Application will get file path of PK key and KEK key using rdk.conf file, once keys are
Available, application will enable secure boot and validates the signed kernel Image.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: kalyan-nagabhirava <kalyankumar.nagabhirava@linaro.org>
---
Platform/Comcast/Application/SecureBoot/SecureBoot.inf | 57 ++++++++++++++++++++
Platform/Comcast/Application/SecureBoot/SecureBoot.c | 30 +++++++++++
2 files changed, 87 insertions(+)
diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.inf b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
new file mode 100644
index 000000000000..e7a3bb3afbb6
--- /dev/null
+++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf
@@ -0,0 +1,57 @@
+#
+# Copyright (c) 2016-2017, Linaro Limited. All rights reserved.
+# Copyright (c) 2016-2017, comcast . All rights reserved.
+#
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+
+################################################################################
+#
+# Defines Section - statements that will be processed to create a Makefile.
+#
+################################################################################
+
+[Defines]
+ INF_VERSION = 0x00010006
+ BASE_NAME = RdkSecureLoader
+ FILE_GUID = b2c7930f-07ef-4305-ac4e-1ce2085a7031
+ MODULE_TYPE = UEFI_APPLICATION
+ VERSION_STRING = 1.0
+ ENTRY_POINT = SecureBootEntryPoint
+
+[Sources]
+ SecureBoot.c
+
+[Packages]
+ ArmPkg/ArmPkg.dec
+ ArmPlatformPkg/ArmPlatformPkg.dec
+ EmbeddedPkg/EmbeddedPkg.dec
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ ShellPkg/ShellPkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+ NetworkPkg/NetworkPkg.dec
+ Platform/Comcast/Library/RdkBootManagerLib/RdkBootManagerLib.dec
+
+[Guids]
+ gEfiCertX509Guid
+ gEfiCertPkcs7Guid
+ gEfiCustomModeEnableGuid
+ gEfiImageSecurityDatabaseGuid
+ gFdtTableGuid
+ gRdkGlobalVariableGuid
+
+[LibraryClasses]
+ RdkBootManagerLib
+ UefiApplicationEntryPoint
+
+[Protocols]
+ gEfiBlockIoProtocolGuid
+ gEfiDevicePathToTextProtocolGuid
diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.c b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
new file mode 100644
index 000000000000..51ac75835fd0
--- /dev/null
+++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.c
@@ -0,0 +1,30 @@
+/*
+# Copyright (c) 2016-2017, Linaro Limited. All rights reserved.
+#
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+ */
+#include <RdkBootManagerLib.h>
+
+EFI_STATUS
+EFIAPI
+SecureBootEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+
+ Status = RdkSecureBoot (
+ ImageHandle,
+ SystemTable->BootServices
+ );
+
+ return Status;
+}
--
2.15.0
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
On 8 January 2018 at 05:45, kalyan-nagabhirava <kalyankumar.nagabhirava@linaro.org> wrote: > Application will get file path of PK key and KEK key using rdk.conf file, once keys are > Available, application will enable secure boot and validates the signed kernel Image. > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: kalyan-nagabhirava <kalyankumar.nagabhirava@linaro.org> > --- > Platform/Comcast/Application/SecureBoot/SecureBoot.inf | 57 ++++++++++++++++++++ > Platform/Comcast/Application/SecureBoot/SecureBoot.c | 30 +++++++++++ > 2 files changed, 87 insertions(+) > > diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.inf b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf > new file mode 100644 > index 000000000000..e7a3bb3afbb6 > --- /dev/null > +++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.inf > @@ -0,0 +1,57 @@ > +# > +# Copyright (c) 2016-2017, Linaro Limited. All rights reserved. Bump the year? > +# Copyright (c) 2016-2017, comcast . All rights reserved. > +# > +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the BSD License > +# which accompanies this distribution. The full text of the license may be found at > +# http://opensource.org/licenses/bsd-license.php > +# > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +# > + > +################################################################################ > +# > +# Defines Section - statements that will be processed to create a Makefile. > +# > +################################################################################ > + > +[Defines] > + INF_VERSION = 0x00010006 please use 0x0001001A for new files > + BASE_NAME = RdkSecureLoader > + FILE_GUID = b2c7930f-07ef-4305-ac4e-1ce2085a7031 > + MODULE_TYPE = UEFI_APPLICATION > + VERSION_STRING = 1.0 > + ENTRY_POINT = SecureBootEntryPoint > + > +[Sources] > + SecureBoot.c > + > +[Packages] > + ArmPkg/ArmPkg.dec > + ArmPlatformPkg/ArmPlatformPkg.dec > + EmbeddedPkg/EmbeddedPkg.dec > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + ShellPkg/ShellPkg.dec > + SecurityPkg/SecurityPkg.dec > + CryptoPkg/CryptoPkg.dec > + NetworkPkg/NetworkPkg.dec > + Platform/Comcast/Library/RdkBootManagerLib/RdkBootManagerLib.dec > + Do you really use all of these? > +[Guids] > + gEfiCertX509Guid > + gEfiCertPkcs7Guid > + gEfiCustomModeEnableGuid > + gEfiImageSecurityDatabaseGuid > + gFdtTableGuid > + gRdkGlobalVariableGuid > + > +[LibraryClasses] > + RdkBootManagerLib > + UefiApplicationEntryPoint > + > +[Protocols] > + gEfiBlockIoProtocolGuid > + gEfiDevicePathToTextProtocolGuid > diff --git a/Platform/Comcast/Application/SecureBoot/SecureBoot.c b/Platform/Comcast/Application/SecureBoot/SecureBoot.c > new file mode 100644 > index 000000000000..51ac75835fd0 > --- /dev/null > +++ b/Platform/Comcast/Application/SecureBoot/SecureBoot.c > @@ -0,0 +1,30 @@ > +/* > +# Copyright (c) 2016-2017, Linaro Limited. All rights reserved. > +# > +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the BSD License > +# which accompanies this distribution. The full text of the license may be found at > +# http://opensource.org/licenses/bsd-license.php > +# > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +# > + */ > +#include <RdkBootManagerLib.h> > + > +EFI_STATUS > +EFIAPI > +SecureBootEntryPoint ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + EFI_STATUS Status; > + > + Status = RdkSecureBoot ( > + ImageHandle, > + SystemTable->BootServices > + ); > + > + return Status; > +} > -- > 2.15.0 > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.