From: "Sheng Wei" <w.sheng@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Gao, Liming" <gaoliming@byosoft.com.cn>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Xu, Min M" <min.m.xu@intel.com>,
"Chen, Zeyi" <zeyi.chen@intel.com>,
"Wang, Fiona" <fiona.wang@intel.com>,
"Lu, Xiaoyu1" <xiaoyu1.lu@intel.com>,
"Jiang, Guomin" <guomin.jiang@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096
Date: Mon, 31 Jul 2023 02:01:31 +0000 [thread overview]
Message-ID: <PH0PR11MB4870DCE6BFDFA1E9431FF009E105A@PH0PR11MB4870.namprd11.prod.outlook.com> (raw)
In-Reply-To: <PH0PR11MB48707E3C76C1768B43A3CAA8E106A@PH0PR11MB4870.namprd11.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 5505 bytes --]
Hi Gao, Liming,
Could you help to review and merge this patch to MdePkg?
This patch is only to add 2 new GUIDs.
These 2 GUIDs will be used for adding RSA3072/RSA4096 cert support for secure boot feature.
Thank you.
BR
Sheng Wei
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Sheng
> > Wei
> > Sent: 2023年7月27日 14:35
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; Chen, Zeyi
> > <zeyi.chen@intel.com>; Wang, Fiona <fiona.wang@intel.com>; Lu, Xiaoyu1
> > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> > <gaoliming@byosoft.com.cn>
> > Subject: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for
> > CERT_RSA3072 and CERT_RSA4096
> >
> > Add gEfiCertRsa3072Guid and gEfiCertRsa4096Guid
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Min Xu <min.m.xu@intel.com>
> > Cc: Zeyi Chen <zeyi.chen@intel.com>
> > Cc: Fiona Wang <fiona.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Signed-off-by: Sheng Wei <w.sheng@intel.com>
> > ---
> > MdePkg/Include/Guid/ImageAuthentication.h | 26
> > +++++++++++++++++++++++
> > MdePkg/MdePkg.dec | 2 ++
> > 2 files changed, 28 insertions(+)
> >
> > diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
> > b/MdePkg/Include/Guid/ImageAuthentication.h
> > index fe83596571..c8ea2c14fb 100644
> > --- a/MdePkg/Include/Guid/ImageAuthentication.h
> > +++ b/MdePkg/Include/Guid/ImageAuthentication.h
> > @@ -144,6 +144,30 @@ typedef struct {
> > 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3,
> > 0xb6} \ } +///+/// This identifies a signature containing an RSA-3072 key.
> The
> > key (only the modulus+/// since the public key exponent is known to be
> > 0x10001) shall be stored in big-endian+/// order.+/// The
> > SignatureHeader size shall always be 0. The SignatureSize shall always
> > be 16 (size+/// of SignatureOwner component) + 384 bytes.+///+#define
> > EFI_CERT_RSA3072_GUID \+ { \+ 0xedd320c2, 0xb057, 0x4b8e, {0xad,
> 0x46,
> > 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 } \+ }++///+/// This identifies a
> > signature containing an RSA-4096 key. The key (only the modulus+///
> > since the public key exponent is known to be 0x10001) shall be stored
> > in big-endian+/// order.+/// The SignatureHeader size shall always be
> > 0. The SignatureSize shall always be 16 (size+/// of SignatureOwner
> component) + 512
> > bytes.+///+#define EFI_CERT_RSA4096_GUID \+ { \+ 0xb23e89a6, 0x8c8b,
> > 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c } \+ }+ ///
> > /// This identifies a signature containing a RSA-2048 signature of a
> > SHA-256 hash. The /// SignatureHeader size shall always be 0. The
> > SignatureSize shall always be
> > 16 (size of@@ -330,6 +354,8 @@ typedef struct { extern EFI_GUID
> > gEfiImageSecurityDatabaseGuid; extern EFI_GUID gEfiCertSha256Guid;
> > extern EFI_GUID gEfiCertRsa2048Guid;+extern EFI_GUID
> > gEfiCertRsa3072Guid;+extern EFI_GUID gEfiCertRsa4096Guid; extern
> > EFI_GUID gEfiCertRsa2048Sha256Guid; extern EFI_GUID gEfiCertSha1Guid;
> > extern EFI_GUID gEfiCertRsa2048Sha1Guid;diff --git
> > a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index
> > b85614992b..24e4779d33 100644
> > --- a/MdePkg/MdePkg.dec
> > +++ b/MdePkg/MdePkg.dec
> > @@ -581,6 +581,8 @@
> > gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3,
> > 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }} gEfiCertSha256Guid =
> > { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43,
> 0x28 }}
> > gEfiCertRsa2048Guid = { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14,
> 0xed,
> > 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}+ gEfiCertRsa3072Guid = { 0xedd320c2,
> > 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }}+
> > gEfiCertRsa4096Guid = { 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73,
> 0x15,
> > 0x4e, 0x8d, 0x00, 0x98, 0x2c }} gEfiCertRsa2048Sha256Guid =
> { 0xe2b36190,
> > 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
> > gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe,
> > 0x1, 0x49, 0x66, 0x31, 0xbd }} gEfiCertRsa2048Sha1Guid = { 0x67f8444f,
> > 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}--
> > 2.26.2.windows.1
> >
> >
> >
> > -=-=-=-=-=-=
> > Groups.io Links: You receive all messages sent to this group.
> > View/Reply Online (#107294):
> > https://edk2.groups.io/g/devel/message/107294
> > Mute This Topic: https://groups.io/mt/100385942/2558558
> > Group Owner: devel+owner@edk2.groups.io
> > Unsubscribe: https://edk2.groups.io/g/devel/unsub [w.sheng@intel.com]
> > - =-=-=-=-=-=
> >
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107389): https://edk2.groups.io/g/devel/message/107389
Mute This Topic: https://groups.io/mt/100405114/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: 0001-MdePkg-Include-Add-GUID-for-CERT_RSA3072-and-CERT_RS.patch --]
[-- Type: application/octet-stream, Size: 3849 bytes --]
From fbf2372257907a7756f05279ecae01b3554aede2 Mon Sep 17 00:00:00 2001
From: Sheng Wei <w.sheng@intel.com>
Date: Tue, 25 Jul 2023 17:01:09 +0800
Subject: [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and
CERT_RSA4096
Add gEfiCertRsa3072Guid and gEfiCertRsa4096Guid
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Zeyi Chen <zeyi.chen@intel.com>
Cc: Fiona Wang <fiona.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Sheng Wei <w.sheng@intel.com>
---
MdePkg/Include/Guid/ImageAuthentication.h | 26 +++++++++++++++++++++++
MdePkg/MdePkg.dec | 2 ++
2 files changed, 28 insertions(+)
diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h
index fe83596571..c8ea2c14fb 100644
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -144,6 +144,30 @@ typedef struct {
0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \
}
+///
+/// This identifies a signature containing an RSA-3072 key. The key (only the modulus
+/// since the public key exponent is known to be 0x10001) shall be stored in big-endian
+/// order.
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size
+/// of SignatureOwner component) + 384 bytes.
+///
+#define EFI_CERT_RSA3072_GUID \
+ { \
+ 0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 } \
+ }
+
+///
+/// This identifies a signature containing an RSA-4096 key. The key (only the modulus
+/// since the public key exponent is known to be 0x10001) shall be stored in big-endian
+/// order.
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size
+/// of SignatureOwner component) + 512 bytes.
+///
+#define EFI_CERT_RSA4096_GUID \
+ { \
+ 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c } \
+ }
+
///
/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The
/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of
@@ -330,6 +354,8 @@ typedef struct {
extern EFI_GUID gEfiImageSecurityDatabaseGuid;
extern EFI_GUID gEfiCertSha256Guid;
extern EFI_GUID gEfiCertRsa2048Guid;
+extern EFI_GUID gEfiCertRsa3072Guid;
+extern EFI_GUID gEfiCertRsa4096Guid;
extern EFI_GUID gEfiCertRsa2048Sha256Guid;
extern EFI_GUID gEfiCertSha1Guid;
extern EFI_GUID gEfiCertRsa2048Sha1Guid;
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index b85614992b..24e4779d33 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -581,6 +581,8 @@
gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }}
gEfiCertSha256Guid = { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }}
gEfiCertRsa2048Guid = { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}
+ gEfiCertRsa3072Guid = { 0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }}
+ gEfiCertRsa4096Guid = { 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c }}
gEfiCertRsa2048Sha256Guid = { 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }}
gEfiCertRsa2048Sha1Guid = { 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}
--
2.26.2.windows.1
next prev parent reply other threads:[~2023-07-31 2:01 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-27 6:35 [edk2-devel] [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 Sheng Wei
2023-07-27 6:35 ` [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096 Sheng Wei
2023-07-27 6:35 ` [edk2-devel] [PATCH V5 2/3] CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify Sheng Wei
2023-07-27 9:42 ` Yao, Jiewen
2023-07-27 6:35 ` [edk2-devel] [PATCH V5 3/3] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 Sheng Wei
2023-07-28 2:34 ` Yao, Jiewen
2023-07-27 9:44 ` [edk2-devel] [PATCH V5 0/3] SecureBoot: " Yao, Jiewen
2023-07-28 1:49 ` Sheng Wei
2023-07-28 2:15 ` Yao, Jiewen
[not found] ` <1775A5F91CFEF78E.27447@groups.io>
2023-07-28 4:32 ` [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096 Sheng Wei
2023-07-31 2:01 ` Sheng Wei [this message]
2023-08-02 2:58 ` 回复: " gaoliming via groups.io
2023-08-02 8:03 ` Sheng Wei
2023-08-02 9:12 ` 回复: " gaoliming via groups.io
2023-08-03 7:29 ` Sheng Wei
2023-08-03 8:12 ` Yao, Jiewen
2023-08-07 9:17 ` Sheng Wei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB4870DCE6BFDFA1E9431FF009E105A@PH0PR11MB4870.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox