From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.85.221.65, mailfrom: philmd@redhat.com)
Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65])
 by groups.io with SMTP; Mon, 29 Apr 2019 05:27:49 -0700
Received: by mail-wr1-f65.google.com with SMTP id f7so7245472wrs.2
        for <devel@edk2.groups.io>; Mon, 29 Apr 2019 05:27:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id
         :date:user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=jA47RhImWZ/Z593FA5/jvadDOHspm+UjK3BgOTCuMm8=;
        b=hwvugyVrxuDF9ygRGldGCfWxcQleGve93u+JDfXLdDfkLKNK6kAsZ9ibPJwkqVLrd9
         cbUKohGZ/IwHthkXWbbfaIDY8Nm4+r3TfQvrSKpXnAmUz7WUM39LnzqEDr3HVMwIY1pz
         Js2EmXR1IZGTOKS9Yr2GSxz/UDy5oA6CkNGmqlEo26UJ3oVKTwtA5FrQbvZwQh66HzwZ
         mLPC325pgAVqL2b17C/TUPOXobkFvkG2PO3VzUJGh2SrqyRKj9W3zfohAcFkvQl7Nu2g
         KTsL/EgaJv1lWKA5Jc5N3WdXk5YwTk35/jur/351e9K7yrSoY6lKwpG4spYenydcZgD4
         T6pg==
X-Gm-Message-State: APjAAAXW3rJapNcCNrkKwrJIpMQDxl3LpgK5MS9ffZfLv1xCeHfA0ht9
	XCO9QctcDi0PJ/8M6TIJx7F3YA==
X-Google-Smtp-Source: APXvYqw0NwuW9lGxq4M3PHhnyo2pEQ+WyPL0B3vrCykwUfTAfEXRdEO18tqbCOuzvvXI/2jOWIwqNg==
X-Received: by 2002:adf:dc4b:: with SMTP id m11mr41863270wrj.66.1556540867462;
        Mon, 29 Apr 2019 05:27:47 -0700 (PDT)
Return-Path: <philmd@redhat.com>
Received: from [192.168.1.33] (193.red-88-21-103.staticip.rima-tde.net. [88.21.103.193])
        by smtp.gmail.com with ESMTPSA id d11sm29493151wrc.32.2019.04.29.05.27.46
        (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128);
        Mon, 29 Apr 2019 05:27:47 -0700 (PDT)
Subject: Re: [edk2-devel] [PATCH 06/16] OvmfPkg/EnrollDefaultKeys: clean up global variable name prefixes
To: devel@edk2.groups.io, lersek@redhat.com
Cc: Anthony Perard <anthony.perard@citrix.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Jordan Justen <jordan.l.justen@intel.com>,
 Julien Grall <julien.grall@arm.com>
References: <20190427005328.27005-1-lersek@redhat.com>
 <20190427005328.27005-7-lersek@redhat.com>
From: =?UTF-8?B?UGhpbGlwcGUgTWF0aGlldS1EYXVkw6k=?= <philmd@redhat.com>
Openpgp: id=89C1E78F601EE86C867495CBA2A3FD6EDEADC0DE;
 url=http://pgp.mit.edu/pks/lookup?op=get&search=0xA2A3FD6EDEADC0DE
Message-ID: <a53f2f6d-8eb9-5be2-1092-773ea4f84462@redhat.com>
Date: Mon, 29 Apr 2019 14:27:46 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <20190427005328.27005-7-lersek@redhat.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 4/27/19 2:53 AM, Laszlo Ersek wrote:
> In edk2, we should start the names of module-global variables with "m".
> Rename the "RedHatPkKek1", "MicrosoftKEK", "MicrosoftPCA",
> "MicrosoftUefiCA" variables accordingly, with the following command:
> 
>   sed --regexp-extended --in-place \
>     --expression='s,\<(RedHatPkKek1|Microsoft(KEK|PCA|UefiCA))\>,m\1,g' \
>     OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
> 
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 18 +++++++++---------
>  1 file changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
> index aa827ac6aa81..fb30f4906df7 100644
> --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
> +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
> @@ -17,17 +17,17 @@
>  
>  //
>  // We'll use the certificate below as both Platform Key and as first Key
>  // Exchange Key.
>  //
>  // "Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com"
>  // SHA1: fd:fc:7f:3c:7e:f3:e0:57:76:ad:d7:98:78:21:6c:9b:e0:e1:95:97
>  //
> -STATIC CONST UINT8 RedHatPkKek1[] = {
> +STATIC CONST UINT8 mRedHatPkKek1[] = {
>    0x30, 0x82, 0x03, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02,
>    0x02, 0x09, 0x00, 0xfe, 0xf5, 0x88, 0xe8, 0xf3, 0x96, 0xc0, 0xf1, 0x30, 0x0d,
>    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
>    0x30, 0x51, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22,
>    0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72,
>    0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45,
>    0x4b, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06,
>    0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73,
> @@ -98,17 +98,17 @@ STATIC CONST UINT8 RedHatPkKek1[] = {
>  };
>  
>  //
>  // Second KEK: "Microsoft Corporation KEK CA 2011".
>  // SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
>  //
>  // "dbx" updates in "dbxtool" are signed with a key derived from this KEK.
>  //
> -STATIC CONST UINT8 MicrosoftKEK[] = {
> +STATIC CONST UINT8 mMicrosoftKEK[] = {
>    0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02,
>    0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30,
>    0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
>    0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
>    0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
>    0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
>    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
>    0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
> @@ -225,17 +225,17 @@ STATIC CONST UINT8 MicrosoftKEK[] = {
>  
>  //
>  // First DB entry: "Microsoft Windows Production PCA 2011"
>  // SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
>  //
>  // Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain
>  // rooted in this certificate.
>  //
> -STATIC CONST UINT8 MicrosoftPCA[] = {
> +STATIC CONST UINT8 mMicrosoftPCA[] = {
>    0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02,
>    0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30,
>    0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
>    0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
>    0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
>    0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
>    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
>    0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
> @@ -350,17 +350,17 @@ STATIC CONST UINT8 MicrosoftPCA[] = {
>  };
>  
>  //
>  // Second DB entry: "Microsoft Corporation UEFI CA 2011"
>  // SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
>  //
>  // To verify the "shim" binary and PCI expansion ROMs with.
>  //
> -STATIC CONST UINT8 MicrosoftUefiCA[] = {
> +STATIC CONST UINT8 mMicrosoftUefiCA[] = {
>    0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02,
>    0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30,
>    0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
>    0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
>    0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
>    0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
>    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
>    0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
> @@ -938,18 +938,18 @@ ShellAppMain (
>        return 1;
>      }
>    }
>  
>    Status = EnrollListOfCerts (
>               EFI_IMAGE_SECURITY_DATABASE,
>               &gEfiImageSecurityDatabaseGuid,
>               &gEfiCertX509Guid,
> -             MicrosoftPCA,    sizeof MicrosoftPCA,    &mMicrosoftOwnerGuid,
> -             MicrosoftUefiCA, sizeof MicrosoftUefiCA, &mMicrosoftOwnerGuid,
> +             mMicrosoftPCA,    sizeof mMicrosoftPCA,    &mMicrosoftOwnerGuid,
> +             mMicrosoftUefiCA, sizeof mMicrosoftUefiCA, &mMicrosoftOwnerGuid,
>               NULL);
>    if (EFI_ERROR (Status)) {
>      return 1;
>    }
>  
>    Status = EnrollListOfCerts (
>               EFI_IMAGE_SECURITY_DATABASE1,
>               &gEfiImageSecurityDatabaseGuid,
> @@ -959,28 +959,28 @@ ShellAppMain (
>    if (EFI_ERROR (Status)) {
>      return 1;
>    }
>  
>    Status = EnrollListOfCerts (
>               EFI_KEY_EXCHANGE_KEY_NAME,
>               &gEfiGlobalVariableGuid,
>               &gEfiCertX509Guid,
> -             RedHatPkKek1, sizeof RedHatPkKek1, &gEfiCallerIdGuid,
> -             MicrosoftKEK, sizeof MicrosoftKEK, &mMicrosoftOwnerGuid,
> +             mRedHatPkKek1, sizeof mRedHatPkKek1, &gEfiCallerIdGuid,
> +             mMicrosoftKEK, sizeof mMicrosoftKEK, &mMicrosoftOwnerGuid,
>               NULL);
>    if (EFI_ERROR (Status)) {
>      return 1;
>    }
>  
>    Status = EnrollListOfCerts (
>               EFI_PLATFORM_KEY_NAME,
>               &gEfiGlobalVariableGuid,
>               &gEfiCertX509Guid,
> -             RedHatPkKek1, sizeof RedHatPkKek1, &gEfiGlobalVariableGuid,
> +             mRedHatPkKek1, sizeof mRedHatPkKek1, &gEfiGlobalVariableGuid,
>               NULL);
>    if (EFI_ERROR (Status)) {
>      return 1;
>    }
>  
>    Settings.CustomMode = STANDARD_SECURE_BOOT_MODE;
>    Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
>                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
> 

Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>