On 05/26/21 11:41, Grzegorz Bernacki wrote:
> This patchset adds support for initialization of default
> Secure Boot variables based on keys content embedded in
> flash binary. This feature is active only if Secure Boot
> is enabled and DEFAULT_KEY is defined. The patchset
> consist also application to enroll keys from default
> variables and secure boot menu change to allow user
> to reset key content to default values.
> Discussion on design can be found at:
> https://edk2.groups.io/g/rfc/topic/82139806#600
>
> I also added patch for RPi4 which enables this feature for
> that platform.
Thanks for the CC -- but my plate is overflowing; I won't be reviewing
this SecurityPkg patch set.
Thanks
laszlo
>
> Grzegorz Bernacki (6):
> [edk2]
> SecurityPkg: Create library for setting Secure Boot variables.
> SecurityPkg: Create include file for default key content.
> SecurityPkg: Add SecBootDefaultKeysDxe driver
> SecurityPkg: Add SecEnrollDefaultKeys application.
> SecurityPkg: Add new modules to Security package.
> SecurityPkg: Add option to reset secure boot keys.
>
> [edk2-platforms]
> Platform/RaspberryPi: Enable default Secure Boot variables initialization
>
> SecurityPkg/SecurityPkg.dec | 14 +
> SecurityPkg/SecurityPkg.dsc | 5 +
> SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.inf | 79 ++
> SecurityPkg/SecEnrollDefaultKeysApp/SecEnrollDefaultKeysApp.inf | 48 +
> SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.inf | 46 +
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf | 2 +
> SecurityPkg/Include/Library/SecBootVariableLib.h | 252 +++++
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h | 2 +
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr | 6 +
> SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.c | 979 ++++++++++++++++++++
> SecurityPkg/SecEnrollDefaultKeysApp/SecEnrollDefaultKeysApp.c | 108 +++
> SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.c | 69 ++
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 343 ++++---
> SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.uni | 16 +
> SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++
> SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.uni | 17 +
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni | 4 +
> 17 files changed, 1864 insertions(+), 188 deletions(-)
> create mode 100644 SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.inf
> create mode 100644 SecurityPkg/SecEnrollDefaultKeysApp/SecEnrollDefaultKeysApp.inf
> create mode 100644 SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.inf
> create mode 100644 SecurityPkg/Include/Library/SecBootVariableLib.h
> create mode 100644 SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.c
> create mode 100644 SecurityPkg/SecEnrollDefaultKeysApp/SecEnrollDefaultKeysApp.c
> create mode 100644 SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.c
> create mode 100644 SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.uni
> create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc
> create mode 100644 SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.uni
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#75648): https://edk2.groups.io/g/devel/message/75648
Mute This Topic: https://groups.io/mt/83098443/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-