From 96eb23c5556ed28d2242669bed9eb818285251b6 Mon Sep 17 00:00:00 2001 From: Richard Lyu Date: Wed, 17 Dec 2025 11:35:31 +0800 Subject: [PATCH] Revert "OvmfPkg/RiscVVirt: Add SecureBootDefaultKeysInit module." This reverts commit 35a3ceb882b57da0964c8b4a038e8808b3dc2b13. --- .../SecureBootDefaultKeysInit.c | 643 ------------------ .../SecureBootDefaultKeysInit.inf | 49 -- OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc | 2 +- OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf | 18 - 4 files changed, 1 insertion(+), 711 deletions(-) delete mode 100644 OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.c delete mode 100644 OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf diff --git a/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.c b/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.c deleted file mode 100644 index 037174dc6a..0000000000 --- a/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.c +++ /dev/null @@ -1,643 +0,0 @@ -/** @file - This driver init default Secure Boot variables - - Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
- (C) Copyright 2018 Hewlett Packard Enterprise Development LP
- Copyright (c) 2021, ARM Ltd. All rights reserved.
- Copyright (c) 2021, Semihalf All rights reserved.
- Copyright (c) 2021, Ampere Computing LLC. All rights reserved.
- Copyright (C) 2023-2025 Advanced Micro Devices, Inc. All rights reserved. - - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/** - Set PKDefault Variable. - - @param[in] X509Data X509 Certificate data. - @param[in] X509DataSize X509 Certificate data size. - - @retval EFI_SUCCESS PKDefault is set successfully. - -**/ -EFI_STATUS -SetPkDefault ( - IN UINT8 *X509Data, - IN UINTN X509DataSize - ) -{ - EFI_STATUS Status; - UINT32 Attr; - UINTN DataSize; - EFI_SIGNATURE_LIST *PkCert; - EFI_SIGNATURE_DATA *PkCertData; - - PkCert = NULL; - - // - // Allocate space for PK certificate list and initialize it. - // Create PK database entry with SignatureHeaderSize equals 0. - // - PkCert = (EFI_SIGNATURE_LIST *)AllocateZeroPool ( - sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 - + X509DataSize - ); - if (PkCert == NULL) { - Status = EFI_OUT_OF_RESOURCES; - DEBUG ((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __func__, Status)); - goto ON_EXIT; - } - - PkCert->SignatureListSize = (UINT32)(sizeof (EFI_SIGNATURE_LIST) - + sizeof (EFI_SIGNATURE_DATA) - 1 - + X509DataSize); - PkCert->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize); - PkCert->SignatureHeaderSize = 0; - CopyGuid (&PkCert->SignatureType, &gEfiCertX509Guid); - PkCertData = (EFI_SIGNATURE_DATA *)((UINTN)PkCert - + sizeof (EFI_SIGNATURE_LIST) - + PkCert->SignatureHeaderSize); - CopyGuid (&PkCertData->SignatureOwner, &gEfiGlobalVariableGuid); - // - // Fill the PK database with PKpub data from X509 certificate file. - // - CopyMem (&(PkCertData->SignatureData[0]), X509Data, X509DataSize); - - Attr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS; - DataSize = PkCert->SignatureListSize; - - Status = gRT->SetVariable ( - EFI_PK_DEFAULT_VARIABLE_NAME, - &gEfiGlobalVariableGuid, - Attr, - DataSize, - PkCert - ); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __func__, Status)); - goto ON_EXIT; - } - -ON_EXIT: - - if (PkCert != NULL) { - FreePool (PkCert); - } - - return Status; -} - -/** - Set KDKDefault Variable. - - @param[in] X509Data X509 Certificate data. - @param[in] X509DataSize X509 Certificate data size. - - @retval EFI_SUCCESS KEKDefault is set successfully. - -**/ -EFI_STATUS -SetKekDefault ( - IN UINT8 *X509Data, - IN UINTN X509DataSize - ) -{ - EFI_STATUS Status; - EFI_SIGNATURE_DATA *KEKSigData; - EFI_SIGNATURE_LIST *KekSigList; - UINTN DataSize; - UINTN KekSigListSize; - UINT32 Attr; - - KekSigList = NULL; - KekSigListSize = 0; - DataSize = 0; - KEKSigData = NULL; - - KekSigListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize; - KekSigList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (KekSigListSize); - if (KekSigList == NULL) { - Status = EFI_OUT_OF_RESOURCES; - DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __func__, Status)); - goto ON_EXIT; - } - - // - // Fill Certificate Database parameters. - // - KekSigList->SignatureListSize = (UINT32)KekSigListSize; - KekSigList->SignatureHeaderSize = 0; - KekSigList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize); - CopyGuid (&KekSigList->SignatureType, &gEfiCertX509Guid); - - KEKSigData = (EFI_SIGNATURE_DATA *)((UINT8 *)KekSigList + sizeof (EFI_SIGNATURE_LIST)); - CopyGuid (&KEKSigData->SignatureOwner, &gEfiGlobalVariableGuid); - CopyMem (KEKSigData->SignatureData, X509Data, X509DataSize); - - // - // Check if KEK been already existed. - // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the - // new kek to original variable - // - Attr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS; - - Status = gRT->GetVariable ( - EFI_KEK_DEFAULT_VARIABLE_NAME, - &gEfiGlobalVariableGuid, - NULL, - &DataSize, - NULL - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - Attr |= EFI_VARIABLE_APPEND_WRITE; - } else if (Status != EFI_NOT_FOUND) { - DEBUG ((DEBUG_ERROR, "%a: Cannot get the value of KEK: %r\n", __func__, Status)); - goto ON_EXIT; - } - - Status = gRT->SetVariable ( - EFI_KEK_DEFAULT_VARIABLE_NAME, - &gEfiGlobalVariableGuid, - Attr, - KekSigListSize, - KekSigList - ); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __func__, Status)); - goto ON_EXIT; - } - -ON_EXIT: - - if (KekSigList != NULL) { - FreePool (KekSigList); - } - - return Status; -} - -/** - Checks if the file content complies with EFI_VARIABLE_AUTHENTICATION_2 format - - @param[in] Data Data. - @param[in] DataSize Data size. - - @retval TRUE The content is EFI_VARIABLE_AUTHENTICATION_2 format. - @retval FALSE The content is NOT a EFI_VARIABLE_AUTHENTICATION_2 format. - -**/ -BOOLEAN -IsAuthentication2Format ( - IN UINT8 *Data, - IN UINTN DataSize - ) -{ - EFI_VARIABLE_AUTHENTICATION_2 *Auth2; - BOOLEAN IsAuth2Format; - - IsAuth2Format = FALSE; - - Auth2 = (EFI_VARIABLE_AUTHENTICATION_2 *)Data; - if (Auth2->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) { - goto ON_EXIT; - } - - if (CompareGuid (&gEfiCertPkcs7Guid, &Auth2->AuthInfo.CertType)) { - IsAuth2Format = TRUE; - } - -ON_EXIT: - - return IsAuth2Format; -} - -/** - Set signature database with the data of EFI_VARIABLE_AUTHENTICATION_2 format. - - @param[in] AuthData AUTHENTICATION_2 data. - @param[in] AuthDataSize AUTHENTICATION_2 data size. - @param[in] VariableName Variable name of signature database, must be - EFI_DB_DEFAULT_VARIABLE_NAME or EFI_DBX_DEFAULT_VARIABLE_NAME or EFI_DBT_DEFAULT_VARIABLE_NAME. - - @retval EFI_SUCCESS New signature is set successfully. - @retval EFI_INVALID_PARAMETER The parameter is invalid. - @retval EFI_UNSUPPORTED Unsupported command. - @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. - -**/ -EFI_STATUS -SetAuthentication2ToSigDb ( - IN UINT8 *AuthData, - IN UINTN AuthDataSize, - IN CHAR16 *VariableName - ) -{ - EFI_STATUS Status; - UINTN DataSize; - UINT32 Attr; - UINT8 *Data; - - Attr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS; - - // - // Check if SigDB variable has been already existed. - // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the - // new signature data to original variable - // - DataSize = 0; - Status = gRT->GetVariable ( - VariableName, - &gEfiGlobalVariableGuid, - NULL, - &DataSize, - NULL - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - Attr |= EFI_VARIABLE_APPEND_WRITE; - } else if (Status != EFI_NOT_FOUND) { - DEBUG ((DEBUG_ERROR, "%a: Cannot get the value of signature database: %r\n", __func__, Status)); - return Status; - } - - // - // Ignore AUTHENTICATION_2 region. Only the actual certificate is needed. - // - DataSize = AuthDataSize - ((EFI_VARIABLE_AUTHENTICATION_2 *)AuthData)->AuthInfo.Hdr.dwLength - sizeof (EFI_TIME); - Data = AuthData + (AuthDataSize - DataSize); - - Status = gRT->SetVariable ( - VariableName, - &gEfiGlobalVariableGuid, - Attr, - DataSize, - Data - ); - - return Status; -} - -/** - - Set signature database with the data of X509 format. - - @param[in] X509Data X509 Certificate data. - @param[in] X509DataSize X509 Certificate data size. - @param[in] VariableName Variable name of signature database, must be - EFI_DB_DEFAULT_VARIABLE_NAME or EFI_DBX_DEFAULT_VARIABLE_NAME or EFI_DBT_DEFAULT_VARIABLE_NAME. - @param[in] SignatureOwnerGuid Guid of the signature owner. - - @retval EFI_SUCCESS New X509 is enrolled successfully. - @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. - -**/ -EFI_STATUS -SetX509ToSigDb ( - IN UINT8 *X509Data, - IN UINTN X509DataSize, - IN CHAR16 *VariableName, - IN EFI_GUID *SignatureOwnerGuid - ) -{ - EFI_STATUS Status; - EFI_SIGNATURE_LIST *SigDBCert; - EFI_SIGNATURE_DATA *SigDBCertData; - VOID *Data; - UINTN DataSize; - UINTN SigDBSize; - UINT32 Attr; - - SigDBSize = 0; - DataSize = 0; - SigDBCert = NULL; - SigDBCertData = NULL; - Data = NULL; - - SigDBSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize; - Data = AllocateZeroPool (SigDBSize); - if (Data == NULL) { - Status = EFI_OUT_OF_RESOURCES; - DEBUG ((DEBUG_ERROR, "%a: Cannot allocate memory: %r\n", __func__, Status)); - goto ON_EXIT; - } - - // - // Fill Certificate Database parameters. - // - SigDBCert = (EFI_SIGNATURE_LIST *)Data; - SigDBCert->SignatureListSize = (UINT32)SigDBSize; - SigDBCert->SignatureHeaderSize = 0; - SigDBCert->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize); - CopyGuid (&SigDBCert->SignatureType, &gEfiCertX509Guid); - - SigDBCertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigDBCert + sizeof (EFI_SIGNATURE_LIST)); - CopyGuid (&SigDBCertData->SignatureOwner, SignatureOwnerGuid); - CopyMem ((UINT8 *)(SigDBCertData->SignatureData), X509Data, X509DataSize); - - // - // Check if signature database entry has been already existed. - // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the - // new signature data to original variable - // - Attr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS; - - Status = gRT->GetVariable ( - VariableName, - &gEfiGlobalVariableGuid, - NULL, - &DataSize, - NULL - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - Attr |= EFI_VARIABLE_APPEND_WRITE; - } else if (Status != EFI_NOT_FOUND) { - goto ON_EXIT; - } - - Status = gRT->SetVariable ( - VariableName, - &gEfiGlobalVariableGuid, - Attr, - SigDBSize, - Data - ); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "%a: Cannot set signature database: %r\n", __func__, Status)); - goto ON_EXIT; - } - -ON_EXIT: - - if (Data != NULL) { - FreePool (Data); - } - - return Status; -} - -/** - - Set signature database. - - @param[in] Data Data. - @param[in] DataSize Data size. - @param[in] VariableName Variable name of signature database, must be - EFI_DB_DEFAULT_VARIABLE_NAME or EFI_DBX_DEFAULT_VARIABLE_NAME or EFI_DBT_DEFAULT_VARIABLE_NAME. - @param[in] SignatureOwnerGuid Guid of the signature owner. - - @retval EFI_SUCCESS Signature is set successfully. - @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. - -**/ -EFI_STATUS -SetSignatureDatabase ( - IN UINT8 *Data, - IN UINTN DataSize, - IN CHAR16 *VariableName, - IN EFI_GUID *SignatureOwnerGuid - ) -{ - if (IsAuthentication2Format (Data, DataSize)) { - return SetAuthentication2ToSigDb (Data, DataSize, VariableName); - } else { - return SetX509ToSigDb (Data, DataSize, VariableName, SignatureOwnerGuid); - } -} - -/** Initializes PKDefault variable with data from FFS section. - - @retval EFI_SUCCESS Variable was initialized successfully. - @retval EFI_UNSUPPORTED Variable already exists. -**/ -EFI_STATUS -InitPkDefault ( - IN VOID - ) -{ - EFI_STATUS Status; - UINT8 *Data; - UINTN DataSize; - - // - // Check if variable exists, if so do not change it - // - Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize); - if (Status == EFI_SUCCESS) { - DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_PK_DEFAULT_VARIABLE_NAME)); - FreePool (Data); - return EFI_UNSUPPORTED; - } - - // - // Variable does not exist, can be initialized - // - DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PK_DEFAULT_VARIABLE_NAME)); - - // - // Enroll default PK. - // - Status = GetSectionFromFv ( - &gDefaultPKFileGuid, - EFI_SECTION_RAW, - 0, - (VOID **)&Data, - &DataSize - ); - if (!EFI_ERROR (Status)) { - SetPkDefault (Data, DataSize); - } - - return EFI_SUCCESS; -} - -/** Initializes KEKDefault variable with data from FFS section. - - @retval EFI_SUCCESS Variable was initialized successfully. - @retval EFI_UNSUPPORTED Variable already exists. -**/ -EFI_STATUS -InitKekDefault ( - IN VOID - ) -{ - EFI_STATUS Status; - UINTN Index; - UINT8 *Data; - UINTN DataSize; - - // - // Check if variable exists, if so do not change it - // - Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize); - if (Status == EFI_SUCCESS) { - DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_KEK_DEFAULT_VARIABLE_NAME)); - FreePool (Data); - return EFI_UNSUPPORTED; - } - - Index = 0; - do { - Status = GetSectionFromFv ( - &gDefaultKEKFileGuid, - EFI_SECTION_RAW, - Index, - (VOID **)&Data, - &DataSize - ); - if (!EFI_ERROR (Status)) { - SetKekDefault (Data, DataSize); - Index++; - } - } while (Status == EFI_SUCCESS); - - return EFI_SUCCESS; -} - -/** Initializes dbDefault variable with data from FFS section. - - @retval EFI_SUCCESS Variable was initialized successfully. - @retval EFI_UNSUPPORTED Variable already exists. -**/ -EFI_STATUS -InitDbDefault ( - IN VOID - ) -{ - EFI_STATUS Status; - UINTN Index; - UINT8 *Data; - UINTN DataSize; - - Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize); - if (Status == EFI_SUCCESS) { - DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DB_DEFAULT_VARIABLE_NAME)); - FreePool (Data); - return EFI_UNSUPPORTED; - } - - DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DB_DEFAULT_VARIABLE_NAME)); - - Index = 0; - do { - Status = GetSectionFromFv ( - &gDefaultdbFileGuid, - EFI_SECTION_RAW, - Index, - (VOID **)&Data, - &DataSize - ); - if (!EFI_ERROR (Status)) { - SetSignatureDatabase (Data, DataSize, EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid); - Index++; - } - } while (Status == EFI_SUCCESS); - - return EFI_SUCCESS; -} - -/** Initializes dbxDefault variable with data from FFS section. - - @retval EFI_SUCCESS Variable was initialized successfully. - @retval EFI_UNSUPPORTED Variable already exists. -**/ -EFI_STATUS -InitDbxDefault ( - IN VOID - ) -{ - EFI_STATUS Status; - UINTN Index; - UINT8 *Data; - UINTN DataSize; - - // - // Check if variable exists, if so do not change it - // - Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize); - if (Status == EFI_SUCCESS) { - DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBX_DEFAULT_VARIABLE_NAME)); - FreePool (Data); - return EFI_UNSUPPORTED; - } - - // - // Variable does not exist, can be initialized - // - DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DBX_DEFAULT_VARIABLE_NAME)); - - Index = 0; - do { - Status = GetSectionFromFv ( - &gDefaultdbxFileGuid, - EFI_SECTION_RAW, - Index, - (VOID **)&Data, - &DataSize - ); - if (!EFI_ERROR (Status)) { - SetSignatureDatabase (Data, DataSize, EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid); - Index++; - } - } while (Status == EFI_SUCCESS); - - return EFI_SUCCESS; -} - -/** - Initializes default SecureBoot certificates with data from FFS section. - - @param[in] ImageHandle The firmware allocated handle for the EFI image. - @param[in] SystemTable A pointer to the EFI System Table. - - @retval EFI_SUCCESS Variable was initialized successfully. -**/ -EFI_STATUS -EFIAPI -SecureBootDefaultKeysInitEntry ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - - Status = InitPkDefault (); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __func__, Status)); - return Status; - } - - Status = InitKekDefault (); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __func__, Status)); - return Status; - } - - Status = InitDbDefault (); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n", __func__, Status)); - return Status; - } - - Status = InitDbxDefault (); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbxDefault: %r\n", __func__, Status)); - return Status; - } - - return EFI_SUCCESS; -} diff --git a/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf b/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf deleted file mode 100644 index 0127841733..0000000000 --- a/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf +++ /dev/null @@ -1,49 +0,0 @@ -## @file -# Initializes Secure Boot default keys -# -# Copyright (c) 2021, ARM Ltd. All rights reserved.
-# Copyright (c) 2021, Semihalf All rights reserved.
-# Copyright (C) 2023-2025 Advanced Micro Devices, Inc. All rights reserved. -# -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 1.29 - BASE_NAME = SecureBootDefaultKeysInit - FILE_GUID = 384D1860-7306-11F0-B8B4-F53A5CB787AC - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - ENTRY_POINT = SecureBootDefaultKeysInitEntry - -[Sources] - SecureBootDefaultKeysInit.c - -[Packages] - MdeModulePkg/MdeModulePkg.dec - MdePkg/MdePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - DebugLib - DxeServicesLib - SecureBootVariableLib - SecureBootVariableProvisionLib - UefiBootServicesTableLib - UefiDriverEntryPoint - -[Guids] - gDefaultdbFileGuid - gDefaultdbxFileGuid - gDefaultKEKFileGuid - gDefaultPKFileGuid - gEfiCertPkcs7Guid - gEfiCertX509Guid - gEfiCustomModeEnableGuid - gEfiImageSecurityDatabaseGuid - gEfiSecureBootEnableDisableGuid - -[Depex] - gEfiVariableArchProtocolGuid AND - gEfiVariableWriteArchProtocolGuid diff --git a/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc b/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc index a7c4f842bb..0c1162b845 100644 --- a/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc +++ b/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc @@ -392,7 +392,7 @@ !endif } SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf - OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf !else MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf !endif diff --git a/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf b/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf index 1f37eb6894..a71ce1ae0b 100644 --- a/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf +++ b/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf @@ -89,24 +89,6 @@ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf !endif !if $(SECURE_BOOT_ENABLE) == TRUE INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf - INF OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf - - FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { - SECTION RAW = OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootKeys/PK/PK.cer - } - - FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { - SECTION RAW = OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootKeys/KEK/MicCorKEKCA2011_2011-06-24.crt - } - - FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { - SECTION RAW = OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootKeys/db/MicWinProPCA2011_2011-10-19.crt - SECTION RAW = OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootKeys/db/MicCorUEFCA2011_2011-06-27.crt - } - - FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { - SECTION RAW = OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootKeys/dbx/dbxupdate_x64.bin - } !endif INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf -- 2.51.0