On 4/27/19 2:53 AM, Laszlo Ersek wrote: > In edk2, we should start the names of module-global variables with "m". > Rename the "RedHatPkKek1", "MicrosoftKEK", "MicrosoftPCA", > "MicrosoftUefiCA" variables accordingly, with the following command: > > sed --regexp-extended --in-place \ > --expression='s,\<(RedHatPkKek1|Microsoft(KEK|PCA|UefiCA))\>,m\1,g' \ > OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c > > Cc: Anthony Perard <anthony.per...@citrix.com> > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > Cc: Jordan Justen <jordan.l.jus...@intel.com> > Cc: Julien Grall <julien.gr...@arm.com> > Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747 > Signed-off-by: Laszlo Ersek <ler...@redhat.com> > --- > OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 18 +++++++++--------- > 1 file changed, 9 insertions(+), 9 deletions(-) > > diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c > b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c > index aa827ac6aa81..fb30f4906df7 100644 > --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c > +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c > @@ -17,17 +17,17 @@ > > // > // We'll use the certificate below as both Platform Key and as first Key > // Exchange Key. > // > // "Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secal...@redhat.com" > // SHA1: fd:fc:7f:3c:7e:f3:e0:57:76:ad:d7:98:78:21:6c:9b:e0:e1:95:97 > // > -STATIC CONST UINT8 RedHatPkKek1[] = { > +STATIC CONST UINT8 mRedHatPkKek1[] = { > 0x30, 0x82, 0x03, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, > 0x02, > 0x02, 0x09, 0x00, 0xfe, 0xf5, 0x88, 0xe8, 0xf3, 0x96, 0xc0, 0xf1, 0x30, > 0x0d, > 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, > 0x00, > 0x30, 0x51, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, > 0x22, > 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, > 0x72, > 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, > 0x45, > 0x4b, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, > 0x06, > 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, > 0x73, > @@ -98,17 +98,17 @@ STATIC CONST UINT8 RedHatPkKek1[] = { > }; > > // > // Second KEK: "Microsoft Corporation KEK CA 2011". > // SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30 > // > // "dbx" updates in "dbxtool" are signed with a key derived from this KEK. > // > -STATIC CONST UINT8 MicrosoftKEK[] = { > +STATIC CONST UINT8 mMicrosoftKEK[] = { > 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, > 0x02, > 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, > 0x30, > 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, > 0x05, > 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, > 0x06, > 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, > 0x08, > 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, > 0x31, > 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, > 0x64, > 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, > 0x0a, > @@ -225,17 +225,17 @@ STATIC CONST UINT8 MicrosoftKEK[] = { > > // > // First DB entry: "Microsoft Windows Production PCA 2011" > // SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d > // > // Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain > // rooted in this certificate. > // > -STATIC CONST UINT8 MicrosoftPCA[] = { > +STATIC CONST UINT8 mMicrosoftPCA[] = { > 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, > 0x02, > 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, > 0x30, > 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, > 0x05, > 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, > 0x06, > 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, > 0x08, > 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, > 0x31, > 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, > 0x64, > 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, > 0x0a, > @@ -350,17 +350,17 @@ STATIC CONST UINT8 MicrosoftPCA[] = { > }; > > // > // Second DB entry: "Microsoft Corporation UEFI CA 2011" > // SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3 > // > // To verify the "shim" binary and PCI expansion ROMs with. > // > -STATIC CONST UINT8 MicrosoftUefiCA[] = { > +STATIC CONST UINT8 mMicrosoftUefiCA[] = { > 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, > 0x02, > 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, > 0x30, > 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, > 0x05, > 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, > 0x06, > 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, > 0x08, > 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, > 0x31, > 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, > 0x64, > 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, > 0x0a, > @@ -938,18 +938,18 @@ ShellAppMain ( > return 1; > } > } > > Status = EnrollListOfCerts ( > EFI_IMAGE_SECURITY_DATABASE, > &gEfiImageSecurityDatabaseGuid, > &gEfiCertX509Guid, > - MicrosoftPCA, sizeof MicrosoftPCA, &mMicrosoftOwnerGuid, > - MicrosoftUefiCA, sizeof MicrosoftUefiCA, &mMicrosoftOwnerGuid, > + mMicrosoftPCA, sizeof mMicrosoftPCA, &mMicrosoftOwnerGuid, > + mMicrosoftUefiCA, sizeof mMicrosoftUefiCA, &mMicrosoftOwnerGuid, > NULL); > if (EFI_ERROR (Status)) { > return 1; > } > > Status = EnrollListOfCerts ( > EFI_IMAGE_SECURITY_DATABASE1, > &gEfiImageSecurityDatabaseGuid, > @@ -959,28 +959,28 @@ ShellAppMain ( > if (EFI_ERROR (Status)) { > return 1; > } > > Status = EnrollListOfCerts ( > EFI_KEY_EXCHANGE_KEY_NAME, > &gEfiGlobalVariableGuid, > &gEfiCertX509Guid, > - RedHatPkKek1, sizeof RedHatPkKek1, &gEfiCallerIdGuid, > - MicrosoftKEK, sizeof MicrosoftKEK, &mMicrosoftOwnerGuid, > + mRedHatPkKek1, sizeof mRedHatPkKek1, &gEfiCallerIdGuid, > + mMicrosoftKEK, sizeof mMicrosoftKEK, &mMicrosoftOwnerGuid, > NULL); > if (EFI_ERROR (Status)) { > return 1; > } > > Status = EnrollListOfCerts ( > EFI_PLATFORM_KEY_NAME, > &gEfiGlobalVariableGuid, > &gEfiCertX509Guid, > - RedHatPkKek1, sizeof RedHatPkKek1, &gEfiGlobalVariableGuid, > + mRedHatPkKek1, sizeof mRedHatPkKek1, &gEfiGlobalVariableGuid, > NULL); > if (EFI_ERROR (Status)) { > return 1; > } > > Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; > Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, > EFI_VARIABLE_NON_VOLATILE | > EFI_VARIABLE_BOOTSERVICE_ACCESS, >
Reviewed-by: Philippe Mathieu-Daude <phi...@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#39765): https://edk2.groups.io/g/devel/message/39765 Mute This Topic: https://groups.io/mt/31359376/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
