From nobody Sun May 5 17:31:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77410+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77410+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1625131273; cv=none; d=zohomail.com; s=zohoarc; b=fgA61Ma2h3Ba/9XHB/RnQy5ZbuWkDu26/VHlnr3un2avAXhlS3spvfRL6QgSILjS2zjZNGZzgTvVXXmmaTCwX56mmw/5ZaCVcXn0YCIDxRmugDiSVX6VyhpzMUvGp6k4kkK8FcP6WMMW5KzC+1FEbc0ywrqp8wVpvwpyryWNxf0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1625131273; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=MfV437iNvVvatV5mIhPSiGewwaHN+0e5zbiL6dVMP7o=; b=idPRgAi0uVIiSpNp2JBfuT9/79AtkUNJDhwPdHvhPsh2/v9SnaJkneep0vqcGKp9Br13joM2YO+AAkRawzu4FqSlvHjQ7bn3YNeG4RcD/I3vO89U11LevKNl3dFS7NCdcyP7xENsrSpkn0J6r6pB7Nm+gsFR+wK1Nn5sigv+wx8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77410+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1625131273979490.36038872747463; Thu, 1 Jul 2021 02:21:13 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id KCHWYY1788612xt4LjSlMbkt; Thu, 01 Jul 2021 02:21:13 -0700 X-Received: from mail-lj1-f173.google.com (mail-lj1-f173.google.com [209.85.208.173]) by mx.groups.io with SMTP id smtpd.web08.4667.1625131268817686685 for ; Thu, 01 Jul 2021 02:21:09 -0700 X-Received: by mail-lj1-f173.google.com with SMTP id c11so7476986ljd.6 for ; Thu, 01 Jul 2021 02:21:08 -0700 (PDT) X-Gm-Message-State: 0YsLbqpb5BeyIbb70g4ljFedx1787277AA= X-Google-Smtp-Source: ABdhPJzQeI/FUzr8txct8ZdLBiYhhEwAiJI9lrwyoi4B1jditdY7+fOFWdU6xO0IcJ73HzV5aw0PVw== X-Received: by 2002:a2e:1452:: with SMTP id 18mr11718907lju.4.1625131266842; Thu, 01 Jul 2021 02:21:06 -0700 (PDT) X-Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id g15sm2343205lfr.110.2021.07.01.02.21.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jul 2021 02:21:06 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki Subject: [edk2-devel] [edk2-platforms PATCH v5 1/4] Intel Platforms: add SecureBootVariableLib class resolution Date: Thu, 1 Jul 2021 11:20:48 +0200 Message-Id: <20210701092051.1057606-2-gjb@semihalf.com> In-Reply-To: <20210701092051.1057606-1-gjb@semihalf.com> References: <20210701092051.1057606-1-gjb@semihalf.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gjb@semihalf.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1625131273; bh=cFOBWaWXHhTnbcFb6GaX5I0t5rW5o/kYvPJYlzfCLpc=; h=Cc:Date:From:Reply-To:Subject:To; b=WEwLnLTfP48H2bpMkHTqbAWleEjEFFQJJlyOftgw675nx6DWbywl5UOBSkxOAlG3L6X dDA/Af0Fz3gBk6pqeooSVI9w2/BFuWHxbYkKxZGZV/WGWOa1Em/ShJIPfCePuP8Y2tOh5 RTOTxxRwrm8Dl7vNrUXXEde0fRKEnXhIq9U= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The edk2 patch SecurityPkg: Create library for setting Secure Boot variables. removes generic functions from SecureBootConfigDxe and places them into SecureBootVariableLib. This patch adds SecureBootVariableLib mapping for each Intel platform which uses SecureBootConfigDxe. Signed-off-by: Grzegorz Bernacki Reviewed-by: Liming Gao Reviewed-by: Sunny Wang --- Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc | 1 + Platform/Intel/QuarkPlatformPkg/Quark.dsc | 1 + Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 1 + Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 3 ++- 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc b/= Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc index b154f9615d..5157c87a9a 100644 --- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc +++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc @@ -139,6 +139,7 @@ =20 !if gMinPlatformPkgTokenSpaceGuid.PcdUefiSecureBootEnable =3D=3D TRUE AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf !endif =20 SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf diff --git a/Platform/Intel/QuarkPlatformPkg/Quark.dsc b/Platform/Intel/Qua= rkPlatformPkg/Quark.dsc index cc1eba4df4..35f99429f7 100644 --- a/Platform/Intel/QuarkPlatformPkg/Quark.dsc +++ b/Platform/Intel/QuarkPlatformPkg/Quark.dsc @@ -175,6 +175,7 @@ !if $(SECURE_BOOT_ENABLE) PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSec= ureLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf !else AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf !endif diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Platfor= m/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc index d15da40819..5a0d3e31e1 100644 --- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc +++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc @@ -227,6 +227,7 @@ !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecu= reLibNull.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf !else AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf !endif diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Platform= /Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc index 4a5548b80e..36a5ae333c 100644 --- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc +++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc @@ -1,4 +1,4 @@ -#/** @file +e # Platform description. # # Copyright (c) 2012 - 2021, Intel Corporation. All rights reserved.
@@ -229,6 +229,7 @@ !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecu= reLibNull.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf !else AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf !endif --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77410): https://edk2.groups.io/g/devel/message/77410 Mute This Topic: https://groups.io/mt/83912225/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 17:31:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77411+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77411+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1625131274; cv=none; d=zohomail.com; s=zohoarc; b=dBCoFlVylt9StRzd+CjUFrTWMTj2q1fi03CyyVygGHWWoT9nu0EJhNfqz3Yp4oUSebSIzK2f+47/RfvpeJTyxpfNpBDRPwqC8i+xVCrLdOFeSthYodBvRtvzGm8GN58ZFiELkNhpO/uicT/a0ZJCrTuVrsGlBr4HoLaX6QVX3LQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1625131274; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=vcH3LJ0A+4aHESacNcxnt9W4h+XN2HfS2KzUG3+Eg5M=; b=EdbWVhP0cd5zbeJONU5iY4BpYG3LzXLr0kBWKnKGxAX9mo0rhydWONJ8Hf58dJ7+ZCfZ3GrQt7wmkvxp2g1HhsQcAn23q8BLPk3+gKkVLgdp/jdTBaQg7yk7sAYjR42Yeu8vEads9twakv4sho1ddxPvI/Z0wPOqegHTsxWi1p4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77411+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1625131274871379.67290095311444; Thu, 1 Jul 2021 02:21:14 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wz2AYY1788612x8yxwTzdAHV; Thu, 01 Jul 2021 02:21:14 -0700 X-Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45]) by mx.groups.io with SMTP id smtpd.web10.4758.1625131270414994359 for ; Thu, 01 Jul 2021 02:21:10 -0700 X-Received: by mail-lf1-f45.google.com with SMTP id a18so10585300lfs.10 for ; Thu, 01 Jul 2021 02:21:10 -0700 (PDT) X-Gm-Message-State: PMbw4raDWHxw0MtTnMM1SNkax1787277AA= X-Google-Smtp-Source: ABdhPJwHaJjqvUYh1tkckZfifkFEqDwTRcWBWr4HvAR76iQL9peAuVLL/IHRWK+baS3WLAvYTeEcAg== X-Received: by 2002:a19:8c03:: with SMTP id o3mr29955829lfd.499.1625131268243; Thu, 01 Jul 2021 02:21:08 -0700 (PDT) X-Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id g15sm2343205lfr.110.2021.07.01.02.21.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jul 2021 02:21:07 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki Subject: [edk2-devel] [edk2-platforms PATCH v5 2/4] ARM Silicon and Platforms: add SecureBootVariableLib class resolution Date: Thu, 1 Jul 2021 11:20:49 +0200 Message-Id: <20210701092051.1057606-3-gjb@semihalf.com> In-Reply-To: <20210701092051.1057606-1-gjb@semihalf.com> References: <20210701092051.1057606-1-gjb@semihalf.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gjb@semihalf.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1625131274; bh=qheIUsddRGB9YjRw7Z/TG2C6ymQQbqqF5xesvCbCXBA=; h=Cc:Date:From:Reply-To:Subject:To; b=sLZoTdupA/qcSCuYJGx1gYcGj12kdW+uUytDr+kDKW4OZ2cKUygtLoiTvM3BMN95a6e 8TDOyNs9nBbnuqdqxWsXGPYrKoqPS/YAAi5p4TseM3uGRvWEaszhCCtn16okMGCHISZv5 rWGRtcxzOX2gEzT/gZ7YDFrJltywgzO2VyY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The edk2 patch SecurityPkg: Create library for setting Secure Boot variables. removes generic functions from SecureBootConfigDxe and places them into SecureBootVariableLib. This patch adds SecureBootVariableLib mapping for each ARM platform which uses SecureBootConfigDxe. Signed-off-by: Grzegorz Bernacki Reviewed-by: Graeme Gregory #SbsaQemu Reviewed-by: Sunny Wang --- Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc | 1 + Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 1 + Platform/RaspberryPi/RPi3/RPi3.dsc | 1 + Platform/RaspberryPi/RPi4/RPi4.dsc | 1 + Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 4 ++++ 5 files changed, 8 insertions(+) diff --git a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc b/Platform/ARM/VE= xpressPkg/ArmVExpress.dsc.inc index fee7cfcc2d..60fdb244ba 100644 --- a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc +++ b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc @@ -129,6 +129,7 @@ !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf =20 # re-use the UserPhysicalPresent() dummy implementation from the ovmf tr= ee PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/S= bsaQemu.dsc index 11ce361cdb..b1c4030ec9 100644 --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc @@ -156,6 +156,7 @@ DEFINE NETWORK_HTTP_BOOT_ENABLE =3D FALSE # TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf =20 # re-use the UserPhysicalPresent() dummy implementation from the ovmf tr= ee PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/Platform/RaspberryPi/RPi3/RPi3.dsc b/Platform/RaspberryPi/RPi3= /RPi3.dsc index 53825bcf62..73f7f2f8c3 100644 --- a/Platform/RaspberryPi/RPi3/RPi3.dsc +++ b/Platform/RaspberryPi/RPi3/RPi3.dsc @@ -167,6 +167,7 @@ =20 # re-use the UserPhysicalPresent() dummy implementation from the ovmf tr= ee PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf !else TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4= /RPi4.dsc index fd73c4d14b..d38fee8fb8 100644 --- a/Platform/RaspberryPi/RPi4/RPi4.dsc +++ b/Platform/RaspberryPi/RPi4/RPi4.dsc @@ -164,6 +164,7 @@ !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf =20 # re-use the UserPhysicalPresent() dummy implementation from the ovmf tr= ee PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc b/Platform/So= cionext/DeveloperBox/DeveloperBox.dsc index 88454c1f90..41b7c3bced 100644 --- a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc +++ b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc @@ -52,6 +52,10 @@ =20 MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibN= ull.inf =20 +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf +!endif + [LibraryClasses.common.SEC] PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77411): https://edk2.groups.io/g/devel/message/77411 Mute This Topic: https://groups.io/mt/83912226/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 17:31:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77412+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77412+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1625131275; cv=none; d=zohomail.com; s=zohoarc; b=GXLK+vfXHQ8gjMZjWzlLn36sC7RA4FeebHLhMW0wq7gYpwLpPY7PCLDpse5+9acca6uBdb2NkEaoUa0C6ol9egwWe6viTTgrDbxv4pHnJKyykFYAzHMTCDU/5e6NByUjTKGIF0Tu2WoQrloeOUTHoq0E/XLB5XcpqP1EPEXKy5Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1625131275; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=aJuioqCFA4u1QP0/M0Z8Tm6aPqJMQHNU74sw5KCZEng=; b=dIXy7SLogawOpCLf2umWMF0ePXC6xiuYmYN8OwyOugdztCI599L+W9FgvEVhfuFP0Q58Cm+CDnitVzRx3HSxj0vy6IwpvVjww6vlJmUaOC7UluFbX1JyNMcxG7l7fX9YOwmnJ4Px6edcnlETwFPOS46XnsjDXv6qkA54NMd46mE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77412+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1625131275928182.28829552627315; Thu, 1 Jul 2021 02:21:15 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xyJAYY1788612xt03sKWSQ74; Thu, 01 Jul 2021 02:21:15 -0700 X-Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) by mx.groups.io with SMTP id smtpd.web10.4759.1625131271630480232 for ; Thu, 01 Jul 2021 02:21:12 -0700 X-Received: by mail-lj1-f169.google.com with SMTP id k8so7485085lja.4 for ; Thu, 01 Jul 2021 02:21:11 -0700 (PDT) X-Gm-Message-State: DwVkKmoaH2MI9TASrbCXpVdnx1787277AA= X-Google-Smtp-Source: ABdhPJx0mKDxnevUE9FLTEjeonCLCnc7NzNIGePZ3GsuFBt4kS4c389TzCpt+kwaMsaHfKqzTY7gVg== X-Received: by 2002:a2e:a44d:: with SMTP id v13mr11198748ljn.297.1625131269668; Thu, 01 Jul 2021 02:21:09 -0700 (PDT) X-Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id g15sm2343205lfr.110.2021.07.01.02.21.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jul 2021 02:21:09 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki , Abner Chang , Daniel Schaefer Subject: [edk2-devel] [edk2-platforms PATCH v5 3/4] RISC-V Platforms: add SecureBootVariableLib class resolution Date: Thu, 1 Jul 2021 11:20:50 +0200 Message-Id: <20210701092051.1057606-4-gjb@semihalf.com> In-Reply-To: <20210701092051.1057606-1-gjb@semihalf.com> References: <20210701092051.1057606-1-gjb@semihalf.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gjb@semihalf.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1625131275; bh=d83cQX2cBwXjuuEsb3gpYF0IHFWz6sBahE17eWIF45c=; h=Cc:Date:From:Reply-To:Subject:To; b=uGyS6c1UscklPyvMwFYlt74hhqmYL2tDMi+MgnVAeU7qOAn4wzDyoLS6RFzjV8QWgOl Z4AQQ2PykTl5Cj+ZfS6KPXz6gc1tMrHoY1FJqD1eFeWWrsN1P0gIpsZJwXNBQO1yEheoI kb6UqsAw1HFLV2cbiBtu9W178O6+2ZJpYmQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The edk2 patch SecurityPkg: Create library for setting Secure Boot variables. removes generic functions from SecureBootConfigDxe and places them into SecureBootVariableLib. This patch adds SecureBootVariableLib mapping for each RICS-V platform which uses SecureBootConfigDxe. Signed-off-by: Grzegorz Bernacki Reviewed-by: Abner Chang Reviewed-by: Daniel Schaefer Reviewed-by: Sunny Wang --- Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc | 1 + Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc | 1 + 2 files changed, 2 insertions(+) diff --git a/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc b/P= latform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc index b91823ceeb..fc5ba2a07f 100644 --- a/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc +++ b/Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc @@ -122,6 +122,7 @@ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf !else TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf diff --git a/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U5= 40.dsc b/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.d= sc index 0eafe29880..71add8ff9a 100644 --- a/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc +++ b/Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc @@ -122,6 +122,7 @@ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf !else TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77412): https://edk2.groups.io/g/devel/message/77412 Mute This Topic: https://groups.io/mt/83912227/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 17:31:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77413+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77413+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1625131276; cv=none; d=zohomail.com; s=zohoarc; b=ZTLZoXjTiHRm4xbVXhWsnDX6HCQVWkFJjnsJwBXqSHkPoJv7sDjHiVIW6K4M0kJaSw+1JM8/EtDXiCzx4+nERwbjo+RbFth/3t9Cxovjx4npJc0xj5IlVSEtjOjLW2Ilnu1bSSSiPzEJiJTESHbHRuroN/PQQUbpFrjM5ZfMmJw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1625131276; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=vkXs5CsK2C7p3tpDSyAg381DwpOyGOS0C1YnAGa1N8s=; b=eVRH51PsGBwLR4LXijg+QlA+v3BfDqYPbKf8foiniyQH14OCZPkZCdwMZSb0Ba0mDy2NRMmaK0NZ0/LFbyaff0ZMQJr1JxHDKq/QSAKfxtrY0iWLHtySbdDIiYeYMUB+OSVbKP8Wd9Ja4phChy4Dj1rM9aR+CoqQ8LCFm71LbI0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77413+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1625131276436229.9846341668689; Thu, 1 Jul 2021 02:21:16 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id QDSNYY1788612xfm3tQBTBGR; Thu, 01 Jul 2021 02:21:16 -0700 X-Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com [209.85.167.48]) by mx.groups.io with SMTP id smtpd.web11.4631.1625131273079898138 for ; Thu, 01 Jul 2021 02:21:13 -0700 X-Received: by mail-lf1-f48.google.com with SMTP id u13so10672258lfk.2 for ; Thu, 01 Jul 2021 02:21:12 -0700 (PDT) X-Gm-Message-State: bbbVmizdna8aNPopHd3qE12Tx1787277AA= X-Google-Smtp-Source: ABdhPJx0nPIpVnk5DAPgDq+bDkf0ezLZ9icHz9h0Ah0lVC+wXGX5DXz5TE2RROBjXm6ccQD2rQu2Dg== X-Received: by 2002:ac2:53ae:: with SMTP id j14mr31237138lfh.147.1625131271106; Thu, 01 Jul 2021 02:21:11 -0700 (PDT) X-Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id g15sm2343205lfr.110.2021.07.01.02.21.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jul 2021 02:21:10 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki , Sunny Wang Subject: [edk2-devel] [edk2-platforms PATCH v5 4/4] Platform/RaspberryPi: Enable default Secure Boot variables initialization Date: Thu, 1 Jul 2021 11:20:51 +0200 Message-Id: <20210701092051.1057606-5-gjb@semihalf.com> In-Reply-To: <20210701092051.1057606-1-gjb@semihalf.com> References: <20210701092051.1057606-1-gjb@semihalf.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gjb@semihalf.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1625131276; bh=vl2AeT5yntVIBT5mZgSVkx+UEpfDwgCYgreR8Dkwp8o=; h=Cc:Date:From:Reply-To:Subject:To; b=hlMDG4gaF2qQHJdJn784Ki0QP8tDK5XD3s3oPJR37CNn7QAg8y7a4+xx9BB46lixDz8 lbEYOPzZXh+zAbvwZaO/wBaxG50VVRcAbqTfQATnEF1WWGkSdXWvqOMTNaikKahpVtgE7 bKvdx19KqLyN3rTf1zxXDLfHx3uPgSq3Uwo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" This commit allows to initialize Secure Boot default key and databases from data embedded in firmware binary. Signed-off-by: Grzegorz Bernacki Reviewed-by: Sunny Wang Reviewed-by: Pete Batard Tested-by: Pete Batard on Raspberry Pi 4 --- Platform/RaspberryPi/RPi4/RPi4.dsc | 3 +++ Platform/RaspberryPi/RPi4/RPi4.fdf | 2 ++ 2 files changed, 5 insertions(+) diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4= /RPi4.dsc index d38fee8fb8..54bb282ff2 100644 --- a/Platform/RaspberryPi/RPi4/RPi4.dsc +++ b/Platform/RaspberryPi/RPi4/RPi4.dsc @@ -218,6 +218,7 @@ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf + ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf =20 [LibraryClasses.common.UEFI_DRIVER] @@ -621,6 +622,8 @@ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf } SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf + SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDef= aultKeysDxe.inf !else MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf !endif diff --git a/Platform/RaspberryPi/RPi4/RPi4.fdf b/Platform/RaspberryPi/RPi4= /RPi4.fdf index 1e13909a57..8508065a77 100644 --- a/Platform/RaspberryPi/RPi4/RPi4.fdf +++ b/Platform/RaspberryPi/RPi4/RPi4.fdf @@ -189,7 +189,9 @@ READ_LOCK_STATUS =3D TRUE INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.i= nf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE +!include ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf= igDxe.inf + INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoo= tDefaultKeysDxe.inf !endif INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRu= ntimeDxe.inf INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77413): https://edk2.groups.io/g/devel/message/77413 Mute This Topic: https://groups.io/mt/83912228/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-