From nobody Mon Feb  9 16:45:05 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+75651+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+75651+1787277+3901457@groups.io
ARC-Seal: i=1; a=rsa-sha256; t=1622031119; cv=none;
	d=zohomail.com; s=zohoarc;
	b=NIMtHIR72RD9hAv1pc7jH0zcWoT6skkUpouxLxRB10oSwYWT2WRiN0jv4cwUNGJrAEMIz+OJm0Jmcqi6lidBX67teldABDSx7BmcjPu1fXoKZKAM7SZdAQhsteuODAk+cYXv0p6rXnQCPSUxmVapaSiPuE3SpvwKQTtrUbpZSwo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1622031119;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=OtxtgTPFYu7qdc386ZlMuNUAiTBLSrRUYSN/BgQrMLk=;
	b=fRIwILstql4aafjP3b54kQ/ECGqExWwmbkOaY/YY+p0U0MvrbwNuokzFmi6rTgQsDQRgCx8KA3o1YMAPA8SSvqKeywtvNMAdGZtc2yMOMZZjo6Vv8onSb20RXly1AVHzX9N/35TjB9QhuajR9Q1+nob7FWwkUEZ2xM5zIZ+0bok=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+75651+1787277+3901457@groups.io
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1622031119521999.9753555656989;
 Wed, 26 May 2021 05:11:59 -0700 (PDT)
Return-Path: <bounce+27952+75651+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id fc10YY1788612xyiMPxY0kXj;
 Wed, 26 May 2021 05:11:59 -0700
X-Received: from mail-lf1-f50.google.com (mail-lf1-f50.google.com
 [209.85.167.50])
 by mx.groups.io with SMTP id smtpd.web12.5225.1622022160599736514
 for <devel@edk2.groups.io>;
 Wed, 26 May 2021 02:42:41 -0700
X-Received: by mail-lf1-f50.google.com with SMTP id q1so1589906lfo.3
        for <devel@edk2.groups.io>; Wed, 26 May 2021 02:42:40 -0700 (PDT)
X-Gm-Message-State: MRz4DHyp9FaAvb0YR2LPpRMFx1787277AA=
X-Google-Smtp-Source: 
 ABdhPJzRdtxBBhoAomeH8/qGJpHPk8ygUqz2tqeMYgH15wpYys+hEHvVxftdLqZJVw1++NNGSEJiCQ==
X-Received: by 2002:ac2:5faa:: with SMTP id s10mr1524132lfe.48.1622022158512;
        Wed, 26 May 2021 02:42:38 -0700 (PDT)
X-Received: from gilgamesh.lab.semihalf.net ([83.142.187.85])
        by smtp.gmail.com with ESMTPSA id
 y19sm2380268ljy.32.2021.05.26.02.42.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 26 May 2021 02:42:38 -0700 (PDT)
From: "Grzegorz Bernacki" <gjb@semihalf.com>
To: devel@edk2.groups.io
Cc: leif@nuviainc.com,
	ardb+tianocore@kernel.org,
	Samer.El-Haj-Mahmoud@arm.com,
	sunny.Wang@arm.com,
	gjb@semihalf.com,
	upstream@semihalf.com,
	jiewen.yao@intel.com,
	jian.j.wang@intel.com,
	min.m.xu@intel.com,
	lersek@redhat.com
Subject: [edk2-devel] [PATCH 2/6] SecurityPkg: Create include file for default
 key content.
Date: Wed, 26 May 2021 11:42:00 +0200
Message-Id: <20210526094204.73600-4-gjb@semihalf.com>
In-Reply-To: <20210526094204.73600-1-gjb@semihalf.com>
References: <20210526094204.73600-1-gjb@semihalf.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,gjb@semihalf.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1622031119;
 bh=bqCuL6TeiQ8xjNCdkpGYJZwvPDpTuOX/OqpHBT6bt3M=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=vnsntkUim5ItJeo/8TljJFTefHjssisK7buDdgwyY10RDlMBOD80aY7tMog4CggqMz4
 TrZDZ3Wgmqs2iiAFGgq9gPKZhkBVi2hatZriNJppB06oJ6WYiJgVbNEqrTvBNBmJmsQ64
 Zk+6Z53pyVmO9nskiT+zNr9o5R0Yvnw+e98=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

This commits add file which can be included by platform Flash
Description File. It allows to specify certificate files, which
will be embedded into binary file. The content of these files
can be used to initialize Secure Boot default keys and databases.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
---
 SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc

diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc b/SecurityPkg/Secure=
BootDefaultKeys.fdf.inc
new file mode 100644
index 0000000000..056586b204
--- /dev/null
+++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
@@ -0,0 +1,62 @@
+
+!if $(DEFAULT_KEYS) =3D=3D TRUE
+  FILE FREEFORM =3D 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
+  !ifdef $(PK_DEFAULT_FILE)
+    SECTION RAW =3D $(PK_DEFAULT_FILE)
+  !endif
+    SECTION UI =3D "PK Default"
+  }
+
+  FILE FREEFORM =3D 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
+  !ifdef $(KEK_DEFAULT_FILE1)
+    SECTION RAW =3D $(KEK_DEFAULT_FILE1)
+  !endif
+  !ifdef $(KEK_DEFAULT_FILE2)
+    SECTION RAW =3D $(KEK_DEFAULT_FILE2)
+  !endif
+  !ifdef $(KEK_DEFAULT_FILE3)
+    SECTION RAW =3D $(KEK_DEFAULT_FILE3)
+  !endif
+    SECTION UI =3D "KEK Default"
+  }
+
+  FILE FREEFORM =3D c491d352-7623-4843-accc-2791a7574421 {
+  !ifdef $(DB_DEFAULT_FILE1)
+    SECTION RAW =3D $(DB_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DB_DEFAULT_FILE2)
+    SECTION RAW =3D $(DB_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DB_DEFAULT_FILE3)
+    SECTION RAW =3D $(DB_DEFAULT_FILE3)
+  !endif
+    SECTION UI =3D "DB Default"
+  }
+
+  FILE FREEFORM =3D 36c513ee-a338-4976-a0fb-6ddba3dafe87 {
+  !ifdef $(DBT_DEFAULT_FILE1)
+    SECTION RAW =3D $(DBT_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DBT_DEFAULT_FILE2)
+    SECTION RAW =3D $(DBT_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DBT_DEFAULT_FILE3)
+    SECTION RAW =3D $(DBT_DEFAULT_FILE3)
+  !endif
+    SECTION UI =3D "DBT Default"
+  }
+
+  FILE FREEFORM =3D 5740766a-718e-4dc0-9935-c36f7d3f884f {
+  !ifdef $(DBX_DEFAULT_FILE1)
+    SECTION RAW =3D $(DBX_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DBX_DEFAULT_FILE2)
+    SECTION RAW =3D $(DBX_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DBX_DEFAULT_FILE3)
+    SECTION RAW =3D $(DBX_DEFAULT_FILE3)
+  !endif
+    SECTION UI =3D "DBX Default"
+  }
+
+!endif
--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#75651): https://edk2.groups.io/g/devel/message/75651
Mute This Topic: https://groups.io/mt/83098883/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-