[edk2] [Patch] BaseTools/Pkcs7Sign: Update the test certificates & Readme.md

Long Qin posted 1 patch 6 years, 11 months ago
Failed in applying to current master (apply log)
BaseTools/Source/Python/Pkcs7Sign/Readme.md        |  42 +++++++-
BaseTools/Source/Python/Pkcs7Sign/TestCert.pem     | 117 +++++++++++----------
BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem |  44 ++++----
BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer     | Bin 756 -> 1008 bytes
BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem     | 114 ++++++++++----------
BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem |  41 ++++----
BaseTools/Source/Python/Pkcs7Sign/TestSub.pem      | 116 ++++++++++----------
BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem  |  42 ++++----
8 files changed, 286 insertions(+), 230 deletions(-)
[edk2] [Patch] BaseTools/Pkcs7Sign: Update the test certificates & Readme.md
Posted by Long Qin 6 years, 11 months ago
The old TestRoot certificate used for Pkcs7Sign is not compliant to
Root CA certificate requirement with incorrect basic constraints and
key usage setting.
When OpenSSL in CryptoPkg was updated from 1.0.2xx to the latest
1.1.0xx, the CA certificate checking was enforced for more extension
validations, which will raise the verification failure when stilling
using the old sample certificates.

This patch re-generated one set of test certificates used in
Pkcs7Sign demo, and updated the corresponding Readme.md to describe
how to set the options in openssl configuration file.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
---
 BaseTools/Source/Python/Pkcs7Sign/Readme.md        |  42 +++++++-
 BaseTools/Source/Python/Pkcs7Sign/TestCert.pem     | 117 +++++++++++----------
 BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem |  44 ++++----
 BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer     | Bin 756 -> 1008 bytes
 BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem     | 114 ++++++++++----------
 BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem |  41 ++++----
 BaseTools/Source/Python/Pkcs7Sign/TestSub.pem      | 116 ++++++++++----------
 BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem  |  42 ++++----
 8 files changed, 286 insertions(+), 230 deletions(-)

diff --git a/BaseTools/Source/Python/Pkcs7Sign/Readme.md b/BaseTools/Source/Python/Pkcs7Sign/Readme.md
index c904907000..fee0327876 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/Readme.md
+++ b/BaseTools/Source/Python/Pkcs7Sign/Readme.md
@@ -21,10 +21,44 @@ You may need the following steps for initialization:
 
     rd ./demoCA /S/Q
     mkdir ./demoCA
-    echo "" > ./demoCA/index.txt
+    echo.>./demoCA/index.txt
     echo 01 > ./demoCA/serial
     mkdir ./demoCA/newcerts
 
+OpenSSL will apply the options from the specified sections in openssl.cnf when creating certificates or certificate signing requests. Make sure your configuration in openssl.cnf is correct and rational for certificate constraints.
+The following sample sections were used when generating test certificates in this readme.
+    ...
+    [ req ]
+    default_bits        = 2048
+    default_keyfile     = privkey.pem
+    distinguished_name  = req_distinguished_name
+    attributes          = req_attributes
+    x509_extensions     = v3_ca       # The extensions to add to the self signed cert
+    ...
+    [ v3_ca ]
+    # Extensions for a typical Root CA.
+    subjectKeyIdentifier=hash
+    authorityKeyIdentifier=keyid:always,issuer
+    basicConstraints = critical,CA:true
+    keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+    ...
+    [ v3_intermediate_ca ]
+    # Extensions for a typical intermediate CA.
+    subjectKeyIdentifier = hash
+    authorityKeyIdentifier = keyid:always,issuer
+    basicConstraints = critical, CA:true
+    keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+    ...
+    [ usr_cert ]
+    # Extensions for user end certificates.
+    basicConstraints = CA:FALSE
+    nsCertType = client, email
+    subjectKeyIdentifier = hash
+    authorityKeyIdentifier = keyid,issuer
+    keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+    extendedKeyUsage = clientAuth, emailProtection
+    ...
+
 * Generate the certificate chain:
 
 NOTE: User MUST set a UNIQUE "Common Name" on the different certificate
@@ -37,7 +71,7 @@ Generate a root key:
 
 Generate a self-signed root certificate:
 
-    openssl req -new -x509 -days 3650 -key TestRoot.key -out TestRoot.crt
+    openssl req -extensions v3_ca -new -x509 -days 3650 -key TestRoot.key -out TestRoot.crt
     openssl x509 -in TestRoot.crt -out TestRoot.cer -outform DER
     openssl x509 -inform DER -in TestRoot.cer -outform PEM -out TestRoot.pub.pem
 
@@ -50,7 +84,7 @@ Generate the intermediate key:
 Generate the intermediate certificate:
 
     openssl req -new -days 3650 -key TestSub.key -out TestSub.csr
-    openssl ca -extensions v3_ca -in TestSub.csr -days 3650 -out TestSub.crt -cert TestRoot.crt -keyfile TestRoot.key
+    openssl ca -extensions v3_intermediate_ca -in TestSub.csr -days 3650 -out TestSub.crt -cert TestRoot.crt -keyfile TestRoot.key
     openssl x509 -in TestSub.crt -out TestSub.cer -outform DER
     openssl x509 -inform DER -in TestSub.cer -outform PEM -out TestSub.pub.pem
 
@@ -63,7 +97,7 @@ Generate User key:
 Generate User certificate:
 
     openssl req -new -days 3650 -key TestCert.key -out TestCert.csr
-    openssl ca -in TestCert.csr -days 3650 -out TestCert.crt -cert TestSub.crt -keyfile TestSub.key`
+    openssl ca -extensions usr_cert -in TestCert.csr -days 3650 -out TestCert.crt -cert TestSub.crt -keyfile TestSub.key
     openssl x509 -in TestCert.crt -out TestCert.cer -outform DER
     openssl x509 -inform DER -in TestCert.cer -outform PEM -out TestCert.pub.pem
 
