From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web08.3265.1623718378131066978 for ; Mon, 14 Jun 2021 17:52:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=q/s9Lz3e; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com) IronPort-SDR: daXAk3HDqJwW5SeTzP2pqjfb32M990ZDlotBQsQfDBuGsNbcLq+teufnZq++EQTt5578gUHaUQ e7rdfhMsw6vA== X-IronPort-AV: E=McAfee;i="6200,9189,10015"; a="202877748" X-IronPort-AV: E=Sophos;i="5.83,273,1616482800"; d="scan'208";a="202877748" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jun 2021 17:52:56 -0700 IronPort-SDR: 7iUaEsliOYgHbL8XyuSCQ+4Fy1yP8yw6TaE9qXocT/8kwGsVe9f+ywz0wRDG67tZFzy4/OFJoK bClufxO1fXnw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,273,1616482800"; d="scan'208";a="403817799" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga006.jf.intel.com with ESMTP; 14 Jun 2021 17:52:56 -0700 Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Mon, 14 Jun 2021 17:52:56 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Mon, 14 Jun 2021 17:52:55 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4 via Frontend Transport; Mon, 14 Jun 2021 17:52:55 -0700 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.42) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.4; Mon, 14 Jun 2021 17:52:55 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z+aeVQhyKtb0/uPaR0kHDgqtazMx+6VQgnzFVdMMsM0Ee2Xl3ZNq1z/7CINRFVqzeXvwaLMfo7ihf6wpNRaMhk1eOLmH/nhrqSxf4k55XWhM0NCDSoDNx1QFjM9HA/WNUdGJgC7sh50/t5kXu7KREIvYNgE2+eZAglQ+WQU/BuywuYfdV82rdWH2RrxHEGSN4k+SnRmLQyJgIa+dQO23NZ9hSrd/dqmyhlITci64LfffWzWNzTrkZnzm+0oxsVwUW5diWZq9asNgp2H3V6SFUcB6VhAIDvK8Wpsil/D9yAvznyzOKbKHx2JrIos9/Klet+rgulSNHKUJxY1wuWKZ2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r9lB+FHGMcFZd0/007AOlqHCD6WWjVKmMTSlf4R/zGk=; b=VnBW3M1RS1ZpBES/Iurap1HcV+eozn/Y+lgYl9muHrBhsUY+qjdna5pWXb/6izXI+cmekMBynSkfbrKFdNqVSfCOg1HVPcOVmUR33O3fzIF422hlVL5LifM0XTeYe26BijynEIgjl4Axqj08MMxu43jMrX1hSYjnuqj3FA0bWCZiEPdICQw1ZmdVLRNyAbBmqRwudSHFPNzh95a/KBjQp9WjMlf7e7rAvXjyD9BY/eqpZjTU42GwUKFTViQ1UqLAJq+nr+ONjQ6+JJiEqK/4fIGS/EBZ5GLLCpnFqSOi1UNr33NdSTsNzdEkrPqSlWOyxE7qYbG8Zkj5DpzgJwvDPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r9lB+FHGMcFZd0/007AOlqHCD6WWjVKmMTSlf4R/zGk=; b=q/s9Lz3eBwe71dzA17phrygvhoIkmpYobvoOZCMP1awnDiZNvCulLtup2/GnoqDXyx+4lDwtRpjMgtVLOgbZ/b8FcEcv4HwSMcj0azq+EnG/Yy4i0saSsUSGmHzLKOj1T+Oz/nbzyB/JgETLRCaPJOPUDdcbPFt5M5eUZgFkDC8= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5000.namprd11.prod.outlook.com (2603:10b6:510:41::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.24; Tue, 15 Jun 2021 00:52:50 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::ec2d:6525:e689:50e6]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::ec2d:6525:e689:50e6%6]) with mapi id 15.20.4219.025; Tue, 15 Jun 2021 00:52:50 +0000 From: "Yao, Jiewen" To: Grzegorz Bernacki , "devel@edk2.groups.io" CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , "Samer.El-Haj-Mahmoud@arm.com" , "sunny.Wang@arm.com" , "mw@semihalf.com" , "upstream@semihalf.com" , "Wang, Jian J" , "Xu, Min M" , "lersek@redhat.com" , "sami.mujawar@arm.com" , "afish@apple.com" , "Ni, Ray" , "Justen, Jordan L" , "rebecca@bsdio.com" , "grehan@freebsd.org" , "thomas.abraham@arm.com" , "Chiu, Chasel" , "Desimone, Nathaniel L" , "gaoliming@byosoft.com.cn" , "Dong, Eric" , "Kinney, Michael D" , "Sun, Zailiang" , "Qian, Yi" , "graeme@nuviainc.com" , "rad@semihalf.com" , "pete@akeo.ie" Subject: Re: [PATCH v3 3/8] SecurityPkg: Create include file for default key content. Thread-Topic: [PATCH v3 3/8] SecurityPkg: Create include file for default key content. Thread-Index: AQHXYQHI7vk23VFr2kqtGkBqkwtK7KsUPjBw Date: Tue, 15 Jun 2021 00:52:50 +0000 Message-ID: References: <20210614094308.2314345-1-gjb@semihalf.com> <20210614094308.2314345-6-gjb@semihalf.com> In-Reply-To: <20210614094308.2314345-6-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 02291d18-158f-4219-d2ce-08d92f97e6bc x-ms-traffictypediagnostic: PH0PR11MB5000: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: UajwoJjrehofIzfuiP3Oyz0hx4AEAHWZHCHXrXl2LXui+PBD7Rq19ZBTG3caW4coeBTL34mqJtpMEwr4cqDZFovf3L317MlEq82HW3Towr9knt0DA9qLUk1RQHK4QfmpFa2wl6osuZ8a9IfGCZvuPkRYm/zAcDrLALmmeg3xi4vn3yI232p1OPLWqPUU0MOL/mUjYpxioEp3/EoUlfV1SSag3XWmINUxS9lVziNQa6AlmG6HOci4rrHw1O153noDAGaXEjzv5MHR6eXwp7FnW/KWbq9+Hg3xBNelQiNn08B5PGYJpsDkViQvYnyPXXB0R+ITZeztWm5Il8gkYPlLfK8VeAK0IguWu/GhGAAwEo6svpuFHQuhGdGMnJDv3ov901kpABpa07a89kVctzF3CxttsWyFGHThKZL3IsAJeG7Nzqjh0R9au78am3CtIUpKSR4LWRpCGb4M48JZRsUm7aKdFBqPxJjfh2EDQE2ggaF+CFZM5ACjBDm24b/xIn1mt0nELIoYoaaaVCDeGxYJb4F1/e3AayT264j0bLOZvEtP6gBL4szJl81PYRGkEDExM49v1dM3XVBJzZPHLO36Qv+PIt0Yh6T54yXuIiLQ+lA= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(396003)(39860400002)(376002)(366004)(346002)(136003)(83380400001)(33656002)(110136005)(66446008)(122000001)(38100700002)(54906003)(186003)(26005)(7696005)(66946007)(76116006)(478600001)(316002)(64756008)(86362001)(52536014)(55016002)(2906002)(5660300002)(7416002)(9686003)(8676002)(15650500001)(53546011)(6506007)(4326008)(66556008)(8936002)(71200400001)(66476007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?IEky/MIN3+LUfSh2ecYhtXsIg23okkWYi/YkDIDBia9JAz2zo9IfDlR/rfJE?= =?us-ascii?Q?gh6rf+8JpBW9OrvTD+BUMstJwnNsFZV1vBx8lWSYvLca1mWJSUq3Qyj54gPj?= =?us-ascii?Q?CKUEz72dCRWwsZzZl2Ob44VxmnC+4Gy59YY8ZM68+pe2xAebT2lG5IZH0q/k?= =?us-ascii?Q?fRqSqgEs/IobzBNGufLG/Jv7V2elXEIZY5Ox4RAk+soC3cWjeE6qRTizVfxs?