From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.85.221.65, mailfrom: philmd@redhat.com) Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) by groups.io with SMTP; Mon, 29 Apr 2019 22:24:21 -0700 Received: by mail-wr1-f65.google.com with SMTP id s18so19450511wrp.0 for ; Mon, 29 Apr 2019 22:24:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=XXGmdU9Q/CP0EQyM/hq9T21hLgI8l/Iyzcih/MnlWrY=; b=BzpzUbPAxCs3kfZYCaAA4P1ZrfIl+C+n3LwbT9JuszATc66Efz0DBdtcj/jL+vbhc3 M9mie/8EHxnTRo+SAMPk1gEas41T1DJGuNBVMceaJacIxLhDzJKG6OSMngzzX/6txFfh wqGnKerOs9zktPzyDVfbvJkDCzsl445u2MdwK0z6mh0EN4i9ta5fYr6x/nsjnR7u8n+F mLo4RzKLqNP3NAR4haa242eA1eVea8i7nT1PLqWfzP/aBn5fFBTLqj80ais+UeOgkBbV OK9oSz711uFJOoEEzVHC58icqyGy71Yb6Yb9HlIRn1NkiHkdMdQ1QWmdTP9r0F9qS0Bf 68Eg== X-Gm-Message-State: APjAAAV6WxvQUROPpK8IZPDSiBoLvAZ5j1aNJ2r2VyHiOmYxmIjX1doG Li9/BSx7NuWy6tSOum/nAx6bNg== X-Google-Smtp-Source: APXvYqwrBfWU//qV4QGo8Sp1L61IyjLW0v4fqxpiXOTKOzfBT7leB+livuxrnYvEv2HAsihO7ceHKg== X-Received: by 2002:adf:83a7:: with SMTP id 36mr8516389wre.310.1556601859989; Mon, 29 Apr 2019 22:24:19 -0700 (PDT) Return-Path: Received: from [192.168.1.37] (193.red-88-21-103.staticip.rima-tde.net. [88.21.103.193]) by smtp.gmail.com with ESMTPSA id 11sm1096232wmk.17.2019.04.29.22.24.18 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 29 Apr 2019 22:24:19 -0700 (PDT) Subject: Re: [edk2-devel] [PATCH 14/16] OvmfPkg: introduce OVMF_PK_KEK1_APP_PREFIX_GUID To: devel@edk2.groups.io, lersek@redhat.com Cc: Anthony Perard , Ard Biesheuvel , Jordan Justen , Julien Grall References: <20190427005328.27005-1-lersek@redhat.com> <20190427005328.27005-15-lersek@redhat.com> From: =?UTF-8?B?UGhpbGlwcGUgTWF0aGlldS1EYXVkw6k=?= Openpgp: id=89C1E78F601EE86C867495CBA2A3FD6EDEADC0DE; url=http://pgp.mit.edu/pks/lookup?op=get&search=0xA2A3FD6EDEADC0DE Message-ID: Date: Tue, 30 Apr 2019 07:24:17 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190427005328.27005-15-lersek@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 4/27/19 2:53 AM, Laszlo Ersek wrote: > For the EnrollDefaultKeys application, the hypervisor is expected to add a > string entry to the "OEM Strings" (Type 11) SMBIOS table, with the > following format: > > 4e32566d-8e9e-4f52-81d3-5bb9715f9727: > > The string representation of the GUID at the front is the "application > prefix", in terms of QEMU commit > . > > Introduce this GUID in the usual manner. > > Cc: Anthony Perard > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Julien Grall > Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747 > Signed-off-by: Laszlo Ersek > --- > OvmfPkg/OvmfPkg.dec | 1 + > OvmfPkg/Include/Guid/OvmfPkKek1AppPrefix.h | 45 ++++++++++++++++++++ > 2 files changed, 46 insertions(+) > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > index 922e061cc85c..0e555c5c78c5 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -67,16 +67,17 @@ [LibraryClasses] > > ## @libraryclass Manage XenBus device path and I/O handles > # > XenIoMmioLib|Include/Library/XenIoMmioLib.h > > [Guids] > gUefiOvmfPkgTokenSpaceGuid = {0x93bb96af, 0xb9f2, 0x4eb8, {0x94, 0x62, 0xe0, 0xba, 0x74, 0x56, 0x42, 0x36}} > gEfiXenInfoGuid = {0xd3b46f3b, 0xd441, 0x1244, {0x9a, 0x12, 0x0, 0x12, 0x27, 0x3f, 0xc1, 0x4d}} > + gOvmfPkKek1AppPrefixGuid = {0x4e32566d, 0x8e9e, 0x4f52, {0x81, 0xd3, 0x5b, 0xb9, 0x71, 0x5f, 0x97, 0x27}} > gOvmfPlatformConfigGuid = {0x7235c51c, 0x0c80, 0x4cab, {0x87, 0xac, 0x3b, 0x08, 0x4a, 0x63, 0x04, 0xb1}} > gVirtioMmioTransportGuid = {0x837dca9e, 0xe874, 0x4d82, {0xb2, 0x9a, 0x23, 0xfe, 0x0e, 0x23, 0xd1, 0xe2}} > gQemuRamfbGuid = {0x557423a1, 0x63ab, 0x406c, {0xbe, 0x7e, 0x91, 0xcd, 0xbc, 0x08, 0xc4, 0x57}} > gXenBusRootDeviceGuid = {0xa732241f, 0x383d, 0x4d9c, {0x8a, 0xe1, 0x8e, 0x09, 0x83, 0x75, 0x89, 0xd7}} > gRootBridgesConnectedEventGroupGuid = {0x24a2d66f, 0xeedd, 0x4086, {0x90, 0x42, 0xf2, 0x6e, 0x47, 0x97, 0xee, 0x69}} > gMicrosoftVendorGuid = {0x77fa9abd, 0x0359, 0x4d32, {0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b}} > > [Protocols] > diff --git a/OvmfPkg/Include/Guid/OvmfPkKek1AppPrefix.h b/OvmfPkg/Include/Guid/OvmfPkKek1AppPrefix.h > new file mode 100644 > index 000000000000..e05d2fe021b7 > --- /dev/null > +++ b/OvmfPkg/Include/Guid/OvmfPkKek1AppPrefix.h > @@ -0,0 +1,45 @@ > +/** @file > + Declare the application prefix string as a GUID, for locating the PK/KEK1 > + X509 certificate to enroll, in the "OEM Strings" SMBIOS table. > + > + Copyright (C) 2019, Red Hat, Inc. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > + @par Specification Reference: > + - https://git.qemu.org/?p=qemu.git;a=commit;h=2d6dcbf93fb0 > + - https://libvirt.org/formatdomain.html#elementsSysinfo > + - https://bugs.launchpad.net/qemu/+bug/1826200 > + - https://bugzilla.tianocore.org/show_bug.cgi?id=1747 > +**/ > + > +#ifndef OVMF_PK_KEK1_APP_PREFIX_H_ > +#define OVMF_PK_KEK1_APP_PREFIX_H_ > + > +#include > + > +// > +// For the EnrollDefaultKeys application, the hypervisor is expected to add a > +// string entry to the "OEM Strings" (Type 11) SMBIOS table, with the following > +// format: > +// > +// 4e32566d-8e9e-4f52-81d3-5bb9715f9727: > +// > +// The string representation of the GUID at the front is the "application > +// prefix". It is matched by EnrollDefaultKeys case-insensitively. > +// > +// The base64-encoded blob following the application prefix and the colon (:) > +// is an X509 certificate in DER representation; the hypervisor instructs > +// EnrollDefaultKeys to enroll this certificate as both Platform Key and first > +// Key Exchange Key. > +// > +#define OVMF_PK_KEK1_APP_PREFIX_GUID \ > + { 0x4e32566d, \ > + 0x8e9e, \ > + 0x4f52, \ > + { 0x81, 0xd3, 0x5b, 0xb9, 0x71, 0x5f, 0x97, 0x27 }, \ > + } > + > +extern EFI_GUID gOvmfPkKek1AppPrefixGuid; > + > +#endif /* OVMF_PK_KEK1_APP_PREFIX_H_ */ > Reviewed-by: Philippe Mathieu-Daude