RISC-V (U500, U540) [requires fixes in dsc to build] > > > - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg, > > > EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32)) > > > - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4) > > > > > > RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to= be > > built, > > > will be post on edk2 maillist later > > > > > > VS2019 > > > - Intel (OvmfPkgX64) > > > > > > Test with: > > > GCC5/RPi4 > > > VS2019/OvmfX64 (requires changes to enable feature) > > > > > > Tests: > > > 1. Try to enroll key in incorrect format. > > > 2. Enroll with only PKDefault keys specified. > > > 3. Enroll with all keys specified. > > > 4. Enroll when keys are enrolled. > > > 5. Reset keys values. > > > 6. Running signed & unsigned app after enrollment. > > > > > > Changes since v1: > > > - change names: > > > SecBootVariableLib =3D> SecureBootVariableLib > > > SecBootDefaultKeysDxe =3D> SecureBootDefaultKeysDxe > > > SecEnrollDefaultKeysApp =3D> EnrollFromDefaultKeysApp > > > - change name of function CheckSetupMode to GetSetupMode > > > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > > > - rebase to master > > > > > > Changes since v2: > > > - fix coding style for functions headers in SecureBootVariableLib.h > > > - add header to SecureBootDefaultKeys.fdf.inc > > > - remove empty line spaces in SecureBootDefaultKeysDxe files > > > - revert FAIL macro in EnrollFromDefaultKeysApp > > > - remove functions duplicates and add SecureBootVariableLib > > > to platforms which used it > > > > > > Changes since v3: > > > - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg > > > - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib > > > - fix typo in guid description > > > > > > Changes since v4: > > > - reorder patches to make it bisectable > > > - split commits related to more than one platform > > > - move edk2-platform commits to separate patchset > > > > > > Changes since v5: > > > - split SecureBootVariableLib into SecureBootVariableLib and > > > SecureBootVariableProvisionLib > > > > > > Changes since v6: > > > - fix problems found by CI > > > - add correct modules to SecurityPkg.dsc > > > - update SecurityPkg.dec > > > - fix coding style issues > > > > > > > This still generates CI errors: > > > > https://github.com/tianocore/edk2/pull/1850 > > > > Note that you can create PRs against tianocore/edk2 directly from your > > own branch, which will result in the CI checks to be performed on the > > code, without your branch being merged even if all checks pass (that > > requires the push label which only maintainers can set) > > > > > > > NOTE: edk2-platform has not been changed and v6 platform patches > > > are still valid > > > > > > Grzegorz Bernacki (11): > > > SecurityPkg: Create SecureBootVariableLib. > > > SecurityPkg: Create library for enrolling Secure Boot variables. > > > ArmVirtPkg: add SecureBootVariableLib class resolution > > > OvmfPkg: add SecureBootVariableLib class resolution > > > EmulatorPkg: add SecureBootVariableLib class resolution > > > SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. > > > ArmPlatformPkg: Create include file for default key content. > > > SecurityPkg: Add SecureBootDefaultKeysDxe driver > > > SecurityPkg: Add EnrollFromDefaultKeys application. > > > SecurityPkg: Add new modules to Security package. > > > SecurityPkg: Add option to reset secure boot keys. > > > > > > SecurityPkg/SecurityPkg.dec > > | 22 + > > > ArmVirtPkg/ArmVirt.dsc.inc > > | 2 + > > > EmulatorPkg/EmulatorPkg.dsc > > | 2 + > > > OvmfPkg/Bhyve/BhyveX64.dsc > > | 2 + > > > OvmfPkg/OvmfPkgIa32.dsc > > | 2 + > > > OvmfPkg/OvmfPkgIa32X64.dsc > > | 2 + > > > OvmfPkg/OvmfPkgX64.dsc > > | 2 + > > > SecurityPkg/SecurityPkg.dsc > > | 9 +- > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > | 48 ++ > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > | 80 +++ > > > > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableP= rovi > > sionLib.inf | 80 +++ > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= D > > xe.inf | 3 + > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.inf | 46 ++ > > > SecurityPkg/Include/Library/SecureBootVariableLib.h > > | 153 ++++++ > > > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > > | 134 +++++ > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= N > > vData.h | 2 + > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= .v > > fr | 6 + > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > | 115 +++++ > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > | 510 ++++++++++++++++++++ > > > > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableP= rovi > > sionLib.c | 482 ++++++++++++++++++ > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= I > > mpl.c | 344 ++++++------- > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.c | 69 +++ > > > ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > > | 70 +++ > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > | 17 + > > > > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableP= rovi > > sionLib.uni | 16 + > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= S > > trings.uni | 4 + > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.uni | 16 + > > > 27 files changed, 2049 insertions(+), 189 deletions(-) > > > create mode 100644 > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableP= rovi > > sionLib.inf > > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.inf > > > create mode 100644 > > SecurityPkg/Include/Library/SecureBootVariableLib.h > > > create mode 100644 > > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > > > create mode 100644 > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableP= rovi > > sionLib.c > > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.c > > > create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableP= rovi > > sionLib.uni > > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.uni > > > > > > -- > > > 2.25.1 > > > > > > > >=20 > >