From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Wadhawan, Divneil R" <divneil.r.wadhawan@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: "Rothman, Michael A" <michael.a.rothman@intel.com>
Subject: Re: [edk2-devel] [Patch 0/2] Extending the signing algorithms for Authenticated Variables
Date: Wed, 9 Dec 2020 18:49:34 +0000 [thread overview]
Message-ID: <BYAPR11MB32387235D923A6D5BA674752D2CC0@BYAPR11MB3238.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20201209183243.30504-1-divneil.r.wadhawan@intel.com>
Divneil,
Is this intended for a branch in edk2-staging repo using EDK II Code First Process?
I see the following BZ that seems to match:
https://bugzilla.tianocore.org/show_bug.cgi?id=2875
Please update Subject line to include [edk2-staging/<BranchName>] following EDK II Code First
branch naming conventions.
https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Code-First-Process
Also add the link to the BZ in all commit messages including Patch #0. Patch #0 should also
include a Signed-off-by tag and the merged set of Cc tags from all the individual patches.
For this proposed change, how does a caller of the UEFI Variable services know if
SHA384 or SHA512 is supported. I see the code change updates the variable services
to support this, but I do not see a detection method for platform FW capabilities.
The proposed spec change changes from *only* SHA256 to SHA256 or larger. But the code
change only adds SHA384 and SHA512. Do we want to make the spec change define the
specific SHA sizes required?
Thanks,
Mike
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wadhawan, Divneil R
> Sent: Wednesday, December 9, 2020 10:33 AM
> To: devel@edk2.groups.io
> Subject: [edk2-devel] [Patch 0/2] Extending the signing algorithms for Authenticated Variables
>
> Authenticated Variables currently only supports SHA256 as the digest algorithm.
> This patch series extends it to include SHA384 and SHA512. The series is composed
> of 2 patches.
> a. Unit Test for Authenticated Variables
> b. AuthService change to allow SHA384/SHA512 as digest algorithms.
>
> Divneil Rai Wadhawan (2):
> MdeModulePkg: Add unit test for Authenticated Variables
> SecurityPkg: Add support for SHA-384/SHA-512 digest algos
>
> .../Variable/RuntimeDxe/UnitTest/AuthVarUnitTest.c | 494 +++++++++++++++++++++
> .../RuntimeDxe/UnitTest/PkNewRsa2048Sha256.c | 139 ++++++
> .../RuntimeDxe/UnitTest/PkNewRsa3072Sha256.c | 179 ++++++++
> .../RuntimeDxe/UnitTest/PkNewRsa3072Sha384.c | 179 ++++++++
> .../RuntimeDxe/UnitTest/PkNewRsa4096Sha256.c | 219 +++++++++
> .../RuntimeDxe/UnitTest/PkNewRsa4096Sha512.c | 219 +++++++++
> .../Variable/RuntimeDxe/UnitTest/PkRsa2048Sha256.c | 139 ++++++
> .../Variable/RuntimeDxe/UnitTest/PkRsa3072Sha256.c | 179 ++++++++
> .../Variable/RuntimeDxe/UnitTest/PkRsa3072Sha384.c | 179 ++++++++
> .../Variable/RuntimeDxe/UnitTest/PkRsa4096Sha256.c | 219 +++++++++
> .../Variable/RuntimeDxe/UnitTest/PkRsa4096Sha512.c | 219 +++++++++
> SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 +-
> AuthVariableDigestUpdate.md | 41 ++
> MdeModulePkg/MdeModulePkg.dsc | 4 +
> .../UnitTest/AuthVarUnitTestUefiShell.inf | 42 ++
> 15 files changed, 2457 insertions(+), 2 deletions(-)
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/AuthVarUnitTest.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/PkNewRsa2048Sha256.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/PkNewRsa3072Sha256.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/PkNewRsa3072Sha384.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/PkNewRsa4096Sha256.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/PkNewRsa4096Sha512.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/PkRsa2048Sha256.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/PkRsa3072Sha256.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/PkRsa3072Sha384.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/PkRsa4096Sha256.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/PkRsa4096Sha512.c
> create mode 100644 AuthVariableDigestUpdate.md
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/UnitTest/AuthVarUnitTestUefiShell.inf
>
> --
> 2.16.2.windows.1
>
>
>
>
>
prev parent reply other threads:[~2020-12-09 18:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-09 18:32 [Patch 0/2] Extending the signing algorithms for Authenticated Variables Wadhawan, Divneil R
2020-12-09 18:32 ` [Patch 1/2] MdeModulePkg: Add unit test " Wadhawan, Divneil R
2020-12-09 20:18 ` [EXTERNAL] [edk2-devel] " Bret Barkelew
2020-12-10 7:56 ` Wadhawan, Divneil R
2020-12-09 18:32 ` [Patch 2/2] SecurityPkg: Add support for SHA-384/SHA-512 digest algos Wadhawan, Divneil R
2020-12-09 20:21 ` [EXTERNAL] [edk2-devel] " Bret Barkelew
2020-12-09 21:46 ` Michael D Kinney
2020-12-09 22:28 ` Yao, Jiewen
2020-12-09 18:49 ` Michael D Kinney [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BYAPR11MB32387235D923A6D5BA674752D2CC0@BYAPR11MB3238.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox