* [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr
@ 2018-03-12 19:30 Kinney, Michael D
2018-03-12 19:30 ` [Patch 1/5] BaseTools/BinToPcd: Add support for multiple binary input files Kinney, Michael D
` (5 more replies)
0 siblings, 6 replies; 9+ messages in thread
From: Kinney, Michael D @ 2018-03-12 19:30 UTC (permalink / raw)
To: edk2-devel
Cc: Sean Brogan, Yonghong Zhu, Liming Gao, Chao Zhang, Jiewen Yao,
Kelly Steele, David Wei, Mang Guo, Michael D Kinney
https://bugzilla.tianocore.org/show_bug.cgi?id=890
https://bugzilla.tianocore.org/show_bug.cgi?id=891
* Update BinToPcd to support multiple one or more -i INPUTFILE arguments
* Update BinToPcd to support -x, --xdr flags to encode PCD using the
Variable-Length Opaque Data of RFC 4506 External Data Representation
Standard (XDR).
* Add PcdPkcs7CertBufferXdr that supports one or more PKCS7 certificates
encoded using the Variable-Length Opaque Data format of RFC 4506 External
Data Representation Standard (XDR).
* Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate
capsules.
* Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
of the test key.
Branch for review:
https://github.com/mdkinney/edk2/tree/Bug_890_891_BinToPcdMultipleInputFiles
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Kinney, Michael D (4):
BaseTools/BinToPcd: Add support for multiple binary input files
SecurityPkg: Add PcdPkcs7CertBufferXdr
SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr
QuarkPlatformPkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr
Michael D Kinney (1):
Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr
BaseTools/Scripts/BinToPcd.py | 83 ++++++++++++++--------
.../PlatformBootManagerLib/PlatformBootManager.c | 51 ++++++++++++-
.../PlatformBootManagerLib.inf | 3 +-
SecurityPkg/SecurityPkg.dec | 8 +++
SecurityPkg/SecurityPkg.uni | 6 ++
.../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | 77 +++++++++++++++++---
.../EdkiiSystemCapsuleLib.inf | 3 +-
.../Library/PlatformBdsLib/BdsPlatform.c | 57 ++++++++++++++-
.../Library/PlatformBdsLib/PlatformBdsLib.inf | 22 +++---
9 files changed, 258 insertions(+), 52 deletions(-)
--
2.14.2.windows.3
^ permalink raw reply [flat|nested] 9+ messages in thread* [Patch 1/5] BaseTools/BinToPcd: Add support for multiple binary input files 2018-03-12 19:30 [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Kinney, Michael D @ 2018-03-12 19:30 ` Kinney, Michael D 2018-03-12 19:30 ` [Patch 2/5] SecurityPkg: Add PcdPkcs7CertBufferXdr Kinney, Michael D ` (4 subsequent siblings) 5 siblings, 0 replies; 9+ messages in thread From: Kinney, Michael D @ 2018-03-12 19:30 UTC (permalink / raw) To: edk2-devel; +Cc: Yonghong Zhu, Liming Gao, Michael D Kinney https://bugzilla.tianocore.org/show_bug.cgi?id=890 There are use cases where a VOID * PCD needs to be generated from multiple binary input files. This can be in the form of an array of fixed size elements or a set of variable sized elements. Update BinToPcd to support multiple one or more -i INPUTFILE arguments. By default, the contents of each binary input file are concatenated in the order provided. This supports generating a PCD that is an array of fixed size elements Add -x, --xdr flags to BinToPcd to encodes the PCD using the Variable-Length Opaque Data of RFC 4506 External Data Representation Standard (XDR). https://tools.ietf.org/html/rfc4506 https://tools.ietf.org/html/rfc4506#section-4.10 The data format from RFC 4506 meets the requirements for a PCD that is a set of variable sized elements in the Variable-Length Opaque Data format. The overhead of this format is a 32-bit length and 0 to 3 bytes of padding to align the next element at a 32-bit boundary. Cc: Yonghong Zhu <yonghong.zhu@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> --- BaseTools/Scripts/BinToPcd.py | 83 ++++++++++++++++++++++++++++--------------- 1 file changed, 54 insertions(+), 29 deletions(-) diff --git a/BaseTools/Scripts/BinToPcd.py b/BaseTools/Scripts/BinToPcd.py index 68a7ac652d..f2485a27fa 100644 --- a/BaseTools/Scripts/BinToPcd.py +++ b/BaseTools/Scripts/BinToPcd.py @@ -1,7 +1,7 @@ ## @file # Convert a binary file to a VOID* PCD value or DSC file VOID* PCD statement. # -# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -18,14 +18,15 @@ BinToPcd import sys import argparse import re +import xdrlib # # Globals for help information # __prog__ = 'BinToPcd' -__version__ = '%s Version %s' % (__prog__, '0.9 ') -__copyright__ = 'Copyright (c) 2016, Intel Corporation. All rights reserved.' -__description__ = 'Convert a binary file to a VOID* PCD value or DSC file VOID* PCD statement.\n' +__version__ = '%s Version %s' % (__prog__, '0.91 ') +__copyright__ = 'Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.' +__description__ = 'Convert one or more binary files to a VOID* PCD value or DSC file VOID* PCD statement.\n' if __name__ == '__main__': def ValidateUnsignedInteger (Argument): @@ -50,21 +51,35 @@ if __name__ == '__main__': Message = '%s is not a valid GUID C name' % (Argument) raise argparse.ArgumentTypeError(Message) return Argument - - def ByteArray (Buffer): + + def ByteArray (Buffer, Xdr = False): + if Xdr: + # + # If Xdr flag is set then encode data using the Variable-Length Opaque + # Data format of RFC 4506 External Data Representation Standard (XDR). + # + XdrEncoder = xdrlib.Packer() + for Item in Buffer: + XdrEncoder.pack_bytes(Item) + Buffer = XdrEncoder.get_buffer() + else: + # + # If Xdr flag is not set, then concatenate all the data + # + Buffer = ''.join(Buffer) # - # Append byte array of values of the form '{0x01, 0x02, ...}' + # Return a PCD value of the form '{0x01, 0x02, ...}' along with the PCD length in bytes # - return '{%s}' % (', '.join(['0x%02x' % (ord(Item)) for Item in Buffer])) - + return '{%s}' % (', '.join(['0x%02x' % (ord(Item)) for Item in Buffer])), len (Buffer) + # # Create command line argument parser object # parser = argparse.ArgumentParser(prog = __prog__, version = __version__, description = __description__ + __copyright__, conflict_handler = 'resolve') - parser.add_argument("-i", "--input", dest = 'InputFile', type = argparse.FileType('rb'), - help = "Input binary filename", required = True) + parser.add_argument("-i", "--input", dest = 'InputFile', type = argparse.FileType('rb'), action='append', required = True, + help = "Input binary filename. Multiple input files are combined into a single PCD.") parser.add_argument("-o", "--output", dest = 'OutputFile', type = argparse.FileType('wb'), help = "Output filename for PCD value or PCD statement") parser.add_argument("-p", "--pcd", dest = 'PcdName', type = ValidatePcdName, @@ -79,6 +94,8 @@ if __name__ == '__main__': help = "UEFI variable name. Only used with --type HII.") parser.add_argument("-g", "--variable-guid", type = ValidateGuidName, dest = 'VariableGuid', help = "UEFI variable GUID C name. Only used with --type HII.") + parser.add_argument("-x", "--xdr", dest = 'Xdr', action = "store_true", + help = "Encode PCD using the Variable-Length Opaque Data format of RFC 4506 External Data Representation Standard (XDR)") parser.add_argument("-v", "--verbose", dest = 'Verbose', action = "store_true", help = "Increase output messages") parser.add_argument("-q", "--quiet", dest = 'Quiet', action = "store_true", @@ -92,14 +109,22 @@ if __name__ == '__main__': args = parser.parse_args() # - # Read binary input file + # Read all binary input files # - try: - Buffer = args.InputFile.read() - args.InputFile.close() - except: - print 'BinToPcd: error: can not read binary input file' - sys.exit() + Buffer = [] + for File in args.InputFile: + try: + Buffer.append(File.read()) + File.close() + except: + print 'BinToPcd: error: can not read binary input file', File + sys.exit() + + # + # Convert PCD to an encoded string of hex values and determine the size of + # the encoded PCD in bytes. + # + PcdValue, PcdSize = ByteArray (Buffer, args.Xdr) # # Convert binary buffer to a DSC file PCD statement @@ -107,7 +132,8 @@ if __name__ == '__main__': if args.PcdName is None: # # If PcdName is None, then only a PCD value is being requested. - Pcd = ByteArray (Buffer) + # + Pcd = PcdValue if args.Verbose: print 'PcdToBin: Convert binary file to PCD Value' elif args.PcdType is None: @@ -121,14 +147,13 @@ if __name__ == '__main__': # If --max-size is not provided, then do not generate the syntax that # includes the maximum size. # - Pcd = ' %s|%s' % (args.PcdName, ByteArray (Buffer)) - elif args.MaxSize < len(Buffer): + Pcd = ' %s|%s' % (args.PcdName, PcdValue) + elif args.MaxSize < PcdSize: print 'BinToPcd: error: argument --max-size is smaller than input file.' sys.exit() else: - Pcd = ' %s|%s|VOID*|%d' % (args.PcdName, ByteArray (Buffer), args.MaxSize) - args.MaxSize = len(Buffer) - + Pcd = ' %s|%s|VOID*|%d' % (args.PcdName, PcdValue, args.MaxSize) + if args.Verbose: print 'PcdToBin: Convert binary file to PCD statement compatible with PCD sections:' print ' [PcdsFixedAtBuild]' @@ -141,8 +166,8 @@ if __name__ == '__main__': # If --max-size is not provided, then set maximum size to the size of the # binary input file # - args.MaxSize = len(Buffer) - if args.MaxSize < len(Buffer): + args.MaxSize = PcdSize + if args.MaxSize < PcdSize: print 'BinToPcd: error: argument --max-size is smaller than input file.' sys.exit() if args.Offset is None: @@ -150,12 +175,12 @@ if __name__ == '__main__': # if --offset is not provided, then set offset field to '*' so build # tools will compute offset of PCD in VPD region. # - Pcd = ' %s|*|%d|%s' % (args.PcdName, args.MaxSize, ByteArray (Buffer)) + Pcd = ' %s|*|%d|%s' % (args.PcdName, args.MaxSize, PcdValue) else: # # Use the --offset value provided. # - Pcd = ' %s|%d|%d|%s' % (args.PcdName, args.Offset, args.MaxSize, ByteArray (Buffer)) + Pcd = ' %s|%d|%d|%s' % (args.PcdName, args.Offset, args.MaxSize, PcdValue) if args.Verbose: print 'PcdToBin: Convert binary file to PCD statement compatible with PCD sections' print ' [PcdsDynamicVpd]' @@ -172,7 +197,7 @@ if __name__ == '__main__': # Use UEFI Variable offset of 0 if --offset is not provided # args.Offset = 0 - Pcd = ' %s|L"%s"|%s|%d|%s' % (args.PcdName, args.VariableName, args.VariableGuid, args.Offset, ByteArray (Buffer)) + Pcd = ' %s|L"%s"|%s|%d|%s' % (args.PcdName, args.VariableName, args.VariableGuid, args.Offset, PcdValue) if args.Verbose: print 'PcdToBin: Convert binary file to PCD statement compatible with PCD sections' print ' [PcdsDynamicHii]' -- 2.14.2.windows.3 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Patch 2/5] SecurityPkg: Add PcdPkcs7CertBufferXdr 2018-03-12 19:30 [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Kinney, Michael D 2018-03-12 19:30 ` [Patch 1/5] BaseTools/BinToPcd: Add support for multiple binary input files Kinney, Michael D @ 2018-03-12 19:30 ` Kinney, Michael D 2018-03-12 19:30 ` [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr Kinney, Michael D ` (3 subsequent siblings) 5 siblings, 0 replies; 9+ messages in thread From: Kinney, Michael D @ 2018-03-12 19:30 UTC (permalink / raw) To: edk2-devel; +Cc: Sean Brogan, Chao Zhang, Jiewen Yao, Michael D Kinney https://bugzilla.tianocore.org/show_bug.cgi?id=891 Add PcdPkcs7CertBufferXdr that supports one or more PKCS7 certificates encoded using the Variable-Length Opaque Data format of RFC 4506 External Data Representation Standard (XDR). https://tools.ietf.org/html/rfc4506 https://tools.ietf.org/html/rfc4506#section-4.10 The default value for this new PCD is {0}. The enhancements to the BaseTools BinToPcd tool can be used to generate a PCD from multiple input certificate files. https://bugzilla.tianocore.org/show_bug.cgi?id=890 Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> --- SecurityPkg/SecurityPkg.dec | 8 ++++++++ SecurityPkg/SecurityPkg.uni | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 77d6b073d4..bafc7dddaa 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -411,6 +411,14 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] # gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer|{0x30, 0x82, 0x03, 0xec, 0x30, 0x82, 0x02, 0xd4, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xc0, 0x91, 0xc5, 0xe2, 0xb7, 0x66, 0xc0, 0xf8, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x82, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x54, 0x69, 0x61, 0x6e, 0x6f, 0x43, 0x6f, 0x72, 0x65, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x05, 0x45, 0x44, 0x4b, 0x49, 0x49, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x65, 0x64, 0x6b, 0x69, 0x69, 0x40, 0x74, 0x69, 0x61, 0x6e, 0x6f, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x34, 0x31, 0x30, 0x30, 0x38, 0x32, 0x37, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x35, 0x31, 0x30, 0x30, 0x38, 0x32, 0x37, 0x34, 0x30, 0x5a, 0x30, 0x81, 0x82, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x54, 0x69, 0x61, 0x6e, 0x6f, 0x43, 0x6f, 0x72, 0x65, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x05, 0x45, 0x44, 0x4b, 0x49, 0x49, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x65, 0x64, 0x6b, 0x69, 0x69, 0x40, 0x74, 0x69, 0x61, 0x6e, 0x6f, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb9, 0x29, 0x29, 0x6c, 0x60, 0x0c, 0xd7, 0x23, 0xf6, 0x7d, 0xee, 0xf0, 0x62, 0xff, 0xd9, 0xc9, 0xaa, 0x55, 0x8c, 0x81, 0x95, 0x56, 0x3f, 0xb7, 0x56, 0x53, 0xb0, 0xc2, 0x82, 0x12, 0xc5, 0x3b, 0x75, 0x23, 0xb9, 0x4d, 0xd6, 0xc4, 0x55, 0x73, 0xf3, 0xaa, 0x95, 0xa8, 0x1b, 0xf3, 0x93, 0x7e, 0x9e, 0x40, 0xe4, 0x1d, 0x22, 0x9c, 0x93, 0x07, 0x0b, 0xd7, 0xaa, 0x5b, 0xd7, 0xe4, 0x1a, 0x21, 0x84, 0xd7, 0x63, 0x59, 0x03, 0x50, 0x1f, 0xf5, 0x14, 0x55, 0x93, 0x91, 0x9b, 0xf5, 0x52, 0xb0, 0xbf, 0x0e, 0x5c, 0x68, 0x3b, 0x59, 0x52, 0x98, 0x96, 0x56, 0xe1, 0xab, 0xc4, 0x43, 0xbb, 0x05, 0x57, 0x78, 0x45, 0x01, 0x9f, 0x58, 0x15, 0x53, 0x0e, 0x11, 0x94, 0x2f, 0x0e, 0xf1, 0xa6, 0x19, 0xa2, 0x6e, 0x86, 0x39, 0x2b, 0x33, 0x8d, 0xc7, 0xc5, 0xeb, 0xee, 0x1e, 0x33, 0xd3, 0x32, 0x94, 0xc1, 0x59, 0xc4, 0x0c, 0x97, 0x0b, 0x12, 0x48, 0x5f, 0x33, 0xf6, 0x60, 0x74, 0x7d, 0x57, 0xc2, 0x13, 0x2d, 0x7d, 0xa9, 0x87, 0xa3, 0x35, 0xea, 0x91, 0x83, 0x3f, 0x67, 0x7a, 0x92, 0x1f, 0x01, 0x53, 0x9f, 0x62, 0x5f, 0x99, 0x12, 0xfd, 0x73, 0x1b, 0x2d, 0x9e, 0x2b, 0x6c, 0x34, 0x49, 0xaf, 0x4f, 0x07, 0x8f, 0xc0, 0xe9, 0x6b, 0x9e, 0x5f, 0x79, 0x35, 0xda, 0x2a, 0x5c, 0x88, 0xee, 0xf6, 0x48, 0x61, 0xda, 0x96, 0xe3, 0x48, 0x46, 0xa0, 0x94, 0x1c, 0x9d, 0xf6, 0x5c, 0x87, 0x0e, 0xef, 0x74, 0x09, 0x91, 0x0d, 0x3d, 0x5a, 0xe7, 0xc5, 0x4c, 0x8a, 0x7a, 0xac, 0xa1, 0x85, 0xb6, 0x67, 0x44, 0x17, 0x55, 0x52, 0x3a, 0xe8, 0x11, 0x4d, 0x58, 0xa2, 0x93, 0x00, 0x62, 0xea, 0x7b, 0x80, 0xed, 0xcf, 0xbd, 0xdf, 0x75, 0x80, 0x4b, 0xb9, 0x65, 0x63, 0xad, 0x0b, 0x4d, 0x74, 0xfa, 0x59, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x16, 0xaa, 0xd6, 0x8e, 0x1b, 0x2d, 0x43, 0xf3, 0x2d, 0xb0, 0x24, 0xad, 0x36, 0x65, 0x3f, 0xb2, 0xfa, 0xb1, 0x2c, 0xed, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x16, 0xaa, 0xd6, 0x8e, 0x1b, 0x2d, 0x43, 0xf3, 0x2d, 0xb0, 0x24, 0xad, 0x36, 0x65, 0x3f, 0xb2, 0xfa, 0xb1, 0x2c, 0xed, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x95, 0xde, 0xdf, 0xa4, 0x14, 0xdb, 0x92, 0x22, 0x78, 0x1a, 0xbd, 0x31, 0x9d, 0x1e, 0xd7, 0x2f, 0x0a, 0x10, 0x11, 0x5d, 0x74, 0x61, 0xe8, 0x30, 0xc4, 0xf3, 0x15, 0xe9, 0x30, 0x54, 0xf4, 0xbb, 0x0c, 0x04, 0x78, 0x13, 0x5d, 0x2c, 0xdd, 0x8c, 0x92, 0x90, 0xd1, 0x9c, 0xd0, 0xd0, 0x18, 0xa3, 0xa3, 0xfc, 0x8c, 0x28, 0x5a, 0xd4, 0x91, 0x4d, 0x08, 0xc3, 0xf6, 0x1a, 0xc8, 0xdd, 0xa6, 0x08, 0x58, 0xe2, 0x15, 0x95, 0xfb, 0x2d, 0x2d, 0x8a, 0xb1, 0x30, 0x80, 0xbd, 0x9a, 0xb6, 0xe1, 0x2c, 0x20, 0x3e, 0xdd, 0xc4, 0xc7, 0x55, 0x65, 0xcf, 0x28, 0x17, 0xf4, 0xee, 0xda, 0xbe, 0x77, 0x70, 0xd5, 0x52, 0xd6, 0x15, 0x7a, 0xfb, 0xad, 0xaf, 0xfd, 0xd5, 0x45, 0x90, 0x5a, 0xe6, 0x31, 0x42, 0xd7, 0x84, 0xb3, 0x49, 0x56, 0x6a, 0xd3, 0x47, 0xf3, 0xbf, 0x68, 0x60, 0x8b, 0x0f, 0xe2, 0xaf, 0xf4, 0xe3, 0xec, 0x12, 0xb9, 0xe2, 0x3a, 0x16, 0x11, 0x4e, 0x4d, 0x73, 0x79, 0xaf, 0x47, 0x85, 0x4c, 0x76, 0x26, 0x9e, 0x8b, 0x32, 0xc0, 0x8e, 0xc2, 0xdc, 0x27, 0xa6, 0xef, 0xac, 0x93, 0x9e, 0xa1, 0x5e, 0xcf, 0x34, 0x45, 0xe0, 0x2a, 0xc7, 0x9d, 0x4d, 0xd7, 0xd7, 0x37, 0x72, 0x97, 0xf8, 0x58, 0xf9, 0xb6, 0x35, 0x48, 0xf1, 0xd1, 0x0a, 0x72, 0x7f, 0xfd, 0x4d, 0x7c, 0xe9, 0xcc, 0xd8, 0x48, 0x1b, 0x49, 0x52, 0x53, 0xde, 0x51, 0x01, 0x53, 0x35, 0xbc, 0x90, 0xcd, 0x8c, 0x8a, 0xcc, 0x43, 0x20, 0xa7, 0x45, 0xff, 0x2b, 0x55, 0xb0, 0x8b, 0x2d, 0xff, 0x55, 0x15, 0x4b, 0x84, 0xd0, 0xc3, 0xd3, 0x90, 0x9c, 0x94, 0x4b, 0x55, 0xd5, 0x62, 0xea, 0x22, 0xab, 0x62, 0x68, 0xdd, 0x53, 0xc6, 0xdc, 0xa5, 0xdd, 0x9a, 0x2d, 0x8e, 0x79, 0x7c, 0x2e, 0x9c, 0xe4, 0x66, 0x80, 0x8c, 0x1d}|VOID*|0x00010014 + ## Provides one or more PKCS7 certs used to verify Recovery and Capsule Update images. + # This PCD is encoded using the Variable-Length Opaque Data format of RFC 4506 + # External Data Representation Standard (XDR). + # The default value is empty with no keys. + # @Prompt One or more XDR encoded PKCS7 certs used to verify Recovery and Capsule Update images + # + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr|{0x0}|VOID*|0x0001001E + ## This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML). # For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB. # @Prompt Minimum length(in bytes) of the system preboot TCG event log area(LAML). diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni index aaf77269a3..90d806137a 100644 --- a/SecurityPkg/SecurityPkg.uni +++ b/SecurityPkg/SecurityPkg.uni @@ -228,6 +228,12 @@ #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBuffer_HELP #language en-US "Provides one PKCS7 cert used to verify Recovery and Capsule Update images\n" "WARNING: The default value is treated as test key. Please do not use default value in the production." +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBufferXdr_PROMPT #language en-US "One or more XDR encoded PKCS7 certs used to verify Recovery and Capsule Update imagesOne or more XDR encoded PKCS7 certs used to verify Recovery and Capsule Update images" + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBufferXdr_HELP #language en-US "Provides one or more PKCS7 certs used to verify Recovery and Capsule Update images\n" + "This PCD is encoded using the Variable-Length Opaque Data format of RFC 4506 External Data Representation Standard (XDR).\n" + "The default value is empty with no keys." + #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_PROMPT #language en-US " Initial setting of TCG2 Persistent Firmware Management Flags" #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_HELP #language en-US "This PCD defines initial setting of TCG2 Persistent Firmware Management Flags\n" -- 2.14.2.windows.3 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr 2018-03-12 19:30 [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Kinney, Michael D 2018-03-12 19:30 ` [Patch 1/5] BaseTools/BinToPcd: Add support for multiple binary input files Kinney, Michael D 2018-03-12 19:30 ` [Patch 2/5] SecurityPkg: Add PcdPkcs7CertBufferXdr Kinney, Michael D @ 2018-03-12 19:30 ` Kinney, Michael D 2018-03-15 6:36 ` Gao, Liming 2018-03-12 19:30 ` [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr Kinney, Michael D ` (2 subsequent siblings) 5 siblings, 1 reply; 9+ messages in thread From: Kinney, Michael D @ 2018-03-12 19:30 UTC (permalink / raw) To: edk2-devel; +Cc: Sean Brogan, Chao Zhang, Jiewen Yao, Michael D Kinney https://bugzilla.tianocore.org/show_bug.cgi?id=891 Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate a capsule. The capsule fails authentication if none of the certificates in PcdPkcs7CertBuffer or PcdPkcs7CertBufferXdr pass. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> --- .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | 77 +++++++++++++++++++--- .../EdkiiSystemCapsuleLib.inf | 3 +- 2 files changed, 70 insertions(+), 10 deletions(-) diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c index 876d2257b3..5217a63082 100644 --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c @@ -6,7 +6,7 @@ CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive untrusted input and do basic validation. - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -370,6 +370,8 @@ ExtractAuthenticatedImage ( GUID *CertType; VOID *PublicKeyData; UINTN PublicKeyDataLength; + UINT8 *PublicKeyDataXdr; + UINT8 *PublicKeyDataXdrEnd; DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); @@ -410,21 +412,78 @@ ExtractAuthenticatedImage ( if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) { PublicKeyData = PcdGetPtr(PcdPkcs7CertBuffer); PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer); + + ASSERT (PublicKeyData != NULL); + ASSERT (PublicKeyDataLength != 0); + + Status = AuthenticateFmpImage( + ImageAuth, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); + if (EFI_ERROR (Status)) { + PublicKeyDataXdr = PcdGetPtr (PcdPkcs7CertBufferXdr); + PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr); + + ASSERT (PublicKeyDataXdr != NULL); + ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd); + + // + // Try each key from PcdPkcs7CertBufferXdr + // + while (PublicKeyDataXdr < PublicKeyDataXdrEnd) { + if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + // + // Read key length stored in big endian format + // + PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr)); + // + // Point to the start of the key data + // + PublicKeyDataXdr += sizeof (UINT32); + if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + PublicKeyData = PublicKeyDataXdr; + Status = AuthenticateFmpImage ( + ImageAuth, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); + if (!EFI_ERROR (Status)) { + break; + } + PublicKeyDataXdr += PublicKeyDataLength; + PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32)); + } + } } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) { PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer); PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer); + + ASSERT (PublicKeyData != NULL); + ASSERT (PublicKeyDataLength != 0); + + Status = AuthenticateFmpImage( + ImageAuth, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); } else { return FALSE; } - ASSERT (PublicKeyData != NULL); - ASSERT (PublicKeyDataLength != 0); - Status = AuthenticateFmpImage( - ImageAuth, - ImageSize, - PublicKeyData, - PublicKeyDataLength - ); switch (Status) { case RETURN_SUCCESS: *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS; diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf index a721619a67..2b18d918d1 100644 --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf @@ -3,7 +3,7 @@ # # EDKII System Capsule library instance for DXE/PEI post memory phase. # -# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -52,6 +52,7 @@ [Pcd] gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr ## CONSUMES [Guids] gEdkiiSystemFirmwareImageDescriptorFileGuid ## SOMETIMES_CONSUMES ## GUID -- 2.14.2.windows.3 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr 2018-03-12 19:30 ` [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr Kinney, Michael D @ 2018-03-15 6:36 ` Gao, Liming 0 siblings, 0 replies; 9+ messages in thread From: Gao, Liming @ 2018-03-15 6:36 UTC (permalink / raw) To: Kinney, Michael D, edk2-devel@lists.01.org Cc: Kinney, Michael D, Yao, Jiewen, Zhang, Chao B Mike: The title should be SignedCapsulePkg EdkiiSystemCapsuleLib instead of SecurityPkg. > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Kinney, Michael D > Sent: Tuesday, March 13, 2018 3:30 AM > To: edk2-devel@lists.01.org > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com> > Subject: [edk2] [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr > > https://bugzilla.tianocore.org/show_bug.cgi?id=891 > > Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate > a capsule. The capsule fails authentication if none of the certificates > in PcdPkcs7CertBuffer or PcdPkcs7CertBufferXdr pass. > > Cc: Sean Brogan <sean.brogan@microsoft.com> > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> > --- > .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | 77 +++++++++++++++++++--- > .../EdkiiSystemCapsuleLib.inf | 3 +- > 2 files changed, 70 insertions(+), 10 deletions(-) > > diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > index 876d2257b3..5217a63082 100644 > --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > @@ -6,7 +6,7 @@ > CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive > untrusted input and do basic validation. > > - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> > This program and the accompanying materials > are licensed and made available under the terms and conditions of the BSD License > which accompanies this distribution. The full text of the license may be found at > @@ -370,6 +370,8 @@ ExtractAuthenticatedImage ( > GUID *CertType; > VOID *PublicKeyData; > UINTN PublicKeyDataLength; > + UINT8 *PublicKeyDataXdr; > + UINT8 *PublicKeyDataXdrEnd; > > DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); > > @@ -410,21 +412,78 @@ ExtractAuthenticatedImage ( > if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) { > PublicKeyData = PcdGetPtr(PcdPkcs7CertBuffer); > PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer); > + > + ASSERT (PublicKeyData != NULL); > + ASSERT (PublicKeyDataLength != 0); > + > + Status = AuthenticateFmpImage( > + ImageAuth, > + ImageSize, > + PublicKeyData, > + PublicKeyDataLength > + ); > + if (EFI_ERROR (Status)) { > + PublicKeyDataXdr = PcdGetPtr (PcdPkcs7CertBufferXdr); > + PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr); > + > + ASSERT (PublicKeyDataXdr != NULL); > + ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd); > + > + // > + // Try each key from PcdPkcs7CertBufferXdr > + // > + while (PublicKeyDataXdr < PublicKeyDataXdrEnd) { > + if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) { > + // > + // Key data extends beyond end of PCD > + // > + break; > + } > + // > + // Read key length stored in big endian format > + // > + PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr)); > + // > + // Point to the start of the key data > + // > + PublicKeyDataXdr += sizeof (UINT32); > + if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) { > + // > + // Key data extends beyond end of PCD > + // > + break; > + } > + PublicKeyData = PublicKeyDataXdr; > + Status = AuthenticateFmpImage ( > + ImageAuth, > + ImageSize, > + PublicKeyData, > + PublicKeyDataLength > + ); > + if (!EFI_ERROR (Status)) { > + break; > + } > + PublicKeyDataXdr += PublicKeyDataLength; > + PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32)); > + } > + } > } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) { > PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer); > PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer); > + > + ASSERT (PublicKeyData != NULL); > + ASSERT (PublicKeyDataLength != 0); > + > + Status = AuthenticateFmpImage( > + ImageAuth, > + ImageSize, > + PublicKeyData, > + PublicKeyDataLength > + ); > } else { > return FALSE; > } > - ASSERT (PublicKeyData != NULL); > - ASSERT (PublicKeyDataLength != 0); > > - Status = AuthenticateFmpImage( > - ImageAuth, > - ImageSize, > - PublicKeyData, > - PublicKeyDataLength > - ); > switch (Status) { > case RETURN_SUCCESS: > *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS; > diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf > b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf > index a721619a67..2b18d918d1 100644 > --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf > +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf > @@ -3,7 +3,7 @@ > # > # EDKII System Capsule library instance for DXE/PEI post memory phase. > # > -# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> > +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> > # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the BSD License > # which accompanies this distribution. The full text of the license may be found at > @@ -52,6 +52,7 @@ [Pcd] > gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid ## CONSUMES > gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer ## CONSUMES > gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer ## CONSUMES > + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr ## CONSUMES > > [Guids] > gEdkiiSystemFirmwareImageDescriptorFileGuid ## SOMETIMES_CONSUMES ## GUID > -- > 2.14.2.windows.3 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr 2018-03-12 19:30 [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Kinney, Michael D ` (2 preceding siblings ...) 2018-03-12 19:30 ` [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr Kinney, Michael D @ 2018-03-12 19:30 ` Kinney, Michael D 2018-03-15 2:20 ` Wei, David 2018-03-12 19:30 ` [Patch 5/5] QuarkPlatformPkg/PlatformBootManagerLib: " Kinney, Michael D 2018-03-14 15:29 ` [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Steele, Kelly 5 siblings, 1 reply; 9+ messages in thread From: Kinney, Michael D @ 2018-03-12 19:30 UTC (permalink / raw) To: edk2-devel; +Cc: Michael D Kinney, Sean Brogan, David Wei, Mang Guo From: Michael D Kinney <michael.d.kinney@intel.com> https://bugzilla.tianocore.org/show_bug.cgi?id=891 Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use of the test key. If the test key is found in either PCD, then the warning messages for the use of a test key must be presented. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: David Wei <david.wei@intel.com> Cc: Mang Guo <mang.guo@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> --- .../Library/PlatformBdsLib/BdsPlatform.c | 57 +++++++++++++++++++++- .../Library/PlatformBdsLib/PlatformBdsLib.inf | 22 +++++---- 2 files changed, 68 insertions(+), 11 deletions(-) diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c index 7f91777ea1..4aac7a2487 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c @@ -1,6 +1,6 @@ /** @file - Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. @@ -2417,6 +2417,10 @@ ShowProgressHotKey ( UINTN TmpStrSize; VOID *Buffer; UINTN Size; + VOID *PublicKeyData; + UINTN PublicKeyDataLength; + UINT8 *PublicKeyDataXdr; + UINT8 *PublicKeyDataXdrEnd; if (TimeoutDefault == 0) { return EFI_TIMEOUT; @@ -2484,6 +2488,57 @@ ShowProgressHotKey ( } PcdSetBoolS(PcdTestKeyUsed, TRUE); } + + // + // Make sure none of the keys in PcdPkcs7CertBufferXdr match the test key + // + PublicKeyDataXdr = PcdGetPtr (PcdPkcs7CertBufferXdr); + PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr); + + ASSERT (PublicKeyDataXdr != NULL); + ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd); + + // + // Try each key from PcdPkcs7CertBufferXdr + // + while (PublicKeyDataXdr < PublicKeyDataXdrEnd) { + if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + // + // Read key length stored in big endian format + // + PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr)); + // + // Point to the start of the key data + // + PublicKeyDataXdr += sizeof (UINT32); + if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + PublicKeyData = PublicKeyDataXdr; + + if ((Size == PublicKeyDataLength) && + (CompareMem(Buffer, PublicKeyData, Size) == 0)) { + TmpStr3 = L"WARNING: Capsule Test Key is used.\r\n"; + if (DebugAssertEnabled()) { + DEBUG ((DEBUG_INFO, "\n\nWARNING: Capsule Test Key is used.\r\n")); + } else { + SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.", sizeof("\n\nWARNING: Capsule Test Key is used.")); + } + PcdSetBoolS(PcdTestKeyUsed, TRUE); + } + + PublicKeyDataXdr += PublicKeyDataLength; + PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32)); + } + FreePool(Buffer); } diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf index 7512556bb7..9f84d7b2e0 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf @@ -1,16 +1,17 @@ #/** @file # Component name for module PlatformBootManagerLib # -# Copyright (c) 2008 - 2016, Intel Corporation. All rights reserved.<BR> -# -# This program and the accompanying materials are licensed and made available under -# the terms and conditions of the BSD License that accompanies this distribution. -# The full text of the license may be found at -# http://opensource.org/licenses/bsd-license.php. -# -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -# +# Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.<BR> +# +# This program and the accompanying materials are licensed and made available under +# the terms and conditions of the BSD License that accompanies this distribution. +# The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# + +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# # # # @@ -108,6 +109,7 @@ [Pcd] gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed gPlatformModuleTokenSpaceGuid.PcdFlashFvRecovery2Base gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase -- 2.14.2.windows.3 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr 2018-03-12 19:30 ` [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr Kinney, Michael D @ 2018-03-15 2:20 ` Wei, David 0 siblings, 0 replies; 9+ messages in thread From: Wei, David @ 2018-03-15 2:20 UTC (permalink / raw) To: Kinney, Michael D, edk2-devel@lists.01.org Reviewed-by: david wei <david.wei@intel.com> Thanks, David Wei Intel SSG/STO/UEFI BIOS -----Original Message----- From: Kinney, Michael D Sent: Tuesday, March 13, 2018 3:30 AM To: edk2-devel@lists.01.org Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>; Wei, David <david.wei@intel.com>; Guo, Mang <mang.guo@intel.com> Subject: [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr From: Michael D Kinney <michael.d.kinney@intel.com> https://bugzilla.tianocore.org/show_bug.cgi?id=891 Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use of the test key. If the test key is found in either PCD, then the warning messages for the use of a test key must be presented. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: David Wei <david.wei@intel.com> Cc: Mang Guo <mang.guo@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> --- .../Library/PlatformBdsLib/BdsPlatform.c | 57 +++++++++++++++++++++- .../Library/PlatformBdsLib/PlatformBdsLib.inf | 22 +++++---- 2 files changed, 68 insertions(+), 11 deletions(-) diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c index 7f91777ea1..4aac7a2487 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c @@ -1,6 +1,6 @@ /** @file - Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. @@ -2417,6 +2417,10 @@ ShowProgressHotKey ( UINTN TmpStrSize; VOID *Buffer; UINTN Size; + VOID *PublicKeyData; + UINTN PublicKeyDataLength; + UINT8 *PublicKeyDataXdr; + UINT8 *PublicKeyDataXdrEnd; if (TimeoutDefault == 0) { return EFI_TIMEOUT; @@ -2484,6 +2488,57 @@ ShowProgressHotKey ( } PcdSetBoolS(PcdTestKeyUsed, TRUE); } + + // + // Make sure none of the keys in PcdPkcs7CertBufferXdr match the test key + // + PublicKeyDataXdr = PcdGetPtr (PcdPkcs7CertBufferXdr); + PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr); + + ASSERT (PublicKeyDataXdr != NULL); + ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd); + + // + // Try each key from PcdPkcs7CertBufferXdr + // + while (PublicKeyDataXdr < PublicKeyDataXdrEnd) { + if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + // + // Read key length stored in big endian format + // + PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr)); + // + // Point to the start of the key data + // + PublicKeyDataXdr += sizeof (UINT32); + if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + PublicKeyData = PublicKeyDataXdr; + + if ((Size == PublicKeyDataLength) && + (CompareMem(Buffer, PublicKeyData, Size) == 0)) { + TmpStr3 = L"WARNING: Capsule Test Key is used.\r\n"; + if (DebugAssertEnabled()) { + DEBUG ((DEBUG_INFO, "\n\nWARNING: Capsule Test Key is used.\r\n")); + } else { + SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.", sizeof("\n\nWARNING: Capsule Test Key is used.")); + } + PcdSetBoolS(PcdTestKeyUsed, TRUE); + } + + PublicKeyDataXdr += PublicKeyDataLength; + PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32)); + } + FreePool(Buffer); } diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf index 7512556bb7..9f84d7b2e0 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf @@ -1,16 +1,17 @@ #/** @file # Component name for module PlatformBootManagerLib # -# Copyright (c) 2008 - 2016, Intel Corporation. All rights reserved.<BR> -# -# This program and the accompanying materials are licensed and made available under -# the terms and conditions of the BSD License that accompanies this distribution. -# The full text of the license may be found at -# http://opensource.org/licenses/bsd-license.php. -# -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -# +# Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.<BR> +# +# This program and the accompanying materials are licensed and made available under +# the terms and conditions of the BSD License that accompanies this distribution. +# The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# + +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# # # # @@ -108,6 +109,7 @@ [Pcd] gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed gPlatformModuleTokenSpaceGuid.PcdFlashFvRecovery2Base gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase -- 2.14.2.windows.3 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Patch 5/5] QuarkPlatformPkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr 2018-03-12 19:30 [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Kinney, Michael D ` (3 preceding siblings ...) 2018-03-12 19:30 ` [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr Kinney, Michael D @ 2018-03-12 19:30 ` Kinney, Michael D 2018-03-14 15:29 ` [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Steele, Kelly 5 siblings, 0 replies; 9+ messages in thread From: Kinney, Michael D @ 2018-03-12 19:30 UTC (permalink / raw) To: edk2-devel; +Cc: Sean Brogan, Kelly Steele, Jiewen Yao, Michael D Kinney https://bugzilla.tianocore.org/show_bug.cgi?id=891 Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use of the test key. If the test key is found in either PCD, then the warning messages for the use of a test key must be presented. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> --- .../PlatformBootManagerLib/PlatformBootManager.c | 51 +++++++++++++++++++++- .../PlatformBootManagerLib.inf | 3 +- 2 files changed, 52 insertions(+), 2 deletions(-) diff --git a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c index 53391c6077..829f852b61 100644 --- a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c +++ b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c @@ -2,7 +2,7 @@ This file include all platform action which can be customized by IBV/OEM. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR> +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -347,6 +347,10 @@ PlatformBootManagerAfterConsole ( ESRT_MANAGEMENT_PROTOCOL *EsrtManagement; VOID *Buffer; UINTN Size; + VOID *PublicKeyData; + UINTN PublicKeyDataLength; + UINT8 *PublicKeyDataXdr; + UINT8 *PublicKeyDataXdrEnd; Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement); if (EFI_ERROR(Status)) { @@ -433,6 +437,51 @@ PlatformBootManagerAfterConsole ( Print(L"WARNING: Capsule Test Key is used.\n"); PcdSetBoolS(PcdTestKeyUsed, TRUE); } + + // + // Make sure none of the keys in PcdPkcs7CertBufferXdr match the test key + // + PublicKeyDataXdr = PcdGetPtr (PcdPkcs7CertBufferXdr); + PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr); + + ASSERT (PublicKeyDataXdr != NULL); + ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd); + + // + // Try each key from PcdPkcs7CertBufferXdr + // + while (PublicKeyDataXdr < PublicKeyDataXdrEnd) { + if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + // + // Read key length stored in big endian format + // + PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr)); + // + // Point to the start of the key data + // + PublicKeyDataXdr += sizeof (UINT32); + if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + PublicKeyData = PublicKeyDataXdr; + if ((Size == PublicKeyDataLength) && + (CompareMem(Buffer, PublicKeyData, Size) == 0)) { + Print(L"WARNING: Capsule Test Key is used.\n"); + PcdSetBoolS(PcdTestKeyUsed, TRUE); + } + + PublicKeyDataXdr += PublicKeyDataLength; + PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32)); + } + FreePool(Buffer); } diff --git a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index 25394d8ca0..95a65ca88a 100644 --- a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -1,7 +1,7 @@ ## @file # Include all platform action which can be customized by IBV/OEM. # -# Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR> # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -85,5 +85,6 @@ [Pcd] gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed -- 2.14.2.windows.3 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr 2018-03-12 19:30 [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Kinney, Michael D ` (4 preceding siblings ...) 2018-03-12 19:30 ` [Patch 5/5] QuarkPlatformPkg/PlatformBootManagerLib: " Kinney, Michael D @ 2018-03-14 15:29 ` Steele, Kelly 5 siblings, 0 replies; 9+ messages in thread From: Steele, Kelly @ 2018-03-14 15:29 UTC (permalink / raw) To: Kinney, Michael D, edk2-devel@lists.01.org Cc: Sean Brogan, Zhu, Yonghong, Gao, Liming, Zhang, Chao B, Yao, Jiewen, Wei, David, Guo, Mang Reviewed-by: Kelly Steele <Kelly.steele@intel.com> Thanks, Kelly > -----Original Message----- > From: Kinney, Michael D > Sent: March 12, 2018 12:30 > To: edk2-devel@lists.01.org > Cc: Sean Brogan <sean.brogan@microsoft.com>; Zhu, Yonghong > <yonghong.zhu@intel.com>; Gao, Liming <liming.gao@intel.com>; Zhang, > Chao B <chao.b.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; > Steele, Kelly <kelly.steele@intel.com>; Wei, David <david.wei@intel.com>; > Guo, Mang <mang.guo@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com> > Subject: [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr > > https://bugzilla.tianocore.org/show_bug.cgi?id=890 > https://bugzilla.tianocore.org/show_bug.cgi?id=891 > > * Update BinToPcd to support multiple one or more -i INPUTFILE arguments > * Update BinToPcd to support -x, --xdr flags to encode PCD using the > Variable-Length Opaque Data of RFC 4506 External Data Representation > Standard (XDR). > * Add PcdPkcs7CertBufferXdr that supports one or more PKCS7 certificates > encoded using the Variable-Length Opaque Data format of RFC 4506 > External > Data Representation Standard (XDR). > * Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate > capsules. > * Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use > of the test key. > > Branch for review: > https://github.com/mdkinney/edk2/tree/Bug_890_891_BinToPcdMultipleIn > putFiles > > Cc: Sean Brogan <sean.brogan@microsoft.com> > Cc: Yonghong Zhu <yonghong.zhu@intel.com> > Cc: Liming Gao <liming.gao@intel.com> > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Kelly Steele <kelly.steele@intel.com> > Cc: David Wei <david.wei@intel.com> > Cc: Mang Guo <mang.guo@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> > > Kinney, Michael D (4): > BaseTools/BinToPcd: Add support for multiple binary input files > SecurityPkg: Add PcdPkcs7CertBufferXdr > SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr > QuarkPlatformPkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr > > Michael D Kinney (1): > Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr > > BaseTools/Scripts/BinToPcd.py | 83 ++++++++++++++-------- > .../PlatformBootManagerLib/PlatformBootManager.c | 51 ++++++++++++- > .../PlatformBootManagerLib.inf | 3 +- > SecurityPkg/SecurityPkg.dec | 8 +++ > SecurityPkg/SecurityPkg.uni | 6 ++ > .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | 77 > +++++++++++++++++--- > .../EdkiiSystemCapsuleLib.inf | 3 +- > .../Library/PlatformBdsLib/BdsPlatform.c | 57 ++++++++++++++- > .../Library/PlatformBdsLib/PlatformBdsLib.inf | 22 +++--- > 9 files changed, 258 insertions(+), 52 deletions(-) > > -- > 2.14.2.windows.3 ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-03-15 6:30 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-03-12 19:30 [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Kinney, Michael D 2018-03-12 19:30 ` [Patch 1/5] BaseTools/BinToPcd: Add support for multiple binary input files Kinney, Michael D 2018-03-12 19:30 ` [Patch 2/5] SecurityPkg: Add PcdPkcs7CertBufferXdr Kinney, Michael D 2018-03-12 19:30 ` [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr Kinney, Michael D 2018-03-15 6:36 ` Gao, Liming 2018-03-12 19:30 ` [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr Kinney, Michael D 2018-03-15 2:20 ` Wei, David 2018-03-12 19:30 ` [Patch 5/5] QuarkPlatformPkg/PlatformBootManagerLib: " Kinney, Michael D 2018-03-14 15:29 ` [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Steele, Kelly
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox