From: "Grzegorz Bernacki" <gjb@semihalf.com>
To: devel@edk2.groups.io, gaoliming@byosoft.com.cn
Cc: leif@nuviainc.com, ardb+tianocore@kernel.org,
"Samer El-Haj-Mahmoud" <Samer.El-Haj-Mahmoud@arm.com>,
"Sunny Wang" <sunny.Wang@arm.com>,
"Marcin Wojtas" <mw@semihalf.com>,
upstream@semihalf.com, "Yao, Jiewen" <jiewen.yao@intel.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Xu, Min M" <min.m.xu@intel.com>,
"Laszlo Ersek" <lersek@redhat.com>,
"Sami Mujawar" <sami.mujawar@arm.com>,
afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com,
rebecca@bsdio.com, grehan@freebsd.org,
"Thomas Abraham" <thomas.abraham@arm.com>,
chasel.chiu@intel.com, nathaniel.l.desimone@intel.com,
eric.dong@intel.com, michael.d.kinney@intel.com,
zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com,
"Radosław Biernacki" <rad@semihalf.com>,
"Pete Batard" <pete@akeo.ie>
Subject: Re: [edk2-devel] [PATCH v5 00/10] Secure Boot default keys
Date: Wed, 7 Jul 2021 09:36:02 +0200 [thread overview]
Message-ID: <CAA2Cew6EoSzAL=XWgusy3GkhtePpzVtAkFCNw1bgQcfCmRafbA@mail.gmail.com> (raw)
In-Reply-To: <007901d772cd$e098a040$a1c9e0c0$@byosoft.com.cn>
Hi,
I created BZ #3481 (https://bugzilla.tianocore.org/show_bug.cgi?id=3481).
Please let me know if I filled it correctly
thanks,
greg
śr., 7 lip 2021 o 03:18 gaoliming <gaoliming@byosoft.com.cn> napisał(a):
>
> Grzegorz Bernacki:
> This is a new feature. Can you submit one BZ
> (https://bugzilla.tianocore.org/) for it? Then, I can add it into edk2
> stable tag feature planning.
>
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Grzegorz
> > Bernacki
> > 发送时间: 2021年7月1日 17:18
> > 收件人: devel@edk2.groups.io
> > 抄送: leif@nuviainc.com; ardb+tianocore@kernel.org;
> > Samer.El-Haj-Mahmoud@arm.com; sunny.Wang@arm.com;
> > mw@semihalf.com; upstream@semihalf.com; jiewen.yao@intel.com;
> > jian.j.wang@intel.com; min.m.xu@intel.com; lersek@redhat.com;
> > sami.mujawar@arm.com; afish@apple.com; ray.ni@intel.com;
> > jordan.l.justen@intel.com; rebecca@bsdio.com; grehan@freebsd.org;
> > thomas.abraham@arm.com; chasel.chiu@intel.com;
> > nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn;
> > eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com;
> > yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie;
> > Grzegorz Bernacki <gjb@semihalf.com>
> > 主题: [edk2-devel] [PATCH v5 00/10] Secure Boot default keys
> >
> > This patchset adds support for initialization of default
> > Secure Boot variables based on keys content embedded in
> > flash binary. This feature is active only if Secure Boot
> > is enabled and DEFAULT_KEY is defined. The patchset
> > consist also application to enroll keys from default
> > variables and secure boot menu change to allow user
> > to reset key content to default values.
> > Discussion on design can be found at:
> > https://edk2.groups.io/g/rfc/topic/82139806#600
> >
> > Built with:
> > GCC
> > - RISC-V (U500, U540) [requires fixes in dsc to build]
> > - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg,
> > EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32))
> > - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4)
> >
> > RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be
> built,
> > will be post on edk2 maillist later
> >
> > VS2019
> > - Intel (OvmfPkgX64)
> >
> > Test with:
> > GCC5/RPi4
> > VS2019/OvmfX64 (requires changes to enable feature)
> >
> > Tests:
> > 1. Try to enroll key in incorrect format.
> > 2. Enroll with only PKDefault keys specified.
> > 3. Enroll with all keys specified.
> > 4. Enroll when keys are enrolled.
> > 5. Reset keys values.
> > 6. Running signed & unsigned app after enrollment.
> >
> > Changes since v1:
> > - change names:
> > SecBootVariableLib => SecureBootVariableLib
> > SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe
> > SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp
> > - change name of function CheckSetupMode to GetSetupMode
> > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp
> > - rebase to master
> >
> > Changes since v2:
> > - fix coding style for functions headers in SecureBootVariableLib.h
> > - add header to SecureBootDefaultKeys.fdf.inc
> > - remove empty line spaces in SecureBootDefaultKeysDxe files
> > - revert FAIL macro in EnrollFromDefaultKeysApp
> > - remove functions duplicates and add SecureBootVariableLib
> > to platforms which used it
> >
> > Changes since v3:
> > - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg
> > - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib
> > - fix typo in guid description
> >
> > Changes since v4:
> > - reorder patches to make it bisectable
> > - split commits related to more than one platform
> > - move edk2-platform commits to separate patchset
> >
> > Grzegorz Bernacki (10):
> > SecurityPkg: Create library for setting Secure Boot variables.
> > ArmVirtPkg: add SecureBootVariableLib class resolution
> > OvmfPkg: add SecureBootVariableLib class resolution
> > EmulatorPkg: add SecureBootVariableLib class resolution
> > SecurityPkg: Remove duplicated functions from SecureBootConfigDxe.
