From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR02-VE1-obe.outbound.protection.outlook.com (EUR02-VE1-obe.outbound.protection.outlook.com [40.107.2.76]) by mx.groups.io with SMTP id smtpd.web09.5235.1626436859086514945 for ; Fri, 16 Jul 2021 05:00:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=CdA6oz/z; spf=pass (domain: arm.com, ip: 40.107.2.76, mailfrom: samer.el-haj-mahmoud@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rVUR1YzHh8XosiUkmZJptt3CfUTIhEgigpj9T9d10p4=; b=CdA6oz/z2iul3+udEFgTjYQ5iWiykeVih2YT9f/HwyKnK4jG9xttAdMa44mWyc7+D0jlK/McV5wO6pClKjJECTchmvjXnaw0q8lGaGDkgRETdlO/Sp+3G8S3G2uWBsk5uSgTajxImfm/p/7HXlx9LHLXVSRRCmlS5jIIm1rFtkQ= Received: from AM5PR0402CA0024.eurprd04.prod.outlook.com (2603:10a6:203:90::34) by AM0PR08MB3186.eurprd08.prod.outlook.com (2603:10a6:208:5d::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Fri, 16 Jul 2021 12:00:56 +0000 Received: from AM5EUR03FT007.eop-EUR03.prod.protection.outlook.com (2603:10a6:203:90:cafe::d5) by AM5PR0402CA0024.outlook.office365.com (2603:10a6:203:90::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend Transport; Fri, 16 Jul 2021 12:00:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT007.mail.protection.outlook.com (10.152.16.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend Transport; Fri, 16 Jul 2021 12:00:55 +0000 Received: ("Tessian outbound b81a99a0393d:v99"); Fri, 16 Jul 2021 12:00:55 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 1d4ba74599f24749 X-CR-MTA-TID: 64aa7808 Received: from c1b2186dcd51.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 4F3B961B-738C-437A-850B-4160BD642B26.1; Fri, 16 Jul 2021 12:00:21 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id c1b2186dcd51.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 16 Jul 2021 12:00:21 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nf7hDuhD4ExrLXlvcZl5REcWatN0SYUg/lWY6v019p/HShizA8B1mZhBanmmwQraTYZNOjXZZZ99RTJv+JOfNoMj37y8Jp142UUqLTIrrwad6xhPSFV2GOKfDiLUpMry1PmoTvjAVmVZuIgwn41IMVXYNDVBBLxtWM0TzW5PVBvZr0Ytdtq6dEt5ZrAmDm12mcVUxsN+63sqh9QQXqH1l5lHZIA/Y6Vil0upXvNXj4OnWAyRnh5Z5O1qxFo9c8TajAcHRWfhpA7mLLVEBLBCSv2YH3wj65TGGpdcwW5i03U2g/loqKenreM3IgNCKSEpCnHJl/d1HVpmwK3zoo8hBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rVUR1YzHh8XosiUkmZJptt3CfUTIhEgigpj9T9d10p4=; b=g3C7KCHZnFnNDwiBTCZjEimaOu/7YIQXAJ/aFG9sbIGnRlAGy13oM9BhKCFns8kaTZSFNoZ3mnOUTPB4Hc9kqUeDS6SIya5V7Spv8x2HtdP0WHKOK0XP22W0yhWGLbBpkpVH7G/QOjXn/dVUf8VoCmGSFKyvYkKbv+JNNsNAh0GUbsVle2J9QQB2HkS2PRW76RE3FqZC3GNvGZN96P1thWHrw20F//nF4FYkP+ZRHlwQqI5Ee9kNQuv7Dy405etUuqCQ7ytuGdHj1NNfmbmflSMa3x8kYL6pV/rIpysFm2ksMmo5LpnYmOrFFwlaXwCnbwd82iM9woNeUOOHrsSmuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rVUR1YzHh8XosiUkmZJptt3CfUTIhEgigpj9T9d10p4=; b=CdA6oz/z2iul3+udEFgTjYQ5iWiykeVih2YT9f/HwyKnK4jG9xttAdMa44mWyc7+D0jlK/McV5wO6pClKjJECTchmvjXnaw0q8lGaGDkgRETdlO/Sp+3G8S3G2uWBsk5uSgTajxImfm/p/7HXlx9LHLXVSRRCmlS5jIIm1rFtkQ= Received: from PAXPR08MB6987.eurprd08.prod.outlook.com (2603:10a6:102:1df::15) by PA4PR08MB6077.eurprd08.prod.outlook.com (2603:10a6:102:e7::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.24; Fri, 16 Jul 2021 12:00:17 +0000 Received: from PAXPR08MB6987.eurprd08.prod.outlook.com ([fe80::cdae:9f67:6693:49d4]) by PAXPR08MB6987.eurprd08.prod.outlook.com ([fe80::cdae:9f67:6693:49d4%9]) with mapi id 15.20.4331.024; Fri, 16 Jul 2021 12:00:16 +0000 From: "Samer El-Haj-Mahmoud" To: "devel@edk2.groups.io" , "gjb@semihalf.com" CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , Sunny Wang , "mw@semihalf.com" , "upstream@semihalf.com" , "jiewen.yao@intel.com" , "jian.j.wang@intel.com" , "min.m.xu@intel.com" , "lersek@redhat.com" , Sami Mujawar , "afish@apple.com" , "ray.ni@intel.com" , "jordan.l.justen@intel.com" , "rebecca@bsdio.com" , "grehan@freebsd.org" , Thomas Abraham , "chasel.chiu@intel.com" , "nathaniel.l.desimone@intel.com" , "gaoliming@byosoft.com.cn" , "eric.dong@intel.com" , "michael.d.kinney@intel.com" , "zailiang.sun@intel.com" , "yi.qian@intel.com" , "graeme@nuviainc.com" , "rad@semihalf.com" , "pete@akeo.ie" , Samer El-Haj-Mahmoud Subject: Re: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys Thread-Topic: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys Thread-Index: AQHXeKwBzpDxDuXBeESs6zdLBuYp/atFgPQQ Date: Fri, 16 Jul 2021 12:00:16 +0000 Message-ID: References: <20210714122952.1340890-1-gjb@semihalf.com> In-Reply-To: <20210714122952.1340890-1-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Authentication-Results-Original: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=arm.com; x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: d59986a1-46a3-4d8a-f82b-08d948515e04 x-ms-traffictypediagnostic: PA4PR08MB6077:|AM0PR08MB3186: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: YpuTfIFEp0vDIuyBu8ddU3ToFgSwwqFp48LGmRiAUJ0lR+f+pl39zANs2m/QvXGT6yrD+v1xvkIyil2NOgEkNBHN/Wabvf2qGqPjvXYVSu1NjGOHs35Mx3QixMijJO5n3jdO2EpdAhCnvx3gr4bSSQoPjjNJQed17n+5ZDrHZem1zQg5oHBXhM6n+BBmpm7KvWUYjnJNG0wt43jI0fJCXUWNLek9hqOuKNhnjKvln9ghTm4UKwjuBe6hJuFjOvT9sBVbVS5igfhwzrBcDd5M5yWosbnVsBSUIS8tXjDwdRIQ2pdD7o+jG9FY/ktiIu/QBGkZlmQRVUt1FjZysiHLt+ko8ifeaaZxorLMy7NlLWTyWovJ78ZW26+FK6tsC+8cRslOmcYbpxM5IC3aoeMdCE6DAhzTHxs9P9c8ATztMU7BFXnnfW1uVudDghCpivnMDPnm9oj1ZXNqWdeG8dLS0K3voTdOVhf2Yrc+sKiUqAeiEshKMaDwW9tRVh3r14c6qTrorcFsUO5alMFgKMSUIxB/UpZ/enY8bn54vJGsDLMTZjkLqg8BlOuQeptYXy43HRtK6o5ZTQSklNXZ0a6KpN7FrTZykNeHAAZRlrLF/OjaRBw5b7YeuudIl9cLjmapugfYVx0jyTzWFXM22Y/cHA7onEcQakEf0HXChrx1CAiAt2Rw04ghHpOWr5oOFTxlGAb6AC2HHjUwJZr42l2TnBb05VU/xFkVDiyPARcQ2MN7xbtK37qoc3wsNOv1tyw4q5DK4LVbLiK9AcES6dLYE+N+JTQt01YcAPPv/o9vcvoHz/0Eu7wwN6pKqulzVjHc47yGWpxIdw0HU8BqINHzCg== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR08MB6987.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(376002)(396003)(346002)(366004)(136003)(66556008)(66446008)(26005)(64756008)(33656002)(52536014)(7696005)(19627235002)(66946007)(76116006)(66476007)(8676002)(186003)(9686003)(4326008)(122000001)(55016002)(54906003)(6506007)(53546011)(8936002)(5660300002)(83380400001)(478600001)(110136005)(86362001)(966005)(38100700002)(71200400001)(2906002)(316002)(7416002)(38070700004);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?WUuBb4BM86qyxBTXtjTc4ahiAxNkFZQrYYZ6vVV2NrFU6qDLvdtmioaFqNEU?= =?us-ascii?Q?ICqYyvfCq15guq6qc9em0NHYlCYoaCyJoskR4wmV/Xpe7ZMwLk6ASX3wXKkS?= =?us-ascii?Q?MUwrha7SoQeFoN5Jbseslz6jnUSynAqJlqmZOrYJdLJQJy2lnHAI85oCyN6t?= =?us-ascii?Q?j0KLOqGTuBWZrMDSmTOj8suw9lxHlXC507YbMsQDYpdRunH2hyRcysqGKW9q?= =?us-ascii?Q?4jPhcD/h65oloFP0IEdDr49ku8cPaZpqvTTjgGE8kT+2psSJuqgKe0hg2W9s?= =?us-ascii?Q?OH77P8FTGsQde7MrlmtwsyOScRzy6vnNo0ls/+PM2D0pldfm/ANZgmza5atc?= =?us-ascii?Q?s7O7KG36zV3zJXsSfKbl50F1PnvRIJu3GpnbTVl23R9B/vL/44EwzLEE7/Me?= =?us-ascii?Q?oCDjdVOrDLsQIHWVZHJXezGJXoqFe1tXZdGAkJx7ieh+I/3oIr7zTGw97J6B?= =?us-ascii?Q?xaAN/GJoAYW68GwuO6GGd9nDryBbnDXytO8WtkHcQAFxXfYWoL3dZBUh+153?= =?us-ascii?Q?yeiBUjs1Laz0ne3HqEj9hnF8rQOiPrfno+SG05god+VqMl5ZEQUiEuTWEjhp?= =?us-ascii?Q?2GwQ44sghd/m1zOK+2WyKgkM4K6r1Q10jnxXDYo4oFljP+kBr0XPCZ9wUAqO?= =?us-ascii?Q?eB41lSu4namgoPGXYrT9S9hsH+igweniatr2PagOow5aUKPYWNH3awVHyGmA?= =?us-ascii?Q?HP6flzEQi0tdlLd6czfZLNYQMXR2nwRUw1zfqurz130AHQuB2iE3cV0b0mHo?= =?us-ascii?Q?mmSYI0j4CiVbJi+IBPbtrqdu0e9EXqsFAJl4/FWm9epjnUXhDfpiiGakWMw0?= =?us-ascii?Q?HCcB1eB1guc8I86ZMbnA4QWRbU8yM8usIP/Uk8ZZ/EXACCfHb7UxbxX287O4?= =?us-ascii?Q?EjyT3rSZGRoZwsVvjiFeGtR9cD3EdKgCKjWSA2oQEug4b0DvoOORaqMgAit/?= =?us-ascii?Q?KAoV4MwxwTk0db5D/Q7jgufnNSzuaXqMvLhlNI7L0NdNKUTU6qmrpdOfPPUC?= =?us-ascii?Q?Cbpz8UQNYwiRR3DCbnY6vw1TREbjhdxop6uzdtQXSUIyJnVHpJX36paKQo6i?= =?us-ascii?Q?UXnnHp5UWH6TQy6uE+8Wb6fDjRg8XsTkpQY3eQ5vaSaQEFdBC8xGgy+Qqxzw?= =?us-ascii?Q?uWo70GTL7kT9soITXw+g3E1VuZNY0mMo9lPL1PCB2CZfoFFI1IA/V+vnR60D?= =?us-ascii?Q?jv5Blri/ufC3yDaTkqGjJrQKPmXv73u/F5S+2deZ1oFO3QUuPoaH087Xw0Qn?= =?us-ascii?Q?OvTCCFZeMqsM1m7NW5sGMNQthcxL5g69odk22ZYiRlq84llTYnprE/1MY/f3?= =?us-ascii?Q?z/8moL/Le1vsnT04T7rL/kp4?= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR08MB6077 Original-Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=arm.com; Return-Path: Samer.El-Haj-Mahmoud@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT007.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 53e10ee0-76e1-43b7-f5fb-08d9485146f1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: gH0BDmWOHXVK2HRTwog0OHdtWR7ZCFdBfsVnGRu60bh3AwcnW1AevTadIRZfXmEmY2t/duogFi9lQE67MhwYys9KlFdmwuxZAB6G6FkBJojGGnGbj5tOhT/IK5yOpGXtvX4CswttWhMXBTtmdsxTipfq+syiiyhLy+0oIuJ9ySJA/sd2KJInsLPB6ZlGWa5YSkIQ/ydPur3/LWshtnt4hiOM5KRBmZnLie+KdmoWyaAU7/EW8la42Dy01g6Hwc+pvZe/FgRJ2SXRgtotb4TOTcuB0p5txEP9eknWFFKtwNAO7TLWum5eaBB6Ov0XICtijzQZyQPDhISfo24bZecI1cjbVb8+g1hhC2IO7N2SKDmgF/BclV7DcDBysrwYyat3BHkJV4SztYHv1FHBPdKQnOx/jTkBt486bW2tSpfKHfTCJswsXYeZ/yzSoTRr0gKcZIhnbMvVREO/o1woKZoo4wet9Rq+O6rhvJIoPErQADlVH2vSeNjwx1Y8Dh5FDgDNFFfRkavGea9VlgTt8eRLSkLGLMP/4o5mArdshwarjSPJZGTc2iReovJPW9h/VEqEZD6zABYceF0CZ/IzaQbCR5tgqvHCIp7nTnlphXKvhR4DlTgr5fh5GKfUZEwtrGrRBnkCpP8g0FBLlZMIG9qC39wWlZIpjPeTng1CBIvTc1pDMF+WrRMQPuGWTuVuhto3fYbuLnuMUC36V7E93fpvDo1d/XUsCWSpSfocmPzOvWLqWmTxos22JlClkCuPOqmaXVavUhyCMbAIFjeg1H7PztGyt/rnEOreR0r85irnygawSP6OFvVtkzXRaigFCJypj6PmBX/wg4tQ4QkW6+YM/g== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(46966006)(36840700001)(47076005)(356005)(336012)(81166007)(110136005)(82310400003)(8936002)(316002)(52536014)(2906002)(8676002)(54906003)(9686003)(966005)(186003)(83380400001)(7696005)(508600001)(19627235002)(6506007)(55016002)(86362001)(26005)(33656002)(70586007)(4326008)(70206006)(53546011)(5660300002)(36860700001);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jul 2021 12:00:55.5871 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d59986a1-46a3-4d8a-f82b-08d948515e04 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT007.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3186 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The v6 of this series seems to have all the necessary Reviewed-By (and some= Tested-By) of all parts, except the following platform specific parts. Cou= ld we get help from maintainers to review these please? Much appreciated! - ArmVirtPkg : https://edk2.groups.io/g/devel/message/77772 - ArmPlatformPkg: https://edk2.groups.io/g/devel/message/77775 - EmulatorPkg: https://edk2.groups.io/g/devel/message/77773 - Intel Platforms (Platform/Intel/QuarkPlatformPkg, Platform/Intel/MinPlat= formPkg, Platform/Intel/Vlv2TbltDevicePkg): https://edk2.groups.io/g/devel/= message/77781 Thanks, --Samer > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of > Grzegorz Bernacki via groups.io > Sent: Wednesday, July 14, 2021 8:30 AM > To: devel@edk2.groups.io > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud > ; Sunny Wang > ; mw@semihalf.com; upstream@semihalf.com; > jiewen.yao@intel.com; jian.j.wang@intel.com; min.m.xu@intel.com; > lersek@redhat.com; Sami Mujawar ; > afish@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com; > rebecca@bsdio.com; grehan@freebsd.org; Thomas Abraham > ; chasel.chiu@intel.com; > nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn; > eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com; > yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; > pete@akeo.ie; Grzegorz Bernacki > Subject: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys > > This patchset adds support for initialization of default > Secure Boot variables based on keys content embedded in > flash binary. This feature is active only if Secure Boot > is enabled and DEFAULT_KEY is defined. The patchset > consist also application to enroll keys from default > variables and secure boot menu change to allow user > to reset key content to default values. > Discussion on design can be found at: > https://edk2.groups.io/g/rfc/topic/82139806#600 > > Built with: > GCC > - RISC-V (U500, U540) [requires fixes in dsc to build] > - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg, > EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32)) > - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4) > > RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be = built, > will be post on edk2 maillist later > > VS2019 > - Intel (OvmfPkgX64) > > Test with: > GCC5/RPi4 > VS2019/OvmfX64 (requires changes to enable feature) > > Tests: > 1. Try to enroll key in incorrect format. > 2. Enroll with only PKDefault keys specified. > 3. Enroll with all keys specified. > 4. Enroll when keys are enrolled. > 5. Reset keys values. > 6. Running signed & unsigned app after enrollment. > > Changes since v1: > - change names: > SecBootVariableLib =3D> SecureBootVariableLib > SecBootDefaultKeysDxe =3D> SecureBootDefaultKeysDxe > SecEnrollDefaultKeysApp =3D> EnrollFromDefaultKeysApp > - change name of function CheckSetupMode to GetSetupMode > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > - rebase to master > > Changes since v2: > - fix coding style for functions headers in SecureBootVariableLib.h > - add header to SecureBootDefaultKeys.fdf.inc > - remove empty line spaces in SecureBootDefaultKeysDxe files > - revert FAIL macro in EnrollFromDefaultKeysApp > - remove functions duplicates and add SecureBootVariableLib > to platforms which used it > > Changes since v3: > - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg > - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib > - fix typo in guid description > > Changes since v4: > - reorder patches to make it bisectable > - split commits related to more than one platform > - move edk2-platform commits to separate patchset > > Changes since v5: > - split SecureBootVariableLib into SecureBootVariableLib and > SecureBootVariableProvisionLib > > Grzegorz Bernacki (11): > SecurityPkg: Create