From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.6971.1622033801431138055 for ; Wed, 26 May 2021 05:56:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=UUJPeqbh; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jiewen.yao@intel.com) IronPort-SDR: ThB18LifIPtSPi5vcxgr9ppHpQDP7lTqkWFk+8YO/2LKFA9hloqDpZSFmIz3KxaleWQPtCKnsK zRtkFJCNA+Dg== X-IronPort-AV: E=McAfee;i="6200,9189,9996"; a="189576696" X-IronPort-AV: E=Sophos;i="5.82,331,1613462400"; d="scan'208";a="189576696" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 May 2021 05:56:41 -0700 IronPort-SDR: OqZpEmf69yxbacgbpEZtdUfy/v3FrS+iaUQz9iuKIN532EDNB+4Xsv/WoAvShRgEF+FyzG8bVI kQ+LoMuMlYgg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,331,1613462400"; d="scan'208";a="464788335" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga004.fm.intel.com with ESMTP; 26 May 2021 05:56:40 -0700 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 26 May 2021 05:56:40 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4 via Frontend Transport; Wed, 26 May 2021 05:56:40 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.177) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.4; Wed, 26 May 2021 05:56:39 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SDsboU8uR+MQsy4ztgv9YZumAsTkAin3Dgw2COyvMQbI1oPdKwE3ok7r6IXXGxLJ0l6ZHLN0kAQgejJE9gNWEKGHR6CRS2p25jeDzCv/9Te6sWkt8gCxnw2GZUPyJiwQSI1qx4AcNa1VN6vOkCpgA3i2qTO+rSIubAnv9wQ57dgv9hn7xEE3mVl0AMn23cMQJ2S/wsaN1txT0ph1noGTwnNO6QtcWAn2xzOZaCVEPeVvI+RINDDMNln+oS8xSvLZWLZKNgF6sS/uwEy14awjbxB87Fic4bff8j8wMcB74VlVlgSxc8P7MrJc+zcWXc69egbTb0o6XEq4PAR9b2rZgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n7UrSzTyBteOvCF4ODl5fgokwNBitkjUR1ifkbLgs/A=; b=f64/WOM2ibssNwRMLZmowCqTKy+AIymQ/g0zz+GI62CuRjrQ2KEynOjwQEFq7/Y5b6FX/uyfk1T85E0Y84X646C2FOErXlUz5AallVaHRaRwUuiCQGy/es3uPPaXFdnARI8sSL1C/SC/CF3+1JJ/Dhp3QCAK5EDaFqpxbwlU/9ViwB/aqlHwqPaMgRusR/piT/ZoKZOrY6dRaJouahkvoT0RF3ibdxPeMJhHC2/bWwo48IBOtZAeGxxFqXf8yRY8jKO52m7bcGVFDXpvCOYiqA31mUX1qQxwRIN6SL+SO9u5CUvvPKpZMfCNA+lszfMjyept0nhAPN85ylk14WS5kg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n7UrSzTyBteOvCF4ODl5fgokwNBitkjUR1ifkbLgs/A=; b=UUJPeqbhZ1sSoUkcyjW7++0IzKtTRP+ArFX5mZzD+WFIcalBnipBFEHpHxEmfHuYJTf+NHIWxwWt6gJ2vGZOj24BdnPfyzmSGEe4eWWU4cOU/Sy8NOrU4RtN4APvsA6mv0nORwO4jejvrxJpE/buZ13BlfYDjJvlPGpwhiuWV30= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5157.namprd11.prod.outlook.com (2603:10b6:510:3d::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.23; Wed, 26 May 2021 12:56:38 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::547d:4eb3:f37e:dac4]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::547d:4eb3:f37e:dac4%7]) with mapi id 15.20.4173.020; Wed, 26 May 2021 12:56:38 +0000 From: "Yao, Jiewen" To: Grzegorz Bernacki , "devel@edk2.groups.io" CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , "Samer.El-Haj-Mahmoud@arm.com" , "sunny.Wang@arm.com" , "upstream@semihalf.com" , "Wang, Jian J" , "Xu, Min M" , "lersek@redhat.com" Subject: Re: [PATCH 3/6] SecurityPkg: Add SecBootDefaultKeysDxe driver Thread-Topic: [PATCH 3/6] SecurityPkg: Add SecBootDefaultKeysDxe driver Thread-Index: AQHXUhOF4Wh9gA1utkOfjKRHH7Aldqr1uN8w Date: Wed, 26 May 2021 12:56:38 +0000 Message-ID: References: <20210526094204.73600-1-gjb@semihalf.com> <20210526094204.73600-5-gjb@semihalf.com> In-Reply-To: <20210526094204.73600-5-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d640bc65-e4cc-49d1-32d1-08d92045b3a8 x-ms-traffictypediagnostic: PH0PR11MB5157: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:226; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: D4xZ+fXYpA879XRLKdmImyjWvmMRiWeeyqk7O2TwBA9eRHnw8UIRIY+im/YiAqhUmBFlwZjdkSn7nvasrd8V7w0JZqbYzF2C355JyPAzfY7UpDO2lhVeI45HEug9dKwlBKx8EdFIScqjqu7MKqfihsq3/SaLMsNU56eL+hUUDWZ2mg1vUwmZLHNutyvG8LShfEu6L9+OMHKeUhyRHchmGLmdUmThN7/RE5d8WSxELQD58SMvdey34GbAwe9wNznrZyJCnB11pV7ZGI+fAZoBdQSFVWxzZhlkwSpv5qLgfuNAB0dk9rOWzGlCDhvSZm84IyBoYczMGYiZTTUUbLUAHZvRrlFrOIt7Rb5OP4NfsqKkD96h6Vhzzeb4HjAdxnSqCU3zLP9A8QXDPDdqNQo1Hzw1IW65h3+wQIeQHbagDwQuFPythA5EkygT/wOgh4WObCkQ5LWLFeJBpG8y2kZehjAci55wVswKLDgIR8OM6utfQimYfexxG2xVXuA75mME6rmU+xfUXBsRpPFFBwKT4bOT+icPg4Xuae0yfrCc64c94sdCgQ6LIV8JjqicNNKWm3u237uJzguAgP7mDHDdxHZwbjX6jAtLsgkHu95SmHDqDfMkvZ3r+gkUJmASwRxCYkI2h4w0UaI/2nHdFgYghw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(346002)(136003)(39860400002)(396003)(376002)(26005)(478600001)(186003)(4326008)(86362001)(66446008)(110136005)(6506007)(54906003)(83380400001)(53546011)(33656002)(122000001)(15650500001)(7696005)(66946007)(52536014)(38100700002)(76116006)(8676002)(55016002)(5660300002)(66476007)(8936002)(2906002)(316002)(64756008)(9686003)(66556008)(71200400001)(213903007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?mmYrkossveb0qxDBZM27T1gqDeunZ6CH7+DTmc1jeKzEUDISq8C/c+aqq0U2?= =?us-ascii?Q?nPUwWm43bpjb/gKY6YJD5XAyQ8kZufSZSFyu6Do0YYKh4neyyowIsfeafHQ4?= =?us-ascii?Q?5+jsfB4kG7tqLKwwa7Av2ktDLzabtgcMBK3lvJgYtOL1zjn2mo6Yube6cQYb?= =?us-ascii?Q?Cbn9I5lDGsKevTpHJbG6QhUaygiNbYfH9NZ73GTfkSfSXAfZalYFqkeXxfUT?= =?us-ascii?Q?ZciOF6E7gcCGRvolKhSGd/EADf77m/luEMOBXuMIcYC/6XLa0BDdjSvRCKBi?= =?us-ascii?Q?6P8oCgSaR+4WQDhrJqKcARSWkTGfUYfMnBpL+sWjTrWpzhvlaQwniYINJJT0?= =?us-ascii?Q?P0NftHIyK+4FZHjVkCNqwM8MXtY+m1kWv8jGEA3xHSXOb8mWU39y7wM8fR/b?= =?us-ascii?Q?s6ebSstIIIC6e2JOIUnjCjqn9PlT/P73pEYRq3lCZaDvCME4uVQ1DnQaaT4Q?= =?us-ascii?Q?WV5hkIxs4J1EIRxf6RUlCwtWAW3cCbQNIlnRbQCb9R/J/HS9y/f185XFJv1+?= =?us-ascii?Q?pgO0F/s+yk1vond99bslqzRJp4K1y2Sh5s1JVz8GzRCbJmHDnGMw/RAyRzp5?= =?us-ascii?Q?G9sxQmHnX1PgUOzHOkC8dt4uDdfBTemYXUiAD9+9hDSlkOj0cE5WTFqR/XQ1?= =?us-ascii?Q?lL2qHTrnUNvmhmU5BWPAHrYAb4jiztWvduF7bc8f6m9ps66JCsDffhuX8JxT?= =?us-ascii?Q?oU1Y9ad/engbPky9jkqn1VO+NTcCT3k0vgcpJ5sR/h3IulkOp4KSxHAAx58+?= =?us-ascii?Q?HvNFZAzApglJUOthcU0w6mZsHomWAJS7lIp9Bav9Z3NLG+RbnGIZO777qrXL?= =?us-ascii?Q?UAfVGt1+V839Ibb6spS20l4YT/AYR2Gzu5W004zo+lWR7Dzid7bmGJ+eHxv7?= =?us-ascii?Q?Enk5/Fvq/NlIK9d2VEQlidKmpF07KDdmrPkxuwZyp1BEPuWSzuwvW4XJlOfs?= =?us-ascii?Q?NI9H4uI0+aELpVfn7ddekzt6oq0K6JVLaN1g4RM9ZAC+JrMnf5SnBnRYf81m?= =?us-ascii?Q?acyaZm8AQmPxiHFHibHUA0/V8HOPaDrGAPdFGn11pEKhjxz9+hCwq/FczKlP?= =?us-ascii?Q?ENH2x4QdvzfvDI5WyGYHW0K7aoFgdBn4b3plm8G+dZYbryg6ZkiXJsznsMVU?= =?us-ascii?Q?8EWLxLaYlzZwLxyihr5ej8noPGWqNWjFxEHhAC+wBawU8GZwgGx+mT34im10?= =?us-ascii?Q?oW5bDcA43r69YlHuisWg0/XBAKDCUjNg7HQouC27Sa3/BLOwbFrwU7scz5NW?= =?us-ascii?Q?R911W5QSrV+MRd/dI7q+3VS8q9u+aiRnlrBK5jC0WrzcaY6InyEbm/HJSrX+?= =?us-ascii?Q?SzWZqYOSI2f4bCTYwVSWxQnC?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d640bc65-e4cc-49d1-32d1-08d92045b3a8 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 May 2021 12:56:38.6860 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: kJmZYtBNW6x2vjXlrg6a2P5crg9GVay5A+LZ3bNt+ErA0KxKR83ttuA8mQO6vift/DmCG9bkKAFrsEnyHB7R5A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5157 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Similar comment, s/SecBoot/SecureBoot/g > -----Original Message----- > From: Grzegorz Bernacki > Sent: Wednesday, May 26, 2021 5:42 PM > To: devel@edk2.groups.io > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj- > Mahmoud@arm.com; sunny.Wang@arm.com; gjb@semihalf.com; > upstream@semihalf.com; Yao, Jiewen ; Wang, Jian J > ; Xu, Min M ; > lersek@redhat.com > Subject: [PATCH 3/6] SecurityPkg: Add SecBootDefaultKeysDxe driver >=20 > This driver initializes default Secure Boot keys and databases > based on keys embedded in flash. >=20 > Signed-off-by: Grzegorz Bernacki > --- >=20 > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKey > sDxe.inf | 46 +++++++++++++ >=20 > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKey > sDxe.c | 69 ++++++++++++++++++++ >=20 > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKey > sDxe.uni | 17 +++++ > 3 files changed, 132 insertions(+) > create mode 100644 > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKey > sDxe.inf > create mode 100644 > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKey > sDxe.c > create mode 100644 > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKey > sDxe.uni >=20 > diff --git > a/SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultK > eysDxe.inf > b/SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultK > eysDxe.inf > new file mode 100644 > index 0000000000..28e197ca2f > --- /dev/null > +++ > b/SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultK > eysDxe.inf > @@ -0,0 +1,46 @@ > +## @file > +# Initializes Secure Boot default keys > +# > +# Copyright (c) 2021, ARM Ltd. All rights reserved.
> +# Copyright (c) 2021, Semihalf All rights reserved.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D SecBootDefaultKeysDxe > + FILE_GUID =3D C937FCB7-25AC-4376-89A2-4EA8B317DE83 > + MODULE_TYPE =3D DXE_DRIVER > + ENTRY_POINT =3D SecBootDefaultKeysEntryPoint > + > +# > +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 > +# > +[Sources] > + SecBootDefaultKeysDxe.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + MemoryAllocationLib > + UefiDriverEntryPoint > + DebugLib > + SecBootVariableLib > + > +[Guids] > + ## SOMETIMES_PRODUCES ## Variable:L"PKDefault" > + ## SOMETIMES_PRODUCES ## Variable:L"KEKDefault" > + ## SOMETIMES_PRODUCES ## Variable:L"dbDefault" > + ## SOMETIMES_PRODUCES ## Variable:L"dbtDefault" > + ## SOMETIMES_PRODUCES ## Variable:L"dbxDefault" > + gEfiGlobalVariableGuid > + > +[Depex] > + gEfiVariableArchProtocolGuid AND > + gEfiVariableWriteArchProtocolGuid > + > diff --git > a/SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultK > eysDxe.c > b/SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultK > eysDxe.c > new file mode 100644 > index 0000000000..a68dc2571d > --- /dev/null > +++ > b/SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultK > eysDxe.c > @@ -0,0 +1,69 @@ > +/** @file > + This driver init default Secure Boot variables > + > +Copyright (c) 2021, ARM Ltd. All rights reserved.
> +Copyright (c) 2021, Semihalf All rights reserved.
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +/** > + The entry point for SecBootDefaultKeys driver. > + > + @param[in] ImageHandle The image handle of the driver. > + @param[in] SystemTable The system table. > + > + @retval EFI_ALREADY_STARTED The driver already exists in system. > + @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack= of > resources. > + @retval EFI_SUCCESS All the related protocols are installed= on the > driver. > + @retval Others Fail to get the SecureBootEnable variab= le. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecBootDefaultKeysEntryPoint ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + EFI_STATUS Status; > + > + Status =3D SecBootInitPKDefault (); > + if (EFI_ERROR (Status)) { > + DEBUG((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + Status =3D SecBootInitKEKDefault (); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + Status =3D SecBootInitdbDefault (); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + Status =3D SecBootInitdbtDefault (); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_INFO, "%a: dbtDefault not initialized\n", __FUNCTION__= )); > + } > + > + Status =3D SecBootInitdbxDefault (); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_INFO, "%a: dbxDefault not initialized\n", __FUNCTION__= )); > + } > + > + return Status; > +} > + > diff --git > a/SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultK > eysDxe.uni > b/SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultK > eysDxe.uni > new file mode 100644 > index 0000000000..30f03aee5d > --- /dev/null > +++ > b/SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultK > eysDxe.uni > @@ -0,0 +1,17 @@ > +// /** @file > +// Provides the capability to intialize Secure Boot default variables > +// > +// Module which initializes Secure boot default variables. > +// > +// Copyright (c) 2021, ARM Ltd. All rights reserved.
> +// Copyright (c) 2021, Semihalf All rights reserved.
> +// > +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "Module which > initializes Secure boot default variables" > + > +#string STR_MODULE_DESCRIPTION #language en-US "This module rea= ds > embedded keys and initializes Secure Boot default variables." > + > -- > 2.25.1