Application will get file path of   PK key and KEK key using rdk.conf file, once keys are
Available, application will enable secure boot and validates the signed kernel Image.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: kalyan-nagabhirava <kalyankumar.nagabhirava@linaro.org>
---
 Platform/Comcast/Application/SecureBoot/SecureBoot.inf | 57 ++++++++++++++++++++
 Platform/Comcast/Application/SecureBoot/SecureBoot.c   | 30 +++++++++++
 2 files changed, 87 insertions(+)

diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.inf b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
new file mode 100644
index 000000000000..e7a3bb3afbb6
--- /dev/null
+++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
@@ -0,0 +1,57 @@
+#
+#  Copyright (c) 2016-2017, Linaro Limited. All rights reserved.
+#  Copyright (c) 2016-2017, comcast . All rights reserved.
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+
+################################################################################
+#
+# Defines Section - statements that will be processed to create a Makefile.
+#
+################################################################################
+
+[Defines]
+  INF_VERSION     = 0x00010006
+  BASE_NAME       = RdkSecureLoader
+  FILE_GUID       = b2c7930f-07ef-4305-ac4e-1ce2085a7031
+  MODULE_TYPE     = UEFI_APPLICATION
+  VERSION_STRING  = 1.0
+  ENTRY_POINT     = SecureBootEntryPoint
+
+[Sources]
+  SecureBoot.c
+
+[Packages]
+  ArmPkg/ArmPkg.dec
+  ArmPlatformPkg/ArmPlatformPkg.dec
+  EmbeddedPkg/EmbeddedPkg.dec
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  ShellPkg/ShellPkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+  NetworkPkg/NetworkPkg.dec
+  Platform/Comcast/Library/RdkBootManagerLib/RdkBootManagerLib.dec
+
+[Guids]
+  gEfiCertX509Guid
+  gEfiCertPkcs7Guid
+  gEfiCustomModeEnableGuid
+  gEfiImageSecurityDatabaseGuid
+  gFdtTableGuid
+  gRdkGlobalVariableGuid
+
+[LibraryClasses]
+  RdkBootManagerLib
+  UefiApplicationEntryPoint
+
+[Protocols]
+  gEfiBlockIoProtocolGuid
+  gEfiDevicePathToTextProtocolGuid
diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.c b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
new file mode 100644
index 000000000000..51ac75835fd0
--- /dev/null
+++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
@@ -0,0 +1,30 @@
+/*
+#  Copyright (c) 2016-2017, Linaro Limited. All rights reserved.
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+ */
+#include <RdkBootManagerLib.h>
+
+EFI_STATUS
+EFIAPI
+SecureBootEntryPoint (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_STATUS Status;
+
+  Status = RdkSecureBoot (
+    ImageHandle,
+    SystemTable->BootServices
+  );
+
+  return Status;
+}
-- 
2.15.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

On 8 January 2018 at 05:45, kalyan-nagabhirava
<kalyankumar.nagabhirava@linaro.org> wrote:
> Application will get file path of   PK key and KEK key using rdk.conf file, once keys are
> Available, application will enable secure boot and validates the signed kernel Image.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: kalyan-nagabhirava <kalyankumar.nagabhirava@linaro.org>
> ---
>  Platform/Comcast/Application/SecureBoot/SecureBoot.inf | 57 ++++++++++++++++++++
>  Platform/Comcast/Application/SecureBoot/SecureBoot.c   | 30 +++++++++++
>  2 files changed, 87 insertions(+)
>
> diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.inf b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
> new file mode 100644
> index 000000000000..e7a3bb3afbb6
> --- /dev/null
> +++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
> @@ -0,0 +1,57 @@
> +#
> +#  Copyright (c) 2016-2017, Linaro Limited. All rights reserved.

Bump the year?

> +#  Copyright (c) 2016-2017, comcast . All rights reserved.
> +#
> +#  This program and the accompanying materials
> +#  are licensed and made available under the terms and conditions of the BSD License
> +#  which accompanies this distribution.  The full text of the license may be found at
> +#  http://opensource.org/licenses/bsd-license.php
> +#
> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +#
> +
> +################################################################################
> +#
> +# Defines Section - statements that will be processed to create a Makefile.
> +#
> +################################################################################
> +
> +[Defines]
> +  INF_VERSION     = 0x00010006

please use 0x0001001A for new files

> +  BASE_NAME       = RdkSecureLoader
> +  FILE_GUID       = b2c7930f-07ef-4305-ac4e-1ce2085a7031
> +  MODULE_TYPE     = UEFI_APPLICATION
> +  VERSION_STRING  = 1.0
> +  ENTRY_POINT     = SecureBootEntryPoint
> +
> +[Sources]
> +  SecureBoot.c
> +
> +[Packages]
> +  ArmPkg/ArmPkg.dec
> +  ArmPlatformPkg/ArmPlatformPkg.dec
> +  EmbeddedPkg/EmbeddedPkg.dec
> +  MdePkg/MdePkg.dec
> +  MdeModulePkg/MdeModulePkg.dec
> +  ShellPkg/ShellPkg.dec
> +  SecurityPkg/SecurityPkg.dec
> +  CryptoPkg/CryptoPkg.dec
> +  NetworkPkg/NetworkPkg.dec
> +  Platform/Comcast/Library/RdkBootManagerLib/RdkBootManagerLib.dec
> +

Do you really use all of these?

> +[Guids]
> +  gEfiCertX509Guid
> +  gEfiCertPkcs7Guid
> +  gEfiCustomModeEnableGuid
> +  gEfiImageSecurityDatabaseGuid
> +  gFdtTableGuid
> +  gRdkGlobalVariableGuid
> +
> +[LibraryClasses]
> +  RdkBootManagerLib
> +  UefiApplicationEntryPoint
> +
> +[Protocols]
> +  gEfiBlockIoProtocolGuid
> +  gEfiDevicePathToTextProtocolGuid
> diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.c b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
> new file mode 100644
> index 000000000000..51ac75835fd0
> --- /dev/null
> +++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
> @@ -0,0 +1,30 @@
> +/*
> +#  Copyright (c) 2016-2017, Linaro Limited. All rights reserved.
> +#
> +#  This program and the accompanying materials
> +#  are licensed and made available under the terms and conditions of the BSD License
> +#  which accompanies this distribution.  The full text of the license may be found at
> +#  http://opensource.org/licenses/bsd-license.php
> +#
> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +#
> + */
> +#include <RdkBootManagerLib.h>
> +
> +EFI_STATUS
> +EFIAPI
> +SecureBootEntryPoint (
> +  IN EFI_HANDLE        ImageHandle,
> +  IN EFI_SYSTEM_TABLE  *SystemTable
> +  )
> +{
> +  EFI_STATUS Status;
> +
> +  Status = RdkSecureBoot (
> +    ImageHandle,
> +    SystemTable->BootServices
> +  );
> +
> +  return Status;
> +}
> --
> 2.15.0
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel