On 05/26/21 11:41, Grzegorz Bernacki wrote: > This patchset adds support for initialization of default > Secure Boot variables based on keys content embedded in > flash binary. This feature is active only if Secure Boot > is enabled and DEFAULT_KEY is defined. The patchset > consist also application to enroll keys from default > variables and secure boot menu change to allow user > to reset key content to default values. > Discussion on design can be found at: > https://edk2.groups.io/g/rfc/topic/82139806#600 > > I also added patch for RPi4 which enables this feature for > that platform.
Thanks for the CC -- but my plate is overflowing; I won't be reviewing this SecurityPkg patch set. Thanks laszlo > > Grzegorz Bernacki (6): > [edk2] > SecurityPkg: Create library for setting Secure Boot variables. > SecurityPkg: Create include file for default key content. > SecurityPkg: Add SecBootDefaultKeysDxe driver > SecurityPkg: Add SecEnrollDefaultKeys application. > SecurityPkg: Add new modules to Security package. > SecurityPkg: Add option to reset secure boot keys. > > [edk2-platforms] > Platform/RaspberryPi: Enable default Secure Boot variables initialization > > SecurityPkg/SecurityPkg.dec > | 14 + > SecurityPkg/SecurityPkg.dsc > | 5 + > SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.inf > | 79 ++ > SecurityPkg/SecEnrollDefaultKeysApp/SecEnrollDefaultKeysApp.inf > | 48 + > > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.inf > | 46 + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf > | 2 + > SecurityPkg/Include/Library/SecBootVariableLib.h > | 252 +++++ > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h > | 2 + > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > | 6 + > SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.c > | 979 ++++++++++++++++++++ > SecurityPkg/SecEnrollDefaultKeysApp/SecEnrollDefaultKeysApp.c > | 108 +++ > > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.c > | 69 ++ > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c > | 343 ++++--- > SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.uni > | 16 + > SecurityPkg/SecureBootDefaultKeys.fdf.inc > | 62 ++ > > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.uni > | 17 + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni > | 4 + > 17 files changed, 1864 insertions(+), 188 deletions(-) > create mode 100644 > SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.inf > create mode 100644 > SecurityPkg/SecEnrollDefaultKeysApp/SecEnrollDefaultKeysApp.inf > create mode 100644 > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.inf > create mode 100644 SecurityPkg/Include/Library/SecBootVariableLib.h > create mode 100644 > SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.c > create mode 100644 > SecurityPkg/SecEnrollDefaultKeysApp/SecEnrollDefaultKeysApp.c > create mode 100644 > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.c > create mode 100644 > SecurityPkg/Library/SecBootVariableLib/SecBootVariableLib.uni > create mode 100644 SecurityPkg/SecureBootDefaultKeys.fdf.inc > create mode 100644 > SecurityPkg/VariableAuthenticated/SecBootDefaultKeysDxe/SecBootDefaultKeysDxe.uni > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75648): https://edk2.groups.io/g/devel/message/75648 Mute This Topic: https://groups.io/mt/83098443/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
