From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id AF5F0AC0C42 for ; Thu, 7 Sep 2023 06:21:58 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=mL+816C3iWEeugvi2o3kS5gBEHaDUCuAfGU5AFE9dXA=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1694067717; v=1; b=r7bYQn0toi3J0u5H6/fvof2uJAzk7GmUwp7dR8z05rDEHahHMoSxcjWHVFZXEyNtKwFkncNI OiGhD+FboZgROXPjuawv9eB+JI3nTimz+ET80AulEnwpUfPSn/i3Sgw1HXXMZQjUCWTFDJdGI0U nz4x/QqTdIu/YzmdEBE3qELU= X-Received: by 127.0.0.2 with SMTP id mt8LYY7687511xcd5aNylzyI; Wed, 06 Sep 2023 23:21:57 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web10.7275.1694067715782658326 for ; Wed, 06 Sep 2023 23:21:56 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10825"; a="376176385" X-IronPort-AV: E=Sophos;i="6.02,234,1688454000"; d="scan'208";a="376176385" X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Sep 2023 23:21:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10825"; a="812012776" X-IronPort-AV: E=Sophos;i="6.02,234,1688454000"; d="scan'208";a="812012776" X-Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga004.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 06 Sep 2023 23:21:52 -0700 X-Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Wed, 6 Sep 2023 23:21:52 -0700 X-Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Wed, 6 Sep 2023 23:21:51 -0700 X-Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32 via Frontend Transport; Wed, 6 Sep 2023 23:21:51 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.107) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.27; Wed, 6 Sep 2023 23:21:51 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TX/a/S27rzoGSGXoHQ5sZy+FMOPoiVU7r1XIHPTcFFmDvz088uJ8LllPrGQkfSfGWycAqVw41iVj0mcSCe3EiD3rlAwDQkwB6yFq4KHb+uBrseD57VM9agXuddvpDHSciT8kBYxqmRSxPxBMaiURYVHiVvzqOjochTNwP2UxR/TL4PbcrCfN6rxjSYhPh6Ku7TDsfqsHDUrrusLtBZ4Lr1E1ZEGSYLhG471O7ZvdpOS++q139QMIdFbT/7a7zEYE3/CXw4GN5RubE6aZkWGvnxeHDSrb0mNylbQ4Y9H0LUTXNhgJZbadxs0LuZNY3bAWJ/Ip/mYdQiPehO9z4vo6Og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RZHOkEm2DnQSNVHob10R61KQx6R4Nhnj7GPo/arJIfA=; b=Av4cOY3/a4n/fVqzTqffDKhGhtJBs7EWDappz3rGtAWE4IgUKv7x/cTrLCqnkR2zanBxF/gQWy95G1Q0DXCULXKpHkaJSBs97XmIbK3BTgCKRajy4YQJahwXHrCS5H2VyN/732TzSGa4+EYDRBoQH4K4YWtbI10OkFOV/97dsSbPHklUSGHqBRgIHem3VMlnopZalbGhELoxHTZePty+FVafT/7cTMmdTmDPqz4BQzsC3txh/mgZpbPlMkik0RRdECWL3hy4w9VRpuupAJSL/1Oo+vUtuNSmPiglNZD1UHa3G3BoJTCMmLMV3rTvC8cHaRCb3WXCjfELspaeMO7QCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by SJ1PR11MB6250.namprd11.prod.outlook.com (2603:10b6:a03:459::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.33; Thu, 7 Sep 2023 06:21:49 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::fdf8:dc0e:db69:f35b]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::fdf8:dc0e:db69:f35b%4]) with mapi id 15.20.6745.034; Thu, 7 Sep 2023 06:21:49 +0000 From: "Yao, Jiewen" To: "Sheng, W" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Xu, Min M" , "Chen, Zeyi" , "Wang, Fiona" , "Lu, Xiaoyu1" , "Jiang, Guomin" , "Kinney, Michael D" Subject: Re: [edk2-devel] [PATCH V9 0/2] Support RSA4096 and RSA3072 Thread-Topic: [PATCH V9 0/2] Support RSA4096 and RSA3072 Thread-Index: AQHZ4S6t+HPvOsJpfkunLJJY84j4KLAO5LiQ Date: Thu, 7 Sep 2023 06:21:49 +0000 Message-ID: References: <20230907015720.2120-1-w.sheng@intel.com> In-Reply-To: <20230907015720.2120-1-w.sheng@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SJ1PR11MB6250:EE_ x-ms-office365-filtering-correlation-id: 6e44add6-30e2-4538-824c-08dbaf6ab863 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: oTNlLWv3uFuG3TkAP2fzDgLBzfn2v3TxX2XgHmRmMQMbllMXtwPlY20A51kBir1qijmXbxoWj6Sm2a/FwhMXt+wCNLsuntYU6Ca02zFr3L176D9hQ+Kd+wdqKjOs8qw2TX5dOBiHV3OYry2asSzjkLJ4whOZficuXGfNGQh7X15Lx9+0p32yvRd/iGmAEQ7W2MJ3fXBlsFKiLukdpVCgP5CJoaQt2ZAvkw842Bxhwc3RTSNLKfrDrsfZ5S1AHt+ua+3S4x6kTbWCuGZFjs8oKgX8m++c2DELop5GPGbeTPeVzu8MmJCi7f3tyaIjQdklCYNjshXbeD8l2NUdFqLs/OVqMhsIM+WzMFX0K7/VtC/bcFFlgdpiRMEp/2BKmAyyYp4j+v1WEbrr1qc9P3EEZxMp3TRI//dckux86jcEnx2GGcbSGPs5V2sj6jW8IDPxAaSvqkQjhNtA//zgYXg+kCq1kJ0qifTGPtlxnd5aZqHxqGyU0qBODNHJ1MIYMyMwVdm6GvDNGGFE/8B+NViKezap0TZ/fHymN6cqqgatbacsLbsCzbtCxU6IfjoqeYXoKlb2lKMhzYmjvntMFhSZHfuW59KY6dsAoNUJFH1RbYo= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?eX2azcRor5v9+0/V49s1MkmJU/nDctJbmPo+ho3rtrzPMLvExuT1HLWPC6oE?= =?us-ascii?Q?rTAvry0P2xqaOxMqpHvfOkf+LLOZtsmemZHms1PE0I632nR31Kl3vpUsgjuZ?= =?us-ascii?Q?xjL+QlwzphwRqjzO2lWL5WTUixZywObk91LQBqf+iqhLPwUtLE2slnRfu9AO?= =?us-ascii?Q?KD/c+WVHn15VshhSHjnXeIYwiMTAY0gaytodwrYq8d7vPf9GTo/v+7hpVuJD?= =?us-ascii?Q?sCvZJehaO5b8++1rDDzEDKLpRm8UnP0HoSENUfuHYnTevedMLyoUqu3aay+f?= =?us-ascii?Q?FimXqPE1AAapTPM5DsLEHdHn7xRhGuCbGH0n837YJfCTrCWMgbFzB6TSPmMk?= =?us-ascii?Q?p7EroVLxJdWWBAewRXre0xcSK/POvUOuSEEJQNXDRbDa8Ck41QO3p+LD7wEx?= =?us-ascii?Q?iNQXJRIyULHzL+OhbystN2VMQapJRL9Jrl3qFjFu+G2DDNrXGfJrfzt+IWhv?= =?us-ascii?Q?3Ee/DwE3fhh3A/J3N5XAQcI/ZO+MlCcPSxCnoX2H2kqQ52A0nh8v0rZ4kqnk?= =?us-ascii?Q?p1oRNBnVXb9bSnuZyXmN7z8g3xRxhsUiTvTF9hEE4lp+JY9+nf8QCKPqsnZJ?= =?us-ascii?Q?zX7U5sIWqoyQptryWVZRTTGSyJ8o6x+/YsPvd1ahSHrOTKzJ8JwiWX5pkAXG?= =?us-ascii?Q?A601lVfdJLtXseL2cCr44Xd6LtgmD7iYZnVcc2YYsULBSC6WL1vDCp4CqjdD?= =?us-ascii?Q?/0koRxGCzLtF24Z9qXy86tLpXUtqip75bk4IrH+jcSQzskcvsibsC7S040JO?= =?us-ascii?Q?NTUCEss+c+jOrp1rBDMzib1GthHSs9ck6gvqrj6yo4YeHN22JFjfKHS2yP3K?= =?us-ascii?Q?IibHBoKQBiNfNCUOTqWck/Xbx9DTeBADM4SbRY7fDE2XaXgq6USEX/UrXvLl?= =?us-ascii?Q?3fSo5BeKF7xiTXha29oFfuB0i/r1PSW/4e97DMnpIFjeRfkds8bxSR77Ui7z?= =?us-ascii?Q?FVHUwf/+IPO3y6XTt9e124mAidU1nsExwzymMNBcCYj42b7i14XibA2M6Oud?= =?us-ascii?Q?10dEWTDb189wJfNjMoZQk4YEdHFoRgms8ArKFLyRi7MJiSWhrpTeQGStmqAu?= =?us-ascii?Q?vR5Jii4XPUVcqDhoslage/Wg6hySbG7sUpP94SJL/7DBqsHJlkXk8es2egwt?= =?us-ascii?Q?E2wz1oRWwnTz3//rsFjyV6wBLIkf6Cu3Kvj05wUIb5rDOp49tpzMbY+PwqYZ?= =?us-ascii?Q?YrdwFdcAuIHHlPPdOeJeYZWjsP7Et7ughgmUAvncorsWF3TRuLQG7VOVvS/V?= =?us-ascii?Q?NleEnzcBwxQDRSSINOr6GYCk8zgxEyxvBjg+fYqywkQSnE19tV6ilFi9OEZ4?= =?us-ascii?Q?d8AuqI+uELo/PnULPjzIhxRoDhhnsk+P5UT5WYoSo3HbmSybE1MyQGQQD5Ck?= =?us-ascii?Q?I1iXzt1FFy2incuBMwOxyI+I1I6/b/R0ml64nXVywdZtferpe9yZqLrTP/vw?= =?us-ascii?Q?OTyTULDiZVvFs/o1tWmBe8FVATAtahtlZH87c9qyJsdpciWhmLofdQ7coS0/?= =?us-ascii?Q?UZfgu3NPMjFeEiJQsEudlDtAsfp4bRM76Ullqi0nhhckKfOpPLF5Cm5HEPqo?= =?us-ascii?Q?vdxHt/Tfjx373peHHcHdRSvmJxxNe9teBN/UiXyf?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6e44add6-30e2-4538-824c-08dbaf6ab863 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Sep 2023 06:21:49.7867 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: fDXcFpt2ZkqqDWKU7CiXNhpD7N9NfIA2pz/+wrG8DCLraJD/epVSQWXkxUJLBkw3m+g4NmZgf07byQSRS9mlFw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR11MB6250 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Y5cbK9poUXKwcvWTciIFqqLwx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=r7bYQn0t; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Jiewen Yao Merged https://github.com/tianocore/edk2/pull/4798 > -----Original Message----- > From: Sheng, W > Sent: Thursday, September 7, 2023 9:57 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Xu, Min M ; Chen, Zeyi ; Wang, > Fiona ; Lu, Xiaoyu1 ; Jiang, > Guomin ; Kinney, Michael D > > Subject: [PATCH V9 0/2] Support RSA4096 and RSA3072 >=20 > Patch V9: > Refine coding format for file AuthService.c >=20 > Patch V8: > Update the patch comments for CryptoPkg. > Comment should be <76 characters in each line. > Refine coding format. >=20 > Patch V7: > Drop raw RSA3072 and RSA4096. Only use gEfiCertX509Guid for RSA3072 and > RSA4096 > Do the positive tests and the negative tests below. And got all the expec= ted > results. >=20 > Patch V6: > Remove the changes in MdePkg. > The changes of patch v6 are in CryptoPkg and SecurityPkg. > Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK. > This signature type is used to check the supported signature and show the= strings. >=20 > Patch V5: > Using define KEY_TYPE_RSASSA to replace the magic number. >=20 > Patch V4: > Determine the RSA algorithm by a supported algorithm list. >=20 > Patch V3: > Select SHA algorithm automaticly for a unsigned efi image. >=20 > Patch V2: > Determine the SHA algorithm by a supported algorithm list. > Create SHA context for each algorithm. >=20 > Test Case: > 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under U= EFI > shell. > 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under U= EFI > shell. > 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under U= EFI > shell. > 4. Enroll an unsigned efi image, execute the unsigned efi image under UEF= I shell >=20 > Test Result: > Pass >=20 > Negative Test Case: > 1) Enroll a RSA2048 Cert, execute an unsigned efi image. > 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. > 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. > 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 signed e= fi > image. >=20 > Test Result: > Get "Access Denied" when try to execute the efi image. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Zeyi Chen > Cc: Fiona Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Cc: Michael D Kinney >=20 > Sheng Wei (2): > CryptoPkg/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify > SecurityPkg/SecureBoot: Support RSA4096 and RSA3072 >=20 > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- > .../Library/AuthVariableLib/AuthService.c | 225 +++++++++++++++--- > .../AuthVariableLib/AuthServiceInternal.h | 4 +- > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- > .../DxeImageVerificationLib.c | 74 +++--- > .../SecureBootConfigDxe.inf | 8 + > .../SecureBootConfigImpl.c | 52 +++- > .../SecureBootConfigImpl.h | 7 + > .../SecureBootConfigStrings.uni | 2 + > 9 files changed, 331 insertions(+), 86 deletions(-) >=20 > -- > 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108360): https://edk2.groups.io/g/devel/message/108360 Mute This Topic: https://groups.io/mt/101207366/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-