From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (EUR05-AM6-obe.outbound.protection.outlook.com [40.107.22.65]) by mx.groups.io with SMTP id smtpd.web09.2055.1626838859532290124 for ; Tue, 20 Jul 2021 20:41:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=g4j9K+yG; spf=pass (domain: arm.com, ip: 40.107.22.65, mailfrom: sunny.wang@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t3AiZH3rDVYKUKGhdfbzUbblnW0++ix93Zqj6Jkzp9Y=; b=g4j9K+yGKK48gda+crgj0QceC6WQDE2TBM2Y1id+Uwv2czKND0ggN/SDWGOe9Wy96+vZcwUytzCBDIbvzAB45aWv/iZa+ttasoZx5F3vOyTZaylD69oC0iuEID6DtFrcnRjguFxTCyEWzgSiUlKtjJXxAgNgxCwmtX8aEKKZwgo= Received: from DBBPR09CA0040.eurprd09.prod.outlook.com (2603:10a6:10:d4::28) by AM6PR08MB3464.eurprd08.prod.outlook.com (2603:10a6:20b:43::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Wed, 21 Jul 2021 03:40:54 +0000 Received: from DB5EUR03FT017.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:d4:cafe::ef) by DBBPR09CA0040.outlook.office365.com (2603:10a6:10:d4::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend Transport; Wed, 21 Jul 2021 03:40:54 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT017.mail.protection.outlook.com (10.152.20.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.24 via Frontend Transport; Wed, 21 Jul 2021 03:40:54 +0000 Received: ("Tessian outbound b269bca6e298:v99"); Wed, 21 Jul 2021 03:40:54 +0000 X-CR-MTA-TID: 64aa7808 Received: from d12dd22a027b.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 59479915-7D46-4E67-B654-CC063F28F0D7.1; Wed, 21 Jul 2021 03:40:44 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d12dd22a027b.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 21 Jul 2021 03:40:44 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B337mLChjUFLRFRBHYTe+BXv+njfH0oa9QC391aqWWPhAI9FlnOiDel/VAbl1N8D3H9UBxymsQWYTPEMUYsEWcesh1sdkbs1rkzQBtdSctgeSYTTgzr5L1ALSYQNEqpoLE+BCK7ah16hofPhRnPzaDfazAlLXIp9wRVIvKaDlCiOBIA5XqNHwdNZkmbIyTWJdzSFUBjyh4sNGdO/4L/LjovE7pnTQIGLSIS6phmjOQlF7QSTi4S8F6/rrKrTtR+BxsQR2GbcJWN81IRGzMP3ABSD5daHKg6zypwSZeEWrQNsbf1FYsVtWNiI7JtB0gorQxeAbEjtUc7moAoDPZVu6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t3AiZH3rDVYKUKGhdfbzUbblnW0++ix93Zqj6Jkzp9Y=; b=BizBAyKINl/6GZA6mtPR81JahwewDIpk9C0BhKVFkFpXiZYMaSUpyc7zmUPTHxiAuktiUE5BC1OK58YyxquABsWsnxoc5SFBril5po/WJ4G/ilS6hTxFxlHGmyjLPpHUeDaVIMJRiO+4jAXJNQ4oIAJ10ebCrp0PVMYrFL8hPq1zVRNieuHzwyDq+qnOzi+55BXJ7RvRkw1mgWDDECnb+fLf1nZ4aeNZrqwrqB/XTU4HR17v1HhTRF/TdZ2hgkUN+vNmZF2rAJ6TPRl+ZZOWnjKhUq4NjlPjL5jdmips0R/m8OqzX6+IeVh3skARtxYO3oCwhsuaJkCjrRUfIxE+Xg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t3AiZH3rDVYKUKGhdfbzUbblnW0++ix93Zqj6Jkzp9Y=; b=g4j9K+yGKK48gda+crgj0QceC6WQDE2TBM2Y1id+Uwv2czKND0ggN/SDWGOe9Wy96+vZcwUytzCBDIbvzAB45aWv/iZa+ttasoZx5F3vOyTZaylD69oC0iuEID6DtFrcnRjguFxTCyEWzgSiUlKtjJXxAgNgxCwmtX8aEKKZwgo= Received: from DB8PR08MB3993.eurprd08.prod.outlook.com (2603:10a6:10:ad::26) by DB9PR08MB6379.eurprd08.prod.outlook.com (2603:10a6:10:261::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.26; Wed, 21 Jul 2021 03:40:42 +0000 Received: from DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::14b0:85d6:deeb:9ee0]) by DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::14b0:85d6:deeb:9ee0%7]) with mapi id 15.20.4331.034; Wed, 21 Jul 2021 03:40:41 +0000 From: "Sunny Wang" To: Samer El-Haj-Mahmoud , "devel@edk2.groups.io" , "gjb@semihalf.com" , Ard Biesheuvel , "gaoliming@byosoft.com.cn" , "ray.ni@intel.com" CC: "leif@nuviainc.com" , "mw@semihalf.com" , "upstream@semihalf.com" , "jiewen.yao@intel.com" , "jian.j.wang@intel.com" , "min.m.xu@intel.com" , "lersek@redhat.com" , Sami Mujawar , "afish@apple.com" , "jordan.l.justen@intel.com" , "rebecca@bsdio.com" , "grehan@freebsd.org" , Thomas Abraham , "chasel.chiu@intel.com" , "nathaniel.l.desimone@intel.com" , "eric.dong@intel.com" , "michael.d.kinney@intel.com" , "zailiang.sun@intel.com" , "yi.qian@intel.com" , "graeme@nuviainc.com" , "rad@semihalf.com" , "pete@akeo.ie" , Sunny Wang Subject: Re: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys Thread-Topic: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys Thread-Index: AQHXeKwDpshgUcb39EeA61y2sVnZXKtFgu8AgAdG/TA= Date: Wed, 21 Jul 2021 03:40:41 +0000 Message-ID: References: <20210714122952.1340890-1-gjb@semihalf.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 533EFB413578AF4AB5E123457F034482.0 x-checkrecipientchecked: true Authentication-Results-Original: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: e539814d-45a2-4251-5209-08d94bf95810 x-ms-traffictypediagnostic: DB9PR08MB6379:|AM6PR08MB3464: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: iagOMc3D/hMQrpm9XMOIuktpXXUc3aGmcau7lFoMXFq+JzmPRvhLrYmhmZ7iEkxGYq4sZX/1Rz1iO4ctP7GzjTn//w7+JpP5NPVkN8CX7irNqBvE2PcyvH9IeM+N2RKaMH+V5jjnUheMXNzodURjxXZ1qKnhFHJOkRdK8xelYnhmKOHWi+z41Oa0ZIoN2zBX7FmPYCv8wxGyypodQAoIdkbbKiQL+G+89gsVDtrJyPJZeLEH0V2swagadPU3LlPsVKQ48lwmxNV0rL37XKipAGs+OaSleMk88LTtB8OYSp6mhOBgJcYeD1XwdtZIt2c0JhQ6AG19WzcgwDB2+eGBo7WqJ1DmDHp6cDeGBQ+i5OPKyingJdPVXHvvtMx2pgUeCZfmrSTQYfHA3cyt6YqYJPPt5JSU72jfFP6ujnNuOHqhkQ0NjS1FC/VlxSr5+7J07tywQJbBLd2/hRwjo+/j+ARiDRTIDtdpL3JUMWAoD1lUripYFLIcVoUUvCIyQVQZSQiWnL0VxibOy46mZxBsI9VQATHza1GOnl91tP4uXWlIp8NJXe/1yx6hQyPpHJgIhJYhFpQjvKlslAQ8Xo56E0GYRalc/aTpvInZ5I8+5Df2zPxSC/TiOwPjqhhMAtdLmXId0WwNZJOQ8fCgHyDaHFm2NVLiJDpZxcV0pRJMqkU8/lVFnX6ojyCWm9Vk5R7PCvQMNGCNngKFza2qafeygryp1YHFVUG2ks5feTSjNKucpA6F3K2EPPIqNDkJdRDCKyJcnl6Np/qyNiZ2MzHgFsBEicChKozjSD98Q97mg0zoe3Mr7+Yf0BP+YgETja1IxplVpDH4l4vNw+dbhVfbtQ== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR08MB3993.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(39850400004)(136003)(376002)(346002)(396003)(4326008)(71200400001)(316002)(38100700002)(7416002)(110136005)(966005)(54906003)(5660300002)(55016002)(66946007)(122000001)(33656002)(83380400001)(9686003)(86362001)(26005)(76116006)(19627235002)(478600001)(7696005)(53546011)(6506007)(52536014)(8676002)(186003)(8936002)(66556008)(2906002)(64756008)(66476007)(66446008)(38070700004);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?/t/chEnbpt+x+Ms/ACjTq2GY6VI/bSgwhjGGxb0tMYXCluBEo+18rSQ7SJG5?= =?us-ascii?Q?5BgKJyXZAfzBPrtGpwrmMBBfZtpFICPW7JFEmkrZUVvWDwoBZjdRVt/FZbGx?= =?us-ascii?Q?ihaS7/O6AZ1KPUpCssxHY93Vpc38lEs9kofVMqapYqIkiCMfEX4VyGOY5dOj?= =?us-ascii?Q?lM5JtOz8dUqzknRpBCpImc0ulSX5Eoa1tjVQvbQOccGCTKokZ1EcMNm0mySk?= =?us-ascii?Q?aAZuC3ivH2+iRtgyapP1nuhJhQCJ7GafY86XWkSYxN3LhhpNyMQZYQZ6e0N9?= =?us-ascii?Q?7mhi5xqt68fpC+A+lWs37afyEl2OFxYUqS0otkv+WUNmF182lZVkFTzm44Fs?= =?us-ascii?Q?ii5OTuYUQI1E+9TGXjCdiT5ROaH2DUmQQ8fVzUV1TenaVs8Y7vtf1CSfUb/a?= =?us-ascii?Q?RIE/+Ld6HjPnKjQIeVReGfA0h0XW2dhT06vyT5no9K0oSEM5ym1Ezebo03OP?= =?us-ascii?Q?laEH0VOzFF08OcQC6h8sxmhYtf0QDohsp7EmttikCH413G528e1vXBm/7i63?= =?us-ascii?Q?4Mk3zZUt4ZNY1sFOLojtLxlJuqaLgBEAJ2kLsy8QiPXaBDmpRCWeBPW0BOF7?= =?us-ascii?Q?ROriox+dAMIYHd3owYQNI4kVcflWQ2EpPKNyx5rQhbAYlrPMwRkE+cJSQOh5?= =?us-ascii?Q?Rj3Pgnfo57EmMssZU93hRvxYNXlEN6pPKG2fu+/uq2gYXXWhxun/JmrTMTDl?= =?us-ascii?Q?C5nrmOacTUaWdHjXtzk1q6BWjHE1UNhjViPa/YFjedz5Edy64kK6NnwDVUFz?= =?us-ascii?Q?xdyxZ3oD7De7/jo3BoK8iDxy/KjYgvoP+6ddOnYXVuc/0BpKBiNCfFEzLnYS?= =?us-ascii?Q?4cBzqe0ySo99RDpOjqoIGOhVPFcKSMmDAY6z5uXzdR850+nvSnWVLyyjfwXP?= =?us-ascii?Q?hUilzHlpB8Nhvkxnkz7R55h8z39r7AZgFQH8I49rckBOYqb6FARAGJ8g+vS7?