From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.85.221.65, mailfrom: philmd@redhat.com) Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) by groups.io with SMTP; Mon, 29 Apr 2019 05:27:49 -0700 Received: by mail-wr1-f65.google.com with SMTP id f7so7245472wrs.2 for ; Mon, 29 Apr 2019 05:27:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=jA47RhImWZ/Z593FA5/jvadDOHspm+UjK3BgOTCuMm8=; b=hwvugyVrxuDF9ygRGldGCfWxcQleGve93u+JDfXLdDfkLKNK6kAsZ9ibPJwkqVLrd9 cbUKohGZ/IwHthkXWbbfaIDY8Nm4+r3TfQvrSKpXnAmUz7WUM39LnzqEDr3HVMwIY1pz Js2EmXR1IZGTOKS9Yr2GSxz/UDy5oA6CkNGmqlEo26UJ3oVKTwtA5FrQbvZwQh66HzwZ mLPC325pgAVqL2b17C/TUPOXobkFvkG2PO3VzUJGh2SrqyRKj9W3zfohAcFkvQl7Nu2g KTsL/EgaJv1lWKA5Jc5N3WdXk5YwTk35/jur/351e9K7yrSoY6lKwpG4spYenydcZgD4 T6pg== X-Gm-Message-State: APjAAAXW3rJapNcCNrkKwrJIpMQDxl3LpgK5MS9ffZfLv1xCeHfA0ht9 XCO9QctcDi0PJ/8M6TIJx7F3YA== X-Google-Smtp-Source: APXvYqw0NwuW9lGxq4M3PHhnyo2pEQ+WyPL0B3vrCykwUfTAfEXRdEO18tqbCOuzvvXI/2jOWIwqNg== X-Received: by 2002:adf:dc4b:: with SMTP id m11mr41863270wrj.66.1556540867462; Mon, 29 Apr 2019 05:27:47 -0700 (PDT) Return-Path: Received: from [192.168.1.33] (193.red-88-21-103.staticip.rima-tde.net. [88.21.103.193]) by smtp.gmail.com with ESMTPSA id d11sm29493151wrc.32.2019.04.29.05.27.46 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 29 Apr 2019 05:27:47 -0700 (PDT) Subject: Re: [edk2-devel] [PATCH 06/16] OvmfPkg/EnrollDefaultKeys: clean up global variable name prefixes To: devel@edk2.groups.io, lersek@redhat.com Cc: Anthony Perard , Ard Biesheuvel , Jordan Justen , Julien Grall References: <20190427005328.27005-1-lersek@redhat.com> <20190427005328.27005-7-lersek@redhat.com> From: =?UTF-8?B?UGhpbGlwcGUgTWF0aGlldS1EYXVkw6k=?= Openpgp: id=89C1E78F601EE86C867495CBA2A3FD6EDEADC0DE; url=http://pgp.mit.edu/pks/lookup?op=get&search=0xA2A3FD6EDEADC0DE Message-ID: Date: Mon, 29 Apr 2019 14:27:46 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190427005328.27005-7-lersek@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 4/27/19 2:53 AM, Laszlo Ersek wrote: > In edk2, we should start the names of module-global variables with "m". > Rename the "RedHatPkKek1", "MicrosoftKEK", "MicrosoftPCA", > "MicrosoftUefiCA" variables accordingly, with the following command: > > sed --regexp-extended --in-place \ > --expression='s,\<(RedHatPkKek1|Microsoft(KEK|PCA|UefiCA))\>,m\1,g' \ > OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c > > Cc: Anthony Perard > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Julien Grall > Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747 > Signed-off-by: Laszlo Ersek > --- > OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 18 +++++++++--------- > 1 file changed, 9 insertions(+), 9 deletions(-) > > diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c > index aa827ac6aa81..fb30f4906df7 100644 > --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c > +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c > @@ -17,17 +17,17 @@ > > // > // We'll use the certificate below as both Platform Key and as first Key > // Exchange Key. > // > // "Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com" > // SHA1: fd:fc:7f:3c:7e:f3:e0:57:76:ad:d7:98:78:21:6c:9b:e0:e1:95:97 > // > -STATIC CONST UINT8 RedHatPkKek1[] = { > +STATIC CONST UINT8 mRedHatPkKek1[] = { > 0x30, 0x82, 0x03, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02, > 0x02, 0x09, 0x00, 0xfe, 0xf5, 0x88, 0xe8, 0xf3, 0x96, 0xc0, 0xf1, 0x30, 0x0d, > 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, > 0x30, 0x51, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, > 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, > 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, > 0x4b, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, > 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, > @@ -98,17 +98,17 @@ STATIC CONST UINT8 RedHatPkKek1[] = { > }; > > // > // Second KEK: "Microsoft Corporation KEK CA 2011". > // SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30 > // > // "dbx" updates in "dbxtool" are signed with a key derived from this KEK. > // > -STATIC CONST UINT8 MicrosoftKEK[] = { > +STATIC CONST UINT8 mMicrosoftKEK[] = { > 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02, > 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30, > 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, > 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, > 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, > 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, > 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, > 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, > @@ -225,17 +225,17 @@ STATIC CONST UINT8 MicrosoftKEK[] = { > > // > // First DB entry: "Microsoft Windows Production PCA 2011" > // SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d > // > // Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain > // rooted in this certificate. > // > -STATIC CONST UINT8 MicrosoftPCA[] = { > +STATIC CONST UINT8 mMicrosoftPCA[] = { > 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02, > 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, > 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, > 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, > 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, > 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, > 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, > 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, > @@ -350,17 +350,17 @@ STATIC CONST UINT8 MicrosoftPCA[] = { > }; > > // > // Second DB entry: "Microsoft Corporation UEFI CA 2011" > // SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3 > // > // To verify the "shim" binary and PCI expansion ROMs with. > // > -STATIC CONST UINT8 MicrosoftUefiCA[] = { > +STATIC CONST UINT8 mMicrosoftUefiCA[] = { > 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02, > 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30, > 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, > 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, > 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, > 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, > 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, > 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, > @@ -938,18 +938,18 @@ ShellAppMain ( > return 1; > } > } > > Status = EnrollListOfCerts ( > EFI_IMAGE_SECURITY_DATABASE, > &gEfiImageSecurityDatabaseGuid, > &gEfiCertX509Guid, > - MicrosoftPCA, sizeof MicrosoftPCA, &mMicrosoftOwnerGuid, > - MicrosoftUefiCA, sizeof MicrosoftUefiCA, &mMicrosoftOwnerGuid, > + mMicrosoftPCA, sizeof mMicrosoftPCA, &mMicrosoftOwnerGuid, > + mMicrosoftUefiCA, sizeof mMicrosoftUefiCA, &mMicrosoftOwnerGuid, > NULL); > if (EFI_ERROR (Status)) { > return 1; > } > > Status = EnrollListOfCerts ( > EFI_IMAGE_SECURITY_DATABASE1, > &gEfiImageSecurityDatabaseGuid, > @@ -959,28 +959,28 @@ ShellAppMain ( > if (EFI_ERROR (Status)) { > return 1; > } > > Status = EnrollListOfCerts ( > EFI_KEY_EXCHANGE_KEY_NAME, > &gEfiGlobalVariableGuid, > &gEfiCertX509Guid, > - RedHatPkKek1, sizeof RedHatPkKek1, &gEfiCallerIdGuid, > - MicrosoftKEK, sizeof MicrosoftKEK, &mMicrosoftOwnerGuid, > + mRedHatPkKek1, sizeof mRedHatPkKek1, &gEfiCallerIdGuid, > + mMicrosoftKEK, sizeof mMicrosoftKEK, &mMicrosoftOwnerGuid, > NULL); > if (EFI_ERROR (Status)) { > return 1; > } > > Status = EnrollListOfCerts ( > EFI_PLATFORM_KEY_NAME, > &gEfiGlobalVariableGuid, > &gEfiCertX509Guid, > - RedHatPkKek1, sizeof RedHatPkKek1, &gEfiGlobalVariableGuid, > + mRedHatPkKek1, sizeof mRedHatPkKek1, &gEfiGlobalVariableGuid, > NULL); > if (EFI_ERROR (Status)) { > return 1; > } > > Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; > Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, > EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, > Reviewed-by: Philippe Mathieu-Daude