From nobody Mon Feb  9 20:46:02 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+75902+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+75902+1787277+3901457@groups.io
ARC-Seal: i=1; a=rsa-sha256; t=1622553178; cv=none;
	d=zohomail.com; s=zohoarc;
	b=KOztI8N2fBpWBqqVayvZydgEuEJtAl0fU4YTNx3ZbLBg1qnhcAlQadRgPUw03hzRerARB8oZuL/4tics6pL/J+61SPP4l8G6YTzgFsPIXVu4b0EAuwUZgeh0RaKZRKbmkhxXLsJ5F2QnTNw95mIttsUygq2t2RQncGVXxU7X4SY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1622553178;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=m8E8TNqOQvXa/7GTo+hMId5b1g2ehmDaI2uUcqoCROI=;
	b=VnRpLzwIaDPtQ06wWQ8AKdrjEsSvwthkHWi0RZmYYuyF87/valamHLnY9L5AkAfkdwgd7wh1vx9dmeOvM6MmRQvkDtCaeYYsJWJ+YgME0HLGmZ2FW4getQJRgmCAEyqIuRxM0LBPONg0kMfnaZI8VcVtaSFeFSBJMnCZt1pAkgQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+75902+1787277+3901457@groups.io
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1622553178309965.8431212729222;
 Tue, 1 Jun 2021 06:12:58 -0700 (PDT)
Return-Path: <bounce+27952+75902+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 9NzvYY1788612xh8Is98ybw4;
 Tue, 01 Jun 2021 06:12:57 -0700
X-Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com
 [209.85.167.43])
 by mx.groups.io with SMTP id smtpd.web11.57659.1622553177134695328
 for <devel@edk2.groups.io>;
 Tue, 01 Jun 2021 06:12:57 -0700
X-Received: by mail-lf1-f43.google.com with SMTP id v8so21721727lft.8
        for <devel@edk2.groups.io>; Tue, 01 Jun 2021 06:12:56 -0700 (PDT)
X-Gm-Message-State: CRn3MgosfqmsLKiLPt8ziH9ax1787277AA=
X-Google-Smtp-Source: 
 ABdhPJz1QtaCvr5j02nyizEDRN3UBiukWji8t5QszHSmP6lyj4ZbkxQgU3l7jqZp8fTBsGYbt1nJbg==
X-Received: by 2002:ac2:5e33:: with SMTP id o19mr18376897lfg.11.1622553175073;
        Tue, 01 Jun 2021 06:12:55 -0700 (PDT)
X-Received: from gilgamesh.lab.semihalf.net ([83.142.187.85])
        by smtp.gmail.com with ESMTPSA id
 y5sm1681460lfa.148.2021.06.01.06.12.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Jun 2021 06:12:54 -0700 (PDT)
From: "Grzegorz Bernacki" <gjb@semihalf.com>
To: devel@edk2.groups.io
Cc: leif@nuviainc.com,
	ardb+tianocore@kernel.org,
	Samer.El-Haj-Mahmoud@arm.com,
	sunny.Wang@arm.com,
	mw@semihalf.com,
	upstream@semihalf.com,
	jiewen.yao@intel.com,
	jian.j.wang@intel.com,
	min.m.xu@intel.com,
	lersek@redhat.com,
	Grzegorz Bernacki <gjb@semihalf.com>
Subject: [edk2-devel] [PATCH v2 2/6] SecurityPkg: Create include file for
 default key content.
Date: Tue,  1 Jun 2021 15:12:25 +0200
Message-Id: <20210601131229.630611-4-gjb@semihalf.com>
In-Reply-To: <20210601131229.630611-1-gjb@semihalf.com>
References: <20210601131229.630611-1-gjb@semihalf.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,gjb@semihalf.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1622553177;
 bh=3c+3hzQw3T2DmnKGOMfjEd2QJa50BILM05baA05jEAQ=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=gE5L7BBtvM1yrhZQSnDP59VRP46WuVuNJM1ld4fELv1uFf32hOuhc97GbfdRYbOodE9
 XEwLGvOnDYUInHCBYTywYw0pDtBebpacJR9fsNQRcLZwRa/6oTr7zL0gwb7ob/JVncDFe
 tlkK8c73PK8r7JzoYgWbZKOKn2vbWLC6qPI=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

This commits add file which can be included by platform Flash
Description File. It allows to specify certificate files, which
will be embedded into binary file. The content of these files
can be used to initialize Secure Boot default keys and databases.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Tested-by: Pete Batard <pete@akeo.ie> on Raspberry Pi 4
---
 SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc

diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc b/SecurityPkg/Secure=
BootDefaultKeys.fdf.inc
new file mode 100644
index 0000000000..056586b204
--- /dev/null
+++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
@@ -0,0 +1,62 @@
+
+!if $(DEFAULT_KEYS) =3D=3D TRUE
+  FILE FREEFORM =3D 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
+  !ifdef $(PK_DEFAULT_FILE)
+    SECTION RAW =3D $(PK_DEFAULT_FILE)
+  !endif
+    SECTION UI =3D "PK Default"
+  }
+
+  FILE FREEFORM =3D 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
+  !ifdef $(KEK_DEFAULT_FILE1)
+    SECTION RAW =3D $(KEK_DEFAULT_FILE1)
+  !endif
+  !ifdef $(KEK_DEFAULT_FILE2)
+    SECTION RAW =3D $(KEK_DEFAULT_FILE2)
+  !endif
+  !ifdef $(KEK_DEFAULT_FILE3)
+    SECTION RAW =3D $(KEK_DEFAULT_FILE3)
+  !endif
+    SECTION UI =3D "KEK Default"
+  }
+
+  FILE FREEFORM =3D c491d352-7623-4843-accc-2791a7574421 {
+  !ifdef $(DB_DEFAULT_FILE1)
+    SECTION RAW =3D $(DB_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DB_DEFAULT_FILE2)
+    SECTION RAW =3D $(DB_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DB_DEFAULT_FILE3)
+    SECTION RAW =3D $(DB_DEFAULT_FILE3)
+  !endif
+    SECTION UI =3D "DB Default"
+  }
+
+  FILE FREEFORM =3D 36c513ee-a338-4976-a0fb-6ddba3dafe87 {
+  !ifdef $(DBT_DEFAULT_FILE1)
+    SECTION RAW =3D $(DBT_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DBT_DEFAULT_FILE2)
+    SECTION RAW =3D $(DBT_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DBT_DEFAULT_FILE3)
+    SECTION RAW =3D $(DBT_DEFAULT_FILE3)
+  !endif
+    SECTION UI =3D "DBT Default"
+  }
+
+  FILE FREEFORM =3D 5740766a-718e-4dc0-9935-c36f7d3f884f {
+  !ifdef $(DBX_DEFAULT_FILE1)
+    SECTION RAW =3D $(DBX_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DBX_DEFAULT_FILE2)
+    SECTION RAW =3D $(DBX_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DBX_DEFAULT_FILE3)
+    SECTION RAW =3D $(DBX_DEFAULT_FILE3)
+  !endif
+    SECTION UI =3D "DBX Default"
+  }
+
+!endif
--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#75902): https://edk2.groups.io/g/devel/message/75902
Mute This Topic: https://groups.io/mt/83232296/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-