From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web12.1375.1657298324723518010
 for <devel@edk2.groups.io>;
 Fri, 08 Jul 2022 09:38:44 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Oau6FaST;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 1F18B622B8
	for <devel@edk2.groups.io>; Fri,  8 Jul 2022 16:38:44 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 910AFC341C0
	for <devel@edk2.groups.io>; Fri,  8 Jul 2022 16:38:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1657298322;
	bh=CHfeysFdcXFVGB4IF/WVKAF/GmIwlmQa86cfCLxW59w=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=Oau6FaST0/fQrzELAQon9jc83hgHRo/slhQIqiZX0qaGoBeSwe10flb1zTNaxvaVH
	 uOINqfwjvjkLXujcx6BAx6piWRfH7Ztb1oYFGcj5taV4SyWsnQiLH7T0OG/gEEqd+H
	 INdFa8jOXKfVt4ZHycr9GvWpvI9TYbEkkeC8th+xWHGR8nl3JfboOXA1i0QYSRdhTK
	 969S1uwmVAQyg3AwriFHGdqZSHX+rZuEdxzG2sgCkuMbQt7jdaxY4J0qhaKViLfHro
	 UetBTmfXT0r8vodBe/8Yko6YMl5drGr2LwvXNV4bJZYf/a6Yy4BqgXh8JWIjNqQF8l
	 TklRfzIeZyKNA==
Received: by mail-oa1-f52.google.com with SMTP id 586e51a60fabf-10bffc214ffso19193256fac.1
        for <devel@edk2.groups.io>; Fri, 08 Jul 2022 09:38:42 -0700 (PDT)
X-Gm-Message-State: AJIora8NsBuZnrnEAxwvMV9QSBdBwAy9Uz/rZU+xW3WLj5Qa2ezpX5AA
	3/gEbWZqz0qWZ0bBQgAWeTMUUAPmJFdeDidne4w=
X-Google-Smtp-Source: AGRyM1shShqCAjxOO3EbwkNC53Wsn7Q0S90YSkLaqiw5Fu6sYEBRt7qIwm922Byko9+WcBoKrC8W+yCI4iGxoDKlev8=
X-Received: by 2002:a05:6870:5b91:b0:108:374a:96b0 with SMTP id
 em17-20020a0568705b9100b00108374a96b0mr440282oab.126.1657298321673; Fri, 08
 Jul 2022 09:38:41 -0700 (PDT)
MIME-Version: 1.0
References: <20220630235341.1746-1-kuqin12@gmail.com> <MW4PR11MB5872677BBD2D714ED94A3A598C809@MW4PR11MB5872.namprd11.prod.outlook.com>
 <6769a533-64a8-e920-cce7-b228dbac2f92@gmail.com> <MW4PR11MB5872CF8F2D7584129B334AED8C839@MW4PR11MB5872.namprd11.prod.outlook.com>
In-Reply-To: <MW4PR11MB5872CF8F2D7584129B334AED8C839@MW4PR11MB5872.namprd11.prod.outlook.com>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Fri, 8 Jul 2022 18:38:30 +0200
X-Gmail-Original-Message-ID: <CAMj1kXF+515DJ7haOkcWe+EvtwDPOtwi3PFYHiKa0J4N=JPPrQ@mail.gmail.com>
Message-ID: <CAMj1kXF+515DJ7haOkcWe+EvtwDPOtwi3PFYHiKa0J4N=JPPrQ@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries
To: edk2-devel-groups-io <devel@edk2.groups.io>, Jiewen Yao <jiewen.yao@intel.com>
Cc: Kun Qin <kuqin12@gmail.com>, "Wang, Jian J" <jian.j.wang@intel.com>, 
	"Xu, Min M" <min.m.xu@intel.com>, Sean Brogan <sean.brogan@microsoft.com>, 
	Ard Biesheuvel <ardb+tianocore@kernel.org>, "Justen, Jordan L" <jordan.l.justen@intel.com>, 
	Gerd Hoffmann <kraxel@redhat.com>, Rebecca Cran <rebecca@bsdio.com>, Peter Grehan <grehan@freebsd.org>, 
	"Boeuf, Sebastien" <sebastien.boeuf@intel.com>, Andrew Fish <afish@apple.com>, 
	"Ni, Ray" <ray.ni@intel.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I think this series has broken some ARM platforms, please double check.

https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/4573/console


On Thu, 7 Jul 2022 at 03:09, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Merged https://github.com/tianocore/edk2/pull/3050
>
>
>
> From: Kun Qin <kuqin12@gmail.com>
> Sent: Thursday, July 7, 2022 1:44 AM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>;=
 Sean Brogan <sean.brogan@microsoft.com>; Ard Biesheuvel <ardb+tianocore@ke=
rnel.org>; Justen, Jordan L <jordan.l.justen@intel.com>; Gerd Hoffmann <kra=
xel@redhat.com>; Rebecca Cran <rebecca@bsdio.com>; Peter Grehan <grehan@fre=
ebsd.org>; Boeuf, Sebastien <sebastien.boeuf@intel.com>; Andrew Fish <afish=
@apple.com>; Ni, Ray <ray.ni@intel.com>
> Subject: Re: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable L=
ibraries
>
>
>
> Hi Jiewen,
>
> Yes, the "https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3" is=
 the branch I generate these patch series. And they have not been changed a=
fter sending v3 patches.
>
> I confirm that:
> 1. the latest update 256220d82191effae32d91897ab0f65a4fa0641b is identica=
l to the one I submitted to mailing list;
> 2. the branch passed EDKII CI when I prepared this branch and the PR is S=
ecure boot enhance v3 by kuqin12 =C2=B7 Pull Request #3035 =C2=B7 tianocore=
/edk2 (github.com).
>
> Thanks a lot for the help! Please let me know if you encounter any issues=
 when merging these patches.
>
> Regards,
> Kun
>
> On 7/5/2022 10:19 PM, Yao, Jiewen wrote:
>
> Hi
>
> I am going to merge this. However, I realize that my mailbox filtered pat=
ch 6/11 and 10/11.
>
> So I am going to merge the one in https://github.com/kuqin12/edk2/tree/se=
cure_boot_enhance_v3
>
>
>
> Please double confirm:
>
> 1) the latest one 256220d82191effae32d91897ab0f65a4fa0641b is identical t=
o the one you submitted to EDKII mailing list.
>
> 2) the latest one passed the EDKII CI.
>
>
>
> Once you confirm above, I will start merging process.
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> -----Original Message-----
>
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Kun Qin
>
> Sent: Friday, July 1, 2022 7:54 AM
>
> To: devel@edk2.groups.io
>
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.c=
om>;
>
> Xu, Min M <min.m.xu@intel.com>; Sean Brogan <sean.brogan@microsoft.com>;
>
> Ard Biesheuvel <ardb+tianocore@kernel.org>; Justen, Jordan L
>
> <jordan.l.justen@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Rebecca
>
> Cran <rebecca@bsdio.com>; Peter Grehan <grehan@freebsd.org>; Boeuf,
>
> Sebastien <sebastien.boeuf@intel.com>; Andrew Fish <afish@apple.com>; Ni,
>
> Ray <ray.ni@intel.com>
>
> Subject: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libra=
ries
>
>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3909
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3910
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3911
>
>
>
> This is a follow-up of a previously submitted patch series based on top
>
> of master branch: https://edk2.groups.io/g/devel/message/90491.
>
>
>
> The main changes between v2 and v3 patches are:
>
>   - Added reviewed-by and acked-by tags collected from previous iteration
>
>   - Updated default timestamp for default secure boot variable enrollment
>
>
>
> The updated changes are verified on QEMU based Q35 virtual platform as
>
> well as proprietary physical platforms.
>
>
>
> Patch v3 branch:
>
> https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3
>
>
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
>
> Cc: Min Xu <min.m.xu@intel.com>
>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
>
> Cc: Rebecca Cran <rebecca@bsdio.com>
>
> Cc: Peter Grehan <grehan@freebsd.org>
>
> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
>
> Cc: Andrew Fish <afish@apple.com>
>
> Cc: Ray Ni <ray.ni@intel.com>
>
>
>
> Kun Qin (8):
>
>   SecurityPkg: UefiSecureBoot: Definitions of cert and payload
>
>     structures
>
>   SecurityPkg: PlatformPKProtectionLib: Added PK protection interface
>
>   SecurityPkg: SecureBootVariableLib: Updated time based payload creator
>
>   SecurityPkg: SecureBootVariableProvisionLib: Updated implementation
>
>   SecurityPkg: Secure Boot Drivers: Added common header files
>
>   SecurityPkg: SecureBootConfigDxe: Updated invocation pattern
>
>   OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency
>
>   EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency
>
>
>
> kuqin (3):
>
>   SecurityPkg: SecureBootVariableLib: Updated signature list creator
>
>   SecurityPkg: SecureBootVariableLib: Added newly supported interfaces
>
>   SecurityPkg: SecureBootVariableLib: Added unit tests
>
>
>
>  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
>
> |    1 +
>
>
>
> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtection=
Lib
>
> VarPolicy.c   |   51 +
>
>  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
>
> |  485 ++++-
>
>
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtecti=
o
>
> nLib.c          |   36 +
>
>  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
>
> |  201 ++
>
>
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeService=
s
>
> TableLib.c      |   13 +
>
>
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibU=
nit
>
> Test.c        | 2037 ++++++++++++++++++++
>
>
>
> SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProv=
isi
>
> onLib.c       |  145 +-
>
>
>
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigIm
>
> pl.c              |  128 +-
>
>
>
> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefa
>
> ultKeysDxe.c     |    1 +
>
>  EmulatorPkg/EmulatorPkg.dsc                                             =
                  |    1 +
>
>  OvmfPkg/Bhyve/BhyveX64.dsc                                              =
                  |    1 +
>
>  OvmfPkg/CloudHv/CloudHvX64.dsc                                          =
                  |    1 +
>
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc                                        =
                  |    1 +
>
>  OvmfPkg/OvmfPkgIa32.dsc                                                 =
                  |    1 +
>
>  OvmfPkg/OvmfPkgIa32X64.dsc                                              =
                  |    1 +
>
>  OvmfPkg/OvmfPkgX64.dsc                                                  =
                  |    1 +
>
>  SecurityPkg/Include/Library/PlatformPKProtectionLib.h                   =
                  |
>
> 31 +
>
>  SecurityPkg/Include/Library/SecureBootVariableLib.h                     =
                  |
>
> 103 +-
>
>  SecurityPkg/Include/UefiSecureBoot.h                                    =
                  |   94 +
>
>
>
> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtection=
Lib
>
> VarPolicy.inf |   36 +
>
>  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
>
> |   14 +-
>
>
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtecti=
o
>
> nLib.inf        |   33 +
>
>  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
>
> |   45 +
>
>
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeService=
s
>
> TableLib.inf    |   25 +
>
>
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibU=
nit
>
> Test.inf      |   36 +
>
>  SecurityPkg/SecurityPkg.ci.yaml                                         =
                  |   11 +
>
>  SecurityPkg/SecurityPkg.dec                                             =
                  |    5 +
>
>  SecurityPkg/SecurityPkg.dsc                                             =
                  |    2 +
>
>  SecurityPkg/Test/SecurityPkgHostTest.dsc                                =
                  |   38 +
>
>
>
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx
>
> e.inf             |    1 +
>
>  31 files changed, 3467 insertions(+), 112 deletions(-)
>
>  create mode 100644
>
> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtection=
Lib
>
> VarPolicy.c
>
>  create mode 100644
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtecti=
o
>
> nLib.c
>
>  create mode 100644
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
>
>  create mode 100644
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeService=
s
>
> TableLib.c
>
>  create mode 100644
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibU=
nit
>
> Test.c
>
>  create mode 100644 SecurityPkg/Include/Library/PlatformPKProtectionLib.h
>
>  create mode 100644 SecurityPkg/Include/UefiSecureBoot.h
>
>  create mode 100644
>
> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtection=
Lib
>
> VarPolicy.inf
>
>  create mode 100644
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtecti=
o
>
> nLib.inf
>
>  create mode 100644
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
>
>  create mode 100644
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeService=
s
>
> TableLib.inf
>
>  create mode 100644
>
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibU=
nit
>
> Test.inf
>
>  create mode 100644 SecurityPkg/Test/SecurityPkgHostTest.dsc
>
>
>
> --
>
> 2.36.0.windows.1
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>=20