From nobody Mon Feb 9 12:43:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98947+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674255550714413.60872997474155; Fri, 20 Jan 2023 14:59:10 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id IGXrYY1788612xJzUI3w14VC; Fri, 20 Jan 2023 14:59:10 -0800 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.76]) by mx.groups.io with SMTP id smtpd.web11.89998.1674255549672006080 for ; Fri, 20 Jan 2023 14:59:09 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jxzk2vKv8Md8Y5L8zCL3KyMocPZaLokNAmFTGROhdIOTnRoGbQYz6du3t1WVJA7iBQvw1ISvzgUszQRxJQfa2n/maN5A6FIxftPtPXwb43G3rb3bw55zNzb4xhMgO7jBDwjhEYozYjk+1pwPHmeeBUGcn7B4A/4ADr6paU2G1oPNBZZa5Lgy5JDbECC//0dINDjyr5/P7XsDEDIB43hqAXJOJrYcdeO1OAdWMm2bgqI//Qyo8VjUwAKXQzTOSzMrTNbfcsf+Z9w3z4GWgMAxvELQLVx1fjC9lngT6Q0a7OSb0CgxZjnbxFdhfXrWpw9pw1dAGwdlus99J5s8p9JhcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZlTsEkd5qyGLLFOjC8m4JgTm/Q0mbD/sGqzGgnKYJZM=; b=LuNtQ6W3pi3hkhWgtR3afyv6sfVXbASmkfXRVXxy675EU/a8GGwOXZSQq4xlbb5JLVnbqNbvV02WmbIa/3MIaoEu4nab7dncTvgE9xAxjtJog0/0/IDmUG4+kzJJe18XsnI6mSOyvCKD+p3dqS+2HsBchRj0HSDP8yRiX9xDCPkhR4Wm0AkSBrz9bAj1+22vQPwCi6pa2RJVXdkPv91FfGnoq/7L5M2TH1QQvUJ4Ly2+d0sP8+BtxK+W5DAIE8rxp3LF4xJj/RbnFRIN9qAuOTPdmq5vWAJAJtR1zJ5tYC81YZed7GLdn9IUIgKDHywR3PpbD67FCy1xVYw5ft9MzQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none X-Received: from CY5PR03CA0013.namprd03.prod.outlook.com (2603:10b6:930:8::44) by PH8PR12MB7328.namprd12.prod.outlook.com (2603:10b6:510:214::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.26; Fri, 20 Jan 2023 22:59:07 +0000 X-Received: from CY4PEPF0000C982.namprd02.prod.outlook.com (2603:10b6:930:8:cafe::81) by CY5PR03CA0013.outlook.office365.com (2603:10b6:930:8::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.27 via Frontend Transport; Fri, 20 Jan 2023 22:59:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+98947+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C X-Received: from mail.nvidia.com (216.228.117.161) by CY4PEPF0000C982.mail.protection.outlook.com (10.167.241.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.11 via Frontend Transport; Fri, 20 Jan 2023 22:59:06 +0000 X-Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36; Fri, 20 Jan 2023 14:58:57 -0800 X-Received: from jbobek-titan.nvidia.com (10.126.231.37) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36; Fri, 20 Jan 2023 14:58:56 -0800 From: "Jan Bobek via groups.io" To: CC: Jan Bobek , Laszlo Ersek , "Jiewen Yao" , Ard Biesheuvel , "Leif Lindholm" , Sami Mujawar , Gerd Hoffmann Subject: [edk2-devel] [PATCH v1 3/4] ArmVirtPkg: require self-signed PK when secure boot is enabled Date: Fri, 20 Jan 2023 15:58:34 -0700 Message-ID: <20230120225835.42733-4-jbobek@nvidia.com> In-Reply-To: <20230120225835.42733-1-jbobek@nvidia.com> References: <20230120225835.42733-1-jbobek@nvidia.com> MIME-Version: 1.0 X-Originating-IP: [10.126.231.37] X-ClientProxiedBy: rnnvmail201.nvidia.com (10.129.68.8) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000C982:EE_|PH8PR12MB7328:EE_ X-MS-Office365-Filtering-Correlation-Id: 7f412aaa-2df8-4641-ebba-08dafb39ef1a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: QBFBNiFnh7Ax1uibNSgnUfrRsM4ykcqJ+Oo4DmMBBKf7Q3ca6Xf4aKxcp8oiSIbQSB0JIFy25cSaQx0F/indIPGudX/PQdUw6AjalQ3UZUamehE/IYfW2STq+tdv4vYtLv80jVtDr0kKKxmGTTrmYvoXQqXs0t2+UvVLjG9KJn2mxGSzHKE4ao5OwFeieH7TLKCq/rvi/AW5PNfE72YK+JUPaMZnJ32Lj6gzo0ejLFuY4WLxTlmHuOIcGGDdj+cm7xvuFUgWmxHbm2mjV8tK/Ck8+p4v7OGf9OYqIUX1ZMFxQUxsyi2NcX2zh0ijbhRhot7ZEpg3HDitxFaINYtPivEVxU8MJTig+U5lNhs/KmevrpScqT//fSLY+pbIHIx5DbvSFPAotgrBH0rLPBRP3rOOwiZqbLxC8dx5HZDch6JsfzliyPhXZOtqwXtVApxt/ezFWKIgVU0EyZugnf3dGr/3d6Vme64wMqNedJAQKGIwsAaeEWau2dryOwTztzK/lkYjS3qK/oNB0JasTqFpPtkW8bmtzEqxztrXXY1LbOsFpKXyC4thMt9LAdFyflnd4ohcz/gRNhU8CFHU0/dhaJTa+GLxONNgvAH08gPQQIRCbLK6B28cS0XU+VoCjt+bj4kwyge6LOV7sYIEU6z42aD/WV3jNWC4jqg5SHIC1kzz/J1b+/D77UIbe2DkTHMLalfS8goq84KTE+3RkROC0lNmqlA46M/B1K1J+aeRi1VrHWGsc9iBcYsjxUuiFQ0N/1gCDTVd6+l8WGB5bmZNVCKOGNMqIpipy596JqI1jm0= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2023 22:59:06.7853 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7f412aaa-2df8-4641-ebba-08dafb39ef1a X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000C982.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7328 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jbobek@nvidia.com X-Gm-Message-State: aejgFPcnKDYj0tzR2CWaezDYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674255550; bh=42OvRg/4+OwkYiXIjwWcI9LL166wZ9LuD9LIRTGMlV4=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=JO7VUaH4MJI5R76i2kfZaTVz8Nwe0fZkRLEARQbXbDiCzE2RzDmUE8/dc2UYre0hB5V QE9Losdq0YaPwHkCW0cOuJ8W7dauFGFml9BOSq2d5jKhwG2Ql5HAUwOJzgQz6IqGPTyAo BPgPregCN4lZ9uEFTq0McPJ+MrmlS99XecE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674255552582100007 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2506 In all DSC files that define SECURE_BOOT_ENABLE, opt-in into requiring self-signed PK when SECURE_BOOT_ENABLE is TRUE. Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Sami Mujawar Cc: Gerd Hoffmann Signed-off-by: Jan Bobek --- ArmVirtPkg/ArmVirtCloudHv.dsc | 4 ++++ ArmVirtPkg/ArmVirtQemu.dsc | 4 ++++ ArmVirtPkg/ArmVirtQemuKernel.dsc | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc index 7ca7a391d9cf..dc33936d6f03 100644 --- a/ArmVirtPkg/ArmVirtCloudHv.dsc +++ b/ArmVirtPkg/ArmVirtCloudHv.dsc @@ -85,6 +85,10 @@ [PcdsFeatureFlag.common] =20 gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE =20 +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE +!endif + [PcdsFixedAtBuild.common] !if $(ARCH) =3D=3D AARCH64 gArmTokenSpaceGuid.PcdVFPEnabled|1 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 0f1c6395488a..31fd0e5279ab 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -145,6 +145,10 @@ [PcdsFeatureFlag.common] =20 gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE) =20 +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE +!endif + [PcdsFixedAtBuild.common] !if $(ARCH) =3D=3D AARCH64 gArmTokenSpaceGuid.PcdVFPEnabled|1 diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne= l.dsc index 807c85d48285..1e0f06c91137 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -114,6 +114,10 @@ [PcdsFeatureFlag.common] =20 gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE =20 +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE +!endif + [PcdsFixedAtBuild.common] !if $(ARCH) =3D=3D AARCH64 gArmTokenSpaceGuid.PcdVFPEnabled|1 --=20 2.30.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98947): https://edk2.groups.io/g/devel/message/98947 Mute This Topic: https://groups.io/mt/96412384/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-