Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
On 6/13/2022 4:39 PM, Kun Qin wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911
>
> This is a revamp of a previously submitted patch series based on top of
> master branch: https://edk2.groups.io/g/devel/message/89507. No changes
> added.
>
> Current SecureBootVariableLib provide great support for deleting secure
> boot related variables, creating time-based payloads.
>
> However, for secure boot enrollment, the SecureBootVariableProvisionLib
> interfaces always assume the changes from variable storage, limiting the
> usage, requiring existing platforms to change key initialization process
> to adapt to the new methods, as well as bringing in extra dependencies
> such as FV protocol, time protocols.
>
> This patch series proposes to update the implementation for Secure Boot
> Variable libraries and their consumers to better support the related
> variables operations.
>
> Patch v2 branch: https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v2
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Cc: Peter Grehan <grehan@freebsd.org>
> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Ray Ni <ray.ni@intel.com>
>
> Kun Qin (8):
> SecurityPkg: UefiSecureBoot: Definitions of cert and payload
> structures
> SecurityPkg: PlatformPKProtectionLib: Added PK protection interface
> SecurityPkg: SecureBootVariableLib: Updated time based payload creator
> SecurityPkg: SecureBootVariableProvisionLib: Updated implementation
> SecurityPkg: Secure Boot Drivers: Added common header files
> SecurityPkg: SecureBootConfigDxe: Updated invocation pattern
> OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency
> EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency
>
> kuqin (3):
> SecurityPkg: SecureBootVariableLib: Updated signature list creator
> SecurityPkg: SecureBootVariableLib: Added newly supported interfaces
> SecurityPkg: SecureBootVariableLib: Added unit tests
>
> SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c | 1 +
> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c | 51 +
> SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c | 486 ++++-
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c | 36 +
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c | 201 ++
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c | 13 +
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c | 2037 ++++++++++++++++++++
> SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c | 145 +-
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 128 +-
> SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c | 1 +
> EmulatorPkg/EmulatorPkg.dsc | 1 +
> OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
> OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
> OvmfPkg/OvmfPkgIa32.dsc | 1 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
> OvmfPkg/OvmfPkgX64.dsc | 1 +
> SecurityPkg/Include/Library/PlatformPKProtectionLib.h | 31 +
> SecurityPkg/Include/Library/SecureBootVariableLib.h | 103 +-
> SecurityPkg/Include/UefiSecureBoot.h | 94 +
> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf | 36 +
> SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf | 14 +-
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf | 33 +
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf | 45 +
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf | 25 +
> SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf | 36 +
> SecurityPkg/SecurityPkg.ci.yaml | 11 +
> SecurityPkg/SecurityPkg.dec | 5 +
> SecurityPkg/SecurityPkg.dsc | 2 +
> SecurityPkg/Test/SecurityPkgHostTest.dsc | 38 +
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf | 1 +
> 31 files changed, 3468 insertions(+), 112 deletions(-)
> create mode 100644 SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c
> create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
> create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
> create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
> create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
> create mode 100644 SecurityPkg/Include/Library/PlatformPKProtectionLib.h
> create mode 100644 SecurityPkg/Include/UefiSecureBoot.h
> create mode 100644 SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
> create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
> create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
> create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
> create mode 100644 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
> create mode 100644 SecurityPkg/Test/SecurityPkgHostTest.dsc
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90937): https://edk2.groups.io/g/devel/message/90937
Mute This Topic: https://groups.io/mt/91735867/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-