From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+120715+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 45FA5D80230
	for <rebecca@openfw.io>; Tue,  5 Nov 2024 07:26:18 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=x0KvYAj4ImKzKWbbWnJb77BbyQhjoeDVojuQDCmIfew=;
 c=relaxed/simple; d=groups.io;
 h=Feedback-ID:Message-ID:Date:MIME-Version:User-Agent:To:From:Cc:Subject:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20240830; t=1730791577; v=1; x=1731050776;
 b=UNoGTmeXNrDoga8eqYHa/mAu9/0Wts3jKSgNImKCD7wq+72R1ZixfYKxuOXIhH5GADaKZPLG
 ByNg8A9Slfei2a7/CwTkToYMrZtFvHAlx1tzJvpKm0ewtgOOBUhVbui4wfuBKwysrG1nm/LNil6
 8UbkZAkaLp4GKFhA2IPmJFR0BQPfNtomayqEU9zJcr4IUCues5ZlR3m94K7i4fBL9eNuWfXpCQt
 qkiYiSUMbiXvRKfH/WThjHtXr3FLO/3mJBatwzy6sEJjXb7JgxprpCGY0aET5uILYY8zNiREX8N
 RANilF+NdS9mu7Mn9PkiL6jZM5VcBvBMSJrNboi9NoxBA==
X-Received: by 127.0.0.2 with SMTP id PXODYY7687511xQWynrJETYI; Mon, 04 Nov 2024 23:26:16 -0800
X-Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156])
 by mx.groups.io with SMTP id smtpd.web11.12447.1730791575591263813
 for <devel@edk2.groups.io>;
 Mon, 04 Nov 2024 23:26:15 -0800
X-Received: from phl-compute-01.internal (phl-compute-01.phl.internal [10.202.2.41])
	by mailfhigh.stl.internal (Postfix) with ESMTP id 671C0254016B;
	Tue,  5 Nov 2024 02:26:14 -0500 (EST)
X-Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-01.internal (MEProxy); Tue, 05 Nov 2024 02:26:14 -0500
X-ME-Sender: <xms:lcgpZ77sQawq04Sqe1ZJ_4WzWdUjcdKjKgNlD3mUYAB0KTsVzBIjLw>
    <xme:lcgpZw6d4t2hkWekTeb2TnNBE_RlCBODgwjrd2hccyNhnaE3yVBTyj5Y_PFYEhc2c
    ixM0M57Iqgd5nbR9mU>
X-ME-Received: <xmr:lcgpZyfL3_bktY-_iS_vnWlLauYkcxB69o1-KseysUylevBczmVVdpqE6rizAA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvdeljedguddtlecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
    uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg
    hnthhsucdlqddutddtmdenucfjughrpefkffggfgfvhfevufgtgfesthejredttddvjeen
    ucfhrhhomheptfgvsggvtggtrgcuvehrrghnuceorhgvsggvtggtrgessghsughiohdrtg
    homheqnecuggftrfgrthhtvghrnhepieevtdekvdeiveduvdduudelkedtvefggeettdff
    gffggffgffdvkeefheeljedvnecuffhomhgrihhnpehgihhthhhusgdrtghomhdpmhhitg
    hrohhsohhfthdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgr
    ihhlfhhrohhmpehrvggsvggttggrsegsshguihhordgtohhmpdhnsggprhgtphhtthhope
    egpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehquhhitggplhhlihhnughhohhl
    sehquhhitghinhgtrdgtohhmpdhrtghpthhtoheprghruggsodhtihgrnhhotghorhgvse
    hkvghrnhgvlhdrohhrghdprhgtphhtthhopehsrghmihdrmhhujhgrfigrrhesrghrmhdr
    tghomhdprhgtphhtthhopeguvghvvghlsegvughkvddrghhrohhuphhsrdhioh
X-ME-Proxy: <xmx:lcgpZ8L1pYy06DL_OCkGlk9l4-iPji5wbzBevn2W-K8aW9xJBWo6GQ>
    <xmx:lcgpZ_KzkQT5Whpqy5xd5jGnPCnf3VTVtZWN1oAeOmSh3RDqCqkp-g>
    <xmx:lcgpZ1ymsxlZuuR8jH29KAUYoYdBqdUyW4jqFyYb72aHmO7Yh0QjSw>
    <xmx:lcgpZ7IOYvA6CdjJP8ECCapB15pKHn8S5fRFCMqnPPDM2A1uuPy4ng>
    <xmx:lsgpZ8EBcOYCNRN2E2rLqc7c4d4UCI_guvUwUrMbBniBPs19mstWCrYB>
Feedback-ID: i5b994698:Fastmail
X-Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 5 Nov 2024 02:26:13 -0500 (EST)
Message-ID: <d55686e3-cb32-4113-8521-99ea4800c839@bsdio.com>
Date: Tue, 5 Nov 2024 00:26:06 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Leif Lindholm <quic_llindhol@quicinc.com>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>,
 Sami Mujawar <sami.mujawar@arm.com>
From: "Rebecca Cran" <rebecca@bsdio.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>
Subject: [edk2-devel] ArmPlatformPkg: does SecureBootDefaultKeys.fdf.inc need updated to add more DB files?
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Mon, 04 Nov 2024 23:26:15 -0800
Resent-From: rebecca@bsdio.com
Reply-To: devel@edk2.groups.io,rebecca@bsdio.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: aDo3qHcSaHoIBRjvfE3XtbZfx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240830 header.b=UNoGTmeX;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=none

I've been following=20
https://github.com/edk2-porting/edk2-rk3588/issues/69 to add Secure Boot=20
support, and found this page that has guidance from Microsoft:=20
https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/wind=
ows-secure-boot-key-creation-and-management-guidance?view=3Dwindows-11=20
.


Currently ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc supports 3 DB=20
files, but the Microsoft page appears to have 5 available for download?


Microsoft Windows Production PCA 2011

https://go.microsoft.com/fwlink/p/?linkid=3D321192

Windows UEFI CA 2023

https://go.microsoft.com/fwlink/?linkid=3D2239776

Microsoft Corporation UEFI CA 2011

https://go.microsoft.com/fwlink/p/?linkid=3D321194

Microsoft UEFI CA 2023

https://go.microsoft.com/fwlink/?linkid=3D2239872

Microsoft Option ROM UEFI CA 2023

https://go.microsoft.com/fwlink/?linkid=3D2284009


The RPi4 CI script=20
(https://github.com/pftf/RPi4/blob/master/.github/workflows/linux_edk2.yml#=
L50-L58)=20
downloads these 4:

curl -L https://go.microsoft.com/fwlink/?linkid=3D321192 -o keys/ms_db1.cer
curl -L https://go.microsoft.com/fwlink/?linkid=3D321194 -o keys/ms_db2.cer
curl -L https://go.microsoft.com/fwlink/?linkid=3D2239776 -o keys/ms_db3.ce=
r
curl -L https://go.microsoft.com/fwlink/?linkid=3D2239872 -o keys/ms_db4.ce=
r


Do we only want 3 of the available files, or are all of them relevant?


--=20
Rebecca Cran



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120715): https://edk2.groups.io/g/devel/message/120715
Mute This Topic: https://groups.io/mt/109402104/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-