Add multi-cert PcdPkcs7CertBufferXdr

[edk2] [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr

Posted by Kinney, Michael D 6 years, 1 month ago

https://bugzilla.tianocore.org/show_bug.cgi?id=890
https://bugzilla.tianocore.org/show_bug.cgi?id=891

* Update BinToPcd to support multiple one or more -i INPUTFILE arguments
* Update BinToPcd to support -x, --xdr flags to encode PCD using the
  Variable-Length Opaque Data of RFC 4506 External Data Representation
  Standard (XDR).
* Add PcdPkcs7CertBufferXdr that supports one or more PKCS7 certificates
  encoded using the Variable-Length Opaque Data format of RFC 4506 External
  Data Representation Standard (XDR).  
* Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate
  capsules.
* Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
  of the test key.

Branch for review:
https://github.com/mdkinney/edk2/tree/Bug_890_891_BinToPcdMultipleInputFiles
  
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>

Kinney, Michael D (4):
  BaseTools/BinToPcd: Add support for multiple binary input files
  SecurityPkg: Add PcdPkcs7CertBufferXdr
  SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr
  QuarkPlatformPkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr

Michael D Kinney (1):
  Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr

 BaseTools/Scripts/BinToPcd.py                      | 83 ++++++++++++++--------
 .../PlatformBootManagerLib/PlatformBootManager.c   | 51 ++++++++++++-
 .../PlatformBootManagerLib.inf                     |  3 +-
 SecurityPkg/SecurityPkg.dec                        |  8 +++
 SecurityPkg/SecurityPkg.uni                        |  6 ++
 .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c  | 77 +++++++++++++++++---
 .../EdkiiSystemCapsuleLib.inf                      |  3 +-
 .../Library/PlatformBdsLib/BdsPlatform.c           | 57 ++++++++++++++-
 .../Library/PlatformBdsLib/PlatformBdsLib.inf      | 22 +++---
 9 files changed, 258 insertions(+), 52 deletions(-)

-- 
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr

Posted by Steele, Kelly 6 years, 1 month ago

Reviewed-by: Kelly Steele <Kelly.steele@intel.com>

Thanks,
Kelly

> -----Original Message-----
> From: Kinney, Michael D
> Sent: March 12, 2018 12:30
> To: edk2-devel@lists.01.org
> Cc: Sean Brogan <sean.brogan@microsoft.com>; Zhu, Yonghong
> <yonghong.zhu@intel.com>; Gao, Liming <liming.gao@intel.com>; Zhang,
> Chao B <chao.b.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Steele, Kelly <kelly.steele@intel.com>; Wei, David <david.wei@intel.com>;
> Guo, Mang <mang.guo@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr
> 
> https://bugzilla.tianocore.org/show_bug.cgi?id=890
> https://bugzilla.tianocore.org/show_bug.cgi?id=891
> 
> * Update BinToPcd to support multiple one or more -i INPUTFILE arguments
> * Update BinToPcd to support -x, --xdr flags to encode PCD using the
>   Variable-Length Opaque Data of RFC 4506 External Data Representation
>   Standard (XDR).
> * Add PcdPkcs7CertBufferXdr that supports one or more PKCS7 certificates
>   encoded using the Variable-Length Opaque Data format of RFC 4506
> External
>   Data Representation Standard (XDR).
> * Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate
>   capsules.
> * Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
>   of the test key.
> 
> Branch for review:
> https://github.com/mdkinney/edk2/tree/Bug_890_891_BinToPcdMultipleIn
> putFiles
> 
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Yonghong Zhu <yonghong.zhu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: David Wei <david.wei@intel.com>
> Cc: Mang Guo <mang.guo@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> 
> Kinney, Michael D (4):
>   BaseTools/BinToPcd: Add support for multiple binary input files
>   SecurityPkg: Add PcdPkcs7CertBufferXdr
>   SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr
>   QuarkPlatformPkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr
> 
> Michael D Kinney (1):
>   Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr
> 
>  BaseTools/Scripts/BinToPcd.py                      | 83 ++++++++++++++--------
>  .../PlatformBootManagerLib/PlatformBootManager.c   | 51 ++++++++++++-
>  .../PlatformBootManagerLib.inf                     |  3 +-
>  SecurityPkg/SecurityPkg.dec                        |  8 +++
>  SecurityPkg/SecurityPkg.uni                        |  6 ++
>  .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c  | 77
> +++++++++++++++++---
>  .../EdkiiSystemCapsuleLib.inf                      |  3 +-
>  .../Library/PlatformBdsLib/BdsPlatform.c           | 57 ++++++++++++++-
>  .../Library/PlatformBdsLib/PlatformBdsLib.inf      | 22 +++---
>  9 files changed, 258 insertions(+), 52 deletions(-)
> 
> --
> 2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel