From nobody Fri Mar 29 14:07:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+65013+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+65013+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=intel.com Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1599157010054515.7656389369736; Thu, 3 Sep 2020 11:16:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id uE0VYY1788612xYlJ55sWDwk; Thu, 03 Sep 2020 11:16:47 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.20502.1599157005983134491 for ; Thu, 03 Sep 2020 11:16:46 -0700 IronPort-SDR: nHynqLItbZ97SDu1cjZG8U11Zqxm8ywbDPnx345MvkhF4sfC8G8rB7QyGIZgcp50PdPC+N5iG4 QZbke2TAKJ4A== X-IronPort-AV: E=McAfee;i="6000,8403,9733"; a="158619556" X-IronPort-AV: E=Sophos;i="5.76,387,1592895600"; d="scan'208";a="158619556" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Sep 2020 11:16:44 -0700 IronPort-SDR: laLMDU8Y4jCPiyriR0nQ6k35xPL5WOGrnWGwE1SigXlqmD5yUWq3tJuxGUKR4GxSx4vhZH7jwr 3CacZQ4FXMhQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,387,1592895600"; d="scan'208";a="334555081" X-Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga002.fm.intel.com with ESMTP; 03 Sep 2020 11:16:44 -0700 X-Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 3 Sep 2020 11:16:44 -0700 X-Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Thu, 3 Sep 2020 11:16:44 -0700 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.174) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Thu, 3 Sep 2020 11:16:43 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YRrRMnMvN8+tHuHY6Nq2dBCpy+y1MCwu9UWt1zrkSLWfF2xQ3TRoL4a/4jrCQJ2uXJJbyoYRHcp+a8AGw7MrP4WfHSVgflpX4RNhCgCvJqwH19VMxXN47x8XHe5vuReS9b5ElOFkxHTq2C3L/gDn6tvhfmhR62qdPoxGWRfyt93t1LGibK4GRRGbIgNoQs51bf5zXMuUEHZfvydLMHnaey5VjXwQeLEL0KlYjsrH+zfBtCoD1Nqht7rBns+AgyT5NNR6yBAJQuwk55K6dfSHk6hOCTy0lEzCXkerBcmeuVeaxxff+jUt35EfF5JH3E2c+lWVpJ3UMwbTOmBKmUd6uA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AZasjmGc/kOGNA0/wsel5o7WPemikRhJxYXqBme+Dck=; b=anFDK7sveILB0+BCs7YqHrxDgKdFovCtm59Jtmpzf/1ggghjWGkd7QDcqINluGyrsnpIbBo3tjpN8cVH4vK8VUOI2d0r5XVetm0GhgKmAlir2nCqi1gmdjXO1FX+DtnJxZvfFnaNjJ2lBvry8EFUeOudi7vK4rl4jN3csSFAvXvk8uenejjNUjFS84+bm70JmTFVNaDO/q3rAwd7LJoEYMBjBDebG8srEcTaXBjIKQw/KUvE4r1HWZfoFhP/HGlIh3RnCDrFf/81nykaidp25xEdY8WfNtdYfIaDQbPX7R+FrsbiMxJw3KNeXJSRNMLa2Rsbewn3WuKZO6N5eX0uLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from DM6PR11MB4315.namprd11.prod.outlook.com (2603:10b6:5:201::28) by DM5PR11MB1515.namprd11.prod.outlook.com (2603:10b6:4:11::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.19; Thu, 3 Sep 2020 18:16:37 +0000 X-Received: from DM6PR11MB4315.namprd11.prod.outlook.com ([fe80::4c5c:c6d0:dfd3:1e45]) by DM6PR11MB4315.namprd11.prod.outlook.com ([fe80::4c5c:c6d0:dfd3:1e45%4]) with mapi id 15.20.3348.016; Thu, 3 Sep 2020 18:16:37 +0000 From: "Wadhawan, Divneil R" To: "devel@edk2.groups.io" CC: "Ni, Ray" , "Andrew Fish (afish@apple.com)" , "Justen, Jordan L" , "Kinney, Michael D" , "Wadhawan, Divneil R" Subject: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot Thread-Topic: [PATCH] EmulatorPkg: Enable support for Secure Boot Thread-Index: AdaCHcOq09NVsUUUTq6Wok4PiAO4og== Date: Thu, 3 Sep 2020 18:16:36 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 x-originating-ip: [223.226.100.182] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8cde7683-dbdb-49e1-4955-08d850357f32 x-ms-traffictypediagnostic: DM5PR11MB1515: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 9CD3fYRVml3R3VxDh4XfVuuup5CDRrU2dDIhR7XIawv7yPud42iqin3ZOEAXea/t1E3iaHjpXmp+VS7f/bo4mF1VJfdrhQx+YceLA+MXNMhs7Gd2Y95sTkk/L1kGh7DSKUcFO0CzShiFeCBGMtNFm224SXxn6fTj+w/lrJvepmi8NHEFSZKtIZKh8oRpy6PqBA4Yokbfz5b8808kmSVR32GWyA+idDkrhgOhkmFmS6N1zsiBR4J/1FxOXL6+1HiX8Mom2TUYK+HhXS65BdP5j8F06vtnh+CNtzVH7Forqzp2k1UeqYM1VV05i49AS6ipUw+C3tQpwTzgdWJepGmbBw== x-ms-exchange-antispam-messagedata: aidq6KJwBuK9U+jkZPe2ANTBXg7hjRskReaq7iHr0H6swVW/K+TSL2V5BQ4r5cNKX+N1KBlHEdB3p+NpeK8YW8jCM3YZY011Nm8ja9raFVwpahf65vbziDUmzmVH5OfuXM6Rv5eGSWgKBcZoUjk8wPpxnyHd93z6ycZslUGi8vJ5yPiE5NccyvxErcuRiNPizQC89WwDiKmEGbx1v7V0oSiKzGoNUYddA1aYuKqk6D6BKuDADYITDFUNRsa7b+w5PUO0WfzzQ0ppmoOkjyVPodKoyGEaqznJb0ZASuDduZnSV48VivdUBDYi0aKkeJdkCAdswjn02tSQix9G88kqMVI4ydeTzIhc1i7Sf0Hesqy+OTO4CsRiklchEjVbLjy+QiomH3oOXq+HRXFtnzCUuzgNZUilbfjOoozG0Gkhyv40j0v0M8TnxwvGcaJbtmKvU/aifj4ujLzrSNjJD7pyjNp2S3VrXFJ2syWCRYqhZSEjhBOSBFYWpFk9KxfVZCNyGWuETSnOsxsbFVp+y2PL9GMbLDhcONp/6NYafUhTpAVmh+avworcNiVRin+y11oK+Ab0lb8w9m8KPux4QCzvZ6fZVO/bfHpSmIRItZdEBqaKGqJEOBpuiU53k4Sc3STBYYJbDYEYQ0FLD8X7byAShg== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4315.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8cde7683-dbdb-49e1-4955-08d850357f32 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Sep 2020 18:16:36.9696 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: fcS8+zDEfkWI3BASC+vxI+oVSAkSp/nYticKUlVvsplUc78Fsxv6OMGHna5C9Z+Rb6EkDRPtmVAivu8zq7ikqgOFu56JHhKnmx69zQ3UH1I= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1515 X-OriginatorOrg: intel.com Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,divneil.r.wadhawan@intel.com X-Gm-Message-State: E9KXmwELesUDvLEv67D7kc4jx1787277AA= Content-Language: en-US Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1599157007; bh=8Kfqof4ilWVUwsMyYjweyStx6lphVbC8cgo2h+GJZpM=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=e2lP9CYqnmJzVfQg+fIfwbttmiTbUE5a5LaQL8oNx2QbUPbEwMSSO0TS8fjlSpMcq4B LizMC8qquWrkSivM+moKlzgxXdvoWl4Y6SOYCcFaDbOPdp43vIi7iozxPhAM5hSE8KFmi lK9MlNeSMq1ytSyr8WxNr6G76sh4xH3TD3Y= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot. The following gets enabled with this patch: o Secure Boot Menu in "Device Manager" for enrolling keys o Storage space for Authenticated Variables o Authenticated execution of 3rd party images Signed-off-by: Divneil Rai Wadhawan --- EmulatorPkg/EmulatorPkg.dsc | 40 +++++++++++++++++++++++++++++++++++-- EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++---- 2 files changed, 55 insertions(+), 6 deletions(-) diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc index 86a6271735..6591c3e824 100644 --- a/EmulatorPkg/EmulatorPkg.dsc +++ b/EmulatorPkg/EmulatorPkg.dsc @@ -32,6 +32,7 @@ DEFINE NETWORK_TLS_ENABLE =3D FALSE DEFINE NETWORK_HTTP_BOOT_ENABLE =3D FALSE DEFINE NETWORK_ISCSI_ENABLE =3D FALSE + DEFINE SECURE_BOOT_ENABLE =3D FALSE =20 [SkuIds] 0|DEFAULT @@ -106,12 +107,20 @@ LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/C= puExceptionHandlerLibNull.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf =20 + !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSe= cureLibNull.inf + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + !else + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableL= ibNull.inf + !endif + [LibraryClasses.common.SEC] PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.i= nf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -162,7 +171,20 @@ TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf =20 -[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIV= ER, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_APPLICATIO= N] +[LibraryClasses.common.DXE_DRIVER] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf + EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf + PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/DxeE= muPeCoffExtraActionLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf + TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf + !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + !endif + +[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIV= ER, LibraryClasses.common.UEFI_APPLICATION] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf @@ -171,6 +193,9 @@ PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/DxeE= muPeCoffExtraActionLib.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf + !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + !endif =20 [PcdsFeatureFlag] gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE @@ -190,6 +215,10 @@ gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000 gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000 gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVERY.fd" + !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE + !endif =20 gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64" =20 @@ -315,6 +344,13 @@ EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf EmulatorPkg/TimerDxe/Timer.inf =20 + !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= Dxe.inf + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { + + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf + } + !endif =20 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf index 295f6f1db8..4bf592e778 100644 --- a/EmulatorPkg/EmulatorPkg.fdf +++ b/EmulatorPkg/EmulatorPkg.fdf @@ -46,10 +46,16 @@ DATA =3D { # Blockmap[1]: End 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ## This is the VARIABLE_STORE_HEADER - #Signature: gEfiVariableGuid =3D - # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0= xfe, 0x7d }} - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, + !if $(SECURE_BOOT_ENABLE) =3D=3D FALSE + #Signature: gEfiVariableGuid =3D + # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f,= 0xfe, 0x7d }} + 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, + 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, + !else + # Signature: gEfiAuthenticatedVariableGuid =3D { 0xaaf32c78, 0x947b, 0= x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, + !endif #Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableS= ize) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) =3D 0xBFB8 # This can speed up the Variable Dispatch a bit. 0xB8, 0xBF, 0x00, 0x00, @@ -186,6 +192,13 @@ INF RuleOverride =3D UI MdeModulePkg/Application/UiAp= p/UiApp.inf INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf =20 +# +# Secure Boot Key Enroll +# +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE +INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig= Dxe.inf +!endif + # # Network stack drivers # --=20 2.24.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65013): https://edk2.groups.io/g/devel/message/65013 Mute This Topic: https://groups.io/mt/76613369/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-