From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web10.5427.1622793780646355976
 for <devel@edk2.groups.io>;
 Fri, 04 Jun 2021 01:03:00 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=FFcP8Ky+;
 spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: min.m.xu@intel.com)
IronPort-SDR: KFvV8H/eY7Pck5UbbDO7eDD5o5AHjvo38qUtLrUm4DG6YqppRwbzt5OzXZQFjiAW2CtX+vriZV
 yXvcY5sa/8kA==
X-IronPort-AV: E=McAfee;i="6200,9189,10004"; a="265411153"
X-IronPort-AV: E=Sophos;i="5.83,247,1616482800"; 
   d="scan'208";a="265411153"
Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2021 01:02:59 -0700
IronPort-SDR: p87BxEBK2TFlQfZRSY8TRWDijRC43YuCsDyiIgwIUbWo32w5NI3ge3D88RH9Mh230A7Psanla5
 WZ+uJUPdLLnA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.83,247,1616482800"; 
   d="scan'208";a="417683307"
Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17])
  by orsmga002.jf.intel.com with ESMTP; 04 Jun 2021 01:02:59 -0700
Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by
 ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.4; Fri, 4 Jun 2021 01:02:58 -0700
Received: from orsmsx605.amr.corp.intel.com (10.22.229.18) by
 ORSMSX608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.4; Fri, 4 Jun 2021 01:02:58 -0700
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by
 orsmsx605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4
 via Frontend Transport; Fri, 4 Jun 2021 01:02:58 -0700
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.173)
 by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.4; Fri, 4 Jun 2021 01:02:54 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Suvpu6bYY8MwRhVHrS06rCjnou2bAD4Uqxszxi7BwLX3V4ECelkjE9AUcYVhNO34vpotuoVCk5lchwhaSVW+jfkDsjwjHwV6X/tS+S35FD6ePM+vFX+/crW6uiD49RAriSOULhjS9N1be6P4VinhWz2cQZTX3XWPodatdEhxsJjj55TnlP2AlIleHJR9w4/Vt6aqkDFpz0HbGrqnc999TsYa4y5gPrXfTj6z4AfWHQepH1LIEPZqnQV8ok3hEYur/dLSUxR3ak2IBjBXxMvKK+WRBrY1iD3/r9S7q4YMnZ6V8N7VAhNT6XAca2VG1PL5lg7uw4y4KPIC2rPFGAhhlA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=0jujoRj2EuPTBUv5LkpwOUFiCoit6F7Q09K7j78Rt5k=;
 b=LpI4t5TJVDKUoYry+ZctJbQB70gVI8EAFalhmF75UVQPDuEjslTe269Lk0Qib2zh2Nhq2VFQ7U3KxdmQDFKnVokUOvJISCmCUoBCB3SI5HtMRW2/pXaEFY1ApmA2Cl8JkHHOGYpNHetto7aiAywe5KS/Cst0j3M7Uw5zCZ95Opz2rE2Mv1aMO47kz3ov/rTBJ9xQT0wD6TEYRs7vuiq0wT8chLYiASbccghcXz3pKsBoQuSOT5UpeOo1pRZbVWvCJFFXw3fXnyXcv2JV/LofoVOnmLSX15Cp2Bj3dAw2YBEk9B4F9oYWp68byDV/6Wz9z3gWe5GLFx+C17MZjA2bgA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=0jujoRj2EuPTBUv5LkpwOUFiCoit6F7Q09K7j78Rt5k=;
 b=FFcP8Ky+b46JHm4NrtSsYE0lBactlnTrhZjORgE0pS2t9UZDWWAMPl1GS5h7w2a2i8FH5t62M24v4f/8fdZUsHmtIQyXUqoiP+WafT1PgPToWX8QTn066veNR0BPk3912mqkf15DCNaJqyM/gwEENy+ghI4EtX9wATe6aEV4N8w=
Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15)
 by PH0PR11MB4901.namprd11.prod.outlook.com (2603:10b6:510:3a::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.24; Fri, 4 Jun
 2021 08:02:53 +0000
Received: from PH0PR11MB5064.namprd11.prod.outlook.com
 ([fe80::b4be:3994:dd4d:7b9d]) by PH0PR11MB5064.namprd11.prod.outlook.com
 ([fe80::b4be:3994:dd4d:7b9d%8]) with mapi id 15.20.4173.030; Fri, 4 Jun 2021
 08:02:53 +0000
From: "Min Xu" <min.m.xu@intel.com>
To: Grzegorz Bernacki <gjb@semihalf.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "leif@nuviainc.com" <leif@nuviainc.com>, "ardb+tianocore@kernel.org"
	<ardb+tianocore@kernel.org>, "Samer.El-Haj-Mahmoud@arm.com"
	<Samer.El-Haj-Mahmoud@arm.com>, "sunny.Wang@arm.com" <sunny.Wang@arm.com>,
	"mw@semihalf.com" <mw@semihalf.com>, "upstream@semihalf.com"
	<upstream@semihalf.com>, "Yao, Jiewen" <jiewen.yao@intel.com>, "Wang, Jian J"
	<jian.j.wang@intel.com>, "lersek@redhat.com" <lersek@redhat.com>
Subject: Re: [PATCH v2 3/6] SecurityPkg: Add SecureBootDefaultKeysDxe driver
Thread-Topic: [PATCH v2 3/6] SecurityPkg: Add SecureBootDefaultKeysDxe driver
Thread-Index: AQHXVuffh1Eo58YUV0eHY+g57tfCIasDgKeQ
Date: Fri, 4 Jun 2021 08:02:52 +0000
Message-ID: <PH0PR11MB5064538F4B53169D7609F321C53B9@PH0PR11MB5064.namprd11.prod.outlook.com>
References: <20210601131229.630611-1-gjb@semihalf.com>
 <20210601131229.630611-5-gjb@semihalf.com>
In-Reply-To: <20210601131229.630611-5-gjb@semihalf.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.5.1.3
authentication-results: semihalf.com; dkim=none (message not signed)
 header.d=none;semihalf.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [192.198.143.25]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3b5446b8-c407-4ad9-eeb7-08d9272f27d5
x-ms-traffictypediagnostic: PH0PR11MB4901:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB4901AEC45B98C9F30104E28BC53B9@PH0PR11MB4901.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:196;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1n388I0TWpLgQp73S7plx3jDWFbv8novdlcsukcNq7y+JOdD+ZznJQAHz9/qeY+YD9oUGsSmnXdoawU3AAPJupoOy5WYeWs8aIG0uLfrz1DJbwwvorwoU6pnJ5WZlQHfGxm7aU5JpmuoaD15hhquvb7mJ9/aHmczcOvmmOgUiCAivkj+gPI3qmHRciNCbWWFqlal6ce+5bYmqb600+aZXQEyl3cmy5MEes4wakUJInq+ltaYhbMJQXema+gH6JxOBr3jc9+tvLEAh+wC1GGQeAGPfODdV6lOccl7QDYxeflx2xLk8/GZfuQukuNlPUW6BDSPO0CZ8zFI4R56Xj2/iaY3Uys9DAr3qciOgKbVrTtAJaFSG5+6bDITHHgRBw5u1klgJqEi3HMhxguuGnbD6HkS+sW8KHHKR9TgmtOAqpV66LLUnsCN8+2K6vTqUp255+itghK+anbaKdQ1AmXHdbky1TwC8QCPWqMFG3oNlZoXCbu1L7ChqH7TRFMjt569kSJxQ/m0awcEEVpG9R5hSfVRi9k5UgkqaMtkqCmpMg/V1QDwdKN/UfgawuQuHdfeKic8P9px+TIXbAwLhVQ2KqmBWo6vOVrK0daX5jS6QSFI+MrnOI7gFfpqqDMSGCkxnknAv+KYAy7lwhVUzIdLxABSIV2hieAZgqjVCpelD9g=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(