SecurityPkg/SecurityPkg.dec | 14 + SecurityPkg/SecurityPkg.dsc | 5 + SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf | 47 + SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf | 79 ++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf | 2 + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf | 46 + SecurityPkg/Include/Library/SecureBootVariableLib.h | 252 +++++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h | 2 + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr | 6 + SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c | 107 +++ SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c | 979 ++++++++++++++++++++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 343 ++++--- SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c | 69 ++ SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni | 16 + SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni | 4 + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.uni | 17 + 17 files changed, 1862 insertions(+), 188 deletions(-) create mode 100644 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf create mode 100644 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h create mode 100644 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c create mode 100644 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c create mode 100644 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.uni
This patchset adds support for initialization of default Secure Boot variables based on keys content embedded in flash binary. This feature is active only if Secure Boot is enabled and DEFAULT_KEY is defined. The patchset consist also application to enroll keys from default variables and secure boot menu change to allow user to reset key content to default values. Discussion on design can be found at: https://edk2.groups.io/g/rfc/topic/82139806#600 I also added patch for RPi4 which enables this feature for that platform. Changes since v1: - change names: SecBootVariableLib => SecureBootVariableLib SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp - change name of function CheckSetupMode to GetSetupMode - remove ShellPkg dependecy from EnrollFromDefaultKeysApp - rebase to master Grzegorz Bernacki (6): [edk2] SecurityPkg: Create library for setting Secure Boot variables. SecurityPkg: Create include file for default key content. SecurityPkg: Add SecureBootDefaultKeysDxe driver SecurityPkg: Add EnrollFromDefaultKeys application. SecurityPkg: Add new modules to Security package. SecurityPkg: Add option to reset secure boot keys. [edk2-platform] Platform/RaspberryPi: Enable default Secure Boot variables initialization SecurityPkg/SecurityPkg.dec | 14 + SecurityPkg/SecurityPkg.dsc | 5 + SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf | 47 + SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf | 79 ++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf | 2 + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf | 46 + SecurityPkg/Include/Library/SecureBootVariableLib.h | 252 +++++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h | 2 + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr | 6 + SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c | 107 +++ SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c | 979 ++++++++++++++++++++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 343 ++++--- SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c | 69 ++ SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni | 16 + SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni | 4 + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.uni | 17 + 17 files changed, 1862 insertions(+), 188 deletions(-) create mode 100644 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf create mode 100644 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h create mode 100644 SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c create mode 100644 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c create mode 100644 SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc create mode 100644 SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.uni -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75900): https://edk2.groups.io/g/devel/message/75900 Mute This Topic: https://groups.io/mt/83232291/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Grzegorz Have you built this feature with different tool chains, such as VS2017/VS2019/GCC5? And test it in IA32/X64/AARCH64? Would you post your test result in the mail? Thanks much! > -----Original Message----- > From: Grzegorz Bernacki <gjb@semihalf.com> > Sent: Tuesday, June 1, 2021 9:12 PM > To: devel@edk2.groups.io > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj- > Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com; > upstream@semihalf.com; Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; > lersek@redhat.com; Grzegorz Bernacki <gjb@semihalf.com> > Subject: [PATCH v2 0/6] Secure Boot default keys > > This patchset adds support for initialization of default Secure Boot variables > based on keys content embedded in flash binary. This feature is active only if > Secure Boot is enabled and DEFAULT_KEY is defined. The patchset consist > also application to enroll keys from default variables and secure boot menu > change to allow user to reset key content to default values. > Discussion on design can be found at: > https://edk2.groups.io/g/rfc/topic/82139806#600 > > I also added patch for RPi4 which enables this feature for that platform. > > Changes since v1: > - change names: > SecBootVariableLib => SecureBootVariableLib > SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe > SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp > - change name of function CheckSetupMode to GetSetupMode > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > - rebase to master > > Grzegorz Bernacki (6): > [edk2] > SecurityPkg: Create library for setting Secure Boot variables. > SecurityPkg: Create include file for default key content. > SecurityPkg: Add SecureBootDefaultKeysDxe driver > SecurityPkg: Add EnrollFromDefaultKeys application. > SecurityPkg: Add new modules to Security package. > SecurityPkg: Add option to reset secure boot keys. > [edk2-platform] > Platform/RaspberryPi: Enable default Secure Boot variables initialization > > SecurityPkg/SecurityPkg.dec | 14 + > SecurityPkg/SecurityPkg.dsc | 5 + > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > | 47 + > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > | 79 ++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > Dxe.inf | 2 + > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.inf | 46 + > SecurityPkg/Include/Library/SecureBootVariableLib.h | > 252 +++++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > NvData.h | 2 + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig. > vfr | 6 + > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > | 107 +++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > | 979 ++++++++++++++++++++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > mpl.c | 343 ++++--- > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.c | 69 ++ > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > | 16 + > SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigS > trings.uni | 4 + > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.uni | 17 + > 17 files changed, 1862 insertions(+), 188 deletions(-) create mode 100644 > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.inf > create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h > create mode 100644 > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.c > create mode 100644 > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc > create mode 100644 > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > efaultKeysDxe.uni > > -- > 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76048): https://edk2.groups.io/g/devel/message/76048 Mute This Topic: https://groups.io/mt/83232291/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi Min M, I tested it with Ovmf. I will try other compiler and provide you logs soon. thanks, greg pt., 4 cze 2021 o 10:17 Xu, Min M <min.m.xu@intel.com> napisał(a): > > Grzegorz > Have you built this feature with different tool chains, such as VS2017/VS2019/GCC5? And test it in IA32/X64/AARCH64? > Would you post your test result in the mail? > Thanks much! > > > -----Original Message----- > > From: Grzegorz Bernacki <gjb@semihalf.com> > > Sent: Tuesday, June 1, 2021 9:12 PM > > To: devel@edk2.groups.io > > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj- > > Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com; > > upstream@semihalf.com; Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J > > <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; > > lersek@redhat.com; Grzegorz Bernacki <gjb@semihalf.com> > > Subject: [PATCH v2 0/6] Secure Boot default keys > > > > This patchset adds support for initialization of default Secure Boot variables > > based on keys content embedded in flash binary. This feature is active only if > > Secure Boot is enabled and DEFAULT_KEY is defined. The patchset consist > > also application to enroll keys from default variables and secure boot menu > > change to allow user to reset key content to default values. > > Discussion on design can be found at: > > https://edk2.groups.io/g/rfc/topic/82139806#600 > > > > I also added patch for RPi4 which enables this feature for that platform. > > > > Changes since v1: > > - change names: > > SecBootVariableLib => SecureBootVariableLib > > SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe > > SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp > > - change name of function CheckSetupMode to GetSetupMode > > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > > - rebase to master > > > > Grzegorz Bernacki (6): > > [edk2] > > SecurityPkg: Create library for setting Secure Boot variables. > > SecurityPkg: Create include file for default key content. > > SecurityPkg: Add SecureBootDefaultKeysDxe driver > > SecurityPkg: Add EnrollFromDefaultKeys application. > > SecurityPkg: Add new modules to Security package. > > SecurityPkg: Add option to reset secure boot keys. > > [edk2-platform] > > Platform/RaspberryPi: Enable default Secure Boot variables initialization > > > > SecurityPkg/SecurityPkg.dec | 14 + > > SecurityPkg/SecurityPkg.dsc | 5 + > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > | 47 + > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > | 79 ++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > Dxe.inf | 2 + > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.inf | 46 + > > SecurityPkg/Include/Library/SecureBootVariableLib.h | > > 252 +++++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > NvData.h | 2 + > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig. > > vfr | 6 + > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > | 107 +++ > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > | 979 ++++++++++++++++++++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > > mpl.c | 343 ++++--- > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.c | 69 ++ > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > | 16 + > > SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigS > > trings.uni | 4 + > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.uni | 17 + > > 17 files changed, 1862 insertions(+), 188 deletions(-) create mode 100644 > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.inf > > create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h > > create mode 100644 > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.c > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.uni > > > > -- > > 2.25.1 > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76114): https://edk2.groups.io/g/devel/message/76114 Mute This Topic: https://groups.io/mt/83232291/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi Min M, Please find log from tests of OvmfX64 built with VS2019 at: https://drive.google.com/file/d/18w7s6GxIz3aeId22xABMib7I3JX7G9X1/view?usp=sharing thanks, greg pon., 7 cze 2021 o 09:29 Grzegorz Bernacki <gjb@semihalf.com> napisał(a): > > Hi Min M, > > I tested it with Ovmf. I will try other compiler and provide you logs soon. > > thanks, > greg > > pt., 4 cze 2021 o 10:17 Xu, Min M <min.m.xu@intel.com> napisał(a): > > > > Grzegorz > > Have you built this feature with different tool chains, such as VS2017/VS2019/GCC5? And test it in IA32/X64/AARCH64? > > Would you post your test result in the mail? > > Thanks much! > > > > > -----Original Message----- > > > From: Grzegorz Bernacki <gjb@semihalf.com> > > > Sent: Tuesday, June 1, 2021 9:12 PM > > > To: devel@edk2.groups.io > > > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj- > > > Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com; > > > upstream@semihalf.com; Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J > > > <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; > > > lersek@redhat.com; Grzegorz Bernacki <gjb@semihalf.com> > > > Subject: [PATCH v2 0/6] Secure Boot default keys > > > > > > This patchset adds support for initialization of default Secure Boot variables > > > based on keys content embedded in flash binary. This feature is active only if > > > Secure Boot is enabled and DEFAULT_KEY is defined. The patchset consist > > > also application to enroll keys from default variables and secure boot menu > > > change to allow user to reset key content to default values. > > > Discussion on design can be found at: > > > https://edk2.groups.io/g/rfc/topic/82139806#600 > > > > > > I also added patch for RPi4 which enables this feature for that platform. > > > > > > Changes since v1: > > > - change names: > > > SecBootVariableLib => SecureBootVariableLib > > > SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe > > > SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp > > > - change name of function CheckSetupMode to GetSetupMode > > > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > > > - rebase to master > > > > > > Grzegorz Bernacki (6): > > > [edk2] > > > SecurityPkg: Create library for setting Secure Boot variables. > > > SecurityPkg: Create include file for default key content. > > > SecurityPkg: Add SecureBootDefaultKeysDxe driver > > > SecurityPkg: Add EnrollFromDefaultKeys application. > > > SecurityPkg: Add new modules to Security package. > > > SecurityPkg: Add option to reset secure boot keys. > > > [edk2-platform] > > > Platform/RaspberryPi: Enable default Secure Boot variables initialization > > > > > > SecurityPkg/SecurityPkg.dec | 14 + > > > SecurityPkg/SecurityPkg.dsc | 5 + > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > > | 47 + > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > > | 79 ++ > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > > Dxe.inf | 2 + > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > > efaultKeysDxe.inf | 46 + > > > SecurityPkg/Include/Library/SecureBootVariableLib.h | > > > 252 +++++ > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > > NvData.h | 2 + > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig. > > > vfr | 6 + > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > | 107 +++ > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > > | 979 ++++++++++++++++++++ > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > > > mpl.c | 343 ++++--- > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > > efaultKeysDxe.c | 69 ++ > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > > | 16 + > > > SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++ > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigS > > > trings.uni | 4 + > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > > efaultKeysDxe.uni | 17 + > > > 17 files changed, 1862 insertions(+), 188 deletions(-) create mode 100644 > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > > create mode 100644 > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > > create mode 100644 > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > > efaultKeysDxe.inf > > > create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h > > > create mode 100644 > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > create mode 100644 > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > > create mode 100644 > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > > efaultKeysDxe.c > > > create mode 100644 > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > > create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc > > > create mode 100644 > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > > efaultKeysDxe.uni > > > > > > -- > > > 2.25.1 > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76464): https://edk2.groups.io/g/devel/message/76464 Mute This Topic: https://groups.io/mt/83232291/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 06/14/2021 5:48 PM, Grzegorz Bernacki Wrote: > Hi Min M, > > Please find log from tests of OvmfX64 built with VS2019 at: > https://drive.google.com/file/d/18w7s6GxIz3aeId22xABMib7I3JX7G9X1/view?u > sp=sharing > Usually we summarize the test in a table which is posted in the mail thread, so that the test result is clear and easy to read. Also in this way the test result can be recorded in the review thread. I am afraid the test log in the google drive cannot be accessed one day. > thanks, > greg > > pon., 7 cze 2021 o 09:29 Grzegorz Bernacki <gjb@semihalf.com> napisał(a): > > > > Hi Min M, > > > > I tested it with Ovmf. I will try other compiler and provide you logs soon. > > > > thanks, > > greg > > > > pt., 4 cze 2021 o 10:17 Xu, Min M <min.m.xu@intel.com> napisał(a): > > > > > > Grzegorz > > > Have you built this feature with different tool chains, such as > VS2017/VS2019/GCC5? And test it in IA32/X64/AARCH64? > > > Would you post your test result in the mail? > > > Thanks much! > > > > > > > -----Original Message----- > > > > From: Grzegorz Bernacki <gjb@semihalf.com> > > > > Sent: Tuesday, June 1, 2021 9:12 PM > > > > To: devel@edk2.groups.io > > > > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj- > > > > Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com; > > > > upstream@semihalf.com; Yao, Jiewen <jiewen.yao@intel.com>; Wang, > > > > Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; > > > > lersek@redhat.com; Grzegorz Bernacki <gjb@semihalf.com> > > > > Subject: [PATCH v2 0/6] Secure Boot default keys > > > > > > > > This patchset adds support for initialization of default Secure > > > > Boot variables based on keys content embedded in flash binary. > > > > This feature is active only if Secure Boot is enabled and > > > > DEFAULT_KEY is defined. The patchset consist also application to > > > > enroll keys from default variables and secure boot menu change to allow > user to reset key content to default values. > > > > Discussion on design can be found at: > > > > https://edk2.groups.io/g/rfc/topic/82139806#600 > > > > > > > > I also added patch for RPi4 which enables this feature for that platform. > > > > > > > > Changes since v1: > > > > - change names: > > > > SecBootVariableLib => SecureBootVariableLib > > > > SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe > > > > SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp > > > > - change name of function CheckSetupMode to GetSetupMode > > > > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > > > > - rebase to master > > > > > > > > Grzegorz Bernacki (6): > > > > [edk2] > > > > SecurityPkg: Create library for setting Secure Boot variables. > > > > SecurityPkg: Create include file for default key content. > > > > SecurityPkg: Add SecureBootDefaultKeysDxe driver > > > > SecurityPkg: Add EnrollFromDefaultKeys application. > > > > SecurityPkg: Add new modules to Security package. > > > > SecurityPkg: Add option to reset secure boot keys. > > > > [edk2-platform] > > > > Platform/RaspberryPi: Enable default Secure Boot variables > > > > initialization > > > > > > > > SecurityPkg/SecurityPkg.dec | 14 + > > > > SecurityPkg/SecurityPkg.dsc | 5 + > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > > > | 47 + > > > > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.in > > > > f > > > > | 79 ++ > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > > > Dxe.inf | 2 + > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB > > > > ootD > > > > efaultKeysDxe.inf | 46 + > > > > SecurityPkg/Include/Library/SecureBootVariableLib.h | > > > > 252 +++++ > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > > > NvData.h | 2 + > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig. > > > > vfr | 6 + > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > > | 107 +++ > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > > > | 979 ++++++++++++++++++++ > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > > > > mpl.c | 343 ++++--- > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > > > efaultKeysDxe.c | 69 ++ > > > > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.un > > > > i > > > > | 16 + > > > > SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 > ++ > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigS > > > > trings.uni | 4 + > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB > > > > ootD > > > > efaultKeysDxe.uni | 17 + > > > > 17 files changed, 1862 insertions(+), 188 deletions(-) create > > > > mode 100644 > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > > > create mode 100644 > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.in > > > > f > > > > create mode 100644 > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB > > > > ootD > > > > efaultKeysDxe.inf > > > > create mode 100644 > > > > SecurityPkg/Include/Library/SecureBootVariableLib.h > > > > create mode 100644 > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > > create mode 100644 > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > > > create mode 100644 > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB > > > > ootD > > > > efaultKeysDxe.c > > > > create mode 100644 > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.un > > > > i create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc > > > > create mode 100644 > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB > > > > ootD > > > > efaultKeysDxe.uni > > > > > > > > -- > > > > 2.25.1 > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76630): https://edk2.groups.io/g/devel/message/76630 Mute This Topic: https://groups.io/mt/83232291/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi Min M, Sure, I will send the test result after I make changes for the v4 version. Can you please point me to a few mails with the test result table so I can copy the format? thanks, greg czw., 17 cze 2021 o 03:30 Xu, Min M <min.m.xu@intel.com> napisał(a): > > On 06/14/2021 5:48 PM, Grzegorz Bernacki Wrote: > > Hi Min M, > > > > Please find log from tests of OvmfX64 built with VS2019 at: > > https://drive.google.com/file/d/18w7s6GxIz3aeId22xABMib7I3JX7G9X1/view?u > > sp=sharing > > > Usually we summarize the test in a table which is posted in the mail thread, so that > the test result is clear and easy to read. Also in this way the test result can be recorded in > the review thread. I am afraid the test log in the google drive cannot be accessed > one day. > > > thanks, > > greg > > > > pon., 7 cze 2021 o 09:29 Grzegorz Bernacki <gjb@semihalf.com> napisał(a): > > > > > > Hi Min M, > > > > > > I tested it with Ovmf. I will try other compiler and provide you logs soon. > > > > > > thanks, > > > greg > > > > > > pt., 4 cze 2021 o 10:17 Xu, Min M <min.m.xu@intel.com> napisał(a): > > > > > > > > Grzegorz > > > > Have you built this feature with different tool chains, such as > > VS2017/VS2019/GCC5? And test it in IA32/X64/AARCH64? > > > > Would you post your test result in the mail? > > > > Thanks much! > > > > > > > > > -----Original Message----- > > > > > From: Grzegorz Bernacki <gjb@semihalf.com> > > > > > Sent: Tuesday, June 1, 2021 9:12 PM > > > > > To: devel@edk2.groups.io > > > > > Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj- > > > > > Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com; > > > > > upstream@semihalf.com; Yao, Jiewen <jiewen.yao@intel.com>; Wang, > > > > > Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; > > > > > lersek@redhat.com; Grzegorz Bernacki <gjb@semihalf.com> > > > > > Subject: [PATCH v2 0/6] Secure Boot default keys > > > > > > > > > > This patchset adds support for initialization of default Secure > > > > > Boot variables based on keys content embedded in flash binary. > > > > > This feature is active only if Secure Boot is enabled and > > > > > DEFAULT_KEY is defined. The patchset consist also application to > > > > > enroll keys from default variables and secure boot menu change to allow > > user to reset key content to default values. > > > > > Discussion on design can be found at: > > > > > https://edk2.groups.io/g/rfc/topic/82139806#600 > > > > > > > > > > I also added patch for RPi4 which enables this feature for that platform. > > > > > > > > > > Changes since v1: > > > > > - change names: > > > > > SecBootVariableLib => SecureBootVariableLib > > > > > SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe > > > > > SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp > > > > > - change name of function CheckSetupMode to GetSetupMode > > > > > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > > > > > - rebase to master > > > > > > > > > > Grzegorz Bernacki (6): > > > > > [edk2] > > > > > SecurityPkg: Create library for setting Secure Boot variables. > > > > > SecurityPkg: Create include file for default key content. > > > > > SecurityPkg: Add SecureBootDefaultKeysDxe driver > > > > > SecurityPkg: Add EnrollFromDefaultKeys application. > > > > > SecurityPkg: Add new modules to Security package. > > > > > SecurityPkg: Add option to reset secure boot keys. > > > > > [edk2-platform] > > > > > Platform/RaspberryPi: Enable default Secure Boot variables > > > > > initialization > > > > > > > > > > SecurityPkg/SecurityPkg.dec | 14 + > > > > > SecurityPkg/SecurityPkg.dsc | 5 + > > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > > > > | 47 + > > > > > > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.in > > > > > f > > > > > | 79 ++ > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > > > > Dxe.inf | 2 + > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB > > > > > ootD > > > > > efaultKeysDxe.inf | 46 + > > > > > SecurityPkg/Include/Library/SecureBootVariableLib.h | > > > > > 252 +++++ > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig > > > > > NvData.h | 2 + > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig. > > > > > vfr | 6 + > > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > > > | 107 +++ > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > > > > | 979 ++++++++++++++++++++ > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > > > > > mpl.c | 343 ++++--- > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > > > > efaultKeysDxe.c | 69 ++ > > > > > > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.un > > > > > i > > > > > | 16 + > > > > > SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 > > ++ > > > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigS > > > > > trings.uni | 4 + > > > > > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB > > > > > ootD > > > > > efaultKeysDxe.uni | 17 + > > > > > 17 files changed, 1862 insertions(+), 188 deletions(-) create > > > > > mode 100644 > > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > > > > create mode 100644 > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.in > > > > > f > > > > > create mode 100644 > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB > > > > > ootD > > > > > efaultKeysDxe.inf > > > > > create mode 100644 > > > > > SecurityPkg/Include/Library/SecureBootVariableLib.h > > > > > create mode 100644 > > > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > > > create mode 100644 > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > > > > create mode 100644 > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB > > > > > ootD > > > > > efaultKeysDxe.c > > > > > create mode 100644 > > > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.un > > > > > i create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc > > > > > create mode 100644 > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureB > > > > > ootD > > > > > efaultKeysDxe.uni > > > > > > > > > > -- > > > > > 2.25.1 > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76670): https://edk2.groups.io/g/devel/message/76670 Mute This Topic: https://groups.io/mt/83232291/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 06/17/2021, Grzegorz Bernacki wrote: > Hi Min M, > > Sure, I will send the test result after I make changes for the v4 version. Can > you please point me to a few mails with the test result table so I can copy the > format? > Please refer to https://edk2.groups.io/g/devel/message/74239 Just summarize the validation you do. > > thanks, > greg Thanks Min -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76672): https://edk2.groups.io/g/devel/message/76672 Mute This Topic: https://groups.io/mt/83232291/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.