= =?us-ascii?Q?kGCwpYo26R9t6P891eWBmNW+x2i/r5C/Wz4+RFdjVV6uHNE7mBTFsXaKcaEJ?= =?us-ascii?Q?Yh7hE3L0/HE4Fv0KjZw0SVG+5uzXYWfABethFPyOPskA5GeIRUhwB2304jso?= =?us-ascii?Q?AKlxh5Kv42KqOBVpLmzsFEE4mtHwxEhYD+s+T3HcM2T57/kUv6ORaBT6jYV6?= =?us-ascii?Q?1fZnyVkUusQoR0jnkpgNUhipapkGonx/YcXzV7V5yTxeDDl6+xOmkeLjBmlM?= =?us-ascii?Q?VqgDFUHAzylaxHrSmunyU36ahaw+XuAPEpgzTwOguiv12X3KIF/F1igsD9dO?= =?us-ascii?Q?ATehbGtlkIVdA5FYBlY9hcWdO+5VOqzJp7Y1+3z30M2E4ywVZPzqI7TVhP8c?= =?us-ascii?Q?X0FaBoftxGeO1l7xuYv3fPca1F6Bo6R6GaIYaOYdh1ZsfHXGYzl/I3s6hCb/?= =?us-ascii?Q?yTQqYB6lyuOw4sZyhgk1kAEqMIgI0zwuI19mWiERRXwF6nPTxfIb2gu03vz8?= =?us-ascii?Q?x+kGxdGe3+ACgOCjLwJueSPUwkq9NOpzw7JQefjl9/X+1hhcg7VNyL/Np6We?= =?us-ascii?Q?Cjee/0xV/N3ADmYGPY+yBDT8U/1/XyTqhDb3Ukkd98HOZevwDMQEZ7I2PebU?= =?us-ascii?Q?SH3fU2u4PrmyKMqc4f0PYhRv+AmHojXgs3dOVd4y+QHKeawTOz3HaWCosFZt?= =?us-ascii?Q?95qCu+WxsrTJm56rROWi5MzyIJXNCEigVUbiProB5cPfjEemTrWDkiHS0meT?= =?us-ascii?Q?M2GyLJNSaoZFuYi4zJbzqXPOgWFeEQDkeitc1lB367Wp3jwTLQFqDCRL5qsM?= =?us-ascii?Q?W+hrCA5IDpC8WD8hWU+FUnCKrkFkV6ZfX/LlI86FNFATahbthd44+0q61cNh?= =?us-ascii?Q?LJHI3aGe9jli1+cgwfLrZBksNmrBJxNRDV0lVlFzIxGDW71FKzZp5DTtxR3K?= =?us-ascii?Q?8IvzkYPXBOFALt/J1cq5yI3XrxSAZ8WQHCUqXtlaO1sndocjAeXoxb9FprZe?= =?us-ascii?Q?bQhVw7GmY5sXxfUbOgAvGjY4TcpcnIbXbpTdwI/qmgiTgcAuG2r2xvDY+L2j?= =?us-ascii?Q?XlFRNEs+2dCBMsVul5dyTrN1yNEN69aVESi/iZiVXZ7LWyWZwT90Wp9XdliI?= =?us-ascii?Q?hM6YvRWoet+Eagt9BBLFAJSF?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 02291d18-158f-4219-d2ce-08d92f97e6bc X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jun 2021 00:52:50.5774 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: bxjJylhqFqDSEJMV8fQ6qwnTY6Ki6L5HTQvBF9MebbhSVM+UysaX1XUfd/bRCE5KqgOgTgvseIgc0uur/8FJCg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5000 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi I am not sure why we hardcode 3 items for each. Can we move this fdf to platform pkg, instead of security pkg ? Thank you Yao Jiewen > -----Original Message----- > From: Grzegorz Bernacki > Sent: Monday, June 14, 2021 5:43 PM > To: devel@edk2.groups.io > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj- > Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com; > upstream@semihalf.com; Yao, Jiewen ; Wang, Jian J > ; Xu, Min M ; > lersek@redhat.com; sami.mujawar@arm.com; afish@apple.com; Ni, Ray > ; Justen, Jordan L ; > rebecca@bsdio.com; grehan@freebsd.org; thomas.abraham@arm.com; Chiu, > Chasel ; Desimone, Nathaniel L > ; gaoliming@byosoft.com.cn; Dong, Eric > ; Kinney, Michael D ; Su= n, > Zailiang ; Qian, Yi ; > graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Grzegorz Bernacki > > Subject: [PATCH v3 3/8] SecurityPkg: Create include file for default key = content. >=20 > This commits add file which can be included by platform Flash > Description File. It allows to specify certificate files, which > will be embedded into binary file. The content of these files > can be used to initialize Secure Boot default keys and databases. >=20 > Signed-off-by: Grzegorz Bernacki > --- > SecurityPkg/SecureBootDefaultKeys.fdf.inc | 70 ++++++++++++++++++++ > 1 file changed, 70 insertions(+) > create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc >=20 > diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc > b/SecurityPkg/SecureBootDefaultKeys.fdf.inc > new file mode 100644 > index 0000000000..bf4f2d42de > --- /dev/null > +++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc > @@ -0,0 +1,70 @@ > +## @file > +# FDF include file which allows to embed Secure Boot keys > +# > +# Copyright (c) 2021, ARM Limited. All rights reserved. > +# Copyright (c) 2021, Semihalf. All rights reserved. > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > + > +!if $(DEFAULT_KEYS) =3D=3D TRUE > + FILE FREEFORM =3D 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { > + !ifdef $(PK_DEFAULT_FILE) > + SECTION RAW =3D $(PK_DEFAULT_FILE) > + !endif > + SECTION UI =3D "PK Default" > + } > + > + FILE FREEFORM =3D 6f64916e-9f7a-4c35-b952-cd041efb05a3 { > + !ifdef $(KEK_DEFAULT_FILE1) > + SECTION RAW =3D $(KEK_DEFAULT_FILE1) > + !endif > + !ifdef $(KEK_DEFAULT_FILE2) > + SECTION RAW =3D $(KEK_DEFAULT_FILE2) > + !endif > + !ifdef $(KEK_DEFAULT_FILE3) > + SECTION RAW =3D $(KEK_DEFAULT_FILE3) > + !endif > + SECTION UI =3D "KEK Default" > + } > + > + FILE FREEFORM =3D c491d352-7623-4843-accc-2791a7574421 { > + !ifdef $(DB_DEFAULT_FILE1) > + SECTION RAW =3D $(DB_DEFAULT_FILE1) > + !endif > + !ifdef $(DB_DEFAULT_FILE2) > + SECTION RAW =3D $(DB_DEFAULT_FILE2) > + !endif > + !ifdef $(DB_DEFAULT_FILE3) > + SECTION RAW =3D $(DB_DEFAULT_FILE3) > + !endif > + SECTION UI =3D "DB Default" > + } > + > + FILE FREEFORM =3D 36c513ee-a338-4976-a0fb-6ddba3dafe87 { > + !ifdef $(DBT_DEFAULT_FILE1) > + SECTION RAW =3D $(DBT_DEFAULT_FILE1) > + !endif > + !ifdef $(DBT_DEFAULT_FILE2) > + SECTION RAW =3D $(DBT_DEFAULT_FILE2) > + !endif > + !ifdef $(DBT_DEFAULT_FILE3) > + SECTION RAW =3D $(DBT_DEFAULT_FILE3) > + !endif > + SECTION UI =3D "DBT Default" > + } > + > + FILE FREEFORM =3D 5740766a-718e-4dc0-9935-c36f7d3f884f { > + !ifdef $(DBX_DEFAULT_FILE1) > + SECTION RAW =3D $(DBX_DEFAULT_FILE1) > + !endif > + !ifdef $(DBX_DEFAULT_FILE2) > + SECTION RAW =3D $(DBX_DEFAULT_FILE2) > + !endif > + !ifdef $(DBX_DEFAULT_FILE3) > + SECTION RAW =3D $(DBX_DEFAULT_FILE3) > + !endif > + SECTION UI =3D "DBX Default" > + } > + > +!endif > -- > 2.25.1