= =?us-ascii?Q?xy9nN8+2+vEkWqydzv9HgSznPA4TyXxIfFhBIlaGay+EWvSkJhyfmBgswTI6?= =?us-ascii?Q?9R4kyKhQq48IZ5AAV9FqmLfHNOFTPiZfAdm4KPpzxGwtq2UDUpcnq5GOCs0S?= =?us-ascii?Q?GSuyvCP0wojmoyGn1OZEIY6SXFxMixlg3qcxE1bpMazLvIzOhRK2ZSItLijM?= =?us-ascii?Q?h+21XA4wsv4Gn9uxof0hwNL2W1TcDsVaMv+AsTGWUWExZ0o0dobnHNtAcLz+?= =?us-ascii?Q?CxmE0mdjpI88C7Dd1W0da1nthihV3WKRcZJ46a5kddqJxdlxp5KGCyTEruQk?= =?us-ascii?Q?HmFGJuh0WEwb0d4embWEn9sCF0jf/uRtwgW3PxXpeB5eznVuKKuUtFrTrwSF?= =?us-ascii?Q?yQM=3D?= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6379 Original-Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Return-Path: Sunny.Wang@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT017.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 458c5508-155b-4691-19bf-08d94bf9508c X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CK+8eh9TIskF1pPnfNEDShAi3kwsiI1zl5uXw935CFHzM9hP/nGgoJNTgyh5XX1MbNCCNqnA1q2XESw1FoRyaYQQ715n4ZgbM6Q4eumpmWnjAqvkpnaFgkuoof5d68/4SQrI7lRYh6Q7ztP3+pfbsuLGMVGMzEglZzovUd45J3SSqdkqRdQpUEOCF/U+SHqszSkvjVMpZAqhAoTH6gec22vwUhl4QtLUoJvPITqaU+/WMqwh//nqs1jjeiDSqcunXWivYBj2H2oCOkyk4fu3IRQzjS1KJn1nL+NUIovT3w7OTGP/HCBJwqP576MjkHxnu5pc766pdXBdG7O9nlx6i1G00syNx+kHSIhDYgxef8IuRBjWlme7tXhkejwu6ZFg9zZ/0u9Oyzpoq9mA8d4mNrIvjmLuwISrWs5fOjKMNmiK/0ddVsJg24aVAgk+ngGGpXAMv2G2myHrgi5QM/0wYIx6xoYR2qf/mJjda5L5m6DjxCfv0snl6CSHDr5rOwgAWzPeQxjZ2uSs9ZuqZqm9zpYy+7q3RNqL4v2BO4CutsPGY7ZQnSG2Cz3uLTifCV/zLb5RmledtOltW0HYT+kb15nlGQVzTZyrhSkKSFHevK2Mdw2eaMq2SIuKuqukhfqTJyU99bmlqoSyM7vshzsHq9adTSNv0JpZdZ6SFJ+/ElAMnVLc+KPeyUsWv+/3pWwA08aOYdtIO5RBVTRiVhFbCjfRuQAhHk2xIvcs7mUXpRoahSVW28UnKzhCTshLnSkJts5Vkp2zpE5v7yBP7naHQVZ3cMrOXgYEgg5CaGdG+R4eNjPbZ4jlN2o2iPlevJyo01Ccq1Or2wfqSSnLXTEK9w== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(39850400004)(376002)(346002)(136003)(396003)(46966006)(36840700001)(5660300002)(86362001)(2906002)(70206006)(82310400003)(336012)(52536014)(70586007)(8676002)(478600001)(6506007)(316002)(54906003)(356005)(4326008)(83380400001)(110136005)(53546011)(9686003)(966005)(186003)(47076005)(36860700001)(33656002)(8936002)(55016002)(26005)(7696005)(19627235002)(82740400003)(81166007)(30864003);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jul 2021 03:40:54.5960 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e539814d-45a2-4251-5209-08d94bf95810 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT017.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3464 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Ard, Liming, Ray, Thanks for your review for ArmVirtPkg, ArmPlatformPkg, an= d EmulatorPkg patches. As for the patch for Intel Platforms below, it is in another series for ed= k2-platforms. - [edk2-platforms PATCH v6 1/4] Intel Platforms: add SecureBootVariab= leLib class resolution https://edk2.groups.io/g/devel/message/77781 Therefore, I think this series already got all the necessary Reviewed-By a= nd Acked-By of all parts and is ready to be pushed now. Best Regards, Sunny Wang -----Original Message----- From: Samer El-Haj-Mahmoud Sent: Friday, July 16, 2021 8:00 PM To: devel@edk2.groups.io; gjb@semihalf.com Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Sunny Wang ; mw@semihalf.com; upstream@semihalf.com; jiewen.yao@intel.com; jian= .j.wang@intel.com; min.m.xu@intel.com; lersek@redhat.com; Sami Mujawar ; afish@apple.com; ray.ni@intel.com; jordan.l.justen@inte= l.com; rebecca@bsdio.com; grehan@freebsd.org; Thomas Abraham ; chasel.chiu@intel.com; nathaniel.l.desimone@intel.com; gaolimin= g@byosoft.com.cn; eric.dong@intel.com; michael.d.kinney@intel.com; zailiang= .sun@intel.com; yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; p= ete@akeo.ie; Samer El-Haj-Mahmoud