Reviewed whole series.
Reviewed-by: Sunny Wang <sunny.w...@arm.com>
We still need Intel platforms' maintainers to review the patch below. All other
patches (for ARM, RISC-V, and QEMU platforms) were already reviewed by
maintainers.
- [edk2-platforms PATCH v5 1/4] Intel Platforms: add SecureBootVariableLib
class resolution
Best Regards,
Sunny Wang
-----Original Message-----
From: Grzegorz Bernacki <g...@semihalf.com>
Sent: Thursday, July 1, 2021 5:21 PM
To: devel@edk2.groups.io
Cc: l...@nuviainc.com; ardb+tianoc...@kernel.org; Samer El-Haj-Mahmoud
<samer.el-haj-mahm...@arm.com>; Sunny Wang <sunny.w...@arm.com>;
m...@semihalf.com; upstr...@semihalf.com; jiewen....@intel.com;
jian.j.w...@intel.com; min.m...@intel.com; ler...@redhat.com; Sami Mujawar
<sami.muja...@arm.com>; af...@apple.com; ray...@intel.com;
jordan.l.jus...@intel.com; rebe...@bsdio.com; gre...@freebsd.org; Thomas
Abraham <thomas.abra...@arm.com>; chasel.c...@intel.com;
nathaniel.l.desim...@intel.com; gaolim...@byosoft.com.cn; eric.d...@intel.com;
michael.d.kin...@intel.com; zailiang....@intel.com; yi.q...@intel.com;
gra...@nuviainc.com; r...@semihalf.com; p...@akeo.ie; Grzegorz Bernacki
<g...@semihalf.com>
Subject: [edk2-platforms PATCH v5 0/4] Secure Boot default keys
This patchset is a consequence of "Secure Boot default keys"
patchset in edk2. It adds SecureBootVariableLib class resolution
for each platform which uses SecureBootConfigDxe and also
enables Secure Boot variables initialization for RPi4.
Previously these commits were part of edk2 patchset, but since
number of commits increased in v5 version, it is now separate
patchset.
Changes related to both edk2 & edk-platform versions:
Changes since v1:
- change names:
SecBootVariableLib => SecureBootVariableLib
SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe
SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp
- change name of function CheckSetupMode to GetSetupMode
- remove ShellPkg dependecy from EnrollFromDefaultKeysApp
- rebase to master
Changes since v2:
- fix coding style for functions headers in SecureBootVariableLib.h
- add header to SecureBootDefaultKeys.fdf.inc
- remove empty line spaces in SecureBootDefaultKeysDxe files
- revert FAIL macro in EnrollFromDefaultKeysApp
- remove functions duplicates and add SecureBootVariableLib
to platforms which used it
Changes since v3:
- move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg
- leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib
- fix typo in guid description
Changes since v4:
- reorder patches to make it bisectable
- split commits related to more than one platform
- move edk2-platform commits to separate patchset
Grzegorz Bernacki (4):
Intel Platforms: add SecureBootVariableLib class resolution
ARM Silicon and Platforms: add SecureBootVariableLib class resolution
RISC-V Platforms: add SecureBootVariableLib class resolution
Platform/RaspberryPi: Enable default Secure Boot variables
initialization
Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc | 1 +
Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc | 1 +
Platform/Intel/QuarkPlatformPkg/Quark.dsc | 1 +
Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 1 +
Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 3 ++-
Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 1 +
Platform/RaspberryPi/RPi3/RPi3.dsc | 1 +
Platform/RaspberryPi/RPi4/RPi4.dsc | 4 ++++
Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc | 1 +
Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc | 1 +
Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 4 ++++
Platform/RaspberryPi/RPi4/RPi4.fdf | 2 ++
12 files changed, 20 insertions(+), 1 deletion(-)
--
2.25.1
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77685): https://edk2.groups.io/g/devel/message/77685
Mute This Topic: https://groups.io/mt/83912224/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
--- Begin Message ---
The edk2 patch
SecurityPkg: Create library for setting Secure Boot variables.
removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each Intel platform which uses SecureBootConfigDxe.
Signed-off-by: Grzegorz Bernacki <g...@semihalf.com>
---
Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc | 1 +
Platform/Intel/QuarkPlatformPkg/Quark.dsc | 1 +
Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 1 +
Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 3 ++-
4 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
index b154f9615d..5157c87a9a 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreCommonLib.dsc
@@ -139,6 +139,7 @@
!if gMinPlatformPkgTokenSpaceGuid.PcdUefiSecureBootEnable == TRUE
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
!endif
SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
diff --git a/Platform/Intel/QuarkPlatformPkg/Quark.dsc
b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
index cc1eba4df4..35f99429f7 100644
--- a/Platform/Intel/QuarkPlatformPkg/Quark.dsc
+++ b/Platform/Intel/QuarkPlatformPkg/Quark.dsc
@@ -175,6 +175,7 @@
!if $(SECURE_BOOT_ENABLE)
PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
!else
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index d15da40819..5a0d3e31e1 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -227,6 +227,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
!else
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
diff --git a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 4a5548b80e..36a5ae333c 100644
--- a/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Platform/Intel/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -1,4 +1,4 @@
-#/** @file
+e
# Platform description.
#
# Copyright (c) 2012 - 2021, Intel Corporation. All rights reserved.<BR>
@@ -229,6 +229,7 @@
!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
!else
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
--
2.25.1
--- End Message ---
