From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web12.5611.1622794189479608622 for ; Fri, 04 Jun 2021 01:09:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=C+pu6FmJ; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: min.m.xu@intel.com) IronPort-SDR: x0LcRkow/RlqwVEVqzrVnOo6tyUfA2ZouGfYv1N+uFfffsSH5jAJBIbksGLahYIOxn5z2Z0g4q FrsbW3UM7GEQ== X-IronPort-AV: E=McAfee;i="6200,9189,10004"; a="183929724" X-IronPort-AV: E=Sophos;i="5.83,247,1616482800"; d="scan'208";a="183929724" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2021 01:09:48 -0700 IronPort-SDR: 73SdZ6Z7QTSn1YFmRI0F2vaDSrn3hQQ4QPshqH2dElWurA3N+SMWhWGrSmGvzFzxjvwAW/zhnC TmSaf6kblkNQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,247,1616482800"; d="scan'208";a="480554242" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by orsmga001.jf.intel.com with ESMTP; 04 Jun 2021 01:09:48 -0700 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Fri, 4 Jun 2021 01:09:47 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Fri, 4 Jun 2021 01:09:47 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4 via Frontend Transport; Fri, 4 Jun 2021 01:09:47 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.169) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.4; Fri, 4 Jun 2021 01:09:41 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cww4QwpQPiCWsFfL/W8jQ9QhpiF52pJbdFMmwkZv8z4yvuNQdwcI4tWAYyiUoSR2Z8kLjCgInBVntnSWDwfRCN4DNi+6NDK2N4FUmg6SyMjEsg4jricPkB5g94iNMgDZmk5/css2VFa3g6i872AgbmlNkA0alKcdMNnFXh/je+tseBXE9jIpkVr/5W0u9EU2gank1gqC2gCUW/q3BVoq2X7REGG2f3xtQDLRUOS3J3WQeQQdiBgSd0tUDG7N4K2rRt7TCOz6v9oaODJ8GqE4/pUQ9vApx7EzsY9fql0uFap1JxFEgU6T6PUzYee55nouCDSV24WsFT8gGGqlkZmr6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5Tm+rZPcz+e80kk1Q/iKHfVefWZsOU5dFE0d5yRw4TQ=; b=JD6QKlLs1a0SbKsT2cvedwJHwsU/DnWybShjR75NbFYRSR7Cr4SdVHKslq0tXxfXIaq4C9Y/1J8nIyPOkT5yfTgpk9stJJpplvcA5xPMpOuJm+eVTS26Eh+q1FDbqNlDbmguUyTrKFHgFW62NQYAPNS4nEXMbTWB/2zntdjpiHp5DYG3ryC+CpMNAHXd4FW5TqFIkR/eMdo0T0yexcBcH8orIi+qfy108yAwRkhTywuFCdPdxPyt0CnzIEy8xsgmN7mC74EQ1/n15T70zn6K9tYz3YOImffEPSu4Tu/QndgFFv/1tIlTVE5Vwj76sOFAXiL/P+NwgTLqmWIIN+V9uQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5Tm+rZPcz+e80kk1Q/iKHfVefWZsOU5dFE0d5yRw4TQ=; b=C+pu6FmJRsH9GhkQC92zraSqHGwVFKBikZXJcKmKLkNRi64XHQVXLkL25iociNPH2p6e1oq8G6C9L5DDG9zyylbo6fXlwEibQgJLJyJMer95QKbXlaRWNzdIkVUQN8gFMJJIbEumgnMGvcuY6uWxA0a7cG1TPHpfUBNLIc0quKc= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4965.namprd11.prod.outlook.com (2603:10b6:510:34::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.24; Fri, 4 Jun 2021 08:09:40 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::b4be:3994:dd4d:7b9d]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::b4be:3994:dd4d:7b9d%8]) with mapi id 15.20.4173.030; Fri, 4 Jun 2021 08:09:40 +0000 From: "Min Xu" To: Grzegorz Bernacki , "devel@edk2.groups.io" CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , "Samer.El-Haj-Mahmoud@arm.com" , "sunny.Wang@arm.com" , "mw@semihalf.com" , "upstream@semihalf.com" , "Yao, Jiewen" , "Wang, Jian J" , "lersek@redhat.com" Subject: Re: [PATCH v2 5/6] SecurityPkg: Add new modules to Security package. Thread-Topic: [PATCH v2 5/6] SecurityPkg: Add new modules to Security package. Thread-Index: AQHXVuffPaKDuRlXcEut2LswBLoELqsDg6CA Date: Fri, 4 Jun 2021 08:09:40 +0000 Message-ID: References: <20210601131229.630611-1-gjb@semihalf.com> <20210601131229.630611-7-gjb@semihalf.com> In-Reply-To: <20210601131229.630611-7-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: semihalf.com; dkim=none (message not signed) header.d=none;semihalf.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.143.25] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6c45e942-6e46-44f9-6631-08d927301a78 x-ms-traffictypediagnostic: PH0PR11MB4965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2331; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: L+1aS+o538okmTAkOr5Kes35AUwsbS6CIFaulXaluHuYq/SW8s8uNb1caqhc4w5fbdWztCxIQEBrVQ0om+oKm++E9eWRHKibey+ejjlhqzxBjAwuChKaLveRKLO3L7/C9QU6z7xj6islpvLUMVu+xk9NmJn/MNFMGNtpuby098UM/VGt57ik/ruayYQdtYV8RhoWaiG5ovzUeP92fWmfCtMfKiKYrZqkliDTdpfc9lXMnqn4U/V/z0tFIs7gDPWR0md/WdSnNNs9Y/A/svmgk8zjX/JO9itdxuO0tLOm37FmpebXITMtOiUM+0eyvPpss0FIOLIDthz8XUUKzOh2/BaSBfPj2rcoY6l4fClm1RW8sqq24pbEW5M69Rfi4arKbnkVhcixAzoE+68P8TtYbNcAnAlYv3yyh9JMJb7ffj1V5p6Tw5cZEAf6+sjKBhSwgtbcrlk+medPO0P9gSpBkhEsOdecEmwP3OqiZfLJs8RTWRz81cxCIdqHXBV2z3/yvDOhDwWsteJ4ah8xKm8MkZkjZ7Tk3kP5qJhc2sU9+g043j790qM4CqHU+dxvJrxjeUzgCQHITYAeN11zkj0uuWw7WRnTRYjJSsZ3nfx7gL0= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(376002)(136003)(39860400002)(396003)(366004)(346002)(66946007)(66476007)(64756008)(110136005)(54906003)(66446008)(66556008)(316002)(86362001)(83380400001)(76116006)(15650500001)(9686003)(7696005)(55016002)(26005)(8676002)(186003)(8936002)(6506007)(71200400001)(4326008)(2906002)(5660300002)(19627235002)(52536014)(38100700002)(33656002)(122000001)(478600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?e5VlDcnADAQ5FpMPDJzmg7ZEe6xHB53bX7K4nCPYNpJCkIYKFpViNyUhFby5?= =?us-ascii?Q?nfnzwC7DZnGHezpS4uYUuxJUwFvxVX7VqAxAzTueSAFS3Y14Vx6p8wO5iSFr?= =?us-ascii?Q?kLheiQJfrNm0j28NLwQNMGnChxLK1I71C0yIGPjoylBcz8Yy+rYDeBhOUqoS?= =?us-ascii?Q?ekr9b6wOwrXvmdRMCKR2YLHnNm4HLqjEZ1Un4Qw6KxmkGLPD3mYEhLnLMI4e?= =?us-ascii?Q?3U2fX3ZaBSq6RDQpWfa0h8yNcWxZ8ZxKXp+xulFG32D2Dg1xFlHqRBrUHqOj?= =?us-ascii?Q?mhJGUaBCK+T2rNUzpALyHZXv/zP6SJOyECvdPWRKRIIfEmOdW3KHEV8xWof+?= =?us-ascii?Q?DWrlr5PE7K3O1hP0tW7+Vgk2cCjCKEeLeUq1orxk7Hf5f+fi54q82rjEK6A1?= =?us-ascii?Q?kZsjT2/SNUkKzFd7kIKmwMQvVeFuPZvPPpMOsvbEWBv2YGLb8wp8/tcnS8EJ?= =?us-ascii?Q?J66kbegccdHfHoV/doTQWo15EVe3p0PnnozcZ+R37yjD/NkUUnMm9hjvcYzf?= =?us-ascii?Q?WTlfiW5h2AMEpPFOnnZQgG/EzT+RAsHgA2CgOGk8vfBA/lyuELB8ii9nUY0s?= =?us-ascii?Q?eNR1/GFJrrucSuuH/NCOs6dlvMxER2vfZ1aArTw00qRCaepJwwS/bYyHPhK4?= =?us-ascii?Q?gFe8kzX3cj5yFM7ZV1yWYTlddh3u6H4zlapKDucCtSsrLa9fnX9phpUoUBJh?= =?us-ascii?Q?CuN/31zJyVi9uHnB53F0RxEHJUNyKqA4e/ieUoJE2+akSiwByY7s5xyUwMlk?= =?us-ascii?Q?hLny7ChKhU2wFvFhNJSSqILUHRsW9VTnlbSpea6j1c7w8GIXmSBYrroRfpRS?= =?us-ascii?Q?My+vVNGtRoIJvO3vEgKcToD5nKa/4HNrgmgcsYf1tD2w1rrvJYY3COVw0G/o?= =?us-ascii?Q?607ROj378k+pmwG56BjJp1l6fr1a92qXb0tdhQgVUFslMbZlBdrgaai5SKBr?= =?us-ascii?Q?7f9MefBwM8RxMLHoDTY6mWgvq7gZISnW/RujLaEUf8EueA9EGKMvP4sIImUD?= =?us-ascii?Q?zyvpKZXusJEJ7IVh3wYgrRM+kyctrkJwMwDV/Qte3Z19+UtBanaepehPG8CP?= =?us-ascii?Q?fW9+jjCjV0S5GBWZl935b/hY7c6b1EiDpkllK+ZTGZaIAdI/aIbLJqyXsbz5?= =?us-ascii?Q?A2CcqYsFv5F6/uQ3shRChgQaoHL+4g9SLnHeGDvmrDZh0Y5dgPTqza7U086k?= =?us-ascii?Q?Xchic4N4w2eFfoFbygCYYKV3rdIVYJEX2bMSIxkouOMZHFKbTzlR+nUiETUu?= =?us-ascii?Q?uOAJkegvbcPIULtjDYcS5Yf/svBoQ8lBN3vFCfA8v39YZtHfy+lw55s18JC2?= =?us-ascii?Q?0IljiZqerAL3C5mpkTi0C7ds?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6c45e942-6e46-44f9-6631-08d927301a78 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2021 08:09:40.4382 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jMn+wr0hmCCt65kr1FcRbW5Gwqcwrby0Yp0Na/cPNl6ysk6QkgRodHDBxRXXn3B+IgDaPmnFGGBQcyF6THyCzw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4965 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On June 1, 2021 9:12 PM, Grzegorz Bernacki Wrote: > This commits adds modules related to initialization and usage of default > Secure Boot key variables to SecurityPkg. >=20 > Signed-off-by: Grzegorz Bernacki > --- > SecurityPkg/SecurityPkg.dec | 14 ++++++++++++++ > SecurityPkg/SecurityPkg.dsc | 4 ++++ > 2 files changed, 18 insertions(+) >=20 > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec in= dex > 4001650fa2..dad3cae0ba 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -190,6 +190,20 @@ > ## GUID used to enforce loading order between Tcg2Acpi and Tcg2Smm > gTcg2MmSwSmiRegisteredGuid =3D { 0x9d4548b9, 0xa48d, 0x4db4, > { 0x9a, 0x68, 0x32, 0xc5, 0x13, 0x9e, 0x20, 0x18 } } >=20 > + ## GUID used to specify section with default PK content > + gDefaultPKFileGuid =3D { 0x85254ea7, 0x4759, 0x4fc4, {= 0x82, 0xd4, > 0x5e, 0xed, 0x5f, 0xb0, 0xa4, 0xa0 } } > + > + ## GUID used to specify section with default KEK content > + gDefaultKEKFileGuid =3D { 0x6f64916e, 0x9f7a, 0x4c35, {= 0xb9, 0x52, > 0xcd, 0x04, 0x1e, 0xfb, 0x05, 0xa3 } } > + > + ## GUID used to specify section with default db content > + gDefaultdbFileGuid =3D { 0xc491d352, 0x7623, 0x4843, {= 0xac, 0xcc, > 0x27, 0x91, 0xa7, 0x57, 0x44, 0x21 } } > + > + ## GUID used to specify section with default dbt content > + gDefaultdbxFileGuid =3D { 0x5740766a, 0x718e, 0x4dc0, {= 0x99, 0x35, > 0xc3, 0x6f, 0x7d, 0x3f, 0x88, 0x4f } } > + > + ## GUID used to specify section with default dbx content > + gDefaultdbtFileGuid =3D { 0x36c513ee, 0xa338, 0x4976, {= 0xa0, 0xfb, > 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } } >=20 > [Ppis] > ## The PPI GUID for that TPM physical presence should be locked. > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc in= dex > 854f250625..e031775ca8 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -259,6 +259,10 @@ >=20 > [Components.IA32, Components.X64, Components.ARM, > Components.AARCH64] > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > + SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > + SecurityPkg/EnrollFromDefaultKeys/EnrollFromDefaultKeys.inf > + > + > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeys/SecureBootDefa > + ultKeys.inf > + >=20 > [Components.IA32, Components.X64, Components.AARCH64] > # > -- > 2.25.1 It looks good to me.