Hi, I created BZ #3481 (https://bugzilla.tianocore.org/show_bug.cgi?id=3481). Please let me know if I filled it correctly thanks, greg
śr., 7 lip 2021 o 03:18 gaoliming <gaolim...@byosoft.com.cn> napisał(a): > > Grzegorz Bernacki: > This is a new feature. Can you submit one BZ > (https://bugzilla.tianocore.org/) for it? Then, I can add it into edk2 > stable tag feature planning. > > Thanks > Liming > > -----邮件原件----- > > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Grzegorz > > Bernacki > > 发送时间: 2021年7月1日 17:18 > > 收件人: devel@edk2.groups.io > > 抄送: l...@nuviainc.com; ardb+tianoc...@kernel.org; > > samer.el-haj-mahm...@arm.com; sunny.w...@arm.com; > > m...@semihalf.com; upstr...@semihalf.com; jiewen....@intel.com; > > jian.j.w...@intel.com; min.m...@intel.com; ler...@redhat.com; > > sami.muja...@arm.com; af...@apple.com; ray...@intel.com; > > jordan.l.jus...@intel.com; rebe...@bsdio.com; gre...@freebsd.org; > > thomas.abra...@arm.com; chasel.c...@intel.com; > > nathaniel.l.desim...@intel.com; gaolim...@byosoft.com.cn; > > eric.d...@intel.com; michael.d.kin...@intel.com; zailiang....@intel.com; > > yi.q...@intel.com; gra...@nuviainc.com; r...@semihalf.com; p...@akeo.ie; > > Grzegorz Bernacki <g...@semihalf.com> > > 主题: [edk2-devel] [PATCH v5 00/10] Secure Boot default keys > > > > This patchset adds support for initialization of default > > Secure Boot variables based on keys content embedded in > > flash binary. This feature is active only if Secure Boot > > is enabled and DEFAULT_KEY is defined. The patchset > > consist also application to enroll keys from default > > variables and secure boot menu change to allow user > > to reset key content to default values. > > Discussion on design can be found at: > > https://edk2.groups.io/g/rfc/topic/82139806#600 > > > > Built with: > > GCC > > - RISC-V (U500, U540) [requires fixes in dsc to build] > > - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg, > > EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32)) > > - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4) > > > > RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be > built, > > will be post on edk2 maillist later > > > > VS2019 > > - Intel (OvmfPkgX64) > > > > Test with: > > GCC5/RPi4 > > VS2019/OvmfX64 (requires changes to enable feature) > > > > Tests: > > 1. Try to enroll key in incorrect format. > > 2. Enroll with only PKDefault keys specified. > > 3. Enroll with all keys specified. > > 4. Enroll when keys are enrolled. > > 5. Reset keys values. > > 6. Running signed & unsigned app after enrollment. > > > > Changes since v1: > > - change names: > > SecBootVariableLib => SecureBootVariableLib > > SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe > > SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp > > - change name of function CheckSetupMode to GetSetupMode > > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > > - rebase to master > > > > Changes since v2: > > - fix coding style for functions headers in SecureBootVariableLib.h > > - add header to SecureBootDefaultKeys.fdf.inc > > - remove empty line spaces in SecureBootDefaultKeysDxe files > > - revert FAIL macro in EnrollFromDefaultKeysApp > > - remove functions duplicates and add SecureBootVariableLib > > to platforms which used it > > > > Changes since v3: > > - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg > > - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib > > - fix typo in guid description > > > > Changes since v4: > > - reorder patches to make it bisectable > > - split commits related to more than one platform > > - move edk2-platform commits to separate patchset > > > > Grzegorz Bernacki (10): > > SecurityPkg: Create library for setting Secure Boot variables. > > ArmVirtPkg: add SecureBootVariableLib class resolution > > OvmfPkg: add SecureBootVariableLib class resolution > > EmulatorPkg: add SecureBootVariableLib class resolution > > SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. > > ArmPlatformPkg: Create include file for default key content. > > SecurityPkg: Add SecureBootDefaultKeysDxe driver > > SecurityPkg: Add EnrollFromDefaultKeys application. > > SecurityPkg: Add new modules to Security package. > > SecurityPkg: Add option to reset secure boot keys. > > > > SecurityPkg/SecurityPkg.dec > > | 14 + > > ArmVirtPkg/ArmVirt.dsc.inc > > | 1 + > > EmulatorPkg/EmulatorPkg.dsc > > | 1 + > > OvmfPkg/Bhyve/BhyveX64.dsc > > | 1 + > > OvmfPkg/OvmfPkgIa32.dsc > > | 1 + > > OvmfPkg/OvmfPkgIa32X64.dsc > > | 1 + > > OvmfPkg/OvmfPkgX64.dsc > > | 1 + > > SecurityPkg/SecurityPkg.dsc > > | 4 + > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > | 47 + > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > | 79 ++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD > > xe.inf | 2 + > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.inf | 45 + > > SecurityPkg/Include/Library/SecureBootVariableLib.h > > | 251 +++++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigN > > vData.h | 2 + > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.v > > fr | 6 + > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > | 109 +++ > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > | 980 ++++++++++++++++++++ > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > > mpl.c | 343 ++++--- > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.c | 68 ++ > > ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > > | 70 ++ > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > | 16 + > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigS > > trings.uni | 4 + > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.uni | 16 + > > 23 files changed, 1874 insertions(+), 188 deletions(-) > > create mode 100644 > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.inf > > create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h > > create mode 100644 > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.c > > create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > > create mode 100644 > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > create mode 100644 > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootD > > efaultKeysDxe.uni > > > > -- > > 2.25.1 > > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77548): https://edk2.groups.io/g/devel/message/77548 Mute This Topic: https://groups.io/mt/84039700/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