SecureBootVariableLib. > SecurityPkg: Create library for enrolling Secure Boot variables. > ArmVirtPkg: add SecureBootVariableLib class resolution > OvmfPkg: add SecureBootVariableLib class resolution > EmulatorPkg: add SecureBootVariableLib class resolution > SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. > ArmPlatformPkg: Create include file for default key content. > SecurityPkg: Add SecureBootDefaultKeysDxe driver > SecurityPkg: Add EnrollFromDefaultKeys application. > SecurityPkg: Add new modules to Security package. > SecurityPkg: Add option to reset secure boot keys. > > SecurityPkg/SecurityPkg.dec = | 14 + > ArmVirtPkg/ArmVirt.dsc.inc = | 2 + > EmulatorPkg/EmulatorPkg.dsc = | 2 + > OvmfPkg/Bhyve/BhyveX64.dsc = | 2 + > OvmfPkg/OvmfPkgIa32.dsc = | 2 + > OvmfPkg/OvmfPkgIa32X64.dsc = | 2 + > OvmfPkg/OvmfPkgX64.dsc = | 2 + > SecurityPkg/SecurityPkg.dsc = | 5 + > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > | 48 ++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > | 80 +++ > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.inf | 80 +++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > gDxe.inf | 3 + > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.inf | 46 ++ > SecurityPkg/Include/Library/SecureBootVariableLib.h = | 153 > ++++++ > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > | 134 +++++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > gNvData.h | 2 + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > g.vfr | 6 + > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > | 110 +++++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > | 511 ++++++++++++++++++++ > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.c | 491 +++++++++++++++++++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > gImpl.c | 344 ++++++------- > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.c | 69 +++ > ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc = | 70 > +++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > | 17 + > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.uni | 16 + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > gStrings.uni | 4 + > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.uni | 16 + > 27 files changed, 2043 insertions(+), 188 deletions(-) > create mode 100644 > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > create mode 100644 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.inf > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.inf > create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h > create mode 100644 > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > create mode 100644 > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > create mode 100644 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.c > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.c > create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > create mode 100644 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > visionLib.uni > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > DefaultKeysDxe.uni > > -- > 2.25.1 > > > >=20 > IMPORTANT NOTICE: The contents of this email and any attachments are confi= dential and may also be privileged. If you are not the intended recipient, = please notify the sender immediately and do not disclose the contents to an= y other person, use it for any purpose, or store or copy the information in= any medium. Thank you.