Subject: RE: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys The v6 of this series seems to have all the necessary Reviewed-By (and som= e Tested-By) of all parts, except the following platform specific parts. Co= uld we get help from maintainers to review these please? Much appreciated! - ArmVirtPkg : https://edk2.groups.io/g/devel/message/77772 - ArmPlatformPkg: https://edk2.groups.io/g/devel/message/77775 - EmulatorPkg: https://edk2.groups.io/g/devel/message/77773 - Intel Platforms (Platform/Intel/QuarkPlatformPkg, Platform/Intel/MinPlat= formPkg, Platform/Intel/Vlv2TbltDevicePkg): https://edk2.groups.io/g/devel/= message/77781 Thanks, --Samer > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of > Grzegorz Bernacki via groups.io > Sent: Wednesday, July 14, 2021 8:30 AM > To: devel@edk2.groups.io > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud > ; Sunny Wang > ; mw@semihalf.com; upstream@semihalf.com; > jiewen.yao@intel.com; jian.j.wang@intel.com; min.m.xu@intel.com; > lersek@redhat.com; Sami Mujawar ; > afish@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com; > rebecca@bsdio.com; grehan@freebsd.org; Thomas Abraham > ; chasel.chiu@intel.com; > nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn; > eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com; > yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; > pete@akeo.ie; Grzegorz Bernacki > Subject: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys > > This patchset adds support for initialization of default > Secure Boot variables based on keys content embedded in > flash binary. This feature is active only if Secure Boot > is enabled and DEFAULT_KEY is defined. The patchset > consist also application to enroll keys from default > variables and secure boot menu change to allow user > to reset key content to default values. > Discussion on design can be found at: > https://edk2.groups.io/g/rfc/topic/82139806#600 > > Built with: > GCC > - RISC-V (U500, U540) [requires fixes in dsc to build] > - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg, > EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32)) > - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4) > > RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be = built, > will be post on edk2 maillist later > > VS2019 > - Intel (OvmfPkgX64) > > Test with: > GCC5/RPi4 > VS2019/OvmfX64 (requires changes to enable feature) > > Tests: > 1. Try to enroll key in incorrect format. > 2. Enroll with only PKDefault keys specified. > 3. Enroll with all keys specified. > 4. Enroll when keys are enrolled. > 5. Reset keys values. > 6. Running signed & unsigned app after enrollment. > > Changes since v1: > - change names: > SecBootVariableLib =3D> SecureBootVariableLib > SecBootDefaultKeysDxe =3D> SecureBootDefaultKeysDxe > SecEnrollDefaultKeysApp =3D> EnrollFromDefaultKeysApp > - change name of function CheckSetupMode to GetSetupMode > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > - rebase to master > > Changes since v2: > - fix coding style for functions headers in SecureBootVariableLib.h > - add header to SecureBootDefaultKeys.fdf.inc > - remove empty line spaces in SecureBootDefaultKeysDxe files > - revert FAIL macro in EnrollFromDefaultKeysApp > - remove functions duplicates and add SecureBootVariableLib > to platforms which used it > > Changes since v3: > - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg > - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib > - fix typo in guid description > > Changes since v4: > - reorder patches to make it bisectable > - split commits related to