Re: [edk2-devel] [PATCH v2 2/6] SecurityPkg: Create include file for default key content.
Internally reviewed this patch before sending the edk2 mailing list and It
looks good to me. Please also address Min M's good catch/comment.
Reviewed-by: Sunny Wang
Hi Laszlo,
if you have time, I think you can still review this patch because this patch is
a simple one and is based on your valuable feedback in RFC. It would be good to
get your review on this one. :)
Thanks,
Sunny
-Original Message-
From: Grzegorz Bernacki
Sent: Tuesday, June 1, 2021 9:12 PM
To: devel@edk2.groups.io
Cc: l...@nuviainc.com; ardb+tianoc...@kernel.org; Samer El-Haj-Mahmoud
; Sunny Wang ;
m...@semihalf.com; upstr...@semihalf.com; jiewen@intel.com;
jian.j.w...@intel.com; min.m...@intel.com; ler...@redhat.com; Grzegorz Bernacki
Subject: [PATCH v2 2/6] SecurityPkg: Create include file for default key
content.
This commits add file which can be included by platform Flash
Description File. It allows to specify certificate files, which
will be embedded into binary file. The content of these files
can be used to initialize Secure Boot default keys and databases.
Signed-off-by: Grzegorz Bernacki
---
SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62
1 file changed, 62 insertions(+)
create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc
diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc
b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
new file mode 100644
index 00..056586b204
--- /dev/null
+++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
@@ -0,0 +1,62 @@
+
+!if $(DEFAULT_KEYS) == TRUE
+ FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
+ !ifdef $(PK_DEFAULT_FILE)
+SECTION RAW = $(PK_DEFAULT_FILE)
+ !endif
+SECTION UI = "PK Default"
+ }
+
+ FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
+ !ifdef $(KEK_DEFAULT_FILE1)
+SECTION RAW = $(KEK_DEFAULT_FILE1)
+ !endif
+ !ifdef $(KEK_DEFAULT_FILE2)
+SECTION RAW = $(KEK_DEFAULT_FILE2)
+ !endif
+ !ifdef $(KEK_DEFAULT_FILE3)
+SECTION RAW = $(KEK_DEFAULT_FILE3)
+ !endif
+SECTION UI = "KEK Default"
+ }
+
+ FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
+ !ifdef $(DB_DEFAULT_FILE1)
+SECTION RAW = $(DB_DEFAULT_FILE1)
+ !endif
+ !ifdef $(DB_DEFAULT_FILE2)
+SECTION RAW = $(DB_DEFAULT_FILE2)
+ !endif
+ !ifdef $(DB_DEFAULT_FILE3)
+SECTION RAW = $(DB_DEFAULT_FILE3)
+ !endif
+SECTION UI = "DB Default"
+ }
+
+ FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 {
+ !ifdef $(DBT_DEFAULT_FILE1)
+SECTION RAW = $(DBT_DEFAULT_FILE1)
+ !endif
+ !ifdef $(DBT_DEFAULT_FILE2)
+SECTION RAW = $(DBT_DEFAULT_FILE2)
+ !endif
+ !ifdef $(DBT_DEFAULT_FILE3)
+SECTION RAW = $(DBT_DEFAULT_FILE3)
+ !endif
+SECTION UI = "DBT Default"
+ }
+
+ FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f {
+ !ifdef $(DBX_DEFAULT_FILE1)
+SECTION RAW = $(DBX_DEFAULT_FILE1)
+ !endif
+ !ifdef $(DBX_DEFAULT_FILE2)
+SECTION RAW = $(DBX_DEFAULT_FILE2)
+ !endif
+ !ifdef $(DBX_DEFAULT_FILE3)
+SECTION RAW = $(DBX_DEFAULT_FILE3)
+ !endif
+SECTION UI = "DBX Default"
+ }
+
+!endif
--
2.25.1
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#76046): https://edk2.groups.io/g/devel/message/76046
Mute This Topic: https://groups.io/mt/83232296/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 2/6] SecurityPkg: Create include file for default key content.
On Tuesday, June 1, 2021 9:12 PM, Grzegorz Bernacki Wrote:
> This commits add file which can be included by platform Flash Description
> File. It allows to specify certificate files, which will be embedded into
> binary
> file. The content of these files can be used to initialize Secure Boot default
> keys and databases.
>
> Signed-off-by: Grzegorz Bernacki
> ---
> SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62
> 1 file changed, 62 insertions(+)
> create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc
>
> diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc
> b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
> new file mode 100644
> index 00..056586b204
> --- /dev/null
> +++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
> @@ -0,0 +1,62 @@
File header should be included, for example, the file description, Copyright,
License, etc.
> +
> +!if $(DEFAULT_KEYS) == TRUE
> + FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
> + !ifdef $(PK_DEFAULT_FILE)
> +SECTION RAW = $(PK_DEFAULT_FILE)
> + !endif
> +SECTION UI = "PK Default"
> + }
> +
> + FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { !ifdef
> + $(KEK_DEFAULT_FILE1)
> +SECTION RAW = $(KEK_DEFAULT_FILE1)
> + !endif
> + !ifdef $(KEK_DEFAULT_FILE2)
> +SECTION RAW = $(KEK_DEFAULT_FILE2)
> + !endif
> + !ifdef $(KEK_DEFAULT_FILE3)
> +SECTION RAW = $(KEK_DEFAULT_FILE3)
> + !endif
> +SECTION UI = "KEK Default"
> + }
> +
> + FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { !ifdef
> + $(DB_DEFAULT_FILE1)
> +SECTION RAW = $(DB_DEFAULT_FILE1)
> + !endif
> + !ifdef $(DB_DEFAULT_FILE2)
> +SECTION RAW = $(DB_DEFAULT_FILE2)
> + !endif
> + !ifdef $(DB_DEFAULT_FILE3)
> +SECTION RAW = $(DB_DEFAULT_FILE3)
> + !endif
> +SECTION UI = "DB Default"
> + }
> +
> + FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 { !ifdef
> + $(DBT_DEFAULT_FILE1)
> +SECTION RAW = $(DBT_DEFAULT_FILE1)
> + !endif
> + !ifdef $(DBT_DEFAULT_FILE2)
> +SECTION RAW = $(DBT_DEFAULT_FILE2)
> + !endif
> + !ifdef $(DBT_DEFAULT_FILE3)
> +SECTION RAW = $(DBT_DEFAULT_FILE3)
> + !endif
> +SECTION UI = "DBT Default"
> + }
> +
> + FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { !ifdef
> + $(DBX_DEFAULT_FILE1)
> +SECTION RAW = $(DBX_DEFAULT_FILE1)
> + !endif
> + !ifdef $(DBX_DEFAULT_FILE2)
> +SECTION RAW = $(DBX_DEFAULT_FILE2)
> + !endif
> + !ifdef $(DBX_DEFAULT_FILE3)
> +SECTION RAW = $(DBX_DEFAULT_FILE3)
> + !endif
> +SECTION UI = "DBX Default"
> + }
> +
> +!endif
> --
> 2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#76014): https://edk2.groups.io/g/devel/message/76014
Mute This Topic: https://groups.io/mt/83232296/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 2/6] SecurityPkg: Create include file for default key content.
On 2021.06.01 14:12, Grzegorz Bernacki wrote:
This commits add file which can be included by platform Flash
Description File. It allows to specify certificate files, which
will be embedded into binary file. The content of these files
can be used to initialize Secure Boot default keys and databases.
Signed-off-by: Grzegorz Bernacki
---
SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62
1 file changed, 62 insertions(+)
create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc
diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc
b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
new file mode 100644
index 00..056586b204
--- /dev/null
+++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
@@ -0,0 +1,62 @@
+
+!if $(DEFAULT_KEYS) == TRUE
+ FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
+ !ifdef $(PK_DEFAULT_FILE)
+SECTION RAW = $(PK_DEFAULT_FILE)
+ !endif
+SECTION UI = "PK Default"
+ }
+
+ FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
+ !ifdef $(KEK_DEFAULT_FILE1)
+SECTION RAW = $(KEK_DEFAULT_FILE1)
+ !endif
+ !ifdef $(KEK_DEFAULT_FILE2)
+SECTION RAW = $(KEK_DEFAULT_FILE2)
+ !endif
+ !ifdef $(KEK_DEFAULT_FILE3)
+SECTION RAW = $(KEK_DEFAULT_FILE3)
+ !endif
+SECTION UI = "KEK Default"
+ }
+
+ FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
+ !ifdef $(DB_DEFAULT_FILE1)
+SECTION RAW = $(DB_DEFAULT_FILE1)
+ !endif
+ !ifdef $(DB_DEFAULT_FILE2)
+SECTION RAW = $(DB_DEFAULT_FILE2)
+ !endif
+ !ifdef $(DB_DEFAULT_FILE3)
+SECTION RAW = $(DB_DEFAULT_FILE3)
+ !endif
+SECTION UI = "DB Default"
+ }
+
+ FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 {
+ !ifdef $(DBT_DEFAULT_FILE1)
+SECTION RAW = $(DBT_DEFAULT_FILE1)
+ !endif
+ !ifdef $(DBT_DEFAULT_FILE2)
+SECTION RAW = $(DBT_DEFAULT_FILE2)
+ !endif
+ !ifdef $(DBT_DEFAULT_FILE3)
+SECTION RAW = $(DBT_DEFAULT_FILE3)
+ !endif
+SECTION UI = "DBT Default"
+ }
+
+ FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f {
+ !ifdef $(DBX_DEFAULT_FILE1)
+SECTION RAW = $(DBX_DEFAULT_FILE1)
+ !endif
+ !ifdef $(DBX_DEFAULT_FILE2)
+SECTION RAW = $(DBX_DEFAULT_FILE2)
+ !endif
+ !ifdef $(DBX_DEFAULT_FILE3)
+SECTION RAW = $(DBX_DEFAULT_FILE3)
+ !endif
+SECTION UI = "DBX Default"
+ }
+
+!endif
Reviewed-by: Pete Batard
Tested-by: Pete Batard on Raspberry Pi 4
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#75988): https://edk2.groups.io/g/devel/message/75988
Mute This Topic: https://groups.io/mt/83232296/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 2/6] SecurityPkg: Create include file for default key content.
This commits add file which can be included by platform Flash
Description File. It allows to specify certificate files, which
will be embedded into binary file. The content of these files
can be used to initialize Secure Boot default keys and databases.
Signed-off-by: Grzegorz Bernacki
---
SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62
1 file changed, 62 insertions(+)
create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc
diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc
b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
new file mode 100644
index 00..056586b204
--- /dev/null
+++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
@@ -0,0 +1,62 @@
+
+!if $(DEFAULT_KEYS) == TRUE
+ FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
+ !ifdef $(PK_DEFAULT_FILE)
+SECTION RAW = $(PK_DEFAULT_FILE)
+ !endif
+SECTION UI = "PK Default"
+ }
+
+ FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
+ !ifdef $(KEK_DEFAULT_FILE1)
+SECTION RAW = $(KEK_DEFAULT_FILE1)
+ !endif
+ !ifdef $(KEK_DEFAULT_FILE2)
+SECTION RAW = $(KEK_DEFAULT_FILE2)
+ !endif
+ !ifdef $(KEK_DEFAULT_FILE3)
+SECTION RAW = $(KEK_DEFAULT_FILE3)
+ !endif
+SECTION UI = "KEK Default"
+ }
+
+ FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
+ !ifdef $(DB_DEFAULT_FILE1)
+SECTION RAW = $(DB_DEFAULT_FILE1)
+ !endif
+ !ifdef $(DB_DEFAULT_FILE2)
+SECTION RAW = $(DB_DEFAULT_FILE2)
+ !endif
+ !ifdef $(DB_DEFAULT_FILE3)
+SECTION RAW = $(DB_DEFAULT_FILE3)
+ !endif
+SECTION UI = "DB Default"
+ }
+
+ FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 {
+ !ifdef $(DBT_DEFAULT_FILE1)
+SECTION RAW = $(DBT_DEFAULT_FILE1)
+ !endif
+ !ifdef $(DBT_DEFAULT_FILE2)
+SECTION RAW = $(DBT_DEFAULT_FILE2)
+ !endif
+ !ifdef $(DBT_DEFAULT_FILE3)
+SECTION RAW = $(DBT_DEFAULT_FILE3)
+ !endif
+SECTION UI = "DBT Default"
+ }
+
+ FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f {
+ !ifdef $(DBX_DEFAULT_FILE1)
+SECTION RAW = $(DBX_DEFAULT_FILE1)
+ !endif
+ !ifdef $(DBX_DEFAULT_FILE2)
+SECTION RAW = $(DBX_DEFAULT_FILE2)
+ !endif
+ !ifdef $(DBX_DEFAULT_FILE3)
+SECTION RAW = $(DBX_DEFAULT_FILE3)
+ !endif
+SECTION UI = "DBX Default"
+ }
+
+!endif
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#75902): https://edk2.groups.io/g/devel/message/75902
Mute This Topic: https://groups.io/mt/83232296/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
