Re: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096

["Yao, Jiewen" <jiewen.yao@intel.com>]

Hey
We cannot add anything not defined in UEFI spec yet. Thanks Liming to catch that.

Can you remove CERT_RSA3072 and CERT_RSA4096?

I think we need to use EFI_CERT_TYPE_PKCS7_GUID + EFI_CERT_X509_GUID to support RSA3072 and RSA4096.
Have you validated that configuration?


> -----Original Message-----
> From: Sheng, W <w.sheng@intel.com>
> Sent: Thursday, August 3, 2023 3:29 PM
> To: Gao, Liming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Xu, Min M <min.m.xu@intel.com>; Chen, Zeyi <zeyi.chen@intel.com>; Wang,
> Fiona <fiona.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> Guomin <guomin.jiang@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: RE: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for
> CERT_RSA3072 and CERT_RSA4096
> 
> Hi Liming,
> Sorry for the late response.
> The two new GUID are not in the public UEFI spec yet.
> Do we have any process to add these 2 new GUIDs ?
> Thank you.
> BR
> Sheng Wei
> 
> 
> 
> > -----Original Message-----
> > From: gaoliming <gaoliming@byosoft.com.cn>
> > Sent: 2023年8月2日 17:12
> > To: Sheng, W <w.sheng@intel.com>; devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; Chen, Zeyi
> > <zeyi.chen@intel.com>; Wang, Fiona <fiona.wang@intel.com>; Lu, Xiaoyu1
> > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Kinney,
> > Michael D <michael.d.kinney@intel.com>
> > Subject: 回复: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for
> > CERT_RSA3072 and CERT_RSA4096
> >
> > Sheng Wei:
> >   I gave my comments for the patch 1/3 on this morning. Have you got my
> > response?
> >
> >   I just want to confirm whether these two new GUID are in the public UEFI
> > spec or not.
> >
> > Thanks
> > Liming
> > > -----邮件原件-----
> > > 发件人: Sheng, W <w.sheng@intel.com>
> > > 发送时间: 2023年8月2日 16:04
> > > 收件人: devel@edk2.groups.io; Gao, Liming <gaoliming@byosoft.com.cn>
> > > 抄送: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; Chen, Zeyi
> > > <zeyi.chen@intel.com>; Wang, Fiona <fiona.wang@intel.com>; Lu, Xiaoyu1
> > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > Kinney, Michael D <michael.d.kinney@intel.com>
> > > 主题: RE: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for
> > > CERT_RSA3072 and CERT_RSA4096
> > >
> > > Hi Gao, Liming,
> > > For this patch group, we have got review-by from Yao, Jiewen on patch
> > > 2/3(CryptoPkg) and patch 3/3(SecurityPkg).
> > > Do you any comments on the patch 1/3 (MdePkg) ?
> > > Patch 1/3 is only to add 2 new GUIDs.
> > > Could you help to merge it ?
> > >
> > > Thank you.
> > > BR
> > > Sheng Wei
> > >
> > > > -----Original Message-----
> > > > From: Sheng, W
> > > > Sent: 2023年7月31日 10:02
> > > > To: 'devel@edk2.groups.io' <devel@edk2.groups.io>; Gao, Liming
> > > > <gaoliming@byosoft.com.cn>
> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; Chen, Zeyi
> > > > <Zeyi.Chen@intel.com>; Wang, Fiona <fiona.wang@intel.com>; Lu,
> > > > Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin
> > > > <Guomin.Jiang@intel.com>; Kinney, Michael D
> > > > <michael.d.kinney@intel.com>
> > > > Subject: RE: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID
> > > > for
> > > > CERT_RSA3072 and CERT_RSA4096
> > > >
> > > > Hi Gao, Liming,
> > > > Could you help to review and merge this patch to MdePkg?
> > > > This patch is only to add 2 new GUIDs.
> > > > These 2 GUIDs will be used for adding RSA3072/RSA4096 cert support
> > > > for secure boot feature.
> > > > Thank you.
> > > > BR
> > > > Sheng Wei
> > > >
> > > > > > -----Original Message-----
> > > > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > > > Sheng
> > > > > > Wei
> > > > > > Sent: 2023年7月27日 14:35
> > > > > > To: devel@edk2.groups.io
> > > > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > > > <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; Chen,
> > > > > > Zeyi <zeyi.chen@intel.com>; Wang, Fiona <fiona.wang@intel.com>;
> > > > > > Lu,
> > > > > > Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin
> > > > > > <guomin.jiang@intel.com>; Kinney, Michael D
> > > > > > <michael.d.kinney@intel.com>; Gao, Liming
> > > <gaoliming@byosoft.com.cn>
> > > > > > Subject: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID
> > > > > > for
> > > > > > CERT_RSA3072 and CERT_RSA4096
> > > > > >
> > > > > > Add gEfiCertRsa3072Guid and gEfiCertRsa4096Guid
> > > > > >
> > > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > > > Cc: Min Xu <min.m.xu@intel.com>
> > > > > > Cc: Zeyi Chen <zeyi.chen@intel.com>
> > > > > > Cc: Fiona Wang <fiona.wang@intel.com>
> > > > > > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > > > > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > > > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > > > > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > > > > > Signed-off-by: Sheng Wei <w.sheng@intel.com>
> > > > > > ---
> > > > > >  MdePkg/Include/Guid/ImageAuthentication.h | 26
> > > > > > +++++++++++++++++++++++
> > > > > >  MdePkg/MdePkg.dec                         |  2 ++
> > > > > >  2 files changed, 28 insertions(+)
> > > > > >
> > > > > > diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
> > > > > > b/MdePkg/Include/Guid/ImageAuthentication.h
> > > > > > index fe83596571..c8ea2c14fb 100644
> > > > > > --- a/MdePkg/Include/Guid/ImageAuthentication.h
> > > > > > +++ b/MdePkg/Include/Guid/ImageAuthentication.h
> > > > > > @@ -144,6 +144,30 @@ typedef struct {
> > > > > >      0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e,
> > 0x85,
> > > 0xb3,
> > > > > > 0xb6} \   } +///+/// This identifies a signature containing an
> > RSA-3072
> > > key.
> > > > > The
> > > > > > key (only the modulus+/// since the public key exponent is known
> > > > > > to be
> > > > > > 0x10001) shall be stored in big-endian+/// order.+/// The
> > > > > > SignatureHeader size shall always be 0. The SignatureSize shall
> > > > > > always be 16 (size+/// of SignatureOwner component) + 384
> > > > bytes.+///+#define
> > > > > > EFI_CERT_RSA3072_GUID \+  { \+    0xedd320c2, 0xb057, 0x4b8e,
> > > {0xad,
> > > > > 0x46,
> > > > > > 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 } \+  }++///+/// This
> > > > > > identifies a signature containing an RSA-4096 key. The key (only
> > > > > > the
> > > > > > modulus+/// since the public key exponent is known to be
> > > > > > modulus+0x10001)
> > > > > > shall be stored in big-endian+/// order.+/// The SignatureHeader
> > > > > > size shall always be 0. The SignatureSize shall always be 16
> > > > > > (size+/// of SignatureOwner
> > > > > component) + 512
> > > > > > bytes.+///+#define EFI_CERT_RSA4096_GUID \+  { \+
> > > 0xb23e89a6,
> > > > 0x8c8b,
> > > > > > 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c } \+  }+
> > > > > > /// /// This identifies a signature containing a RSA-2048
> > > > > > signature of a
> > > > > > SHA-256 hash.  The /// SignatureHeader size shall always be 0.
> > > > > > The SignatureSize shall always be
> > > > > > 16 (size of@@ -330,6 +354,8 @@ typedef struct {  extern EFI_GUID
> > > > > > gEfiImageSecurityDatabaseGuid; extern EFI_GUID
> > > > > > gEfiCertSha256Guid; extern EFI_GUID  gEfiCertRsa2048Guid;+extern
> > > > > > EFI_GUID gEfiCertRsa3072Guid;+extern EFI_GUID
> > > > > > gEfiCertRsa4096Guid; extern EFI_GUID  gEfiCertRsa2048Sha256Guid;
> > > > > > extern EFI_GUID gEfiCertSha1Guid; extern EFI_GUID
> > > > > > gEfiCertRsa2048Sha1Guid;diff --git a/MdePkg/MdePkg.dec
> > > > > > b/MdePkg/MdePkg.dec index
> > > > > > b85614992b..24e4779d33 100644
> > > > > > --- a/MdePkg/MdePkg.dec
> > > > > > +++ b/MdePkg/MdePkg.dec
> > > > > > @@ -581,6 +581,8 @@
> > > > > >    gEfiImageSecurityDatabaseGuid  = { 0xd719b2cb, 0x3d3a,
> > > > > > 0x4596,
> > > {0xa3,
> > > > > > 0xbc, 0xda, 0xd0,  0xe, 0x67, 0x65, 0x6f }}   gEfiCertSha256Guid
> > > =
> > > > > > { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36,
> > > > > > 0x93, 0x43,
> > > > > 0x28 }}
> > > > > > gEfiCertRsa2048Guid            = { 0x3c5766e8, 0x269c, 0x4e34,
> > > {0xaa, 0x14,
> > > > > 0xed,
> > > > > > 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}+  gEfiCertRsa3072Guid            =
> > > > { 0xedd320c2,
> > > > > > 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }}+
> > > > > > gEfiCertRsa4096Guid            = { 0xb23e89a6, 0x8c8b, 0x4412,
> > > {0x85, 0x73,
> > > > > 0x15,
> > > > > > 0x4e, 0x8d, 0x00, 0x98, 0x2c }}   gEfiCertRsa2048Sha256Guid      =
> > > > > { 0xe2b36190,
> > > > > > 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
> > > > > > gEfiCertSha1Guid               = { 0x826ca512, 0xcf10, 0x4ac9,
> > > {0xb1, 0x87, 0xbe,
> > > > > > 0x1, 0x49, 0x66, 0x31, 0xbd }}   gEfiCertRsa2048Sha1Guid        =
> > > > { 0x67f8444f,
> > > > > > 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80
> > > > > > }}--
> > > > > > 2.26.2.windows.1
> > > > > >
> > > > > >
> > > > > >
> > > > > > -=-=-=-=-=-=
> > > > > > Groups.io Links: You receive all messages sent to this group.
> > > > > > View/Reply Online (#107294):
> > > > > > https://edk2.groups.io/g/devel/message/107294
> > > > > > Mute This Topic: https://groups.io/mt/100385942/2558558
> > > > > > Group Owner: devel+owner@edk2.groups.io
> > > > > > Unsubscribe: https://edk2.groups.io/g/devel/unsub
> > > > > > [w.sheng@intel.com]
> > > > > > - =-=-=-=-=-=
> > > > > >
> >
> >



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107526): https://edk2.groups.io/g/devel/message/107526
Mute This Topic: https://groups.io/mt/100521910/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-