Re: [PATCH v3 3/8] SecurityPkg: Create include file for default key content.

["Yao, Jiewen" <jiewen.yao@intel.com>]

Hi
I am not sure why we hardcode 3 items for each.

Can we move this fdf to platform pkg, instead of security pkg ?

Thank you
Yao Jiewen

> -----Original Message-----
> From: Grzegorz Bernacki <gjb@semihalf.com>
> Sent: Monday, June 14, 2021 5:43 PM
> To: devel@edk2.groups.io
> Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj-
> Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com;
> upstream@semihalf.com; Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>;
> lersek@redhat.com; sami.mujawar@arm.com; afish@apple.com; Ni, Ray
> <ray.ni@intel.com>; Justen, Jordan L <jordan.l.justen@intel.com>;
> rebecca@bsdio.com; grehan@freebsd.org; thomas.abraham@arm.com; Chiu,
> Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; gaoliming@byosoft.com.cn; Dong, Eric
> <eric.dong@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Sun,
> Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>;
> graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Grzegorz Bernacki
> <gjb@semihalf.com>
> Subject: [PATCH v3 3/8] SecurityPkg: Create include file for default key content.
> 
> This commits add file which can be included by platform Flash
> Description File. It allows to specify certificate files, which
> will be embedded into binary file. The content of these files
> can be used to initialize Secure Boot default keys and databases.
> 
> Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
> ---
>  SecurityPkg/SecureBootDefaultKeys.fdf.inc | 70 ++++++++++++++++++++
>  1 file changed, 70 insertions(+)
>  create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc
> 
> diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc
> b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
> new file mode 100644
> index 0000000000..bf4f2d42de
> --- /dev/null
> +++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
> @@ -0,0 +1,70 @@
> +## @file
> +# FDF include file which allows to embed Secure Boot keys
> +#
> +#  Copyright (c) 2021, ARM Limited. All rights reserved.
> +#  Copyright (c) 2021, Semihalf. All rights reserved.
> +#
> +#  SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +
> +!if $(DEFAULT_KEYS) == TRUE
> +  FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
> +  !ifdef $(PK_DEFAULT_FILE)
> +    SECTION RAW = $(PK_DEFAULT_FILE)
> +  !endif
> +    SECTION UI = "PK Default"
> +  }
> +
> +  FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
> +  !ifdef $(KEK_DEFAULT_FILE1)
> +    SECTION RAW = $(KEK_DEFAULT_FILE1)
> +  !endif
> +  !ifdef $(KEK_DEFAULT_FILE2)
> +    SECTION RAW = $(KEK_DEFAULT_FILE2)
> +  !endif
> +  !ifdef $(KEK_DEFAULT_FILE3)
> +    SECTION RAW = $(KEK_DEFAULT_FILE3)
> +  !endif
> +    SECTION UI = "KEK Default"
> +  }
> +
> +  FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
> +  !ifdef $(DB_DEFAULT_FILE1)
> +    SECTION RAW = $(DB_DEFAULT_FILE1)
> +  !endif
> +  !ifdef $(DB_DEFAULT_FILE2)
> +    SECTION RAW = $(DB_DEFAULT_FILE2)
> +  !endif
> +  !ifdef $(DB_DEFAULT_FILE3)
> +    SECTION RAW = $(DB_DEFAULT_FILE3)
> +  !endif
> +    SECTION UI = "DB Default"
> +  }
> +
> +  FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 {
> +  !ifdef $(DBT_DEFAULT_FILE1)
> +    SECTION RAW = $(DBT_DEFAULT_FILE1)
> +  !endif
> +  !ifdef $(DBT_DEFAULT_FILE2)
> +    SECTION RAW = $(DBT_DEFAULT_FILE2)
> +  !endif
> +  !ifdef $(DBT_DEFAULT_FILE3)
> +    SECTION RAW = $(DBT_DEFAULT_FILE3)
> +  !endif
> +    SECTION UI = "DBT Default"
> +  }
> +
> +  FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f {
> +  !ifdef $(DBX_DEFAULT_FILE1)
> +    SECTION RAW = $(DBX_DEFAULT_FILE1)
> +  !endif
> +  !ifdef $(DBX_DEFAULT_FILE2)
> +    SECTION RAW = $(DBX_DEFAULT_FILE2)
> +  !endif
> +  !ifdef $(DBX_DEFAULT_FILE3)
> +    SECTION RAW = $(DBX_DEFAULT_FILE3)
> +  !endif
> +    SECTION UI = "DBX Default"
> +  }
> +
> +!endif
> --
> 2.25.1