<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:53552989;
mso-list-template-ids:-2050819596;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:365445277;
mso-list-type:hybrid;
mso-list-template-ids:497326164 -158926726 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-start-at:2;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Calibri",sans-serif;
mso-fareast-font-family:Calibri;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:938835054;
mso-list-template-ids:-1444525108;}
@list l2:level1
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level4
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level7
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3
{mso-list-id:1553157270;
mso-list-type:hybrid;
mso-list-template-ids:2129054394 67698709 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l3:level1
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;}
@list l3:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;}
@list l3:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:1.25in;
text-indent:-9.0pt;}
@list l3:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;}
@list l3:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;}
@list l3:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:2.75in;
text-indent:-9.0pt;}
@list l3:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;}
@list l3:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;}
@list l3:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:4.25in;
text-indent:-9.0pt;}
@list l4
{mso-list-id:1923637335;
mso-list-template-ids:1516429018;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5
{mso-list-id:2142527779;
mso-list-template-ids:-2010732014;}
@list l5:level1
{mso-level-start-at:2;
mso-level-number-format:alpha-upper;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level2
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level3
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level4
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level5
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level6
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level7
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level8
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level9
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi Ray,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I saw that a patch merged few hours ago before my patch added RngLib in [LibraryClasses] section of OpensslLib.<o:p></o:p></p>
<p class="MsoNormal">This caused the EmulatorPkg Secure boot enable build to fail.<o:p></o:p></p>
<p class="MsoNormal">I have generated a PR for fixing it: <a href="https://github.com/tianocore/edk2/pull/942">
https://github.com/tianocore/edk2/pull/942</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal">Divneil<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> devel@edk2.groups.io <devel@edk2.groups.io> <b>
On Behalf Of </b>Wadhawan, Divneil R<br>
<b>Sent:</b> Friday, September 18, 2020 5:28 PM<br>
<b>To:</b> Ni, Ray <ray.ni@intel.com>; devel@edk2.groups.io<br>
<b>Cc:</b> gaoliming <gaoliming@byosoft.com.cn>; 'Andrew Fish' <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R <divneil.r.wadhawan@intel.com><br>
<b>Subject:</b> Re: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure Boot<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi Ray,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks for your help.<o:p></o:p></p>
<p class="MsoNormal">I see the patch is merged now. :)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal">Divneil<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Ni, Ray <<a href="mailto:ray.ni@intel.com">ray.ni@intel.com</a>>
<br>
<b>Sent:</b> Friday, September 18, 2020 5:17 PM<br>
<b>To:</b> Wadhawan, Divneil R <<a href="mailto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>>;
<a href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a><br>
<b>Cc:</b> gaoliming <<a href="mailto:gaoliming@byosoft.com.cn">gaoliming@byosoft.com.cn</a>>; 'Andrew Fish' <<a href="mailto:afish@apple.com">afish@apple.com</a>>; Justen, Jordan L <<a href="mailto:jordan.l.justen@intel.com">jordan.l.justen@intel.com</a>>;
Kinney, Michael D <<a href="mailto:michael.d.kinney@intel.com">michael.d.kinney@intel.com</a>><br>
<b>Subject:</b> RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure Boot<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Divneil,<o:p></o:p></p>
<p class="MsoNormal">pull request is created: <a href="https://github.com/tianocore/edk2/pull/941">
https://github.com/tianocore/edk2/pull/941</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">If it succeeds, the patch will be merged automatically.<o:p></o:p></p>
<p class="MsoNormal">If it fails, please check the specific failure message and provide updated patch.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Ray<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Ni, Ray <br>
<b>Sent:</b> Thursday, September 17, 2020 4:19 PM<br>
<b>To:</b> Wadhawan, Divneil R <<a href="mailto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>>;
<a href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a><br>
<b>Cc:</b> gaoliming <<a href="mailto:gaoliming@byosoft.com.cn">gaoliming@byosoft.com.cn</a>>; 'Andrew Fish' <<a href="mailto:afish@apple.com">afish@apple.com</a>>; Justen, Jordan L <<a href="mailto:jordan.l.justen@intel.com">jordan.l.justen@intel.com</a>>;
Kinney, Michael D <<a href="mailto:michael.d.kinney@intel.com">michael.d.kinney@intel.com</a>><br>
<b>Subject:</b> RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure Boot<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Reviewed-by: Ray Ni <<a href="mailto:ray.ni@intel.com">ray.ni@intel.com</a>><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Wadhawan, Divneil R <<a href="mailto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>>
<br>
<b>Sent:</b> Thursday, September 17, 2020 3:43 PM<br>
<b>To:</b> Ni, Ray <<a href="mailto:ray.ni@intel.com">ray.ni@intel.com</a>>; <a href="mailto:devel@edk2.groups.io">
devel@edk2.groups.io</a><br>
<b>Cc:</b> gaoliming <<a href="mailto:gaoliming@byosoft.com.cn">gaoliming@byosoft.com.cn</a>>; 'Andrew Fish' <<a href="mailto:afish@apple.com">afish@apple.com</a>>; Justen, Jordan L <<a href="mailto:jordan.l.justen@intel.com">jordan.l.justen@intel.com</a>>;
Kinney, Michael D <<a href="mailto:michael.d.kinney@intel.com">michael.d.kinney@intel.com</a>>; Wadhawan, Divneil R <<a href="mailto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>><br>
<b>Subject:</b> RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure Boot<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi Ray,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Yes, I have tested the following:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0in" start="1" type="A">
<li class="MsoListParagraph" style="margin-left:-.25in;mso-list:l3 level1 lfo3">SECURE_BOOT_ENABLE=true<o:p></o:p></li></ol>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo6">Key Enrollment (PK, KEK, db) via custom mode<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo6">Execution of unit test shell application (signed one works okay, unsigned gives an Access denied)<o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0in" start="2" type="A">
<li class="MsoListParagraph" style="margin-left:-.25in;mso-list:l3 level1 lfo3">SECURE_BOOT_ENABLE=false (default case)<o:p></o:p></li></ol>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo6">Secure Boot Configuration menu is not visible (Same as existing default case)<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo6">Execution of Unit Test Application (Signed/Unsigned both works okay)<o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am planning to post the script in BZ: <a href="https://bugzilla.tianocore.org/show_bug.cgi?id=2949">
https://bugzilla.tianocore.org/show_bug.cgi?id=2949</a> in a day or too.<o:p></o:p></p>
<p class="MsoNormal">The script generates the full key hierarchy that makes it easy to test this patch.<o:p></o:p></p>
<p class="MsoNormal">The patch in BZ requires modifications as per Mike’s comment, so, you can skip the patches in BZ for now.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal">Divneil<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Ni, Ray <<a href="mailto:ray.ni@intel.com">ray.ni@intel.com</a>>
<br>
<b>Sent:</b> Thursday, September 17, 2020 12:49 PM<br>
<b>To:</b> Wadhawan, Divneil R <<a href="mailto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>>;
<a href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a><br>
<b>Cc:</b> gaoliming <<a href="mailto:gaoliming@byosoft.com.cn">gaoliming@byosoft.com.cn</a>>; 'Andrew Fish' <<a href="mailto:afish@apple.com">afish@apple.com</a>>; Justen, Jordan L <<a href="mailto:jordan.l.justen@intel.com">jordan.l.justen@intel.com</a>>;
Kinney, Michael D <<a href="mailto:michael.d.kinney@intel.com">michael.d.kinney@intel.com</a>><br>
<b>Subject:</b> RE: [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure Boot<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Divneil,<o:p></o:p></p>
<p class="MsoNormal">Just want to double confirm: did you test the secure boot and non-secure boot?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Ray<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Wadhawan, Divneil R <<a href="mailto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>>
<br>
<b>Sent:</b> Wednesday, September 16, 2020 11:53 PM<br>
<b>To:</b> <a href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a><br>
<b>Cc:</b> Ni, Ray <<a href="mailto:ray.ni@intel.com">ray.ni@intel.com</a>>; gaoliming <<a href="mailto:gaoliming@byosoft.com.cn">gaoliming@byosoft.com.cn</a>>; 'Andrew Fish' <<a href="mailto:afish@apple.com">afish@apple.com</a>>; Justen, Jordan L <<a href="mailto:jordan.l.justen@intel.com">jordan.l.justen@intel.com</a>>;
Kinney, Michael D <<a href="mailto:michael.d.kinney@intel.com">michael.d.kinney@intel.com</a>>; Wadhawan, Divneil R <<a href="mailto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>><br>
<b>Subject:</b> [edk2-devel] [PATCH v2] EmulatorPkg: Enable support for Secure Boot<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot.<o:p></o:p></p>
<p class="MsoNormal">The following gets enabled with this patch:<o:p></o:p></p>
<p class="MsoNormal">o Secure Boot Menu in "Device Manager" for enrolling keys<o:p></o:p></p>
<p class="MsoNormal">o Storage space for Authenticated Variables<o:p></o:p></p>
<p class="MsoNormal">o Authenticated execution of 3rd party images<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Signed-off-by: Divneil Rai Wadhawan <<a href="mailto:divneil.r.wadhawan@intel.com">divneil.r.wadhawan@intel.com</a>><o:p></o:p></p>
<p class="MsoNormal">---<o:p></o:p></p>
<p class="MsoNormal">EmulatorPkg/EmulatorPkg.dsc | 37 +++++++++++++++++++++++++++++++++++--<o:p></o:p></p>
<p class="MsoNormal">EmulatorPkg/EmulatorPkg.fdf | 14 ++++++++++++++<o:p></o:p></p>
<p class="MsoNormal">2 files changed, 49 insertions(+), 2 deletions(-)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc<o:p></o:p></p>
<p class="MsoNormal">index 86a6271735..c6e25c745e 100644<o:p></o:p></p>
<p class="MsoNormal">--- a/EmulatorPkg/EmulatorPkg.dsc<o:p></o:p></p>
<p class="MsoNormal">+++ b/EmulatorPkg/EmulatorPkg.dsc<o:p></o:p></p>
<p class="MsoNormal">@@ -32,6 +32,7 @@<o:p></o:p></p>
<p class="MsoNormal"> DEFINE NETWORK_TLS_ENABLE = FALSE<o:p></o:p></p>
<p class="MsoNormal"> DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE<o:p></o:p></p>
<p class="MsoNormal"> DEFINE NETWORK_ISCSI_ENABLE = FALSE<o:p></o:p></p>
<p class="MsoNormal">+ DEFINE SECURE_BOOT_ENABLE = FALSE<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> [SkuIds]<o:p></o:p></p>
<p class="MsoNormal"> 0|DEFAULT<o:p></o:p></p>
<p class="MsoNormal">@@ -106,12 +107,20 @@<o:p></o:p></p>
<p class="MsoNormal"> LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf<o:p></o:p></p>
<p class="MsoNormal"> CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf<o:p></o:p></p>
<p class="MsoNormal"> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf<o:p></o:p></p>
<p class="MsoNormal">- AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf<o:p></o:p></p>
<p class="MsoNormal"> VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf<o:p></o:p></p>
<p class="MsoNormal"> SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf<o:p></o:p></p>
<p class="MsoNormal"> ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf<o:p></o:p></p>
<p class="MsoNormal"> FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">+!if $(SECURE_BOOT_ENABLE) == TRUE<o:p></o:p></p>
<p class="MsoNormal">+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf<o:p></o:p></p>
<p class="MsoNormal">+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf<o:p></o:p></p>
<p class="MsoNormal">+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf<o:p></o:p></p>
<p class="MsoNormal">+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf<o:p></o:p></p>
<p class="MsoNormal">+!else<o:p></o:p></p>
<p class="MsoNormal">+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf<o:p></o:p></p>
<p class="MsoNormal">+!endif<o:p></o:p></p>
<p class="MsoNormal">+<o:p></o:p></p>
<p class="MsoNormal">[LibraryClasses.common.SEC]<o:p></o:p></p>
<p class="MsoNormal"> PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf<o:p></o:p></p>
<p class="MsoNormal"> PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf<o:p></o:p></p>
<p class="MsoNormal">@@ -162,6 +171,16 @@<o:p></o:p></p>
<p class="MsoNormal"> TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf<o:p></o:p></p>
<p class="MsoNormal"> EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]<o:p></o:p></p>
<p class="MsoNormal">+!if $(SECURE_BOOT_ENABLE) == TRUE<o:p></o:p></p>
<p class="MsoNormal">+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf<o:p></o:p></p>
<p class="MsoNormal">+!endif<o:p></o:p></p>
<p class="MsoNormal">+<o:p></o:p></p>
<p class="MsoNormal">+[LibraryClasses.common.DXE_RUNTIME_DRIVER]<o:p></o:p></p>
<p class="MsoNormal">+!if $(SECURE_BOOT_ENABLE) == TRUE<o:p></o:p></p>
<p class="MsoNormal">+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf<o:p></o:p></p>
<p class="MsoNormal">+!endif<o:p></o:p></p>
<p class="MsoNormal">+<o:p></o:p></p>
<p class="MsoNormal">[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_APPLICATION]<o:p></o:p></p>
<p class="MsoNormal"> HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf<o:p></o:p></p>
<p class="MsoNormal"> PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf<o:p></o:p></p>
<p class="MsoNormal">@@ -190,6 +209,10 @@<o:p></o:p></p>
<p class="MsoNormal"> gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000<o:p></o:p></p>
<p class="MsoNormal"> gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000<o:p></o:p></p>
<p class="MsoNormal"> gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVERY.fd"<o:p></o:p></p>
<p class="MsoNormal">+!if $(SECURE_BOOT_ENABLE) == TRUE<o:p></o:p></p>
<p class="MsoNormal">+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800<o:p></o:p></p>
<p class="MsoNormal">+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE<o:p></o:p></p>
<p class="MsoNormal">+!endif<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64"<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">@@ -306,7 +329,14 @@<o:p></o:p></p>
<p class="MsoNormal"> EmulatorPkg/ResetRuntimeDxe/Reset.inf<o:p></o:p></p>
<p class="MsoNormal"> MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf<o:p></o:p></p>
<p class="MsoNormal"> EmulatorPkg/FvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf<o:p></o:p></p>
<p class="MsoNormal">- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf<o:p></o:p></p>
<p class="MsoNormal">+<o:p></o:p></p>
<p class="MsoNormal">+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {<o:p></o:p></p>
<p class="MsoNormal">+ <LibraryClasses><o:p></o:p></p>
<p class="MsoNormal">+!if $(SECURE_BOOT_ENABLE) == TRUE<o:p></o:p></p>
<p class="MsoNormal">+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf<o:p></o:p></p>
<p class="MsoNormal">+!endif<o:p></o:p></p>
<p class="MsoNormal">+ }<o:p></o:p></p>
<p class="MsoNormal">+<o:p></o:p></p>
<p class="MsoNormal"> MdeModulePkg/Universal/EbcDxe/EbcDxe.inf<o:p></o:p></p>
<p class="MsoNormal"> MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf<o:p></o:p></p>
<p class="MsoNormal"> EmulatorPkg/EmuThunkDxe/EmuThunk.inf<o:p></o:p></p>
<p class="MsoNormal">@@ -315,6 +345,9 @@<o:p></o:p></p>
<p class="MsoNormal"> EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf<o:p></o:p></p>
<p class="MsoNormal"> EmulatorPkg/TimerDxe/Timer.inf<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">+!if $(SECURE_BOOT_ENABLE) == TRUE<o:p></o:p></p>
<p class="MsoNormal">+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf<o:p></o:p></p>
<p class="MsoNormal">+!endif<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {<o:p></o:p></p>
<p class="MsoNormal"> <LibraryClasses><o:p></o:p></p>
<p class="MsoNormal">diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf<o:p></o:p></p>
<p class="MsoNormal">index 295f6f1db8..b256aa9397 100644<o:p></o:p></p>
<p class="MsoNormal">--- a/EmulatorPkg/EmulatorPkg.fdf<o:p></o:p></p>
<p class="MsoNormal">+++ b/EmulatorPkg/EmulatorPkg.fdf<o:p></o:p></p>
<p class="MsoNormal">@@ -46,10 +46,17 @@ DATA = {<o:p></o:p></p>
<p class="MsoNormal"> # Blockmap[1]: End<o:p></o:p></p>
<p class="MsoNormal"> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,<o:p></o:p></p>
<p class="MsoNormal"> ## This is the VARIABLE_STORE_HEADER<o:p></o:p></p>
<p class="MsoNormal">+!if $(SECURE_BOOT_ENABLE) == FALSE<o:p></o:p></p>
<p class="MsoNormal"> #Signature: gEfiVariableGuid =<o:p></o:p></p>
<p class="MsoNormal"> # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}<o:p></o:p></p>
<p class="MsoNormal"> 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,<o:p></o:p></p>
<p class="MsoNormal"> 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,<o:p></o:p></p>
<p class="MsoNormal">+!else<o:p></o:p></p>
<p class="MsoNormal">+ # Signature: gEfiAuthenticatedVariableGuid =<o:p></o:p></p>
<p class="MsoNormal">+ # { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}<o:p></o:p></p>
<p class="MsoNormal">+ 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,<o:p></o:p></p>
<p class="MsoNormal">+ 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,<o:p></o:p></p>
<p class="MsoNormal">+!endif<o:p></o:p></p>
<p class="MsoNormal"> #Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8<o:p></o:p></p>
<p class="MsoNormal"> # This can speed up the Variable Dispatch a bit.<o:p></o:p></p>
<p class="MsoNormal"> 0xB8, 0xBF, 0x00, 0x00,<o:p></o:p></p>
<p class="MsoNormal">@@ -186,6 +193,13 @@ INF RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf<o:p></o:p></p>
<p class="MsoNormal">INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf<o:p></o:p></p>
<p class="MsoNormal">INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">+#<o:p></o:p></p>
<p class="MsoNormal">+# Secure Boot Key Enroll<o:p></o:p></p>
<p class="MsoNormal">+#<o:p></o:p></p>
<p class="MsoNormal">+!if $(SECURE_BOOT_ENABLE) == TRUE<o:p></o:p></p>
<p class="MsoNormal">+INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf<o:p></o:p></p>
<p class="MsoNormal">+!endif<o:p></o:p></p>
<p class="MsoNormal">+<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># Network stack drivers<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal">-- <o:p></o:p></p>
<p class="MsoNormal">2.24.1.windows.2<o:p></o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"></o:p></span></p>
</div>
</div>
</body>
</html>
<div width="1" style="color:white;clear:both">_._,_._,_</div> <hr> Groups.io Links:<p> You receive all messages sent to this group. <p> <a target="_blank" href="https://edk2.groups.io/g/devel/message/65405">View/Reply Online (#65405)</a> | | <a target="_blank" href="https://groups.io/mt/76890431/1813853">Mute This Topic</a> | <a href="https://edk2.groups.io/g/devel/post">New Topic</a><br> <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> | <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a> [edk2-devel-archive@redhat.com]<br> <div width="1" style="color:white;clear:both">_._,_._,_</div>