From nobody Fri Nov  1 10:25:49 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1516856036225314.6060432425393;
 Wed, 24 Jan 2018 20:53:56 -0800 (PST)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 348182034A8B2;
	Wed, 24 Jan 2018 20:48:26 -0800 (PST)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 1635E21E25686
 for <edk2-devel@lists.01.org>; Wed, 24 Jan 2018 20:48:24 -0800 (PST)
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 24 Jan 2018 20:53:53 -0800
Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.90])
 by orsmga005.jf.intel.com with ESMTP; 24 Jan 2018 20:53:52 -0800
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.93; helo=mga11.intel.com;
 envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,409,1511856000"; d="scan'208";a="196103067"
From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: edk2-devel@lists.01.org
Date: Thu, 25 Jan 2018 12:53:47 +0800
Message-Id: <20180125045350.22372-1-chao.b.zhang@intel.com>
X-Mailer: git-send-email 2.11.0.windows.1
Subject: [edk2] [PATCH] Enable RSA2048SHA256 to replace CCG SignedSection
 solution
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

---
 KabylakePlatSamplePkg/PlatformPkg.dsc       | 13 +++++++++--
 KabylakePlatSamplePkg/PlatformPkg.fdf       | 36 +++++++++++++++----------=
----
 KabylakePlatSamplePkg/PlatformPkgConfig.dsc |  2 +-
 3 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/KabylakePlatSamplePkg/PlatformPkg.dsc b/KabylakePlatSamplePkg/=
PlatformPkg.dsc
index fb085b9..125e018 100644
--- a/KabylakePlatSamplePkg/PlatformPkg.dsc
+++ b/KabylakePlatSamplePkg/PlatformPkg.dsc
@@ -1114,6 +1114,8 @@ gPlatformModuleTokenSpaceGuid.PcdWsmtProtectionFlags|=
0x07
=20
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMsegSize|0x8c0000
=20
+gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29,=
 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x=
4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73,=
 0x96, 0xa2, 0xd4, 0xa6, 0x4d}
+
 [PcdsFixedAtBuild.IA32]
 !if gPlatformModuleTokenSpaceGuid.PcdFspWrapperEnable =3D=3D TRUE
   gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0
@@ -1445,6 +1447,11 @@ gPlatformModuleTokenSpaceGuid.PcdWsmtProtectionFlags=
|0x07
     <LibraryClasses>
       NULL|$(CLIENT_COMMON_PACKAGE)/Library/PeiSignedSectionVerificationLi=
b/PeiSignedSectionVerificationLib.inf
   }
+ =20
+  MdeModulePkg/Universal/SectionExtractionPei/SectionExtractionPei.inf {
+  <LibraryClasses>
+    NULL|SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib\PeiRs=
a2048Sha256GuidedSectionExtractLib.inf
+  }
 !endif
=20
 !if gSiPkgTokenSpaceGuid.PcdS3Enable =3D=3D TRUE
@@ -1575,7 +1582,8 @@ $(CLIENT_COMMON_PACKAGE)/Universal/DebugServicePei/De=
bugServicePei.inf {
       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80080046
     <LibraryClasses>
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable =3D=3D TRUE
-      NULL|$(CLIENT_COMMON_PACKAGE)/Library/DxeSignedSectionVerificationLi=
b/DxeSignedSectionVerificationLib.inf
+    # NULL|$(CLIENT_COMMON_PACKAGE)/Library/DxeSignedSectionVerificationLi=
b/DxeSignedSectionVerificationLib.inf
+      NULL|SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib\Dxe=
Rsa2048Sha256GuidedSectionExtractLib.inf
 !endif
 !if gPlatformModuleTokenSpaceGuid.PcdDxeCrc32SectionEnable =3D=3D TRUE
       NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32Gu=
idedSectionExtractLib.inf
@@ -1600,7 +1608,8 @@ $(CLIENT_COMMON_PACKAGE)/Universal/DebugServicePei/De=
bugServicePei.inf {
       gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable|FALSE
     <LibraryClasses>
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable =3D=3D TRUE
-      NULL|$(CLIENT_COMMON_PACKAGE)/Library/DxeSignedSectionVerificationLi=
b/DxeSignedSectionVerificationLib.inf
+      #NULL|$(CLIENT_COMMON_PACKAGE)/Library/DxeSignedSectionVerificationL=
ib/DxeSignedSectionVerificationLib.inf
+      NULL|SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib\Dxe=
Rsa2048Sha256GuidedSectionExtractLib.inf
 !endif
 !if gPlatformModuleTokenSpaceGuid.PcdDxeCrc32SectionEnable =3D=3D TRUE
       NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32Gu=
idedSectionExtractLib.inf
diff --git a/KabylakePlatSamplePkg/PlatformPkg.fdf b/KabylakePlatSamplePkg/=
PlatformPkg.fdf
index d2e8ee3..9d3fa5d 100644
--- a/KabylakePlatSamplePkg/PlatformPkg.fdf
+++ b/KabylakePlatSamplePkg/PlatformPkg.fdf
@@ -406,7 +406,7 @@ INF  $(PLATFORM_FEATURES_PATH)/Amt/AmtStatusCodePei/Amt=
StatusCodePei.inf
=20
 INF $(PLATFORM_PACKAGE)/BiosInfo/BiosInfo.inf # AdvancedFeaturesContent
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable =3D=3D TRUE
-INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/BiosI=
nfoChecker/BiosInfoChecker.inf
+#INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/Bios=
InfoChecker/BiosInfoChecker.inf
 !endif
=20
 !if gSiPkgTokenSpaceGuid.PcdSleEnable =3D=3D FALSE
@@ -462,12 +462,13 @@ INF $(PLATFORM_PACKAGE)/Platform/MsegSmramPei/MsegSmr=
amPei.inf
 INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
=20
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable =3D=3D TRUE
-INF $(CLIENT_COMMON_PACKAGE)/Universal/SignedSectionPei/SignedSectionPei.i=
nf
-!if gPlatformModuleTokenSpaceGuid.PcdPubKeyHashBinEnable =3D=3D TRUE
-FILE RAW =3D 31C17ABE-6071-435e-BAA4-0B8A8C3649F3 {
-    $(PLATFORM_PACKAGE)/Tools/ToolScripts/SignFv/pubkeyhash.bin
-  }
-!endif # PcdPubKeyHashBinEnable
+INF MdeModulePkg/Universal/SectionExtractionPei/SectionExtractionPei.inf
+#INF $(CLIENT_COMMON_PACKAGE)/Universal/SignedSectionPei/SignedSectionPei.=
inf
+#!if gPlatformModuleTokenSpaceGuid.PcdPubKeyHashBinEnable =3D=3D TRUE
+#FILE RAW =3D 31C17ABE-6071-435e-BAA4-0B8A8C3649F3 {
+#    $(PLATFORM_PACKAGE)/Tools/ToolScripts/SignFv/pubkeyhash.bin
+#  }
+#!endif # PcdPubKeyHashBinEnable
 !endif # PcdSecureBootEnable
=20
 !if gPlatformModuleTokenSpaceGuid.PcdTpmEnable =3D=3D TRUE
@@ -604,7 +605,7 @@ APRIORI PEI {
 !endif
=20
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable =3D=3D TRUE
-  INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/Bio=
sInfoChecker/BiosInfoChecker.inf  # RPPO-SKL-0031: RoyalParkOverrideContent
+  #INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/Bi=
osInfoChecker/BiosInfoChecker.inf  # RPPO-SKL-0031: RoyalParkOverrideContent
 !endif
   INF  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 !endif
@@ -619,7 +620,7 @@ INF  $(PLATFORM_FEATURES_PATH)/Amt/AmtStatusCodePei/Amt=
StatusCodePei.inf
=20
 INF $(PLATFORM_PACKAGE)/BiosInfo/BiosInfo.inf
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable =3D=3D TRUE
-INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/BiosI=
nfoChecker/BiosInfoChecker.inf
+#INF  $(PLATFORM_PACKAGE)/Override/$(CLIENT_COMMON_PACKAGE)/Universal/Bios=
InfoChecker/BiosInfoChecker.inf
 !endif
=20
 !if gSiPkgTokenSpaceGuid.PcdSleEnable =3D=3D TRUE
@@ -692,12 +693,13 @@ INF $(PLATFORM_FEATURES_PATH)/OverClocking/OverClockI=
nit/PeiOverClock.inf
=20
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable =3D=3D TRUE
 # ROYAL_PARK_PORTING - Porting Required
-INF RuleOverride =3D LzmaCompress $(CLIENT_COMMON_PACKAGE)/Universal/Signe=
dSectionPei/SignedSectionPei.inf
-!if gPlatformModuleTokenSpaceGuid.PcdPubKeyHashBinEnable =3D=3D TRUE
-FILE RAW =3D 31C17ABE-6071-435e-BAA4-0B8A8C3649F3 {
-    $(PLATFORM_PACKAGE)/Tools/ToolScripts/SignFv/pubkeyhash.bin
-  }
-!endif
+INF MdeModulePkg/Universal/SectionExtractionPei/SectionExtractionPei.inf
+#INF RuleOverride =3D LzmaCompress $(CLIENT_COMMON_PACKAGE)/Universal/Sign=
edSectionPei/SignedSectionPei.inf
+#!if gPlatformModuleTokenSpaceGuid.PcdPubKeyHashBinEnable =3D=3D TRUE
+#FILE RAW =3D 31C17ABE-6071-435e-BAA4-0B8A8C3649F3 {
+#    $(PLATFORM_PACKAGE)/Tools/ToolScripts/SignFv/pubkeyhash.bin
+#  }
+#!endif
 !endif
=20
 !if gSiPkgTokenSpaceGuid.PcdSvBuild =3D=3D TRUE
@@ -1174,7 +1176,7 @@ READ_LOCK_STATUS   =3D TRUE
 FILE FV_IMAGE =3D 4E35FD93-9C72-4c15-8C4B-E77F1DB2D792 {
 !if gPlatformModuleTokenSpaceGuid.PcdLzmaEnable =3D=3D TRUE
   !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable =3D=3D TRUE
-    SECTION GUIDED 0f9d89e8-9259-4f76-a5af-0c89e34023df PROCESSING_REQUIRE=
D =3D TRUE {
+    SECTION GUIDED A7717414-C616-4977-9420-844712A735BF AUTH_STATUS_VALID =
=3D TRUE {
       SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUI=
RED =3D TRUE {
         SECTION FV_IMAGE =3D FVMAIN2
       }
@@ -2497,7 +2499,7 @@ READ_LOCK_STATUS   =3D TRUE
 FILE FV_IMAGE =3D 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
 !if gPlatformModuleTokenSpaceGuid.PcdLzmaEnable =3D=3D TRUE
 !if gPlatformModuleTokenSpaceGuid.PcdSecureBootEnable =3D=3D TRUE
-  SECTION GUIDED 0f9d89e8-9259-4f76-a5af-0c89e34023df PROCESSING_REQUIRED =
=3D TRUE {
+  SECTION GUIDED A7717414-C616-4977-9420-844712A735BF AUTH_STATUS_VALID =
=3D TRUE {
        SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQU=
IRED =3D TRUE {
           SECTION FV_IMAGE =3D FVMAIN
        }
diff --git a/KabylakePlatSamplePkg/PlatformPkgConfig.dsc b/KabylakePlatSamp=
lePkg/PlatformPkgConfig.dsc
index fd2d368..755e66c 100644
--- a/KabylakePlatSamplePkg/PlatformPkgConfig.dsc
+++ b/KabylakePlatSamplePkg/PlatformPkgConfig.dsc
@@ -117,7 +117,7 @@
   gPlatformModuleTokenSpaceGuid.PcdNvmeEnable|TRUE
   gSiPkgTokenSpaceGuid.PcdOverclockEnable|TRUE
   gPlatformModuleTokenSpaceGuid.PcdPciHotplugEnable|TRUE
-  gPlatformModuleTokenSpaceGuid.PcdPerformanceEnable|FALSE
+  gPlatformModuleTokenSpaceGuid.PcdPerformanceEnable|TRUE
   gPlatformModuleTokenSpaceGuid.PcdIntelFpdtEnable|FALSE
   gPlatformModuleTokenSpaceGuid.PcdPostCodeStatusCodeEnable|TRUE
   gSiPkgTokenSpaceGuid.PcdPowerOnEnable|FALSE             # SI:RestrictedC=
ontent
--=20
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel