From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR03-VE1-obe.outbound.protection.outlook.com (EUR03-VE1-obe.outbound.protection.outlook.com [40.107.5.55]) by mx.groups.io with SMTP id smtpd.web08.5549.1622795238063884590 for ; Fri, 04 Jun 2021 01:27:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=R4VGs2Kb; spf=pass (domain: arm.com, ip: 40.107.5.55, mailfrom: sunny.wang@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zH1zxzuEz1OxiePGyMuyL3C+b/Z8t4XJi39hde/lZsg=; b=R4VGs2KbZPT4X51ec92eg5p+c8tj3ozbDUJCoXWaa1MNTYIDSB7PFZSJ3sTJ1X8DvEDJZ3apCvnrjljxp1WbGjphV0Xtnwkp9bufdfMj/qORVRSa5YeL2aNfQSCVU+o4nIAgd7zdEGdJoWk2zAztSnzxmgYOXeZNg9QTMnGVG5Y= Received: from AM6P195CA0021.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:81::34) by DB6PR0802MB2248.eurprd08.prod.outlook.com (2603:10a6:4:85::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20; Fri, 4 Jun 2021 08:27:14 +0000 Received: from AM5EUR03FT059.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:81:cafe::cb) by AM6P195CA0021.outlook.office365.com (2603:10a6:209:81::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.22 via Frontend Transport; Fri, 4 Jun 2021 08:27:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT059.mail.protection.outlook.com (10.152.17.193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.21 via Frontend Transport; Fri, 4 Jun 2021 08:27:14 +0000 Received: ("Tessian outbound cce4cc55b7ee:v93"); Fri, 04 Jun 2021 08:27:13 +0000 X-CR-MTA-TID: 64aa7808 Received: from 78d40eb895f8.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id AABA913E-86BC-4C2F-9448-EBC80BE5A5E2.1; Fri, 04 Jun 2021 08:27:07 +0000 Received: from EUR03-DB5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 78d40eb895f8.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 04 Jun 2021 08:27:07 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rp2C+1uT+kO8sawat5rlBvD8EuQb5uPO9savkZn7j39Vh9UrlSEFcB3soRdhwXvOyjhS80yaWe1bSW9oF8sv1/kwfMx9FikRXeIQoRw8TbN0fV2JDwAtLe2NstAHDtNSlKQ6pzOu1MwJWEzrHcaebYLPvVK5EPbREPSGBXw+GP6avb8kz2Wcxgw6pyqDmDV/qRy/nG2eYUtsF7CQ9wLH+UbmBgb6rHu6y2dNoLGl1y2f3w4ZWtDzaQHZSRZJlMqziCB4vLXjbqRwz6zzmh82bS3cnT2NHdZ24OlT6AEYIjV6H8mHtgzKRx0n/jKetj/FeZqhd9PE9i/VRA2ECooS2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zH1zxzuEz1OxiePGyMuyL3C+b/Z8t4XJi39hde/lZsg=; b=MEAboRUDLSI5hA8PtEddMYDrkB9q1MLPAlF06xRrqBh41vhur/764CuZaPmPvMeJf+BUHl4zAs4wiCtFmh9V2ODL6ZYIaXlG28H3HvDXLGSRtmLeHKCmbHplVlFOhjTgBOYj7EoHdut8kra/3+YMe0n4xGDubP55a04/M4B7arQlrdHGOzNgdK6FaKm+I7zuwOXknPTFQYp2HoAhtCU3y7e8Q9n0UB/YWwRu6YxwWfh01EohAnzBUIsJiEuhzGxlCSrwi7FBXSd3y7OGqprIoiluObuG1zWowPBYBbJNiCV0mFtUgnaXljdJnmLfzCrmWY7W6TV8dkTt9QhTcR7WmQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zH1zxzuEz1OxiePGyMuyL3C+b/Z8t4XJi39hde/lZsg=; b=R4VGs2KbZPT4X51ec92eg5p+c8tj3ozbDUJCoXWaa1MNTYIDSB7PFZSJ3sTJ1X8DvEDJZ3apCvnrjljxp1WbGjphV0Xtnwkp9bufdfMj/qORVRSa5YeL2aNfQSCVU+o4nIAgd7zdEGdJoWk2zAztSnzxmgYOXeZNg9QTMnGVG5Y= Received: from DB8PR08MB3993.eurprd08.prod.outlook.com (2603:10a6:10:ad::26) by DBBPR08MB4774.eurprd08.prod.outlook.com (2603:10a6:10:d5::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21; Fri, 4 Jun 2021 08:26:57 +0000 Received: from DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::9154:9191:b8a3:388c]) by DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::9154:9191:b8a3:388c%7]) with mapi id 15.20.4195.024; Fri, 4 Jun 2021 08:26:57 +0000 From: "Sunny Wang" To: Grzegorz Bernacki , "devel@edk2.groups.io" CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , Samer El-Haj-Mahmoud , "mw@semihalf.com" , "upstream@semihalf.com" , "jiewen.yao@intel.com" , "jian.j.wang@intel.com" , "min.m.xu@intel.com" , "lersek@redhat.com" , Sunny Wang Subject: Re: [PATCH v2 5/6] SecurityPkg: Add new modules to Security package. Thread-Topic: [PATCH v2 5/6] SecurityPkg: Add new modules to Security package. Thread-Index: AQHXVugGJKh9Hp2f+EObkTb83qQwLasDiGMQ Date: Fri, 4 Jun 2021 08:26:56 +0000 Message-ID: References: <20210601131229.630611-1-gjb@semihalf.com> <20210601131229.630611-7-gjb@semihalf.com> In-Reply-To: <20210601131229.630611-7-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 0FF99B3C2317AF48A4FB88B3133BA933.0 x-checkrecipientchecked: true Authentication-Results-Original: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; x-originating-ip: [36.226.217.156] x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: 3febc297-33f3-4fb2-3559-08d927328e83 x-ms-traffictypediagnostic: DBBPR08MB4774:|DB6PR0802MB2248: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:4502;OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: UHkYvfmOuMeNLkycWG0VBavsIab4VSWWPdB6YE0f06op08UwrujfYvIYNtkplIx6b6Fg+LumAzNa6B7P4Ms08nCBROPrkc3oGW5I2ZcXkQEOaM7sh55j2nA0uYBWfq32tvIJkkwKP3/9l2qnKyWF6xWUIW8tOgnKqNYp6n8tV3xg5qYzNGTqy/HlGKTgzUyCyVZuy7unrqpMGslHAWxlJWrCMqi+sR6rQIaxMa6h1XEFCWFFo92IyXSFs6FQ5NAWW5Z/3tT5pj/efcl+l6McNw3Pz3lxILZFevlchSc9QxML8FaDV+AdUcXGdQOn4/FY5hhh0S4VJotwYii5/oOBRhyi+Eqtw2/In2+UDSaM/0gmEXRBmHaIyyBtsCN3w94AyCv08l8uQnlzOTPWcBttiYlc3wyw/71PWmNpaAsNFV4uqdyS79wzf39JJiy3d40RWl4ajSMalrj90c5JcJL8JfMvsh+nfY7ITXkcJJT5JLORJYPVuSnR2HnaGFoZ8EPnqg7myZfZwfntrmXjaVb/CGSV11c46nGdhdHzaZJOLG0PTFItlL8Vuo0pEP+ubZeo95KjL3wy7oJiS7XRAQrnnPuXMlZkVeecBZtAVsjU0IU= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR08MB3993.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(346002)(376002)(136003)(396003)(39860400002)(52536014)(15650500001)(83380400001)(66476007)(54906003)(8676002)(71200400001)(26005)(4326008)(53546011)(6506007)(33656002)(2906002)(55016002)(38100700002)(8936002)(478600001)(7416002)(64756008)(7696005)(186003)(66556008)(316002)(5660300002)(9686003)(66946007)(122000001)(66446008)(76116006)(19627235002)(86362001)(110136005);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?UeV2P5syfcRpF82DtiZcf6M+LmOm44Qmtk1jhknvKU+j+VGT8il32JBRSB9c?= =?us-ascii?Q?yWCKeevLjzv1RxqJXQTPA3TGCd3YurY1JP/Hehdhk91amfaw2LWSZJjx0sni?= =?us-ascii?Q?brJTn7q7R09pE/mX+2Urf7aPcpXnCNb7FP44JZVSkEOOPupQyAur0nYdM/qt?= =?us-ascii?Q?n4qOQqrE4iQpP30vgxK8pq5mOkm/H0Z/Gu0NBIgk/sOY01VzIbpjNZddeRfJ?= =?us-ascii?Q?Kypa0fSxPF0vntceJ5LDxGWJnpznNjgZpHtrLSuyzRwpejr6j4/crsQ2N+Ta?= =?us-ascii?Q?PtjDIyCYiFIxrSjJ8DcBnXrueMOQWY7m45yT67yOnB5cgy/mf3heQ9I8rvHa?= =?us-ascii?Q?R3ysH84HIwp6hz03MiegcrU4PwgMIv8GibipHBXWFRUyHkqv8L52sV+G4jN1?= =?us-ascii?Q?pLdJc4weqANQfL8PS3tS35GAedZglk1WHUr1uPrp/cWjM0Lt9NCIWMphK7sQ?= =?us-ascii?Q?lq6GcfamPg/82Fk7nSP0ERInKbAGfPlnDQ2AtzNI3Znj0370HMIYQuomNCI4?= =?us-ascii?Q?4ooRSdxhFWk+bKTmrvyXIH+r5W/cXawaBIoQrtQCBgm7dtAIEarJqtPuKu3M?= =?us-ascii?Q?XFHW4hN53p7jg3A+Z1+BsGJk9yMYAeQxZxBd5yw6yu540Qvz3ay0W3ssUv7p?= =?us-ascii?Q?yK8TqEZXTpcQuje8KtUbGai18ZfzbCW0o3MXf3zlx3RU/eTTcyCgtX2c0Lza?= =?us-ascii?Q?LWqcqFSom7Xm1KN3IE7H8v1mBuaE1T5K7EUqd3WmMiwfXEzMK9jLNG9zR0fy?= =?us-ascii?Q?ZjAQBa/3oZ7io1oJw9PrakQydTADM0bjxLFtbvpKgbXVSXJgbuGuJM0hHme/?= =?us-ascii?Q?q7eu79wlxwZrI5BhyYHQYUao8nfoOXyK7Mx1v2k3ClPYt78mk+cfTv0hrcqF?= =?us-ascii?Q?mdBYOfHTzf63bGlkPUy1cZ/DcjJxp8Kla7t0RekpJuiVLVLoMOV3Shfbu1p1?= =?us-ascii?Q?tQHDlpH+JhG3ShCU3VulvYXCbU4IXoMPqC8WkeEHsdF38h1wHaNQcE3FFr9J?= =?us-ascii?Q?hkfNS24TCsibkVPQ+dfK6tJi+QJfja8XYHNN/TOeEFe4ZsMwJz+elbMsnQr8?= =?us-ascii?Q?jLBkPuuDd+SRGaZax9sR6kMRgRm5TuXiEfza2m9Qumob8Cp7OVCEFdQDgIaq?= =?us-ascii?Q?gBH33J3hUiutPoU25U+RhChGjYKT4QRtPX97CAJRf//Gmdch/kyxRY5ymzWb?= =?us-ascii?Q?EiPedVbunTaZb4eaWlsrYK4xUddGoLLsvJ4ioicQNn4FO732yE7zHVHhEhpP?= =?us-ascii?Q?aGv6XnLO8tfb6udCy5vWpgGxUIok4DJRNQo+swbcui+trAhzBI60wYo0336f?= =?us-ascii?Q?lV7+sBI+Y60z8DgoXB/HErj+?= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4774 Original-Authentication-Results: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; Return-Path: Sunny.Wang@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT059.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 2f634009-976f-4618-0144-08d92732844e X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Q29D4wGZV8Sum4Mov2kqRJlVHEqSRU+SqX4DMh9SNsXVxKE3MWjnK1i6+469jL4zpkFsWkBQgpIDmUgWFpbRz2bt/mGw8AJmmROM6CZVYlF1XnafgviNFn84oT41ItTMk9VT0+io2d8CCTwG1FbwCwWuBCbe2hRQR7k4gGT6ml6kEpJAfXdusR6sJOgBue8FMX6zuOO1E0SPXsbZab0KaKwrbwyN0Xn/qkWKehsydHOA8BAXKCZjHhwfV9E4/3P7mPdEy3KpN105VnU8YyF+vivNG9SgNt5O9REOtSFdQ+ax6iVXAQ1l2+cmuILzjwvgTYctxI1rjBW4AhTtouMUl2x4FNmqb7Y03brPWcX3SToPTaacL+vN+ptZh9QXZuvJQE9AvA3yOIh3cRclTp49iOyh8pl7Y+zeJstM8dxxLmnLcDShJNZ9QB0yWPngYOpuegij2hu2fxPE+p4JdgDLWBaUw7CoohktUKIb18QjQJB2Y+hCmddO6osoiqZ32I1uOAK9+eAZqiXVKzSVlAUO6zHrlEs/+8mH7Xlj/3delzmwXQdI/0koVzoOkxo2PCjEuQOx8NF/m67gphZ5oNF7mvcgrHko2co1aRZd3AmAfv6gCA3b8ZCnVq8Rg5TwoHHd/CpuYLAmsjIIuqg8b5ReK4z9V06DIp7Piqi2cwxAggI= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(39860400002)(136003)(376002)(396003)(346002)(36840700001)(46966006)(19627235002)(26005)(8936002)(2906002)(86362001)(82310400003)(15650500001)(7696005)(9686003)(4326008)(6506007)(47076005)(70586007)(186003)(36860700001)(70206006)(53546011)(83380400001)(478600001)(81166007)(356005)(52536014)(55016002)(336012)(54906003)(33656002)(5660300002)(82740400003)(8676002)(110136005)(316002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jun 2021 08:27:14.1817 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3febc297-33f3-4fb2-3559-08d927328e83 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT059.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2248 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Internally reviewed this patch before sending the edk2 mailing list and It = looks good to me. Please also address Pete's good catches/comments. Reviewed-by: Sunny Wang -----Original Message----- From: Grzegorz Bernacki Sent: Tuesday, June 1, 2021 9:12 PM To: devel@edk2.groups.io Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud ; Sunny Wang ; mw@semihalf.co= m; upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com; min.= m.xu@intel.com; lersek@redhat.com; Grzegorz Bernacki Subject: [PATCH v2 5/6] SecurityPkg: Add new modules to Security package. This commits adds modules related to initialization and usage of default Secure Boot key variables to SecurityPkg. Signed-off-by: Grzegorz Bernacki --- SecurityPkg/SecurityPkg.dec | 14 ++++++++++++++ SecurityPkg/SecurityPkg.dsc | 4 ++++ 2 files changed, 18 insertions(+) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 4001650fa2..dad3cae0ba 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -190,6 +190,20 @@ ## GUID used to enforce loading order between Tcg2Acpi and Tcg2Smm gTcg2MmSwSmiRegisteredGuid =3D { 0x9d4548b9, 0xa48d, 0x4db4, { 0= x9a, 0x68, 0x32, 0xc5, 0x13, 0x9e, 0x20, 0x18 } } + ## GUID used to specify section with default PK content + gDefaultPKFileGuid =3D { 0x85254ea7, 0x4759, 0x4fc4, { 0= x82, 0xd4, 0x5e, 0xed, 0x5f, 0xb0, 0xa4, 0xa0 } } + + ## GUID used to specify section with default KEK content + gDefaultKEKFileGuid =3D { 0x6f64916e, 0x9f7a, 0x4c35, { 0= xb9, 0x52, 0xcd, 0x04, 0x1e, 0xfb, 0x05, 0xa3 } } + + ## GUID used to specify section with default db content + gDefaultdbFileGuid =3D { 0xc491d352, 0x7623, 0x4843, { 0= xac, 0xcc, 0x27, 0x91, 0xa7, 0x57, 0x44, 0x21 } } + + ## GUID used to specify section with default dbt content + gDefaultdbxFileGuid =3D { 0x5740766a, 0x718e, 0x4dc0, { 0= x99, 0x35, 0xc3, 0x6f, 0x7d, 0x3f, 0x88, 0x4f } } + + ## GUID used to specify section with default dbx content + gDefaultdbtFileGuid =3D { 0x36c513ee, 0xa338, 0x4976, { 0= xa0, 0xfb, 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } } [Ppis] ## The PPI GUID for that TPM physical presence should be locked. diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 854f250625..e031775ca8 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -259,6 +259,10 @@ [Components.IA32, Components.X64, Components.ARM, Components.AARCH64] SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf + SecurityPkg/EnrollFromDefaultKeys/EnrollFromDefaultKeys.inf + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys/SecureBootDefaul= tKeys.inf + [Components.IA32, Components.X64, Components.AARCH64] # -- 2.25.1 IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you.