[edk2-platforms PATCH v5 0/4] Secure Boot default keys

[edk2-platforms PATCH v5 0/4] Secure Boot default keys

[Grzegorz Bernacki]

This patchset is a consequence of "Secure Boot default keys"
patchset in edk2. It adds SecureBootVariableLib class resolution
for each platform which uses SecureBootConfigDxe and also
enables Secure Boot variables initialization for RPi4.
Previously these commits were part of edk2 patchset, but since 
number of commits increased in v5 version, it is now separate
patchset.

Changes related to both edk2 & edk-platform versions:
Changes since v1:                                                                                                                                   
- change names:                                                                                                                             
  SecBootVariableLib => SecureBootVariableLib                                                                                                                              
  SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe                                                                                                                        
  SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp                                                                                                                      
- change name of function CheckSetupMode to GetSetupMode                                                                                                                   
- remove ShellPkg dependecy from EnrollFromDefaultKeysApp                                                                                                                  
- rebase to master                                                                                                                                      

Changes since v2:                                                                                                                                   
- fix coding style for functions headers in SecureBootVariableLib.h                                                                                                        
- add header to SecureBootDefaultKeys.fdf.inc                                                                                                                              
- remove empty line spaces in SecureBootDefaultKeysDxe files                                                                                                               
- revert FAIL macro in EnrollFromDefaultKeysApp                                                                                                                            
- remove functions duplicates and  add SecureBootVariableLib                                                                                                               
  to platforms which used it                                                                                                                                               

Changes since v3:
- move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg
- leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib
- fix typo in guid description

Changes since v4:
- reorder patches to make it bisectable
- split commits related to more than one platform
- move edk2-platform commits to separate patchset

Grzegorz Bernacki (4):
  Intel Platforms: add SecureBootVariableLib class resolution
  ARM Silicon and Platforms: add SecureBootVariableLib class resolution
  RISC-V Platforms: add SecureBootVariableLib class resolution
  Platform/RaspberryPi: Enable default Secure Boot variables
    initialization

 Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc                         | 1 +
 Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc          | 1 +
 Platform/Intel/QuarkPlatformPkg/Quark.dsc                            | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc                 | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc                  | 3 ++-
 Platform/Qemu/SbsaQemu/SbsaQemu.dsc                                  | 1 +
 Platform/RaspberryPi/RPi3/RPi3.dsc                                   | 1 +
 Platform/RaspberryPi/RPi4/RPi4.dsc                                   | 4 ++++
 Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc           | 1 +
 Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc | 1 +
 Platform/Socionext/DeveloperBox/DeveloperBox.dsc                     | 4 ++++
 Platform/RaspberryPi/RPi4/RPi4.fdf                                   | 2 ++
 12 files changed, 20 insertions(+), 1 deletion(-)

-- 
2.25.1

[edk2-platforms PATCH v5 1/4] Intel Platforms: add SecureBootVariableLib class resolution

[Grzegorz Bernacki]

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each Intel platform which uses SecureBootConfigDxe.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
---
 Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc | 1 +
 Platform/Intel/QuarkPlatformPkg/Quark.dsc                   | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc        | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc         | 3 ++-
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
index b154f9615d..5157c87a9a 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
@@ -139,6 +139,7 @@
 
 !if gMinPlatformPkgTokenSpaceGuid.PcdUefiSecureBootEnable == TRUE
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !endif
 
   SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
diff --git a/Platform/Intel/QuarkPlatformPkg/Quark.dsc b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
index cc1eba4df4..35f99429f7 100644
--- a/Platform/Intel/QuarkPlatformPkg/Quark.dsc
+++ b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
@@ -175,6 +175,7 @@
 !if $(SECURE_BOOT_ENABLE)
   PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index d15da40819..5a0d3e31e1 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -227,6 +227,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 4a5548b80e..36a5ae333c 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -1,4 +1,4 @@
-#/** @file
+e
 # Platform description.
 #
 # Copyright (c) 2012  - 2021, Intel Corporation. All rights reserved.<BR>
@@ -229,6 +229,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
-- 
2.25.1

[edk2-platforms PATCH v5 2/4] ARM Silicon and Platforms: add SecureBootVariableLib class resolution

[Grzegorz Bernacki]

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each ARM platform which uses SecureBootConfigDxe.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Graeme Gregory <graeme@nuviainc.com> #SbsaQemu
---
 Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc     | 1 +
 Platform/Qemu/SbsaQemu/SbsaQemu.dsc              | 1 +
 Platform/RaspberryPi/RPi3/RPi3.dsc               | 1 +
 Platform/RaspberryPi/RPi4/RPi4.dsc               | 1 +
 Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 4 ++++
 5 files changed, 8 insertions(+)

diff --git a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
index fee7cfcc2d..60fdb244ba 100644
--- a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
+++ b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
@@ -129,6 +129,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 
   # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
index 11ce361cdb..b1c4030ec9 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
@@ -156,6 +156,7 @@ DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
   #
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 
   # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
diff --git a/Platform/RaspberryPi/RPi3/RPi3.dsc b/Platform/RaspberryPi/RPi3/RPi3.dsc
index 53825bcf62..73f7f2f8c3 100644
--- a/Platform/RaspberryPi/RPi3/RPi3.dsc
+++ b/Platform/RaspberryPi/RPi3/RPi3.dsc
@@ -167,6 +167,7 @@
 
   # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc
index fd73c4d14b..d38fee8fb8 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.dsc
+++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
@@ -164,6 +164,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 
   # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
diff --git a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
index 88454c1f90..41b7c3bced 100644
--- a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
+++ b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
@@ -52,6 +52,10 @@
 
   MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
 
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+!endif
+
 [LibraryClasses.common.SEC]
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
   BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
-- 
2.25.1

[edk2-platforms PATCH v5 3/4] RISC-V Platforms: add SecureBootVariableLib class resolution

[Grzegorz Bernacki]

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each RICS-V platform which uses SecureBootConfigDxe.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Abner Chang <abner.chang@hpe.com>
Reviewed-by: Daniel Schaefer <daniel.schaefer@hpe.com>
---
 Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc           | 1 +
 Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc b/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
index b91823ceeb..fc5ba2a07f 100644
--- a/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
+++ b/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
@@ -122,6 +122,7 @@
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
diff --git a/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc b/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
index 0eafe29880..71add8ff9a 100644
--- a/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
+++ b/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
@@ -122,6 +122,7 @@
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
-- 
2.25.1

[edk2-platforms PATCH v5 4/4] Platform/RaspberryPi: Enable default Secure Boot variables initialization

[Grzegorz Bernacki]

This commit allows to initialize Secure Boot default key
and databases from data embedded in firmware binary.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
Tested-by: Pete Batard <pete@akeo.ie> on Raspberry Pi 4
---
 Platform/RaspberryPi/RPi4/RPi4.dsc | 3 +++
 Platform/RaspberryPi/RPi4/RPi4.fdf | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc
index d38fee8fb8..54bb282ff2 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.dsc
+++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
@@ -218,6 +218,7 @@
   MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
   HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
+  ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
 
 [LibraryClasses.common.UEFI_DRIVER]
@@ -621,6 +622,8 @@
       NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
   }
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
+  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 !else
   MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
 !endif
diff --git a/Platform/RaspberryPi/RPi4/RPi4.fdf b/Platform/RaspberryPi/RPi4/RPi4.fdf
index 1e13909a57..8508065a77 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.fdf
+++ b/Platform/RaspberryPi/RPi4/RPi4.fdf
@@ -189,7 +189,9 @@ READ_LOCK_STATUS   = TRUE
   INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
   INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 !if $(SECURE_BOOT_ENABLE) == TRUE
+!include ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
   INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+  INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
 !endif
   INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
   INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
-- 
2.25.1

Re: [edk2-platforms PATCH v5 3/4] RISC-V Platforms: add SecureBootVariableLib class resolution

[Abner Chang]

Hi Grzegorz,
Was the entire series of patches got reviewed-by?

Regards,
Abner

> -----Original Message-----
> From: Grzegorz Bernacki [mailto:gjb@semihalf.com]
> Sent: Thursday, July 1, 2021 5:21 PM
> To: devel@edk2.groups.io
> Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj-
> Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com;
> upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com;
> min.m.xu@intel.com; lersek@redhat.com; sami.mujawar@arm.com;
> afish@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com;
> rebecca@bsdio.com; grehan@freebsd.org; thomas.abraham@arm.com;
> chasel.chiu@intel.com; nathaniel.l.desimone@intel.com;
> gaoliming@byosoft.com.cn; eric.dong@intel.com;
> michael.d.kinney@intel.com; zailiang.sun@intel.com; yi.qian@intel.com;
> graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Grzegorz
> Bernacki <gjb@semihalf.com>; Chang, Abner (HPS SW/FW Technologist)
> <abner.chang@hpe.com>; Schaefer, Daniel <daniel.schaefer@hpe.com>
> Subject: [edk2-platforms PATCH v5 3/4] RISC-V Platforms: add
> SecureBootVariableLib class resolution
> 
> The edk2 patch
>   SecurityPkg: Create library for setting Secure Boot variables.
> 
> removes generic functions from SecureBootConfigDxe and places
> them into SecureBootVariableLib. This patch adds SecureBootVariableLib
> mapping for each RICS-V platform which uses SecureBootConfigDxe.
> 
> Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
> Reviewed-by: Abner Chang <abner.chang@hpe.com>
> Reviewed-by: Daniel Schaefer <daniel.schaefer@hpe.com>
> ---
>  Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc           | 1 +
> 
> Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
> | 1 +
>  2 files changed, 2 insertions(+)
> 
> diff --git a/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
> b/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
> index b91823ceeb..fc5ba2a07f 100644
> --- a/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
> +++ b/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
> @@ -122,6 +122,7 @@
>    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> 
> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTp
> mMeasurementLib.inf
>    AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureB
> ootVariableLib.inf
>  !else
> 
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tp
> mMeasurementLibNull.inf
> 
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableL
> ibNull.inf
> diff --git
> a/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.d
> sc
> b/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.
> dsc
> index 0eafe29880..71add8ff9a 100644
> ---
> a/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.d
> sc
> +++
> b/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.
> dsc
> @@ -122,6 +122,7 @@
>    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> 
> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTp
> mMeasurementLib.inf
>    AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureB
> ootVariableLib.inf
>  !else
> 
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tp
> mMeasurementLibNull.inf
> 
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableL
> ibNull.inf
> --
> 2.25.1

Re: [edk2-platforms PATCH v5 3/4] RISC-V Platforms: add SecureBootVariableLib class resolution

[Grzegorz Bernacki]

Hi,

No, not yet.
Thanks,
Grzegorz

pt., 2 lip 2021 o 06:12 Chang, Abner (HPS SW/FW Technologist)
<abner.chang@hpe.com> napisał(a):
>
> Hi Grzegorz,
> Was the entire series of patches got reviewed-by?
>
> Regards,
> Abner
>
> > -----Original Message-----
> > From: Grzegorz Bernacki [mailto:gjb@semihalf.com]
> > Sent: Thursday, July 1, 2021 5:21 PM
> > To: devel@edk2.groups.io
> > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj-
> > Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com;
> > upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com;
> > min.m.xu@intel.com; lersek@redhat.com; sami.mujawar@arm.com;
> > afish@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com;
> > rebecca@bsdio.com; grehan@freebsd.org; thomas.abraham@arm.com;
> > chasel.chiu@intel.com; nathaniel.l.desimone@intel.com;
> > gaoliming@byosoft.com.cn; eric.dong@intel.com;
> > michael.d.kinney@intel.com; zailiang.sun@intel.com; yi.qian@intel.com;
> > graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Grzegorz
> > Bernacki <gjb@semihalf.com>; Chang, Abner (HPS SW/FW Technologist)
> > <abner.chang@hpe.com>; Schaefer, Daniel <daniel.schaefer@hpe.com>
> > Subject: [edk2-platforms PATCH v5 3/4] RISC-V Platforms: add
> > SecureBootVariableLib class resolution
> >
> > The edk2 patch
> >   SecurityPkg: Create library for setting Secure Boot variables.
> >
> > removes generic functions from SecureBootConfigDxe and places
> > them into SecureBootVariableLib. This patch adds SecureBootVariableLib
> > mapping for each RICS-V platform which uses SecureBootConfigDxe.
> >
> > Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
> > Reviewed-by: Abner Chang <abner.chang@hpe.com>
> > Reviewed-by: Daniel Schaefer <daniel.schaefer@hpe.com>
> > ---
> >  Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc           | 1 +
> >
> > Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
> > | 1 +
> >  2 files changed, 2 insertions(+)
> >
> > diff --git a/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
> > b/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
> > index b91823ceeb..fc5ba2a07f 100644
> > --- a/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
> > +++ b/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
> > @@ -122,6 +122,7 @@
> >    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> >
> > TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTp
> > mMeasurementLib.inf
> >    AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> > +
> > SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureB
> > ootVariableLib.inf
> >  !else
> >
> > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tp
> > mMeasurementLibNull.inf
> >
> > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableL
> > ibNull.inf
> > diff --git
> > a/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.d
> > sc
> > b/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.
> > dsc
> > index 0eafe29880..71add8ff9a 100644
> > ---
> > a/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.d
> > sc
> > +++
> > b/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.
> > dsc
> > @@ -122,6 +122,7 @@
> >    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> >
> > TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTp
> > mMeasurementLib.inf
> >    AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> > +
> > SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureB
> > ootVariableLib.inf
> >  !else
> >
> > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tp
> > mMeasurementLibNull.inf
> >
> > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableL
> > ibNull.inf
> > --
> > 2.25.1
>

Re: [edk2-devel] [edk2-platforms PATCH v5 2/4] ARM Silicon and Platforms: add SecureBootVariableLib class resolution

[Sami Mujawar]

[-- Attachment #1: Type: text/plain, Size: 176 bytes --]

Hi Grzegorz,

Thank you for this patch.

For: Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc

Reviewed by: Sami Mujawar <sami.mujawar@arm.com>

Regards,

Sami Mujawar

[-- Attachment #2: Type: text/html, Size: 223 bytes --]

Re: [edk2-platforms PATCH v5 1/4] Intel Platforms: add SecureBootVariableLib class resolution

[Sunny Wang]

Looks good to me.
Reviewed-by: Sunny Wang <sunny.wang@arm.com>

-----Original Message-----
From: Grzegorz Bernacki <gjb@semihalf.com>
Sent: Thursday, July 1, 2021 5:21 PM
To: devel@edk2.groups.io
Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>; Sunny Wang <Sunny.Wang@arm.com>; mw@semihalf.com; upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com; min.m.xu@intel.com; lersek@redhat.com; Sami Mujawar <Sami.Mujawar@arm.com>; afish@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com; rebecca@bsdio.com; grehan@freebsd.org; Thomas Abraham <thomas.abraham@arm.com>; chasel.chiu@intel.com; nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn; eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com; yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Grzegorz Bernacki <gjb@semihalf.com>
Subject: [edk2-platforms PATCH v5 1/4] Intel Platforms: add SecureBootVariableLib class resolution

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each Intel platform which uses SecureBootConfigDxe.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
---
 Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc | 1 +
 Platform/Intel/QuarkPlatformPkg/Quark.dsc                   | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc        | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc         | 3 ++-
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
index b154f9615d..5157c87a9a 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
@@ -139,6 +139,7 @@

 !if gMinPlatformPkgTokenSpaceGuid.PcdUefiSecureBootEnable == TRUE
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !endif

   SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
diff --git a/Platform/Intel/QuarkPlatformPkg/Quark.dsc b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
index cc1eba4df4..35f99429f7 100644
--- a/Platform/Intel/QuarkPlatformPkg/Quark.dsc
+++ b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
@@ -175,6 +175,7 @@
 !if $(SECURE_BOOT_ENABLE)
   PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index d15da40819..5a0d3e31e1 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -227,6 +227,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 4a5548b80e..36a5ae333c 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -1,4 +1,4 @@
-#/** @file
+e
 # Platform description.
 #
 # Copyright (c) 2012  - 2021, Intel Corporation. All rights reserved.<BR>
@@ -229,6 +229,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
--
2.25.1

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Re: [edk2-platforms PATCH v5 0/4] Secure Boot default keys

[Sunny Wang]

[-- Attachment #1: Type: text/plain, Size: 4355 bytes --]

Reviewed whole series.
Reviewed-by: Sunny Wang <sunny.wang@arm.com>

We still need Intel platforms' maintainers to review the patch below. All other patches (for ARM, RISC-V, and QEMU platforms) were already reviewed by maintainers.
    - [edk2-platforms PATCH v5 1/4] Intel Platforms: add SecureBootVariableLib class resolution

Best Regards,
Sunny Wang

-----Original Message-----
From: Grzegorz Bernacki <gjb@semihalf.com>
Sent: Thursday, July 1, 2021 5:21 PM
To: devel@edk2.groups.io
Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>; Sunny Wang <Sunny.Wang@arm.com>; mw@semihalf.com; upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com; min.m.xu@intel.com; lersek@redhat.com; Sami Mujawar <Sami.Mujawar@arm.com>; afish@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com; rebecca@bsdio.com; grehan@freebsd.org; Thomas Abraham <thomas.abraham@arm.com>; chasel.chiu@intel.com; nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn; eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com; yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Grzegorz Bernacki <gjb@semihalf.com>
Subject: [edk2-platforms PATCH v5 0/4] Secure Boot default keys

This patchset is a consequence of "Secure Boot default keys"
patchset in edk2. It adds SecureBootVariableLib class resolution
for each platform which uses SecureBootConfigDxe and also
enables Secure Boot variables initialization for RPi4.
Previously these commits were part of edk2 patchset, but since
number of commits increased in v5 version, it is now separate
patchset.

Changes related to both edk2 & edk-platform versions:
Changes since v1:
- change names:
  SecBootVariableLib => SecureBootVariableLib
  SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe
  SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp
- change name of function CheckSetupMode to GetSetupMode
- remove ShellPkg dependecy from EnrollFromDefaultKeysApp
- rebase to master

Changes since v2:
- fix coding style for functions headers in SecureBootVariableLib.h
- add header to SecureBootDefaultKeys.fdf.inc
- remove empty line spaces in SecureBootDefaultKeysDxe files
- revert FAIL macro in EnrollFromDefaultKeysApp
- remove functions duplicates and  add SecureBootVariableLib
  to platforms which used it

Changes since v3:
- move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg
- leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib
- fix typo in guid description

Changes since v4:
- reorder patches to make it bisectable
- split commits related to more than one platform
- move edk2-platform commits to separate patchset

Grzegorz Bernacki (4):
  Intel Platforms: add SecureBootVariableLib class resolution
  ARM Silicon and Platforms: add SecureBootVariableLib class resolution
  RISC-V Platforms: add SecureBootVariableLib class resolution
  Platform/RaspberryPi: Enable default Secure Boot variables
    initialization

 Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc                         | 1 +
 Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc          | 1 +
 Platform/Intel/QuarkPlatformPkg/Quark.dsc                            | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc                 | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc                  | 3 ++-
 Platform/Qemu/SbsaQemu/SbsaQemu.dsc                                  | 1 +
 Platform/RaspberryPi/RPi3/RPi3.dsc                                   | 1 +
 Platform/RaspberryPi/RPi4/RPi4.dsc                                   | 4 ++++
 Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc           | 1 +
 Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc | 1 +
 Platform/Socionext/DeveloperBox/DeveloperBox.dsc                     | 4 ++++
 Platform/RaspberryPi/RPi4/RPi4.fdf                                   | 2 ++
 12 files changed, 20 insertions(+), 1 deletion(-)

--
2.25.1

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

[-- Attachment #2: Type: message/rfc822, Size: 18686 bytes --]

From: Grzegorz Bernacki <gjb@semihalf.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "leif@nuviainc.com" <leif@nuviainc.com>, "ardb+tianocore@kernel.org" <ardb+tianocore@kernel.org>, Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>, Sunny Wang <Sunny.Wang@arm.com>, "mw@semihalf.com" <mw@semihalf.com>, "upstream@semihalf.com" <upstream@semihalf.com>, "jiewen.yao@intel.com" <jiewen.yao@intel.com>, "jian.j.wang@intel.com" <jian.j.wang@intel.com>, "min.m.xu@intel.com" <min.m.xu@intel.com>, "lersek@redhat.com" <lersek@redhat.com>, Sami Mujawar <Sami.Mujawar@arm.com>, "afish@apple.com" <afish@apple.com>, "ray.ni@intel.com" <ray.ni@intel.com>, "jordan.l.justen@intel.com" <jordan.l.justen@intel.com>, "rebecca@bsdio.com" <rebecca@bsdio.com>, "grehan@freebsd.org" <grehan@freebsd.org>, Thomas Abraham <thomas.abraham@arm.com>, "chasel.chiu@intel.com" <chasel.chiu@intel.com>, "nathaniel.l.desimone@intel.com" <nathaniel.l.desimone@intel.com>, "gaoliming@byosoft.com.cn" <gaoliming@byosoft.com.cn>, "eric.dong@intel.com" <eric.dong@intel.com>, "michael.d.kinney@intel.com" <michael.d.kinney@intel.com>, "zailiang.sun@intel.com" <zailiang.sun@intel.com>, "yi.qian@intel.com" <yi.qian@intel.com>, "graeme@nuviainc.com" <graeme@nuviainc.com>, "rad@semihalf.com" <rad@semihalf.com>, "pete@akeo.ie" <pete@akeo.ie>, Grzegorz Bernacki <gjb@semihalf.com>
Subject: [edk2-platforms PATCH v5 1/4] Intel Platforms: add SecureBootVariableLib class resolution
Date: Thu, 1 Jul 2021 09:20:48 +0000
Message-ID: <20210701092051.1057606-2-gjb@semihalf.com>

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each Intel platform which uses SecureBootConfigDxe.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
---
 Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc | 1 +
 Platform/Intel/QuarkPlatformPkg/Quark.dsc                   | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc        | 1 +
 Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc         | 3 ++-
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
index b154f9615d..5157c87a9a 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
@@ -139,6 +139,7 @@

 !if gMinPlatformPkgTokenSpaceGuid.PcdUefiSecureBootEnable == TRUE
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !endif

   SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
diff --git a/Platform/Intel/QuarkPlatformPkg/Quark.dsc b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
index cc1eba4df4..35f99429f7 100644
--- a/Platform/Intel/QuarkPlatformPkg/Quark.dsc
+++ b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
@@ -175,6 +175,7 @@
 !if $(SECURE_BOOT_ENABLE)
   PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index d15da40819..5a0d3e31e1 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -227,6 +227,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 4a5548b80e..36a5ae333c 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -1,4 +1,4 @@
-#/** @file
+e
 # Platform description.
 #
 # Copyright (c) 2012  - 2021, Intel Corporation. All rights reserved.<BR>
@@ -229,6 +229,7 @@
 !if $(SECURE_BOOT_ENABLE) == TRUE
   PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
 !else
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
--
2.25.1

回复: [edk2-devel] [edk2-platforms PATCH v5 1/4] Intel Platforms: add SecureBootVariableLib class resolution

[gaoliming]

Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Sunny Wang
> 发送时间: 2021年7月9日 17:09
> 收件人: Grzegorz Bernacki <gjb@semihalf.com>; devel@edk2.groups.io
> 抄送: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer
> El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>; mw@semihalf.com;
> upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com;
> min.m.xu@intel.com; lersek@redhat.com; Sami Mujawar
> <Sami.Mujawar@arm.com>; afish@apple.com; ray.ni@intel.com;
> jordan.l.justen@intel.com; rebecca@bsdio.com; grehan@freebsd.org;
> Thomas Abraham <thomas.abraham@arm.com>; chasel.chiu@intel.com;
> nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn;
> eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com;
> yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie;
> Sunny Wang <Sunny.Wang@arm.com>
> 主题: Re: [edk2-devel] [edk2-platforms PATCH v5 1/4] Intel Platforms: add
> SecureBootVariableLib class resolution
> 
> Looks good to me.
> Reviewed-by: Sunny Wang <sunny.wang@arm.com>
> 
> -----Original Message-----
> From: Grzegorz Bernacki <gjb@semihalf.com>
> Sent: Thursday, July 1, 2021 5:21 PM
> To: devel@edk2.groups.io
> Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud
> <Samer.El-Haj-Mahmoud@arm.com>; Sunny Wang <Sunny.Wang@arm.com>;
> mw@semihalf.com; upstream@semihalf.com; jiewen.yao@intel.com;
> jian.j.wang@intel.com; min.m.xu@intel.com; lersek@redhat.com; Sami
> Mujawar <Sami.Mujawar@arm.com>; afish@apple.com; ray.ni@intel.com;
> jordan.l.justen@intel.com; rebecca@bsdio.com; grehan@freebsd.org;
> Thomas Abraham <thomas.abraham@arm.com>; chasel.chiu@intel.com;
> nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn;
> eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com;
> yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie;
> Grzegorz Bernacki <gjb@semihalf.com>
> Subject: [edk2-platforms PATCH v5 1/4] Intel Platforms: add
> SecureBootVariableLib class resolution
> 
> The edk2 patch
>   SecurityPkg: Create library for setting Secure Boot variables.
> 
> removes generic functions from SecureBootConfigDxe and places
> them into SecureBootVariableLib. This patch adds SecureBootVariableLib
> mapping for each Intel platform which uses SecureBootConfigDxe.
> 
> Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
> ---
>  Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc | 1 +
>  Platform/Intel/QuarkPlatformPkg/Quark.dsc                   | 1 +
>  Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc        | 1 +
>  Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc         | 3 ++-
>  4 files changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
> b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
> index b154f9615d..5157c87a9a 100644
> --- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
> +++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
> @@ -139,6 +139,7 @@
> 
>  !if gMinPlatformPkgTokenSpaceGuid.PcdUefiSecureBootEnable == TRUE
>    AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo
> otVariableLib.inf
>  !endif
> 
>    SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
> diff --git a/Platform/Intel/QuarkPlatformPkg/Quark.dsc
> b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
> index cc1eba4df4..35f99429f7 100644
> --- a/Platform/Intel/QuarkPlatformPkg/Quark.dsc
> +++ b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
> @@ -175,6 +175,7 @@
>  !if $(SECURE_BOOT_ENABLE)
> 
> PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSec
> ureLib.inf
>    AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo
> otVariableLib.inf
>  !else
> 
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
> bNull.inf
>  !endif
> diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
> b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
> index d15da40819..5a0d3e31e1 100644
> --- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
> +++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
> @@ -227,6 +227,7 @@
>  !if $(SECURE_BOOT_ENABLE) == TRUE
> 
> PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecur
> eLibNull.inf
>    AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo
> otVariableLib.inf
>  !else
> 
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
> bNull.inf
>  !endif
> diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
> b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
> index 4a5548b80e..36a5ae333c 100644
> --- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
> +++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
> @@ -1,4 +1,4 @@
> -#/** @file
> +e
>  # Platform description.
>  #
>  # Copyright (c) 2012  - 2021, Intel Corporation. All rights reserved.<BR>
> @@ -229,6 +229,7 @@
>  !if $(SECURE_BOOT_ENABLE) == TRUE
> 
> PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecur
> eLibNull.inf
>    AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo
> otVariableLib.inf
>  !else
> 
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
> bNull.inf
>  !endif
> --
> 2.25.1
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
recipient,
> please notify the sender immediately and do not disclose the contents to
any
> other person, use it for any purpose, or store or copy the information in
any
> medium. Thank you.
> 
> 
> 
>