more than one platform > - move edk2-platform commits to separate patchset > > Changes since v5: > - split SecureBootVariableLib into SecureBootVariableLib and > SecureBootVariableProvisionLib > > Grzegorz Bernacki (11): > SecurityPkg: Create SecureBootVariableLib. > SecurityPkg: Create library for enrolling Secure Boot variables. > ArmVirtPkg: add SecureBootVariableLib class resolution > OvmfPkg: add SecureBootVariableLib class resolution > EmulatorPkg: add SecureBootVariableLib class resolution > SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. > ArmPlatformPkg: Create include file for default key content. > SecurityPkg: Add SecureBootDefaultKeysDxe driver > SecurityPkg: Add EnrollFromDefaultKeys application. > SecurityPkg: Add new modules to Security package. > SecurityPkg: Add option to reset secure boot keys. > > SecurityPkg/SecurityPkg.dec = | 14 + > ArmVirtPkg/ArmVirt.dsc.inc = | 2 + > EmulatorPkg/EmulatorPkg.dsc = | 2 + > OvmfPkg/Bhyve/BhyveX64.dsc = | 2 + > OvmfPkg/OvmfPkgIa32.dsc = | 2 + > OvmfPkg/OvmfPkgIa32X64.dsc = | 2 + > OvmfPkg/OvmfPkgX64.dsc = | 2 + > SecurityPkg/SecurityPkg.dsc = | 5 + > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > | 48 ++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > | 80 +++ > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.inf | 80 +++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > gDxe.inf | 3 + > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.inf | 46 ++ > SecurityPkg/Include/Library/SecureBootVariableLib.h = | 153 > ++++++ > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > | 134 +++++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > gNvData.h | 2 + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > g.vfr | 6 + > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > | 110 +++++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > | 511 ++++++++++++++++++++ > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.c | 491 +++++++++++++++++++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > gImpl.c | 344 ++++++------- > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.c | 69 +++ > ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc = | 70 > +++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > | 17 + > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.uni | 16 + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > gStrings.uni | 4 + > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.uni | 16 + > 27 files changed, 2043 insertions(+), 188 deletions(-) > create mode 100644 > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > create mode 100644 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.inf > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.inf > create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h > create mode 100644 > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > create mode 100644 > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > create mode 100644 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.c > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.c > create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > create mode 100644 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.uni > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.uni > > -- > 2.25.1 > > > >=20 > IMPORTANT NOTICE: The contents of this email and any attachments are confi= dential and may also be privileged. If you are not the intended recipient, = please notify the sender immediately and do not disclose the contents to an= y other person, use it for any purpose, or store or copy the information in= any medium. Thank you.