From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qv1-f54.google.com (mail-qv1-f54.google.com [209.85.219.54]) by mx.groups.io with SMTP id smtpd.web10.33150.1623050981221434854 for ; Mon, 07 Jun 2021 00:29:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=myMRK03e; spf=none, err=SPF record not found (domain: semihalf.com, ip: 209.85.219.54, mailfrom: gjb@semihalf.com) Received: by mail-qv1-f54.google.com with SMTP id t6so2481059qvp.5 for ; Mon, 07 Jun 2021 00:29:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=FeV88UTS00ZWq/O8mvTKWyqNB0CZRJTiyMNPFPBSn0k=; b=myMRK03edHlXUzb1UksKnx3VA2HaCaA4Y13eUeUsoDwoqnbpaljdn9h6dVAWU3P6CB ytLBi5cFkzq/PvHW/tpOcUGXtChAmmYL3eHE9ShSJ4bw4HuzdiL/N2UKtSvYQ4dRDO+Y do+4P5dthvuylM1KkfJhJfz9GsSvLMX/g9V/Q6Kg4jlhXed7QWMGh+7HcCdXTrU+oifG t5rHBW8DSIkpb7ez1X5mOzRR+PRg3QlAMkKczBWQiiX1PfjnoTB9LjHvzA5PWs2/9ULP So8zRLbX5n2Vc6h7Jrd4XtgBpRSzopa77BMzchEHCbSdyz0yRASNCzFGAC+bvyfILAj0 qBZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=FeV88UTS00ZWq/O8mvTKWyqNB0CZRJTiyMNPFPBSn0k=; b=T8Hy5coYG7Zrdr2GRJr5azjCdaa+zOfqxwItXuczi3X8islh1MK7CWIhczHQrE1ffi vuCWy9WP32nYyznkgFzuXT7T1NT5C34sdq3DvcZOWB8+DZOpVEfSuglLZ/Nl0sdWZmuW 7Bkr9T5rdMQo9r9y6uTbedmnjfADVztXlAVPOD0gvlutRqIW8tWWLa9wrVj++L/cjlyR Zz3bzJnfBo81hArWZNNXTHmD3ItdAUHTqgdq8BNJe7G9Pln+z/GFuQkFsCDkc+Pwy/9s WrfXgO45iopbiO+FmVzWxI3mCHElgiU0PGGTbVVu/eL9WTmhShBH5nO4L3LxeNRKOYhM vBKg== X-Gm-Message-State: AOAM532IflCMcXDBdcA7YR2UGqphOYcRLlv2A67PlsQs9zPBwRQsqrNC ND8b2aya2oaN5OMuFUyXSkuxIZdDj+923l6AnYY1hg== X-Google-Smtp-Source: ABdhPJyiSR9tSjpOmePXAq8Xx1hsSnmUpIjeshuuaFVmCuAOmZEPRyjJEQ7U2QC2hf6BUDOV3g9O63Fmzs2Qk2IfhMk= X-Received: by 2002:a0c:f0c7:: with SMTP id d7mr16367933qvl.45.1623050980336; Mon, 07 Jun 2021 00:29:40 -0700 (PDT) MIME-Version: 1.0 References: <20210601131229.630611-1-gjb@semihalf.com> In-Reply-To: From: "Grzegorz Bernacki" Date: Mon, 7 Jun 2021 09:29:29 +0200 Message-ID: Subject: Re: [PATCH v2 0/6] Secure Boot default keys To: "Xu, Min M" Cc: "devel@edk2.groups.io" , "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , "Samer.El-Haj-Mahmoud@arm.com" , "sunny.Wang@arm.com" , "mw@semihalf.com" , "upstream@semihalf.com" , "Yao, Jiewen" , "Wang, Jian J" , "lersek@redhat.com" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Min M, I tested it with Ovmf. I will try other compiler and provide you logs soon. thanks, greg pt., 4 cze 2021 o 10:17 Xu, Min M napisa=C5=82(a): > > Grzegorz > Have you built this feature with different tool chains, such as VS2017/VS= 2019/GCC5? And test it in IA32/X64/AARCH64? > Would you post your test result in the mail? > Thanks much! > > > -----Original Message----- > > From: Grzegorz Bernacki > > Sent: Tuesday, June 1, 2021 9:12 PM > > To: devel@edk2.groups.io > > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj- > > Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com; > > upstream@semihalf.com; Yao, Jiewen ; Wang, Jian J > > ; Xu, Min M ; > > lersek@redhat.com; Grzegorz Bernacki > > Subject: [PATCH v2 0/6] Secure Boot default keys > > > > This patchset adds support for initialization of default Secure Boot va= riables > > based on keys content embedded in flash binary. This feature is active = only if > > Secure Boot is enabled and DEFAULT_KEY is defined. The patchset consist > > also application to enroll keys from default variables and secure boot = menu > > change to allow user to reset key content to default values. > > Discussion on design can be found at: > > https://edk2.groups.io/g/rfc/topic/82139806#600 > > > > I also added patch for RPi4 which enables this feature for that platfor= m. > > > > Changes since v1: > > - change names: > > SecBootVariableLib =3D> SecureBootVariableLib > > SecBootDefaultKeysDxe =3D> SecureBootDefaultKeysDxe > > SecEnrollDefaultKeysApp =3D> EnrollFromDefaultKeysApp > > - change name of function CheckSetupMode to GetSetupMode > > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > > - rebase to master > > > > Grzegorz Bernacki (6): > > [edk2] > > SecurityPkg: Create library for setting Secure Boot variables. > > SecurityPkg: Create include file for default key content. > > SecurityPkg: Add SecureBootDefaultKeysDxe driver > > SecurityPkg: Add EnrollFromDefaultKeys application. > > SecurityPkg: Add new modules to Security package. > > SecurityPkg: Add option to reset secure boot keys. > > [edk2-platform] > > Platform/RaspberryPi: Enable default Secure Boot variables initializa= tion > > > > SecurityPkg/SecurityPkg.dec = | 14 + > > SecurityPkg/SecurityPkg.dsc = | 5 + > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > | 47 + > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > | 79 ++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > Dxe.inf | 2 + > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.inf | 46 + > > SecurityPkg/Include/Library/SecureBootVariableLib.h = | > > 252 +++++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > NvData.h | 2 + > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig. > > vfr | 6 + > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > | 107 +++ > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > | 979 ++++++++++++++++++++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > > mpl.c | 343 ++++--- > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.c | 69 ++ > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > | 16 + > > SecurityPkg/SecureBootDefaultKeys.fdf.inc = | 62 ++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigS > > trings.uni | 4 + > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.uni | 17 + > > 17 files changed, 1862 insertions(+), 188 deletions(-) create mode 10= 0644 > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.inf > > create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h > > create mode 100644 > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.c > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.uni > > > > -- > > 2.25.1 >