* [edk2-devel] [PATCH v2 0/2] MdePkg: Add UEFI 2.10 DeviceAuthentication
@ 2024-03-06 3:23 Wenxing Hou
2024-03-06 3:23 ` [edk2-devel] [PATCH v2 1/2] " Wenxing Hou
2024-03-06 3:23 ` [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec Wenxing Hou
0 siblings, 2 replies; 5+ messages in thread
From: Wenxing Hou @ 2024-03-06 3:23 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu, Jiewen Yao
According to UEFI 2.10 spec
32.8.2 UEFI Device Signature Variable GUID and Variable Name section,
add signature database for device authentication and
add add gEfiDeviceSignatureDatabaseGuid to dec.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Wenxing Hou (2):
MdePkg: Add UEFI 2.10 DeviceAuthentication
MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec
MdePkg/Include/Guid/DeviceAuthentication.h | 61 ++++++++++++++++++++++
MdePkg/MdePkg.dec | 8 ++-
2 files changed, 68 insertions(+), 1 deletion(-)
create mode 100644 MdePkg/Include/Guid/DeviceAuthentication.h
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116414): https://edk2.groups.io/g/devel/message/116414
Mute This Topic: https://groups.io/mt/104760002/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 5+ messages in thread
* [edk2-devel] [PATCH v2 1/2] MdePkg: Add UEFI 2.10 DeviceAuthentication
2024-03-06 3:23 [edk2-devel] [PATCH v2 0/2] MdePkg: Add UEFI 2.10 DeviceAuthentication Wenxing Hou
@ 2024-03-06 3:23 ` Wenxing Hou
2024-03-22 4:45 ` 回复: " gaoliming via groups.io
2024-03-06 3:23 ` [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec Wenxing Hou
1 sibling, 1 reply; 5+ messages in thread
From: Wenxing Hou @ 2024-03-06 3:23 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu, Jiewen Yao
According to UEFI 2.10 spec
32.8.2 UEFI Device Signature Variable GUID and Variable Name section,
add signature database for device authentication.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
MdePkg/Include/Guid/DeviceAuthentication.h | 61 ++++++++++++++++++++++
1 file changed, 61 insertions(+)
create mode 100644 MdePkg/Include/Guid/DeviceAuthentication.h
diff --git a/MdePkg/Include/Guid/DeviceAuthentication.h b/MdePkg/Include/Guid/DeviceAuthentication.h
new file mode 100644
index 0000000000..65dea4273d
--- /dev/null
+++ b/MdePkg/Include/Guid/DeviceAuthentication.h
@@ -0,0 +1,61 @@
+/** @file
+ Guid & data structure used for Device Security.
+
+ Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef EDKII_DEVICE_AUTHENTICATION_GUID_H_
+#define EDKII_DEVICE_AUTHENTICATION_GUID_H_
+
+/**
+ This is a signature database for device authentication, instead of image authentication.
+
+ The content of the signature database is same as the one in db/dbx. (a list of EFI_SIGNATURE_LIST)
+**/
+#define EFI_DEVICE_SIGNATURE_DATABASE_GUID \
+ {0xb9c2b4f4, 0xbf5f, 0x462d, 0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0xad}
+#define EFI_DEVICE_SECURITY_DATABASE L"devdb"
+
+extern EFI_GUID gEfiDeviceSignatureDatabaseGuid;
+
+/**
+ Signature Database:
+
+ +---------------------------------------+ <-----------------
+ | SignatureType (GUID) | |
+ +---------------------------------------+ |
+ | SignatureListSize (UINT32) | |
+ +---------------------------------------+ |
+ | SignatureHeaderSize (UINT32) | |
+ +---------------------------------------+ |
+ | SignatureSize (UINT32) | |-EFI_SIGNATURE_LIST (1)
+ +---------------------------------------+ |
+ | SignatureHeader (SignatureHeaderSize) | |
+ +---------------------------------------+ <-- |
+ | SignatureOwner (GUID) | | |
+ +---------------------------------------+ |-EFI_SIGNATURE_DATA (1)
+ | SignatureData (SignatureSize - 16) | | |
+ +---------------------------------------+ <-- |
+ | SignatureOwner (GUID) | | |
+ +---------------------------------------+ |-EFI_SIGNATURE_DATA (n)
+ | SignatureData (SignatureSize - 16) | | |
+ +---------------------------------------+ <-----------------
+ | SignatureType (GUID) | |
+ +---------------------------------------+ |
+ | SignatureListSize (UINT32) | |-EFI_SIGNATURE_LIST (n)
+ +---------------------------------------+ |
+ | ... | |
+ +---------------------------------------+ <-----------------
+
+ SignatureType := EFI_CERT_SHAxxx_GUID |
+ EFI_CERT_RSA2048_GUID |
+ EFI_CERT_RSA2048_SHAxxx_GUID |
+ EFI_CERT_X509_GUID |
+ EFI_CERT_X509_SHAxxx_GUID
+ (xxx = 256, 384, 512)
+
+**/
+
+#endif
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116415): https://edk2.groups.io/g/devel/message/116415
Mute This Topic: https://groups.io/mt/104760005/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec
2024-03-06 3:23 [edk2-devel] [PATCH v2 0/2] MdePkg: Add UEFI 2.10 DeviceAuthentication Wenxing Hou
2024-03-06 3:23 ` [edk2-devel] [PATCH v2 1/2] " Wenxing Hou
@ 2024-03-06 3:23 ` Wenxing Hou
2024-03-22 4:46 ` 回复: " gaoliming via groups.io
1 sibling, 1 reply; 5+ messages in thread
From: Wenxing Hou @ 2024-03-06 3:23 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu, Jiewen Yao
According to UEFI 2.10 spec
32.8.2 UEFI Device Signature Variable GUID and Variable Name section,
add gEfiDeviceSignatureDatabaseGuid to dec.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
MdePkg/MdePkg.dec | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 0459418906..0c18e1decd 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -4,7 +4,7 @@
# It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of
# EFI1.10/UEFI2.7/PI1.7 and some Industry Standards.
#
-# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2024, Intel Corporation. All rights reserved.<BR>
# Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
# (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development LP<BR>
# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.<BR>
@@ -740,6 +740,12 @@
## Include/Protocol/SerilaIo.h
gEfiSerialTerminalDeviceTypeGuid = { 0x6AD9A60F, 0x5815, 0x4C7C, { 0x8A, 0x10, 0x50, 0x53, 0xD2, 0xBF, 0x7A, 0x1B }}
+ # GUIDs defined in UEFI2.10
+ #
+ ## GUID used to specify section with devdb content
+ ## Include/Guid/DeviceAuthentication.h
+ gEfiDeviceSignatureDatabaseGuid = { 0xb9c2b4f4, 0xbf5f, 0x462d, {0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0xad }}
+
#
# GUID defined in PI1.0
#
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116416): https://edk2.groups.io/g/devel/message/116416
Mute This Topic: https://groups.io/mt/104760006/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 5+ messages in thread
* 回复: [edk2-devel] [PATCH v2 1/2] MdePkg: Add UEFI 2.10 DeviceAuthentication
2024-03-06 3:23 ` [edk2-devel] [PATCH v2 1/2] " Wenxing Hou
@ 2024-03-22 4:45 ` gaoliming via groups.io
0 siblings, 0 replies; 5+ messages in thread
From: gaoliming via groups.io @ 2024-03-22 4:45 UTC (permalink / raw)
To: devel, wenxing.hou
Cc: 'Michael D Kinney', 'Zhiguang Liu',
'Jiewen Yao'
Wenxing:
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Wenxing Hou
> 发送时间: 2024年3月6日 11:24
> 收件人: devel@edk2.groups.io
> 抄送: Michael D Kinney <michael.d.kinney@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; Jiewen
> Yao <jiewen.yao@intel.com>
> 主题: [edk2-devel] [PATCH v2 1/2] MdePkg: Add UEFI 2.10
> DeviceAuthentication
>
> According to UEFI 2.10 spec
> 32.8.2 UEFI Device Signature Variable GUID and Variable Name section,
> add signature database for device authentication.
>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
> ---
> MdePkg/Include/Guid/DeviceAuthentication.h | 61
> ++++++++++++++++++++++
> 1 file changed, 61 insertions(+)
> create mode 100644 MdePkg/Include/Guid/DeviceAuthentication.h
>
> diff --git a/MdePkg/Include/Guid/DeviceAuthentication.h
> b/MdePkg/Include/Guid/DeviceAuthentication.h
> new file mode 100644
> index 0000000000..65dea4273d
> --- /dev/null
> +++ b/MdePkg/Include/Guid/DeviceAuthentication.h
> @@ -0,0 +1,61 @@
> +/** @file
>
> + Guid & data structure used for Device Security.
>
> +
>
> + Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
>
> + SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef EDKII_DEVICE_AUTHENTICATION_GUID_H_
>
Here can use EFI_ prefix, because this definition is from UEFI spec.
Thanks
Liming
> +#define EDKII_DEVICE_AUTHENTICATION_GUID_H_
>
> +
>
> +/**
>
> + This is a signature database for device authentication, instead of
image
> authentication.
>
> +
>
> + The content of the signature database is same as the one in db/dbx. (a
list
> of EFI_SIGNATURE_LIST)
>
> +**/
>
> +#define EFI_DEVICE_SIGNATURE_DATABASE_GUID \
>
> + {0xb9c2b4f4, 0xbf5f, 0x462d, 0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d,
0xad}
>
> +#define EFI_DEVICE_SECURITY_DATABASE L"devdb"
>
> +
>
> +extern EFI_GUID gEfiDeviceSignatureDatabaseGuid;
>
> +
>
> +/**
>
> + Signature Database:
>
> +
>
> + +---------------------------------------+ <-----------------
>
> + | SignatureType (GUID) | |
>
> + +---------------------------------------+ |
>
> + | SignatureListSize (UINT32) | |
>
> + +---------------------------------------+ |
>
> + | SignatureHeaderSize (UINT32) | |
>
> + +---------------------------------------+ |
>
> + | SignatureSize (UINT32) |
> |-EFI_SIGNATURE_LIST (1)
>
> + +---------------------------------------+ |
>
> + | SignatureHeader (SignatureHeaderSize) | |
>
> + +---------------------------------------+ <-- |
>
> + | SignatureOwner (GUID) | | |
>
> + +---------------------------------------+ |-EFI_SIGNATURE_DATA (1)
>
> + | SignatureData (SignatureSize - 16) | | |
>
> + +---------------------------------------+ <-- |
>
> + | SignatureOwner (GUID) | | |
>
> + +---------------------------------------+ |-EFI_SIGNATURE_DATA (n)
>
> + | SignatureData (SignatureSize - 16) | | |
>
> + +---------------------------------------+ <-----------------
>
> + | SignatureType (GUID) | |
>
> + +---------------------------------------+ |
>
> + | SignatureListSize (UINT32) |
> |-EFI_SIGNATURE_LIST (n)
>
> + +---------------------------------------+ |
>
> + | ... | |
>
> + +---------------------------------------+ <-----------------
>
> +
>
> + SignatureType := EFI_CERT_SHAxxx_GUID |
>
> + EFI_CERT_RSA2048_GUID |
>
> + EFI_CERT_RSA2048_SHAxxx_GUID |
>
> + EFI_CERT_X509_GUID |
>
> + EFI_CERT_X509_SHAxxx_GUID
>
> + (xxx = 256, 384, 512)
>
> +
>
> +**/
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#116415):
> https://edk2.groups.io/g/devel/message/116415
> Mute This Topic: https://groups.io/mt/104760005/4905953
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaoliming@byosoft.com.cn]
> -=-=-=-=-=-=
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117025): https://edk2.groups.io/g/devel/message/117025
Mute This Topic: https://groups.io/mt/105079881/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 5+ messages in thread
* 回复: [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec
2024-03-06 3:23 ` [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec Wenxing Hou
@ 2024-03-22 4:46 ` gaoliming via groups.io
0 siblings, 0 replies; 5+ messages in thread
From: gaoliming via groups.io @ 2024-03-22 4:46 UTC (permalink / raw)
To: devel, wenxing.hou
Cc: 'Michael D Kinney', 'Zhiguang Liu',
'Jiewen Yao'
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Wenxing Hou
> 发送时间: 2024年3月6日 11:24
> 收件人: devel@edk2.groups.io
> 抄送: Michael D Kinney <michael.d.kinney@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; Jiewen
> Yao <jiewen.yao@intel.com>
> 主题: [edk2-devel] [PATCH v2 2/2] MdePkg: Add
> gEfiDeviceSignatureDatabaseGuid to dec
>
> According to UEFI 2.10 spec
> 32.8.2 UEFI Device Signature Variable GUID and Variable Name section,
> add gEfiDeviceSignatureDatabaseGuid to dec.
>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
> ---
> MdePkg/MdePkg.dec | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> index 0459418906..0c18e1decd 100644
> --- a/MdePkg/MdePkg.dec
> +++ b/MdePkg/MdePkg.dec
> @@ -4,7 +4,7 @@
> # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of
>
> # EFI1.10/UEFI2.7/PI1.7 and some Industry Standards.
>
> #
>
> -# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) 2007 - 2024, Intel Corporation. All rights reserved.<BR>
>
> # Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
>
> # (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development
> LP<BR>
>
> # Copyright (c) 2022, Loongson Technology Corporation Limited. All rights
> reserved.<BR>
>
> @@ -740,6 +740,12 @@
> ## Include/Protocol/SerilaIo.h
>
> gEfiSerialTerminalDeviceTypeGuid = { 0x6AD9A60F, 0x5815, 0x4C7C,
> { 0x8A, 0x10, 0x50, 0x53, 0xD2, 0xBF, 0x7A, 0x1B }}
>
>
>
> + # GUIDs defined in UEFI2.10
>
> + #
>
> + ## GUID used to specify section with devdb content
>
> + ## Include/Guid/DeviceAuthentication.h
>
> + gEfiDeviceSignatureDatabaseGuid = { 0xb9c2b4f4, 0xbf5f, 0x462d, {0x8a,
> 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0xad }}
>
> +
>
> #
>
> # GUID defined in PI1.0
>
> #
>
> --
> 2.26.2.windows.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#116416):
> https://edk2.groups.io/g/devel/message/116416
> Mute This Topic: https://groups.io/mt/104760006/4905953
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaoliming@byosoft.com.cn]
> -=-=-=-=-=-=
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117026): https://edk2.groups.io/g/devel/message/117026
Mute This Topic: https://groups.io/mt/105079886/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-03-22 4:46 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-06 3:23 [edk2-devel] [PATCH v2 0/2] MdePkg: Add UEFI 2.10 DeviceAuthentication Wenxing Hou
2024-03-06 3:23 ` [edk2-devel] [PATCH v2 1/2] " Wenxing Hou
2024-03-22 4:45 ` 回复: " gaoliming via groups.io
2024-03-06 3:23 ` [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec Wenxing Hou
2024-03-22 4:46 ` 回复: " gaoliming via groups.io
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox