From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.4593.1622703985472517057 for ; Thu, 03 Jun 2021 00:06:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=YKXdlC0v; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: min.m.xu@intel.com) IronPort-SDR: E4rTFMdqjART++pFGy79fKew9xNhhtHlEM14081ZydNGazo2h3whf32W5KoFA7e8VV29QXaJL0 Oez7iCz8MOmg== X-IronPort-AV: E=McAfee;i="6200,9189,10003"; a="203972755" X-IronPort-AV: E=Sophos;i="5.83,244,1616482800"; d="scan'208";a="203972755" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2021 00:06:25 -0700 IronPort-SDR: hjiFkuoTl/e5tex6X1mKOvpdPgeMkKqLJnJbqAs5e1PO3zT72PiDC5QEBGRoVL03oakfcQDTYx 6xwwCygNeuxQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,244,1616482800"; d="scan'208";a="438754711" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga007.jf.intel.com with ESMTP; 03 Jun 2021 00:06:24 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Thu, 3 Jun 2021 00:06:24 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4 via Frontend Transport; Thu, 3 Jun 2021 00:06:24 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.172) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.4; Thu, 3 Jun 2021 00:06:23 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QhNIEwoKEQkAvSD3dLJoUcAYpKr6+4Q9Mbz2LRyI5mCo7WawMcrQHMklOic8QY7PS4k4wIWn1AWQ9gVaBOR2jUIOx2NQa1hZqdxvsLsPPelIYVvtHF9Wy6lM4IEylSR2SEBa+1ygVJFUP8D/wtAvEWuwSIhQdxomdUbjfB/MuveIlXd+vmg6nbaPE1cggK8vndItoi01b8ZPqnuYa9N0oek/qPtXYrCtKuyHZTUGvmDAUAg/eWlMlLvqoTi5cDxkY8ysN0W4fzyPiMsJvgt9F9yEu6Gq/0obC2pPFflYfiUS5qI+QAAK9CpbpyoPO3AKo35JoXNN92AnFHltw64u7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1tezsJOBzGd1hw0G6QeZuw9lmz+ajjN709koKF49B5M=; b=fFDnWJK1ClXW/qgh3YBVBahmVxJ+pyg48M+b9lw8fjJW4VFhnvzR6Fq10sMHTb4nzlwlR8r/Z4qiFHKtx92m7bmqqyQ5/6g2ZeXkbA7jPn8q5SgYO2knPrGQbfncEfTyh02xuq0GWBSxxYiM3nHlGpI4/fuLu480xR7DZHzgxiNl3eELBYsgTyEqggMsZYOE9tqaoTzo167rxATqVmw4mR9cY1HT5l1pq1vsA8e2ZHzEUFJI/IsmjYr2W0C67eEK9/BSiWGisgF9StcFM5MQXS5YYBp8qlaDhfiM5jR2ooPhI1Caa8ymZZ17WODo7rV6cLOP/v6jI8UiTkJeTJ62Rw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1tezsJOBzGd1hw0G6QeZuw9lmz+ajjN709koKF49B5M=; b=YKXdlC0v2vPSU/pdsNPhOQzEuw7NOvhIBBKoR2JiQZv/oZDryF0PEWkBTWp5iJ+V35rNKhpPkoRF7iMjIHqCvqJ26gpqYstwfAYI4UBG3oP6HtTACUY+PPafjfaZmLDhuY47lQYgz78QBq9wf3OmHr9AtAvKIbU25vtXM9C65tY= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4901.namprd11.prod.outlook.com (2603:10b6:510:3a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Thu, 3 Jun 2021 07:06:22 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::b4be:3994:dd4d:7b9d]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::b4be:3994:dd4d:7b9d%8]) with mapi id 15.20.4173.030; Thu, 3 Jun 2021 07:06:22 +0000 From: "Min Xu" To: Grzegorz Bernacki , "devel@edk2.groups.io" CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , "Samer.El-Haj-Mahmoud@arm.com" , "sunny.Wang@arm.com" , "mw@semihalf.com" , "upstream@semihalf.com" , "Yao, Jiewen" , "Wang, Jian J" , "lersek@redhat.com" Subject: Re: [PATCH v2 2/6] SecurityPkg: Create include file for default key content. Thread-Topic: [PATCH v2 2/6] SecurityPkg: Create include file for default key content. Thread-Index: AQHXVufh4MDYLE155kmQ1DR13YjAK6sB3z9w Date: Thu, 3 Jun 2021 07:06:22 +0000 Message-ID: References: <20210601131229.630611-1-gjb@semihalf.com> <20210601131229.630611-4-gjb@semihalf.com> In-Reply-To: <20210601131229.630611-4-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.142.25] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f8f4aaec-5ad6-4870-0f42-08d9265e1886 x-ms-traffictypediagnostic: PH0PR11MB4901: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: TF+sqckxpMNy+XPOMgWU7xsdfFjHZ//bL2shER7lHonoIVNmcVPchAd60bSwhz2u9tXmkvooG9+cT1cvU2fS74ZV29TEKl3dvt6TROmUYx2fHa0W7v+VzSelYmHQ7KemduHyANyfKCoCyNxzaTIa7DBjcwsKu+hQn4V2efb23sAy4Jy6DHdv1j+adIg0qUJqji2zkj9nkx1cuxHsEGCkuneGIOuPq6T0HHUYWgrLc9tI5kHd5GL02Bgn264izldgY2n4PNUu9Qh0hQRX6VlOUYhZjP9KQz6nwh1G7mrhBL/9iihUmOLDpoYK9W7K5HxAgg3Sjdhhm+fQWt7Yledgcc1iFq7ysJJ++Tv2q9dTS13o0LLV99iCzD3orkBEvgJ+TX7FW6wHdmvv342nXmgdjF/AwY6U78ppfcdXLYRirZir5bW52o/kRujf4NN60mElWpyIDJXKBRXHOu9aySTqDSu/4cUYC4l+8SoVxfithLvGeFLBXFYtR1342gN6qrMX76KTQ4bv4yELyb7dNh3dMbhPHhwI5JEhcModFKV5hxhXC4DTBF2Zefbx4cdDMLAY2PwUfNnSAaFuJz+pcdGAnQwd6PHBXQ1fWGej0iOulAs= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(39860400002)(366004)(376002)(396003)(136003)(346002)(5660300002)(52536014)(64756008)(66556008)(26005)(8676002)(66446008)(7696005)(38100700002)(76116006)(4326008)(83380400001)(9686003)(86362001)(33656002)(122000001)(15650500001)(55016002)(71200400001)(66476007)(2906002)(8936002)(54906003)(110136005)(186003)(478600001)(6506007)(316002)(66946007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?6DQUlRGpeTp/Dd1Vkfa5/ZDqGIXBQWLPRmKAeUDkhsfQc8A9kNq/JnPMPpC7?= =?us-ascii?Q?Z3Y+LfmTSkRBxL/pTz09uBTlTuuLOZAV74ZJz2nQ9lwa3CpbXWCdSJgrSzOP?= =?us-ascii?Q?ja96zdxvoCTy52No0yvbylM0sn2xdqTvg+vBES4sdiapBYA6ajcdA4GCV8tA?= =?us-ascii?Q?awnbBEtAqPEDq4OyXxbzuZTN338iDhQEZhprLI1pQZ8H6eXT7nIqBA4RPKXL?= =?us-ascii?Q?FQuqW+dhnnbK75tYJUixNGVCENeRYd6kJPZhYWrpjZ3cKwEoSAmqc20QPd1S?= =?us-ascii?Q?KuM/Zbn+WhdlDiuHYzsnjYjgH3MtRWrTbDTD5+bwPrk81Q2vr37dEiLUcnOy?= =?us-ascii?Q?EHeLZT++qqvXbzOZIHI1ezrjVt9Yoq8f6crL8E0wAZIIw17CjxtIlOIf5xr/?= =?us-ascii?Q?NLFOQPDPBIKsLJ3IKqoliM74CBBO77XrB3kmLkIcZWhiw4aRbxZlcAd1a/uj?= =?us-ascii?Q?OEZ8MxbR+xpr+sJTM2l0evI3aUq3RMwCozoWAEouPvufQajQu+MPfR7wSJIe?= =?us-ascii?Q?8UDHiI8Gjsn8xhPodA+Ie+zRsz7fwU3jpmSzfo1Xbng51olHS+QF/fq+eqHQ?= =?us-ascii?Q?5A84RuoZAjohILl1MKM/F0FpqiUTdwRTLwJ0HKwrMJQ6wR6kQgpDSVi3sMxU?= =?us-ascii?Q?PJWdo80fiKMlCaoEzBXj5iQD5Uwr8HZx/sdGAZbsIGEOjZHllxPdVi1aecYJ?= =?us-ascii?Q?cpIm/5gmOb5/wZBKep7g8yK13kbgy3iJcvWiulRKBEknGTXADl108Btr17J6?= =?us-ascii?Q?2Gb6FsNd6/xYz+JtNgqSb5z4nV4r9CJB/QnPadJxwN6o3o4sy0A+xU039fnq?= =?us-ascii?Q?iSL2LMvXPHbvnsX2xhm1JzAp05ff2UgzDSf2z0URfdUlrBvyawtAj5Tc/znC?= =?us-ascii?Q?HsyVFCq5KMMsmUcSPejxMtS6NZBeFDdaUpGO0toZzGPIDSoWILm479yIMVT7?= =?us-ascii?Q?V/njF6UKidrbUBkUl6LeGSLGbM1P/nkq8B0bzfeN+QKlSeyk5MGieIjaaLw7?= =?us-ascii?Q?HstWGWMhyehmo1SDzi5xs9EML1rPw0Cuh7U+jTr2u1unFIxtSuYtrIJF90X8?= =?us-ascii?Q?TMhFTHRgMNiInKE7oLYIEeQiijE4cyUvfADKJPWzF/GmHJpN0vRWsETmC7jg?= =?us-ascii?Q?XJg9637Qz4NW/BpCkp6lbcqTWMYCOepwl0UxXq6/5+hxDe9DB7VBq9orarsB?= =?us-ascii?Q?RhMQmkJ+7jFlbeoXN1bzy+JTnxd4WTaYr9/yUseVwfbglDLevzCwOoJOsm0F?= =?us-ascii?Q?X1OEjAl/l0OgfzU+FdBdDwj6kirCbGMZZeW+TTO8McjCPCPvi8+aFMqFSJ/e?= =?us-ascii?Q?ETu4NwOolifOZTOE0Cd9agM/?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f8f4aaec-5ad6-4870-0f42-08d9265e1886 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2021 07:06:22.8840 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ZbTsa3q0dS1FIRza+00NqpFG98IxUB8uA/usq3XXkgoYL+QynFNUdjiqX9Wl8N36PFmwz4i2apfshBYlgyR9zg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4901 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On Tuesday, June 1, 2021 9:12 PM, Grzegorz Bernacki Wrote: > This commits add file which can be included by platform Flash Description > File. It allows to specify certificate files, which will be embedded into= binary > file. The content of these files can be used to initialize Secure Boot de= fault > keys and databases. >=20 > Signed-off-by: Grzegorz Bernacki > --- > SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++++++++++++++++++++ > 1 file changed, 62 insertions(+) > create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc >=20 > diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc > b/SecurityPkg/SecureBootDefaultKeys.fdf.inc > new file mode 100644 > index 0000000000..056586b204 > --- /dev/null > +++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc > @@ -0,0 +1,62 @@ File header should be included, for example, the file description, Copyrigh= t, License, etc. > + > +!if $(DEFAULT_KEYS) =3D=3D TRUE > + FILE FREEFORM =3D 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { > + !ifdef $(PK_DEFAULT_FILE) > + SECTION RAW =3D $(PK_DEFAULT_FILE) > + !endif > + SECTION UI =3D "PK Default" > + } > + > + FILE FREEFORM =3D 6f64916e-9f7a-4c35-b952-cd041efb05a3 { !ifdef > + $(KEK_DEFAULT_FILE1) > + SECTION RAW =3D $(KEK_DEFAULT_FILE1) > + !endif > + !ifdef $(KEK_DEFAULT_FILE2) > + SECTION RAW =3D $(KEK_DEFAULT_FILE2) > + !endif > + !ifdef $(KEK_DEFAULT_FILE3) > + SECTION RAW =3D $(KEK_DEFAULT_FILE3) > + !endif > + SECTION UI =3D "KEK Default" > + } > + > + FILE FREEFORM =3D c491d352-7623-4843-accc-2791a7574421 { !ifdef > + $(DB_DEFAULT_FILE1) > + SECTION RAW =3D $(DB_DEFAULT_FILE1) > + !endif > + !ifdef $(DB_DEFAULT_FILE2) > + SECTION RAW =3D $(DB_DEFAULT_FILE2) > + !endif > + !ifdef $(DB_DEFAULT_FILE3) > + SECTION RAW =3D $(DB_DEFAULT_FILE3) > + !endif > + SECTION UI =3D "DB Default" > + } > + > + FILE FREEFORM =3D 36c513ee-a338-4976-a0fb-6ddba3dafe87 { !ifdef > + $(DBT_DEFAULT_FILE1) > + SECTION RAW =3D $(DBT_DEFAULT_FILE1) > + !endif > + !ifdef $(DBT_DEFAULT_FILE2) > + SECTION RAW =3D $(DBT_DEFAULT_FILE2) > + !endif > + !ifdef $(DBT_DEFAULT_FILE3) > + SECTION RAW =3D $(DBT_DEFAULT_FILE3) > + !endif > + SECTION UI =3D "DBT Default" > + } > + > + FILE FREEFORM =3D 5740766a-718e-4dc0-9935-c36f7d3f884f { !ifdef > + $(DBX_DEFAULT_FILE1) > + SECTION RAW =3D $(DBX_DEFAULT_FILE1) > + !endif > + !ifdef $(DBX_DEFAULT_FILE2) > + SECTION RAW =3D $(DBX_DEFAULT_FILE2) > + !endif > + !ifdef $(DBX_DEFAULT_FILE3) > + SECTION RAW =3D $(DBX_DEFAULT_FILE3) > + !endif > + SECTION UI =3D "DBX Default" > + } > + > +!endif > -- > 2.25.1