From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.55]) by mx.groups.io with SMTP id smtpd.web09.9021.1625825847784186440 for ; Fri, 09 Jul 2021 03:17:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=3eXSC80e; spf=pass (domain: arm.com, ip: 40.107.21.55, mailfrom: sunny.wang@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HY6DVRg2SRGMwPpdJHhxWxhY5OaGnXE/b3IiOPibIqg=; b=3eXSC80eZ9KHmzlTXLNPvCQOyfr3KyMrE79yGEK/1hJMhwX1A0Yhq9cpkRLG57XGHZUUaZHJLnUf7RL8QLu+3KhZybFSO9LPVF+MwKPPJd5erIEspMs2YGSohOagtKU6AifUpZrYZilxIXkafWmQJ30Gou7x7eqOZnkw/i1DlI0= Received: from AS8PR04CA0085.eurprd04.prod.outlook.com (2603:10a6:20b:313::30) by DB8PR08MB5370.eurprd08.prod.outlook.com (2603:10a6:10:112::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.21; Fri, 9 Jul 2021 10:17:25 +0000 Received: from AM5EUR03FT051.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:313:cafe::72) by AS8PR04CA0085.outlook.office365.com (2603:10a6:20b:313::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Fri, 9 Jul 2021 10:17:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT051.mail.protection.outlook.com (10.152.16.246) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Fri, 9 Jul 2021 10:17:24 +0000 Received: ("Tessian outbound 770f4ae52989:v98"); Fri, 09 Jul 2021 10:17:24 +0000 X-CR-MTA-TID: 64aa7808 Received: from a3bdb87c86c3.3 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 8B09B778-411A-4D59-A87B-F9E22DA9D935.1; Fri, 09 Jul 2021 10:17:16 +0000 Received: from EUR01-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id a3bdb87c86c3.3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 09 Jul 2021 10:17:16 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IBjrJc7SiNW8KDo5cW5nNimb88YAIHxHN036bZeK8WAQrNJgEwXICWTKcR0NRAQe3WtfcHPRlIGYm1b5RbGhiIcGUlNH6DZxC4klpPVtliYOs28fIuPZFtXOLzMFfLX5QApqhgqGKbZrunkG2p3g1jwE4Oz8y/bg8z2odL2JwnNAX354vEd1I+EJvRPKVAEgdtTnkdO1nfcruy4Q5mm8Vu15OgTO2EyYfh4r6Z+0UKIIKw0WvZ6X8jYrQ3V8NIRHhIPU5aIohrp5VslyKw4Fmz0RVG4re/YVGPDziSofeJEzsjHKV2ulii8hPIOo3qPMW7KfQzVaGYICnJc0H47Rfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HY6DVRg2SRGMwPpdJHhxWxhY5OaGnXE/b3IiOPibIqg=; b=ewM3o7wiZc6qYy1TBCkM3hy+YMKTdEWF4r3Crl0bsawKzsXBPTWd2IBPVV1uQibQHNLj3Yd1UYR7SqqeSNT7dF8raKAUEbP/HeQozm+j84TugmKLwgG+JVWWOpzu25KekOTPmHQwWVCX32hXgOBQG/DDQx1frJf/gzzgUcFs/fMZ1J3otMbgHyx9Oyyr+mxP13d7ez3YV/a8qGM6nAQBJHbQthVs0vBXSD5mJIRzwq1XXF+SAWWK8igA89+ZjutTar54IgwgkfIhgZkft0udSPxTKuKfUIMSsIQ6l9IkIN3mV9PO2WGOav94IF76g2KNoTFeJthG6AWG0VcdNPWBnA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HY6DVRg2SRGMwPpdJHhxWxhY5OaGnXE/b3IiOPibIqg=; b=3eXSC80eZ9KHmzlTXLNPvCQOyfr3KyMrE79yGEK/1hJMhwX1A0Yhq9cpkRLG57XGHZUUaZHJLnUf7RL8QLu+3KhZybFSO9LPVF+MwKPPJd5erIEspMs2YGSohOagtKU6AifUpZrYZilxIXkafWmQJ30Gou7x7eqOZnkw/i1DlI0= Received: from DB8PR08MB3993.eurprd08.prod.outlook.com (2603:10a6:10:ad::26) by DB6PR0801MB1797.eurprd08.prod.outlook.com (2603:10a6:4:32::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20; Fri, 9 Jul 2021 10:17:09 +0000 Received: from DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::14b0:85d6:deeb:9ee0]) by DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::14b0:85d6:deeb:9ee0%7]) with mapi id 15.20.4308.023; Fri, 9 Jul 2021 10:17:09 +0000 From: "Sunny Wang" To: Grzegorz Bernacki , "devel@edk2.groups.io" , "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , "ray.ni@intel.com" , "jiewen.yao@intel.com" CC: Samer El-Haj-Mahmoud , "mw@semihalf.com" , "upstream@semihalf.com" , "jian.j.wang@intel.com" , "min.m.xu@intel.com" , "lersek@redhat.com" , Sami Mujawar , "afish@apple.com" , "jordan.l.justen@intel.com" , "rebecca@bsdio.com" , "grehan@freebsd.org" , Thomas Abraham , "chasel.chiu@intel.com" , "nathaniel.l.desimone@intel.com" , "gaoliming@byosoft.com.cn" , "eric.dong@intel.com" , "michael.d.kinney@intel.com" , "zailiang.sun@intel.com" , "yi.qian@intel.com" , "graeme@nuviainc.com" , "rad@semihalf.com" , "pete@akeo.ie" , Sunny Wang Subject: Re: [PATCH v5 00/10] Secure Boot default keys Thread-Topic: [PATCH v5 00/10] Secure Boot default keys Thread-Index: AQHXbloYsOeXpJVr/E6F018SYIFFv6s6b85w Date: Fri, 9 Jul 2021 10:17:09 +0000 Message-ID: References: <20210701091758.1057485-1-gjb@semihalf.com> In-Reply-To: <20210701091758.1057485-1-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 50FE063DDAACC548B1487E085776BB17.0 x-checkrecipientchecked: true Authentication-Results-Original: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: 2234b0fd-86e7-4a00-1567-08d942c2bf2a x-ms-traffictypediagnostic: DB6PR0801MB1797:|DB8PR08MB5370: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: m146TJ+5yHgWz21C6YloSuICpLYy27ZftE9JyKVFB9HqcFF0uK7WBE/GeYrKmzC8CtTTHr914aHLy3tbzLWBIUz8XmYquhFMrR+gIdhx9yzkpoTadefO9NTIrJQ/IDbimwbe+BOwwqeVIpEWmZ2mTPIVzKi1wwE92jxfQRg+AU4QBb9Jhf8O0S+GGJhr9DZYZBHieo8rKqtlf3Gydyes8JwT8NlkwjKz04jCeYDezXSyA+WR8UfxOA/q4WRSe56Rvbe7V/HiOOI/ETDKYLozSq03ZnhUbIkk4o6mDP/4zb8hTnfROP/1LETTnnZf4CAG8ijAQPWOgdOv5vsxrkqosjYSQs9qWZq4eSpWNSPWd05VXk1BsEpFM6WbSRDKAOkvN4gvcngvuwoF2QgsuGjwzLRqgp2Jebu8qJqRLQUlA7AabmogjOSht/886IJ2W1Bd2+YCZLZcFAC7+EPZfDCZnVeU6yc6GJTrBeOQm+tOdyLYQOlRupQpa4gRJuyRoCA4T3gw6o1n5nK/ziFFUKbzk2YWExB3efRx3LidmMWyP+n+ktgC2hTsbA+5seImhjkL6tTQAfIwF78FE1h0l3ojKls5qztQOEtOGGJYRD/+qIbG033yXFazQE1Je/jGGwt+P6er2Zp5bVVMVuuq7XvDcGZniEMd8Zu5zssbLjXAOg8w+ISMRW4D78yTw5iVoMqvqXEUZ3MAbx3hSP1h1fIfQ47Zb5ZRzbDfRYy1COX8/zc= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR08MB3993.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(366004)(396003)(136003)(39850400004)(376002)(9686003)(71200400001)(55016002)(54906003)(26005)(110136005)(122000001)(4326008)(8936002)(7696005)(966005)(316002)(53546011)(5660300002)(38100700002)(19627235002)(8676002)(186003)(86362001)(6506007)(478600001)(2906002)(66476007)(64756008)(7416002)(33656002)(66556008)(83380400001)(66946007)(76116006)(52536014)(66446008);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?2xP1LqdWrHU4J2dL3LGfXBn2u9clHokDBauu0TLUVMfOz7v6eqR1d2V96vvf?= =?us-ascii?Q?4+ZBoYCfY3nc27mK3ENbEg3iw1IcmEZaLmVZ0lDZxR5TCNwaA0/twjKqtZJG?= =?us-ascii?Q?9VnKEVqZx8ipePgGPgPPQZUrXgcCrz4oS4yTh6P6YlM9ki91wKO+5FsAYWlC?= =?us-ascii?Q?Pre+w7UZ0K7qmzOHLTgaWvAvjy3U4L+8es6mB5R/lZbiA0uOZvEZGuPa6LZ+?= =?us-ascii?Q?HsI3Je4c9zvJFX/Ywi3kEt4Fr9A9b95RyFPEV086EqMC1ks+k71SB/oYjbOp?= =?us-ascii?Q?d8fKYzeu3Ze0j64hOqy+rk+1B92rKbDZAHVTcSG6WF7D4edvbw8P1kW/rUPt?= =?us-ascii?Q?4JNyuT/hrCkaZF4AnkVcAYXkrgazmqwkjDW8CRZ0wBUr3NHh7yfjfpqTkEvG?= =?us-ascii?Q?IHhXnszjhcET0ul17gzt2L+rkGXu3/oR0XXfGDJHkVa0OlfNlHzv9LhAqMDC?= =?us-ascii?Q?bWLUGOHE2Jm58BsNgC18tlKnicMBtiHNjeylipURp7e5CMzKz1FiuhPCyPY6?= =?us-ascii?Q?2FepCKzVg8LMeOJS96Sijwz27dSDZPSFDQOMtENEXwuLJ/NgE1/RzPv4rWpC?= =?us-ascii?Q?0FZuqizWjfpvRfjz2uPVhTFq9/dVaZggEiu5gN51OUuYrMWAkNVAkxTKZoMq?= =?us-ascii?Q?k5dQUmYlPE1CQ9ZHxyQb8SHuuJaTq/fEWhhTCG/CVTzSIJtkqMMLYNMdAoWM?= =?us-ascii?Q?4TByIjweBxIFwfiu21aV7N+4g+E1ig6wNL2iy5Hr1emv1RYsnEUxAWZ3TW1Z?= =?us-ascii?Q?PoeFWQHDwCCJ8IAns1D57LO5vXm6lvTu2xYHqfgkV5jaZpMfULy4p2/VEvlo?= =?us-ascii?Q?gS3Neah0mMTXA6PNtAhlZF7XMd9Rp3TAJgXSZ3kZaut5EPUxRMsRaNZKtxfY?= =?us-ascii?Q?Emt+Z9J33/m6b+pseXMmWaE1+juM2W/JV+Blb/QpK1I3xGLMFc1ifLOiBiqt?= =?us-ascii?Q?eZBPolmnYzKApTNvD0/ygxwAJbVirQHDlOGYfoPy4sjjrKFLK7D41gX6gEVh?= =?us-ascii?Q?r9vKd2TVivzkAU9Frg5Au+TkH3CzXZkhPT6vMJqUc9CFpcqQnwCiY7blgEDc?= =?us-ascii?Q?Pq2pFHAqU8Kj/kOgsLRHkCkLRccXGhjO6rM0jOEUS9hryeJRq4pP5UynAMr2?= =?us-ascii?Q?1PJ550/wD5w/DMMliahZCTN+/TiSqgSpHbXLppudVlEcGp4DQmsdHZaNNBek?= =?us-ascii?Q?KnrjrfuiaT7RXFRn4kW/76t4C29PhDp9jhaN/VSnC9E/pQirI0yKpmtkFcsD?= =?us-ascii?Q?yn177TWKMUW5XO2stCbRr6Azsa42vUSteEWIbvqWyVUPnzCOepgUAiSwQD6b?= =?us-ascii?Q?jD8BgBFTPJUi58we/gfr3JnV?= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1797 Original-Authentication-Results: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; Return-Path: Sunny.Wang@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT051.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: b92cbc9a-1fab-45df-cda8-08d942c2b645 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: i0LModmxYX3Tmw109QgMjg126ZMLqDgYXVwfQGg4ywk61EWlWRxj4kkI5xfNBdCTmm99VK2XZPP5P9zNaWcY1y3XmhPKmVh6GNBlj5q4ebLjZ/JwcWAwbHBECWU4+oHkzVfcXf8tP7c+EgwkMnalUKLND5ED1uJ08v/q8mHQix4tYIzqKIw5JwpF2a8bC7TBLzYfx2EIQjj4x3JSIxebtZ2Nz+qghZGbUgFPVKnZK9CFyyiERpeg2gkG9/dhHguuL4r+sDDVvI3jCi+zxjIK+y6kpPIyGAodpdaXZ4PZxw+rE1TamB5BKAhClkv9BxPifDKmydIuHY3rEcVK0lRT9UwUQrggB+PbBj/fmibCZ2AA9/PDuQNjbTXGDkNYDwUvVAdQmophb82FhycxVBAO0Q1YShK+AUtd/mHR3d5vmZn7BMMNVukaPnug8+QERMg/AHD8PYLK8/AT8jV0WyJdn5hGpuV4YmL5Esvzqn3ypH0B8F60a0HrejfnTWm9Sdjt0vO/Bsu5L6UQISWJ7RRtnx10xbECQdHQm9wg3Vwkjph4sRRRLPuW6GFjcqO/6I1glnsQl9GQCB1YSP7UFnET+XUxvic5kPmdwr30YcVjBsBd6K+vBMHnaW8gdsbdzSjipEEoKzjNT4B38yeRtUWzPEOzjVYi6pXl7AfiVSTyDcW+IVjEo37VUcGLK2Hb6uB8KneyQ/yh8lIsGbz5/4YVVm37FFvRYA4sHOtp2aeJQz+sgYfvrQ4RS8P28tUxAPraGrBMTX2FOBMtMLZQbSYD6x4OZs22V8XWSxw3JintCjY= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(376002)(346002)(396003)(136003)(39860400002)(46966006)(36840700001)(4326008)(54906003)(26005)(316002)(336012)(33656002)(19627235002)(52536014)(8676002)(9686003)(55016002)(186003)(36860700001)(478600001)(6506007)(70206006)(83380400001)(81166007)(86362001)(70586007)(110136005)(82310400003)(2906002)(966005)(82740400003)(5660300002)(7696005)(356005)(8936002)(47076005)(53546011);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jul 2021 10:17:24.7211 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2234b0fd-86e7-4a00-1567-08d942c2bf2a X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT051.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5370 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed whole series. Reviewed-by: Sunny Wang We still need matintainers to review the patches below: [PATCH v5 03/10] OvmfPkg: add SecureBootVariableLib class resolution [PATCH v5 04/10] EmulatorPkg: add SecureBootVariableLib class resolution [PATCH v5 05/10] SecurityPkg: Remove duplicated functions from SecureBootCo= nfigDxe. [PATCH v5 06/10] ArmPlatformPkg: Create include file for default key conten= t. Thanks, Sunny Wang -----Original Message----- From: Grzegorz Bernacki Sent: Thursday, July 1, 2021 5:18 PM To: devel@edk2.groups.io Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud ; Sunny Wang ; mw@semihalf.co= m; upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com; min.= m.xu@intel.com; lersek@redhat.com; Sami Mujawar ; afi= sh@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com; rebecca@bsdio.co= m; grehan@freebsd.org; Thomas Abraham ; chasel.chiu= @intel.com; nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn; eric.= dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com; yi.qian= @intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Grzegorz B= ernacki Subject: [PATCH v5 00/10] Secure Boot default keys This patchset adds support for initialization of default Secure Boot variables based on keys content embedded in flash binary. This feature is active only if Secure Boot is enabled and DEFAULT_KEY is defined. The patchset consist also application to enroll keys from default variables and secure boot menu change to allow user to reset key content to default values. Discussion on design can be found at: https://edk2.groups.io/g/rfc/topic/82139806#600 Built with: GCC - RISC-V (U500, U540) [requires fixes in dsc to build] - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg, EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32)) - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4) RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be bui= lt, will be post on edk2 maillist later VS2019 - Intel (OvmfPkgX64) Test with: GCC5/RPi4 VS2019/OvmfX64 (requires changes to enable feature) Tests: 1. Try to enroll key in incorrect format. 2. Enroll with only PKDefault keys specified. 3. Enroll with all keys specified. 4. Enroll when keys are enrolled. 5. Reset keys values. 6. Running signed & unsigned app after enrollment. Changes since v1: - change names: SecBootVariableLib =3D> SecureBootVariableLib SecBootDefaultKeysDxe =3D> SecureBootDefaultKeysDxe SecEnrollDefaultKeysApp =3D> EnrollFromDefaultKeysApp - change name of function CheckSetupMode to GetSetupMode - remove ShellPkg dependecy from EnrollFromDefaultKeysApp - rebase to master Changes since v2: - fix coding style for functions headers in SecureBootVariableLib.h - add header to SecureBootDefaultKeys.fdf.inc - remove empty line spaces in SecureBootDefaultKeysDxe files - revert FAIL macro in EnrollFromDefaultKeysApp - remove functions duplicates and add SecureBootVariableLib to platforms which used it Changes since v3: - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib - fix typo in guid description Changes since v4: - reorder patches to make it bisectable - split commits related to more than one platform - move edk2-platform commits to separate patchset Grzegorz Bernacki (10): SecurityPkg: Create library for setting Secure Boot variables. ArmVirtPkg: add SecureBootVariableLib class resolution OvmfPkg: add SecureBootVariableLib class resolution EmulatorPkg: add SecureBootVariableLib class resolution SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. ArmPlatformPkg: Create include file for default key content. SecurityPkg: Add SecureBootDefaultKeysDxe driver SecurityPkg: Add EnrollFromDefaultKeys application. SecurityPkg: Add new modules to Security package. SecurityPkg: Add option to reset secure boot keys. SecurityPkg/SecurityPkg.dec = | 14 + ArmVirtPkg/ArmVirt.dsc.inc = | 1 + EmulatorPkg/EmulatorPkg.dsc = | 1 + OvmfPkg/Bhyve/BhyveX64.dsc = | 1 + OvmfPkg/OvmfPkgIa32.dsc = | 1 + OvmfPkg/OvmfPkgIa32X64.dsc = | 1 + OvmfPkg/OvmfPkgX64.dsc = | 1 + SecurityPkg/SecurityPkg.dsc = | 4 + SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf = | 47 + SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf = | 79 ++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.= inf | 2 + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefau= ltKeysDxe.inf | 45 + SecurityPkg/Include/Library/SecureBootVariableLib.h = | 251 +++++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvDa= ta.h | 2 + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr= | 6 + SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c = | 109 +++ SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c = | 980 ++++++++++++++++++++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl= .c | 343 ++++--- SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefau= ltKeysDxe.c | 68 ++ ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc = | 70 ++ SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni = | 16 + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStri= ngs.uni | 4 + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefau= ltKeysDxe.uni | 16 + 23 files changed, 1874 insertions(+), 188 deletions(-) create mode 100644 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultK= eysApp.inf create mode 100644 SecurityPkg/Library/SecureBootVariableLib/SecureBootVar= iableLib.inf create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys= Dxe/SecureBootDefaultKeysDxe.inf create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h create mode 100644 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultK= eysApp.c create mode 100644 SecurityPkg/Library/SecureBootVariableLib/SecureBootVar= iableLib.c create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys= Dxe/SecureBootDefaultKeysDxe.c create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc create mode 100644 SecurityPkg/Library/SecureBootVariableLib/SecureBootVar= iableLib.uni create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys= Dxe/SecureBootDefaultKeysDxe.uni -- 2.25.1 IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you.