* [edk2-devel] [PATCH v2 0/2] MdePkg: Add UEFI 2.10 DeviceAuthentication @ 2024-03-06 3:23 Wenxing Hou 2024-03-06 3:23 ` [edk2-devel] [PATCH v2 1/2] " Wenxing Hou 2024-03-06 3:23 ` [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec Wenxing Hou 0 siblings, 2 replies; 5+ messages in thread From: Wenxing Hou @ 2024-03-06 3:23 UTC (permalink / raw) To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu, Jiewen Yao According to UEFI 2.10 spec 32.8.2 UEFI Device Signature Variable GUID and Variable Name section, add signature database for device authentication and add add gEfiDeviceSignatureDatabaseGuid to dec. Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Wenxing Hou (2): MdePkg: Add UEFI 2.10 DeviceAuthentication MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec MdePkg/Include/Guid/DeviceAuthentication.h | 61 ++++++++++++++++++++++ MdePkg/MdePkg.dec | 8 ++- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 MdePkg/Include/Guid/DeviceAuthentication.h -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116414): https://edk2.groups.io/g/devel/message/116414 Mute This Topic: https://groups.io/mt/104760002/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 5+ messages in thread
* [edk2-devel] [PATCH v2 1/2] MdePkg: Add UEFI 2.10 DeviceAuthentication 2024-03-06 3:23 [edk2-devel] [PATCH v2 0/2] MdePkg: Add UEFI 2.10 DeviceAuthentication Wenxing Hou @ 2024-03-06 3:23 ` Wenxing Hou 2024-03-22 4:45 ` 回复: " gaoliming via groups.io 2024-03-06 3:23 ` [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec Wenxing Hou 1 sibling, 1 reply; 5+ messages in thread From: Wenxing Hou @ 2024-03-06 3:23 UTC (permalink / raw) To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu, Jiewen Yao According to UEFI 2.10 spec 32.8.2 UEFI Device Signature Variable GUID and Variable Name section, add signature database for device authentication. Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> --- MdePkg/Include/Guid/DeviceAuthentication.h | 61 ++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 MdePkg/Include/Guid/DeviceAuthentication.h diff --git a/MdePkg/Include/Guid/DeviceAuthentication.h b/MdePkg/Include/Guid/DeviceAuthentication.h new file mode 100644 index 0000000000..65dea4273d --- /dev/null +++ b/MdePkg/Include/Guid/DeviceAuthentication.h @@ -0,0 +1,61 @@ +/** @file + Guid & data structure used for Device Security. + + Copyright (c) 2024, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef EDKII_DEVICE_AUTHENTICATION_GUID_H_ +#define EDKII_DEVICE_AUTHENTICATION_GUID_H_ + +/** + This is a signature database for device authentication, instead of image authentication. + + The content of the signature database is same as the one in db/dbx. (a list of EFI_SIGNATURE_LIST) +**/ +#define EFI_DEVICE_SIGNATURE_DATABASE_GUID \ + {0xb9c2b4f4, 0xbf5f, 0x462d, 0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0xad} +#define EFI_DEVICE_SECURITY_DATABASE L"devdb" + +extern EFI_GUID gEfiDeviceSignatureDatabaseGuid; + +/** + Signature Database: + + +---------------------------------------+ <----------------- + | SignatureType (GUID) | | + +---------------------------------------+ | + | SignatureListSize (UINT32) | | + +---------------------------------------+ | + | SignatureHeaderSize (UINT32) | | + +---------------------------------------+ | + | SignatureSize (UINT32) | |-EFI_SIGNATURE_LIST (1) + +---------------------------------------+ | + | SignatureHeader (SignatureHeaderSize) | | + +---------------------------------------+ <-- | + | SignatureOwner (GUID) | | | + +---------------------------------------+ |-EFI_SIGNATURE_DATA (1) + | SignatureData (SignatureSize - 16) | | | + +---------------------------------------+ <-- | + | SignatureOwner (GUID) | | | + +---------------------------------------+ |-EFI_SIGNATURE_DATA (n) + | SignatureData (SignatureSize - 16) | | | + +---------------------------------------+ <----------------- + | SignatureType (GUID) | | + +---------------------------------------+ | + | SignatureListSize (UINT32) | |-EFI_SIGNATURE_LIST (n) + +---------------------------------------+ | + | ... | | + +---------------------------------------+ <----------------- + + SignatureType := EFI_CERT_SHAxxx_GUID | + EFI_CERT_RSA2048_GUID | + EFI_CERT_RSA2048_SHAxxx_GUID | + EFI_CERT_X509_GUID | + EFI_CERT_X509_SHAxxx_GUID + (xxx = 256, 384, 512) + +**/ + +#endif -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116415): https://edk2.groups.io/g/devel/message/116415 Mute This Topic: https://groups.io/mt/104760005/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply related [flat|nested] 5+ messages in thread
* 回复: [edk2-devel] [PATCH v2 1/2] MdePkg: Add UEFI 2.10 DeviceAuthentication 2024-03-06 3:23 ` [edk2-devel] [PATCH v2 1/2] " Wenxing Hou @ 2024-03-22 4:45 ` gaoliming via groups.io 0 siblings, 0 replies; 5+ messages in thread From: gaoliming via groups.io @ 2024-03-22 4:45 UTC (permalink / raw) To: devel, wenxing.hou Cc: 'Michael D Kinney', 'Zhiguang Liu', 'Jiewen Yao' Wenxing: > -----邮件原件----- > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Wenxing Hou > 发送时间: 2024年3月6日 11:24 > 收件人: devel@edk2.groups.io > 抄送: Michael D Kinney <michael.d.kinney@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; Jiewen > Yao <jiewen.yao@intel.com> > 主题: [edk2-devel] [PATCH v2 1/2] MdePkg: Add UEFI 2.10 > DeviceAuthentication > > According to UEFI 2.10 spec > 32.8.2 UEFI Device Signature Variable GUID and Variable Name section, > add signature database for device authentication. > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> > --- > MdePkg/Include/Guid/DeviceAuthentication.h | 61 > ++++++++++++++++++++++ > 1 file changed, 61 insertions(+) > create mode 100644 MdePkg/Include/Guid/DeviceAuthentication.h > > diff --git a/MdePkg/Include/Guid/DeviceAuthentication.h > b/MdePkg/Include/Guid/DeviceAuthentication.h > new file mode 100644 > index 0000000000..65dea4273d > --- /dev/null > +++ b/MdePkg/Include/Guid/DeviceAuthentication.h > @@ -0,0 +1,61 @@ > +/** @file > > + Guid & data structure used for Device Security. > > + > > + Copyright (c) 2024, Intel Corporation. All rights reserved.<BR> > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#ifndef EDKII_DEVICE_AUTHENTICATION_GUID_H_ > Here can use EFI_ prefix, because this definition is from UEFI spec. Thanks Liming > +#define EDKII_DEVICE_AUTHENTICATION_GUID_H_ > > + > > +/** > > + This is a signature database for device authentication, instead of image > authentication. > > + > > + The content of the signature database is same as the one in db/dbx. (a list > of EFI_SIGNATURE_LIST) > > +**/ > > +#define EFI_DEVICE_SIGNATURE_DATABASE_GUID \ > > + {0xb9c2b4f4, 0xbf5f, 0x462d, 0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0xad} > > +#define EFI_DEVICE_SECURITY_DATABASE L"devdb" > > + > > +extern EFI_GUID gEfiDeviceSignatureDatabaseGuid; > > + > > +/** > > + Signature Database: > > + > > + +---------------------------------------+ <----------------- > > + | SignatureType (GUID) | | > > + +---------------------------------------+ | > > + | SignatureListSize (UINT32) | | > > + +---------------------------------------+ | > > + | SignatureHeaderSize (UINT32) | | > > + +---------------------------------------+ | > > + | SignatureSize (UINT32) | > |-EFI_SIGNATURE_LIST (1) > > + +---------------------------------------+ | > > + | SignatureHeader (SignatureHeaderSize) | | > > + +---------------------------------------+ <-- | > > + | SignatureOwner (GUID) | | | > > + +---------------------------------------+ |-EFI_SIGNATURE_DATA (1) > > + | SignatureData (SignatureSize - 16) | | | > > + +---------------------------------------+ <-- | > > + | SignatureOwner (GUID) | | | > > + +---------------------------------------+ |-EFI_SIGNATURE_DATA (n) > > + | SignatureData (SignatureSize - 16) | | | > > + +---------------------------------------+ <----------------- > > + | SignatureType (GUID) | | > > + +---------------------------------------+ | > > + | SignatureListSize (UINT32) | > |-EFI_SIGNATURE_LIST (n) > > + +---------------------------------------+ | > > + | ... | | > > + +---------------------------------------+ <----------------- > > + > > + SignatureType := EFI_CERT_SHAxxx_GUID | > > + EFI_CERT_RSA2048_GUID | > > + EFI_CERT_RSA2048_SHAxxx_GUID | > > + EFI_CERT_X509_GUID | > > + EFI_CERT_X509_SHAxxx_GUID > > + (xxx = 256, 384, 512) > > + > > +**/ > > + > > +#endif > > -- > 2.26.2.windows.1 > > > > -=-=-=-=-=-= > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#116415): > https://edk2.groups.io/g/devel/message/116415 > Mute This Topic: https://groups.io/mt/104760005/4905953 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub > [gaoliming@byosoft.com.cn] > -=-=-=-=-=-= > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117025): https://edk2.groups.io/g/devel/message/117025 Mute This Topic: https://groups.io/mt/105079881/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 5+ messages in thread
* [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec 2024-03-06 3:23 [edk2-devel] [PATCH v2 0/2] MdePkg: Add UEFI 2.10 DeviceAuthentication Wenxing Hou 2024-03-06 3:23 ` [edk2-devel] [PATCH v2 1/2] " Wenxing Hou @ 2024-03-06 3:23 ` Wenxing Hou 2024-03-22 4:46 ` 回复: " gaoliming via groups.io 1 sibling, 1 reply; 5+ messages in thread From: Wenxing Hou @ 2024-03-06 3:23 UTC (permalink / raw) To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu, Jiewen Yao According to UEFI 2.10 spec 32.8.2 UEFI Device Signature Variable GUID and Variable Name section, add gEfiDeviceSignatureDatabaseGuid to dec. Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> --- MdePkg/MdePkg.dec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 0459418906..0c18e1decd 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -4,7 +4,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of # EFI1.10/UEFI2.7/PI1.7 and some Industry Standards. # -# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2007 - 2024, Intel Corporation. All rights reserved.<BR> # Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR> # (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development LP<BR> # Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.<BR> @@ -740,6 +740,12 @@ ## Include/Protocol/SerilaIo.h gEfiSerialTerminalDeviceTypeGuid = { 0x6AD9A60F, 0x5815, 0x4C7C, { 0x8A, 0x10, 0x50, 0x53, 0xD2, 0xBF, 0x7A, 0x1B }} + # GUIDs defined in UEFI2.10 + # + ## GUID used to specify section with devdb content + ## Include/Guid/DeviceAuthentication.h + gEfiDeviceSignatureDatabaseGuid = { 0xb9c2b4f4, 0xbf5f, 0x462d, {0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0xad }} + # # GUID defined in PI1.0 # -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116416): https://edk2.groups.io/g/devel/message/116416 Mute This Topic: https://groups.io/mt/104760006/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply related [flat|nested] 5+ messages in thread
* 回复: [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec 2024-03-06 3:23 ` [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec Wenxing Hou @ 2024-03-22 4:46 ` gaoliming via groups.io 0 siblings, 0 replies; 5+ messages in thread From: gaoliming via groups.io @ 2024-03-22 4:46 UTC (permalink / raw) To: devel, wenxing.hou Cc: 'Michael D Kinney', 'Zhiguang Liu', 'Jiewen Yao' Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> > -----邮件原件----- > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Wenxing Hou > 发送时间: 2024年3月6日 11:24 > 收件人: devel@edk2.groups.io > 抄送: Michael D Kinney <michael.d.kinney@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; Jiewen > Yao <jiewen.yao@intel.com> > 主题: [edk2-devel] [PATCH v2 2/2] MdePkg: Add > gEfiDeviceSignatureDatabaseGuid to dec > > According to UEFI 2.10 spec > 32.8.2 UEFI Device Signature Variable GUID and Variable Name section, > add gEfiDeviceSignatureDatabaseGuid to dec. > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> > --- > MdePkg/MdePkg.dec | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec > index 0459418906..0c18e1decd 100644 > --- a/MdePkg/MdePkg.dec > +++ b/MdePkg/MdePkg.dec > @@ -4,7 +4,7 @@ > # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of > > # EFI1.10/UEFI2.7/PI1.7 and some Industry Standards. > > # > > -# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.<BR> > > +# Copyright (c) 2007 - 2024, Intel Corporation. All rights reserved.<BR> > > # Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR> > > # (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development > LP<BR> > > # Copyright (c) 2022, Loongson Technology Corporation Limited. All rights > reserved.<BR> > > @@ -740,6 +740,12 @@ > ## Include/Protocol/SerilaIo.h > > gEfiSerialTerminalDeviceTypeGuid = { 0x6AD9A60F, 0x5815, 0x4C7C, > { 0x8A, 0x10, 0x50, 0x53, 0xD2, 0xBF, 0x7A, 0x1B }} > > > > + # GUIDs defined in UEFI2.10 > > + # > > + ## GUID used to specify section with devdb content > > + ## Include/Guid/DeviceAuthentication.h > > + gEfiDeviceSignatureDatabaseGuid = { 0xb9c2b4f4, 0xbf5f, 0x462d, {0x8a, > 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0xad }} > > + > > # > > # GUID defined in PI1.0 > > # > > -- > 2.26.2.windows.1 > > > > -=-=-=-=-=-= > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#116416): > https://edk2.groups.io/g/devel/message/116416 > Mute This Topic: https://groups.io/mt/104760006/4905953 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub > [gaoliming@byosoft.com.cn] > -=-=-=-=-=-= > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117026): https://edk2.groups.io/g/devel/message/117026 Mute This Topic: https://groups.io/mt/105079886/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-03-22 4:46 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-03-06 3:23 [edk2-devel] [PATCH v2 0/2] MdePkg: Add UEFI 2.10 DeviceAuthentication Wenxing Hou 2024-03-06 3:23 ` [edk2-devel] [PATCH v2 1/2] " Wenxing Hou 2024-03-22 4:45 ` 回复: " gaoliming via groups.io 2024-03-06 3:23 ` [edk2-devel] [PATCH v2 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec Wenxing Hou 2024-03-22 4:46 ` 回复: " gaoliming via groups.io
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox