From: Kun Qin <kuqin@...> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3910 This change added common header files to consumer drivers to unblock pipeline builds. Cc: Jiewen Yao <jiewen.yao@..

From: Kun Qin <kuqin@...> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3910 This change is in pair with the previous SecureBootVariableLib, which removes the explicit invocation of `CreateTim

From: kuqin <kuqin@...> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3911 This change updated the interfaces provided by SecureBootVariableLib. The new additions provided interfaces to enroll

From: kuqin <kuqin@...> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3910 This change removes the interface of SecureBootFetchData, and replaced it with `SecureBootCreateDataFromInput`, which

From: Kun Qin <kuqin@...> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3909 This change updated the interface of 'CreateTimeBasedPayload' by requiring the caller to provide a timestamp, inste

From: Kun Qin <kuqin@...> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3911 This patch provides an abstracted interface for platform to implement PK variable related protection interface, whi

From: Kun Qin <kuqin@...> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3910 This change added certificate and payload structures that can be consumed by SecureBootVariableLib and other Secure

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911 This is a follow-up of a prev

From: Min M Xu <min.m.xu@...> SECURE_BOOT_FEATURE_ENABLED is the build-flag defined when secure boot is enabled. Currently this flag is used in below lib: - OvmfPkg/PlatformPei - PeilessStartupLib So

From: Min M Xu <min.m.xu@...> Set PcdEmuVariableNvStoreReserved with the value in PlatformInfoHob. It is the address of the EmuVariableNvStore reserved in Pei-less startup. Cc: Erdem Aktas <erdemaktas

From: Min M Xu <min.m.xu@...> OvmfPkg/Library/NvVarsFileLib allows loading variables into emulated varstore from a on-disk NvVars file. We can't allow that when secure boot is active. So check secure-

From: Min M Xu <min.m.xu@...> EmuVariableNvStore is reserved and init with below 2 functions defined in PlatformInitLib: - PlatformReserveEmuVariableNvStore - PlatformInitEmuVariableNvStore PlatformIn

From: Min M Xu <min.m.xu@...> ReserveEmuVariableNvStore is updated with below 2 functions defined in PlatformInitLib: - PlatformReserveEmuVariableNvStore - PlatformInitEmuVariableNvStore PlatformInitE

From: Min M Xu <min.m.xu@...> There are 3 functions added for EmuVariableNvStore: - PlatformReserveEmuVariableNvStore - PlatformInitEmuVariableNvStore - PlatformValidateNvVarStore PlatformReserveEmuVa

From: Min M Xu <min.m.xu@...> TdxValidateCfv is used to validate the integrity of FlashNvVarStore (PcdOvmfFlashNvStorageVariableBase) and it is not Tdx specific. So it will be moved to PlatformInitLib

From: Min M Xu <min.m.xu@...> AllocateRuntimePages is used to allocate one or more 4KB pages of type EfiRuntimeServicesData. Cc: Leif Lindholm <quic_llindhol@...> Cc: Ard Biesheuvel <ardb+tianocore@..

Secure-Boot related variables include the PK/KEK/DB/DBX and they are stored in NvVarStore (OVMF_VARS.fd). When lauching with -pflash, QEMU/OVMF will use emulated flash, and fully support UEFI variable

Secure-Boot related variables include the PK/KEK/DB/DBX and they are stored in NvVarStore (OVMF_VARS.fd). When lauching with -pflash, QEMU/OVMF will use emulated flash, and fully support UEFI variable

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911 This is a revamp of a previou

Update check for enough space to occur prior to alignment offset. This prevents cases where EfiFreeMemoryTop < EfiFreeMemoryBottom. Signed-off-by: Jeff Brasen <jbrasen@...> --- .../MemoryAllocationLib