From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by ml01.01.org (Postfix) with ESMTP id 857861A1E18 for ; Mon, 15 Aug 2016 01:17:44 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga101.fm.intel.com with ESMTP; 15 Aug 2016 01:17:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,524,1464678000"; d="scan'208";a="865544389" Received: from shwdeopenpsi168.ccr.corp.intel.com ([10.239.158.144]) by orsmga003.jf.intel.com with ESMTP; 15 Aug 2016 01:17:43 -0700 From: Yonghong Zhu To: edk2-devel@lists.01.org Cc: Liming Gao Date: Mon, 15 Aug 2016 16:17:36 +0800 Message-Id: <1471249059-95652-1-git-send-email-yonghong.zhu@intel.com> X-Mailer: git-send-email 2.6.1.windows.1 Subject: [Patch 0/3] BaseTools: Add the support for FMP capsule generate auth info X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Aug 2016 08:17:44 -0000 Current BaseTools cannot support the EFI_FIRMWARE_IMAGE_AUTHENTICATION struct for FMP capsule. # typedef struct { # UINT64 MonotonicCount; # WIN_CERTIFICATE_UEFI_GUID AuthInfo; # } EFI_FIRMWARE_IMAGE_AUTHENTICATION; Patch 1: add the PKCS7 Tool to support CertType - EFI_CERT_TYPE_PKCS7_GUID Patch 2: update the Rsa2048Sha256Sign tool to support Monotonic count Patch 3: update the FMP capsule generation, call the tool by CERTIFICATE_GUID defined in the FDF file to generate the certdata and fill the header info. Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu Yonghong Zhu (3): BaseTools: Add the PKCS7 tool BaseTools: Rsa2048Sha256Sign add new option to support Monotonic count BaseTools: FMP capsule add the support to generate auth info BaseTools/Conf/tools_def.template | 6 + BaseTools/Source/Python/GenFds/Capsule.py | 80 +++++- BaseTools/Source/Python/GenFds/CapsuleData.py | 4 +- BaseTools/Source/Python/GenFds/FdfParser.py | 64 ++++- BaseTools/Source/Python/GenFds/GenFds.py | 59 ++++- BaseTools/Source/Python/GenFds/GuidSection.py | 59 +---- BaseTools/Source/Python/Makefile | 27 +- .../Python/Pkcs7Sign/GenFirmwareImageAuthPkcs7.py | 285 +++++++++++++++++++++ BaseTools/Source/Python/Pkcs7Sign/TestCert.pem | 57 +++++ BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem | 19 ++ BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem | 56 ++++ BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem | 18 ++ BaseTools/Source/Python/Pkcs7Sign/TestSub.pem | 57 +++++ BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem | 19 ++ .../Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 31 ++- 15 files changed, 760 insertions(+), 81 deletions(-) create mode 100644 BaseTools/Source/Python/Pkcs7Sign/GenFirmwareImageAuthPkcs7.py create mode 100644 BaseTools/Source/Python/Pkcs7Sign/TestCert.pem create mode 100644 BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem create mode 100644 BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem create mode 100644 BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem create mode 100644 BaseTools/Source/Python/Pkcs7Sign/TestSub.pem create mode 100644 BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem -- 2.6.1.windows.1