[edk2] [PATCH v1 3/4] edk2-platforms:comcast: RDK secure boot Application

kalyan-nagabhirava posted 4 patches 6 years, 11 months ago
[edk2] [PATCH v1 3/4] edk2-platforms:comcast: RDK secure boot Application
Posted by kalyan-nagabhirava 6 years, 11 months ago
Application will get file path of   PK key and KEK key using rdk.conf file, once keys are
Available, application will enable secure boot and validates the signed kernel Image.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: kalyan-nagabhirava <kalyankumar.nagabhirava@linaro.org>
---
 Platform/Comcast/Application/SecureBoot/SecureBoot.inf | 57 ++++++++++++++++++++
 Platform/Comcast/Application/SecureBoot/SecureBoot.c   | 30 +++++++++++
 2 files changed, 87 insertions(+)

diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.inf b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
new file mode 100644
index 000000000000..e7a3bb3afbb6
--- /dev/null
+++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
@@ -0,0 +1,57 @@
+#
+#  Copyright (c) 2016-2017, Linaro Limited. All rights reserved.
+#  Copyright (c) 2016-2017, comcast . All rights reserved.
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+
+################################################################################
+#
+# Defines Section - statements that will be processed to create a Makefile.
+#
+################################################################################
+
+[Defines]
+  INF_VERSION     = 0x00010006
+  BASE_NAME       = RdkSecureLoader
+  FILE_GUID       = b2c7930f-07ef-4305-ac4e-1ce2085a7031
+  MODULE_TYPE     = UEFI_APPLICATION
+  VERSION_STRING  = 1.0
+  ENTRY_POINT     = SecureBootEntryPoint
+
+[Sources]
+  SecureBoot.c
+
+[Packages]
+  ArmPkg/ArmPkg.dec
+  ArmPlatformPkg/ArmPlatformPkg.dec
+  EmbeddedPkg/EmbeddedPkg.dec
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  ShellPkg/ShellPkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+  NetworkPkg/NetworkPkg.dec
+  Platform/Comcast/Library/RdkBootManagerLib/RdkBootManagerLib.dec
+
+[Guids]
+  gEfiCertX509Guid
+  gEfiCertPkcs7Guid
+  gEfiCustomModeEnableGuid
+  gEfiImageSecurityDatabaseGuid
+  gFdtTableGuid
+  gRdkGlobalVariableGuid
+
+[LibraryClasses]
+  RdkBootManagerLib
+  UefiApplicationEntryPoint
+
+[Protocols]
+  gEfiBlockIoProtocolGuid
+  gEfiDevicePathToTextProtocolGuid
diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.c b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
new file mode 100644
index 000000000000..51ac75835fd0
--- /dev/null
+++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
@@ -0,0 +1,30 @@
+/*
+#  Copyright (c) 2016-2017, Linaro Limited. All rights reserved.
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution.  The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+ */
+#include <RdkBootManagerLib.h>
+
+EFI_STATUS
+EFIAPI
+SecureBootEntryPoint (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_STATUS Status;
+
+  Status = RdkSecureBoot (
+    ImageHandle,
+    SystemTable->BootServices
+  );
+
+  return Status;
+}
-- 
2.15.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v1 3/4] edk2-platforms:comcast: RDK secure boot Application
Posted by Ard Biesheuvel 6 years, 10 months ago
On 8 January 2018 at 05:45, kalyan-nagabhirava
<kalyankumar.nagabhirava@linaro.org> wrote:
> Application will get file path of   PK key and KEK key using rdk.conf file, once keys are
> Available, application will enable secure boot and validates the signed kernel Image.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: kalyan-nagabhirava <kalyankumar.nagabhirava@linaro.org>
> ---
>  Platform/Comcast/Application/SecureBoot/SecureBoot.inf | 57 ++++++++++++++++++++
>  Platform/Comcast/Application/SecureBoot/SecureBoot.c   | 30 +++++++++++
>  2 files changed, 87 insertions(+)
>
> diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.inf b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
> new file mode 100644
> index 000000000000..e7a3bb3afbb6
> --- /dev/null
> +++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
> @@ -0,0 +1,57 @@
> +#
> +#  Copyright (c) 2016-2017, Linaro Limited. All rights reserved.

Bump the year?

> +#  Copyright (c) 2016-2017, comcast . All rights reserved.
> +#
> +#  This program and the accompanying materials
> +#  are licensed and made available under the terms and conditions of the BSD License
> +#  which accompanies this distribution.  The full text of the license may be found at
> +#  http://opensource.org/licenses/bsd-license.php
> +#
> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +#
> +
> +################################################################################
> +#
> +# Defines Section - statements that will be processed to create a Makefile.
> +#
> +################################################################################
> +
> +[Defines]
> +  INF_VERSION     = 0x00010006

please use 0x0001001A for new files

> +  BASE_NAME       = RdkSecureLoader
> +  FILE_GUID       = b2c7930f-07ef-4305-ac4e-1ce2085a7031
> +  MODULE_TYPE     = UEFI_APPLICATION
> +  VERSION_STRING  = 1.0
> +  ENTRY_POINT     = SecureBootEntryPoint
> +
> +[Sources]
> +  SecureBoot.c
> +
> +[Packages]
> +  ArmPkg/ArmPkg.dec
> +  ArmPlatformPkg/ArmPlatformPkg.dec
> +  EmbeddedPkg/EmbeddedPkg.dec
> +  MdePkg/MdePkg.dec
> +  MdeModulePkg/MdeModulePkg.dec
> +  ShellPkg/ShellPkg.dec
> +  SecurityPkg/SecurityPkg.dec
> +  CryptoPkg/CryptoPkg.dec
> +  NetworkPkg/NetworkPkg.dec
> +  Platform/Comcast/Library/RdkBootManagerLib/RdkBootManagerLib.dec
> +

Do you really use all of these?

> +[Guids]
> +  gEfiCertX509Guid
> +  gEfiCertPkcs7Guid
> +  gEfiCustomModeEnableGuid
> +  gEfiImageSecurityDatabaseGuid
> +  gFdtTableGuid
> +  gRdkGlobalVariableGuid
> +
> +[LibraryClasses]
> +  RdkBootManagerLib
> +  UefiApplicationEntryPoint
> +
> +[Protocols]
> +  gEfiBlockIoProtocolGuid
> +  gEfiDevicePathToTextProtocolGuid
> diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.c b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
> new file mode 100644
> index 000000000000..51ac75835fd0
> --- /dev/null
> +++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
> @@ -0,0 +1,30 @@
> +/*
> +#  Copyright (c) 2016-2017, Linaro Limited. All rights reserved.
> +#
> +#  This program and the accompanying materials
> +#  are licensed and made available under the terms and conditions of the BSD License
> +#  which accompanies this distribution.  The full text of the license may be found at
> +#  http://opensource.org/licenses/bsd-license.php
> +#
> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +#
> + */
> +#include <RdkBootManagerLib.h>
> +
> +EFI_STATUS
> +EFIAPI
> +SecureBootEntryPoint (
> +  IN EFI_HANDLE        ImageHandle,
> +  IN EFI_SYSTEM_TABLE  *SystemTable
> +  )
> +{
> +  EFI_STATUS Status;
> +
> +  Status = RdkSecureBoot (
> +    ImageHandle,
> +    SystemTable->BootServices
> +  );
> +
> +  return Status;
> +}
> --
> 2.15.0
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel