From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: Feng Tian <feng.tian@intel.com>, Star Zeng <star.zeng@intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <liming.gao@intel.com>,
Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH V2 20/50] SecurityPkg/SecurityPkg.dec: Add PcdPkcs7CertBuffer PCD.
Date: Fri, 30 Sep 2016 20:21:38 +0800 [thread overview]
Message-ID: <1475238128-22448-21-git-send-email-jiewen.yao@intel.com> (raw)
In-Reply-To: <1475238128-22448-1-git-send-email-jiewen.yao@intel.com>
This PCD is similar to PcdRsa2048Sha256PublicKeyBuffer.
It provides trusted cert for PKCS7 verification.
It can be used for Recovery and Capsule Update images.
We added warning message for both PcdPkcs7CertBuffer and
PcdRsa2048Sha256PublicKeyBuffer. The default value is only for
test purpose.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
---
SecurityPkg/SecurityPkg.dec | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index f4f4d19..dab332a 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -400,11 +400,17 @@
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks|0x0|UINT32|0x00010015
## Provides one or more SHA 256 Hashes of the RSA 2048 public keys used to verify Recovery and Capsule Update images
- #
+ # WARNING: The default value is treated as test key. Please do not use default value in the production.
# @Prompt One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images
#
gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, 0x96, 0xa2, 0xd4, 0xa6, 0x4d}|VOID*|0x00010013
+ ## Provides one PKCS7 cert used to verify Recovery and Capsule Update images
+ # WARNING: The default value is treated as test key. Please do not use default value in the production.
+ # @Prompt One PKCS7 cert used to verify Recovery and Capsule Update images
+ #
+ gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer|{0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xdc, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x34, 0x30, 0x27, 0x7f, 0x05, 0x3d, 0x95, 0x85, 0x43, 0xa0, 0xa4, 0xf5, 0x0c, 0x9a, 0xe7, 0xca, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x30, 0x34, 0x31, 0x35, 0x30, 0x31, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x94, 0xe6, 0x33, 0x4f, 0x56, 0xc3, 0x07, 0xa0, 0xd0, 0x99, 0x57, 0xc3, 0xe1, 0x56, 0x42, 0x01, 0x70, 0x59, 0x1c, 0x2f, 0x4a, 0x66, 0x8f, 0x34, 0x9e, 0x93, 0xbd, 0xb6, 0xec, 0x92, 0xa4, 0x90, 0x51, 0x5d, 0xc6, 0x8f, 0xb5, 0xc3, 0x86, 0x15, 0xdf, 0x60, 0x80, 0xbe, 0xb8, 0x78, 0x59, 0x5b, 0x9b, 0xfd, 0x27, 0x92, 0x69, 0xcc, 0xca, 0x8e, 0x3e, 0x9e, 0x81, 0x47, 0x5b, 0x84, 0xef, 0x5c, 0x9b, 0xb3, 0x4a, 0x43, 0x5b, 0x8d, 0x0b, 0x31, 0x04, 0x00, 0xb6, 0x8a, 0xc0, 0xa9, 0xf5, 0x21, 0xd0, 0x3f, 0xcd, 0xb0, 0x67, 0x7d, 0x50, 0x33, 0x2e, 0xfb, 0x1b, 0x2c, 0x16, 0x2e, 0xee, 0x56, 0x01, 0x87, 0xf6, 0xc8, 0xd4, 0x53, 0x07, 0x67, 0x99, 0x0b, 0x46, 0xbf, 0x1d, 0x90, 0xc6, 0xdb, 0x7f, 0x6d, 0x62, 0x0c, 0x4a, 0xac, 0xa8, 0xa2, 0x3c, 0x79, 0x0f, 0xad, 0x8f, 0xfe, 0xc1, 0xe8, 0xe5, 0x27, 0x3d, 0xf9, 0xa6, 0x9a, 0x1d, 0xec, 0x9a, 0x5f, 0x62, 0x51, 0x2e, 0x98, 0x1d, 0x29, 0xba, 0x6b, 0x8a, 0xfb, 0x43, 0x0e, 0x68, 0x29, 0xf5, 0xbe, 0x67, 0x48, 0x44, 0x28, 0x45, 0xfe, 0x1d, 0x3b, 0x50, 0x72, 0x6a, 0xc0, 0xbb, 0x0c, 0x9f, 0x02, 0x61, 0xad, 0x63, 0xa7, 0x87, 0xf6, 0x32, 0x9f, 0x3e, 0x16, 0x5c, 0xee, 0xcc, 0x05, 0xbd, 0x17, 0xe8, 0x46, 0x52, 0xaf, 0x50, 0x8a, 0xa6, 0x7e, 0x16, 0x69, 0x83, 0x69, 0x5b, 0x6e, 0x4d, 0xc7, 0xcf, 0x80, 0xb8, 0xcd, 0xf6, 0x66, 0x3f, 0xbe, 0x6c, 0xa0, 0xe8, 0x9c, 0x26, 0x60, 0xba, 0xa9, 0x05, 0xdd, 0x71, 0x4a, 0xbd, 0x00, 0xa8, 0x0c, 0xf7, 0x50, 0xab, 0x44, 0xd6, 0x3e, 0x87, 0x21, 0x3c, 0x2d, 0xe6, 0x33, 0x27, 0x5e, 0x21, 0x27, 0xb9, 0xdc, 0x38, 0x48, 0xd6, 0x3a, 0x96, 0xe1, 0x17, 0x47, 0x65, 0x65, 0xce, 0x3d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x48, 0x30, 0x46, 0x30, 0x44, 0x06, 0x03, 0x55, 0x1d, 0x01, 0x04, 0x3d, 0x30, 0x3b, 0x80, 0x10, 0xce, 0xb5, 0x7a, 0xcf, 0xe5, 0x21, 0xc7, 0x6b, 0xf3, 0xec, 0x92, 0xd4, 0xbf, 0x65, 0x2a, 0x35, 0xa1, 0x15, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x82, 0x10, 0x34, 0x30, 0x27, 0x7f, 0x05, 0x3d, 0x95, 0x85, 0x43, 0xa0, 0xa4, 0xf5, 0x0c, 0x9a, 0xe7, 0xca, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6b, 0x0d, 0xe0, 0x0a, 0xd0, 0xee, 0x5b, 0x3f, 0xb6, 0x73, 0x48, 0x62, 0xe8, 0xf4, 0x5b, 0xe1, 0xed, 0xd9, 0x00, 0xc5, 0xe5, 0x0e, 0x68, 0xfb, 0x53, 0x33, 0x30, 0x6a, 0x60, 0xba, 0xee, 0x38, 0x5b, 0x51, 0x63, 0x70, 0xd5, 0x7e, 0x05, 0xfe, 0xe4, 0x45, 0x2a, 0x15, 0x62, 0x1b, 0xfc, 0xd8, 0x75, 0x93, 0x56, 0xf6, 0xe6, 0x06, 0x85, 0x21, 0xf7, 0x08, 0x47, 0x26, 0xb9, 0xfe, 0x05, 0x4e, 0x90, 0x22, 0x54, 0xf4, 0x39, 0x09, 0x4c, 0x5c, 0x8e, 0xcd, 0x7c, 0x3b, 0xaf, 0x4b, 0x2d, 0x18, 0x06, 0xf4, 0x5c, 0x24, 0x2a, 0x64, 0xf7, 0x59, 0x75, 0x28, 0x97, 0xa9, 0x90, 0x2c, 0xba, 0x46, 0x02, 0x6a, 0x64, 0x66, 0x49, 0x32, 0xcb, 0x5d, 0x34, 0xfe, 0x24, 0xe4, 0x44, 0xb0, 0xc2, 0xad, 0x17, 0x1b, 0x05, 0x7d, 0xd3, 0x58, 0x88, 0x2e, 0xbe, 0x0e, 0xd7, 0x2b, 0xca, 0x5c, 0xbf, 0x28, 0x25, 0x3d, 0xd8, 0xbb, 0x3c, 0x38, 0x52, 0xe6, 0x27, 0xfa, 0xd2, 0xb8, 0x45, 0x6b, 0x5f, 0x7f, 0x4b, 0xb0, 0x23, 0x05, 0xe8, 0xaf, 0x67, 0xe8, 0xe2, 0x6c, 0x2f, 0x9f, 0xf8, 0x73, 0x7f, 0xc3, 0x17, 0xbc, 0xb2, 0x6a, 0x5b, 0x2a, 0xf3, 0x6b, 0xd3, 0xdc, 0x7f, 0xdf, 0x2f, 0xd0, 0xab, 0x06, 0x0c, 0xfe, 0x03, 0xe7, 0x8d, 0x82, 0xec, 0x84, 0x3d, 0xc8, 0x7d, 0xed, 0xcb, 0x6a, 0x5b, 0x35, 0x48, 0x55, 0x07, 0xfb, 0xaa, 0x78, 0x1a, 0x01, 0xbb, 0x98, 0x45, 0x8b, 0xda, 0x8a, 0xe3, 0x21, 0x57, 0x86, 0x15, 0x23, 0x17, 0x50, 0x1b, 0x9c, 0xbc, 0x1a, 0x59, 0xa8, 0x2a, 0xad, 0x3a, 0x7e, 0x01, 0x24, 0x83, 0xf7, 0xb0, 0x61, 0xe6, 0xbd, 0x4f, 0xd9, 0x91, 0x90, 0xa7, 0x2a, 0xb9, 0x0c, 0x3b, 0xab, 0x95, 0x20, 0x1c, 0xf0, 0x74, 0xce, 0x02, 0xba, 0x14, 0x5d, 0xf1, 0x91, 0x25, 0x4a}|VOID*|0x00010014
+
## This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML).
# For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB.
# @Prompt Minimum length(in bytes) of the system preboot TCG event log area(LAML).
--
2.7.4.windows.1
next prev parent reply other threads:[~2016-09-30 12:23 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-30 12:21 [PATCH V2 00/50] Add capsule update and recovery sample Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 01/50] MdeModulePkg/Include: Add EDKII system FMP capsule header Jiewen Yao
2016-10-11 8:53 ` Sean Brogan
2016-09-30 12:21 ` [PATCH V2 02/50] MdeModulePkg/Include: Add EdkiiSystemCapsuleLib definition Jiewen Yao
2016-10-11 8:56 ` Sean Brogan
2016-09-30 12:21 ` [PATCH V2 03/50] MdeModulePkg/Include: Add FmpAuthenticationLib header Jiewen Yao
2016-10-11 9:21 ` Sean Brogan
2016-10-11 14:06 ` Yao, Jiewen
2016-09-30 12:21 ` [PATCH V2 04/50] MdeModulePkg/Include: Add IniParsingLib header Jiewen Yao
2016-10-11 9:22 ` Sean Brogan
2016-09-30 12:21 ` [PATCH V2 05/50] MdeModulePkg/Include: Add PlatformFlashAccessLib header Jiewen Yao
2016-10-11 9:27 ` Sean Brogan
2016-09-30 12:21 ` [PATCH V2 06/50] MdeModulePkg/CapsuleLib: Add ProcessCapsules() API Jiewen Yao
2016-10-11 9:28 ` Sean Brogan
2016-10-11 9:32 ` Sean Brogan
2016-10-11 14:13 ` Yao, Jiewen
2016-09-30 12:21 ` [PATCH V2 07/50] MdeModulePkg/MdeModulePkg.dec: Add capsule related definition Jiewen Yao
2016-10-11 9:34 ` Sean Brogan
2016-09-30 12:21 ` [PATCH V2 08/50] MdeModulePkg/IniParsingLib: Add InitParsingLib instance Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 09/50] MdeModulePkg/FmpAuthenticationLib: Add FmpAuthenticationLib instance Jiewen Yao
2016-10-11 9:51 ` Sean Brogan
2016-10-11 14:28 ` Yao, Jiewen
2016-09-30 12:21 ` [PATCH V2 10/50] MdeModulePkg/DxeCapsuleLibFmp: Add DxeCapsuleLibFmp instance Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 11/50] MdeModulePkg/DxeCapsuleLibNull: Add ProcessCapsules() interface Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 12/50] MdeModulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib instance Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 13/50] MdeModulePkg/PlatformFlashAccessLib: Add NULL PlatformFlashAccessLib Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 14/50] MdeModulePkg/Esrt: Add ESRT_FW_TYPE_SYSTEMFIRMWARE check Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 15/50] MdeModulePkg/SystemFirmwareUpdate: Add SystemFirmwareUpdate Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 16/50] MdeModulePkg/RecoveryModuleLoadPei: Add RecoveryModuleLoadPei Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 17/50] MdeModulePkg/CapsuleApp: Add CapsuleApp application Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 18/50] MdeModulePkg/MdeModulePkg.dsc: Add capsule related component Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 19/50] IntelFrameworkModulePkg/DxeCapsuleLib: Add ProcessCapsules() interface Jiewen Yao
2016-09-30 12:21 ` Jiewen Yao [this message]
2016-09-30 12:21 ` [PATCH V2 21/50] SecurityPkg/FmpAuthenticationPkcs7Lib: Add PKCS7 NULL class for FMP Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 22/50] SecurityPkg/FmpAuthenticationRsa2048Sha256Lib: Add " Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 23/50] SecurityPkg/SecurityPkg.dsc: Add FmpAuthentication*Lib Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 24/50] BaseTool/Pkcs7: Add TestRoot.cer Jiewen Yao
2016-10-08 4:10 ` Zhu, Yonghong
2016-09-30 12:21 ` [PATCH V2 25/50] UefiCpuPkg/Include: Add Microcode FMP definition Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 26/50] UefiCpuPkg/Include: Add MicrocodeFlashAccessLib header Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 27/50] UefiCpuPkg/UefiCpuPkg.dec: Add Microcode capsule related definition Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 28/50] UefiCpuPkg/MicrocodeUpdate: Add MicrocodeUpdate component Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 29/50] UefiCpuPkg/MicrocodeFlashAccessLib: Add NULL MicrocodeFlashAccessLib Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 30/50] UefiCpuPkg/MicrocodeCapsuleApp: Add MicrocodeCapsuleApp application Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 31/50] UefiCpuPkg/UefiCpuPkg.dsc: Add MicrocodeCapsule related component Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 32/50] QuarkPlatformPkg/dec: Add test key file guid Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 33/50] QuarkPlatformPkg/PlatformFlashAccessLib: Add instance for capsule update Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 34/50] QuarkPlatformPkg/SystemFirmwareDescriptor: Add Descriptor " Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 35/50] QuarkPlatformPkg/SystemFirmwareUpdateConfig: Add capsule config file Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 36/50] QuarkPlatformPkg/PlatformInit: Remove recovery PPI installation Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 37/50] QuarkPlatformPkg/PlatformBootManager: Add capsule/recovery handling Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 38/50] QuarkPlatformPkg/dsc/fdf: Add capsule/recovery support Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 39/50] QuarkPlatformPkg/dsc/fdf: add capsule generation DSC/FDF Jiewen Yao
2016-10-12 21:00 ` Kinney, Michael D
2016-10-13 0:38 ` Yao, Jiewen
2016-10-13 0:44 ` Gao, Liming
2016-10-13 0:46 ` Yao, Jiewen
2016-09-30 12:21 ` [PATCH V2 40/50] QuarkPlatformPkg/Readme: add capsule/recovery related content Jiewen Yao
2016-09-30 12:21 ` [PATCH V2 41/50] Vlv2TbltDevicePkg/dec: Add test key file guid Jiewen Yao
2016-09-30 12:22 ` [PATCH V2 42/50] Vlv2TbltDevicePkg/PlatformFlashAccessLib: Add instance for capsule update Jiewen Yao
2016-09-30 12:22 ` [PATCH V2 43/50] Vlv2TbltDevicePkg/SystemFirmwareDescriptor: Add Descriptor " Jiewen Yao
2016-09-30 12:22 ` [PATCH V2 44/50] Vlv2TbltDevicePkg/SystemFirmwareUpdateConfig: Add capsule config file Jiewen Yao
2016-09-30 12:22 ` [PATCH V2 45/50] Vlv2TbltDevicePkg/FlashDeviceLib: Add DXE flash device lib Jiewen Yao
2016-09-30 12:22 ` [PATCH V2 46/50] Vlv2TbltDevicePkg/PlatformBootManager: Add capsule/recovery handling Jiewen Yao
2016-09-30 12:22 ` [PATCH V2 47/50] Vlv2TbltDevicePkg/dsc/fdf: Add capsule/recovery support Jiewen Yao
2016-09-30 12:22 ` [PATCH V2 48/50] Vlv2TbltDevicePkg/dsc/fdf: add capsule generation DSC/FDF Jiewen Yao
2016-09-30 12:22 ` [PATCH V2 49/50] Vlv2TbltDevicePkg/bat: add capsule generation in bat Jiewen Yao
2016-09-30 12:22 ` [PATCH V2 50/50] Vlv2TbltDevicePkg/Build: Add capsule/recovery in help info Jiewen Yao
2016-09-30 12:32 ` [PATCH V2 00/50] Add capsule update and recovery sample Yao, Jiewen
2016-10-10 21:22 ` Sean Brogan
2016-10-10 23:25 ` Yao, Jiewen
2016-10-11 8:43 ` Sean Brogan
2016-10-11 14:43 ` Yao, Jiewen
2016-10-10 23:29 ` Kinney, Michael D
2016-10-11 8:33 ` Sean Brogan
2016-10-11 15:00 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1475238128-22448-21-git-send-email-jiewen.yao@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox