From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-oa1-f46.google.com (mail-oa1-f46.google.com [209.85.160.46])
 by mx.groups.io with SMTP id smtpd.web08.3828.1656451130904797678
 for <devel@edk2.groups.io>;
 Tue, 28 Jun 2022 14:18:51 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=llobVJR0;
 spf=pass (domain: gmail.com, ip: 209.85.160.46, mailfrom: kuqin12@gmail.com)
Received: by mail-oa1-f46.google.com with SMTP id 586e51a60fabf-101e1a33fe3so18714442fac.11
        for <devel@edk2.groups.io>; Tue, 28 Jun 2022 14:18:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=PcCLqWfgcnwO67Ccv5w+EuL1UyTFaeg8qtBzw/UwmLQ=;
        b=llobVJR0nF0bMjHU3m4VNAQ1lhnT5eG5Aj9EfPDxAsTEUnMNe43ImX2hDL7PR/6Lup
         5IT2ICVCMk0vyZMSGPSqMzQhorof8mh2eiCWW7+W1NRQ1YmcyCawtoICtYg/BAprLUym
         0Niszsm5RWjvCWxaDxvDJvQkia96Pip3Lu8KdKuAsUiJud9/897xEpPZanhUgpMDvck2
         IMdABQf2bY25lFxkGvAPJaI1zcycv/DIwlBIlfTIia2t9uNcI4F6p2iq/qiHkhED/p4h
         krlweU/bNiGyHAj/I0/lo6fLq4e+mcqNW2GUVMr2xO6VDcfeFhistrtrwIWy1I8HRYqx
         9GVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=PcCLqWfgcnwO67Ccv5w+EuL1UyTFaeg8qtBzw/UwmLQ=;
        b=Rlj7KAGtGPgK/f2ivFoHiwP1wpcbbu9Rl/FHOUI1q/urZ1dd/cb47UjsiZnXQ5m9Kc
         5Jz+N8/gbPOzTa6mIMkfcB9NETg8l9jzm+/ToAF87mDUP4ormf9JMeECeauaSofCTEQP
         Z9HoyL1qsTPtHpA7A5s2G3zn4JanttF+kECblIRcsnkt61bYpTpaQ5c6WEAoYV2zByfS
         Y7poO7CzWNWYiKOJ1dOpR918E3sUAp3kfQKCmiEFZBBlhjeiYQGg9MDbxv7DLWw21w09
         c+LNDJycRjcGD+ijJA/fd4M9PpDZvz/659JID5iYRsdHfBB7vjOxwzyDXqhWkSXFylUa
         mUCw==
X-Gm-Message-State: AJIora/U3hlN9JTF6hk4D0CQuvu9cVZOYZBrLFNr4cZ7yU2/SCFm3kCE
	wb5RHIRUxZQmdpDrYOUL4VE52Ls1GApOUE/uvxzGPnpMdbE=
X-Google-Smtp-Source: AGRyM1uWeUFXpWovH9Ge/1NH81hF0PydpVIReZr5YmKHItFKQrOFYo+fWsBiuSekfDJUT57ielYeSfaeNMIEUWraP30=
X-Received: by 2002:a05:6870:de0e:b0:108:a478:2289 with SMTP id
 qg14-20020a056870de0e00b00108a4782289mr1005902oab.260.1656451129998; Tue, 28
 Jun 2022 14:18:49 -0700 (PDT)
MIME-Version: 1.0
References: <16F848B3160A57C1.5246@groups.io>
In-Reply-To: <16F848B3160A57C1.5246@groups.io>
From: "Kun Qin" <kuqin12@gmail.com>
Date: Tue, 28 Jun 2022 14:18:39 -0700
Message-ID: <CABhrWrQaLp2UPiMmUXThMODVe7+Hn=0JqXqmj=_zvgNioJ8y1Q@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v2 00/11] Enhance Secure Boot Variable Libraries
To: edk2-devel-groups-io <devel@edk2.groups.io>, kuqin12@gmail.com
Cc: Jiewen Yao <jiewen.yao@intel.com>, Jian J Wang <jian.j.wang@intel.com>, 
	Min Xu <min.m.xu@intel.com>, Sean Brogan <sean.brogan@microsoft.com>, 
	Ard Biesheuvel <ardb+tianocore@kernel.org>, Jordan Justen <jordan.l.justen@intel.com>, 
	Gerd Hoffmann <kraxel@redhat.com>, Rebecca Cran <rebecca@bsdio.com>, Peter Grehan <grehan@freebsd.org>, 
	Sebastien Boeuf <sebastien.boeuf@intel.com>, Andrew Fish <afish@apple.com>, Ray Ni <ray.ni@intel.com>
Content-Type: multipart/alternative; boundary="00000000000031028305e28895d5"

--00000000000031028305e28895d5
Content-Type: text/plain; charset="UTF-8"

Hi SecurityPkg maintainers & reviewers,

I posted this patch series a while back intending to generalize the usage
of a few interfaces from secure boot libraries. Could you please help
reviewing them and provide feedback? Any input is appreciated.

Regards,
Kun

On Mon, Jun 13, 2022 at 1:39 PM Kun Qin via groups.io <kuqin12=
gmail.com@groups.io> wrote:

> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911
>
> This is a revamp of a previously submitted patch series based on top of
> master branch: https://edk2.groups.io/g/devel/message/89507. No changes
> added.
>
> Current SecureBootVariableLib provide great support for deleting secure
> boot related variables, creating time-based payloads.
>
> However, for secure boot enrollment, the SecureBootVariableProvisionLib
> interfaces always assume the changes from variable storage, limiting the
> usage, requiring existing platforms to change key initialization process
> to adapt to the new methods, as well as bringing in extra dependencies
> such as FV protocol, time protocols.
>
> This patch series proposes to update the implementation for Secure Boot
> Variable libraries and their consumers to better support the related
> variables operations.
>
> Patch v2 branch:
> https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v2
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Cc: Peter Grehan <grehan@freebsd.org>
> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Ray Ni <ray.ni@intel.com>
>
> Kun Qin (8):
>   SecurityPkg: UefiSecureBoot: Definitions of cert and payload
>     structures
>   SecurityPkg: PlatformPKProtectionLib: Added PK protection interface
>   SecurityPkg: SecureBootVariableLib: Updated time based payload creator
>   SecurityPkg: SecureBootVariableProvisionLib: Updated implementation
>   SecurityPkg: Secure Boot Drivers: Added common header files
>   SecurityPkg: SecureBootConfigDxe: Updated invocation pattern
>   OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency
>   EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency
>
> kuqin (3):
>   SecurityPkg: SecureBootVariableLib: Updated signature list creator
>   SecurityPkg: SecureBootVariableLib: Added newly supported interfaces
>   SecurityPkg: SecureBootVariableLib: Added unit tests
>
>  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
>                  |    1 +
>  SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
>  |   51 +
>  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
>                  |  486 ++++-
>  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
>         |   36 +
>  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
>                 |  201 ++
>  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
>     |   13 +
>  SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
>       | 2037 ++++++++++++++++++++
>  SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
>      |  145 +-
>  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
>             |  128 +-
>  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c
>    |    1 +
>  EmulatorPkg/EmulatorPkg.dsc
>                  |    1 +
>  OvmfPkg/Bhyve/BhyveX64.dsc
>                 |    1 +
>  OvmfPkg/CloudHv/CloudHvX64.dsc
>                 |    1 +
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc
>                 |    1 +
>  OvmfPkg/OvmfPkgIa32.dsc
>                  |    1 +
>  OvmfPkg/OvmfPkgIa32X64.dsc
>                 |    1 +
>  OvmfPkg/OvmfPkgX64.dsc
>                 |    1 +
>  SecurityPkg/Include/Library/PlatformPKProtectionLib.h
>                  |   31 +
>  SecurityPkg/Include/Library/SecureBootVariableLib.h
>                  |  103 +-
>  SecurityPkg/Include/UefiSecureBoot.h
>                 |   94 +
>  SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
> |   36 +
>  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
>                  |   14 +-
>  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
>       |   33 +
>  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
>                 |   45 +
>  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
>   |   25 +
>  SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
>     |   36 +
>  SecurityPkg/SecurityPkg.ci.yaml
>                  |   11 +
>  SecurityPkg/SecurityPkg.dec
>                  |    5 +
>  SecurityPkg/SecurityPkg.dsc
>                  |    2 +
>  SecurityPkg/Test/SecurityPkgHostTest.dsc
>                 |   38 +
>  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>            |    1 +
>  31 files changed, 3468 insertions(+), 112 deletions(-)
>  create mode 100644
> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
>  create mode 100644
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
>  create mode 100644
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
>  create mode 100644
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
>  create mode 100644
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
>  create mode 100644 SecurityPkg/Include/Library/PlatformPKProtectionLib.h
>  create mode 100644 SecurityPkg/Include/UefiSecureBoot.h
>  create mode 100644
> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
>  create mode 100644
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
>  create mode 100644
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
>  create mode 100644
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
>  create mode 100644
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
>  create mode 100644 SecurityPkg/Test/SecurityPkgHostTest.dsc
>
> --
> 2.35.1.windows.2
>
>
>
> 
>
>
>

--00000000000031028305e28895d5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">Hi SecurityPkg maintainers &amp; reviewer=
s,<div><br></div><div>I posted this patch series a while back intending to =
generalize the usage of a few interfaces from secure boot libraries. Could =
you please help reviewing=C2=A0them and provide feedback? Any input is appr=
eciated.</div><div><br></div><div>Regards,</div><div>Kun</div></div><br><di=
v class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 1=
3, 2022 at 1:39 PM Kun Qin via <a href=3D"http://groups.io">groups.io</a> &=
lt;kuqin12=3D<a href=3D"mailto:gmail.com@groups.io">gmail.com@groups.io</a>=
&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">REF:=
 <a href=3D"https://bugzilla.tianocore.org/show_bug.cgi?id=3D3909" rel=3D"n=
oreferrer" target=3D"_blank">https://bugzilla.tianocore.org/show_bug.cgi?id=
=3D3909</a><br>
REF: <a href=3D"https://bugzilla.tianocore.org/show_bug.cgi?id=3D3910" rel=
=3D"noreferrer" target=3D"_blank">https://bugzilla.tianocore.org/show_bug.c=
gi?id=3D3910</a><br>
REF: <a href=3D"https://bugzilla.tianocore.org/show_bug.cgi?id=3D3911" rel=
=3D"noreferrer" target=3D"_blank">https://bugzilla.tianocore.org/show_bug.c=
gi?id=3D3911</a><br>
<br>
This is a revamp of a previously submitted patch series based on top of<br>
master branch: <a href=3D"https://edk2.groups.io/g/devel/message/89507" rel=
=3D"noreferrer" target=3D"_blank">https://edk2.groups.io/g/devel/message/89=
507</a>. No changes<br>
added.<br>
<br>
Current SecureBootVariableLib provide great support for deleting secure<br>
boot related variables, creating time-based payloads.<br>
<br>
However, for secure boot enrollment, the SecureBootVariableProvisionLib<br>
interfaces always assume the changes from variable storage, limiting the<br=
>
usage, requiring existing platforms to change key initialization process<br=
>
to adapt to the new methods, as well as bringing in extra dependencies<br>
such as FV protocol, time protocols.<br>
<br>
This patch series proposes to update the implementation for Secure Boot<br>
Variable libraries and their consumers to better support the related<br>
variables operations.<br>
<br>
Patch v2 branch: <a href=3D"https://github.com/kuqin12/edk2/tree/secure_boo=
t_enhance_v2" rel=3D"noreferrer" target=3D"_blank">https://github.com/kuqin=
12/edk2/tree/secure_boot_enhance_v2</a><br>
<br>
Cc: Jiewen Yao &lt;<a href=3D"mailto:jiewen.yao@intel.com" target=3D"_blank=
">jiewen.yao@intel.com</a>&gt;<br>
Cc: Jian J Wang &lt;<a href=3D"mailto:jian.j.wang@intel.com" target=3D"_bla=
nk">jian.j.wang@intel.com</a>&gt;<br>
Cc: Min Xu &lt;<a href=3D"mailto:min.m.xu@intel.com" target=3D"_blank">min.=
m.xu@intel.com</a>&gt;<br>
Cc: Sean Brogan &lt;<a href=3D"mailto:sean.brogan@microsoft.com" target=3D"=
_blank">sean.brogan@microsoft.com</a>&gt;<br>
Cc: Ard Biesheuvel &lt;<a href=3D"mailto:ardb%2Btianocore@kernel.org" targe=
t=3D"_blank">ardb+tianocore@kernel.org</a>&gt;<br>
Cc: Jordan Justen &lt;<a href=3D"mailto:jordan.l.justen@intel.com" target=
=3D"_blank">jordan.l.justen@intel.com</a>&gt;<br>
Cc: Gerd Hoffmann &lt;<a href=3D"mailto:kraxel@redhat.com" target=3D"_blank=
">kraxel@redhat.com</a>&gt;<br>
Cc: Rebecca Cran &lt;<a href=3D"mailto:rebecca@bsdio.com" target=3D"_blank"=
>rebecca@bsdio.com</a>&gt;<br>
Cc: Peter Grehan &lt;<a href=3D"mailto:grehan@freebsd.org" target=3D"_blank=
">grehan@freebsd.org</a>&gt;<br>
Cc: Sebastien Boeuf &lt;<a href=3D"mailto:sebastien.boeuf@intel.com" target=
=3D"_blank">sebastien.boeuf@intel.com</a>&gt;<br>
Cc: Andrew Fish &lt;<a href=3D"mailto:afish@apple.com" target=3D"_blank">af=
ish@apple.com</a>&gt;<br>
Cc: Ray Ni &lt;<a href=3D"mailto:ray.ni@intel.com" target=3D"_blank">ray.ni=
@intel.com</a>&gt;<br>
<br>
Kun Qin (8):<br>
=C2=A0 SecurityPkg: UefiSecureBoot: Definitions of cert and payload<br>
=C2=A0 =C2=A0 structures<br>
=C2=A0 SecurityPkg: PlatformPKProtectionLib: Added PK protection interface<=
br>
=C2=A0 SecurityPkg: SecureBootVariableLib: Updated time based payload creat=
or<br>
=C2=A0 SecurityPkg: SecureBootVariableProvisionLib: Updated implementation<=
br>
=C2=A0 SecurityPkg: Secure Boot Drivers: Added common header files<br>
=C2=A0 SecurityPkg: SecureBootConfigDxe: Updated invocation pattern<br>
=C2=A0 OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency<br>
=C2=A0 EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency<br>
<br>
kuqin (3):<br>
=C2=A0 SecurityPkg: SecureBootVariableLib: Updated signature list creator<b=
r>
=C2=A0 SecurityPkg: SecureBootVariableLib: Added newly supported interfaces=
<br>
=C2=A0 SecurityPkg: SecureBootVariableLib: Added unit tests<br>
<br>
=C2=A0SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c=C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 1 +<br>
=C2=A0SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtec=
tionLibVarPolicy.c=C2=A0 =C2=A0|=C2=A0 =C2=A051 +<br>
=C2=A0SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0|=C2=A0 486 ++++-<br>
=C2=A0SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProt=
ectionLib.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A036 +<br>
=C2=A0SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 |=C2=A0 201 ++<br>
=C2=A0SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeSer=
vicesTableLib.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A013 +<br>
=C2=A0SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariable=
LibUnitTest.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 | 2037 ++++++++++++++++++++<br>
=C2=A0SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariable=
ProvisionLib.c=C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 145 +-<br>
=C2=A0SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi=
gImpl.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 128 +-<br>
=C2=A0SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot=
DefaultKeysDxe.c=C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 1 +<br>
=C2=A0EmulatorPkg/EmulatorPkg.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 1 +<br>
=C2=A0OvmfPkg/Bhyve/BhyveX64.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 1 +<br>
=C2=A0OvmfPkg/CloudHv/CloudHvX64.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 1 +<br>
=C2=A0OvmfPkg/IntelTdx/IntelTdxX64.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 1 +<br>
=C2=A0OvmfPkg/OvmfPkgIa32.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 1 +<br>
=C2=A0OvmfPkg/OvmfPkgIa32X64.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 1 +<br>
=C2=A0OvmfPkg/OvmfPkgX64.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 1 +<br>
=C2=A0SecurityPkg/Include/Library/PlatformPKProtectionLib.h=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A031 +<br>
=C2=A0SecurityPkg/Include/Library/SecureBootVariableLib.h=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 103 +-<br>
=C2=A0SecurityPkg/Include/UefiSecureBoot.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 |=C2=A0 =C2=A094 +<br>
=C2=A0SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtec=
tionLibVarPolicy.inf |=C2=A0 =C2=A036 +<br>
=C2=A0SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0|=C2=A0 =C2=A014 +-<br>
=C2=A0SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProt=
ectionLib.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A033 +<br>
=C2=A0SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 |=C2=A0 =C2=A045 +<br>
=C2=A0SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeSer=
vicesTableLib.inf=C2=A0 =C2=A0 |=C2=A0 =C2=A025 +<br>
=C2=A0SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariable=
LibUnitTest.inf=C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A036 +<br>
=C2=A0SecurityPkg/SecurityPkg.ci.yaml=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A011 +<br>
=C2=A0SecurityPkg/SecurityPkg.dec=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 5 +<br>
=C2=A0SecurityPkg/SecurityPkg.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 2 +<br>
=C2=A0SecurityPkg/Test/SecurityPkgHostTest.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=
=C2=A0 =C2=A038 +<br>
=C2=A0SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi=
gDxe.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 1 +<=
br>
=C2=A031 files changed, 3468 insertions(+), 112 deletions(-)<br>
=C2=A0create mode 100644 SecurityPkg/Library/PlatformPKProtectionLibVarPoli=
cy/PlatformPKProtectionLibVarPolicy.c<br>
=C2=A0create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/MockPlatformPKProtectionLib.c<br>
=C2=A0create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/MockUefiLib.c<br>
=C2=A0create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/MockUefiRuntimeServicesTableLib.c<br>
=C2=A0create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/SecureBootVariableLibUnitTest.c<br>
=C2=A0create mode 100644 SecurityPkg/Include/Library/PlatformPKProtectionLi=
b.h<br>
=C2=A0create mode 100644 SecurityPkg/Include/UefiSecureBoot.h<br>
=C2=A0create mode 100644 SecurityPkg/Library/PlatformPKProtectionLibVarPoli=
cy/PlatformPKProtectionLibVarPolicy.inf<br>
=C2=A0create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/MockPlatformPKProtectionLib.inf<br>
=C2=A0create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/MockUefiLib.inf<br>
=C2=A0create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/MockUefiRuntimeServicesTableLib.inf<br>
=C2=A0create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/SecureBootVariableLibUnitTest.inf<br>
=C2=A0create mode 100644 SecurityPkg/Test/SecurityPkgHostTest.dsc<br>
<br>
-- <br>
2.35.1.windows.2<br>
<br>
<br>
<br>
<br>
<br>
<br>
</blockquote></div></div>

--00000000000031028305e28895d5--