From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.44]) by mx.groups.io with SMTP id smtpd.web12.8736.1625823484591923444 for ; Fri, 09 Jul 2021 02:38:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=slRx6ES1; spf=pass (domain: arm.com, ip: 40.107.21.44, mailfrom: sunny.wang@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nuVDFCABCX+QInxfRP4XvZ3p7w5q4+aPTBT9JiYxDZg=; b=slRx6ES198OQ17pPfVi7u+NL8bpzykC9fw7bOn2hcMGckEd8Yf/pn2+2bZnNCDIqesw1fyhbe8IC6GMeMRZCQwLStADsRyj4Wa5XVKduIftqwFctpGQJ1iG2brw0PRqX+5bw11UyV5bFYA9WQnk61wZSR1O5RM7qmm18+SQeYMY= Received: from DB6PR0301CA0084.eurprd03.prod.outlook.com (2603:10a6:6:30::31) by DB7PR08MB2972.eurprd08.prod.outlook.com (2603:10a6:5:1b::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.31; Fri, 9 Jul 2021 09:38:00 +0000 Received: from DB5EUR03FT052.eop-EUR03.prod.protection.outlook.com (2603:10a6:6:30:cafe::57) by DB6PR0301CA0084.outlook.office365.com (2603:10a6:6:30::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Fri, 9 Jul 2021 09:38:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT052.mail.protection.outlook.com (10.152.21.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Fri, 9 Jul 2021 09:38:00 +0000 Received: ("Tessian outbound ecba17995f61:v98"); Fri, 09 Jul 2021 09:37:59 +0000 X-CR-MTA-TID: 64aa7808 Received: from 3698048af177.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 6A2DF0AF-C62B-49E9-9C5F-049EDA32621C.1; Fri, 09 Jul 2021 09:37:51 +0000 Received: from EUR03-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 3698048af177.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 09 Jul 2021 09:37:51 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DF4/9u5ic4gPTFsIFDpp/npImMXcGpSdv7a1KzcStHg2JlEISQkrPG8aL0r20J0TQN505imm/QIoPoCymzA7Au/UgcsBhbbzH+HFFl0X8I7J0AJ2tKop5uelGkPOveq7Zqg5zjW8A/IKQo0Tlc8c9ZEiIY2XY8Ch76bYYrdFFw3irWhtQHxWImx68mcyOUEv5MqrZ6M+5Yvtq8/JlWsrSErJFkxGR7XD4PJtThe0ruxzEJbxITG0A23tc2VdvlCBe4foFGQ+MswlNUtcErWPHrxoYowQ+jXNUs9/LbCK8rMkjbNHpVCdrnLHNWNMlFSbGmxve3b3EaxY2v5PaM404w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nuVDFCABCX+QInxfRP4XvZ3p7w5q4+aPTBT9JiYxDZg=; b=IdR3IV6vJiIxGdfwlihaSc99OCAz4lpc2ag7bIB73W48/Wkoacr0hXV3qDiiWsMw/j7APuRfb8HsWWtafgqfwf+qYJ8CWWCDirPi00bmK2K36rEnesfBjQoJiOdGQRJDrrqZaulcgpDG4GPFU3+Ygo2lHSF22WRHSy9gMS/1MM0ptNz71ip7MEdRAxC1nAeCAjat0m9LYXe9t2w9ayllLC5PMpi0koNuorKyobRHqQv19LZLP2qepfXp7L9FgZBc5B+FOBRrXuINatXZqR8fO2zppYNbUiu1dzBLZi4N8vFT6YctfpHOqoUc6PWYbRVpes6exxrH9q3cu1e+7Wrtzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nuVDFCABCX+QInxfRP4XvZ3p7w5q4+aPTBT9JiYxDZg=; b=slRx6ES198OQ17pPfVi7u+NL8bpzykC9fw7bOn2hcMGckEd8Yf/pn2+2bZnNCDIqesw1fyhbe8IC6GMeMRZCQwLStADsRyj4Wa5XVKduIftqwFctpGQJ1iG2brw0PRqX+5bw11UyV5bFYA9WQnk61wZSR1O5RM7qmm18+SQeYMY= Received: from DB8PR08MB3993.eurprd08.prod.outlook.com (2603:10a6:10:ad::26) by DB9PR08MB6460.eurprd08.prod.outlook.com (2603:10a6:10:254::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.21; Fri, 9 Jul 2021 09:37:47 +0000 Received: from DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::14b0:85d6:deeb:9ee0]) by DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::14b0:85d6:deeb:9ee0%7]) with mapi id 15.20.4308.023; Fri, 9 Jul 2021 09:37:47 +0000 From: "Sunny Wang" To: Grzegorz Bernacki , "devel@edk2.groups.io" CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , Samer El-Haj-Mahmoud , "mw@semihalf.com" , "upstream@semihalf.com" , "jiewen.yao@intel.com" , "jian.j.wang@intel.com" , "min.m.xu@intel.com" , "lersek@redhat.com" , Sami Mujawar , "afish@apple.com" , "ray.ni@intel.com" , "jordan.l.justen@intel.com" , "rebecca@bsdio.com" , "grehan@freebsd.org" , Thomas Abraham , "chasel.chiu@intel.com" , "nathaniel.l.desimone@intel.com" , "gaoliming@byosoft.com.cn" , "eric.dong@intel.com" , "michael.d.kinney@intel.com" , "zailiang.sun@intel.com" , "yi.qian@intel.com" , "graeme@nuviainc.com" , "rad@semihalf.com" , "pete@akeo.ie" , Sunny Wang Subject: Re: [PATCH v5 08/10] SecurityPkg: Add EnrollFromDefaultKeys application. Thread-Topic: [PATCH v5 08/10] SecurityPkg: Add EnrollFromDefaultKeys application. Thread-Index: AQHXblo37cWIa4b3FEGTydOhU4Avdqs6b0gA Date: Fri, 9 Jul 2021 09:37:47 +0000 Message-ID: References: <20210701091758.1057485-1-gjb@semihalf.com> <20210701091758.1057485-9-gjb@semihalf.com> In-Reply-To: <20210701091758.1057485-9-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: DB43C32347B69D4DBE21AEA0D4AD37C3.0 x-checkrecipientchecked: true Authentication-Results-Original: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: a4426c81-89c9-49f8-118c-08d942bd3dab x-ms-traffictypediagnostic: DB9PR08MB6460:|DB7PR08MB2972: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:1417;OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: gMLemwOmRFQ0ZQtI1U2al8PxMszjUVg60Xbxe3GxTBjH2xd6stvQJBf3sad1ikpi9Jp7RWnE9p8deVHw1c4hRrtxZBSX3jFstwFxpi+8TQZAHtOjiCmGgJPKE/rIhCX3w5pYK0Vkg/rmLggFOXie95Tx0kyyvoxnrIjADFnWmLzRB0Ge0fzLBaClHddZtmviup+TRTQPYUbmN4yyfQD+ZZa0p5jHP5iqvteFMKOOBM6y8SKmDN4ngYyDbppJ5TYu/NdrmtlQl2UHp3jrnJM68p4wMlsHQmUcvfwyvpkxd+pwMR1y3gudhgN5K1PrvNndkidK1vd4CI/M3F3akKZlxC5VlV+UshAQsnGnwcdgxky6lsinKytNPSxWqyg28Efwaqbh6lc2E9Ja2Yzq6v7y8nqXcpXAmTd4qxk9AE2xFSmUkdaYselwhzVYIya6wRYqnhGafR20gpuhqFpIy2EcgA/eXSpTBPKXSnEbX9QC9k66itsO3K+iC1t7LCjcQ2YsaYzVTZAatciTQRU3/SO61FZhq9JsQ0lT5+UcCKrXQiyidI8tKavqD4/pXyzRbMyFg9TabpRtMVyZDSfQDW56bCcKK19BfXDvCoOdvsNFkFGK8wKPcGQANF2+U7jUXYBbbYtOLt4ZwHJea4GubnKxjw== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR08MB3993.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(366004)(136003)(376002)(39850400004)(396003)(66476007)(54906003)(33656002)(66946007)(5660300002)(478600001)(110136005)(8936002)(9686003)(4326008)(19627235002)(52536014)(38100700002)(8676002)(53546011)(66556008)(55016002)(76116006)(26005)(7696005)(6506007)(186003)(122000001)(316002)(2906002)(15650500001)(83380400001)(7416002)(86362001)(71200400001)(66446008)(64756008);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?giImMpeNdxZOSS5JwBgnHZN28v4jS3MoA8VRm4Zr18pEwmbUzhzDDGUjtgLV?= =?us-ascii?Q?h2aoJ5WvWbVi5mszUyOn4K1xhQz21mTbCJC8Np0kCHKAce52dnyAE2amsdTS?= =?us-ascii?Q?WmAgBFv++lLU5uW66xnEuKL10s2RNNblLxf01CnFRKw5lAS/Lw+Hrt6EtWiZ?= =?us-ascii?Q?ohr3Muz/dZEBpIu8nm3U2b7zUv9bnoA2CEGckTYCuCdf4CGl5uB6RFYQwI5H?= =?us-ascii?Q?tO5GmJG3pHuPcV74Df/jzK8xMrKoacyPAP11j4qVS4WW5HG7HF5L4hY61jh2?= =?us-ascii?Q?OJOPN2LEauZ+S+6rqG9ZmB5XtYTEkX36f7YNjjfgxsagfjuLifnQ5UMFL1sI?= =?us-ascii?Q?LgsSqyBjzStlo1Y9smgfireX0+886EklKnglfcwiZnbWNtGfNEXjBaayOrvR?= =?us-ascii?Q?E+wjVksggvEFvibichvexsjK2HOSRbnK+MTm6Qd/ErG/NWBgQYIflJ+5THhI?= =?us-ascii?Q?vgoHRPOTjElVdAl3A9AIzNYzpTbYfUiNGHtravoI46aM4hCb2evA05f9RZr/?= =?us-ascii?Q?aFeD2dcypVR3edRO3+LJxDHRzVSwxX43hsXW1xU+QiBmxMjmCW/8iDaX22yv?= =?us-ascii?Q?wltSvW0dtCUQ8t34CR7G4WvoPRepr4ifzaUksA+X1NM7n1xT3LQ6hn0DoDQC?= =?us-ascii?Q?cOJ1yps7hULZhnk4HViJLXwFJ67KhKAr41/VNQViWgEju5Ca7JnQqlB2YNE6?= =?us-ascii?Q?56L3GvvMY014CEN+q74oeyecinLBevn9Rqfi307lU0OCOr7e8aXR8Q0CNBlZ?= =?us-ascii?Q?Kpe04ylH6yjn5kk8iAYHGvHWh2a+zdOrocjroVJNJHKbJ2gVrZ6vqVIKwdC6?= =?us-ascii?Q?OK+PeBKvFaxR3U2awbPDlhwlFhLQtE7zr72vDV9mWsbUhmfNg3c7iadqcY6v?= =?us-ascii?Q?pmorZrTynyWd1ZBoaiqzEcOA3FTb7OoxXa8kt+neIr7N0J3rXgY8P4+Uhlb4?= =?us-ascii?Q?P0aCjVNIoWGLPKcY2q3Tnp9eXCJ5mFCOtz5ruvhbco7l83VNA1H+HDkRCW3L?= =?us-ascii?Q?u9jyqWj1bBG0/BkhD8zES95dEeCPPc1P+5aBKAefptDzEmcnxNbsBACj7lOw?= =?us-ascii?Q?jWGMvu4FdmvKe8CvlsbI995pGD3WTV0xNbcDmY6qiIB+wURcIQGxTuXkuvLG?= =?us-ascii?Q?nohMyOyeIiyZkhZWPEMjCKvnI3pqpejraQN9RSs2YfMunL92ZTszDCW5oiFY?= =?us-ascii?Q?T2bcPUQyjIiVp2jlp/jzFCRNhOCLH/BKeMrkPnaE1WcaJOni0dDIVoAu2Oqm?= =?us-ascii?Q?JHC9++e+v8iU1hcT7a4dQttXhP6xhwPZDWyEVw6WFiYSGzojPqs8QFcdxLUx?= =?us-ascii?Q?MLhgxfpJY8VSvKOABR/TUN9n?= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6460 Original-Authentication-Results: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; Return-Path: Sunny.Wang@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT052.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: d3576652-392b-41ae-3f7d-08d942bd3664 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ss6bqhFfo3H91/1i2lH487h9R5QUU7WkegX8tAleoXj3k5cWHTNsGjLYHhqhaDGELH2TV1mxPSXcgomWexQoJtnc6F3FD7oy/+/XeqCTHyjY9Oy8YzMR5R6jCQW2qRGS4d/IJIHpIZB6kh868JrXaq8SYcDnUw/foJjxWQXAfmJd+9jD4hL9usTkOUQtbmLx/tXKlwogtC87S288xxwbWTwPNHqNWYJpRWUphQdCQbUpmVCVkpxjiRoxyiDUN750cvtZVHf1djFI2vjj5pwhaISVfl9C7z1dD3JNVkcoWs+34GH8WDmEnmGv1B5CVK3qUs7Q6Y3Vuu0qQYE7m+zPtT1oyKyqamVEGZtNkhVKbvCdu/hLDkEI5Y3dBchnpjoxsVTq+L6uWuCjiXz+taAStQSzqkmAlGZtU2jP2A7QJVQ4YwcYBF1cXc2/Djv+sY9Fjh5te9j6Qd1z2PRyZ++3np8TET7KybE++baEEvMZz/yoPdvrQl3xPRr2N9pz42fol41bH4vOn7kursnxdZXm+de3rXAAm1MdeuXYMy5OPmpHPG9EJwkaWZogt4XjECID7aPlwFOCwOnGsoE6+RQXy+9Gzy5rArRB4kC/twbawErA4Y5jNDF7Wqf5cG6zGjglZD/XMGQJ2/Yjrsftz3Xa1kyJywhWjKHoBeQmvGFAIOybpY3Rrs3a3T9EaA55y7wQ5FdKzgXyEN0+D/oklkdkMg== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(376002)(136003)(39850400004)(396003)(346002)(46966006)(36840700001)(478600001)(82740400003)(356005)(7696005)(110136005)(54906003)(83380400001)(81166007)(316002)(4326008)(86362001)(47076005)(70586007)(19627235002)(336012)(186003)(33656002)(8936002)(6506007)(53546011)(9686003)(52536014)(82310400003)(15650500001)(2906002)(26005)(55016002)(70206006)(36860700001)(5660300002)(8676002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jul 2021 09:38:00.0419 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a4426c81-89c9-49f8-118c-08d942bd3dab X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT052.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB2972 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Looks good to me. Reviewed-by: Sunny Wang -----Original Message----- From: Grzegorz Bernacki Sent: Thursday, July 1, 2021 5:18 PM To: devel@edk2.groups.io Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud ; Sunny Wang ; mw@semihalf.co= m; upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com; min.= m.xu@intel.com; lersek@redhat.com; Sami Mujawar ; afi= sh@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com; rebecca@bsdio.co= m; grehan@freebsd.org; Thomas Abraham ; chasel.chiu= @intel.com; nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn; eric.= dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com; yi.qian= @intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Grzegorz B= ernacki Subject: [PATCH v5 08/10] SecurityPkg: Add EnrollFromDefaultKeys applicatio= n. This application allows user to force key enrollment from Secure Boot default variables. Signed-off-by: Grzegorz Bernacki --- SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf | 47 ++= +++++++ SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c | 109 ++= ++++++++++++++++++ 2 files changed, 156 insertions(+) create mode 100644 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultK= eysApp.inf create mode 100644 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultK= eysApp.c diff --git a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.= inf b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf new file mode 100644 index 0000000000..4d79ca3844 --- /dev/null +++ b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf @@ -0,0 +1,47 @@ +## @file +# Enroll PK, KEK, db, dbx from Default variables +# +# Copyright (c) 2021, ARM Ltd. All rights reserved.
+# Copyright (c) 2021, Semihalf All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 1.28 + BASE_NAME =3D EnrollFromDefaultKeysApp + FILE_GUID =3D 6F18CB2F-1293-4BC1-ABB8-35F84C71812E + MODULE_TYPE =3D UEFI_APPLICATION + VERSION_STRING =3D 0.1 + ENTRY_POINT =3D UefiMain + +[Sources] + EnrollFromDefaultKeysApp.c + +[Packages] + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[Guids] + gEfiCertPkcs7Guid + gEfiCertSha256Guid + gEfiCertX509Guid + gEfiCustomModeEnableGuid + gEfiGlobalVariableGuid + gEfiImageSecurityDatabaseGuid + gEfiSecureBootEnableDisableGuid + +[Protocols] + gEfiSmbiosProtocolGuid ## CONSUMES + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + PrintLib + UefiApplicationEntryPoint + UefiBootServicesTableLib + UefiLib + UefiRuntimeServicesTableLib + SecureBootVariableLib diff --git a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.= c b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c new file mode 100644 index 0000000000..3407c1c4b9 --- /dev/null +++ b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c @@ -0,0 +1,109 @@ +/** @file + Enroll default PK, KEK, db, dbx. + +Copyright (c) 2021, ARM Ltd. All rights reserved.
+Copyright (c) 2021, Semihalf All rights reserved.
+ +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include // gEfiCustomModeEnableGu= id +#include // EFI_SETUP_MODE_NAME +#include // EFI_IMAGE_SECURITY_DAT= ABASE +#include // GUID_STRING_LENGTH +#include // CopyGuid() +#include // ASSERT() +#include // FreePool() +#include // AsciiSPrint() +#include // gBS +#include // AsciiPrint() +#include // gRT +#include +#include + +/** + Entry point function of this shell application. +**/ +EFI_STATUS +EFIAPI +UefiMain ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + UINT8 SetupMode; + + Status =3D GetSetupMode (&SetupMode); + if (EFI_ERROR (Status)) { + AsciiPrint ("EnrollFromDefaultKeysApp: Cannot get SetupMode variable: = %r\n", Status); + return 1; + } + + if (SetupMode =3D=3D USER_MODE) { + AsciiPrint ("EnrollFromDefaultKeysApp: Skipped - USER_MODE\n"); + return 1; + } + + Status =3D SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + AsciiPrint ("EnrollFromDefaultKeysApp: Cannot set CUSTOM_SECURE_BOOT_M= ODE: %r\n", Status); + return 1; + } + + Status =3D EnrollDbFromDefault (); + if (EFI_ERROR (Status)) { + AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll db: %r\n", Status= ); + goto error; + } + + Status =3D EnrollDbxFromDefault (); + if (EFI_ERROR (Status)) { + AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll dbt: %r\n", Statu= s); + } + + Status =3D EnrollDbtFromDefault (); + if (EFI_ERROR (Status)) { + AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll dbx: %r\n", Statu= s); + } + + Status =3D EnrollKEKFromDefault (); + if (EFI_ERROR (Status)) { + AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll KEK: %r\n", Statu= s); + goto cleardbs; + } + + Status =3D EnrollPKFromDefault (); + if (EFI_ERROR (Status)) { + AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll PK: %r\n", Status= ); + goto clearKEK; + } + + Status =3D SetSecureBootMode (STANDARD_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + AsciiPrint ( + "EnrollFromDefaultKeysApp: Cannot set CustomMode to STANDARD_SECURE_= BOOT_MODE\n" + "Please do it manually, otherwise system can be easily compromised\n= " + ); + } + return 0; + +clearKEK: + DeleteKEK (); + +cleardbs: + DeleteDbt (); + DeleteDbx (); + DeleteDb (); + +error: + Status =3D SetSecureBootMode (STANDARD_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + AsciiPrint ( + "EnrollFromDefaultKeysApp: Cannot set CustomMode to STANDARD_SECURE_= BOOT_MODE\n" + "Please do it manually, otherwise system can be easily compromised\n= " + ); + } + + return 1; +} -- 2.25.1 IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you.