376002)(366004)(396003)(39860400002)(346002)(136003)(26005)(86362001)(5660300002)(55016002)(2906002)(8936002)(122000001)(186003)(8676002)(38100700002)(64756008)(66556008)(66446008)(66476007)(316002)(76116006)(66946007)(478600001)(110136005)(6506007)(33656002)(54906003)(9686003)(4326008)(52536014)(71200400001)(7696005)(83380400001)(15650500001)(213903007);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?jzkUfp7PPx9TvzmRfHHtuetCxKI+xDlspvw/ju/5+Yf8XpjlQ3UScqHP4QVe?=
 =?us-ascii?Q?r76ViWMJ37++DJPI+H6VHeEHxyURl8ga0zhlD8tUyonqPIcaa4JDXOnZ8Cbu?=
 =?us-ascii?Q?6ApcMzER5Rki6/TPPAmJN+Gg0XFKfh2tWCl9CmwJvKXP45dJIv5FV8z9IwOY?=
 =?us-ascii?Q?fH7eAOU+xkYlGK7awJTVAE/wT1grhWZFpQ/3hkB7KwWdAHM/sjt7J3eJcLJV?=
 =?us-ascii?Q?u8swi3wdhZ25kawI04ByFo1mXvM9J7jUytLG4aR8r4Am4FIOwJ+BpC2bC1aS?=
 =?us-ascii?Q?DGG7BDK7h2xwzfCPxYo+d1pH9f00+6eqCIw0IfsQRkrsw3K/osrxLnq8lsfn?=
 =?us-ascii?Q?LzE+tsmapc50OoznLiCI46AFfKhlIPSHM+y+h5km582m8klGpjt8Cj5MDLn8?=
 =?us-ascii?Q?ZLAyRboqbrl/2mpwY+M2S9va5XRhnVu83xtM2F3lXMaVALAWbOoho2Ryv6NI?=
 =?us-ascii?Q?A6nXcSSl7RlUDjRD5sBTJojBgmAJdL1T8qL9BdUUHEKI4LfrvtMnJvctEwy8?=
 =?us-ascii?Q?0G4tWc8KBOQRlve9PHrYYXU2z9KEiYDKFs+g/rwumoFw8Ros7Lp2iOb+IilC?=
 =?us-ascii?Q?xmcka859lc6jpxcrZBt7oxCh8y8jZVP7Dua53nlTojsNSfvyra6tSf6esV/9?=
 =?us-ascii?Q?5FiiS37kVq8X5RsGvw1Vdn23V1CEpce4khAWE2QuI7+gfXh/s1O9xfYKf2P2?=
 =?us-ascii?Q?pe+MkpyYQ0mr9uuL2O1NmLtkKur3rtQJR/SESFq0UB6oyNWAgng0t4VVgtV4?=
 =?us-ascii?Q?ZjdcguSoZvnfw68568T8KvcBJ9xOlk0L5B0HElj+3zpEF4eaWKvGcEJmGHSU?=
 =?us-ascii?Q?eQjuDGnLZSJpikxblYVMXOvlf10qo5HvnoD/Rlry4U2Tn9pdIuBlJakoU+Q+?=
 =?us-ascii?Q?g0/aUqNn2P2WaNEMvMQ4HqobVgJx6djEm+CxLqAQMbsrzZsnvpQy9jc90h9w?=
 =?us-ascii?Q?MWQSks7ZOEWkoS4eh5xXge4lg0Sa5yFCncE7pSK6+ghsh8Kq4Pj06nJ8a8nO?=
 =?us-ascii?Q?lqul/e7yljzjt1vks1o/U4dvwc4iBPwUXj1++5/+bi9VZsMyFVVMZQtosvpe?=
 =?us-ascii?Q?9fe9bMiybxPYzzdmzzvJl++4P4lUlb13dKw1eXgIPiximiOquxrRYdieS45b?=
 =?us-ascii?Q?maqQLNu8XpdDzBlbtmkUNYpsKNeDc6Na+3WNEDfM4BuZTqsx1R4Fi6rejzSA?=
 =?us-ascii?Q?145IPOMX3r9xGi6tbEl8TtX5z6O0oLY6fI4dKa6v5OdKhFV8xqN8cAPGb1Ck?=
 =?us-ascii?Q?BI7YqVuGdDZLbo9Id3Ps6coB5tl6dcexPQfiVAsYs4jzbqElkmPFT6tXh7PW?=
 =?us-ascii?Q?aa0PC10iNeu/PmKSpZaCLzL7?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3b5446b8-c407-4ad9-eeb7-08d9272f27d5
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2021 08:02:53.0094
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8JENF5siH8O1eYGpqOtvqUWZLgY01g1mePiOps1TLF6yQGOQmAckyyJSO/1MlUITmCHA9UuUSekEFVYaHfYi5A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4901
Return-Path: min.m.xu@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

On June 1, 2021 9:12 PM, Grzegorz Bernacki Wrote:
> This driver initializes default Secure Boot keys and databases based on k=
eys
> embedded in flash.
>=20
> Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
> ---
>=20
> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> efaultKeysDxe.inf | 46 +++++++++++++
>=20
> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> efaultKeysDxe.c   | 69 ++++++++++++++++++++
>=20
> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> efaultKeysDxe.uni | 17 +++++
>  3 files changed, 132 insertions(+)
>  create mode 100644
> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> efaultKeysDxe.inf
>  create mode 100644
> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> efaultKeysDxe.c
>  create mode 100644
> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD
> efaultKeysDxe.uni
>=20
> diff --git
> a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoo
> tDefaultKeysDxe.inf
> b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoo
> tDefaultKeysDxe.inf
> new file mode 100644
> index 0000000000..27345eab2e
> --- /dev/null
> +++
> b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB
> +++ ootDefaultKeysDxe.inf
> @@ -0,0 +1,46 @@
> +## @file
> +#  Initializes Secure Boot default keys # #  Copyright (c) 2021, ARM
> +Ltd. All rights reserved.<BR> #  Copyright (c) 2021, Semihalf All
> +rights reserved.<BR> #  SPDX-License-Identifier: BSD-2-Clause-Patent #
> +## [Defines]
> +  INF_VERSION =3D 0x00010005
> +  BASE_NAME   =3D SecureBootDefaultKeysDxe
> +  FILE_GUID   =3D C937FCB7-25AC-4376-89A2-4EA8B317DE83
> +  MODULE_TYPE =3D DXE_DRIVER
> +  ENTRY_POINT =3D SecureBootDefaultKeysEntryPoint
> +
> +#
> +#  VALID_ARCHITECTURES           =3D IA32 X64 AARCH64
> +#
> +[Sources]
> +  SecureBootDefaultKeysDxe.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  MdeModulePkg/MdeModulePkg.dec
> +  SecurityPkg/SecurityPkg.dec
> +
> +[LibraryClasses]
> +  BaseLib
> +  BaseMemoryLib
> +  MemoryAllocationLib
> +  UefiDriverEntryPoint
> +  DebugLib
> +  SecureBootVariableLib
> +
> +[Guids]
> +  ## SOMETIMES_PRODUCES      ## Variable:L"PKDefault"
> +  ## SOMETIMES_PRODUCES      ## Variable:L"KEKDefault"
> +  ## SOMETIMES_PRODUCES      ## Variable:L"dbDefault"
> +  ## SOMETIMES_PRODUCES      ## Variable:L"dbtDefault"
> +  ## SOMETIMES_PRODUCES      ## Variable:L"dbxDefault"
> +  gEfiGlobalVariableGuid
> +
> +[Depex]
> +  gEfiVariableArchProtocolGuid      AND
> +  gEfiVariableWriteArchProtocolGuid
> +
> diff --git
> a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoo
> tDefaultKeysDxe.c
> b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoo
> tDefaultKeysDxe.c
> new file mode 100644
> index 0000000000..0928489e15
> --- /dev/null
> +++
> b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB
> +++ ootDefaultKeysDxe.c
> @@ -0,0 +1,69 @@
> +/** @file
> +  This driver init default Secure Boot variables
> +
> +Copyright (c) 2021, ARM Ltd. All rights reserved.<BR> Copyright (c)
> +2021, Semihalf All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +#include <Guid/AuthenticatedVariableFormat.h>
> +#include <Guid/ImageAuthentication.h>
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/MemoryAllocationLib.h> #include
> +<Library/UefiBootServicesTableLib.h>
> +#include <Library/UefiRuntimeServicesTableLib.h>
> +#include <Library/SecureBootVariableLib.h>
> +
> +/**
> +  The entry point for SecureBootDefaultKeys driver.
> +
> +  @param[in]  ImageHandle        The image handle of the driver.
> +  @param[in]  SystemTable        The system table.
> +
> +  @retval EFI_ALREADY_STARTED    The driver already exists in system.
> +  @retval EFI_OUT_OF_RESOURCES   Fail to execute entry point due to lack
> of resources.
> +  @retval EFI_SUCCESS            All the related protocols are installed=
 on the
> driver.
> +  @retval Others                 Fail to get the SecureBootEnable variab=
le.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SecureBootDefaultKeysEntryPoint (
> +  IN EFI_HANDLE          ImageHandle,
> +  IN EFI_SYSTEM_TABLE    *SystemTable
> +  )
> +{
> +  EFI_STATUS  Status;
> +
> +  Status =3D SecureBootInitPKDefault ();
> +  if (EFI_ERROR (Status)) {
> +    DEBUG((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n",
> __FUNCTION__, Status));
> +    return Status;
> +  }
> +
> +  Status =3D SecureBootInitKEKDefault ();  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n",
> __FUNCTION__, Status));
> +    return Status;
> +  }
> +  Status =3D SecureBootInitdbDefault ();
> +  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n",
> __FUNCTION__, Status));
> +    return Status;
> +  }
> +
> +  Status =3D SecureBootInitdbtDefault ();  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_INFO, "%a: dbtDefault not initialized\n",
> + __FUNCTION__));  }
> +
> +  Status =3D SecureBootInitdbxDefault ();  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_INFO, "%a: dbxDefault not initialized\n",
> + __FUNCTION__));  }
> +
> +  return Status;
> +}
> +
> diff --git
> a/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoo
> tDefaultKeysDxe.uni
> b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoo
> tDefaultKeysDxe.uni
> new file mode 100644
> index 0000000000..30f03aee5d
> --- /dev/null
> +++
> b/SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB
> +++ ootDefaultKeysDxe.uni
> @@ -0,0 +1,17 @@
> +// /** @file
> +// Provides the capability to intialize Secure Boot default variables
> +// // Module which initializes Secure boot default variables.
> +//
> +// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR> // Copyright
> +(c) 2021, Semihalf All rights reserved.<BR> // //
> +SPDX-License-Identifier: BSD-2-Clause-Patent // // **/
> +
> +
> +#string STR_MODULE_ABSTRACT             #language en-US "Module which
> initializes Secure boot default variables"
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "This module
> reads embedded keys and initializes Secure Boot default variables."
> +
> --
> 2.25.1

It looks good to me.