From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id A62B6AC097E for ; Mon, 19 Feb 2024 03:31:10 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=bR3cfZ2+NCXlTPPkcwvGHUGZUUjlSmyzQOGcOUxMbh8=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Message-ID:Date:User-Agent:Subject:To:Cc:References:From:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1708313469; v=1; b=iLhwQPoX5h5gSP0sgRvGy93MDfwp65wDzyj4aWX2mu8pseUQNOSwkKIB1ZJywjClkyP/F/5q iA/wl19g7/OzfKD56WCdd3W09Y3k/8uT/bN9k4YZHBtRszRha7LP9mITS9r+4FJFsJL76d6bPYf cHTG6Jgdr7iuknBoe2Jw1SB0= X-Received: by 127.0.0.2 with SMTP id 3mdRYY7687511xAPWXZfIy8G; Sun, 18 Feb 2024 19:31:09 -0800 X-Received: from NAM02-BN1-obe.outbound.protection.outlook.com (NAM02-BN1-obe.outbound.protection.outlook.com [40.107.212.103]) by mx.groups.io with SMTP id smtpd.web11.34143.1708313468364378282 for ; Sun, 18 Feb 2024 19:31:08 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CgEK9L/rsIGuKt5/NhRGw2ox2vNc2lqPN2ZtWhTFQoWChax572Bq/1mHXn+K28RaSVxKejQAm3vxlfFP+HMbxgzmQtZ8+y+ylZRD0vMlnYqxVRyMPVgsjY+VEH9K/tibxccWXnyyX1ZCkS0kVj6sGu8dhC1ai8ysLTwkaxAnY7ljg/AqFB3FFhJj7rYCZqRWK1z8eX1uIEbmW2CGWq1OPwp/yCl9sGMnridMZ/yl3k0wkxlZJzzbu5foJnfGQxtcmptXulxCx1Xbcdo5ffyEO8fEoJIoclmxntI4Bk3Mlshw/gn3kf+nw0iEcPtBTziIe858nyYpLSeRl/fYDtaejA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=p7NSYA1zxpU0TCXWNm/xOAwACBQhOCKTKGXktlJBZ+w=; b=Y4SjmQEn69qyqqA3n3oi53riYbe685BjLQJGEB1Ber7q02Vk8wdmHULT0TQvzC2LG/rEG7lxhpFLe2+/JVzW+kq0inKdMW5God4nW4dfcj4SXskSe/cs0OSG6S+A8CjZzBMWX3VQnHxsm3a3dCNjJ1TGFdBvDSZ1dDnRrMTFs5QqC9XoBt9dH61ko37pYmNYAqC0vQMhrdVYx80jhQGyIIVabRq28+OiSFQY6exWcjIVVwsipGumXP3WzYpeiGOE8tBebNl7PeQYQtsLBljzQxQt1M0t+TDyfPEsdDdYE6fI6BanvyLlqjfofoOtZvD08ZVwoTaM0i6qOw3BSA5YLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=os.amperecomputing.com; dmarc=pass action=none header.from=os.amperecomputing.com; dkim=pass header.d=os.amperecomputing.com; arc=none X-Received: from PH0PR01MB7287.prod.exchangelabs.com (2603:10b6:510:10a::21) by PH0PR01MB7255.prod.exchangelabs.com (2603:10b6:510:104::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.38; Mon, 19 Feb 2024 03:31:03 +0000 X-Received: from PH0PR01MB7287.prod.exchangelabs.com ([fe80::2ff9:8f07:ec56:77f9]) by PH0PR01MB7287.prod.exchangelabs.com ([fe80::2ff9:8f07:ec56:77f9%3]) with mapi id 15.20.7292.036; Mon, 19 Feb 2024 03:31:02 +0000 Message-ID: Date: Mon, 19 Feb 2024 10:31:01 +0700 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Add new API to get PKCS7 Signature To: devel@edk2.groups.io, jiewen.yao@intel.com, "Hou, Wenxing" Cc: Tam Chi Nguyen , "Li, Yi1" References: <20240130054428.3838412-1-nhi@os.amperecomputing.com> <32f064a1-f435-4173-92e0-9dfd7e708317@os.amperecomputing.com> From: "Nhi Pham via groups.io" In-Reply-To: X-ClientProxiedBy: SI1PR02CA0024.apcprd02.prod.outlook.com (2603:1096:4:1f4::12) To PH0PR01MB7287.prod.exchangelabs.com (2603:10b6:510:10a::21) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH0PR01MB7287:EE_|PH0PR01MB7255:EE_ X-MS-Office365-Filtering-Correlation-Id: eda0c5e7-c7af-41b2-c58f-08dc30fb3290 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: D//SyVi/7y4HeiS+ZH5ej+FkJU/ebc6n7WPGA7jBqbAmp5OUhsQYtfzmdIMW1JIJ8GaJCUVIKpwnugVW8B0yFHpaUUAAzqkxxMwqlBVicCOhCmdcm/2Fr6GjFEtHXProAm6YaII1gTzUMKjnYUqYvy4qIf/wEsnn0FbFuM6reAwxtHEN0YrlXUqeYuop/fZ7DwuclYin62KcW5ivYIjh3YrUCsVEuHnk3ryUbzb2i02Nnww2qix+XRTCOcdGOG6om4InN2E6WA45t0P7++AtWqp1sQo8n4xjyTG7cal8syxX+fKx7s7RZqEyubUs+JTW4ppvVKwQbr+ty+irznFSOp3SNAHP2Zpt03630fVCfwjVmEDhvRReCsTh73fLF+TE8z+8XwF6eCXMBfcY4xfFSQQUftdsLXdFriSyY9MqBIeOlvI4wDRRRZ5kDF7Cu5IqG+QcVhW9A9w4pkCwtDm0TUUJFWxHjfdq7r/IGsh4GCY7mGJJ+xUBo8AoL8Qn6jnhEh5NQKI7LPxwdiiJWoZUkwcHjpW6EnOpDHKeak7xM4Q= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?bkVYbGRhUUpUbTdZK21tRXBBODY0RDBXTE9teis1MVU5TG1Hc0ZqL1p1dU9K?= =?utf-8?B?WTFncnZWbWRLeUZGdzUySXUvYWdWTFdmdTJVZnlhbm5UcSt4aXNzNERiM3ps?= =?utf-8?B?UWtzbld5WDBUUVUvOEtZdkRtcncxVmlNdm5FMk9rUXNONEg5VWR3M1NaUW5I?= =?utf-8?B?bEZIR1VEZWZEcFoyV0JhUy9vLzNmeDRxNDZ5eHJoTHV2VDJZOW81MllxNjFl?= =?utf-8?B?MGV4czE0cm1BcXFxVS85bis5ZVRIaVZub1JwY0loY092Wm0zQjZDR2hDSUFq?= =?utf-8?B?VjJxaWFMaEo2Q1Z5RExLMnZzN0hjZCswQW56MEo3SWhTNTU1dnNsNnVpYTdZ?= =?utf-8?B?M1lwT1BSMmtlMFkwamN0NXl4T29heTE5VmVqMTVxOG9Tclc2ZldZRHFrY3BK?= =?utf-8?B?ZW83bHpxdVVRWnFabUpYZDdPbkg4L08wYlNTdGRZNDM3cldyZ0QxeWFDWHJo?= =?utf-8?B?cFZBSlJkMUI3NGZ1cXF6VkZSMGNWY3dzNHVpVlVxRkRSTEt4OCtKT0pDOG10?= =?utf-8?B?VmNZeGFEdStqS0hRODRwdHppcmFOYUVlSUFVRFVoNFhjeStxMlJsc0kzUjkr?= =?utf-8?B?TUV4cm5tWmhlbzF3cDUweVg1L3RWalM4OWZVUGt5U3pDbDgvOFYxdmZRR1JF?= =?utf-8?B?ZUhFSllRbmVXUEZVL3llak9WMVZxUGMzb01PaVV2UzA0Z3V6OFp4bkdCSmpJ?= =?utf-8?B?amEyQStUdHc3YTBJWmF5QmhvTUxmSDFlSXFvYlhjVGREKzZ1VUc2OEdMZjVz?= =?utf-8?B?L2FIK0liWnpkQ2FYaHRlWkRzYTJ4QXY5YTVDWnpVSFRrVlNURXpqQ3kzS3RF?= =?utf-8?B?d0Jkb3ErcFlUeHFYVWk4WDY2T2hoZk5sYlpzMk1rMUtRNnByNmlra3BUbFBN?= =?utf-8?B?UTlpcEhxM2s1UzNhZUs3SloycC9CU1E4U0Njb0Fld2M0R21MYTVvd0VYcW9P?= =?utf-8?B?NTBpT0dwT2JlcUROR05jT2R2OVhvOWNTb0xNck4wRUFFUTBPY0xZSStXYSt0?= =?utf-8?B?MHNLd1BXalNOQ1ZiQkR5WGhGakFqVndOMDhZdHBpOURsNnRqUWJEbFhSRWtN?= =?utf-8?B?YUJXa3UyR1NHNFZtcWxaVXZ6SHVYRUdhbVhoUG5DbHc0c0JXbTBYdkZCSU13?= =?utf-8?B?SENEOTRaNWRSNGtJMThHTysvQ2M4VllVTk8zdGhZRDJialhTVDVBcmowTERz?= =?utf-8?B?b3lYelVaS0JrdFh1R04rWXNadEpNbE1SdVlTaUlQUnpncVprOWdqM3BPQlBh?= =?utf-8?B?SEpiRGg2ZFZ3ei9uM2xzM3NIWmx5V1RPTGgrQ2pFcFhGTmdkSnJQdjRUL3Np?= =?utf-8?B?bWZIcFMrNUF1d0c1dXBkc0lqQ2w0dkV4cmoxUHRSbmswME5rcnBSb1pmSjJO?= =?utf-8?B?OTBTbUhBY2ZaajFFSnlsNW1TRnZSWkxyZVhtVWJQZ0Y2ZFhTQ2k3TzVQcFNu?= =?utf-8?B?RW40c005aDdFbTJ3T2h2R05wUm1ndEdQRHNrcG5OWkNIYlY2WW9RaU5KUVdl?= =?utf-8?B?R3ZNNE5GRVlieWFCSmNnSlNTUTZSbmdwZ3J6NDc2S0grTnFSZ2ZsVW0ySnlt?= =?utf-8?B?bnkwQVpTNlZQK2x1QlJnRDc0Um1nQzZ3TDVYcWhTaldXVUs4TWxMTEoydEpG?= =?utf-8?B?V0h6R1NicUlGcEM2WCsyOXVEMTU0NFkxL1ZWeGdKMHhURWFwQy9iQk5Zakpv?= =?utf-8?B?YVlmaGxKUFZRSU1JYTZhOVJOcm9YaGFTM3ZDTFlqdGFGbDNMejJQTGNsSnVy?= =?utf-8?B?RWhkRTh3LzhLcHNEMjRzVWtjeFZpNjJxTS8yOVYzWlJNcUpOenN5RTZ4bHNa?= =?utf-8?B?NTQwbHVVNmp0d1hEdjNXenJnRFdDU203d1c3UFR4VnoyaUowVC9lQVJuSXNP?= =?utf-8?B?bkNkcFk0U2lwamV0Vi8vYzNPeitBU0txSkFuT0pHQlVpTVBlYmZFRDgwVkl1?= =?utf-8?B?c0g0Q2JtcWVZUFBwMEc2ZlZoRnlLSlJzcXFlZnFWNzlNMTJJSklxTU9YaDBW?= =?utf-8?B?Mnh6WVQ3L01wUU5pd2ZUTkNKclkxelRlTXl0M1paVHpaN2JjckY2VUVQTXkv?= =?utf-8?B?S1c2UDZ3bDU5VkYzN0N2azViT28rSVFsbDd6QzBYd1A1aUxqWnBlY3AwREp1?= =?utf-8?B?RjNSV1RUVkswVjgyZm9pSXFKL1d6d1E4OWtJYmxVVFlNVU5SckU2RzFrS1hS?= =?utf-8?Q?W9RRoisH/mmGQL48m5kkohg=3D?= X-OriginatorOrg: os.amperecomputing.com X-MS-Exchange-CrossTenant-Network-Message-Id: eda0c5e7-c7af-41b2-c58f-08dc30fb3290 X-MS-Exchange-CrossTenant-AuthSource: PH0PR01MB7287.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Feb 2024 03:31:02.6376 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3bc2b170-fd94-476d-b0ce-4229bdc904a7 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JZjXvx43wsCI9BlGqoLNU+7Kkomga2MiiZ4et7tQiSYslov6TycV8+MiHt43jkAAgEi6+uLyBDgAx52aSuQb9ni1zLCK4tcvsU6t2zUPd0U= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR01MB7255 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,nhi@os.amperecomputing.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: MAFG4UkHutApxlmTrexaC8o0x7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=iLhwQPoX; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On 2/1/2024 9:09 AM, Yao, Jiewen via groups.io wrote: > Hi Nhi > Would you please: > 1) File an issue in Bugzilla - https://bugzilla.tianocore.org/ > 2) Share with us the usage of this new API. >=20 > We are trying to understand why it is needed. Hi Jiewen, Sorry for late response. I've just been back from vacation. Happy Lunar=20 New Year! Let me try to explain the demand. This new API is consumed by Ampere=20 Altra EDK2 [1] for enrolling platform UEFI boot/update keys managed by=20 secure storage service in secure world. That is Ampere Trusted Firmware=20 Secure Boot/Update Design [2] which provides platform firmware owners a=20 way to generate the pair of keys, sign their UEFI firmware, and enroll=20 their public key under the UEFI Secure Variable Format. Any update (modify/append/delete) must be authenticated in secure world.=20 Hence, that is the reason we have to extract the key and pass the=20 signature to secure storage service. I wonder whether it would be possible to have this API in the CryptLib=20 before opening the Bugzilla ticket? [1]=20 https://github.com/AmpereComputing/edk2-platforms/blob/ampere/Silicon/Amper= e/AmpereAltraPkg/Library/SecVarLib/SecVarLib.c#L613 [2] https://blog.cloudflare.com/armed-to-boot Thanks, Nhi -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115583): https://edk2.groups.io/g/devel/message/115583 Mute This Topic: https://groups.io/mt/104048629/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-