From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by mx.groups.io with SMTP id smtpd.web11.4989.1625572645934812291
 for <devel@edk2.groups.io>;
 Tue, 06 Jul 2021 04:57:26 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=du5UTCDZ;
 spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jiewen.yao@intel.com)
X-IronPort-AV: E=McAfee;i="6200,9189,10036"; a="230828433"
X-IronPort-AV: E=Sophos;i="5.83,328,1616482800"; 
   d="scan'208";a="230828433"
Received: from orsmga001.jf.intel.com ([10.7.209.18])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jul 2021 04:57:24 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.83,328,1616482800"; 
   d="scan'208";a="491299047"
Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84])
  by orsmga001.jf.intel.com with ESMTP; 06 Jul 2021 04:57:23 -0700
Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by
 fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.10; Tue, 6 Jul 2021 04:57:23 -0700
Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by
 fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.10; Tue, 6 Jul 2021 04:57:23 -0700
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by
 fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.10 via Frontend Transport; Tue, 6 Jul 2021 04:57:23 -0700
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.49) by
 edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.4; Tue, 6 Jul 2021 04:57:22 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=BXGbFPPby3PRGdWsXeo9O3425sPD87m5wc/+QJH4jVzxriSKKsaISgqVBJiHqXanoHToU8+y50eLJMwj6mkq4pGMdZ517EVTtkJ2TAZa2+6HvsnvOSBpu0qWs7xcPf0cpe3Zgyrgdxg/e42p/UunCHnHf2fa+8V43W5H/8Gd+QxLUYK2VK+ADvOJJSkoBh3iAfgH2Ah0O4lwl7vkXFXvJY8yby4ndfvUvtc3Q3X0Hlc0PCxLY+R8AvVf8ipxogJPmrtPBZYNGFsuacgWJ/erBooHRx8qAPx8IXmuE9OHdp8e/B5GPr2kMOFki2cLdj8+UQjkMCVxrR+/ZG16rS7SXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Z0stuM3rfM5ekE7KyptNpJYoOmXtufOQbofdFk05Kv8=;
 b=Lgw6/apWAOv2zwekG5iyBkdD/HoZLspZeWMUf0GYDAZH7bK1bvmxUNmLwrDouTPtHK9GfQXxE66s9F3sVRsXeqzTY52eRXYeleb1nEdlljPs5j7nlDfhb5LincmJbOSvELjXsURMZYvCxJLqzeJkfAnBXMov111hcv84DobQMaIrNwGFbMHL49o3QGQcEq8QrY4FjSjm0BPcjjK5f6iQqeTb6p5pfd9HURrpNQn4k9avesxeuDOG8Tcu8aQkdVidmw2H37GgO1XmLXstIAdkx7exusQb54Uayjf6wTqqB0q0GO7akS3zSLxkq/mj9SVQ2HeJa13fB+DX1tcCN+I5tQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Z0stuM3rfM5ekE7KyptNpJYoOmXtufOQbofdFk05Kv8=;
 b=du5UTCDZWeKZOUbPM5xtiTbj94DpLK0fwiCtlQJaSCVaWVNv8V/GhQLuhIv+hhCvafURAmbC3Ew2ynLANYuhOL4zko4K/hqJImPehfVupmcJXrFGtz132z5eEItyokHB7/yanEvFVPvwigq/9E5Za6Gjdn8SQ9i9sJZuJEKEcO0=
Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14)
 by PH0PR11MB4981.namprd11.prod.outlook.com (2603:10b6:510:39::6) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.19; Tue, 6 Jul
 2021 11:57:18 +0000
Received: from PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::6c99:8170:1c3c:9121]) by PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::6c99:8170:1c3c:9121%3]) with mapi id 15.20.4287.033; Tue, 6 Jul 2021
 11:57:18 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Grzegorz Bernacki <gjb@semihalf.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "leif@nuviainc.com" <leif@nuviainc.com>, "ardb+tianocore@kernel.org"
	<ardb+tianocore@kernel.org>, "Samer.El-Haj-Mahmoud@arm.com"
	<Samer.El-Haj-Mahmoud@arm.com>, "sunny.Wang@arm.com" <sunny.Wang@arm.com>,
	"mw@semihalf.com" <mw@semihalf.com>, "upstream@semihalf.com"
	<upstream@semihalf.com>, "Wang, Jian J" <jian.j.wang@intel.com>, "Xu, Min M"
	<min.m.xu@intel.com>, "lersek@redhat.com" <lersek@redhat.com>,
	"sami.mujawar@arm.com" <sami.mujawar@arm.com>, "afish@apple.com"
	<afish@apple.com>, "Ni, Ray" <ray.ni@intel.com>, "Justen, Jordan L"
	<jordan.l.justen@intel.com>, "rebecca@bsdio.com" <rebecca@bsdio.com>,
	"grehan@freebsd.org" <grehan@freebsd.org>, "thomas.abraham@arm.com"
	<thomas.abraham@arm.com>, "Chiu, Chasel" <chasel.chiu@intel.com>, "Desimone,
 Nathaniel L" <nathaniel.l.desimone@intel.com>, "gaoliming@byosoft.com.cn"
	<gaoliming@byosoft.com.cn>, "Dong, Eric" <eric.dong@intel.com>, "Kinney,
 Michael D" <michael.d.kinney@intel.com>, "Sun, Zailiang"
	<zailiang.sun@intel.com>, "Qian, Yi" <yi.qian@intel.com>,
	"graeme@nuviainc.com" <graeme@nuviainc.com>, "rad@semihalf.com"
	<rad@semihalf.com>, "pete@akeo.ie" <pete@akeo.ie>, Sunny Wang
	<sunny.wang@arm.com>
Subject: Re: [PATCH v5 09/10] SecurityPkg: Add new modules to Security package.
Thread-Topic: [PATCH v5 09/10] SecurityPkg: Add new modules to Security
 package.
Thread-Index: AQHXbloZngiHUkQT60ew3qGDyR226Ks132lQ
Date: Tue, 6 Jul 2021 11:57:18 +0000
Message-ID: <PH0PR11MB48859BF0C75249C73123172B8C1B9@PH0PR11MB4885.namprd11.prod.outlook.com>
References: <20210701091758.1057485-1-gjb@semihalf.com>
 <20210701091758.1057485-10-gjb@semihalf.com>
In-Reply-To: <20210701091758.1057485-10-gjb@semihalf.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.5.1.3
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: semihalf.com; dkim=none (message not signed)
 header.d=none;semihalf.com; dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bc60f753-d0da-473b-5c97-08d9407534a0
x-ms-traffictypediagnostic: PH0PR11MB4981:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB4981951391E86C9B09491DFF8C1B9@PH0PR11MB4981.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3044;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: S3xciMI7s/WhkFPtberUgZHLqmH9Jlw2BeTAcO1c2hadHQl3U9fb1UejOqZRfrRYf/F2rcKlwswEndad0RKR4tuKHOBudwLuO+pn6gJODAytddTXoO4r0nVnBRlBY5G/x47wo7TkPmUiUiO1dsvHwIDLXkabY7WfOenA4/2zbHk2B26nMQVXaaHKwasxBFtTrxRknphUFlsOIIlY6RtCuu0yJMVxD+DOTzTyi5Mk1nLB99Mqfv8SQIa/7+R3phAuFf+idxGxKZQUSwNwI5AP8EgzC968mWCVML8pI117huJ7eNI1MqtbXW0JhZe6rzXZH3nE2lG5DQCQpUe6uQdLtM+k7el5vqJprW7mV2XYrBw88qRfHpSSgv9yGUfEy7M248muQwoK0mq4cLKL15L46CfOaqzW9dt8kMcJ5FuwFJB5Wx3+F7saEX3B/H3RB+b7gFEL81Xv4lBRiao407oJSmBQ3mKOWgyvhC2YyeieHFLljtYST5dfdXxZS28e6CArUb0JvQJTY2fbNvQc5uURHkHlTvWa+KCXkwl9gvGZHJRmQO3Ydtn8yjLS+YeAqLp6QFe2kPnPWjlVw5lzVmi58SNtqB8VchhXARta1qSStphADaysNWgIh4hEZ0KV5C76b6UDqSLuAFtKDUlKwaXCTg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(396003)(366004)(136003)(376002)(346002)(39860400002)(15650500001)(316002)(4326008)(86362001)(9686003)(110136005)(8936002)(55016002)(478600001)(71200400001)(8676002)(54906003)(186003)(33656002)(52536014)(26005)(19627235002)(122000001)(7416002)(6506007)(2906002)(53546011)(38100700002)(76116006)(66446008)(66556008)(5660300002)(66476007)(64756008)(83380400001)(66946007)(7696005);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?31iykNrtY2jqO7FEqK9QXrkxmjGEButTrWjv5l6jyDZk5UN91ebXn01IxB5m?=
 =?us-ascii?Q?Ttaj1XPRsr943IccBMTuhYx08GTpMKyNp0BUsdsLB3l/BTmCNvxrMyhK6hNU?=
 =?us-ascii?Q?cv3N8cVJ5HgkpYPvxc0dQcLTZXySxgrPcCZeUiNWBOGfV2z58xR/KNq/6djx?=
 =?us-ascii?Q?r62mTbXMjGnCw1sWCGTh46MiUmS00su3IDEUiAkYlmDziQr++rLykC0AND/e?=
 =?us-ascii?Q?+AlOAqWJcKFEEYJozozBdof6e0Cx4QdxXxjMGCeDKe3JDbEakhelS8Pf9Q9g?=
 =?us-ascii?Q?wb355d/GQZ7bCca9Bi8DnGAgeizY/azP/5d2rYxjLvQdbCIBadb2j6yRzoE2?=
 =?us-ascii?Q?+PxObHwMoHbK6Xa2HYN+xuTxmMWjwcKytrQEc34Icol2+ulWY/pCTs2Oum6J?=
 =?us-ascii?Q?SEQ2V6ys/NbvtZiSFGJZWF4x4qo5Yeof2mxFVn4SizacsheGSFXQBXzGhMw2?=
 =?us-ascii?Q?VK3w6EhJjg3Axgs50rEE0xYgTTm5t01srt7WA7boFTfj/AkrerMPf3aeRZNp?=
 =?us-ascii?Q?HGw2ILQszHSYKHx7bMjYNXKh1lKy4djUsaL3K4sAiV+jaO8dNy7RnypZZXAF?=
 =?us-ascii?Q?zFhPxngR8w5KDNlL4cK9ipNrdyQJdXabDl3ANi+DFkymrL1mjSa0Kz8iLLK8?=
 =?us-ascii?Q?Ok8ipy2Z6IXJOL4BBLlWg+WdG/vK6/2uvO8uo6rUBUBltXqAap7d5b4IxFCA?=
 =?us-ascii?Q?Mi01xQJfhRiYsrlZFIUPT0ZWUZSiPDhDbPMe5FHe8N+8VMrse7mWaJtFtNQ8?=
 =?us-ascii?Q?EM6cU/909n5lXyiSG1hk8HWT2fLwUpSlxc/2H1KLrG/HwJwY+xZiRnJeRB8g?=
 =?us-ascii?Q?PS6QJwcOfC26DdPMSQ3W1m9NVkrhEj4Cls4/pQStNhFX90edIRy2+3n2Ut5r?=
 =?us-ascii?Q?Wlmr228drEiHhAvz/VVqTAbI0oZPAg1JfdApP6w9uze9sA0oRC/kyHnrI9yh?=
 =?us-ascii?Q?w/ogu9sUMWDb5r4r4H7SPfpzZzuK3+gyIhTsiwOONBsAiIHmzk9zfu+xvsDy?=
 =?us-ascii?Q?iwkO3DgY1zPKqe5/+S/zM+vNJWlV7Bzp6lFiHvU6wPcMB5KN7inJM99jaJXO?=
 =?us-ascii?Q?ek+szMRf0C4snpicKKm0Fe3oXy+yrLYwWA7XWo+UHD/cXFcMXJejbjmTfxgm?=
 =?us-ascii?Q?rziJ3WD5wEKwDE1adOj4MLVB4weYEBIA+tEreYWLtXGty3ymQdOiRsIWid5w?=
 =?us-ascii?Q?MmewVkWt9tsboi3nFLHAPTgLQvXOn52UpdjEaPZNYflXz8QGaeWguqCE5NDi?=
 =?us-ascii?Q?6GIGbcr6cfsmTgnrUrcRbUOkZxL/UBa64iG8U3PrQvx0tn8nheJtO2bPBjgN?=
 =?us-ascii?Q?16qXE0Lzf4QKLXPVDKBzX3+5?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bc60f753-d0da-473b-5c97-08d9407534a0
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2021 11:57:18.6010
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b9cwZFuMmQWBwFkQYjrLek/GUpjwTU8cSLJd4UQbla9pRBWZfvsEBWPuJP2reMBMrXRfuMdcZgDDGgWJFzKATA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4981
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Grzegorz Bernacki <gjb@semihalf.com>
> Sent: Thursday, July 1, 2021 5:18 PM
> To: devel@edk2.groups.io
> Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj-
> Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com;
> upstream@semihalf.com; Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>;
> lersek@redhat.com; sami.mujawar@arm.com; afish@apple.com; Ni, Ray
> <ray.ni@intel.com>; Justen, Jordan L <jordan.l.justen@intel.com>;
> rebecca@bsdio.com; grehan@freebsd.org; thomas.abraham@arm.com; Chiu,
> Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; gaoliming@byosoft.com.cn; Dong, Eric
> <eric.dong@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Su=
n,
> Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>;
> graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Grzegorz Bernacki
> <gjb@semihalf.com>; Sunny Wang <sunny.wang@arm.com>
> Subject: [PATCH v5 09/10] SecurityPkg: Add new modules to Security packag=
e.
>=20
> This commits adds modules related to initialization and
> usage of default Secure Boot key variables to SecurityPkg.
>=20
> Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
> Reviewed-by: Sunny Wang <sunny.wang@arm.com>
> Reviewed-by: Pete Batard <pete@akeo.ie>
> Tested-by: Pete Batard <pete@akeo.ie> on Raspberry Pi 4
> ---
>  SecurityPkg/SecurityPkg.dec | 14 ++++++++++++++
>  SecurityPkg/SecurityPkg.dsc |  3 +++
>  2 files changed, 17 insertions(+)
>=20
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index 4001650fa2..e6aab4dce7 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -190,6 +190,20 @@
>    ## GUID used to enforce loading order between Tcg2Acpi and Tcg2Smm
>    gTcg2MmSwSmiRegisteredGuid         =3D { 0x9d4548b9, 0xa48d, 0x4db4, {=
 0x9a,
> 0x68, 0x32, 0xc5, 0x13, 0x9e, 0x20, 0x18 } }
>=20
> +  ## GUID used to specify section with default PK content
> +  gDefaultPKFileGuid                 =3D { 0x85254ea7, 0x4759, 0x4fc4, {=
 0x82, 0xd4,
> 0x5e, 0xed, 0x5f, 0xb0, 0xa4, 0xa0 } }
> +
> +  ## GUID used to specify section with default KEK content
> +  gDefaultKEKFileGuid                =3D { 0x6f64916e, 0x9f7a, 0x4c35, {=
 0xb9, 0x52,
> 0xcd, 0x04, 0x1e, 0xfb, 0x05, 0xa3 } }
> +
> +  ## GUID used to specify section with default db content
> +  gDefaultdbFileGuid                 =3D { 0xc491d352, 0x7623, 0x4843, {=
 0xac, 0xcc,
> 0x27, 0x91, 0xa7, 0x57, 0x44, 0x21 } }
> +
> +  ## GUID used to specify section with default dbx content
> +  gDefaultdbxFileGuid                =3D { 0x5740766a, 0x718e, 0x4dc0, {=
 0x99, 0x35,
> 0xc3, 0x6f, 0x7d, 0x3f, 0x88, 0x4f } }
> +
> +  ## GUID used to specify section with default dbt content
> +  gDefaultdbtFileGuid                =3D { 0x36c513ee, 0xa338, 0x4976, {=
 0xa0, 0xfb,
> 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } }
>=20
>  [Ppis]
>    ## The PPI GUID for that TPM physical presence should be locked.
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 854f250625..f2f90f49de 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -259,6 +259,9 @@
>=20
>  [Components.IA32, Components.X64, Components.ARM,
> Components.AARCH64]
>    SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> +  SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
> +  SecurityPkg/EnrollFromDefaultKeys/EnrollFromDefaultKeys.inf
> +
> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys/SecureBootDefault=
K
> eys.inf
>=20
>  [Components.IA32, Components.X64, Components.AARCH64]
>    #
> --
> 2.25.1