public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH] Enable RSA2048SHA256 to replace CCG SignedSection solution
@ 2018-01-25  4:53 Zhang, Chao B
  2018-01-25  4:53 ` [PATCH] SecurityPkg/DxePhysicalPresenceLib: Reject illegal PCR bank allocation Zhang, Chao B
                   ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Zhang, Chao B @ 2018-01-25  4:53 UTC (permalink / raw)
  To: edk2-devel

---
 KabylakePlatSamplePkg/PlatformPkg.dsc       | 13 +++++++++--
 KabylakePlatSamplePkg/PlatformPkg.fdf       | 36 +++++++++++++++--------------
 KabylakePlatSamplePkg/PlatformPkgConfig.dsc |  2 +-
 3 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/KabylakePlatSamplePkg/PlatformPkg.dsc b/KabylakePlatSamplePkg/PlatformPkg.dsc
index fb085b9..125e018 100644
--- a/KabylakePlatSamplePkg/PlatformPkg.dsc
+++ b/KabylakePlatSamplePkg/PlatformPkg.dsc
@@ -1114,6 +1114,8 @@ gPlatformModuleTokenSpaceGuid.PcdWsmtProtectionFlags|0x07
 
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMsegSize|0x8c0000
 
+gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, 0x96, 0xa2, 0xd4, 0xa6, 0x4d}
+
 [PcdsFixedAtBuild.IA32]
 !if gPlatformModuleTokenSpaceGuid.PcdFspWrapperEnable == TRUE
   gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0
@@ -1445,6 +1447,11 @@ gPlatformModuleTokenSpaceGuid.PcdWsmtProtectionFlags|0x07
     <LibraryClasses>
       NULL|$(CLIENT_COMMON_PACKAGE)/Library/PeiSignedSectionVerificationLib/PeiSignedSectionVerificationLib.inf
   }
+  
+  MdeModulePkg/Universal/SectionExtractionPei/SectionExtractionPei.inf {
+  <LibraryClasses>
+    NULL|SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib\PeiRsa2048Sha256GuidedSectionExtractLib.inf
+  }
 !endif
 
 !if gSiPkgTokenSpaceGuid.PcdS3Enable == TRUE
@@ -1575,7 +1582,8 @@ $(CLIENT_COMMON_PACKAGE)/Universal/DebugServicePei/DebugServicePei.inf {
       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80080046
     <LibraryClasses>
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable == TRUE
-      NULL|$(CLIENT_COMMON_PACKAGE)/Library/DxeSignedSectionVerificationLib/DxeSignedSectionVerificationLib.inf
+    # NULL|$(CLIENT_COMMON_PACKAGE)/Library/DxeSignedSectionVerificationLib/DxeSignedSectionVerificationLib.inf
+      NULL|SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib\DxeRsa2048Sha256GuidedSectionExtractLib.inf
 !endif
 !if gPlatformModuleTokenSpaceGuid.PcdDxeCrc32SectionEnable == TRUE
       NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32GuidedSectionExtractLib.inf
@@ -1600,7 +1608,8 @@ $(CLIENT_COMMON_PACKAGE)/Universal/DebugServicePei/DebugServicePei.inf {
       gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable|FALSE
     <LibraryClasses>
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable == TRUE
-      NULL|$(CLIENT_COMMON_PACKAGE)/Library/DxeSignedSectionVerificationLib/DxeSignedSectionVerificationLib.inf
+      #NULL|$(CLIENT_COMMON_PACKAGE)/Library/DxeSignedSectionVerificationLib/DxeSignedSectionVerificationLib.inf
+      NULL|SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib\DxeRsa2048Sha256GuidedSectionExtractLib.inf
 !endif
 !if gPlatformModuleTokenSpaceGuid.PcdDxeCrc32SectionEnable == TRUE
       NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32GuidedSectionExtractLib.inf
diff --git a/KabylakePlatSamplePkg/PlatformPkg.fdf b/KabylakePlatSamplePkg/PlatformPkg.fdf
index d2e8ee3..9d3fa5d 100644
--- a/KabylakePlatSamplePkg/PlatformPkg.fdf
+++ b/KabylakePlatSamplePkg/PlatformPkg.fdf
@@ -406,7 +406,7 @@ INF  $(PLATFORM_FEATURES_PATH)/Amt/AmtStatusCodePei/AmtStatusCodePei.inf
 
 INF $(PLATFORM_PACKAGE)/BiosInfo/BiosInfo.inf # AdvancedFeaturesContent
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable == TRUE
-INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/BiosInfoChecker/BiosInfoChecker.inf
+#INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/BiosInfoChecker/BiosInfoChecker.inf
 !endif
 
 !if gSiPkgTokenSpaceGuid.PcdSleEnable == FALSE
@@ -462,12 +462,13 @@ INF $(PLATFORM_PACKAGE)/Platform/MsegSmramPei/MsegSmramPei.inf
 INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable == TRUE
-INF $(CLIENT_COMMON_PACKAGE)/Universal/SignedSectionPei/SignedSectionPei.inf
-!if gPlatformModuleTokenSpaceGuid.PcdPubKeyHashBinEnable == TRUE
-FILE RAW = 31C17ABE-6071-435e-BAA4-0B8A8C3649F3 {
-    $(PLATFORM_PACKAGE)/Tools/ToolScripts/SignFv/pubkeyhash.bin
-  }
-!endif # PcdPubKeyHashBinEnable
+INF MdeModulePkg/Universal/SectionExtractionPei/SectionExtractionPei.inf
+#INF $(CLIENT_COMMON_PACKAGE)/Universal/SignedSectionPei/SignedSectionPei.inf
+#!if gPlatformModuleTokenSpaceGuid.PcdPubKeyHashBinEnable == TRUE
+#FILE RAW = 31C17ABE-6071-435e-BAA4-0B8A8C3649F3 {
+#    $(PLATFORM_PACKAGE)/Tools/ToolScripts/SignFv/pubkeyhash.bin
+#  }
+#!endif # PcdPubKeyHashBinEnable
 !endif # PcdSecureBootEnable
 
 !if gPlatformModuleTokenSpaceGuid.PcdTpmEnable == TRUE
@@ -604,7 +605,7 @@ APRIORI PEI {
 !endif
 
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable == TRUE
-  INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/BiosInfoChecker/BiosInfoChecker.inf  # RPPO-SKL-0031: RoyalParkOverrideContent
+  #INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/BiosInfoChecker/BiosInfoChecker.inf  # RPPO-SKL-0031: RoyalParkOverrideContent
 !endif
   INF  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 !endif
@@ -619,7 +620,7 @@ INF  $(PLATFORM_FEATURES_PATH)/Amt/AmtStatusCodePei/AmtStatusCodePei.inf
 
 INF $(PLATFORM_PACKAGE)/BiosInfo/BiosInfo.inf
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable == TRUE
-INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/BiosInfoChecker/BiosInfoChecker.inf
+#INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/BiosInfoChecker/BiosInfoChecker.inf
 !endif
 
 !if gSiPkgTokenSpaceGuid.PcdSleEnable == TRUE
@@ -692,12 +693,13 @@ INF $(PLATFORM_FEATURES_PATH)/OverClocking/OverClockInit/PeiOverClock.inf
 
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable == TRUE
 # ROYAL_PARK_PORTING - Porting Required
-INF RuleOverride = LzmaCompress $(CLIENT_COMMON_PACKAGE)/Universal/SignedSectionPei/SignedSectionPei.inf
-!if gPlatformModuleTokenSpaceGuid.PcdPubKeyHashBinEnable == TRUE
-FILE RAW = 31C17ABE-6071-435e-BAA4-0B8A8C3649F3 {
-    $(PLATFORM_PACKAGE)/Tools/ToolScripts/SignFv/pubkeyhash.bin
-  }
-!endif
+INF MdeModulePkg/Universal/SectionExtractionPei/SectionExtractionPei.inf
+#INF RuleOverride = LzmaCompress $(CLIENT_COMMON_PACKAGE)/Universal/SignedSectionPei/SignedSectionPei.inf
+#!if gPlatformModuleTokenSpaceGuid.PcdPubKeyHashBinEnable == TRUE
+#FILE RAW = 31C17ABE-6071-435e-BAA4-0B8A8C3649F3 {
+#    $(PLATFORM_PACKAGE)/Tools/ToolScripts/SignFv/pubkeyhash.bin
+#  }
+#!endif
 !endif
 
 !if gSiPkgTokenSpaceGuid.PcdSvBuild == TRUE
@@ -1174,7 +1176,7 @@ READ_LOCK_STATUS   = TRUE
 FILE FV_IMAGE = 4E35FD93-9C72-4c15-8C4B-E77F1DB2D792 {
 !if gPlatformModuleTokenSpaceGuid.PcdLzmaEnable == TRUE
   !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable == TRUE
-    SECTION GUIDED 0f9d89e8-9259-4f76-a5af-0c89e34023df PROCESSING_REQUIRED = TRUE {
+    SECTION GUIDED A7717414-C616-4977-9420-844712A735BF AUTH_STATUS_VALID = TRUE {
       SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE {
         SECTION FV_IMAGE = FVMAIN2
       }
@@ -2497,7 +2499,7 @@ READ_LOCK_STATUS   = TRUE
 FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
 !if gPlatformModuleTokenSpaceGuid.PcdLzmaEnable == TRUE
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable == TRUE
-  SECTION GUIDED 0f9d89e8-9259-4f76-a5af-0c89e34023df PROCESSING_REQUIRED = TRUE {
+  SECTION GUIDED A7717414-C616-4977-9420-844712A735BF AUTH_STATUS_VALID = TRUE {
        SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE {
           SECTION FV_IMAGE = FVMAIN
        }
diff --git a/KabylakePlatSamplePkg/PlatformPkgConfig.dsc b/KabylakePlatSamplePkg/PlatformPkgConfig.dsc
index fd2d368..755e66c 100644
--- a/KabylakePlatSamplePkg/PlatformPkgConfig.dsc
+++ b/KabylakePlatSamplePkg/PlatformPkgConfig.dsc
@@ -117,7 +117,7 @@
   gPlatformModuleTokenSpaceGuid.PcdNvmeEnable|TRUE
   gSiPkgTokenSpaceGuid.PcdOverclockEnable|TRUE
   gPlatformModuleTokenSpaceGuid.PcdPciHotplugEnable|TRUE
-  gPlatformModuleTokenSpaceGuid.PcdPerformanceEnable|FALSE
+  gPlatformModuleTokenSpaceGuid.PcdPerformanceEnable|TRUE
   gPlatformModuleTokenSpaceGuid.PcdIntelFpdtEnable|FALSE
   gPlatformModuleTokenSpaceGuid.PcdPostCodeStatusCodeEnable|TRUE
   gSiPkgTokenSpaceGuid.PcdPowerOnEnable|FALSE             # SI:RestrictedContent
-- 
1.9.5.msysgit.1



^ permalink raw reply related	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2018-01-25 19:24 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-25  4:53 [PATCH] Enable RSA2048SHA256 to replace CCG SignedSection solution Zhang, Chao B
2018-01-25  4:53 ` [PATCH] SecurityPkg/DxePhysicalPresenceLib: Reject illegal PCR bank allocation Zhang, Chao B
2018-01-25 19:34   ` Bill Paul
2018-01-25  4:53 ` [PATCH] SecurityPkg/PhysicalPresenceLib: " Zhang, Chao B
2018-01-25  4:53 ` [PATCH] SecurityPkg:Tpm2DeviceLibDTpm: Support TPM command cancel Zhang, Chao B
2018-01-25  6:39   ` Yao, Jiewen
2018-01-25  4:55 ` [PATCH] Enable RSA2048SHA256 to replace CCG SignedSection solution Zhang, Chao B

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox