From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 6B462780091 for ; Wed, 6 Sep 2023 15:20:50 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=X7gddY8SjHNgj9FffqRm6I5HVTMzlzh/Y3cLvxlp2ZU=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1694013649; v=1; b=iWqz9HJm0jw7LHyapwJuKGzjZqaJZk57JNOHqcV8e89fAJJY+ipwXT3C8duKMiWPArnp8FNA JowRlv/k06bavcrMq39ZVJMwuzlHZmhXhfyW8PQVpZxVIUVyd9eewLf9/VDh/+sHIdGDOoacIys wMXr6Q9Py6hSsmh8l2YWHVWo= X-Received: by 127.0.0.2 with SMTP id 1q4qYY7687511x0aZmhK6htT; Wed, 06 Sep 2023 08:20:49 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.2372.1693965344062665630 for ; Tue, 05 Sep 2023 18:55:44 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10824"; a="376864060" X-IronPort-AV: E=Sophos;i="6.02,230,1688454000"; d="scan'208";a="376864060" X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Sep 2023 18:55:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10824"; a="811463331" X-IronPort-AV: E=Sophos;i="6.02,230,1688454000"; d="scan'208";a="811463331" X-Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmsmga004.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 05 Sep 2023 18:55:42 -0700 X-Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 5 Sep 2023 18:55:41 -0700 X-Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27 via Frontend Transport; Tue, 5 Sep 2023 18:55:41 -0700 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.169) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.27; Tue, 5 Sep 2023 18:55:40 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nn9c4sIu6Qz6XyTDa4qLfU4VhjD/kfsejUkyQftPd0y2wOU3wbrbEHl3pN/FlN5bX14QlQ8X7J+dW/aru6gu6w3VaR7VnIMoLG32rMIUhwPQUf8fPArtBpyXOP/4ktArSDxmOXcotPKQmQ7Se2JmCTpb+ymOZA/T6QfOy6G+aEE9wZeu5Y1+o56EWmpaKm/eQVPeonFiZRJAhIuZUyC20pqzZQl1kLePUTPWgOi554q78b7u8kurp73itKIXHxgL10FWq+Ojbcu5NwQVX35awVq8XfNjaAy5mDSeBuSwTwlBhH9uVN22HCQzdN+Pu4eHabpuBDYW7MRasijK9ermcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4aNIkEj294O2UcIz8L7N+2fLvmEcW7+EVRHGwqA7tqA=; b=ofixdfZppZ8WhnN6xVoEH+A1ADCC2hTkJqU9Az0Bw0n/o8fy/ALb1Mnti8a6yuFYJi0KRByMX8ZLRSce/PmoUGcL16VbphwMEqHY9+5gL36RPfY0rGddMpTwedU/KIMRNCZQrCHNkdHLLZNN6wRi1R79NMz8VZMFI0GdCPRwRT8PJ9xClkvu49svzFjGF+whor5Wzg9Lq/wtJYBh5+070VwzIiirUkB/qfEHPbO8be37SyZ5S87qYJskUvMyZK6lAd8yfsCixeP7+Ez7h7mqLLKHpaDkGSO9G0+ZXzUbbifLEYcQacrrPTlNGbyItLIa3kvMUOE1csAYGOhNWBrcuA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from DM6PR11MB4490.namprd11.prod.outlook.com (2603:10b6:5:1df::29) by MN2PR11MB4597.namprd11.prod.outlook.com (2603:10b6:208:268::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.33; Wed, 6 Sep 2023 01:55:39 +0000 X-Received: from DM6PR11MB4490.namprd11.prod.outlook.com ([fe80::d91c:8e88:c58:1130]) by DM6PR11MB4490.namprd11.prod.outlook.com ([fe80::d91c:8e88:c58:1130%4]) with mapi id 15.20.6745.030; Wed, 6 Sep 2023 01:55:38 +0000 From: "Chen, Zeyi" To: "Sheng, W" , "devel@edk2.groups.io" , "Yao, Jiewen" CC: "Wang, Jian J" , "Xu, Min M" , "Wang, Fiona" , "Lu, Xiaoyu1" , "Jiang, Guomin" , "Kinney, Michael D" , "Yu, Ling" Subject: Re: [edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072 Thread-Topic: [edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072 Thread-Index: AQHZy0CxRi9+mBtrj0G49W0wUVJp4q/15FsQgAy0SiCACpsR0A== Date: Wed, 6 Sep 2023 01:55:37 +0000 Message-ID: References: <1779E466B0A8FFE7.8497@groups.io> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DM6PR11MB4490:EE_|MN2PR11MB4597:EE_ x-ms-office365-filtering-correlation-id: 55b50b0a-4c17-4f7d-7ca6-08dbae7c5df7 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: Axy8YXxfiAbsUmWUH7aB2nTh5LDOmjVweBGOOn/5mlXc+VtbBgHQVo6Upkfope3+D+CLR/NfMKw7x7rQbWY4a3TdIxmvDcX4iA+37t7GOfOK+PTuZdHLjvFXKiGIWEhsVdvSzEirH6blXm54KcB9lmxjRxjq3++vywrWKlNs/ct6/8DUEWMGs4xASDhoLVOyt88E0x48mLtCh8T8bsFYph5b+XqBYV//gkSv9TCICE/6jWAcx4O3gjcK+a9MhNvdaPRPY6qnwNf6nSjYwcx2DlXBL8gKYoXW2l8hpuwZNfYRr6MDDGDkuczNIMRVGJcayrnTRBfPgDItiNqnRcl5SJzO00kI+1cofeQgsTEA5AgQgVErRsJjTM4EM4/8OIeGwh2uvA3OaVSJgcYdr8KWlo3RFWi6cNFcZYUtVEsS7W3YZdhb9CU9+8T1XvYhSnyN2rMWkp3kDUZ+x8LECd0v8ogaYYNyveXVSbzzXlvqnT3FHJUrAocpieuu0Jp/ARSbYM7NEvYndwRedQ5xLOdQf4UDPQe0dnMxI85G1qmhyaVUDM1QnIvYA3P/JPk1lGmhfB7kgqHkNA8wQvOa3e5SI7ZT90UV6X8Q6m01S8Rmu9FCHBwTCADYjkyEcut/wLmy5Gw+HqZruGlAs+jn/E3jAg== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-2022-jp?B?S0sxVGE4STc5cEVNNmhPWkJjNEFVeitLanJ6VmFvcEllVG9oTWVaZzV6?= =?iso-2022-jp?B?c0xtMEpPVExodUQwRzRnMXZVNU1lUEN6Zzh0Z0ZxTHhvYi9MK3NTWnk5?= =?iso-2022-jp?B?T3VtYlovc1VxUE45RjlEYVRpVjA4cTV1WGwyN0N1UTJsNGwzMlc2elNS?= =?iso-2022-jp?B?QWNxd2psRlFIemtyMmhxRXJKVG9Jdm1uNWFJUStPeWs4UWZRQS9WcjI2?= =?iso-2022-jp?B?SThzM1BGTlU1KzJGbnBIMzlrSEN0WHkyNEZtK0YwVUVvR0xtZlRhQWV0?= =?iso-2022-jp?B?QXlmUzNpVVlMRG9FZzdvTWFUdDBTRjFscHJDeEp0SW1TZ1p3VDRGUkg4?= =?iso-2022-jp?B?L0oyb0RrV0Y2YU5OaDVWVjB1SjVuVjlKdG1KcWdXYms1U3VhZW45Qzlx?= =?iso-2022-jp?B?OVJESXVJUDdSU1UyNVZxVHg3SE45WDRmQ1c2Y25sZ25YUDlVN3pzaGt4?= =?iso-2022-jp?B?TkNKRFNKVS80L0hneW1YNm9NdGs2YVh4YXNoWW9YQTRkT3E3OWdMVGla?= =?iso-2022-jp?B?TlJ0N2J0a25CSjFpZU8vTXpXdE5DbVF5SmV3UiswZDFwMFRFSlNoS2Jm?= =?iso-2022-jp?B?MWtVa1RRRHJiUFBzVUM4aURBWjdldlhlL0cycGp1a29ITmlMNlhLZmRx?= =?iso-2022-jp?B?WWNyeUV6VnlBMXFHYlFXYzRXbzgxZytZVDdoSHFRbWFqcVM4Tk5LYTY0?= =?iso-2022-jp?B?c2JFRE1BVk5paWg3aVB5Y1lqL2ROenViWk9XQ1pjVVJxaG1VMXVTVlpD?= =?iso-2022-jp?B?dWhQWTJoRngyb2dRd1k1T3ZmZzErNm8yVXd1MHUzc3o3UWZMM0MvdUFj?= =?iso-2022-jp?B?MW5hSHg3a0lObmIrSmJ6ZHl1ZGpLM1BNZ0VLak04cU5RM2JqZ3pXVkM1?= =?iso-2022-jp?B?Z05zVGRheHUxekJnOG5PL29iZWhEYnp3US8vUnlXQnkyU0Yyb3N6MjBN?= =?iso-2022-jp?B?OHpTZWNpUUswZzc0Q0o5UENzOCt0Rkc5eXNHNXJFUWpONFI1MFBCVjZQ?= =?iso-2022-jp?B?a1phL3Ztb0liNWEyRzdPYTZVZ0NkNE9UL0lLRThycFgwZ0xQbmZlaU5k?= =?iso-2022-jp?B?RHZtdWplL3pUUGRjN3NZSERVS3Nkblkzbmp4RkoxUVNIWGlvQWJCaTFR?= =?iso-2022-jp?B?UEcvNmZGbEplNEUxdW41MzdiU1VxU1hiaklzK3p2WGF0SU5kTjNJZWJq?= =?iso-2022-jp?B?TjVDK2xNRmxYdnRRWDc2RUovME0ydUsrL3NlaWVKWnBsSndHbE9rdXM2?= =?iso-2022-jp?B?MFVCQnVkc1dXSEN6S29RakJIL3hIcGlSQnc1eUZITm5XV0djcVdXc1Mz?= =?iso-2022-jp?B?Ky90dXYvUUk3RXFTeUVUY2dJbTBjRlJrWkV2UzlLWlB1MnhUZ09YRDBq?= =?iso-2022-jp?B?YllKeXFLYVVNS0twOXJvVHp3MUVtd3lieFNDa1B6ekczcjZqTHBUSFZr?= =?iso-2022-jp?B?WXRGTEFVb2Q5UVdvaXdsOE4wMjlaQm1lc0NSWVFkL20zdzJkd1l6Nm5U?= =?iso-2022-jp?B?dHdlU2pvN2haOVQxV1YyemlBUDJCZ1dCTVd2ZmoxQk9MSFVZS0VvL2Qx?= =?iso-2022-jp?B?VkdBem1ZZWl1L1FmOU53RGNTZ0lQeTd1alFBbkNxeG96Nk5SNllYdmd3?= =?iso-2022-jp?B?TnNDb2FGU0QreHJkL3NhZWNDaWxMWCsyOHpSSE1EbmlRbzZ6ZHhmSUhN?= =?iso-2022-jp?B?RFgrOU5kSUVINkZHSm0vY2lrWHdRbzNUSU1QdThpbk1INGE3blhWaHZo?= =?iso-2022-jp?B?eTh1MkhFNXgwYndKN1NiRDF1SDNnMExpTm5sdHl4WENkbFdFaUlJcGh5?= =?iso-2022-jp?B?eWViN256L0p0YkNOTnJWbjcwdXYxUUZLZS9nS3BXUFY3ZjhTTnM1SVls?= =?iso-2022-jp?B?QW9XN0FaZzI3SDcxeHZVSHlhaWo1clp2Vzh6RnVpcWMyQ0IzZjhBaitq?= =?iso-2022-jp?B?ZG9LYWtMeVYxV0xSeEk3OXByZVRBSTFxUEZibDVSdldnd01GRDRLQnkv?= =?iso-2022-jp?B?MEYxZmw3eG5HWSthZU9pVVFNVXdRb3ZLR2lBMzY5bHZYU3pmYWlhN1RU?= =?iso-2022-jp?B?aHZJdmRab2NGY1M2M0NSRDFGcWdhRzI4UVVBUkM3OGRtSlh0eFNpZkFQ?= =?iso-2022-jp?B?cE1xMG5wL0orZlpjMEIyejJEcmV3bktWZlJKVE9oOUFwVnp0RmZwSGtQ?= =?iso-2022-jp?B?V2hrU0ZPUVlUN2xyZUZ3YnN5RVRvQTEvM0ozM1VHNWM0bmRycnNObTlC?= =?iso-2022-jp?B?RlVFWGFqNlRkMk5qL29VUHIxU0RhUkt0bGFMVEtESThIeEtNbGorMzFs?= =?iso-2022-jp?B?eVkzZQ==?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4490.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 55b50b0a-4c17-4f7d-7ca6-08dbae7c5df7 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Sep 2023 01:55:37.7970 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zzoXuT/WgsMWXLgGsFQkPSBwWfTZ+di9cB+Djh8DMok8tjfTRd9trbo9VK21v/yr11YBiVZllYF05h410OeG/Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4597 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zeyi.chen@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: AFPEkO1s3KXtcCqtDCiTk0BPx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=iWqz9HJm; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Wei, We finished some related secureboot tests with the IFWI you provided. Tests= are PASS. Test point: Enabled secure boot successfully without issue. Can support RSA3072 and RSA4096. Still support original keys/files.=20 Best Regards, Zeyi -----Original Message----- From: Sheng, W =20 Sent: Wednesday, August 30, 2023 4:02 PM To: devel@edk2.groups.io; Yao, Jiewen Cc: Wang, Jian J ; Xu, Min M ; C= hen, Zeyi ; Wang, Fiona ; Lu, Xi= aoyu1 ; Jiang, Guomin ; Kinne= y, Michael D ; Yu, Ling Subject: RE: [edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072 Hi Jiewen, Do you have any comments on the patch V7? The 2 patches are for CryptoPkg and SecurityPky. Could you help to review/merge the patches? Thank you. BR Sheng Wei > -----Original Message----- > From: Sheng, W > Sent: Tuesday, August 22, 2023 1:59 PM > To: devel@edk2.groups.io; Yao, Jiewen > Cc: Wang, Jian J ; Xu, Min M=20 > ; Chen, Zeyi ; Wang, Fiona=20 > ; Lu, > Xiaoyu1 ; Jiang, Guomin=20 > ; Kinney, Michael D=20 > ; Sheng, W > Subject: RE: [edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072 >=20 > Hi Jiewen, > I update the patch V6 to V7, drop raw RSA3K and RSA4K. The change is=20 > in SecurityPkg. > And I did all the tests which are listed in the cover letter. I got=20 > the expected results. > Could you help to review/merge this V7 patch for secure boot feature ? > Thank you. > BR > Sheng Wei >=20 > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Sheng=20 > > Wei > > Sent: 2023=1B$BG/=1B(B8=1B$B7n=1B(B10=1B$BF|=1B(B 10:24 > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J=20 > > ; Xu, Min M ; Chen, Zeyi=20 > > ; Wang, Fiona ; Lu,=20 > > Xiaoyu1 ; Jiang, Guomin=20 > > ; Kinney, Michael D=20 > > > > Subject: [edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072 > > > > Patch V7: > > Drop raw RSA3072 and RSA4096. Only use gEfiCertX509Guid for RSA3072=20 > > and > > RSA4096 Do the positive tests and the negative tests below. And got=20 > > all the expected results. > > > > Patch V6: > > Remove the changes in MdePkg. > > The changes of patch v6 are in CryptoPkg and SecurityPkg. > > Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK. > > This signature type is used to check the supported signature and=20 > > show the strings. > > > > Patch V5: > > Using define KEY_TYPE_RSASSA to replace the magic number. > > > > Patch V4: > > Determine the RSA algorithm by a supported algorithm list. > > > > Patch V3: > > Select SHA algorithm automaticly for a unsigned efi image. > > > > Patch V2: > > Determine the SHA algorithm by a supported algorithm list. > > Create SHA context for each algorithm. > > > > Test Case: > > 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image=20 > > under UEFI shell. > > 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image=20 > > under UEFI shell. > > 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image=20 > > under UEFI shell. > > 4. Enroll an unsigned efi image, execute the unsigned efi image=20 > > under UEFI shell > > > > Test Result: > > Pass > > > > Negative Test Case: > > 1) Enroll a RSA2048 Cert, execute an unsigned efi image. > > 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. > > 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. > > 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096=20 > > signed efi image. > > > > Test Result: > > Get "Access Denied" when try to execute the efi image. > > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Min Xu > > Cc: Zeyi Chen > > Cc: Fiona Wang > > Cc: Xiaoyu Lu > > Cc: Guomin Jiang > > Cc: Michael D Kinney > > > > Sheng Wei (2): > > CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to > > ImageTimestampVerify > > SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- > > .../Library/AuthVariableLib/AuthService.c | 218 +++++++++++++++--- > > .../AuthVariableLib/AuthServiceInternal.h | 4 +- > > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- > > .../DxeImageVerificationLib.c | 73 +++--- > > .../SecureBootConfigDxe.inf | 8 + > > .../SecureBootConfigImpl.c | 50 +++- > > .../SecureBootConfigImpl.h | 7 + > > .../SecureBootConfigStrings.uni | 2 + > > 9 files changed, 324 insertions(+), 83 deletions(-) > > > > -- > > 2.26.2.windows.1 > > > > > > > >=20 > > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108331): https://edk2.groups.io/g/devel/message/108331 Mute This Topic: https://groups.io/mt/100656918/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-