sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
26,041 Commits 13 Branches 33 Tags
c9727ff1df0d45fb4a18212292f5b07288e48d22
Commit Graph

11 Commits

Author SHA1 Message Date
Laszlo Ersek
c9727ff1df OvmfPkg/EnrollDefaultKeys: document the steps of the entry point function 
The entry point function of EnrollDefaultKeys finishes with a sanity
check, verifying the values of the Secure Boot-related "control"
variables. Add a diagram to explain why we expect the values we do.

While at it, write comments on the rest of the entry point function.

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:43 +02:00
Laszlo Ersek
86bf2672a3 OvmfPkg/EnrollDefaultKeys: describe functions with leading comment blocks 
The GetExact(), GetSettings(), PrintSettings(), and ShellAppMain()
functions lack leading comment blocks. Supply those.

While at it, make sure that every such comment block is preceded by two
blank lines.

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:42 +02:00
Laszlo Ersek
7eeaa7585a OvmfPkg/EnrollDefaultKeys: extract MICROSOFT_VENDOR_GUID 
The GUID

  77FA9ABD-0359-4D32-BD60-28F4E78F784B

is specified in MSDN, at
<https://msdn.microsoft.com/en-us/ie/dn932805(v=vs.94)>, therefore it
deserves an entry in the package DEC file, and a header file under
"Include/Guid".

(Arguably, this GUID declaration / definition could even live under
SecurityPkg, but the edk2 tradition has been to hoist GUIDs,
protocols/PPIs, and lib classes from OvmfPkg to a core package only when
dependent C code is added to the core package.)

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:40 +02:00
Laszlo Ersek
a79b115ade OvmfPkg/EnrollDefaultKeys: split out certificate and signature constants 
A large portion of "EnrollDefaultKeys.c" is hex-encoded X509 certificates,
GUIDs, and signatures. These objects are constants, unlikely to see
changes anytime soon. Move them out of the way, to "AuthData.c", so we can
more easily work on functions in "EnrollDefaultKeys.c".

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:39 +02:00
Laszlo Ersek
1c9418fcaf OvmfPkg/EnrollDefaultKeys: extract typedefs to a header file 
"EnrollDefaultKeys.c" defines three structure types: SINGLE_HEADER,
REPEATING_HEADER, and SETTINGS. The definitions are scattered over the C
file, and lack high-level summary comments.

Extract the structures to "EnrollDefaultKeys.h", and add the missing
comments.

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:37 +02:00
Laszlo Ersek
a2491a6c82 OvmfPkg/EnrollDefaultKeys: remove unneeded EFIAPI call. conv. specifiers 
The GetExact(), GetSettings(), PrintSettings() functions are only called
from within "EnrollDefaultKeys.c", and none of them take variable
arguments. Drop their EFIAPI calling convention specifiers.

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:35 +02:00
Laszlo Ersek
e0d612356e OvmfPkg/EnrollDefaultKeys: clean up acronym capitalization in identifiers 
According to the edk2 coding standards, "[w]hen all letters in an acronym
are capitalized, it makes the prior and subsequent words visually
difficult to distinguish".

Fix the spellings of three acronyms, accordingly:
- "KEK" (Key Exchange Key) should be written as "Kek", in "mMicrosoftKEK",
- "CA" (Certificate Authority) should be written as "Ca", in
  "mMicrosoftUefiCA",
- "PCA" (Production Certificate Authority) should be written as "Pca", in
  "mMicrosoftPCA".

Generate the changes with:

  sed --regexp-extended --in-place \
    --expression='s,\<mMicrosoftKEK\>,mMicrosoftKek,g' \
    --expression='s,\<mMicrosoftUefiCA\>,mMicrosoftUefiCa,g' \
    --expression='s,\<mMicrosoftPCA\>,mMicrosoftPca,g' \
    OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:33 +02:00
Laszlo Ersek
32d1440aad OvmfPkg/EnrollDefaultKeys: clean up global variable name prefixes 
In edk2, we should start the names of module-global variables with "m".
Rename the "RedHatPkKek1", "MicrosoftKEK", "MicrosoftPCA",
"MicrosoftUefiCA" variables accordingly, with the following command:

  sed --regexp-extended --in-place \
    --expression='s,\<(RedHatPkKek1|Microsoft(KEK|PCA|UefiCA))\>,m\1,g' \
    OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:31 +02:00
Laszlo Ersek
85d96998a4 OvmfPkg/EnrollDefaultKeys: clean up minor whitespace wart 
In edk2, we should spell "#pragma pack(...)" with a space character in
front of the opening parenthesis. Fix up locations that suggest otherwise.

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:29 +02:00
Laszlo Ersek
3defea06b2 OvmfPkg/EnrollDefaultKeys: update @file comment blocks 
Refresh the sentence that states the purpose of the application.

Extend the copyright notice to the year 2019.

Replace the 2-clause BSD License banner with the BSD-2-Clause-Patent SPDX
ID.

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:24 +02:00
Laszlo Ersek
b11636239f OvmfPkg: introduce EnrollDefaultKeys application 
Add the OvmfPkg/EnrollDefaultKeys shell application source as it is at the
"edk2-20190308git89910a39dcfd-2.el8" tag in RHEL8's downstream "edk2"
package.

Further patches in this series will replace Red Hat-specific bits in the
application, with a conduit to pass in parameters directly from the host
side, on both QEMU and Xen.

(Note: at the moment, Xen doesn't support Secure Boot, due to lacking a
standards-conformant variable driver stack. However, that could change
soon
<https://fosdem.org/2019/schedule/event/vai_implementing_uefi_variable_services_in_qemu/>,
and then this facility will become useful on Xen too.)

The use case for this application (including why it is only being added to
the DSC files) is explained in detail in
<https://bugzilla.tianocore.org/show_bug.cgi?id=1747#c0>.

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
 2019-04-30 14:26:11 +02:00