[edk2-devel] [PATCH v2 2/6] SecurityPkg: Create include file for default key content.

Fri Jun 4 08:11:00 UTC 2021

Internally reviewed this patch before sending the edk2 mailing list and It looks good to me. Please also address Min M's good catch/comment.
Reviewed-by: Sunny Wang <sunny.wang at arm.com>

Hi Laszlo,
if you have time, I think you can still review this patch because this patch is a simple one and is based on your valuable feedback in RFC. It would be good to get your review on this one. :)

Thanks,
Sunny

-----Original Message-----
From: Grzegorz Bernacki <gjb at semihalf.com>
Sent: Tuesday, June 1, 2021 9:12 PM
To: devel at edk2.groups.io
Cc: leif at nuviainc.com; ardb+tianocore at kernel.org; Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud at arm.com>; Sunny Wang <Sunny.Wang at arm.com>; mw at semihalf.com; upstream at semihalf.com; jiewen.yao at intel.com; jian.j.wang at intel.com; min.m.xu at intel.com; lersek at redhat.com; Grzegorz Bernacki <gjb at semihalf.com>
Subject: [PATCH v2 2/6] SecurityPkg: Create include file for default key content.

This commits add file which can be included by platform Flash
Description File. It allows to specify certificate files, which
will be embedded into binary file. The content of these files
can be used to initialize Secure Boot default keys and databases.

Signed-off-by: Grzegorz Bernacki <gjb at semihalf.com>
---
 SecurityPkg/SecureBootDefaultKeys.fdf.inc | 62 ++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc

diff --git a/SecurityPkg/SecureBootDefaultKeys.fdf.inc b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
new file mode 100644
index 0000000000..056586b204
--- /dev/null
+++ b/SecurityPkg/SecureBootDefaultKeys.fdf.inc
@@ -0,0 +1,62 @@
+
+!if $(DEFAULT_KEYS) == TRUE
+  FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
+  !ifdef $(PK_DEFAULT_FILE)
+    SECTION RAW = $(PK_DEFAULT_FILE)
+  !endif
+    SECTION UI = "PK Default"
+  }
+
+  FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
+  !ifdef $(KEK_DEFAULT_FILE1)
+    SECTION RAW = $(KEK_DEFAULT_FILE1)
+  !endif
+  !ifdef $(KEK_DEFAULT_FILE2)
+    SECTION RAW = $(KEK_DEFAULT_FILE2)
+  !endif
+  !ifdef $(KEK_DEFAULT_FILE3)
+    SECTION RAW = $(KEK_DEFAULT_FILE3)
+  !endif
+    SECTION UI = "KEK Default"
+  }
+
+  FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
+  !ifdef $(DB_DEFAULT_FILE1)
+    SECTION RAW = $(DB_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DB_DEFAULT_FILE2)
+    SECTION RAW = $(DB_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DB_DEFAULT_FILE3)
+    SECTION RAW = $(DB_DEFAULT_FILE3)
+  !endif
+    SECTION UI = "DB Default"
+  }
+
+  FILE FREEFORM = 36c513ee-a338-4976-a0fb-6ddba3dafe87 {
+  !ifdef $(DBT_DEFAULT_FILE1)
+    SECTION RAW = $(DBT_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DBT_DEFAULT_FILE2)
+    SECTION RAW = $(DBT_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DBT_DEFAULT_FILE3)
+    SECTION RAW = $(DBT_DEFAULT_FILE3)
+  !endif
+    SECTION UI = "DBT Default"
+  }
+
+  FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f {
+  !ifdef $(DBX_DEFAULT_FILE1)
+    SECTION RAW = $(DBX_DEFAULT_FILE1)
+  !endif
+  !ifdef $(DBX_DEFAULT_FILE2)
+    SECTION RAW = $(DBX_DEFAULT_FILE2)
+  !endif
+  !ifdef $(DBX_DEFAULT_FILE3)
+    SECTION RAW = $(DBX_DEFAULT_FILE3)
+  !endif
+    SECTION UI = "DBX Default"
+  }
+
+!endif
--
2.25.1

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#76046): https://edk2.groups.io/g/devel/message/76046
Mute This Topic: https://groups.io/mt/83232296/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-




