From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by mx.groups.io with SMTP id smtpd.web11.1901.1600458083236372361
 for <devel@edk2.groups.io>;
 Fri, 18 Sep 2020 12:41:23 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=jnN5bPD+;
 spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: divneil.r.wadhawan@intel.com)
IronPort-SDR: IH2uDwagW5IJGVF9X1n801w+6PFyGtcnk9WbS37wcc0LdDqfVVqytJ2NG1086Td/TEaz/g5e1w
 N28Z8Cldb30A==
X-IronPort-AV: E=McAfee;i="6000,8403,9748"; a="157418309"
X-IronPort-AV: E=Sophos;i="5.77,274,1596524400"; 
   d="scan'208,217";a="157418309"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Sep 2020 12:41:16 -0700
IronPort-SDR: Cn5dbiNORh7pHDLs3U3klCCB0KK2ypne4Of5Sikr1G9vx1h03znSuRnkvAV7tOOX1F3PPAzyRX
 E2Os6Cn4mkfg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.77,274,1596524400"; 
   d="scan'208,217";a="452883729"
Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15])
  by orsmga004.jf.intel.com with ESMTP; 18 Sep 2020 12:41:15 -0700
Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by
 ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Fri, 18 Sep 2020 12:41:15 -0700
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by
 orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5
 via Frontend Transport; Fri, 18 Sep 2020 12:41:15 -0700
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (104.47.46.59) by
 edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.1713.5; Fri, 18 Sep 2020 12:41:15 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=GbWPg4B7/gtk7OZnTkCOuLIbFSlOZyaO8ZgMYkcUp+eZ8RLI+MyT3fvtmahaH3MyfaOhHpjhbw3oCOLFtq+8JqkDKj5yRhKhSbzUJsZdnJFWw23m4XTuM3MR/0U/gPMNiYXx7IcfIvwY98m0181SurJjLFa+IfEUIP7WXg38tU4fd3ZTos5GdQew8SZu/S1AgL1Lx1RqHVjnH5jpaA15N5/5TlHkUhAXdSS8wwSd9vz39AX0tva00e6V2MJPTAGmZWQFPWBMU1dfyZBFG+yLdM6dMW6jwTnScnuxxfAu1kfyQtAlD9aCGJWxWeF6fQQmvIH5QsyFE01wTQdIbFZQ+g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=55D3CUe9rdlFg9vc7KK7rBvZ8aD5S0aoRaWC2zpEEc8=;
 b=JU6ZEf2AeEkgM8x8uLKVlNMRCEWGgjm4G7vv/FDlMuemKBGdHbOjCx1XoJbEoEh7lgwUsk+5xAktaGMML7F3qPu2U5/y8uyJHTO/q4VhPu9rGYeDoH9t6k2Wv7aQzLdUoQyTmxadVbcx6DyREWDP5jwHCcvjplGUBoufW5zngiIuxBVryJz5jzk55ovyH0QU3dnkoIuyTh44Kdv2PW5qIJx8nOuR9OAyYEHXZWkHU1wA0G6to4dHTYrE88QTXAobjjQWiEcMrd9mhuyNBAwgkbkjOyog0SEU+sL5vIUgxNLUndeHxE1NTkwZa3TD+pZI6gijdXXJ0dl84HCbjpIXKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=55D3CUe9rdlFg9vc7KK7rBvZ8aD5S0aoRaWC2zpEEc8=;
 b=jnN5bPD+tUTHbwvEQN43DsckfsHlc5daRIasadkC5ugeIS1YeNKMXv2JTkqbba8LkfsjuNdrz9PakjxFE+WbEBzadt4KNvwc/Kdk8ATxhcczAmo/0NctJuN2Dr3B8vkvGsvibi/D1xb13HuexE0ouIRICvd4jTVA3yQx/IdIdxc=
Received: from DM6PR11MB4315.namprd11.prod.outlook.com (2603:10b6:5:201::28)
 by DM6PR11MB2554.namprd11.prod.outlook.com (2603:10b6:5:c8::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.14; Fri, 18 Sep
 2020 19:41:11 +0000
Received: from DM6PR11MB4315.namprd11.prod.outlook.com
 ([fe80::4c5c:c6d0:dfd3:1e45]) by DM6PR11MB4315.namprd11.prod.outlook.com
 ([fe80::4c5c:c6d0:dfd3:1e45%4]) with mapi id 15.20.3370.019; Fri, 18 Sep 2020
 19:41:11 +0000
From: "Wadhawan, Divneil R" <divneil.r.wadhawan@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "Wadhawan, Divneil R"
	<divneil.r.wadhawan@intel.com>, "Ni, Ray" <ray.ni@intel.com>
CC: gaoliming <gaoliming@byosoft.com.cn>, 'Andrew Fish' <afish@apple.com>,
	"Justen, Jordan L" <jordan.l.justen@intel.com>, "Kinney, Michael D"
	<michael.d.kinney@intel.com>, "Wadhawan, Divneil R"
	<divneil.r.wadhawan@intel.com>
Subject: Re: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure Boot
Thread-Topic: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure
 Boot
Thread-Index: AdaMQS9sqEhJ/RVOQYWR22UtRyYHlAAgXCCgAABlWnAAAbCaMAA5kd/AAABiu/AAEB2wkA==
Date: Fri, 18 Sep 2020 19:41:11 +0000
Message-ID: <DM6PR11MB43159429F794B02F1D492F21CB3F0@DM6PR11MB4315.namprd11.prod.outlook.com>
References: <DM6PR11MB4315A9FB72F2181A336DCED9CB210@DM6PR11MB4315.namprd11.prod.outlook.com>
 <BY5PR11MB4007CF1DC0D54AA9F4A860528C3E0@BY5PR11MB4007.namprd11.prod.outlook.com>
 <DM6PR11MB4315A962D49C49273E7EF098CB3E0@DM6PR11MB4315.namprd11.prod.outlook.com>
 <BY5PR11MB4007915C221BA0D6F85B1AD78C3E0@BY5PR11MB4007.namprd11.prod.outlook.com>
 <BY5PR11MB40075EEF34052828B4C9BCB68C3F0@BY5PR11MB4007.namprd11.prod.outlook.com>
 <1635DEE2A50DFCCF.13985@groups.io>
In-Reply-To: <1635DEE2A50DFCCF.13985@groups.io>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.5.1.3
authentication-results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com;
x-originating-ip: [106.200.250.114]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f8c255fb-3ba1-452b-e5dc-08d85c0acc44
x-ms-traffictypediagnostic: DM6PR11MB2554:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM6PR11MB2554E3F02DCE60CC004B0178CB3F0@DM6PR11MB2554.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: IfvjAtUh4fLP3F80ToL3ZFJXpWV7fBgBMMv9lx0BgXPPUdmEAiyWRsaHcWKF7IJqx/WTcJPOyxG5d6ERxWVrzmCP/PdZgvS7SwZ1E4v29NUJgMjbwwijDbdbOGlAXlDZCZOTVAyzVhMwsa6bb7WkjWxBWXYvgoC/jp8kafFDY9IvhdFxexwRlSy8BY+kDIIAmGXlbGZiUzDz8FaAOJIZZopxIyAYiU8PZzlOAbaL7LCSlh/XkwQaLK8s+4RLAhjkWSussiPzEL4WThJIWzJQbqX1KJMoIAbA70O6F67+CNA7k7A1Gtzy1w1j3F6zRFb77j+ouJP0LwAa6zxE9P5MouujIR0oGa7U82XkExifhwMU9sOV0bvo4KFSaDCf385oTSWfHegAYkqobW70kmJ1Bp3QOSf5k6TZV5lfM8wemwvduruJmEEsunp6tyzmsa7LuYd8IUxOUEi/ZKDsNigChA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB4315.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(39860400002)(376002)(396003)(366004)(136003)(83380400001)(8676002)(5660300002)(7696005)(86362001)(52536014)(166002)(6506007)(53546011)(26005)(9686003)(2906002)(54906003)(55016002)(110136005)(107886003)(478600001)(33656002)(76116006)(6636002)(76236003)(316002)(66476007)(66556008)(186003)(71200400001)(9326002)(8936002)(64756008)(66946007)(966005)(66446008)(4326008);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: bQps6aUvYbB/LBtOPLPmu2l8k3F+9C6oXSdjsvgSIIdDNhT0URjJis7RgHAVjbnZPaNq5f05U23/Bqh0n7emgFDjqfyORIBqAj16u6N+3CFXVpvWkbytNjQu0lisK6zHmy8TjFszVkPWOKjSc9dVmO9+x5Z0mFb7rHEt8pWMjQdTr7uKuyyXPWDS6Ga6Wm7g+aVU07dh3CBN1vm5K1WEvOoYdJ3LoOLv+00NXYe2dgzrMQyibmV1AEaTZVx4xRFXr0QchwBnJIKwCuLTrou/uTbnX3ne2CbzpKdjRZ3/s9ombtLdfEK/x+6WlQsBQpGOLwrp+m1CUNnL6Rc/LSIZ1QQL9sALpyS7/LrSYfqjBSREDQk+LmbKyUyLssupmlnt2rlO8OaYhqlZNCFqofM5B8zrVAZsWeUg4HVKcbzLngPY8pcByOYl36RbM7IQEhYoMrSkVif8NxpqN6UMg1F2EM620LEKWV9PMiqjnOErNaMMMltjNqQRQQUYdB3QTKDK5eWszWOqSvYnORP5UjPCRTnuwzT816gmgRDbedQTjYukUl0IvGTGLPJWG56BvjpTTGg48NftBRCSoplvyI7p6uCYgHSLsAKgfOby6bvF3qcEsi4hS9TGfHiz0CnLEee3H74dpAOtU2OgB0OT9Jbfqg==
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4315.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f8c255fb-3ba1-452b-e5dc-08d85c0acc44
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2020 19:41:11.7442
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EjcKcnAZc0Vv+5tlgjXllE4i184NJD3r+sUO0DIpA0SgL1qIXgVcQfYZzlSz1QIEOUvk0awUDSoJ64TJHC7yNbiQ9XnI4pEha82N/S5P/nk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2554
Return-Path: divneil.r.wadhawan@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_DM6PR11MB43159429F794B02F1D492F21CB3F0DM6PR11MB4315namp_"

--_000_DM6PR11MB43159429F794B02F1D492F21CB3F0DM6PR11MB4315namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Ray,

I saw that a patch merged few hours ago before my patch added RngLib in [L=
ibraryClasses] section of OpensslLib.
This caused the EmulatorPkg Secure boot enable build to fail.
I have generated a PR for fixing it: https://github.com/tianocore/edk2/pul=
l/942

Regards,
Divneil

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wadhawan, D=
ivneil R
Sent: Friday, September 18, 2020 5:28 PM
To: Ni, Ray <ray.ni@intel.com>; devel@edk2.groups.io
Cc: gaoliming <gaoliming@byosoft.com.cn>; 'Andrew Fish' <afish@apple.com>;=
 Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D <michael.d=
.kinney@intel.com>; Wadhawan, Divneil R <divneil.r.wadhawan@intel.com>
Subject: Re: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secur=
e Boot

Hi Ray,

Thanks for your help.
I see the patch is merged now. :)

Regards,
Divneil

From: Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>
Sent: Friday, September 18, 2020 5:17 PM
To: Wadhawan, Divneil R <divneil.r.wadhawan@intel.com<mailto:divneil.r.wad=
hawan@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>;=
 'Andrew Fish' <afish@apple.com<mailto:afish@apple.com>>; Justen, Jordan L =
<jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>; Kinney, Mich=
ael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Subject: RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secur=
e Boot

Divneil,
pull request is created: https://github.com/tianocore/edk2/pull/941

If it succeeds, the patch will be merged automatically.
If it fails, please check the specific failure message and provide updated=
 patch.

Thanks,
Ray

From: Ni, Ray
Sent: Thursday, September 17, 2020 4:19 PM
To: Wadhawan, Divneil R <divneil.r.wadhawan@intel.com<mailto:divneil.r.wad=
hawan@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>;=
 'Andrew Fish' <afish@apple.com<mailto:afish@apple.com>>; Justen, Jordan L =
<jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>; Kinney, Mich=
ael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Subject: RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secur=
e Boot

Reviewed-by: Ray Ni <ray.ni@intel.com<mailto:ray.ni@intel.com>>

From: Wadhawan, Divneil R <divneil.r.wadhawan@intel.com<mailto:divneil.r.w=
adhawan@intel.com>>
Sent: Thursday, September 17, 2020 3:43 PM
To: Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>; devel@edk2.groups=
.io<mailto:devel@edk2.groups.io>
Cc: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>;=
 'Andrew Fish' <afish@apple.com<mailto:afish@apple.com>>; Justen, Jordan L =
<jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>; Kinney, Mich=
ael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Wadh=
awan, Divneil R <divneil.r.wadhawan@intel.com<mailto:divneil.r.wadhawan@int=
el.com>>
Subject: RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secur=
e Boot

Hi Ray,

Yes, I have tested the following:


  1.  SECURE_BOOT_ENABLE=3Dtrue

  *   Key Enrollment (PK, KEK, db) via custom mode
  *   Execution of unit test shell application (signed one works okay, uns=
igned gives an Access denied)


  1.  SECURE_BOOT_ENABLE=3Dfalse (default case)

  *   Secure Boot Configuration menu is not visible (Same as existing defa=
ult case)
  *   Execution of Unit Test Application (Signed/Unsigned both works okay)

I am planning to post the script in BZ: https://bugzilla.tianocore.org/sho=
w_bug.cgi?id=3D2949 in a day or too.
The script generates the full key hierarchy that makes it easy to test thi=
s patch.
The patch in BZ requires modifications as per Mike's comment, so, you can =
skip the patches in BZ for now.

Regards,
Divneil

From: Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>
Sent: Thursday, September 17, 2020 12:49 PM
To: Wadhawan, Divneil R <divneil.r.wadhawan@intel.com<mailto:divneil.r.wad=
hawan@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>;=
 'Andrew Fish' <afish@apple.com<mailto:afish@apple.com>>; Justen, Jordan L =
<jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>; Kinney, Mich=
ael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Subject: RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secur=
e Boot

Divneil,
Just want to double confirm: did you test the secure boot and non-secure b=
oot?

Thanks,
Ray

From: Wadhawan, Divneil R <divneil.r.wadhawan@intel.com<mailto:divneil.r.w=
adhawan@intel.com>>
Sent: Wednesday, September 16, 2020 11:53 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>; gaoliming <gaolim=
ing@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; 'Andrew Fish' <afish@=
apple.com<mailto:afish@apple.com>>; Justen, Jordan L <jordan.l.justen@intel=
.com<mailto:jordan.l.justen@intel.com>>; Kinney, Michael D <michael.d.kinne=
y@intel.com<mailto:michael.d.kinney@intel.com>>; Wadhawan, Divneil R <divne=
il.r.wadhawan@intel.com<mailto:divneil.r.wadhawan@intel.com>>
Subject: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure Bo=
ot

SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot.
The following gets enabled with this patch:
o Secure Boot Menu in "Device Manager" for enrolling keys
o Storage space for Authenticated Variables
o Authenticated execution of 3rd party images

Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com<mailto:d=
ivneil.r.wadhawan@intel.com>>
---
EmulatorPkg/EmulatorPkg.dsc | 37 +++++++++++++++++++++++++++++++++++--
EmulatorPkg/EmulatorPkg.fdf | 14 ++++++++++++++
2 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 86a6271735..c6e25c745e 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -32,6 +32,7 @@
   DEFINE NETWORK_TLS_ENABLE       =3D FALSE
   DEFINE NETWORK_HTTP_BOOT_ENABLE =3D FALSE
   DEFINE NETWORK_ISCSI_ENABLE     =3D FALSE
+  DEFINE SECURE_BOOT_ENABLE       =3D FALSE

 [SkuIds]
   0|DEFAULT
@@ -106,12 +107,20 @@
   LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
   CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/=
CpuExceptionHandlerLibNull.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasure=
mentLibNull.inf
-  AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi=
bNull.inf
   VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
   SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf

+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+  PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSec=
ureLibNull.inf
+  AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+!else
+  AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi=
bNull.inf
+!endif
+
[LibraryClasses.common.SEC]
   PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.=
inf
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -162,6 +171,16 @@
   TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf
  EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf

+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, Lib=
raryClasses.common.UEFI_APPLICATION]
+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!endif
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+!endif
+
[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIV=
ER, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_APPLICATIO=
N]
   HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
   PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@@ -190,6 +209,10 @@
   gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000
   gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000
   gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVERY.fd"
+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+  gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+!endif

   gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64"

@@ -306,7 +329,14 @@
   EmulatorPkg/ResetRuntimeDxe/Reset.inf
   MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
   EmulatorPkg/FvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
-  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+
+  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+    <LibraryClasses>
+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
+      NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificati=
onLib.inf
+!endif
+  }
+
   MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.i=
nf
   EmulatorPkg/EmuThunkDxe/EmuThunk.inf
@@ -315,6 +345,9 @@
   EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
   EmulatorPkg/TimerDxe/Timer.inf

+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
+  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD=
xe.inf
+!endif

   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
     <LibraryClasses>
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 295f6f1db8..b256aa9397 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -46,10 +46,17 @@ DATA =3D {
   # Blockmap[1]: End
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   ## This is the VARIABLE_STORE_HEADER
+!if $(SECURE_BOOT_ENABLE) =3D=3D FALSE
   #Signature: gEfiVariableGuid =3D
   #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, =
0xfe, 0x7d }}
   0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
   0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+!else
+  # Signature: gEfiAuthenticatedVariableGuid =3D
+  #  { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, =
0x77, 0x92 }}
+  0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
+  0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
+!endif
   #Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariable=
Size) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) =3D 0xBFB8
   # This can speed up the Variable Dispatch a bit.
   0xB8, 0xBF, 0x00, 0x00,
@@ -186,6 +193,13 @@ INF  RuleOverride =3D UI MdeModulePkg/Application/UiA=
pp/UiApp.inf
INF  MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf

+#
+# Secure Boot Key Enroll
+#
+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
+INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi=
gDxe.inf
+!endif
+
#
# Network stack drivers
#
--
2.24.1.windows.2


--_000_DM6PR11MB43159429F794B02F1D492F21CB3F0DM6PR11MB4315namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii=
">
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0in;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:.5in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle22
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
/* List Definitions */
@list l0
	{mso-list-id:53552989;
	mso-list-template-ids:-2050819596;}
@list l0:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level2
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:1.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:1.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:2.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level5
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:2.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:3.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:3.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level8
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:4.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:4.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l1
	{mso-list-id:365445277;
	mso-list-type:hybrid;
	mso-list-template-ids:497326164 -158926726 67698691 67698693 67698689 676=
98691 67698693 67698689 67698691 67698693;}
@list l1:level1
	{mso-level-start-at:2;
	mso-level-number-format:bullet;
	mso-level-text:-;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Calibri",sans-serif;
	mso-fareast-font-family:Calibri;}
@list l1:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1:level5
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1:level8
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l2
	{mso-list-id:938835054;
	mso-list-template-ids:-1444525108;}
@list l2:level1
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l2:level2
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:1.0in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l2:level3
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:1.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l2:level4
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:2.0in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l2:level5
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:2.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l2:level6
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:3.0in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l2:level7
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:3.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l2:level8
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:4.0in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l2:level9
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:4.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l3
	{mso-list-id:1553157270;
	mso-list-type:hybrid;
	mso-list-template-ids:2129054394 67698709 67698713 67698715 67698703 6769=
8713 67698715 67698703 67698713 67698715;}
@list l3:level1
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	margin-left:.25in;
	text-indent:-.25in;}
@list l3:level2
	{mso-level-number-format:alpha-lower;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	margin-left:.75in;
	text-indent:-.25in;}
@list l3:level3
	{mso-level-number-format:roman-lower;
	mso-level-tab-stop:none;
	mso-level-number-position:right;
	margin-left:1.25in;
	text-indent:-9.0pt;}
@list l3:level4
	{mso-level-tab-stop:none;
	mso-level-number-position:left;
	margin-left:1.75in;
	text-indent:-.25in;}
@list l3:level5
	{mso-level-number-format:alpha-lower;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	margin-left:2.25in;
	text-indent:-.25in;}
@list l3:level6
	{mso-level-number-format:roman-lower;
	mso-level-tab-stop:none;
	mso-level-number-position:right;
	margin-left:2.75in;
	text-indent:-9.0pt;}
@list l3:level7
	{mso-level-tab-stop:none;
	mso-level-number-position:left;
	margin-left:3.25in;
	text-indent:-.25in;}
@list l3:level8
	{mso-level-number-format:alpha-lower;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	margin-left:3.75in;
	text-indent:-.25in;}
@list l3:level9
	{mso-level-number-format:roman-lower;
	mso-level-tab-stop:none;
	mso-level-number-position:right;
	margin-left:4.25in;
	text-indent:-9.0pt;}
@list l4
	{mso-list-id:1923637335;
	mso-list-template-ids:1516429018;}
@list l4:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l4:level2
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:1.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l4:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:1.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l4:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:2.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l4:level5
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:2.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l4:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:3.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l4:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:3.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l4:level8
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:4.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l4:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:4.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l5
	{mso-list-id:2142527779;
	mso-list-template-ids:-2010732014;}
@list l5:level1
	{mso-level-start-at:2;
	mso-level-number-format:alpha-upper;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l5:level2
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:1.0in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l5:level3
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:1.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l5:level4
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:2.0in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l5:level5
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:2.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l5:level6
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:3.0in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l5:level7
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:3.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l5:level8
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:4.0in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l5:level9
	{mso-level-number-format:alpha-upper;
	mso-level-tab-stop:4.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Hi Ray,<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I saw that a patch merged few hours ago before my p=
atch added RngLib in [LibraryClasses] section of OpensslLib.<o:p></o:p></p>
<p class=3D"MsoNormal">This caused the EmulatorPkg Secure boot enable buil=
d to fail.<o:p></o:p></p>
<p class=3D"MsoNormal">I have generated a PR for fixing it: <a href=3D"htt=
ps://github.com/tianocore/edk2/pull/942">
https://github.com/tianocore/edk2/pull/942</a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Regards,<o:p></o:p></p>
<p class=3D"MsoNormal">Divneil<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in=
 0in 0in">
<p class=3D"MsoNormal"><b>From:</b> devel@edk2.groups.io &lt;devel@edk2.gr=
oups.io&gt; <b>
On Behalf Of </b>Wadhawan, Divneil R<br>
<b>Sent:</b> Friday, September 18, 2020 5:28 PM<br>
<b>To:</b> Ni, Ray &lt;ray.ni@intel.com&gt;; devel@edk2.groups.io<br>
<b>Cc:</b> gaoliming &lt;gaoliming@byosoft.com.cn&gt;; 'Andrew Fish' &lt;a=
fish@apple.com&gt;; Justen, Jordan L &lt;jordan.l.justen@intel.com&gt;; Kin=
ney, Michael D &lt;michael.d.kinney@intel.com&gt;; Wadhawan, Divneil R &lt;=
divneil.r.wadhawan@intel.com&gt;<br>
<b>Subject:</b> Re: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support fo=
r Secure Boot<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Hi Ray,<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Thanks for your help.<o:p></o:p></p>
<p class=3D"MsoNormal">I see the patch is merged now. :)<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Regards,<o:p></o:p></p>
<p class=3D"MsoNormal">Divneil<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in=
 0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Ni, Ray &lt;<a href=3D"mailto:ray.ni@i=
ntel.com">ray.ni@intel.com</a>&gt;
<br>
<b>Sent:</b> Friday, September 18, 2020 5:17 PM<br>
<b>To:</b> Wadhawan, Divneil R &lt;<a href=3D"mailto:divneil.r.wadhawan@in=
tel.com">divneil.r.wadhawan@intel.com</a>&gt;;
<a href=3D"mailto:devel@edk2.groups.io">devel@edk2.groups.io</a><br>
<b>Cc:</b> gaoliming &lt;<a href=3D"mailto:gaoliming@byosoft.com.cn">gaoli=
ming@byosoft.com.cn</a>&gt;; 'Andrew Fish' &lt;<a href=3D"mailto:afish@appl=
e.com">afish@apple.com</a>&gt;; Justen, Jordan L &lt;<a href=3D"mailto:jord=
an.l.justen@intel.com">jordan.l.justen@intel.com</a>&gt;;
 Kinney, Michael D &lt;<a href=3D"mailto:michael.d.kinney@intel.com">micha=
el.d.kinney@intel.com</a>&gt;<br>
<b>Subject:</b> RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support fo=
r Secure Boot<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Divneil,<o:p></o:p></p>
<p class=3D"MsoNormal">pull request is created: <a href=3D"https://github.=
com/tianocore/edk2/pull/941">
https://github.com/tianocore/edk2/pull/941</a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">If it succeeds, the patch will be merged automatica=
lly.<o:p></o:p></p>
<p class=3D"MsoNormal">If it fails, please check the specific failure mess=
age and provide updated patch.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Thanks,<o:p></o:p></p>
<p class=3D"MsoNormal">Ray<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in=
 4.0pt">
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in=
 0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Ni, Ray <br>
<b>Sent:</b> Thursday, September 17, 2020 4:19 PM<br>
<b>To:</b> Wadhawan, Divneil R &lt;<a href=3D"mailto:divneil.r.wadhawan@in=
tel.com">divneil.r.wadhawan@intel.com</a>&gt;;
<a href=3D"mailto:devel@edk2.groups.io">devel@edk2.groups.io</a><br>
<b>Cc:</b> gaoliming &lt;<a href=3D"mailto:gaoliming@byosoft.com.cn">gaoli=
ming@byosoft.com.cn</a>&gt;; 'Andrew Fish' &lt;<a href=3D"mailto:afish@appl=
e.com">afish@apple.com</a>&gt;; Justen, Jordan L &lt;<a href=3D"mailto:jord=
an.l.justen@intel.com">jordan.l.justen@intel.com</a>&gt;;
 Kinney, Michael D &lt;<a href=3D"mailto:michael.d.kinney@intel.com">micha=
el.d.kinney@intel.com</a>&gt;<br>
<b>Subject:</b> RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support fo=
r Secure Boot<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Reviewed-by: Ray Ni &lt;<a href=3D"mailto:ray.ni@in=
tel.com">ray.ni@intel.com</a>&gt;<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in=
 4.0pt">
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in=
 0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Wadhawan, Divneil R &lt;<a href=3D"mai=
lto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>&gt;
<br>
<b>Sent:</b> Thursday, September 17, 2020 3:43 PM<br>
<b>To:</b> Ni, Ray &lt;<a href=3D"mailto:ray.ni@intel.com">ray.ni@intel.co=
m</a>&gt;; <a href=3D"mailto:devel@edk2.groups.io">
devel@edk2.groups.io</a><br>
<b>Cc:</b> gaoliming &lt;<a href=3D"mailto:gaoliming@byosoft.com.cn">gaoli=
ming@byosoft.com.cn</a>&gt;; 'Andrew Fish' &lt;<a href=3D"mailto:afish@appl=
e.com">afish@apple.com</a>&gt;; Justen, Jordan L &lt;<a href=3D"mailto:jord=
an.l.justen@intel.com">jordan.l.justen@intel.com</a>&gt;;
 Kinney, Michael D &lt;<a href=3D"mailto:michael.d.kinney@intel.com">micha=
el.d.kinney@intel.com</a>&gt;; Wadhawan, Divneil R &lt;<a href=3D"mailto:di=
vneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>&gt;<br>
<b>Subject:</b> RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support fo=
r Secure Boot<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Hi Ray,<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Yes, I have tested the following:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<ol style=3D"margin-top:0in" start=3D"1" type=3D"A">
<li class=3D"MsoListParagraph" style=3D"margin-left:-.25in;mso-list:l3 lev=
el1 lfo3">SECURE_BOOT_ENABLE=3Dtrue<o:p></o:p></li></ol>
<ul style=3D"margin-top:0in" type=3D"disc">
<li class=3D"MsoListParagraph" style=3D"margin-left:0in;mso-list:l1 level1=
 lfo6">Key Enrollment (PK, KEK, db) via custom mode<o:p></o:p></li><li clas=
s=3D"MsoListParagraph" style=3D"margin-left:0in;mso-list:l1 level1 lfo6">Ex=
ecution of unit test shell application (signed one works okay, unsigned giv=
es an Access denied)<o:p></o:p></li></ul>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<ol style=3D"margin-top:0in" start=3D"2" type=3D"A">
<li class=3D"MsoListParagraph" style=3D"margin-left:-.25in;mso-list:l3 lev=
el1 lfo3">SECURE_BOOT_ENABLE=3Dfalse (default case)<o:p></o:p></li></ol>
<ul style=3D"margin-top:0in" type=3D"disc">
<li class=3D"MsoListParagraph" style=3D"margin-left:0in;mso-list:l1 level1=
 lfo6">Secure Boot Configuration menu is not visible (Same as existing defa=
ult case)<o:p></o:p></li><li class=3D"MsoListParagraph" style=3D"margin-lef=
t:0in;mso-list:l1 level1 lfo6">Execution of Unit Test Application (Signed/U=
nsigned both works okay)<o:p></o:p></li></ul>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I am planning to post the script in BZ: <a href=3D"=
https://bugzilla.tianocore.org/show_bug.cgi?id=3D2949">
https://bugzilla.tianocore.org/show_bug.cgi?id=3D2949</a> in a day or too.=
<o:p></o:p></p>
<p class=3D"MsoNormal">The script generates the full key hierarchy that ma=
kes it easy to test this patch.<o:p></o:p></p>
<p class=3D"MsoNormal">The patch in BZ requires modifications as per Mike&=
#8217;s comment, so, you can skip the patches in BZ for now.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Regards,<o:p></o:p></p>
<p class=3D"MsoNormal">Divneil<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in=
 0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Ni, Ray &lt;<a href=3D"mailto:ray.ni@i=
ntel.com">ray.ni@intel.com</a>&gt;
<br>
<b>Sent:</b> Thursday, September 17, 2020 12:49 PM<br>
<b>To:</b> Wadhawan, Divneil R &lt;<a href=3D"mailto:divneil.r.wadhawan@in=
tel.com">divneil.r.wadhawan@intel.com</a>&gt;;
<a href=3D"mailto:devel@edk2.groups.io">devel@edk2.groups.io</a><br>
<b>Cc:</b> gaoliming &lt;<a href=3D"mailto:gaoliming@byosoft.com.cn">gaoli=
ming@byosoft.com.cn</a>&gt;; 'Andrew Fish' &lt;<a href=3D"mailto:afish@appl=
e.com">afish@apple.com</a>&gt;; Justen, Jordan L &lt;<a href=3D"mailto:jord=
an.l.justen@intel.com">jordan.l.justen@intel.com</a>&gt;;
 Kinney, Michael D &lt;<a href=3D"mailto:michael.d.kinney@intel.com">micha=
el.d.kinney@intel.com</a>&gt;<br>
<b>Subject:</b> RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support fo=
r Secure Boot<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Divneil,<o:p></o:p></p>
<p class=3D"MsoNormal">Just want to double confirm: did you test the secur=
e boot and non-secure boot?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Thanks,<o:p></o:p></p>
<p class=3D"MsoNormal">Ray<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in=
 4.0pt">
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in=
 0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Wadhawan, Divneil R &lt;<a href=3D"mai=
lto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>&gt;
<br>
<b>Sent:</b> Wednesday, September 16, 2020 11:53 PM<br>
<b>To:</b> <a href=3D"mailto:devel@edk2.groups.io">devel@edk2.groups.io</a=
><br>
<b>Cc:</b> Ni, Ray &lt;<a href=3D"mailto:ray.ni@intel.com">ray.ni@intel.co=
m</a>&gt;; gaoliming &lt;<a href=3D"mailto:gaoliming@byosoft.com.cn">gaolim=
ing@byosoft.com.cn</a>&gt;; 'Andrew Fish' &lt;<a href=3D"mailto:afish@apple=
.com">afish@apple.com</a>&gt;; Justen, Jordan L &lt;<a href=3D"mailto:jorda=
n.l.justen@intel.com">jordan.l.justen@intel.com</a>&gt;;
 Kinney, Michael D &lt;<a href=3D"mailto:michael.d.kinney@intel.com">micha=
el.d.kinney@intel.com</a>&gt;; Wadhawan, Divneil R &lt;<a href=3D"mailto:di=
vneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>&gt;<br>
<b>Subject:</b> [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Se=
cure Boot<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">SECURE_BOOT_ENABLE feature flag is introduced to en=
able Secure Boot.<o:p></o:p></p>
<p class=3D"MsoNormal">The following gets enabled with this patch:<o:p></o=
:p></p>
<p class=3D"MsoNormal">o Secure Boot Menu in &quot;Device Manager&quot; fo=
r enrolling keys<o:p></o:p></p>
<p class=3D"MsoNormal">o Storage space for Authenticated Variables<o:p></o=
:p></p>
<p class=3D"MsoNormal">o Authenticated execution of 3rd party images<o:p><=
/o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Signed-off-by: Divneil Rai Wadhawan &lt;<a href=3D"=
mailto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>&gt;<o=
:p></o:p></p>
<p class=3D"MsoNormal">---<o:p></o:p></p>
<p class=3D"MsoNormal">EmulatorPkg/EmulatorPkg.dsc | 37 ++++++++++++++++++=
+++++++++++++++++--<o:p></o:p></p>
<p class=3D"MsoNormal">EmulatorPkg/EmulatorPkg.fdf | 14 ++++++++++++++<o:p=
></o:p></p>
<p class=3D"MsoNormal">2 files changed, 49 insertions(+), 2 deletions(-)<o=
:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">diff --git a/EmulatorPkg/EmulatorPkg.dsc b/Emulator=
Pkg/EmulatorPkg.dsc<o:p></o:p></p>
<p class=3D"MsoNormal">index 86a6271735..c6e25c745e 100644<o:p></o:p></p>
<p class=3D"MsoNormal">--- a/EmulatorPkg/EmulatorPkg.dsc<o:p></o:p></p>
<p class=3D"MsoNormal">+++ b/EmulatorPkg/EmulatorPkg.dsc<o:p></o:p></p>
<p class=3D"MsoNormal">@@ -32,6 +32,7 @@<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; DEFINE NETWORK_TLS_ENABLE&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; =3D FALSE<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; DEFINE NETWORK_HTTP_BOOT_ENABLE =3D FA=
LSE<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; DEFINE NETWORK_ISCSI_ENABLE&nbsp;&nbsp=
;&nbsp;&nbsp; =3D FALSE<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; DEFINE SECURE_BOOT_ENABLE&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp; =3D FALSE<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp;[SkuIds]<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; 0|DEFAULT<o:p></o:p></p>
<p class=3D"MsoNormal">@@ -106,12 +107,20 @@<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; LockBoxLib|MdeModulePkg/Library/LockBo=
xNullLib/LockBoxNullLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; CpuExceptionHandlerLib|MdeModulePkg/Li=
brary/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf<o:p></o:p><=
/p>
<p class=3D"MsoNormal">&nbsp;&nbsp; TpmMeasurementLib|MdeModulePkg/Library=
/TpmMeasurementLibNull/TpmMeasurementLibNull.inf<o:p></o:p></p>
<p class=3D"MsoNormal">-&nbsp; AuthVariableLib|MdeModulePkg/Library/AuthVa=
riableLibNull/AuthVariableLibNull.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; VarCheckLib|MdeModulePkg/Library/VarCh=
eckLib/VarCheckLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; SortLib|MdeModulePkg/Library/BaseSortL=
ib/BaseSortLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; ShellLib|ShellPkg/Library/UefiShellLib=
/UefiShellLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; FileHandleLib|MdePkg/Library/UefiFileH=
andleLib/UefiFileHandleLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<o:p></o:p></=
p>
<p class=3D"MsoNormal">+&nbsp; IntrinsicLib|CryptoPkg/Library/IntrinsicLib=
/IntrinsicLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; OpensslLib|CryptoPkg/Library/OpensslLib/Ope=
nsslLibCrypto.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; PlatformSecureLib|SecurityPkg/Library/Platf=
ormSecureLibNull/PlatformSecureLibNull.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; AuthVariableLib|SecurityPkg/Library/AuthVar=
iableLib/AuthVariableLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+!else<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; AuthVariableLib|MdeModulePkg/Library/AuthVa=
riableLibNull/AuthVariableLibNull.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+!endif<o:p></o:p></p>
<p class=3D"MsoNormal">+<o:p></o:p></p>
<p class=3D"MsoNormal">[LibraryClasses.common.SEC]<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; PeiServicesLib|EmulatorPkg/Library/Sec=
PeiServicesLib/SecPeiServicesLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; PcdLib|MdePkg/Library/BasePcdLibNull/B=
asePcdLibNull.inf<o:p></o:p></p>
<p class=3D"MsoNormal">@@ -162,6 +171,16 @@<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; TimerLib|EmulatorPkg/Library/DxeCoreTi=
merLib/DxeCoreTimerLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;EmuThunkLib|EmulatorPkg/Library/DxeEmuL=
ib/DxeEmuLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.=
common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]<o:p></o:p></p>
<p class=3D"MsoNormal">+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<o:p></o:p></=
p>
<p class=3D"MsoNormal">+&nbsp; BaseCryptLib|CryptoPkg/Library/BaseCryptLib=
/BaseCryptLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+!endif<o:p></o:p></p>
<p class=3D"MsoNormal">+<o:p></o:p></p>
<p class=3D"MsoNormal">+[LibraryClasses.common.DXE_RUNTIME_DRIVER]<o:p></o=
:p></p>
<p class=3D"MsoNormal">+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<o:p></o:p></=
p>
<p class=3D"MsoNormal">+&nbsp; BaseCryptLib|CryptoPkg/Library/BaseCryptLib=
/RuntimeCryptLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+!endif<o:p></o:p></p>
<p class=3D"MsoNormal">+<o:p></o:p></p>
<p class=3D"MsoNormal">[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryC=
lasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, LibraryClasses=
.common.UEFI_APPLICATION]<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; HobLib|MdePkg/Library/DxeHobLib/DxeHob=
Lib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; PcdLib|MdePkg/Library/DxePcdLib/DxePcd=
Lib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">@@ -190,6 +209,10 @@<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; gEmulatorPkgTokenSpaceGuid.PcdEmuFirmw=
areFdSize|0x002a0000<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; gEmulatorPkgTokenSpaceGuid.PcdEmuFirmw=
areBlockSize|0x10000<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; gEmulatorPkgTokenSpaceGuid.PcdEmuFirmw=
areVolume|L&quot;../FV/FV_RECOVERY.fd&quot;<o:p></o:p></p>
<p class=3D"MsoNormal">+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<o:p></o:p></=
p>
<p class=3D"MsoNormal">+&nbsp; gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVa=
riableSize|0x2800<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysic=
alPresence|TRUE<o:p></o:p></p>
<p class=3D"MsoNormal">+!endif<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;gEmulatorPkgTokenSpaceGuid.PcdEmu=
MemorySize|L&quot;64!64&quot;<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">@@ -306,7 +329,14 @@<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; EmulatorPkg/ResetRuntimeDxe/Reset.inf<=
o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; MdeModulePkg/Core/RuntimeDxe/RuntimeDx=
e.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; EmulatorPkg/FvbServicesRuntimeDxe/FvbS=
ervicesRuntimeDxe.inf<o:p></o:p></p>
<p class=3D"MsoNormal">-&nbsp; MdeModulePkg/Universal/SecurityStubDxe/Secu=
rityStubDxe.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; MdeModulePkg/Universal/SecurityStubDxe/Secu=
rityStubDxe.inf {<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp;&nbsp;&nbsp; &lt;LibraryClasses&gt;<o:p></o:=
p></p>
<p class=3D"MsoNormal">+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<o:p></o:p></=
p>
<p class=3D"MsoNormal">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NULL|SecurityPkg/Li=
brary/DxeImageVerificationLib/DxeImageVerificationLib.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+!endif<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; }<o:p></o:p></p>
<p class=3D"MsoNormal">+<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; MdeModulePkg/Universal/EbcDxe/EbcDxe.i=
nf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; MdeModulePkg/Universal/MemoryTest/Null=
MemoryTestDxe/NullMemoryTestDxe.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; EmulatorPkg/EmuThunkDxe/EmuThunk.inf<o=
:p></o:p></p>
<p class=3D"MsoNormal">@@ -315,6 +345,9 @@<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; EmulatorPkg/PlatformSmbiosDxe/Platform=
SmbiosDxe.inf<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; EmulatorPkg/TimerDxe/Timer.inf<o:p></o=
:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<o:p></o:p></=
p>
<p class=3D"MsoNormal">+&nbsp; SecurityPkg/VariableAuthenticated/SecureBoo=
tConfigDxe/SecureBootConfigDxe.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+!endif<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;MdeModulePkg/Universal/Variable/R=
untimeDxe/VariableRuntimeDxe.inf {<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp; &lt;LibraryClasses&gt;<o:p=
></o:p></p>
<p class=3D"MsoNormal">diff --git a/EmulatorPkg/EmulatorPkg.fdf b/Emulator=
Pkg/EmulatorPkg.fdf<o:p></o:p></p>
<p class=3D"MsoNormal">index 295f6f1db8..b256aa9397 100644<o:p></o:p></p>
<p class=3D"MsoNormal">--- a/EmulatorPkg/EmulatorPkg.fdf<o:p></o:p></p>
<p class=3D"MsoNormal">+++ b/EmulatorPkg/EmulatorPkg.fdf<o:p></o:p></p>
<p class=3D"MsoNormal">@@ -46,10 +46,17 @@ DATA =3D {<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; # Blockmap[1]: End<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x=
00, 0x00,<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; ## This is the VARIABLE_STORE_HEADER<o=
:p></o:p></p>
<p class=3D"MsoNormal">+!if $(SECURE_BOOT_ENABLE) =3D=3D FALSE<o:p></o:p><=
/p>
<p class=3D"MsoNormal">&nbsp;&nbsp; #Signature: gEfiVariableGuid =3D<o:p><=
/o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; #&nbsp; { 0xddcf3616, 0x3275, 0x4164, =
{ 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x=
64, 0x41,<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0x=
fe, 0x7d,<o:p></o:p></p>
<p class=3D"MsoNormal">+!else<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; # Signature: gEfiAuthenticatedVariableGuid =
=
=3D<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; #&nbsp; { 0xaaf32c78, 0x947b, 0x439a, { 0xa=
1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0=
x43,<o:p></o:p></p>
<p class=3D"MsoNormal">+&nbsp; 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0=
x92,<o:p></o:p></p>
<p class=3D"MsoNormal">+!endif<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; #Size: 0xc000 (gEfiMdeModulePkgTokenSp=
aceGuid.PcdFlashNvStorageVariableSize) - 0x48 (size of EFI_FIRMWARE_VOLUME_=
HEADER) =3D 0xBFB8<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; # This can speed up the Variable Dispa=
tch a bit.<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; 0xB8, 0xBF, 0x00, 0x00,<o:p></o:p></p>
<p class=3D"MsoNormal">@@ -186,6 +193,13 @@ INF&nbsp; RuleOverride =3D UI =
MdeModulePkg/Application/UiApp/UiApp.inf<o:p></o:p></p>
<p class=3D"MsoNormal">INF&nbsp; MdeModulePkg/Application/BootManagerMenuA=
pp/BootManagerMenuApp.inf<o:p></o:p></p>
<p class=3D"MsoNormal">INF&nbsp; MdeModulePkg/Universal/DriverSampleDxe/Dr=
iverSampleDxe.inf<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">+#<o:p></o:p></p>
<p class=3D"MsoNormal">+# Secure Boot Key Enroll<o:p></o:p></p>
<p class=3D"MsoNormal">+#<o:p></o:p></p>
<p class=3D"MsoNormal">+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<o:p></o:p></=
p>
<p class=3D"MsoNormal">+INF SecurityPkg/VariableAuthenticated/SecureBootCo=
nfigDxe/SecureBootConfigDxe.inf<o:p></o:p></p>
<p class=3D"MsoNormal">+!endif<o:p></o:p></p>
<p class=3D"MsoNormal">+<o:p></o:p></p>
<p class=3D"MsoNormal">#<o:p></o:p></p>
<p class=3D"MsoNormal"># Network stack drivers<o:p></o:p></p>
<p class=3D"MsoNormal">#<o:p></o:p></p>
<p class=3D"MsoNormal">-- <o:p></o:p></p>
<p class=3D"MsoNormal">2.24.1.windows.2<o:p></o:p></p>
</div>
</div>
</div>
<div>
<p class=3D"MsoNormal"></o:p></span></p>
</div>
</div>
</body>
</html>

--_000_DM6PR11MB43159429F794B02F1D492F21CB3F0DM6PR11MB4315namp_--