From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.3209.1626318994815481633 for ; Wed, 14 Jul 2021 20:16:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=rEGYbJjg; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10045"; a="232288011" X-IronPort-AV: E=Sophos;i="5.84,240,1620716400"; d="scan'208";a="232288011" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2021 20:16:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,240,1620716400"; d="scan'208";a="505558350" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga002.fm.intel.com with ESMTP; 14 Jul 2021 20:16:32 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Wed, 14 Jul 2021 20:16:31 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Wed, 14 Jul 2021 20:16:31 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.171) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Wed, 14 Jul 2021 20:16:31 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i7V9eL64bZn6llbVtg9Ebnp97gg2XYPEzncirzUeFAiQFNED72vNjVP/Ny+Hh0XmQdFiNOGsRbPFhegyxZzgZALBIi2Aeyzi8nj9J6hrsRQOFyYA14fg3BYoBSOUs7QuzczaReQvM3YNUqEb5F42ZiRKurRwPkYDhnhlI6sG6ZBBAGyqvbc1alRDfOIrZLQd7nT7KgTq6j4FW9RZec3HSh5VtmJpaFzv/oiF2EJptH3GhtT4oYYWxY+ch2tbAwvFRLNnCBqbfvxKMTmFUIEW8X7qfZlYJfEFwG072CzjgmDKW5lrZ4fve4Zn6kpidjO0L+Rzd7pdIESDA7mnLC+jVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jVPFoAq5MVob2A3PSVp8QWvqoSuaTrJqG34gbKWtwZY=; b=bdyPHFLhqkf+9farM0IqK9Hrj8RNWsZ18jw/Ji3Eh7+FJmTmXO6MCPTbYBbvxq/ZNB0IlRwVsdAOwhwFifVMnu6tQoCu5a++lhuGyPg776SAKOnvdhJwX6AzLDyucaQxkfKGZMMWynjsP+fkf/LBSQngDcco8OYwdzTzrJFg/8hrBZ5/OgdWsVgzE7KG+pDPakkRTE/lQFl7jjl6mDQa6mq+T1kbs8bn1xXkyHihFzqosY67z7AsaBZtuE4+CoARdHfobTwlweJ1waF7Nkj64nDr2owOqF09O/M12FuRfUDkdL5ABxncR8Y1Xel54m3mZyMzzfiELozOU49wv/AHDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jVPFoAq5MVob2A3PSVp8QWvqoSuaTrJqG34gbKWtwZY=; b=rEGYbJjgSnuCM9MiRhnwhp+x0jLO3kKLJSME907uCZYj6sZ3IjgAnSSjQu46zyCceu7UYFH6oXt508YD5sLhrs0BGsHrM51Jldvv7vnBEoZzNq8PZoJWoQZzToEboa37onZWco3HD6cIPuhQs0P7bFEabums9Ak1UngKYWcggrM= Received: from SA2PR11MB4892.namprd11.prod.outlook.com (2603:10b6:806:f9::7) by SA0PR11MB4768.namprd11.prod.outlook.com (2603:10b6:806:71::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Thu, 15 Jul 2021 03:16:29 +0000 Received: from SA2PR11MB4892.namprd11.prod.outlook.com ([fe80::3d46:994a:cce1:36c5]) by SA2PR11MB4892.namprd11.prod.outlook.com ([fe80::3d46:994a:cce1:36c5%7]) with mapi id 15.20.4331.022; Thu, 15 Jul 2021 03:16:29 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "gjb@semihalf.com" CC: "leif@nuviainc.com" , "ardb+tianocore@kernel.org" , "Samer.El-Haj-Mahmoud@arm.com" , "sunny.Wang@arm.com" , "mw@semihalf.com" , "upstream@semihalf.com" , "Wang, Jian J" , "Xu, Min M" , "lersek@redhat.com" , "sami.mujawar@arm.com" , "afish@apple.com" , "Ni, Ray" , "Justen, Jordan L" , "rebecca@bsdio.com" , "grehan@freebsd.org" , "thomas.abraham@arm.com" , "Chiu, Chasel" , "Desimone, Nathaniel L" , "gaoliming@byosoft.com.cn" , "Dong, Eric" , "Kinney, Michael D" , "Sun, Zailiang" , "Qian, Yi" , "graeme@nuviainc.com" , "rad@semihalf.com" , "pete@akeo.ie" Subject: Re: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys Thread-Topic: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys Thread-Index: AQHXeKwE/n4M5FTJUUu+VCFxOyWTNatDXfXQ Date: Thu, 15 Jul 2021 03:16:29 +0000 Message-ID: References: <20210714122952.1340890-1-gjb@semihalf.com> In-Reply-To: <20210714122952.1340890-1-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8b76ec84-b187-455f-e22b-08d9473ef030 x-ms-traffictypediagnostic: SA0PR11MB4768: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: xGyjtNW+Gp9CIr7lm20Er2GlOdrtNDhvUi44K6+W5x9rAMPaOF96ZRLbsF/au/K0EEquw+fWfiWLekgVMIaTf4PC3u2XEq04cF00XAdLmW5LYMM2WpaiYxeTboS0gj9oMbz7w+qN1ep2u4iOJo4Xexlp8a3aIZ9SmWT7OSSV19Gg+zCMjJl/jqyDUKBrdzcMdUbeaLOPAIqxhGkDZHJtzujWVc9gxAd+Hhb60GvVLO843SMoqVqW8VSf79vyBct36slO22+54Syohujrf3YyN6QaU6trDHGOqSd53aCnxKFChQoIRGY7GdpRkdYB9TyI2hNleJo6SLvlebakfm1bZorg9ShBSP43Onb8+gBxaI0jEpEraCZjR5qjJw3EsdwV3Grc9LpZJuTJCMhQU2bpTeAYS/dkd8eHai/pDjylWdCMobir1xf5AKmVuT8ot+QxzgAGorsQKbb2cpqcXwtxH2MOP5QdTs9tOJ48BH7AL7hUwx8oW2eEC2aoiHfOdUGzLhSqC7RlOu7Be+5ku7NTX7acTszHx12+c+uxJfoPFxJzxPBY/P3mto+wi068uaMStHZxzq4i7oIDhHTpNObAifPicTZZ39iw4F5LKu1LiL0qcfFZDllkMouXNn4zxiunuwlBpVKqFJFYiTNtKepQp0M7y/Nrqg1YDnS1WasNLxlsx8NsshmAWGraODtnXjUBGS7eKpxgkodT1MoVTBpaLbrZTAb7JPShJ8JUGzSV28FjYjs6msAnebPg2N8Braw1pRbsh3JSYAf7vHilj1f5pV3ncc/ozbvxdJ/kX068nGXywS6723HE2nmanYmH9lkX4c+lWq+I9dzvk5Y2u8SI8w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA2PR11MB4892.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(39860400002)(396003)(346002)(376002)(478600001)(83380400001)(55016002)(8936002)(4326008)(966005)(52536014)(71200400001)(7696005)(19627235002)(2906002)(8676002)(9686003)(26005)(38100700002)(122000001)(6506007)(66946007)(5660300002)(33656002)(66556008)(66476007)(54906003)(110136005)(316002)(186003)(7416002)(66446008)(76116006)(53546011)(64756008)(86362001)(38070700004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?SKzZoMmJKE4Cix1F+xiq4L881Pw1dqPBXHWIjsmiaIJMUZB00kY4TPEsbPmr?= =?us-ascii?Q?8gBc3p8+I8+VpY7JwD7WdoeP5F2ujGEjRDcccXFmpQ9DEXjIv3mWrUcoX4R9?= =?us-ascii?Q?v+Zj5GkNiWF64NEWEgy6iyoJN/3OSZI8vI5/frzcn9osugu6LBWYDf+tLOds?= =?us-ascii?Q?wYETmkNmiD915/kVSJci8a6H5x7b6WwxqCGjG7tmJDWm8xVu5LrzqgsvXhqv?= =?us-ascii?Q?b9VvQP4QT9zTVL3YSGKZRyOK5mAYZZHvcSPFkZXpwVmZdeILFB1zCyqDZVQy?= =?us-ascii?Q?x+1Rye70h3Im4K7k4VRcnT0kL5Cs9vlIxuK7Z5mGzpjvf5R1EmPFRl+jyqV/?= =?us-ascii?Q?xlpNTwQ9w3dXiE8Wz9veImSJu8TdMwP9PMY2a7TK7T/i+jxDgoDrt7Ap5mNi?= =?us-ascii?Q?eNUleDD0lYgfVyKvEQeMStcTW4k8eDulyqc3JkIJ2yrb/2oFBvtNoDDtwti4?= =?us-ascii?Q?4JXQR93uZdflfo9nzdL4KrNhR11ZlK55805w+pL4KBObj79egX0DP1x4LAQb?= =?us-ascii?Q?UyCO5J6HcpRGcZoRA1wj+IWh2gZLGdP3OTWYqkRea69/0R7SarlFy49v+D5c?= =?us-ascii?Q?NgNv/Iyd9IjndCtUdU3thtv5uzpCjTxE7LrZx8K5AK0AxZE6Mc7LZ5ZGC3Uv?= =?us-ascii?Q?egcjFAwTkJSRCznwUmeAqRhCEsXsm28fkmm5OaEUUV5yUaULSBbby6ca8PIr?= =?us-ascii?Q?uoNleTcz4X9tO+QuOPGB6vrHMOhG6IzFxvTytP/wyxCdacuwChnbmTsm3tO7?= =?us-ascii?Q?1FaqVs3JAamtgodN3yoBL2tZwlaeycCNhO1WciLF+mwLIlOo6RYVI6xJEZ+k?= =?us-ascii?Q?XGHkgoTw9T6O9fndJeqJ3/O5Kqg4CpgqfKIdon+nnai7VDNYpgOO9ktMueMX?= =?us-ascii?Q?K6n8X4J0mOX3qmrvYj88bjFZ3JVLrioyTtK01H23udl3R/0qgOX3RYeA2v4/?= =?us-ascii?Q?nTPWqnwwqhDVAZ/ECHmq/5ruxdSElfmwyDcRZGgaKk3D2tu03/KdtG2eVj10?= =?us-ascii?Q?y6an8Tw/rlibM0z3HnZJwVNwFkSCpPSBlxH2I56/Ei/V57u+YE76wqhqMBck?= =?us-ascii?Q?0UfEqDO/P0gmpIskkIqaZhUEYOg+mavqzkbFSsF2kDL6aWgIBiY4ngmeFnEl?= =?us-ascii?Q?NWg0vGGz81/wUKRFpU/f+dybnwpowQV+HhxBjNmXxIDGKg8amYvuMn//6WxK?= =?us-ascii?Q?1MsSKTEEh+0O/jKU6rp78FYHrOftzv2nKnwEJ8EmZ4hpFWq2oy8XM7cLXNpU?= =?us-ascii?Q?XVrw1UihIhjLkdsZk35cyiX5GFyiDXzVzYjruiQcFAcPTODsjBYF65WxVuiH?= =?us-ascii?Q?xV+BRWZUWkBFcRurjNHvYfrP?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SA2PR11MB4892.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8b76ec84-b187-455f-e22b-08d9473ef030 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jul 2021 03:16:29.0685 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: rDecNwzX+h0N292tvi2jgKAstZgeguRmxrlouGMxyWmvjiTz1u887he2hgxzz4va4jJOn323fmFm9oIZDTy+hg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR11MB4768 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thank you very much Grzegorz. SecurityPkg: Reviewed-by: Jiewen Yao > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Grzegorz > Bernacki > Sent: Wednesday, July 14, 2021 8:30 PM > To: devel@edk2.groups.io > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj- > Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com; > upstream@semihalf.com; Yao, Jiewen ; Wang, Jian J > ; Xu, Min M ; > lersek@redhat.com; sami.mujawar@arm.com; afish@apple.com; Ni, Ray > ; Justen, Jordan L ; > rebecca@bsdio.com; grehan@freebsd.org; thomas.abraham@arm.com; Chiu, > Chasel ; Desimone, Nathaniel L > ; gaoliming@byosoft.com.cn; Dong, Eric > ; Kinney, Michael D ; S= un, > Zailiang ; Qian, Yi ; > graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Grzegorz Bernacki > > Subject: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys >=20 > This patchset adds support for initialization of default > Secure Boot variables based on keys content embedded in > flash binary. This feature is active only if Secure Boot > is enabled and DEFAULT_KEY is defined. The patchset > consist also application to enroll keys from default > variables and secure boot menu change to allow user > to reset key content to default values. > Discussion on design can be found at: > https://edk2.groups.io/g/rfc/topic/82139806#600 >=20 > Built with: > GCC > - RISC-V (U500, U540) [requires fixes in dsc to build] > - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg, > EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32)) > - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4) >=20 > RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be = built, > will be post on edk2 maillist later >=20 > VS2019 > - Intel (OvmfPkgX64) >=20 > Test with: > GCC5/RPi4 > VS2019/OvmfX64 (requires changes to enable feature) >=20 > Tests: > 1. Try to enroll key in incorrect format. > 2. Enroll with only PKDefault keys specified. > 3. Enroll with all keys specified. > 4. Enroll when keys are enrolled. > 5. Reset keys values. > 6. Running signed & unsigned app after enrollment. >=20 > Changes since v1: > - change names: > SecBootVariableLib =3D> SecureBootVariableLib > SecBootDefaultKeysDxe =3D> SecureBootDefaultKeysDxe > SecEnrollDefaultKeysApp =3D> EnrollFromDefaultKeysApp > - change name of function CheckSetupMode to GetSetupMode > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > - rebase to master >=20 > Changes since v2: > - fix coding style for functions headers in SecureBootVariableLib.h > - add header to SecureBootDefaultKeys.fdf.inc > - remove empty line spaces in SecureBootDefaultKeysDxe files > - revert FAIL macro in EnrollFromDefaultKeysApp > - remove functions duplicates and add SecureBootVariableLib > to platforms which used it >=20 > Changes since v3: > - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg > - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib > - fix typo in guid description >=20 > Changes since v4: > - reorder patches to make it bisectable > - split commits related to more than one platform > - move edk2-platform commits to separate patchset >=20 > Changes since v5: > - split SecureBootVariableLib into SecureBootVariableLib and > SecureBootVariableProvisionLib >=20 > Grzegorz Bernacki (11): > SecurityPkg: Create SecureBootVariableLib. > SecurityPkg: Create library for enrolling Secure Boot variables. > ArmVirtPkg: add SecureBootVariableLib class resolution > OvmfPkg: add SecureBootVariableLib class resolution > EmulatorPkg: add SecureBootVariableLib class resolution > SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. > ArmPlatformPkg: Create include file for default key content. > SecurityPkg: Add SecureBootDefaultKeysDxe driver > SecurityPkg: Add EnrollFromDefaultKeys application. > SecurityPkg: Add new modules to Security package. > SecurityPkg: Add option to reset secure boot keys. >=20 > SecurityPkg/SecurityPkg.dec = | 14 + > ArmVirtPkg/ArmVirt.dsc.inc = | 2 + > EmulatorPkg/EmulatorPkg.dsc = | 2 + > OvmfPkg/Bhyve/BhyveX64.dsc = | 2 + > OvmfPkg/OvmfPkgIa32.dsc = | 2 + > OvmfPkg/OvmfPkgIa32X64.dsc = | 2 + > OvmfPkg/OvmfPkgX64.dsc = | 2 + > SecurityPkg/SecurityPkg.dsc = | 5 + > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > | 48 ++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > | 80 +++ >=20 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro= visi > onLib.inf | 80 +++ >=20 > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx > e.inf | 3 + >=20 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDef= a > ultKeysDxe.inf | 46 ++ > SecurityPkg/Include/Library/SecureBootVariableLib.h = | 153 > ++++++ > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h = | > 134 +++++ >=20 > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNv > Data.h | 2 + >=20 > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.v= fr > | 6 + > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > | 110 +++++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > | 511 ++++++++++++++++++++ >=20 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro= visi > onLib.c | 491 +++++++++++++++++++ >=20 > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigIm > pl.c | 344 ++++++------- >=20 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDef= a > ultKeysDxe.c | 69 +++ > ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc = | 70 > +++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > | 17 + >=20 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro= visi > onLib.uni | 16 + >=20 > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigSt= ri > ngs.uni | 4 + >=20 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDef= a > ultKeysDxe.uni | 16 + > 27 files changed, 2043 insertions(+), 188 deletions(-) > create mode 100644 > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > create mode 100644 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro= visi > onLib.inf > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDef= a > ultKeysDxe.inf > create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h > create mode 100644 > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > create mode 100644 > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > create mode 100644 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro= visi > onLib.c > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDef= a > ultKeysDxe.c > create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > create mode 100644 > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro= visi > onLib.uni > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDef= a > ultKeysDxe.uni >=20 > -- > 2.25.1 >=20 >=20 >=20 >=20 >=20