On Wed, 28 Jul 2021 at 09:44, gaoliming <gaolim...@byosoft.com.cn> wrote: > > Sunny: > Yes. This patch set is ready to be merged. > > Samer: > Would you help merge this patch set? >
I can pick it up if you could please create the release notes entry? Thanks. > Thanks > Liming > > -----邮件原件----- > > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Sunny Wang > > 发送时间: 2021年7月21日 11:41 > > 收件人: Samer El-Haj-Mahmoud <samer.el-haj-mahm...@arm.com>; > > devel@edk2.groups.io; g...@semihalf.com; Ard Biesheuvel > > <ardb+tianoc...@kernel.org>; gaolim...@byosoft.com.cn; ray...@intel.com > > 抄送: l...@nuviainc.com; m...@semihalf.com; upstr...@semihalf.com; > > jiewen....@intel.com; jian.j.w...@intel.com; min.m...@intel.com; > > ler...@redhat.com; Sami Mujawar <sami.muja...@arm.com>; > > af...@apple.com; jordan.l.jus...@intel.com; rebe...@bsdio.com; > > gre...@freebsd.org; Thomas Abraham <thomas.abra...@arm.com>; > > chasel.c...@intel.com; nathaniel.l.desim...@intel.com; > > eric.d...@intel.com; michael.d.kin...@intel.com; zailiang....@intel.com; > > yi.q...@intel.com; gra...@nuviainc.com; r...@semihalf.com; p...@akeo.ie; > > Sunny Wang <sunny.w...@arm.com> > > 主题: Re: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys > > > > Ard, Liming, Ray, Thanks for your review for ArmVirtPkg, ArmPlatformPkg, > and > > EmulatorPkg patches. > > > > As for the patch for Intel Platforms below, it is in another series for > > edk2-platforms. > > - [edk2-platforms PATCH v6 1/4] Intel Platforms: add > > SecureBootVariableLib class resolution > > https://edk2.groups.io/g/devel/message/77781 > > > > Therefore, I think this series already got all the necessary Reviewed-By > and > > Acked-By of all parts and is ready to be pushed now. > > > > Best Regards, > > Sunny Wang > > > > -----Original Message----- > > From: Samer El-Haj-Mahmoud <samer.el-haj-mahm...@arm.com> > > Sent: Friday, July 16, 2021 8:00 PM > > To: devel@edk2.groups.io; g...@semihalf.com > > Cc: l...@nuviainc.com; ardb+tianoc...@kernel.org; Sunny Wang > > <sunny.w...@arm.com>; m...@semihalf.com; upstr...@semihalf.com; > > jiewen....@intel.com; jian.j.w...@intel.com; min.m...@intel.com; > > ler...@redhat.com; Sami Mujawar <sami.muja...@arm.com>; > > af...@apple.com; ray...@intel.com; jordan.l.jus...@intel.com; > > rebe...@bsdio.com; gre...@freebsd.org; Thomas Abraham > > <thomas.abra...@arm.com>; chasel.c...@intel.com; > > nathaniel.l.desim...@intel.com; gaolim...@byosoft.com.cn; > > eric.d...@intel.com; michael.d.kin...@intel.com; zailiang....@intel.com; > > yi.q...@intel.com; gra...@nuviainc.com; r...@semihalf.com; p...@akeo.ie; > > Samer El-Haj-Mahmoud <samer.el-haj-mahm...@arm.com> > > Subject: RE: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys > > > > The v6 of this series seems to have all the necessary Reviewed-By (and > some > > Tested-By) of all parts, except the following platform specific parts. > Could we > > get help from maintainers to review these please? > > > > Much appreciated! > > > > - ArmVirtPkg : https://edk2.groups.io/g/devel/message/77772 > > - ArmPlatformPkg: https://edk2.groups.io/g/devel/message/77775 > > - EmulatorPkg: https://edk2.groups.io/g/devel/message/77773 > > - Intel Platforms (Platform/Intel/QuarkPlatformPkg, > > Platform/Intel/MinPlatformPkg, Platform/Intel/Vlv2TbltDevicePkg): > > https://edk2.groups.io/g/devel/message/77781 > > > > Thanks, > > --Samer > > > > > > > > > > > > > -----Original Message----- > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > > > Grzegorz Bernacki via groups.io > > > Sent: Wednesday, July 14, 2021 8:30 AM > > > To: devel@edk2.groups.io > > > Cc: l...@nuviainc.com; ardb+tianoc...@kernel.org; Samer > > El-Haj-Mahmoud > > > <samer.el-haj-mahm...@arm.com>; Sunny Wang > > > <sunny.w...@arm.com>; m...@semihalf.com; upstr...@semihalf.com; > > > jiewen....@intel.com; jian.j.w...@intel.com; min.m...@intel.com; > > > ler...@redhat.com; Sami Mujawar <sami.muja...@arm.com>; > > > af...@apple.com; ray...@intel.com; jordan.l.jus...@intel.com; > > > rebe...@bsdio.com; gre...@freebsd.org; Thomas Abraham > > > <thomas.abra...@arm.com>; chasel.c...@intel.com; > > > nathaniel.l.desim...@intel.com; gaolim...@byosoft.com.cn; > > > eric.d...@intel.com; michael.d.kin...@intel.com; zailiang....@intel.com; > > > yi.q...@intel.com; gra...@nuviainc.com; r...@semihalf.com; > > > p...@akeo.ie; Grzegorz Bernacki <g...@semihalf.com> > > > Subject: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys > > > > > > This patchset adds support for initialization of default > > > Secure Boot variables based on keys content embedded in > > > flash binary. This feature is active only if Secure Boot > > > is enabled and DEFAULT_KEY is defined. The patchset > > > consist also application to enroll keys from default > > > variables and secure boot menu change to allow user > > > to reset key content to default values. > > > Discussion on design can be found at: > > > https://edk2.groups.io/g/rfc/topic/82139806#600 > > > > > > Built with: > > > GCC > > > - RISC-V (U500, U540) [requires fixes in dsc to build] > > > - Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg, > > > EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32)) > > > - ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4) > > > > > > RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be > > built, > > > will be post on edk2 maillist later > > > > > > VS2019 > > > - Intel (OvmfPkgX64) > > > > > > Test with: > > > GCC5/RPi4 > > > VS2019/OvmfX64 (requires changes to enable feature) > > > > > > Tests: > > > 1. Try to enroll key in incorrect format. > > > 2. Enroll with only PKDefault keys specified. > > > 3. Enroll with all keys specified. > > > 4. Enroll when keys are enrolled. > > > 5. Reset keys values. > > > 6. Running signed & unsigned app after enrollment. > > > > > > Changes since v1: > > > - change names: > > > SecBootVariableLib => SecureBootVariableLib > > > SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe > > > SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp > > > - change name of function CheckSetupMode to GetSetupMode > > > - remove ShellPkg dependecy from EnrollFromDefaultKeysApp > > > - rebase to master > > > > > > Changes since v2: > > > - fix coding style for functions headers in SecureBootVariableLib.h > > > - add header to SecureBootDefaultKeys.fdf.inc > > > - remove empty line spaces in SecureBootDefaultKeysDxe files > > > - revert FAIL macro in EnrollFromDefaultKeysApp > > > - remove functions duplicates and add SecureBootVariableLib > > > to platforms which used it > > > > > > Changes since v3: > > > - move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg > > > - leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib > > > - fix typo in guid description > > > > > > Changes since v4: > > > - reorder patches to make it bisectable > > > - split commits related to more than one platform > > > - move edk2-platform commits to separate patchset > > > > > > Changes since v5: > > > - split SecureBootVariableLib into SecureBootVariableLib and > > > SecureBootVariableProvisionLib > > > > > > Grzegorz Bernacki (11): > > > SecurityPkg: Create SecureBootVariableLib. > > > SecurityPkg: Create library for enrolling Secure Boot variables. > > > ArmVirtPkg: add SecureBootVariableLib class resolution > > > OvmfPkg: add SecureBootVariableLib class resolution > > > EmulatorPkg: add SecureBootVariableLib class resolution > > > SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. > > > ArmPlatformPkg: Create include file for default key content. > > > SecurityPkg: Add SecureBootDefaultKeysDxe driver > > > SecurityPkg: Add EnrollFromDefaultKeys application. > > > SecurityPkg: Add new modules to Security package. > > > SecurityPkg: Add option to reset secure boot keys. > > > > > > SecurityPkg/SecurityPkg.dec > > | 14 + > > > ArmVirtPkg/ArmVirt.dsc.inc > > | 2 + > > > EmulatorPkg/EmulatorPkg.dsc > > | 2 + > > > OvmfPkg/Bhyve/BhyveX64.dsc > > | 2 + > > > OvmfPkg/OvmfPkgIa32.dsc > > | 2 + > > > OvmfPkg/OvmfPkgIa32X64.dsc > > | 2 + > > > OvmfPkg/OvmfPkgX64.dsc > > | 2 + > > > SecurityPkg/SecurityPkg.dsc > > | 5 + > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > > | 48 ++ > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > > | 80 +++ > > > > > > > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > > > visionLib.inf | 80 +++ > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > > > gDxe.inf | 3 + > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > > > DefaultKeysDxe.inf | 46 ++ > > > SecurityPkg/Include/Library/SecureBootVariableLib.h > > | 153 > > > ++++++ > > > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > > > | 134 +++++ > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > > > gNvData.h | 2 + > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > > > g.vfr | 6 + > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > | 110 +++++ > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > > | 511 ++++++++++++++++++++ > > > > > > > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > > > visionLib.c | 491 +++++++++++++++++++ > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > > > gImpl.c | 344 ++++++------- > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > > > DefaultKeysDxe.c | 69 +++ > > > ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > > | 70 > > > +++ > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > > | 17 + > > > > > > > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > > > visionLib.uni | 16 + > > > > > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi > > > gStrings.uni | 4 + > > > > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > > > DefaultKeysDxe.uni | 16 + > > > 27 files changed, 2043 insertions(+), 188 deletions(-) > > > create mode 100644 > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf > > > create mode 100644 > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > > create mode 100644 > > > > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > > > visionLib.inf > > > create mode 100644 > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > > > DefaultKeysDxe.inf > > > create mode 100644 > > SecurityPkg/Include/Library/SecureBootVariableLib.h > > > create mode 100644 > > > SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h > > > create mode 100644 > > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > > > create mode 100644 > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > > > create mode 100644 > > > > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > > > visionLib.c > > > create mode 100644 > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > > > DefaultKeysDxe.c > > > create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc > > > create mode 100644 > > > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni > > > create mode 100644 > > > > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro > > > visionLib.uni > > > create mode 100644 > > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot > > > DefaultKeysDxe.uni > > > > > > -- > > > 2.25.1 > > > > > > > > > > > > > > > > > > > > > IMPORTANT NOTICE: The contents of this email and any attachments are > > confidential and may also be privileged. If you are not the intended > recipient, > > please notify the sender immediately and do not disclose the contents to > any > > other person, use it for any purpose, or store or copy the information in > any > > medium. Thank you. > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#78278): https://edk2.groups.io/g/devel/message/78278 Mute This Topic: https://groups.io/mt/84502244/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
