From nobody Mon Nov 25 19:28:30 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+65000+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+65000+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=intel.com Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1599121269558464.5941902749315; Thu, 3 Sep 2020 01:21:09 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id dXXtYY1788612xvdTgIGnrlZ; Thu, 03 Sep 2020 01:21:08 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web12.13912.1599068663407444488 for ; Wed, 02 Sep 2020 10:44:23 -0700 IronPort-SDR: a+L2FHi7x+riyZhYpLDVXvYCnP2fOwKIXyCIq/iWusn+OqcxZtlaGZTDKw9dtMMabfvoeNV9Ef 2TntYfAMngGw== X-IronPort-AV: E=McAfee;i="6000,8403,9732"; a="145184536" X-IronPort-AV: E=Sophos;i="5.76,383,1592895600"; d="scan'208";a="145184536" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Sep 2020 10:44:21 -0700 IronPort-SDR: Ts2Kpi7nW2b3I6MPTW2QfczoiPxUz1mdUNKiN/UMMKyPCXiL3uVuTgdK7HrI9sOAuISU3e2PC1 YAAROKw3tI7w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,383,1592895600"; d="scan'208";a="477732517" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga005.jf.intel.com with ESMTP; 02 Sep 2020 10:44:21 -0700 X-Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 2 Sep 2020 10:44:21 -0700 X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Wed, 2 Sep 2020 10:44:21 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.104) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Wed, 2 Sep 2020 10:44:21 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fhRcmZRxnaaGArM7Pjf/UCiBVDsDhwH/7zImGhqQZvxULNvwkCxSKrcPb/1nAn3Msy+PxdQ3DqhPAJEqPVEzju9H6lv6GCm9T6dKmsLiHr/0tP96r0S92My4TTD49BVh9JTjpxdLtTpYg78xcNDSlbEBM9ezmFTqF8cfIVfzXAiazUE3DpuSKO9WUuppMxGZW52VpqyZFgPJqUF+aqOJIjwBuJFbZ0uhthDIywXM9GYPWwFHNk6r010JNr6RegIQJE+uO8hVNrdk+0kTOmfkeTNzmb92jr2KxjoWje7eCcYcseFSn/fxcsAbOSs+NmRHu52zE3tjwvLh+Szomb6q7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z38vVn5YI/2+Zd7qHNA7BMHlq9ZpftpzP8JwAkHWdmY=; b=khPwjmlt6Nb1HxqM6I8llcTMr120x0Kajw3VUI6vvoUBFG39gWQiUumJrlEJSnzEmEOJpqM4MRDrD76VMOKFyA6lXscbarScPbgXG7IldLMwMaw8g88JrFUsmpiTf+Umeec6lgh8PANJ7GH5b+LgDdJ82acs2DV2gsfbuYaYRBGBAZqE7wqtk0tcS0q+FWZOQ15i44wQR7ingAHfm1aVQHjqbLaMhhMVwsGt7SJO1kRgapjod0/H84ttu1nTu3awQnawK4R6ZTm+PWujYjYFNKh5MZhpJqyCaDJnxY+8rvqlauAceVorg5zE/Y45NuGnTASy+yrgNLqS4Yte3CRXIA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from DM6PR11MB4315.namprd11.prod.outlook.com (2603:10b6:5:201::28) by DM5PR11MB1561.namprd11.prod.outlook.com (2603:10b6:4:a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.21; Wed, 2 Sep 2020 17:44:20 +0000 X-Received: from DM6PR11MB4315.namprd11.prod.outlook.com ([fe80::4c5c:c6d0:dfd3:1e45]) by DM6PR11MB4315.namprd11.prod.outlook.com ([fe80::4c5c:c6d0:dfd3:1e45%4]) with mapi id 15.20.3348.015; Wed, 2 Sep 2020 17:44:20 +0000 From: "Wadhawan, Divneil R" To: "devel@edk2.groups.io" CC: "Kinney, Michael D" , "Wadhawan, Divneil R" Subject: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Authenticated Variables Thread-Topic: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Authenticated Variables Thread-Index: AdaBT/CZCb6060a8RgyfW8ke3YHG1Q== Date: Wed, 2 Sep 2020 17:44:19 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 x-originating-ip: [223.226.100.182] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9c0f3f45-0924-4e8b-13fd-08d84f67d252 x-ms-traffictypediagnostic: DM5PR11MB1561: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: LBz22jJhSh7J0WLDIr2Jm04FuEiEa9QF8K17vp0YXBrpQqMPxZ0u6h8Wt6QBB0Fu1vRAkGLFWKq6pHMDObzSbZMU6QRereMWE3cYGos0HQJMGQDpbzWOJtK7Hb2FxCanjzVI17pds2gScSLke4tbdKgXYc0pbbp9W5hZulYa0F9sCuwTGmsAffM/e6u0Yaws2jcgrUzeaUROtx0xA+lQUYsdiJbcb9upbUBVrrQI82qpSW48BX5ZAJiLGQw1us8nLGXoGZzNU9k2pAjTDzX588fi0zdW7pRlV8OdlsMUJCFlaD3H8euEKgdu+Dn2YJB9Lxa5lwrbnGP2XHwFVD+0ow== x-ms-exchange-antispam-messagedata: wfAK0ctZNbjjDTOVk97MZQZrwmQny7CeMaRL/VWaRg2iF/iUWaWjfJWX2OkvQkmj4yiOzBzrqa3HxDLf/Ixg+yrK0kiN9pfKy5TmoImyocId32wfsZVUbuI/McV8rF1lan/vSJBCTDL6VnTU/GHiXeBe5CGaCCTr5C9isfYBLe+3TY9/LEaH1UrEREb3Iad7NTPsf91z0yXhDlNlrwpbJKYaCswWKJx2p1BTxflNUSovZyobPhHqJ2YIhqajQCQURPrrwIMUiZf56LR9F23gvTCWeUbjZGpfXkG6p4dVslTgC/+z1lh6R1L7REbCk4c0IdUfimivNgybFPN1Tqf9JUlVrLIqKd5PBGgjAKkhdXxx2jcuc+8XqEjaw/XSEHbq+xHDaxKLXmkm3F+ULOO7ZLnpXTdazhG1ddvE77HUSvHKSJ3Oh0HBZvTnBWVcJ6ZYNjseX4NCqpHnV56Awq3nc7dohE8huCPSjwtt1Mm2PrvWQ336zAfEOjWHfTA77nsYkYifbqPgbOiaApt1/Ppjdx+RgSbqIjgLJfeiC4tcr12H1zHvsONmW79lmxHtodR7KWHhpj9p5jvLKhUICYqnHHjAIS7k9Nphc05EE/QIlpH8q50Fmx3Al+JMOdkmo7Q5HXi5pn38dYSbl/DQwecg0A== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4315.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9c0f3f45-0924-4e8b-13fd-08d84f67d252 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Sep 2020 17:44:19.9746 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: WEYypaCohzz8yVXVF5LkUkXONA02Yrwx8O95MDmNBzs6oTG/eB0alycXm5pGInRnYX9QaXD/K8ALQR13Rj1mn53HM89wrXfrI+sJK7wqmmQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1561 X-OriginatorOrg: intel.com Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,divneil.r.wadhawan@intel.com X-Gm-Message-State: xbLhSHwJKTFfQDXpRunESCgbx1787277AA= Content-Language: en-US Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1599121268; bh=xu1u1/pfBrccqhNERJyWu0WJL5x+okFCaVetcsDqnsY=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=goeVMQm769etojHWeaaN8r9HSlU/jnweQgQdjV3ClwDiu9+EEc/v3LwcErScWT/8FB/ coqb92rwtBY27WmiTzuoq+vaxAqBaAUQpIkq86YGQ+UL3kzSMKMrrtCeNUoEv+JYzPsOt Hb8DcXwx2hH7bxXN+5F0BTUalGKJ/V0Zww8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" SECURE_BOOT_ENABLE feature flag is introduced to enable Authenticated variable support by: o Enabling storage space o Enabling AuthLib support Signed-off-by: Divneil Rai Wadhawan --- EmulatorPkg/EmulatorPkg.dsc | 17 ++++++++++++++++- EmulatorPkg/EmulatorPkg.fdf | 14 ++++++++++---- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc index 86a6271735..06cd8a9b4c 100644 --- a/EmulatorPkg/EmulatorPkg.dsc +++ b/EmulatorPkg/EmulatorPkg.dsc @@ -32,6 +32,7 @@ DEFINE NETWORK_TLS_ENABLE =3D FALSE DEFINE NETWORK_HTTP_BOOT_ENABLE =3D FALSE DEFINE NETWORK_ISCSI_ENABLE =3D FALSE + DEFINE SECURE_BOOT_ENABLE =3D TRUE =20 [SkuIds] 0|DEFAULT @@ -89,6 +90,7 @@ TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat= e.inf SerialPortLib|MdePkg/Library/BaseSerialPortLibNull/BaseSerialPortLibNull= .inf CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf + # # Platform # @@ -106,12 +108,21 @@ LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/C= puExceptionHandlerLibNull.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf =20 + !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSe= cureLibNull.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + !else + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableL= ibNull.inf + !endif + [LibraryClasses.common.SEC] PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.i= nf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -190,6 +201,10 @@ gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000 gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000 gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVERY.fd" + !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE + !endif =20 gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64" =20 diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf index 295f6f1db8..93552baf8b 100644 --- a/EmulatorPkg/EmulatorPkg.fdf +++ b/EmulatorPkg/EmulatorPkg.fdf @@ -46,10 +46,16 @@ DATA =3D { # Blockmap[1]: End 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ## This is the VARIABLE_STORE_HEADER - #Signature: gEfiVariableGuid =3D - # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0= xfe, 0x7d }} - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, + !if $(SECURE_BOOT_ENABLE) =3D=3D FALSE + #Signature: gEfiVariableGuid =3D + # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f,= 0xfe, 0x7d }} + 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, + 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, + !else + # Signature: gEfiAuthenticatedVariableGuid =3D { 0xaaf32c78, 0x947b, 0= x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, + !endif #Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableS= ize) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) =3D 0xBFB8 # This can speed up the Variable Dispatch a bit. 0xB8, 0xBF, 0x00, 0x00, --=20 2.24.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65000): https://edk2.groups.io/g/devel/message/65000 Mute This Topic: https://groups.io/mt/76591630/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-