From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id CA7DF740038 for ; Wed, 5 Jun 2024 04:10:18 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=1ubzLeS/sCokzwN4pI85pShRcUk6z9kH8LDDZWc6nG0=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:User-Agent:Subject:To:Cc:References:From:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1717560618; v=1; b=QZCyk+gi2l9QRaDOXOeDdyeqz+gjc+XEZiOJXp8sXYgUv0JBvEl4Di86Rt78fnqBUhzpQfnc MVTyC8Ukp66j4ijXz69sOLoi1hD06zz5okW43wQBoUf4pF90iRCZsXQMwGLrVaBIf0FNT8c2a/k SuuYqkBS6Nr/MJAf8LHZdff16AsmwZ0KHKaQnxzNQ1NsHOVPQxwvs+5IJ0nr2ouZOfvBPXXOQBU 2321zQFh6BEEHRiH44N972lUIuVDe6pD7ojvbVGtqfnDxVp1aCXabwH6tJtPrNo+rtXF6G3luNG ZfjcwUTWc+AqgSE1Ii71Xuc+GNLRi0Z8Ptac90lY2cXgw== X-Received: by 127.0.0.2 with SMTP id 7Bx2YY7687511xrtEQv2Crxj; Tue, 04 Jun 2024 21:10:17 -0700 X-Received: from NAM02-BN1-obe.outbound.protection.outlook.com (NAM02-BN1-obe.outbound.protection.outlook.com [40.107.212.137]) by mx.groups.io with SMTP id smtpd.web11.6890.1717560611577063204 for ; Tue, 04 Jun 2024 21:10:11 -0700 X-Received: from LV3PR01MB8464.prod.exchangelabs.com (2603:10b6:408:1a3::7) by DM8PR01MB7046.prod.exchangelabs.com (2603:10b6:8:1b::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.30; Wed, 5 Jun 2024 04:10:05 +0000 X-Received: from LV3PR01MB8464.prod.exchangelabs.com ([fe80::74dd:8ddd:b9c2:8d2d]) by LV3PR01MB8464.prod.exchangelabs.com ([fe80::74dd:8ddd:b9c2:8d2d%4]) with mapi id 15.20.7633.021; Wed, 5 Jun 2024 04:10:05 +0000 Message-ID: Date: Tue, 4 Jun 2024 22:10:00 -0600 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [edk2-platforms][PATCH 1/1] Ampere/JadePkg: Add secure boot default keys initialization To: Nhi Pham , devel@edk2.groups.io Cc: quic_llindhol@quicinc.com, chuong@os.amperecomputing.com References: <20240605005752.818401-1-nhi@os.amperecomputing.com> From: "Rebecca Cran via groups.io" In-Reply-To: <20240605005752.818401-1-nhi@os.amperecomputing.com> X-ClientProxiedBy: SJ0PR05CA0208.namprd05.prod.outlook.com (2603:10b6:a03:330::33) To LV3PR01MB8464.prod.exchangelabs.com (2603:10b6:408:1a3::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: LV3PR01MB8464:EE_|DM8PR01MB7046:EE_ X-MS-Office365-Filtering-Correlation-Id: 02b4f73a-d2be-40fa-ca42-08dc85156107 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: =?utf-8?B?azBoLzg2eUV6MVl0TndaWWlLeVI0V3g4bVo1cjBXSlRZQldwVTN1RE5hU1Qx?= =?utf-8?B?SUhkbE16aWpzZFhEUzBOcFM1R0tvdkdBc0V0K1lpMmdxZVdaMEorSkJnWGJZ?= =?utf-8?B?S0lCWjVXMndESWphWmhHaW5seVlhRnEwK2V5WmFJczhnbnRzUkpQMk9DVUFi?= =?utf-8?B?cm95c0xGVmZYOE42cFVubDNCRFgxMlVLbEFScEF2b0RUZTBMV0NlN2FLdkRJ?= =?utf-8?B?STZhU1VVeWtFZU1BY0J4VUt1QzMxVTYrSXlzMWVLaXlJQzNjdDM5anU2R0x1?= =?utf-8?B?MmNUejIyNnFqR3RSM01mOS9tNi9MOG1zS0V0UTN0WkU4UnRZRnBsV3dPQmxM?= =?utf-8?B?eUJ0YWUzbnQ0WWprTEk1dXBGL21XY0tNWE9vbTFrdzJoU2hoSmQ2elRBdFpN?= =?utf-8?B?N3V2WjhEOXl1alZpc2VYa1A0eVpHeWlxRk9DeUJCK0J5eldPbGNJV0JqTXpZ?= =?utf-8?B?Vjk2c25vUjVyWUFMWTlxZXA1VklrUFlZVW1wbXZoWVNBSk1ZRmhhSHovRmpV?= =?utf-8?B?TktaRlBsdGt2YlZGcUJwK2hNblhqNjRNK1k1UGh2NlEySmxhWjE0ZDRNRjBm?= =?utf-8?B?WTZrWVFvODJ0TDFUK2pTTHVXTjBpN1ZkOFBJVExkcmh2cUdjYS9WVVJxbGdD?= =?utf-8?B?SmYzbGlxbmY4RmZFWFhLb0tTUThGMXlMRzRNUkdabDF3b3h3dzA5SXh0WUYw?= =?utf-8?B?T1hBQUZBT0Z4Yk5NRnkxMXNkbHhwM1FRK0JFV0hITkFCZEgyVy8yUWVLcmJt?= =?utf-8?B?TTc2ZkpDVEVoa0JxREpVbnJiWTN0akcxZE5EUUJhMStwKzRsS1ZEblRBb0ZF?= =?utf-8?B?Y1BzOE1Qc2ZxNEdiZFBmWmM4bzFiS2FJWnduVmd1cXV1Z0dZWnRXSnRqT0h4?= =?utf-8?B?SXZIOXhOeURvLzJlbE9IanZJZmt1Wm5DK3gvNkg5RzI2UW9yUEVSNFJ4bVI1?= =?utf-8?B?S01qWlFkTzFZSCtOMURpTDRyZXA5eWRZQnBWRTdHai9KbnFFWlpVV3RJL3FJ?= =?utf-8?B?V201YS9RME1GbFB3LzNsVWdzNXZwVGxBbGNLVWhLbnYzd2F4NUdpRkdCbnZt?= =?utf-8?B?MXhxaWJiVFNDV3UyOUtzRnBhNU5CeXlCckpUVC9aOWhpSldRenppekJwamtj?= =?utf-8?B?WjFHdFdSNndlUjdPNkFSdDJjZW8rOERuMUVUWUNzTUxnSFlkZmJJd2MyMlpm?= =?utf-8?B?dWJQTEZkNk1PL081RnNsOWUyZ3hLNXB1VnJoSHB3cVo1L2hlaThydC9vSHlH?= =?utf-8?B?WTM5MUpJL3ZXTDcvMmx3dlJLMjdmUGtxQzk0UTM3SW5DRmdZRkxvbVJmK1pI?= =?utf-8?B?NDErR0E1STVsUjFhMWdKcHk5QlpCdWdjSFQ0Z2tNZTZlRXBhQm9GeFg3RlZY?= =?utf-8?B?SkU4OThLcDVKMWRMbU8zMWRzZHBpMmpkcHdZRVRhVGxjQU5lQ3JhODZJelJ1?= =?utf-8?B?OHVIZHB3aWlCMnZCRnVYOUlVbkJJUlR5TVpndmRtNFp6V2wralRTSUd6MWdP?= =?utf-8?B?dEcrVUpwWDJRaHBCd1E4ZDZKMkxFWHAxQ2JGaDgrMEdVamlQRERQQmRhRlcz?= =?utf-8?B?cG0yYndLMkJXN2tJajgzMnFsRGJjQmpVaHZLTmJKaE1HTmtHZUw1OFp3NnFx?= =?utf-8?B?TGsxemhjZllPa2NnR01FZzBZR09tcTdSTHZCRU5oT1NDbFVhUWRtWVFkaDVx?= =?utf-8?B?eEVXOVZ4ZnEvdFA1V3BUM2lVbVB6ek4wQWVmV2R2anNhWUtzZjF1TWVBPT0=?= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?em5iT2VMd3lYZC9ueEd3NXVUbldoS2FudFJTMjl6RjZvaWcvSGpTZlNRNFNZ?= =?utf-8?B?SnFpQVl6NVB5OHExWUt6cUdXZVZTQW9haGh1bU55TnV2S0FoUndVc3dXV29S?= =?utf-8?B?amVIc0pWcXNHVEFkUytaT3dnUFN1bHlIY0tqVGs2dldMZ2hWYVpra2xuSTV0?= =?utf-8?B?S3JXNml6Z0Rvd01RNTBHdGxSc3hUWWo3ZTQwd1pMa0I1M3ZNMlJSREFlSmNC?= =?utf-8?B?cEJNWUtQTml0bnZUYXJrdHN2RXdlK0JJb3lkeDhiTzRXSUVwYlpocjZBSlhQ?= =?utf-8?B?VDBwQ01tR2dOTmlNUENpME42aGg5U1pTVldHZDFzb3dpVVFWOTQyV2UvWTRQ?= =?utf-8?B?NDdZUWZDMHc5aCthMDN4aHBDMFRic1kwVWxVN080N05vbmZWcERXcXoxUlRN?= =?utf-8?B?NXFJNHAvMkI3T0xmK0Z2ZmZnSEZhQ1R2ekRSL1pUT0VGTzdaUWRPOFRobm1Z?= =?utf-8?B?ai93ZTI3MkQ0YmpFNzFLUkh3bTE3SDc4SS8ycDYzN0FFMDBFRVJtQ014bHp3?= =?utf-8?B?dkYyV3cyV21MbTRrY1liM1hsUG5EcWtYK0ljVUUrWjVFVUFwZjZPM3YvYWEv?= =?utf-8?B?bUJXanpEVUZ4cEgxRVVJYkNTcUJZdUhMeEZPUFZQR25yRVZmaExJcnFwc3Zk?= =?utf-8?B?S3Y4bWJYTFRtcHVvZFVmRlE2cFBOeDJQQVFhbjl4a3V1VWNhSDJUSUdGd053?= =?utf-8?B?V1Q0MTdjUEZJbjhEUndsK0xUZm1PRENZanRGczIxcjRCV2tXbnRYLy9kOTFy?= =?utf-8?B?blBUTVR3TkJZV1pnaktMYWZEQndEZGRYbFFQdUxOd1B2SUQzMi8zWlRodkZF?= =?utf-8?B?VU91L2h5WFl2T2lLalhwKzd0M2cxV09iTXNDdTNtaC9idW1ReXl5Vnp5K3BG?= =?utf-8?B?UmpUMzhBeEZTY3BsRTlwV29wQzY4L2RCUkV0UzZyWUlyY1JXZWNLV0NtSTFk?= =?utf-8?B?UFJRM0o5SU9BWjJST0pJcUQ2b3FVWWZQM2pXNUNpd24rbWNiU3ZmWkhLWHRQ?= =?utf-8?B?azhvVXppRFAxdThrcW53U2JjQ3VSUTFiR05YR1dBczNVQnF5RkN5Z096eGR0?= =?utf-8?B?emoySjN3S3RrcjU1NjBvZCtCajNOWVIvbE9vY3BMQTltbTRlRWtWRmUydEhK?= =?utf-8?B?dFQvT1h6NmFGaUZPMm9xOCt4MHV3R2RYcE1DeGEwQWdPUTNZbEE4MkErT3FC?= =?utf-8?B?bDBjbFBURTRzYWhScGY5TnpaTGptV3NTekx6Slg4RG43cEphZDNpZjBsWWNC?= =?utf-8?B?TERDelpUNzI3enJCMUJhQWhUZWtGTk9ybUhETGZEa05PUGFKTHUxOVgrM2Iw?= =?utf-8?B?TGw5SEduRUY0QWZIK1RBY3BBTmNZQXlmdnFXZjlYUlhuS1NUR2JBU1l1N2pZ?= =?utf-8?B?MmlVTGpZQjRuMkZJZzIwbkpGb2ZxQW5uMWlMbmVna2pyODhOdGNaWUw1d0JP?= =?utf-8?B?cHlWWkR5bm4wWVk0aWQ5cEpERkVFRnVzQ2s0Z1E5WGhnTmhlTTExa1lMUWVW?= =?utf-8?B?aWtNZi9pNm9ab1dEczBtQ2pnWU12ZlJMMXMvREhYSXlBTlhjSWQ1aFRIdmZz?= =?utf-8?B?ZFN5eFRMTHF2RWVpWm4yREJFOENzZmxLdUFjclp2SXY0Tmg1bUEvSitCYlA4?= =?utf-8?B?Yy9EdDRwU3FnT0g1eE9oTzNheHF1TWxqTWdZL2FvMVJObW5NMFhpYW85ODdv?= =?utf-8?B?QmkxdFM0dkxzSGp2SmZrTG42UXArMjY5VFgwSWM2bzYzdE9vY3pjM05hTnVi?= =?utf-8?B?VjY5SDFrV2xRY3EyNyt6R3NWdm9IaTZZV0xBcHNOaVhNcHdnejAyZXJlaEFK?= =?utf-8?B?QkIxdGpNYW45M2JSZ0tmZlh6MHdGM3pRaS9UbThoNEEyMURRd25UdHZIV3l6?= =?utf-8?B?WHdFd21uQ2RVb2wzQ1JrYURNV0hKc3RMTTgzM0x2NmV4VmdnRk1Kd3htQXVB?= =?utf-8?B?R0NGRUFiSDhudjlYdC9ITXFLWXhtLy9ZcUVmUXNvZFlaYnpLSmtDQ2M1bVJi?= =?utf-8?B?SmVacTgxUkxjandjT21pRVd0Z1hEU3owek5lVlc0WGZuaUg5SklYcm9ZbTlx?= =?utf-8?B?TTdhZmk4cWNEZmFuZkl2VVh0aWR2emJHSU9aeDA0QzdJRnZ2ZGVCOGJVVzVU?= =?utf-8?B?eVhhU3d6L29BRDY3bDJzSWRWWkxmRFZiN1ZzT3pQMzR1YVZNd243b0pkMktt?= =?utf-8?Q?P41lYlfi41XMIc10YWE8bCw=3D?= X-OriginatorOrg: os.amperecomputing.com X-MS-Exchange-CrossTenant-Network-Message-Id: 02b4f73a-d2be-40fa-ca42-08dc85156107 X-MS-Exchange-CrossTenant-AuthSource: LV3PR01MB8464.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jun 2024 04:10:05.0182 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3bc2b170-fd94-476d-b0ce-4229bdc904a7 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Gb4wJ2QMZ8yto8ORWNxcuxMmrOlP3zhf7qEADCXdp7XaXMEpC2ifbok0aTYl5bw+TFDQtIU6ouUqgUXqu0vJqEdw5GO1c+sLE4L1wquro4zXhZf+b0rMGVirXHFhPl+R X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR01MB7046 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 04 Jun 2024 21:10:11 -0700 Resent-From: rebecca@os.amperecomputing.com Reply-To: devel@edk2.groups.io,rebecca@os.amperecomputing.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: MbfGrVBJgrFmBw23lhdyuuoIx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=QZCyk+gi; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Rebecca Cran --=20 Rebecca Cran On 6/4/2024 6:57 PM, Nhi Pham wrote: > This allows to initialize secure boot with the default factory keys > embedded in firmware flash image. > > For example, to incorporate PK, KEK, and DB default keys, specify the > corresponding key files in the Jade.dsc as follows: > > DEFINE DEFAULT_KEYS =3D TRUE > DEFINE PK_DEFAULT_FILE =3D path/to/PK.crt > DEFINE KEK_DEFAULT_FILE1 =3D path/to/KEK.crt > DEFINE DB_DEFAULT_FILE1 =3D path/to/DB1.crt > DEFINE DB_DEFAULT_FILE2 =3D path/to/DB2.crt > > Signed-off-by: Nhi Pham > --- > Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc | 2 ++ > Platform/Ampere/JadePkg/Jade.fdf | 2 ++ > 2 files changed, 4 insertions(+) > > diff --git a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc b/Silic= on/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc > index 23579497661d..93b4d1d99dcd 100644 > --- a/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc > +++ b/Silicon/Ampere/AmpereAltraPkg/AmpereAltraPkg.dsc.inc > @@ -590,6 +590,8 @@ [Components.common] > =20 > !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gDxe.inf > + SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD= efaultKeysDxe.inf > !endif > MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRun= timeDxe.inf > diff --git a/Platform/Ampere/JadePkg/Jade.fdf b/Platform/Ampere/JadePkg/J= ade.fdf > index 7795f0e11115..1e2df5ba6142 100644 > --- a/Platform/Ampere/JadePkg/Jade.fdf > +++ b/Platform/Ampere/JadePkg/Jade.fdf > @@ -219,7 +219,9 @@ [FV.FvMain] > INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf > INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE > +!include ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootC= onfigDxe.inf > + INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB= ootDefaultKeysDxe.inf > !endif > INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounte= rRuntimeDxe.inf > INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119465): https://edk2.groups.io/g/devel/message/119465 Mute This Topic: https://groups.io/mt/106495161/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-