From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR01-HE1-obe.outbound.protection.outlook.com (EUR01-HE1-obe.outbound.protection.outlook.com [40.107.13.49]) by mx.groups.io with SMTP id smtpd.web11.5666.1622795096444890203 for ; Fri, 04 Jun 2021 01:24:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=fLkjUrTO; spf=pass (domain: arm.com, ip: 40.107.13.49, mailfrom: sunny.wang@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QcsZuH6jFJUgmGjbQVvoMRCSYbhZQPUSgCV2+87hPsk=; b=fLkjUrTOq/t55jlmno/WoGz5a0r0MSHo8zom2W5nYv2lYFjn2c8FO8FmiYrDfp/W8McM7FTtACPKCMLZ1eWUcJUVl4iPxqtvNnthQt1yOC0i9GF/jgd0uY5ENvugVEYIprsV8CfkQIF54fgN2v4MKTQqLowQ2eF+5TgccvcJ6dE= Received: from DB3PR08CA0035.eurprd08.prod.outlook.com (2603:10a6:8::48) by VI1PR0801MB1647.eurprd08.prod.outlook.com (2603:10a6:800:59::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.27; Fri, 4 Jun 2021 08:24:53 +0000 Received: from DB5EUR03FT053.eop-EUR03.prod.protection.outlook.com (2603:10a6:8:0:cafe::e) by DB3PR08CA0035.outlook.office365.com (2603:10a6:8::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.22 via Frontend Transport; Fri, 4 Jun 2021 08:24:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT053.mail.protection.outlook.com (10.152.21.119) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.21 via Frontend Transport; Fri, 4 Jun 2021 08:24:52 +0000 Received: ("Tessian outbound 2977cc564e34:v93"); Fri, 04 Jun 2021 08:24:52 +0000 X-CR-MTA-TID: 64aa7808 Received: from b0b436066f77.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 103B4489-6C07-41C6-BBBF-82E9A6BAE9C1.1; Fri, 04 Jun 2021 08:24:47 +0000 Received: from EUR03-DB5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id b0b436066f77.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 04 Jun 2021 08:24:47 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kBDLOv7ZGiFeUnW51jtq6VEMo/KXumtBw5gvG8ZQrxnwknxBjJcp5EMdtcz99b+5YubFA/nGaRRtzOQZyW8M6vYMtq1mP0jlpIyrZcNVxarLIrKIXY/6/IqyeexpNXWiA5yaROD9INZWQ64OnEt2YroBxyaTWyCqmMigvyY31xbSqge2fXK68zOLytF0DYw1MIy+wG93XZvEyxdH57cDwNjPhmZMwgLw3Cz2bREr4/IHWqADqdB/taj7/fE5TrMrJle0qbdwPIuHa2ri5jgpZj1VNwDOE6WsLlQM6222O5Swadl65pjVzeRp5ll658sieP6gNbOBuChyp/drFD8i7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QcsZuH6jFJUgmGjbQVvoMRCSYbhZQPUSgCV2+87hPsk=; b=SrdjcuueNYkJGWwkGnNs4XbVGBwRT5UYjzR07US5LDebtaqWx1FmEUWhJ2h61BwWXF8s+fmPrajo7VZ1jtlnSe+BeeWpZSclppWXDQeZtx/DzzXeMc6Ib2MRm5FBjXZTbpbj4ZMHrDPYTPOK10JyokCsskab9t1nRLwNuDMgQenCmpqszcOd994M3u++RylmMwn7UmvU3xls8dKxXG85duYza9LCwTmtaht+mffAujzsXtS1GKWHn+OTzlXNCMJqaDSZnKKDsIE3IM2SUBSUoBSCSqAC1BzQxJXwP9+k18XCnL1VV0njuua1KPox7426BtWW3UHTQbfqzKnSjpWU1w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QcsZuH6jFJUgmGjbQVvoMRCSYbhZQPUSgCV2+87hPsk=; b=fLkjUrTOq/t55jlmno/WoGz5a0r0MSHo8zom2W5nYv2lYFjn2c8FO8FmiYrDfp/W8McM7FTtACPKCMLZ1eWUcJUVl4iPxqtvNnthQt1yOC0i9GF/jgd0uY5ENvugVEYIprsV8CfkQIF54fgN2v4MKTQqLowQ2eF+5TgccvcJ6dE= Received: from DB8PR08MB3993.eurprd08.prod.outlook.com (2603:10a6:10:ad::26) by DBBPR08MB6267.eurprd08.prod.outlook.com (2603:10a6:10:20d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.24; Fri, 4 Jun 2021 08:24:46 +0000 Received: from DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::9154:9191:b8a3:388c]) by DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::9154:9191:b8a3:388c%7]) with mapi id 15.20.4195.024; Fri, 4 Jun 2021 08:24:46 +0000 From: "Sunny Wang" To: Grzegorz Bernacki , "devel@edk2.groups.io" , Bret Barkelew CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , Samer El-Haj-Mahmoud , "mw@semihalf.com" , "upstream@semihalf.com" , "jiewen.yao@intel.com" , "jian.j.wang@intel.com" , "min.m.xu@intel.com" , "lersek@redhat.com" , Sunny Wang Subject: Re: [PATCH v2 4/6] SecurityPkg: Add EnrollFromDefaultKeys application. Thread-Topic: [PATCH v2 4/6] SecurityPkg: Add EnrollFromDefaultKeys application. Thread-Index: AQHXVufcr9nh6LPSlUizfSn9mskqbqsDhdRg Date: Fri, 4 Jun 2021 08:24:46 +0000 Message-ID: References: <20210601131229.630611-1-gjb@semihalf.com> <20210601131229.630611-6-gjb@semihalf.com> In-Reply-To: <20210601131229.630611-6-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 257C2D2CB3935D45A3C6E24567B3C083.0 x-checkrecipientchecked: true Authentication-Results-Original: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; x-originating-ip: [36.226.217.156] x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: 0741d6a9-e269-42c3-4615-08d927323a48 x-ms-traffictypediagnostic: DBBPR08MB6267:|VI1PR0801MB1647: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:7691;OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: ydq03UiWpjY+SUw0l7rcwxm4Ey5mrCm5Izd0SmykfCyunQiiFussJ0+/NqZoyVEinN7DthOY929NWFggldCR3KfvSJ+UAaduW9Jv1QHGysZum4yYKomPLnZEShUPbt0zr+jMr28yyg714ucPsqnBD1LElq3OasLsYQZC+pStPngRwymI4XSjZIVP43/98A62Wa1sbfCV9WPbEUtGQNid2/QzsoKD9C1jciRxpwc2a6mC0jbhifG2ROCdoP6+Pp7Se6NGN92tpWvuQlCm1rNXOYiy42P3XgW1XiwSc7A9yP729r8Xp0F2XLDQmec3OnKMR3IzjEQqNljqjShk4ID5O6iGmou1t07hHDmncpEfCScYxvq3bd13wkflsn5dZU7nOcUWIiAhh0LNqhBO5xs9e0WSKGbH155TZAPy5uGC0MPbT8+E63nW0XLm8evpqhp+bkEMOhvcX6yDL8CKQKuOH7p6+W+90/6uu7SlQ1htsHEimRltol9McbvGY34D3gC0PclqJg1GIC8xVAGxEm1QPzLS0/GmLcYD0jljfcq8OdNU9yWNwWIi1PRL2dR1smgQo1YVNJuX11vlOwFDkVpYzxHM1mv9yNmgMpesJWdyFTg= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR08MB3993.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(39860400002)(346002)(376002)(136003)(7416002)(316002)(110136005)(55016002)(66476007)(2906002)(5660300002)(76116006)(66446008)(66556008)(64756008)(66946007)(54906003)(52536014)(33656002)(122000001)(8676002)(71200400001)(38100700002)(8936002)(7696005)(19627235002)(478600001)(86362001)(186003)(4326008)(53546011)(9686003)(6506007)(15650500001)(26005)(83380400001);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?9AZ4DvduJpAWhC964sWHanivz+qVFQMh4NoBlQfG7Dp2M6ygnFGIMdFi+/FV?= =?us-ascii?Q?MdPFhDhrSg14aJ9wTaN4flyNC+Yu/X5tfxTRl70ya5XfcT1VwfdmtgKuRdoa?= =?us-ascii?Q?AYFnjYb+CG9a0xcUFcx0p0u4aLyPYBW0wlnRJ7wwyHK0+Tm3jCObsiORdlXR?= =?us-ascii?Q?LIzoDT9/Ix/AgEr4Y51ZX/hNNsGZtFk2SrpyUsDsntN40qZo+uI8KVEhFYT8?= =?us-ascii?Q?TNT7jklfBrshKauA4YxT9zG5ILPPMi4V1IeOlTszsq979TbOggS6wwm2ZB2w?= =?us-ascii?Q?VXnBw9Ns8V5l43QLfWtftuwjSU8SAac0VSjTm0cBvuLsyW5ZFI2yA1HsytBY?= =?us-ascii?Q?MPVJXh7iwuEcu6ROd/rObsIB4QBUFq8ZM0CAoDdva1bR+88LBAoSOXu2GPxf?= =?us-ascii?Q?Nwlg8GfrR6GcmyojbY9kCWZyhB9Gzu8SwN8wYagJXp9A5xLOr/3bh3ilFWXe?= =?us-ascii?Q?vrl1Z9NVJVmi9Q2xOgjfktfQhQecLuXa5n32X44c+unWwKqxYeHrA0x9M1Ou?= =?us-ascii?Q?4twG7P4diS/vnQEwJ8929wDRjhJZMIuBx8/Mal1ykTBxYGj0YWfwoMkqKWTB?= =?us-ascii?Q?jAch3z22p3TdTjhes0Qd1AY9MrKI9ewJH1Fzrhrnupbj6gNReOk1C1w7w/cR?= =?us-ascii?Q?vpf2rb/bEQkwVsFF44fnKUc0qZ6eOxluejm0I6FO6VbEUnJbDAnRnL//swDS?= =?us-ascii?Q?XnBzf4IRHHqUll7mNH54wa9oaQYRHnHZtYqMzuB/zSeQbUCq50pgGebcpBcm?= =?us-ascii?Q?XP4ngLn45ish4vT9qrfOr3QAilIIco32A+iOsCs2864fQlaFZvuCJTDgF5q4?= =?us-ascii?Q?vDCzA7Xlive1naoRsSGgDerFVf/Q+9lHOYhu9YfNg4FovaH0jh7EpITECESC?= =?us-ascii?Q?q3G5fbaqhmLmqCJKcANJFuG0K1GYXIi0OWCaOuTQawRlNGqnLsbd2dur2bId?= =?us-ascii?Q?9ZZXvUWUiwQ1yHe0GFM0n5inApEH4mMxLjUTsBftEdLnE2KTGsNJu/oudHLm?= =?us-ascii?Q?Vr2/Sccen93iNUrtkKeYH+jNuaFILHLlIHRqPKgPfQV860JITC/Ae6zDm82S?= =?us-ascii?Q?sluzIkRvBo3bauw9hp1ZWXiJS+9ASTAq1BZW2EE7PXzOibLm/ByT2/mTAQjg?= =?us-ascii?Q?DLXbtT9imUBCNj1CfT5C0Zca0EaKKBUkVm+laYraI9gxWKqV8JcpkpY+28Uu?= =?us-ascii?Q?3Ksp7LThbN9A2CZnsP8L1eYdWzfQoPLg/N/30RkhNWhXxOBb0gxvEAxeQQh5?= =?us-ascii?Q?4/ogGVRFwgzr9bo9Jx59jEc0PcYiTRwd1U8BHT36GcmN+K/+qiRLXzw3yAL8?= =?us-ascii?Q?p8wBpN89FCyzaE+gvXLFUQ8x?= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB6267 Original-Authentication-Results: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; Return-Path: Sunny.Wang@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT053.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 1f8614d4-31e2-45df-c72c-08d92732364e X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: P4AwNuHvOs6pAr8J4dCfvS1EIft49qUg5QDRsd26KoWcdGH4+HPa5u+PPjx3weHmGXoRZ/03YmHm6AOwbMHAjpDam3D3SHDiJCxm0x/7db0k9ncBYRkaBeT6d9rcg6e0743tcDfOcnDE6aAGi5OnZIsfUEb+NnIU8PHnQRJjd/d4kWdFn6PtLlkuUnOARltZw5naXaFruW8qxjDuqK6JGXoFNCmIEUhy3dkt4Nxk94d/3K98CE2Zr6FK0nWb8sKs6LTnGRjQCm4CflE7VP8aeU8uxCBVrtyn17w5TuK5Egnge/e20rbeEOl6b/gVOYUBxSmKGPMJd2nv4YS+GS3NNlbkoW/RVdsdvHS9G8k8UHn1BYQ/dFOQBK+TNb2q0IVq/azpH/I/E60+FiEKuAQOpwwaoIllwDcHfa5xk0QQRwlEMqnjcxlFtYpN5eBdvPTFa6XSxB45rzT5OaYum1t2TqyQvIOOH3/+JEUzulm00AFSmuk8xJHuyyshhL7FnUdNMaQSG7gcj/Xk20FhbujFn358QC2nS8Xlvp1p/q01pwMa1X7zxudwD2Sk0AcHNT8Pj00UbWPLtXXPXHkNXJMrXc0NMuUz8+8nY7jliq1nnkxU53ExJPG9msN9z0KKFerwozchQpHvsaAK1a3Yu/9bIw== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(346002)(136003)(376002)(396003)(39860400002)(36840700001)(46966006)(5660300002)(86362001)(26005)(8936002)(54906003)(70586007)(83380400001)(478600001)(70206006)(15650500001)(82310400003)(52536014)(110136005)(186003)(36860700001)(7696005)(2906002)(81166007)(356005)(336012)(6506007)(82740400003)(8676002)(4326008)(47076005)(316002)(33656002)(55016002)(9686003)(19627235002)(53546011);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jun 2021 08:24:52.9219 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0741d6a9-e269-42c3-4615-08d927323a48 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT053.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1647 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Internally reviewed this patch before sending the edk2 mailing list and Gre= g already addressed all my comments, so It looks good to me. Reviewed-by: Sunny Wang As for Bret's comment, the "#define FAIL(fmt...).. " was added for addressi= ng my internal review comment for better maintenance. If this would cause a= n error with some compilers, I'm fine with reverting FAIL() macro related c= hanges. Best Regards, Sunny Wang -----Original Message----- From: Grzegorz Bernacki Sent: Tuesday, June 1, 2021 9:12 PM To: devel@edk2.groups.io Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud ; Sunny Wang ; mw@semihalf.co= m; upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com; min.= m.xu@intel.com; lersek@redhat.com; Grzegorz Bernacki Subject: [PATCH v2 4/6] SecurityPkg: Add EnrollFromDefaultKeys application. This application allows user to force key enrollment from Secure Boot default variables. Signed-off-by: Grzegorz Bernacki --- SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf | 47 ++= +++++++ SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c | 107 ++= ++++++++++++++++++ 2 files changed, 154 insertions(+) create mode 100644 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultK= eysApp.inf create mode 100644 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultK= eysApp.c diff --git a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.= inf b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf new file mode 100644 index 0000000000..4d79ca3844 --- /dev/null +++ b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf @@ -0,0 +1,47 @@ +## @file +# Enroll PK, KEK, db, dbx from Default variables +# +# Copyright (c) 2021, ARM Ltd. All rights reserved.
+# Copyright (c) 2021, Semihalf All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 1.28 + BASE_NAME =3D EnrollFromDefaultKeysApp + FILE_GUID =3D 6F18CB2F-1293-4BC1-ABB8-35F84C71812E + MODULE_TYPE =3D UEFI_APPLICATION + VERSION_STRING =3D 0.1 + ENTRY_POINT =3D UefiMain + +[Sources] + EnrollFromDefaultKeysApp.c + +[Packages] + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[Guids] + gEfiCertPkcs7Guid + gEfiCertSha256Guid + gEfiCertX509Guid + gEfiCustomModeEnableGuid + gEfiGlobalVariableGuid + gEfiImageSecurityDatabaseGuid + gEfiSecureBootEnableDisableGuid + +[Protocols] + gEfiSmbiosProtocolGuid ## CONSUMES + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + PrintLib + UefiApplicationEntryPoint + UefiBootServicesTableLib + UefiLib + UefiRuntimeServicesTableLib + SecureBootVariableLib diff --git a/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.= c b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c new file mode 100644 index 0000000000..1907ce1d4e --- /dev/null +++ b/SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c @@ -0,0 +1,107 @@ +/** @file + Enroll default PK, KEK, db, dbx. + +Copyright (c) 2021, ARM Ltd. All rights reserved.
+Copyright (c) 2021, Semihalf All rights reserved.
+ +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include // gEfiCustomModeEnableGu= id +#include // EFI_SETUP_MODE_NAME +#include // EFI_IMAGE_SECURITY_DAT= ABASE +#include // GUID_STRING_LENGTH +#include // CopyGuid() +#include // ASSERT() +#include // FreePool() +#include // AsciiSPrint() +#include // gBS +#include // AsciiPrint() +#include // gRT +#include +#include + +#define FAIL(fmt...) AsciiPrint("EnrollFromDefaultKeysApp: " fmt) + +/** + Entry point function of this shell application. +**/ +EFI_STATUS +EFIAPI +UefiMain ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + UINT8 SetupMode; + + Status =3D GetSetupMode (&SetupMode); + if (EFI_ERROR (Status)) { + FAIL ("Cannot get SetupMode variable: %r\n", Status); + return 1; + } + + if (SetupMode =3D=3D USER_MODE) { + FAIL ("Skipped - USER_MODE\n"); + return 1; + } + + Status =3D SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + FAIL ("Cannot set CUSTOM_SECURE_BOOT_MODE: %r\n", Status); + return 1; + } + + Status =3D EnrollDbFromDefault (); + if (EFI_ERROR (Status)) { + FAIL ("Cannot enroll db: %r\n", Status); + goto error; + } + + Status =3D EnrollDbxFromDefault (); + if (EFI_ERROR (Status)) { + FAIL ("Cannot enroll dbt: %r\n", Status); + } + + Status =3D EnrollDbtFromDefault (); + if (EFI_ERROR (Status)) { + FAIL ("Cannot enroll dbx: %r\n", Status); + } + + Status =3D EnrollKEKFromDefault (); + if (EFI_ERROR (Status)) { + FAIL ("Cannot enroll KEK: %r\n", Status); + goto cleardbs; + } + + Status =3D EnrollPKFromDefault (); + if (EFI_ERROR (Status)) { + FAIL ("Cannot enroll PK: %r\n", Status); + goto clearKEK; + } + + Status =3D SetSecureBootMode (STANDARD_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + FAIL ("Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n" + "Please do it manually, otherwise system can be easily compromised\n= "); + } + return 0; + +clearKEK: + DeleteKEK (); + +cleardbs: + DeleteDbt (); + DeleteDbx (); + DeleteDb (); + +error: + Status =3D SetSecureBootMode (STANDARD_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + FAIL ("Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n" + "Please do it manually, otherwise system can be easily compromised\n= "); + } + + return 1; +} -- 2.25.1 IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you.