From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+117149+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 00BF6AC0848
	for <rebecca@openfw.io>; Wed, 27 Mar 2024 06:15:57 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=zy6X2Appp8zKUUQKIRg1NzIAxYNSEeLYFLnsLkM4dBQ=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20240206; t=1711520156; v=1;
 b=OmZKgyu5uCRlkOXLPY5wgVHJW23bfGGNiGI/C6Xv7rSJoVdp8xy/oKV92erlVt0qPVW0A6lC
 Ifip0Rk7BTSF8xXZCReZAYjFTgaRP+MLCjRlt/nEixpCJ4cVJPMyDTXjC/2/sCwT+m9Ik3K6hj3
 dtKRKO7fhQJJwYv78LDeh2eOJRr+dO9n5j2FFr5pL4b00jUePJMosZP/uVh/kJeTOUmcCa75hf6
 QyOP+3x1oQTWeIPGC+/8gp+CC/Qk+nxycHlG2ocMay5FAPSVodgSq+FOx0UP7BLKnGDudmHbR3s
 S5gEEzXVamwCeOhi1pYaHMwqpdHNRhzCBbkqtpuiTYTpw==
X-Received: by 127.0.0.2 with SMTP id LK5zYY7687511xRKi4LuZvhf; Tue, 26 Mar 2024 23:15:56 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19])
 by mx.groups.io with SMTP id smtpd.web10.31015.1711520155745846993
 for <devel@edk2.groups.io>;
 Tue, 26 Mar 2024 23:15:56 -0700
X-CSE-ConnectionGUID: ec2HvYApTyypYTJmc7+zSQ==
X-CSE-MsgGUID: tXKvdIeIS1a5vIVhoBRYuQ==
X-IronPort-AV: E=McAfee;i="6600,9927,11025"; a="6465695"
X-IronPort-AV: E=Sophos;i="6.07,158,1708416000"; 
   d="scan'208";a="6465695"
X-Received: from orviesa005.jf.intel.com ([10.64.159.145])
  by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2024 23:15:49 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,158,1708416000"; 
   d="scan'208";a="20904578"
X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116])
  by orviesa005.jf.intel.com with ESMTP; 26 Mar 2024 23:15:48 -0700
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH v3 1/2] MdePkg: Add UEFI 2.10 DeviceAuthentication
Date: Wed, 27 Mar 2024 14:15:43 +0800
Message-Id: <20240327061544.1693-2-wenxing.hou@intel.com>
In-Reply-To: <20240327061544.1693-1-wenxing.hou@intel.com>
References: <20240327061544.1693-1-wenxing.hou@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Tue, 26 Mar 2024 23:15:56 -0700
Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: hdJek6Hy41GrcB7qDyilDA8Wx7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=OmZKgyu5;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

According to UEFI 2.10 spec
32.8.2 UEFI Device Signature Variable GUID and Variable Name section,
add signature database for device authentication.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 MdePkg/Include/Guid/DeviceAuthentication.h | 61 ++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 MdePkg/Include/Guid/DeviceAuthentication.h

diff --git a/MdePkg/Include/Guid/DeviceAuthentication.h b/MdePkg/Include/Gu=
id/DeviceAuthentication.h
new file mode 100644
index 0000000000..0dd933dfa5
--- /dev/null
+++ b/MdePkg/Include/Guid/DeviceAuthentication.h
@@ -0,0 +1,61 @@
+/** @file=0D
+  Guid & data structure used for Device Security.=0D
+=0D
+  Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>=0D
+  SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#ifndef EFI_DEVICE_AUTHENTICATION_GUID_H_=0D
+#define EFI_DEVICE_AUTHENTICATION_GUID_H_=0D
+=0D
+/**=0D
+  This is a signature database for device authentication, instead of image=
 authentication.=0D
+=0D
+  The content of the signature database is same as the one in db/dbx. (a l=
ist of EFI_SIGNATURE_LIST)=0D
+**/=0D
+#define EFI_DEVICE_SIGNATURE_DATABASE_GUID \=0D
+  {0xb9c2b4f4, 0xbf5f, 0x462d, 0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0x=
ad}=0D
+#define EFI_DEVICE_SECURITY_DATABASE  L"devdb"=0D
+=0D
+extern EFI_GUID  gEfiDeviceSignatureDatabaseGuid;=0D
+=0D
+/**=0D
+  Signature Database:=0D
+=0D
+  +---------------------------------------+ <-----------------=0D
+  | SignatureType (GUID)                  |                  |=0D
+  +---------------------------------------+                  |=0D
+  | SignatureListSize (UINT32)            |                  |=0D
+  +---------------------------------------+                  |=0D
+  | SignatureHeaderSize (UINT32)          |                  |=0D
+  +---------------------------------------+                  |=0D
+  | SignatureSize (UINT32)                |                  |-EFI_SIGNATU=
RE_LIST (1)=0D
+  +---------------------------------------+                  |=0D
+  | SignatureHeader (SignatureHeaderSize) |                  |=0D
+  +---------------------------------------+ <--              |=0D
+  | SignatureOwner (GUID)                 |   |              |=0D
+  +---------------------------------------+   |-EFI_SIGNATURE_DATA (1)=0D
+  | SignatureData (SignatureSize - 16)    |   |              |=0D
+  +---------------------------------------+ <--              |=0D
+  | SignatureOwner (GUID)                 |   |              |=0D
+  +---------------------------------------+   |-EFI_SIGNATURE_DATA (n)=0D
+  | SignatureData (SignatureSize - 16)    |   |              |=0D
+  +---------------------------------------+ <-----------------=0D
+  | SignatureType (GUID)                  |                  |=0D
+  +---------------------------------------+                  |=0D
+  | SignatureListSize (UINT32)            |                  |-EFI_SIGNATU=
RE_LIST (n)=0D
+  +---------------------------------------+                  |=0D
+  | ...                                   |                  |=0D
+  +---------------------------------------+ <-----------------=0D
+=0D
+  SignatureType :=3D EFI_CERT_SHAxxx_GUID |=0D
+                   EFI_CERT_RSA2048_GUID |=0D
+                   EFI_CERT_RSA2048_SHAxxx_GUID |=0D
+                   EFI_CERT_X509_GUID |=0D
+                   EFI_CERT_X509_SHAxxx_GUID=0D
+  (xxx =3D 256, 384, 512)=0D
+=0D
+**/=0D
+=0D
+#endif=0D
--=20
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117149): https://edk2.groups.io/g/devel/message/117149
Mute This Topic: https://groups.io/mt/105172709/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-