From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (EUR05-DB8-obe.outbound.protection.outlook.com [40.107.20.83]) by mx.groups.io with SMTP id smtpd.web09.5652.1622794546412953897 for ; Fri, 04 Jun 2021 01:15:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=i2Tag2Gb; spf=pass (domain: arm.com, ip: 40.107.20.83, mailfrom: sunny.wang@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+eh4ZoSeFlhw4/EC+GlO+k8eJ9Zfkp1pMSAoa5int3Y=; b=i2Tag2GbujGe24zBMMyp04FpCdtif1GU8GGUDMvX7a8lexkad/+yJyFxQDxJ07cRKdlueQKyI7naSa+QgHVItHP7FqkfuZctrni0VRyRG8fA0QxX9j4SsSexti9su1aIuEqtgH8DJU/K3zJ1XAc7UjGk+xPD2OTeXfTOlpz4eVI= Received: from AS8PR04CA0121.eurprd04.prod.outlook.com (2603:10a6:20b:127::6) by AM9PR08MB6052.eurprd08.prod.outlook.com (2603:10a6:20b:2d5::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.24; Fri, 4 Jun 2021 08:15:42 +0000 Received: from AM5EUR03FT044.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:127:cafe::ff) by AS8PR04CA0121.outlook.office365.com (2603:10a6:20b:127::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.22 via Frontend Transport; Fri, 4 Jun 2021 08:15:40 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT044.mail.protection.outlook.com (10.152.17.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.21 via Frontend Transport; Fri, 4 Jun 2021 08:15:39 +0000 Received: ("Tessian outbound 6d1d235c0b46:v93"); Fri, 04 Jun 2021 08:15:39 +0000 X-CR-MTA-TID: 64aa7808 Received: from 4998d7c63b53.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 8075A453-36C2-4647-9859-A3472EF02E43.1; Fri, 04 Jun 2021 08:15:32 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 4998d7c63b53.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 04 Jun 2021 08:15:32 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jZ2GFjlHumvwdDiwbWTCUsboKLobdIbaw6f+OeuWl6us7MSji3mXVe8pqdSBCulfaRy3VRxdGFTNogatsLgemGBh531mehpN73ItD+RtdUrUc7X0cqkGxDFtAEN0tG5WWzNDUmCQtCWF+EB0OWw58RdMeGnNyHcyL6D2yo+rs1tCb6k93MRXzBpjP2eavXySBqC2qhH5iP7xgAFO0I5WRJ+6ldxF1mKoRfMjE0rwYRJTSJUBF8dCEygtdEyMNZAfKcH+3wQGmYeX2ytSVezxc+FBXU0/gxQEAETHgs2TmCshH2wEYLgK1vuba5DBfzchGsPUWyRVazm+MT0CIFjTAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+eh4ZoSeFlhw4/EC+GlO+k8eJ9Zfkp1pMSAoa5int3Y=; b=Cm4sU0RBGVCfaUKewykTp7Oj7fVfYrOQxGLT9fVbX/qU06YOofNEMFwCVIjsqfqu1ZeKooTqNO75EIKhRcZlnUZp2MLjCCSdrcbkGw5faBsnwHN3W9eGU8AXhZIubV+pU4+ohjBSIkiRo1NcC0SHK6V+bMLk7ikACsgakHpvdCi6QaF6mEXYF7Zx+dYNYrFG4MUyOms0vExV1yCyGrxHw/ErTjOqIaUUA0a+gWSSs6kGu78rDxnnPTu5A0tenYB34/VD+w0Q6sLAmlbr7z4m37T+ZmJ3aeYRi8+6I6+VoOoydnoHXUppazgjYfC5pmCZ0ysl0ueHtBF0rXveTWd2ZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+eh4ZoSeFlhw4/EC+GlO+k8eJ9Zfkp1pMSAoa5int3Y=; b=i2Tag2GbujGe24zBMMyp04FpCdtif1GU8GGUDMvX7a8lexkad/+yJyFxQDxJ07cRKdlueQKyI7naSa+QgHVItHP7FqkfuZctrni0VRyRG8fA0QxX9j4SsSexti9su1aIuEqtgH8DJU/K3zJ1XAc7UjGk+xPD2OTeXfTOlpz4eVI= Received: from DB8PR08MB3993.eurprd08.prod.outlook.com (2603:10a6:10:ad::26) by DB6PR08MB2695.eurprd08.prod.outlook.com (2603:10a6:6:19::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.29; Fri, 4 Jun 2021 08:15:31 +0000 Received: from DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::9154:9191:b8a3:388c]) by DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::9154:9191:b8a3:388c%7]) with mapi id 15.20.4195.024; Fri, 4 Jun 2021 08:15:31 +0000 From: "Sunny Wang" To: Grzegorz Bernacki , "devel@edk2.groups.io" CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , Samer El-Haj-Mahmoud , "mw@semihalf.com" , "upstream@semihalf.com" , "jiewen.yao@intel.com" , "jian.j.wang@intel.com" , "min.m.xu@intel.com" , "lersek@redhat.com" , Sunny Wang Subject: Re: [PATCH v2 3/6] SecurityPkg: Add SecureBootDefaultKeysDxe driver Thread-Topic: [PATCH v2 3/6] SecurityPkg: Add SecureBootDefaultKeysDxe driver Thread-Index: AQHXVufoEbR5ApARYkC7f2tttCmc2asDhLXQ Date: Fri, 4 Jun 2021 08:15:31 +0000 Message-ID: References: <20210601131229.630611-1-gjb@semihalf.com> <20210601131229.630611-5-gjb@semihalf.com> In-Reply-To: <20210601131229.630611-5-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: A5AE831EF02C4D428DD4F671EFF3640C.0 x-checkrecipientchecked: true Authentication-Results-Original: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; x-originating-ip: [36.226.217.156] x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: edf10a90-d9de-4d0b-9e71-08d92730f0a2 x-ms-traffictypediagnostic: DB6PR08MB2695:|AM9PR08MB6052: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:215;OLM:635; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: XS6dcU5AAf1CxC116INRyl67rUFdjwWR+prL8ZiEYJQuc5QVSpWhDfp2YAlgRj1UZnnR4XjE/3oY9DhHvDG4Ng/BA6DMgOFQq5rII1iulFOMxGYqnouF1TmShpvXThfdDIif8bpKzPwZCBzA0QuSoo2xQdENLYCVdDdDA2z9e3h+81zglMM82wJtJ3uEAeQaYQpWcPmAfBRPTValKi8xTCubhMtdEqanPQEh/bcv/G7dQWQ9Uk9qhu2c4zb088aq+JxRpTfWVxzHNU8Hkx4NvoWoIWcr/banVUGm9L1rkEc+rUL9y0hOpvXQgrZNaij2lt+fbWSYWNQqEgF0yPNJzeCG+0tZCcNrQ59BwHaMuECPHeag6lu5hA/Uw+rgUAPL1JrpUOKuQwSLGXb4dV4HDOZQOASX+okpIn81kNramgLnAZT4pQZBxc2PIuNareKT6uhcUR29+F/NQ0e/UwPRLv+W8WQRt4oUiH0Qnj2GXGEfkP5Bsy9bUqT+iZ+jDCo1MDP53VIslOp+U5RX3RIyYMoZPJvPOMpAGy6VtTONa/aqYtu/WnnKJ0qj+WHVtXqkIvgcPhFi8OtNp4L/pMtnKfXHInVinJiNFFUxsCsp2gQwEMEkjyII4uUBmTSOX//0ZyfZ+2QSnVfs0HVXy5ZBE//5KjMdyL4ZA0SiV7Jb9vs= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR08MB3993.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(346002)(376002)(396003)(366004)(136003)(7416002)(64756008)(76116006)(66446008)(66556008)(110136005)(53546011)(316002)(52536014)(186003)(26005)(5660300002)(66946007)(8676002)(33656002)(55016002)(66476007)(71200400001)(122000001)(54906003)(8936002)(6506007)(86362001)(4326008)(478600001)(38100700002)(15650500001)(7696005)(2906002)(83380400001)(9686003)(213903007);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?SepxPsWU/YpKr+2KK/K1hFs8CuI/KvZ7xl2RsapKaorL1RHzpcr/r83vIBrC?= =?us-ascii?Q?Y+wirG5SZVyNLN07zLaxBMdQBNQNnJpsNhboJqoJ3XiSWQBtM/1t2wJWMi53?= =?us-ascii?Q?s4R0494yHCxnQ0Cl/7EnqSb1gjeNUPYaOOTGct3aTEvYuCftNw4z48uBRdjQ?= =?us-ascii?Q?Wilj3jmLYe8IbQohJsUOQc5cERQIl31AJztW7NN75JnoYE1JpiB4GIIJl4js?= =?us-ascii?Q?NsDsCWn3lIzFnzy6rW3cWZT9VbzM7VSYNNXifnh94Gwoj8W7E2fIAxtO3k2t?= =?us-ascii?Q?cifUf6p32xIf3YY1nVx8966V0ccEjEa0wh7J+LqWfvalWgCVdi/O3PDlV3Qd?= =?us-ascii?Q?f8nLVNSkexCn1qVDZxqqqK2W3JGPwwYhDlr8OiUWJIrXiPZSekFSeE3WNPrp?= =?us-ascii?Q?891Gda06Zqm7asKo+mPknqaXSiW39B1r3oimbvN0IsCYZ4IxFCGKi0jJ/loc?= =?us-ascii?Q?3uNLVWUF8pg3a9O4xLKOzLRLhSbHXQcqYjOOVkHyNtUbhXP9fRwBT9bcxN3g?= =?us-ascii?Q?Dca47j8Egj4x+fXedG4Ntx1KOBalnpHbzUbv+bg4uC73NaUgOrItrKXpb/zU?= =?us-ascii?Q?8hIe5mqXyIrQtKPDCKT0qB2V57royXHX+LgtDKWvCM0KhvAvt0quxUvtwOXP?= =?us-ascii?Q?eopYqYtHh7XtIgwfMIIQtVLARqU95iUVv4mBOWGAKRaSmOmnqK9felE8QYQ2?= =?us-ascii?Q?MtgKDViNXyynpWU4F4G56uzYpl/ZIHEj8OBdV5JXMTHyyaAMCbowy4eYo5wE?= =?us-ascii?Q?F5B9JvMN2rWCbAhwrrZKAmyPwsztMa4kAjDsYIXDt57V0dNaBKoH+iRbeSp6?= =?us-ascii?Q?/+qR+qDafzt1enE0OME22oSXfJzeT5u1RY0IdYA9uDSuBA61KOyVkqrzetVO?= =?us-ascii?Q?26xEijOywhX5cneudIHWMVYZtPEeBdCfHYdxcuiaGAm8Z260Hpjy+EOvtJke?= =?us-ascii?Q?DA91mqd7I1qs4Ex3k73KDbrpyuPWCJpd+hpoFrHDiocDnkwIVYM3WIp8/VBw?= =?us-ascii?Q?mc2iVC0MEGt0BphjBJksaAbo05V3qcDIKIfS6qxS08uLwsX1b4u83QlZfDOK?= =?us-ascii?Q?GenTklxeCrsJpfIyIp84NDnI2Nyo9z3vDJwUNlLfpSaa6NWJXn+esWh+y7+Z?= =?us-ascii?Q?VpbiHCOG87hW3BUG2H7RFQAbvHrtVMhYspie918UKV+fEnRNnJuND+8ylylp?= =?us-ascii?Q?RsMrAK2U5MWESEcNqlo2CMExk2B5+pZFaSxGO04jcg6tUAskKmQoy+FDbOGH?= =?us-ascii?Q?8JHXtyKqBFLjRC7Li/MevFdxrpcFX8YWX/agFDTJbZVsKE7EmDqIEdTnjsFu?= =?us-ascii?Q?ef30KYk6kXiFly7rf3VCxjYt?= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR08MB2695 Original-Authentication-Results: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; Return-Path: Sunny.Wang@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT044.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 84e73cf2-fa37-41ee-7f9a-08d92730ebac X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: msgsBtmR9LDXLb7hh8lOIdEXyKyvDTjR1TKbWPDhL6frzaitJHnrYPrrzFI/LOcFAdV39FJysddomFqw2ZRDPwSakqJTac24lxzqGP3QC5E91tkrivo735xKnueMfgwIaK6N6okD9dAqcnOk3ekblIP9fgvrBy3ERAkgk+/CqeUY8v44ZA7hjf7kAsFcwlRA9+6VuLkCHaSAVcrS86Bg+5Oo3O5xRCI2XokIgfy2GRtWZiCsRfYTfBkB+mAHrHlYjt0m3lW/ntyIGy7MwO/d+in1SNp3BPTtXpsb6pu137mEeM9NgGbiCmwfsPRFxn+Ohs0v+k2sxK0vVTmBuLTKWifOOQj2yNrt2r5ePCSqjnGDtZlGi8MMZJedOTlv05/ggZ9ldTn8367M3fNFsTojhFcKVVlNhmg4DwoC3PnyaAtQ76lnUvhLc2gvnDZ3q2xIwDsf+h71ARwjXUJmyTCEEvxaU6mfh+HV5YarGXffq3gu80FlNxkv8kkA8Nekl2ahh4BrsSIloc6J9H2MvjBqULWRN6MMBsp40/qJ2eUb5iyKkOyYdSNw/H52VWSLC+AvlUHWzuaYNFDTCAjf74Z21ruLyGkYvRvMp2J4pmsp4tBWraHxMtaKFPSvIlUmDGfAk8OusAlryDnZulX4FWU5/mEc0JvNaraOyubbbYuqgZ9aa6qHen4pA33HeJS9Or98 X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(376002)(346002)(396003)(136003)(39860400002)(46966006)(36840700001)(9686003)(186003)(82740400003)(8936002)(55016002)(356005)(316002)(336012)(6506007)(86362001)(5660300002)(36860700001)(81166007)(53546011)(8676002)(478600001)(26005)(33656002)(47076005)(52536014)(70206006)(82310400003)(2906002)(7696005)(4326008)(110136005)(54906003)(15650500001)(83380400001)(70586007)(213903007);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jun 2021 08:15:39.8028 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: edf10a90-d9de-4d0b-9e71-08d92730f0a2 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT044.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR08MB6052 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Internally reviewed this patch before sending the edk2 mailing list and It = looks good to me. Please also address Pete's good catches/comments. Reviewed-by: Sunny Wang -----Original Message----- From: Grzegorz Bernacki Sent: Tuesday, June 1, 2021 9:12 PM To: devel@edk2.groups.io Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud ; Sunny Wang ; mw@semihalf.co= m; upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com; min.= m.xu@intel.com; lersek@redhat.com; Grzegorz Bernacki Subject: [PATCH v2 3/6] SecurityPkg: Add SecureBootDefaultKeysDxe driver This driver initializes default Secure Boot keys and databases based on keys embedded in flash. Signed-off-by: Grzegorz Bernacki --- SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefau= ltKeysDxe.inf | 46 +++++++++++++ SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefau= ltKeysDxe.c | 69 ++++++++++++++++++++ SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefau= ltKeysDxe.uni | 17 +++++ 3 files changed, 132 insertions(+) create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys= Dxe/SecureBootDefaultKeysDxe.inf create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys= Dxe/SecureBootDefaultKeysDxe.c create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys= Dxe/SecureBootDefaultKeysDxe.uni diff --git a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/Sec= ureBootDefaultKeysDxe.inf b/SecurityPkg/VariableAuthenticated/SecureBootDef= aultKeysDxe/SecureBootDefaultKeysDxe.inf new file mode 100644 index 0000000000..27345eab2e --- /dev/null +++ b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot= DefaultKeysDxe.inf @@ -0,0 +1,46 @@ +## @file +# Initializes Secure Boot default keys +# +# Copyright (c) 2021, ARM Ltd. All rights reserved.
+# Copyright (c) 2021, Semihalf All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SecureBootDefaultKeysDxe + FILE_GUID =3D C937FCB7-25AC-4376-89A2-4EA8B317DE83 + MODULE_TYPE =3D DXE_DRIVER + ENTRY_POINT =3D SecureBootDefaultKeysEntryPoint + +# +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 +# +[Sources] + SecureBootDefaultKeysDxe.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + UefiDriverEntryPoint + DebugLib + SecureBootVariableLib + +[Guids] + ## SOMETIMES_PRODUCES ## Variable:L"PKDefault" + ## SOMETIMES_PRODUCES ## Variable:L"KEKDefault" + ## SOMETIMES_PRODUCES ## Variable:L"dbDefault" + ## SOMETIMES_PRODUCES ## Variable:L"dbtDefault" + ## SOMETIMES_PRODUCES ## Variable:L"dbxDefault" + gEfiGlobalVariableGuid + +[Depex] + gEfiVariableArchProtocolGuid AND + gEfiVariableWriteArchProtocolGuid + diff --git a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/Sec= ureBootDefaultKeysDxe.c b/SecurityPkg/VariableAuthenticated/SecureBootDefau= ltKeysDxe/SecureBootDefaultKeysDxe.c new file mode 100644 index 0000000000..0928489e15 --- /dev/null +++ b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot= DefaultKeysDxe.c @@ -0,0 +1,69 @@ +/** @file + This driver init default Secure Boot variables + +Copyright (c) 2021, ARM Ltd. All rights reserved.
+Copyright (c) 2021, Semihalf All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + The entry point for SecureBootDefaultKeys driver. + + @param[in] ImageHandle The image handle of the driver. + @param[in] SystemTable The system table. + + @retval EFI_ALREADY_STARTED The driver already exists in system. + @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack o= f resources. + @retval EFI_SUCCESS All the related protocols are installed o= n the driver. + @retval Others Fail to get the SecureBootEnable variable= . + +**/ +EFI_STATUS +EFIAPI +SecureBootDefaultKeysEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + Status =3D SecureBootInitPKDefault (); + if (EFI_ERROR (Status)) { + DEBUG((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __FUNCTIO= N__, Status)); + return Status; + } + + Status =3D SecureBootInitKEKDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __FUNCT= ION__, Status)); + return Status; + } + Status =3D SecureBootInitdbDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n", __FUNCTI= ON__, Status)); + return Status; + } + + Status =3D SecureBootInitdbtDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "%a: dbtDefault not initialized\n", __FUNCTION__))= ; + } + + Status =3D SecureBootInitdbxDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "%a: dbxDefault not initialized\n", __FUNCTION__))= ; + } + + return Status; +} + diff --git a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/Sec= ureBootDefaultKeysDxe.uni b/SecurityPkg/VariableAuthenticated/SecureBootDef= aultKeysDxe/SecureBootDefaultKeysDxe.uni new file mode 100644 index 0000000000..30f03aee5d --- /dev/null +++ b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot= DefaultKeysDxe.uni @@ -0,0 +1,17 @@ +// /** @file +// Provides the capability to intialize Secure Boot default variables +// +// Module which initializes Secure boot default variables. +// +// Copyright (c) 2021, ARM Ltd. All rights reserved.
+// Copyright (c) 2021, Semihalf All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Module which init= ializes Secure boot default variables" + +#string STR_MODULE_DESCRIPTION #language en-US "This module reads= embedded keys and initializes Secure Boot default variables." + -- 2.25.1 IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you.