[edk2-devel] [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384

Sheng Wei w.sheng at intel.com
Thu Jul 27 06:35:10 UTC 2023 

Patch V5:
Using define KEY_TYPE_RSASSA to replace the magic number.

Patch V4:
Determine the RSA algorithm by a supported algorithm list.

Patch V3:
Select SHA algorithm automaticly for a unsigned efi image.

Patch V2:
Determine the SHA algorithm by a supported algorithm list.
Create SHA context for each algorithm.

Test Case:
1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under UEFI shell. 
2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under UEFI shell. 
3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under UEFI shell. 
4. Enroll an unsigned efi image, execute the unsigned efi image under UEFI shell

Test Result:
Pass

Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Min Xu <min.m.xu at intel.com>
Cc: Zeyi Chen <zeyi.chen at intel.com>
Cc: Fiona Wang <fiona.wang at intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu at intel.com>
Cc: Guomin Jiang <guomin.jiang at intel.com>
Cc: Michael D Kinney <michael.d.kinney at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>

Sheng Wei (3):
  MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096
  CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to
    ImageTimestampVerify
  SecurityPkg/SecureBoot: Support RSA 512 and RSA 384

 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c   |   3 +-
 MdePkg/Include/Guid/ImageAuthentication.h     |  26 +++
 MdePkg/MdePkg.dec                             |   2 +
 .../Library/AuthVariableLib/AuthService.c     | 220 +++++++++++++++---
 .../AuthVariableLib/AuthServiceInternal.h     |   4 +-
 .../Library/AuthVariableLib/AuthVariableLib.c |  42 ++--
 .../DxeImageVerificationLib.c                 |  73 +++---
 .../SecureBootConfigDxe.inf                   |  16 ++
 .../SecureBootConfigImpl.c                    | 114 +++++++--
 .../SecureBootConfigImpl.h                    |   7 +
 .../SecureBootConfigStrings.uni               |   6 +
 11 files changed, 421 insertions(+), 92 deletions(-)

-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107293): https://edk2.groups.io/g/devel/message/107293
Mute This Topic: https://groups.io/mt/100385941/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list