From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=of0fCIHY; spf=pass (domain: linaro.org, ip: 209.85.166.195, mailfrom: ard.biesheuvel@linaro.org) Received: from mail-it1-f195.google.com (mail-it1-f195.google.com [209.85.166.195]) by groups.io with SMTP; Thu, 11 Apr 2019 14:10:18 -0700 Received: by mail-it1-f195.google.com with SMTP id 139so12003931ita.4 for ; Thu, 11 Apr 2019 14:10:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hhRlPChKIJ+HUd8tlUfD/n10KR0Iwv6AJTydzXQFNHk=; b=of0fCIHYCefKTVSgE9ygS2CIzNN5DyYjp0Md9+ZqXVyGAPPEDifaHzpAHAGUuZLgfb UeTXacIrwj7MzlqQUoDCgSzfXIqaaZi9B+/ifYxG926v3U9jPaOVHJcA6Xbo/Z98IZQh Do1sKU837p+NODteKdu58WmdUyIhgUE01SyoxYI2QTfhmSKgV5Y6/Hhi+FwzhLF1BEO4 GtqnluEILspI1gz+hMJsINnHm2fkneiQeaHHrHlnGAhkQUvsLiuaA5du5lnQMeRZa6XI +wDwSW7cIwoX57xvMTFKelFJKe8z2819uZPNy2fv3jKoyiX+RHV8qgbrl7CmWoWGWNQV NFDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hhRlPChKIJ+HUd8tlUfD/n10KR0Iwv6AJTydzXQFNHk=; b=O2/QnKks8aVvPEdee0kNOwCAwmuqgVyj0nlJC/+ASaj4eaddg3EWtA+R2uCJ+jkKHo BXNyaNw3CkzAcW1a5yd+jDie1/VhlnVCT72UEnaT4Iz5j2BdkDwS8M8kDiES5ZbbxsbB 0WcvGGnlwL+69Qx9DjEiLug7NoF0JQaWW94PnQ815dUNmt0Npp0Np53kJPh67xmjjHjr Ut6oLCqH/stqu9T6KG6ALRU0Y/r3RZezQv/5cLWnKaMyXiTyT80Kw/Uz6w++An66aKZN 5ujPEZVWniMOPyhpfXs9exEgZmjHp/6KLapFWZZC2r5++YT7Pu7trVdN5W258578xzTx lBUw== X-Gm-Message-State: APjAAAUSDtvA61s+b3SQ0xaEXDxF3ZoQg66emabkak5/hfK7txooLoc+ tn5ekghmwVWzGiRH5BpUQGqq3MnXV6o5Yt6FuD5r4Q== X-Google-Smtp-Source: APXvYqyNoWN0xusESJJWKRTvMJVMuC+fgx17yT+aBqe0vYUkqtMh4yPlpEhWUFrcr3Bmm5I/P9Jqon/DbrU39dRl/wQ= X-Received: by 2002:a05:660c:2c5:: with SMTP id j5mr9817241itd.154.1555017017597; Thu, 11 Apr 2019 14:10:17 -0700 (PDT) MIME-Version: 1.0 References: <20190410180602.10799-1-ard.biesheuvel@linaro.org> <20190411192954.yajsgfd3qfatgpqf@bivouac.eciton.net> In-Reply-To: <20190411192954.yajsgfd3qfatgpqf@bivouac.eciton.net> From: "Ard Biesheuvel" Date: Thu, 11 Apr 2019 14:10:06 -0700 Message-ID: Subject: Re: [PATCH edk2-platforms] Platform/DeveloperBox: actually enable secure boot checking To: Leif Lindholm Cc: edk2-devel-groups-io Content-Type: text/plain; charset="UTF-8" On Thu, 11 Apr 2019 at 12:29, Leif Lindholm wrote: > > On Wed, Apr 10, 2019 at 11:06:02AM -0700, Ard Biesheuvel wrote: > > The current secure boot enabled DeveloperBox build contains all the > > pieces to maintain the authenticated variable store, but doesn't > > actually bother to check the signature on anything it boots. Fix that. > > > > Signed-off-by: Ard Biesheuvel > > We haven't actually dropped the CLA from edk2-platforms (yet), so we > probably still need the contributed-under for now. If you add that > before committing: > > Reviewed-by: Leif Lindholm > Thanks. Pushed as 7d8dc6544c93..11c98f35af40 > > --- > > Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 7 ++++++- > > 1 file changed, 6 insertions(+), 1 deletion(-) > > > > diff --git a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc > > index 39077ab5ee79..4ddb0d427f13 100644 > > --- a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc > > +++ b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc > > @@ -245,7 +245,12 @@ > > } > > MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf > > MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf > > - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf > > + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > > + > > +!if $(SECURE_BOOT_ENABLE) == TRUE > > + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > > +!endif > > + } > > ArmPkg/Drivers/TimerDxe/TimerDxe.inf > > ArmPkg/Drivers/GenericWatchdogDxe/GenericWatchdogDxe.inf > > MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > > -- > > 2.17.1 > >