From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ard.biesheuvel@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:4001:c0b::241; helo=mail-it0-x241.google.com;
 envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-it0-x241.google.com (mail-it0-x241.google.com
 [IPv6:2607:f8b0:4001:c0b::241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 2D7EC2222C22B
 for <edk2-devel@lists.01.org>; Tue, 30 Jan 2018 05:43:05 -0800 (PST)
Received: by mail-it0-x241.google.com with SMTP id 68so611311ite.4
 for <edk2-devel@lists.01.org>; Tue, 30 Jan 2018 05:48:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=QCObo9niypfajKTxSJZvTbVoVwITWhM91NOuMAY7Nkw=;
 b=ZvuAGC2w1hR34D1LGY+lW2Wn+TySwUF7ZHIzT2qEBHIzOXTkr7nHskSBHRkikcwwiP
 xiFmTbNqEPawVYxEvAwDxyBuzR/+EvuioOtpiXufHNn5xaflGMla93ZbktK8gAc3eh/j
 8D9tz5xuz2UOeC+gS8jR90jUNYuxR1e3oW0zY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=QCObo9niypfajKTxSJZvTbVoVwITWhM91NOuMAY7Nkw=;
 b=r6ASAKPNT5NlIj7MYCrJrdNQEh39m1iDhMY3tmexo74yfbfLQeIK+Oq/suYUC4ziEt
 zz7Y5rST9B4ChPhpuvC4umYcWCOkW/C0zc9ttQ9qCc5LNzQ06YtfhWx7rB/qDAUBtC+O
 dcIUtIH4M/R6dSq3OOzWgNX1nKmS1jWD+Ndu6ykaU1D4+TlSZBk6zXrbkhsdpAPLTz6+
 6VEWmIQEZQsRIA1vWnsb8emnHg5waRiG8+tBDrAcjhNp1wcFTLP4C6AKyS85bhpH2fhl
 eb6rCofsTLzSu6hCn7CDrPImO5Dv/5H1k+k60ioj41+7vZZBy6RsIMTaSE4fXW1lL+Vj
 yHXA==
X-Gm-Message-State: AKwxytcJ98TdPyMD2mx3+kERuBLVtpwTwP2b8Q9idt31yfXTD61j9DPO
 rKtBeOzFvqaENPmCRzulMyjgz9DKpyx4mTAke2ztPvZD
X-Google-Smtp-Source: AH8x225toE1uouj19TnM/L7IS0yg+Y33XOy4omCuBjn399D4ukNsuoLSfjJe1qmOjYt5tm4vJjxIQjh4AVF1uBabDq4=
X-Received: by 10.36.228.200 with SMTP id o191mr12906110ith.143.1517320119326; 
 Tue, 30 Jan 2018 05:48:39 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.112.13 with HTTP; Tue, 30 Jan 2018 05:48:38 -0800 (PST)
In-Reply-To: <20180108054513.2279-4-kalyankumar.nagabhirava@linaro.org>
References: <20180108054513.2279-1-kalyankumar.nagabhirava@linaro.org>
 <20180108054513.2279-4-kalyankumar.nagabhirava@linaro.org>
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Tue, 30 Jan 2018 13:48:38 +0000
Message-ID: <CAKv+Gu_uXuvCVAvgYR6=Ov82tFPEEaUQNU_40raw9qG5zrdeyQ@mail.gmail.com>
To: kalyan-nagabhirava <kalyankumar.nagabhirava@linaro.org>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: [PATCH v1 3/4] edk2-platforms:comcast: RDK secure boot Application
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jan 2018 13:43:05 -0000
Content-Type: text/plain; charset="UTF-8"

On 8 January 2018 at 05:45, kalyan-nagabhirava
<kalyankumar.nagabhirava@linaro.org> wrote:
> Application will get file path of   PK key and KEK key using rdk.conf file, once keys are
> Available, application will enable secure boot and validates the signed kernel Image.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: kalyan-nagabhirava <kalyankumar.nagabhirava@linaro.org>
> ---
>  Platform/Comcast/Application/SecureBoot/SecureBoot.inf | 57 ++++++++++++++++++++
>  Platform/Comcast/Application/SecureBoot/SecureBoot.c   | 30 +++++++++++
>  2 files changed, 87 insertions(+)
>
> diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.inf b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
> new file mode 100644
> index 000000000000..e7a3bb3afbb6
> --- /dev/null
> +++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
> @@ -0,0 +1,57 @@
> +#
> +#  Copyright (c) 2016-2017, Linaro Limited. All rights reserved.

Bump the year?

> +#  Copyright (c) 2016-2017, comcast . All rights reserved.
> +#
> +#  This program and the accompanying materials
> +#  are licensed and made available under the terms and conditions of the BSD License
> +#  which accompanies this distribution.  The full text of the license may be found at
> +#  http://opensource.org/licenses/bsd-license.php
> +#
> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +#
> +
> +################################################################################
> +#
> +# Defines Section - statements that will be processed to create a Makefile.
> +#
> +################################################################################
> +
> +[Defines]
> +  INF_VERSION     = 0x00010006

please use 0x0001001A for new files

> +  BASE_NAME       = RdkSecureLoader
> +  FILE_GUID       = b2c7930f-07ef-4305-ac4e-1ce2085a7031
> +  MODULE_TYPE     = UEFI_APPLICATION
> +  VERSION_STRING  = 1.0
> +  ENTRY_POINT     = SecureBootEntryPoint
> +
> +[Sources]
> +  SecureBoot.c
> +
> +[Packages]
> +  ArmPkg/ArmPkg.dec
> +  ArmPlatformPkg/ArmPlatformPkg.dec
> +  EmbeddedPkg/EmbeddedPkg.dec
> +  MdePkg/MdePkg.dec
> +  MdeModulePkg/MdeModulePkg.dec
> +  ShellPkg/ShellPkg.dec
> +  SecurityPkg/SecurityPkg.dec
> +  CryptoPkg/CryptoPkg.dec
> +  NetworkPkg/NetworkPkg.dec
> +  Platform/Comcast/Library/RdkBootManagerLib/RdkBootManagerLib.dec
> +

Do you really use all of these?

> +[Guids]
> +  gEfiCertX509Guid
> +  gEfiCertPkcs7Guid
> +  gEfiCustomModeEnableGuid
> +  gEfiImageSecurityDatabaseGuid
> +  gFdtTableGuid
> +  gRdkGlobalVariableGuid
> +
> +[LibraryClasses]
> +  RdkBootManagerLib
> +  UefiApplicationEntryPoint
> +
> +[Protocols]
> +  gEfiBlockIoProtocolGuid
> +  gEfiDevicePathToTextProtocolGuid
> diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.c b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
> new file mode 100644
> index 000000000000..51ac75835fd0
> --- /dev/null
> +++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
> @@ -0,0 +1,30 @@
> +/*
> +#  Copyright (c) 2016-2017, Linaro Limited. All rights reserved.
> +#
> +#  This program and the accompanying materials
> +#  are licensed and made available under the terms and conditions of the BSD License
> +#  which accompanies this distribution.  The full text of the license may be found at
> +#  http://opensource.org/licenses/bsd-license.php
> +#
> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +#
> + */
> +#include <RdkBootManagerLib.h>
> +
> +EFI_STATUS
> +EFIAPI
> +SecureBootEntryPoint (
> +  IN EFI_HANDLE        ImageHandle,
> +  IN EFI_SYSTEM_TABLE  *SystemTable
> +  )
> +{
> +  EFI_STATUS Status;
> +
> +  Status = RdkSecureBoot (
> +    ImageHandle,
> +    SystemTable->BootServices
> +  );
> +
> +  return Status;
> +}
> --
> 2.15.0
>