> > ArmPlatformPkg: Create include file for default key content.
> > SecurityPkg: Add SecureBootDefaultKeysDxe driver
> > SecurityPkg: Add EnrollFromDefaultKeys application.
> > SecurityPkg: Add new modules to Security package.
> > SecurityPkg: Add option to reset secure boot keys.
> >
> > SecurityPkg/SecurityPkg.dec
> > | 14 +
> > ArmVirtPkg/ArmVirt.dsc.inc
> > | 1 +
> > EmulatorPkg/EmulatorPkg.dsc
> > | 1 +
> > OvmfPkg/Bhyve/BhyveX64.dsc
> > | 1 +
> > OvmfPkg/OvmfPkgIa32.dsc
> > | 1 +
> > OvmfPkg/OvmfPkgIa32X64.dsc
> > | 1 +
> > OvmfPkg/OvmfPkgX64.dsc
> > | 1 +
> > SecurityPkg/SecurityPkg.dsc
> > | 4 +
> > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
> > | 47 +
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
> > | 79 ++
> >
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
> > xe.inf | 2 +
> >
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> > efaultKeysDxe.inf | 45 +
> > SecurityPkg/Include/Library/SecureBootVariableLib.h
> > | 251 +++++
> >
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigN
> > vData.h | 2 +
> >
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.v
> > fr | 6 +
> > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
> > | 109 +++
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
> > | 980 ++++++++++++++++++++
> >
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI
> > mpl.c | 343 ++++---
> >
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> > efaultKeysDxe.c | 68 ++
> > ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
> > | 70 ++
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni
> > | 16 +
> >
> > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigS
> > trings.uni | 4 +
> >
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> > efaultKeysDxe.uni | 16 +
> > 23 files changed, 1874 insertions(+), 188 deletions(-)
> > create mode 100644
> > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
> > create mode 100644
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
> > create mode 100644
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> > efaultKeysDxe.inf
> > create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h
> > create mode 100644
> > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
> > create mode 100644
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
> > create mode 100644
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> > efaultKeysDxe.c
> > create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
> > create mode 100644
> > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni
> > create mode 100644
> > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> > efaultKeysDxe.uni
> >
> > --
> > 2.25.1
> >
> >
> >
> >
> >
>
>
>
>
>
>
>
>
next prev parent reply other threads:[~2021-07-07 7:36 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-01 9:17 [PATCH v5 00/10] Secure Boot default keys Grzegorz Bernacki
2021-07-01 9:17 ` [PATCH v5 01/10] SecurityPkg: Create library for setting Secure Boot variables Grzegorz Bernacki
2021-07-06 11:55 ` Yao, Jiewen
2021-07-09 9:29 ` Sunny Wang
2021-07-01 9:17 ` [PATCH v5 02/10] ArmVirtPkg: add SecureBootVariableLib class resolution Grzegorz Bernacki
2021-07-01 10:39 ` Laszlo Ersek
2021-07-09 9:32 ` Sunny Wang
2021-07-01 9:17 ` [PATCH v5 03/10] OvmfPkg: " Grzegorz Bernacki
2021-07-01 10:39 ` Laszlo Ersek
2021-07-09 9:37 ` Sunny Wang
2021-07-01 9:17 ` [PATCH v5 04/10] EmulatorPkg: " Grzegorz Bernacki
2021-07-09 9:10 ` Sunny Wang
2021-07-01 9:17 ` [PATCH v5 05/10] SecurityPkg: Remove duplicated functions from SecureBootConfigDxe Grzegorz Bernacki
2021-07-09 9:12 ` Sunny Wang
2021-07-12 11:45 ` Yao, Jiewen
[not found] ` <1691088E46D0B29B.19753@groups.io>
2021-07-12 14:01 ` [edk2-devel] " Yao, Jiewen
2021-07-01 9:17 ` [PATCH v5 06/10] ArmPlatformPkg: Create include file for default key content Grzegorz Bernacki
2021-07-09 9:20 ` Sunny Wang
2021-07-01 9:17 ` [PATCH v5 07/10] SecurityPkg: Add SecureBootDefaultKeysDxe driver Grzegorz Bernacki
2021-07-06 11:53 ` Yao, Jiewen
2021-07-01 9:17 ` [PATCH v5 08/10] SecurityPkg: Add EnrollFromDefaultKeys application Grzegorz Bernacki
2021-07-06 11:53 ` Yao, Jiewen
2021-07-09 9:37 ` Sunny Wang
2021-07-01 9:17 ` [PATCH v5 09/10] SecurityPkg: Add new modules to Security package Grzegorz Bernacki
2021-07-06 11:57 ` Yao, Jiewen
2021-07-01 9:17 ` [PATCH v5 10/10] SecurityPkg: Add option to reset secure boot keys Grzegorz Bernacki
2021-07-06 11:53 ` Yao, Jiewen
2021-07-07 1:17 ` 回复: [edk2-devel] [PATCH v5 00/10] Secure Boot default keys gaoliming
2021-07-07 7:36 ` Grzegorz Bernacki [this message]
2021-07-09 10:17 ` Sunny Wang
2021-07-09 18:22 ` [edk2-devel] " Sean
2021-07-09 20:03 ` Samer El-Haj-Mahmoud
2021-07-12 12:02 ` Yao, Jiewen
2021-07-13 7:47 ` Grzegorz Bernacki
2021-07-13 7:54 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAA2Cew6EoSzAL=XWgusy3GkhtePpzVtAkFCNw1bgQcfCmRafbA@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox