From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 85836D80A20 for ; Thu, 27 Jul 2023 09:44:59 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=I09d4siTeibBsflip2/dgjvJpqA/WkK9c4ZGgHyEFcw=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-IronPort-AV:X-IronPort-AV:X-Received:X-ExtLoop1:X-IronPort-AV:X-IronPort-AV:X-Received:X-Received:X-Received:X-Received:X-Received:ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:X-Received:X-Received:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator:x-ms-publictraffictype:x-ms-traffictypediagnostic:x-ms-office365-filtering-correlation-id:x-ld-processed:x-ms-exchange-senderadcheck:x-ms-exchange-antispam-relay:x-microsoft-antispam-message-info:x-ms-exchange-antispam-messagedata-chunkcount:x-ms-exchange-antispam-messagedata-0:MIME-Version:X-MS-Exchange-CrossTenant-AuthAs:X-MS-Exchange-CrossTenant-AuthSource:X-MS-Exchange-CrossTenant-Network-Message-Id:X-MS-Exchange-CrossTenant-originalarrivaltime:X-MS-Exchange-CrossTenant-fromentityheader:X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype:X-MS-Exchange-CrossTenant-userprincipalname:X-MS-Exchange-Tr ansport-CrossTenantHeadersStamped:X-OriginatorOrg:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:X-Gm-Message-State:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1690451098; v=1; b=xSFEqyqvkbK28qZRAab0GtMpeqxcVAk5Kzves4qNcCBjeFftUgX4Ib98ShWeTgVFbfRmDOE1 oUmmuDXc/U6ugGEkcIjNjUMhzVE96viRRSHwKmjWfbHXmgud/3gMHxcsaHeh+nCFEPEDqYMDIh5 HjPhlzsoNDMpMvR/clyIv7VY= X-Received: by 127.0.0.2 with SMTP id 7KzzYY7687511xofDAWVHZMy; Thu, 27 Jul 2023 02:44:58 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web11.3742.1690451097597472461 for ; Thu, 27 Jul 2023 02:44:57 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10783"; a="365724308" X-IronPort-AV: E=Sophos;i="6.01,234,1684825200"; d="scan'208";a="365724308" X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jul 2023 02:44:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10783"; a="730203165" X-IronPort-AV: E=Sophos;i="6.01,234,1684825200"; d="scan'208";a="730203165" X-Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga007.fm.intel.com with ESMTP; 27 Jul 2023 02:44:43 -0700 X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 27 Jul 2023 02:44:43 -0700 X-Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 27 Jul 2023 02:44:43 -0700 X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27 via Frontend Transport; Thu, 27 Jul 2023 02:44:43 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.106) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.27; Thu, 27 Jul 2023 02:44:42 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ibiOOETFC/qO6oQWT3ubmv5nSKG+LsJs+RyVU5QtvLfPg5LLDKLepyuqXt51SZhJFXWpDOhEfI3WRHpjHOdZtH6pB1fLE+z2zBte+yzVm01N1DndgiH1izrMeAUe/cfQwbuDwjr8MI2+cBfdn4L6QWcayojh+nuY4ss347Cdv9yZVF/dwCQYyWFefxge6zwnWYIlFEUlmvNeiAufv7kWerN9X71P1XRfjgOVRC7D/yCrcD8IifHy1RqCgypBMJT9LB0xp49N3PwRj0lw3i2QAJtuEtDNaC63Zs/ykan6chX8/teuaARnITjgbwVMmSld3asAMSJFpwfZnf2HKy64gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZcDUTCSmOL3tSeC4YXwdrhYfjr/Nbnogi1EwcaXnppM=; b=IeahL3O0jxMAxtfntyEs4EKNeuqVSDGqHoO7WaZp0RC9uhwfF8XV0R2NesoJgae74nrbH6qMerNZVMoW7Z5v7l0bVrF8AQeGQOqnKDdnN5ZiRdBpQoJqTUbYkBhMDaIAa2ygznz8symIoRffkwG+pxD/wjFfsyKYnthx3mTbaS2XW1ySjRiyF27+vDyVjrOULAghpWK1DNOIgWPDqCLDuvzGalrG91wZTpUGjxcFxuQsmY10JmTGP+SRpOfcA8akkUeazeAmhvIHAGAzS5rGkDv8h5bfCvp1PoXEqrW4haMkxRSHbLZd5/U7Utfr+niXpWC5ZO8NDvA/msfZwAVwCA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by CH3PR11MB8237.namprd11.prod.outlook.com (2603:10b6:610:154::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6631.29; Thu, 27 Jul 2023 09:44:40 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::8557:2ebb:bf92:1be8]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::8557:2ebb:bf92:1be8%6]) with mapi id 15.20.6609.032; Thu, 27 Jul 2023 09:44:40 +0000 From: "Yao, Jiewen" To: "Sheng, W" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Xu, Min M" , "Chen, Zeyi" , "Wang, Fiona" , "Lu, Xiaoyu1" , "Jiang, Guomin" , "Kinney, Michael D" , "Gao, Liming" Subject: Re: [edk2-devel] [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 Thread-Topic: [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 Thread-Index: AQHZwFSJpUbB8wjmaEaCDVQqCaa166/NXP5w Date: Thu, 27 Jul 2023 09:44:40 +0000 Message-ID: References: <20230727063513.437-1-w.sheng@intel.com> In-Reply-To: <20230727063513.437-1-w.sheng@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|CH3PR11MB8237:EE_ x-ms-office365-filtering-correlation-id: be4b2dc2-3b17-485e-3eb6-08db8e861972 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: wzzR4rP2RBwO75R3pUtch0OI8Df22Jn3Tc0U7S93DK5Nh+PDuJTckO0ntk8likGvmtCg91K/kzrxZnIAKrXVB5dNT4YDsyotP+YLUaFfa6nTzUjGNebKsh0C2xRewkrQT3V+KQSJchlHnL2xY8k3VqIaqv/iB5uonZIhqWuOaZd/kbQGdWqr6Bz9bjDTmNVSNScGyp3MrasUv8+D+uN4le4zsJCt9zHeTQNf6jWGven5XOqz+6UAD0Dvs0oPw+MK7DYd5K/yHW+4TBgCvl3kBFkuaTHbaAERdvfKhi8x0rGXc2gCL17rju63kNgJmUoOYNy5OYXyI25GMjKE2A4L3qTYgqQedAyjZFk6UmCsG9+3CzEG2ezvZpLORNbhNF5i7TiDDswhhq6Hd/qbdKf93L0z9aRTciv3Z3I4fULLXMnKDNWyVwC29QTW4yg+Z8x0Gj2Hd3ChjACgS40BSLI4tOffxOYg9umd6lnGknoeLzfafPcHBL/I82kabZDI3Hol6Qc8HPr8h7UUJDh5HzE6dsPGvthUilh5a2Bg5wg7jKqilBXPMtwx42K18U7Ku3UCLMystBmKEeTtf14j/2Lzhz2zL41l+cZbRQp0XoMauEj5phbY/1Zg7W8uigSfNHd5 x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Ps15OHYpSEXdMvp2AKHykMk6Jiu5XxRmJAwKroSrjhsQD/cfTBWiyOF+jjxN?= =?us-ascii?Q?Y12QMrcDbzEjgoaYeRpCcfdlgcERE8XAtWZzwZ3E5DB2/MOg5qlt99OcGdj4?= =?us-ascii?Q?JtWZYtHlWe+ZARZdkJ3TdR/HjssiDGWbpPqegOsKfP6Ehc/of9mkJ79L2wYv?= =?us-ascii?Q?zMTV5HHdEq+B5B5QpEdA8P0E3dIadluoDfulbqHZ54C8M3meD+1oZKnFdGGs?= =?us-ascii?Q?G5tRu+hNkEjYNXICizHXLoYGVu/tMmslL69aUBPHd2VLkSlu3W31gU5y0Fv/?= =?us-ascii?Q?Y6HTjTawFGTmkiq+40azHjIJFCbnCYdOBEXmkOmn+mU9DRD4+oA43yihxJVA?= =?us-ascii?Q?Icm9Y+qygX6i7KrQOMD1g/b67FpjAx+7TnOAvoLv0DJn+Ri8tZsNBar+nbzR?= =?us-ascii?Q?CpPNXLlBZ8z7JtAdxJEVYIxRvh9WHadOfXAqlDowQ+CwesjSLNzJAUeT0kSl?= =?us-ascii?Q?+gqH5davbORRu/AkHcx8Vs57/af89ObT13JiSmcJbQXB1WkaJ8vMBtiS3o5f?= =?us-ascii?Q?nf/pzZHj7iy3eRiZ14Dmhm1mrChHZImN2rQE2Zuw+LxpsAm8blgJg1/8zbH3?= =?us-ascii?Q?EwCBRAS55sWQy8zJ+UcetGLmivC55/YLidFYiGDAuQE5NNP4/RdKE1xpzNEo?= =?us-ascii?Q?i99nQuoZjqjwh8Ex+YVtYcrFCtlvir11x7vQwiPNobhU+b98NQufU/kS3/Aj?= =?us-ascii?Q?sVYwzpOzAuVcXiM5vLU4USGIfhNkMXn86WRnCgFXJAKIDrbAfP1ch8aLUwbf?= =?us-ascii?Q?NNAQ860nzW/bE65ghicHzNEbNtPP8VoHgF8ZmVNIDoMOZLgrMKgpJWx7RFvp?= =?us-ascii?Q?UpvJM/FqzOuygMK1xw6aPmz7GaEuf5Iq1Jgwy0Wz8w3vVxtWEIkBV9o+Vndv?= =?us-ascii?Q?RRCo1r5QO0R+w6OLLbHOb2YrO+5gvj25ziwz/q0Ss9eYNMbw7FwSJ2Hdd40D?= =?us-ascii?Q?pWX5LfAKi8apC2LzXSj4VRlDXtYp7smJDdznCsBlvmoqxn5YrKH6Taj/5DB+?= =?us-ascii?Q?dtoYq6MUjlnX7KTzx37XZtHrcSeXkTK1PnHK/VAMnVPz0ORzAuHCOgwDU9zz?= =?us-ascii?Q?IGXXO0RwA6qAexMHIssQA4hxa3XbB1YK8C9IE63OeywuO+Lp8GiUiAFIMHY4?= =?us-ascii?Q?RMbfWBGh6XXb4DfjZmtBbXERyr8VG1/LozuwnpEdd0nlwpnrKBzXwkGYkKAx?= =?us-ascii?Q?YFaiyRo9Bt7CB5eaNEca9SkqTcQOWdnTVQ1rk6/jyEdiwvdCkEj2JA74NRlU?= =?us-ascii?Q?qNzj6oV9tcQkSoqN2mVpiJWmncfy+gQg7Qy3vrUEy+bfyZpmY8/VaQFwDiH6?= =?us-ascii?Q?Dvrr23QQu9OPeIq01Rw3uY9xT2gTLAvgHqfQBX4AlsVdqVlJHascQ56CeLKR?= =?us-ascii?Q?pUN3TwxOQZgwOBrMk0wR8EUV2/roJc9Ig2OI6xSEw0dAggNnxb7jjSw+ePmV?= =?us-ascii?Q?+m8sI4cZkEQgyFcwWVXQWi9vK828bn1UrwHAPMBMMsE817GXuQe+h3M6GCnq?= =?us-ascii?Q?hS1C1E3ZepAKb1ukw89Qrv0XC18MvYOdJBlPfrb7ma0bli5a+evlelNTZZvX?= =?us-ascii?Q?6zypql9rP3yNc/ElinccSUGrvRINAG06a9rV9oWK?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: be4b2dc2-3b17-485e-3eb6-08db8e861972 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2023 09:44:40.6463 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: T65qjcx3gDbYChqOa4UK6JgbJdF/YOhE8w9p9PrxnYwCCT1mK26FvgHPVGiljfWeTTyOlc3Qusn0PVt9aumpxQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8237 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 8arTePX2oLgr3HTspWmsN9h9x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=xSFEqyqv; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Thanks. May I know what *negative* test you have done? > -----Original Message----- > From: Sheng, W > Sent: Thursday, July 27, 2023 2:35 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Xu, Min M ; Chen, Zeyi ; Wang, > Fiona ; Lu, Xiaoyu1 ; Jiang, > Guomin ; Kinney, Michael D > ; Gao, Liming > Subject: [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 >=20 > Patch V5: > Using define KEY_TYPE_RSASSA to replace the magic number. >=20 > Patch V4: > Determine the RSA algorithm by a supported algorithm list. >=20 > Patch V3: > Select SHA algorithm automaticly for a unsigned efi image. >=20 > Patch V2: > Determine the SHA algorithm by a supported algorithm list. > Create SHA context for each algorithm. >=20 > Test Case: > 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under U= EFI > shell. > 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under U= EFI > shell. > 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under U= EFI > shell. > 4. Enroll an unsigned efi image, execute the unsigned efi image under UEF= I shell >=20 > Test Result: > Pass >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Zeyi Chen > Cc: Fiona Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Cc: Michael D Kinney > Cc: Liming Gao >=20 > Sheng Wei (3): > MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096 > CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to > ImageTimestampVerify > SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 >=20 > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- > MdePkg/Include/Guid/ImageAuthentication.h | 26 +++ > MdePkg/MdePkg.dec | 2 + > .../Library/AuthVariableLib/AuthService.c | 220 +++++++++++++++--- > .../AuthVariableLib/AuthServiceInternal.h | 4 +- > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- > .../DxeImageVerificationLib.c | 73 +++--- > .../SecureBootConfigDxe.inf | 16 ++ > .../SecureBootConfigImpl.c | 114 +++++++-- > .../SecureBootConfigImpl.h | 7 + > .../SecureBootConfigStrings.uni | 6 + > 11 files changed, 421 insertions(+), 92 deletions(-) >=20 > -- > 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107300): https://edk2.groups.io/g/devel/message/107300 Mute This Topic: https://groups.io/mt/100385941/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-