From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR03-AM5-obe.outbound.protection.outlook.com (EUR03-AM5-obe.outbound.protection.outlook.com [40.107.3.62]) by mx.groups.io with SMTP id smtpd.web11.5577.1622794272758570577 for ; Fri, 04 Jun 2021 01:11:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=ovPSVgsc; spf=pass (domain: arm.com, ip: 40.107.3.62, mailfrom: sunny.wang@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KAoRmRIGeV1Uq49Hxan+YnenwaDHP5feSzO9Nc8/eSw=; b=ovPSVgscy+U/aBA5T09G5aB3QNKDCgu3/ZTfZaIJm31BW7i6wH/2Qxnyae3zZCIg4Nl9Dxsgv8sAfsd65VfsjWl2Rup06SEBcSGY3UidL09ca6hhDJrExkSoWC/vk2nCwOERNJv7dfW3e5Rqd0GYpEl3NNwEY51isnvKJF1dKaM= Received: from DU2PR04CA0257.eurprd04.prod.outlook.com (2603:10a6:10:28e::22) by VI1PR08MB4080.eurprd08.prod.outlook.com (2603:10a6:803:df::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.27; Fri, 4 Jun 2021 08:11:08 +0000 Received: from DB5EUR03FT056.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:28e:cafe::f2) by DU2PR04CA0257.outlook.office365.com (2603:10a6:10:28e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.20 via Frontend Transport; Fri, 4 Jun 2021 08:11:08 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT056.mail.protection.outlook.com (10.152.21.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.21 via Frontend Transport; Fri, 4 Jun 2021 08:11:08 +0000 Received: ("Tessian outbound bf434e582664:v93"); Fri, 04 Jun 2021 08:11:08 +0000 X-CR-MTA-TID: 64aa7808 Received: from 7af354c98d0c.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 25E48FD4-22E3-48F5-9C6F-AD07CF0F9403.1; Fri, 04 Jun 2021 08:11:02 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 7af354c98d0c.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 04 Jun 2021 08:11:02 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VFL/J+CaZilnZD9u0SsiJ+XvQCIyy4ShXv8ERh/kOcz6Up8dzIjMaACRawembfdDpK+5bVjdtk7lXX+CFe9/Vh13XYdelaxSEDsgZhD8hxq7LOiAJADJX3sVUoVO/Jd76S4HxzZhs1tcIEEmwRWOeEeVmhPqakW+sp7zBYY8dnnoTC1gmwwnyRPkFo85lTg1+mAZ5ZHUKz61wuoskKmGL6kjAXt76r1GYvSs8b0kZPydy+eJXFbn3qTBq7T9gCJDFLgVqiLYPdviEQohHMmcvuRPgiauKHGBa7IGJ3s/s2d+Gq3BQ08l24p61WMr86fVa35j13sExs5DAr8AeK/vUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KAoRmRIGeV1Uq49Hxan+YnenwaDHP5feSzO9Nc8/eSw=; b=S4cRJZ+UiKGut8AOVkBVem/7skA3dCXshi6rFY74x2GHDrx76Y/J7rSjQE3vVi/prNGrQOvT8A00+gS1Go61y5A3RjuhqCU+Zc1iLJ2LM4Mq+blqQt+J9lPHlOZjfI1gJSWq60IbxZUuAtRgNTKHRS0DcYn5hbwZHhuVJISQrgpC5IpLHLDHqpnMgqm5FVuU5M+xekvFKG3YntWcjzXhYhASePGLf7qfdD9iHIt+XmFpItXjm65Tr2n3LNwFdmGoM0Hk+GpT0O9xJbpsCrKFpjgQGnFxfk8TdaIl8qdTdiyyc3fttBl20day3l3NghygAH3Fnp1j7hY+Pb8VA3tHWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KAoRmRIGeV1Uq49Hxan+YnenwaDHP5feSzO9Nc8/eSw=; b=ovPSVgscy+U/aBA5T09G5aB3QNKDCgu3/ZTfZaIJm31BW7i6wH/2Qxnyae3zZCIg4Nl9Dxsgv8sAfsd65VfsjWl2Rup06SEBcSGY3UidL09ca6hhDJrExkSoWC/vk2nCwOERNJv7dfW3e5Rqd0GYpEl3NNwEY51isnvKJF1dKaM= Received: from DB8PR08MB3993.eurprd08.prod.outlook.com (2603:10a6:10:ad::26) by DB9PR08MB6601.eurprd08.prod.outlook.com (2603:10a6:10:23e::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.22; Fri, 4 Jun 2021 08:11:01 +0000 Received: from DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::9154:9191:b8a3:388c]) by DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::9154:9191:b8a3:388c%7]) with mapi id 15.20.4195.024; Fri, 4 Jun 2021 08:11:01 +0000 From: "Sunny Wang" To: Grzegorz Bernacki , "devel@edk2.groups.io" , "lersek@redhat.com" CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , Samer El-Haj-Mahmoud , "mw@semihalf.com" , "upstream@semihalf.com" , "jiewen.yao@intel.com" , "jian.j.wang@intel.com" , "min.m.xu@intel.com" , Sunny Wang Subject: Re: [PATCH v2 2/6] SecurityPkg: Create include file for default key content. Thread-Topic: [PATCH v2 2/6] SecurityPkg: Create include file for default key content. Thread-Index: AQHXVufcQIGXWOQWd0G5bRD3VBYgtasDfp8g Date: Fri, 4 Jun 2021 08:11:00 +0000 Message-ID: References: <20210601131229.630611-1-gjb@semihalf.com> <20210601131229.630611-4-gjb@semihalf.com> In-Reply-To: <20210601131229.630611-4-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 71E5EDB9B1DD36478B9E192E30E954CA.0 x-checkrecipientchecked: true Authentication-Results-Original: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; x-originating-ip: [36.226.217.156] x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: bea74e8c-1005-4539-5dcb-08d927304ebb x-ms-traffictypediagnostic: DB9PR08MB6601:|VI1PR08MB4080: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: kpyxQ+52Bq89aaKSlHacNXE9UahlLzXSfh4XIRt9n7Xjn3P31hov6aSo75rhRG3dAB29TI9wPnm0s8PaEXTgZnbonlBQWMrftGicBhnbeLcL9ZzbnJRqCTPTjGdkRawUci86xmFJ6o0KpWq9XAOrmOf+XPG97FwzPbYX6esHnnHVRUtWV3J9u8+RyB1MH2W8N0c/2GPm4oIziSsGV0UFY2udXAgLYpfRvPE1TsC56Odb55SXFFANjHPsKbLcIL25g6Eqq+mLuV/J4v6qoWMcuR+MRpe7jhff8QXd4OD8A9KaMxm+lyHqnkQWF4u/m/gjoR451u1eO9luKROL48IsE61v91iUBjl9wEw4g0ZMjgJhqZD6SxBrTaH7TGdtWE4swQAJNX63gi/UR272+ZPCpUSxXu/tnPXFVOaTSOt8yGNA8EkjCOenaQKlb32F/TqWfGCoIZOnXh3BuyXHXLV66J6nODLX6p58Ksr0X8OUUT0Z6abbGgdYe1S4PpUmK3WxMw5FSUTgxQ28qt/N/Jy6N0HoiNPCTHKJLPE7tKN5/Plo+22Hmko7mDTMMNs54HQnhDD2k3xfOfjeHP7oDz+NTlRxZ+HuMDAvSPSpSPHe+Bc= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR08MB3993.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(39860400002)(396003)(376002)(366004)(136003)(71200400001)(316002)(76116006)(64756008)(66476007)(66946007)(66556008)(54906003)(66446008)(110136005)(5660300002)(33656002)(52536014)(2906002)(4326008)(7416002)(8936002)(8676002)(55016002)(9686003)(15650500001)(478600001)(38100700002)(122000001)(86362001)(26005)(7696005)(6506007)(53546011)(186003)(83380400001);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?NWru7OE7a57Zmj2r3RGtj0yDmuslMgW8M2S3WWNFnR/BDYQ6NHr/++XtFbhb?= =?us-ascii?Q?AD4IlLgbFQp5GMaG1Be2OHIl2EGPWayIj22M1nMkYVH6tP8bGSkfB4Mktgub?= =?us-ascii?Q?O5+qVTtoSaXbRy7HxDMLRgTozSLBnBN7jyLFRjkz7kvQvPuGFPAz9QBHjltY?= =?us-ascii?Q?cnn3q41O6tc7sg70q23Tfpzq1SS4OvRIdc3W0rhowQKPIdUhDSRLrsWp5aq4?= =?us-ascii?Q?6BytFlI/nz4Ipt2aXAUsZoOpBMWdeV7LtqgxgRLTB8vepeF1h2wL+8ORghXc?= =?us-ascii?Q?X3qTYq5zXyuaJDb16co0U4+21Y41jRyPKNeSDwbjdShUbecQvqGo98akTgnf?= =?us-ascii?Q?Ng9QbPu+PnjaAtCRUmjkXF8O+m/svKkMghLhMLI9Siju/y6JOzV++TCQvIx4?= =?us-ascii?Q?9kIJ1mdBP05b0S4toNrG5S6kR4WhD1+Eu38wrF5USCNYRJQJDp8R47aWcltr?= =?us-ascii?Q?GtC4pNdowzwqXa8xIPGwlDKC39KHks1YNyrTGDvO2nlSr4TjjNn+mGztc9E4?= =?us-ascii?Q?MEK8Yoadjmn+naYZk+H8lh0bd1fCFHauOverp8abz7nx3Y19ardrJfljPayl?= =?us-ascii?Q?d4XMW3kLKlHB1j6TQHMneU2qJo5BUwjZarTtcxdZNE/3E7YwjgTEurQnWQwZ?= =?us-ascii?Q?BPHg2uj3y1v7hmcPVLgjq9xvgpoVWDylSZHOfr6BdSuAcMJyPDuVEoYgN2U9?= =?us-ascii?Q?wbM1ktVpmb/VDWKejxUwM+QwWLwKaowxkkWnl3v+DS2r1WzIvjBdhGo2zYYc?= =?us-ascii?Q?M7DG+aXufb/W0Pd4rAE/IgGfrPGiruV+d2MHPqD8gmlkr1lPi0Y/6fIwKvw2?= =?us-ascii?Q?PjTZsJ/p9jy0QCXAIEfY+gma6F88tgC9iVZSiyO+vhExQacawncPswG1XAeO?= =?us-ascii?Q?Qf4fr7pZVL/wdsMckHUQEFwiQyUN4fq6ud7wG6C7p8eHfrotQr2SLkIT8pJP?= =?us-ascii?Q?hb7JKxOl7lUCdYvqTkKmHR8sI28co5pxfHEn9V9LmbjkY4rWoIH0kuJTnqpy?= =?us-ascii?Q?p2AyVfBKEkVVdkdel/jhzyRpTFB4u9TvYrboXKTlfpSHHwpmSXH2uNOZUp6n?= =?us-ascii?Q?p0Xqi0nmqa/f3GwQ/sSK9SAzPnulcTUPNC7G/FK/mFQ6s58WWidU3g4Lw59X?= =?us-ascii?Q?EKWdrmsRBSN6nu3Z0yeSghOgG1qCD3f1MdNNj6WMrzeX9Tk9mokp6yOueueu?= =?us-ascii?Q?F60QJvXpHZyGkiXTUdBqeS0DB6D+iUp0UsJFMj8Dx7CYTTOpE4Y5uascFH1V?= =?us-ascii?Q?2TrF46UsYF0+CopYHFijqKx2SUn8Yp5Wv5pwrNfwT+b+xvnXaF6hlEigqoDN?= =?us-ascii?Q?5v+6Nv9VmHKQvEws8a/uJKgK?= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6601 Original-Authentication-Results: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=arm.com; Return-Path: Sunny.Wang@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT056.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: ddf2e148-f948-49cc-a83d-08d927304a72 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HpMzBdRs/UUIq8u2bFds+m/0rtRSPxeT+JscOOsDYAEFaJACQTwY4hIXwzw5mwKx7D3KRVGTKpJdYQBuYFiksmApURDESelVkNDlxd4W7cCN21c+XAVJsg/qWXeCxnQBdlCUwM2L3Y2J6LWRQ9PK87WHvad1v5BdxE2yMQ0SiGMqvCLUrMnqSMbsbgzBFtZgpMLFZUelzGfa/fLSo5PUolBOcdEdsft87WTShnyVxJmlGMCj14BbX3deDQvN8dgbSvt0GGqh75DqXE2j4nAFA3bANqpuj5/A7x5wKsICqAt3IckJFbqQWpp6RhHgnei4P/tDXIBQCVVuildip1BU9V4SbSNUZUIwt1p/zWpKAC4VeECsOfoRII/L3xBysY/LnWaVkk6/vKwtlJHfoSPs2uNJAnRvOUo+j3aezaDz34L73nioIUU0XTLWUtd4aW2WagRUzU08Kni1HclVTq+Rm77Sr2xGervYiAD2s6Y6Zz4vZsCIc2IfXceI1qsHNwtHyTpEDpwj/4MfTnrpVzBJL2psBM99gZ6GQvK/K2vySdzqMqdrxCKQKoYS3Rl0V84KcPMwWYP7gTSOUdbkFQGWHpX6cwcjBmyzZV8xW181nDII65gBrYuxpiWnub/sTyczjANP5b5aDRPRUHSzYOAGdA== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(346002)(376002)(396003)(39860400002)(136003)(46966006)(36840700001)(47076005)(186003)(2906002)(4326008)(26005)(82740400003)(86362001)(15650500001)(36860700001)(70206006)(6506007)(82310400003)(336012)(81166007)(9686003)(33656002)(8676002)(5660300002)(52536014)(55016002)(356005)(7696005)(8936002)(54906003)(110136005)(316002)(70586007)(53546011)(478600001)(83380400001);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jun 2021 08:11:08.2376 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bea74e8c-1005-4539-5dcb-08d927304ebb X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT056.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB4080 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Internally reviewed this patch before sending the edk2 mailing list and It = looks good to me. Please also address Min M's good catch/comment. Reviewed-by: Sunny Wang Hi Laszlo, if you have time, I think you can still review this patch because this patc= h is a simple one and is based on your valuable feedback in RFC. It would b= e good to get your review on this one. :) Thanks, Sunny -----Original Message----- From: Grzegorz Bernacki Sent: Tuesday, June 1, 2021 9:12 PM To: devel@edk2.groups.io Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud ; Sunny Wang ; mw@semihalf.co= m; upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com; min.= m.xu@intel.com; lersek@redhat.com; Grzegorz Bernacki Subject: [PATCH v2 2/6] SecurityPkg: Create include file for default key co= ntent. This commits add file which can be included by platform Flash Description File. It allows to specify certificate files, which will be embedded into binary file. The content of these files can be used to initialize Secure Boot default keys and databases. Signed-off-by: Grzegorz Bernacki --- SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc b/SecurityPkg/Secure= BootDefaultKeys.fdf.inc new file mode 100644 index 0000000000..056586b204 --- /dev/null +++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc @@ -0,0 +1,62 @@ + +!if $(DEFAULT_KEYS) =3D=3D TRUE + FILE FREEFORM =3D 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { + !ifdef $(PK_DEFAULT_FILE) + SECTION RAW =3D $(PK_DEFAULT_FILE) + !endif + SECTION UI =3D "PK Default" + } + + FILE FREEFORM =3D 6f64916e-9f7a-4c35-b952-cd041efb05a3 { + !ifdef $(KEK_DEFAULT_FILE1) + SECTION RAW =3D $(KEK_DEFAULT_FILE1) + !endif + !ifdef $(KEK_DEFAULT_FILE2) + SECTION RAW =3D $(KEK_DEFAULT_FILE2) + !endif + !ifdef $(KEK_DEFAULT_FILE3) + SECTION RAW =3D $(KEK_DEFAULT_FILE3) + !endif + SECTION UI =3D "KEK Default" + } + + FILE FREEFORM =3D c491d352-7623-4843-accc-2791a7574421 { + !ifdef $(DB_DEFAULT_FILE1) + SECTION RAW =3D $(DB_DEFAULT_FILE1) + !endif + !ifdef $(DB_DEFAULT_FILE2) + SECTION RAW =3D $(DB_DEFAULT_FILE2) + !endif + !ifdef $(DB_DEFAULT_FILE3) + SECTION RAW =3D $(DB_DEFAULT_FILE3) + !endif + SECTION UI =3D "DB Default" + } + + FILE FREEFORM =3D 36c513ee-a338-4976-a0fb-6ddba3dafe87 { + !ifdef $(DBT_DEFAULT_FILE1) + SECTION RAW =3D $(DBT_DEFAULT_FILE1) + !endif + !ifdef $(DBT_DEFAULT_FILE2) + SECTION RAW =3D $(DBT_DEFAULT_FILE2) + !endif + !ifdef $(DBT_DEFAULT_FILE3) + SECTION RAW =3D $(DBT_DEFAULT_FILE3) + !endif + SECTION UI =3D "DBT Default" + } + + FILE FREEFORM =3D 5740766a-718e-4dc0-9935-c36f7d3f884f { + !ifdef $(DBX_DEFAULT_FILE1) + SECTION RAW =3D $(DBX_DEFAULT_FILE1) + !endif + !ifdef $(DBX_DEFAULT_FILE2) + SECTION RAW =3D $(DBX_DEFAULT_FILE2) + !endif + !ifdef $(DBX_DEFAULT_FILE3) + SECTION RAW =3D $(DBX_DEFAULT_FILE3) + !endif + SECTION UI =3D "DBX Default" + } + +!endif -- 2.25.1 IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you.