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
index 7e1035816c..6378567523 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
@@ -1,57 +1,60 @@
-Bag Attributes
-    localKeyID: 01 00 00 00 
-    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
-    friendlyName: PvkTmp:133cc061-112c-467a-b8cf-dc0a56d7830e
-Key Attributes
-    X509v3 Key Usage: 80 
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCSPHYSohF+fim4
-89iNx8CcCG/fPb7KLu9Dsq+pB4Pc/UJtaaA+D7RK3PhqNCrWbb+gCNgm7lxiOCrH
-mm0tPal71UV8VFUiTM7Zf1y8VBFCHJ92ykmS7MDwqV25oMGGocz4jdcPl3r2yFFq
-d9jaBAPjUsHRbs8AC8CKHexOACfeydgQoj9KPWH9DUFQyXcbtMyGXAvFCktnSNRQ
-f01UdNJebeD6+wlQn0sUaojn1lu570OdZ3AkJlm6bTEKvfHeOB21GaHnQ1O1RVtq
-vd/KjFHhxSSw8meTsyqN/Toa/80FyUKEmTIaJdEaq/C2XKaUACezsYqvRxDq+pli
-kyiIpt6bAgMBAAECggEAEeqpdrf3l71iZEAwCJLwNM3N0xawEPp2Ix+56OY8UC+R
-W3FlCiWHa+Kt5uk0VGhG4Zcj0IVEuV3zU9hGRxQ2dy8Wn9h/Q8AQWdKCbKqKIMT7
-/qRjJkauju3ZR1x8SX/6anuKXWUsUh8R5o7/eRqj1U6242+FmhZWhTWMVbQsLl3y
-AShlw56zwdto543Ssl+MLuUtkxT4UZwmo6k/BucvdYsvwWp8dAluhDp2onAfOMLn
-10Bk3Bl9AgnpcQEeGwFConmgBv31UhdYftfIj2R4tTZRDuC+GzRT6jl1Qu6JfPSp
-30tmW5x3aa3946VZw2DKNiBqqYllJM1+kkzmGj+jgQKBgQC1Pzl8gv3q2TH9MlTD
-Tn9rUEs5OhjCrgZrSXoY2rfLcqJf2Tqm6I4xsVXvuePMyu8+DRD1Xizq6otUzNsN
-qh+UVkGRrFYRsgCgv1ratUti2ZlIPrR3JZsz8f23TAMGFFWCNHDH2rb1UanRD+g8
-vO4fQM8FPxBfb6wcgDYqNNMdGwKBgQDOjKhqp5sNNXNF7/rfH6H8RfKVOXuCK1Xy
-PU3Hgzd1wMfoebku4j5zQi2topzy664k9oeLCJj4GNDeHAqMttWD6TzDlMGJfdnj
-bNcrr+HnqUXByU2kS+bcTgBzsyT/1m1M7pKwtSYJzYXP1AHQny3Ip5kutCMo19td
-R4LfdebcgQKBgF3CHQzJ/mw0euWN2cdGnid3W9J4uUJMH8n0MpMU4ar+2/xVNUAO
-YTBXmirusGbKO8SPocwsMXQ8bGMrrc19yeREUpr22XdB6408L9WfnyW9hsuWlGhm
-LclLT4I4cf/9GNbIJedcvvRckEozvmFdIplMP0tpeiDEdfYwZNSkiuktAoGBAL5m
-gTXYDSFO/VUiFFOsOElyPV174LOsuQyVoGZjOjOtI1rVInTqkAD1p1/hf+aahSyD
-qYzrvv8s+RVWKg9u10JDNgVg0kupHLr98RfPiWJg8vHhXFYwtb6tlNMS9+9yvczm
-O4jzY/4zW7+qQoYKxkyq2pVn7uVOnmPNcQIHEGqBAoGBAJMfZV2vpxY6kti8SXzb
-PscYI3ZbbKyJLq4+KHGcKCqqbLiY4ao8vflDyDwBm+TJg4xq9wjJAN2riE9nuuds
-99mYW/8R30BIfiH/4oBHjggb0NC5K3vHR4KGDKcUiIKZPv1r7mNeYw227N4n/dPM
-NXjlZVuS6mqc2T+GPzAJj/Uf
------END PRIVATE KEY-----
-Bag Attributes
-    localKeyID: 01 00 00 00 
-subject=/CN=TestCert
-issuer=/CN=TestSub
------BEGIN CERTIFICATE-----
-MIIC/TCCAemgAwIBAgIQ0+nLBVt+jbJMSfzhFpRJrDAJBgUrDgMCHQUAMBIxEDAO
-BgNVBAMTB1Rlc3RTdWIwHhcNMTYwODA0MTUwMjMwWhcNMzkxMjMxMjM1OTU5WjAT
-MREwDwYDVQQDEwhUZXN0Q2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAJI8dhKiEX5+Kbjz2I3HwJwIb989vsou70Oyr6kHg9z9Qm1poD4PtErc+Go0
-KtZtv6AI2CbuXGI4KseabS09qXvVRXxUVSJMztl/XLxUEUIcn3bKSZLswPCpXbmg
-wYahzPiN1w+XevbIUWp32NoEA+NSwdFuzwALwIod7E4AJ97J2BCiP0o9Yf0NQVDJ
-dxu0zIZcC8UKS2dI1FB/TVR00l5t4Pr7CVCfSxRqiOfWW7nvQ51ncCQmWbptMQq9
-8d44HbUZoedDU7VFW2q938qMUeHFJLDyZ5OzKo39Ohr/zQXJQoSZMhol0Rqr8LZc
-ppQAJ7Oxiq9HEOr6mWKTKIim3psCAwEAAaNWMFQwDAYDVR0TAQH/BAIwADBEBgNV
-HQEEPTA7gBAeQOcW6KCBdWSbrvKQrBrfoRUwEzERMA8GA1UEAxMIVGVzdFJvb3SC
-ELOMZKZtPz2BS8i5NTXdHNMwCQYFKw4DAh0FAAOCAQEAK7YgK6iiTo07d3CSY4xG
-9N0QS2m4LsBPrF8pFmk5h6R81MFEdBZrA+zggbUujQ2IGB7k6F7WvP3F3B3AXZtx
-DW1FYrQheQhTT5wx85LxFdLy+q6uwUtJi/VyErPmZOcds3QaBXPvG/UykFbu24JV
-K2ScLpQVyzmkTN7GWSXrIO6eHHMQgeRX3XjRutbR8CKP1pWTOY+MO4G6YZqrzLdp
-opYFPgvdZpTL3IKSSkp31Amu5oidkvzLgallC3SOYdLZirWEIAAXW2LVYXwiiL6L
-HEIV/G9u85jhKhv/z9l8F/1Eg4HHGSYba8pf1HQA+WsQwi4BVp4x4MBoeHOolyVT
-/A==
------END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 32 25 22 FA 81 B3 BF 25 E2 F7 8F 0B 1B C4 50 70 BB B7 85 96 
+subject=/C=CN/ST=SH/O=TianoCore/OU=EDKII/CN=TestCert/emailAddress=edkii@tianocore.org
+issuer=/C=CN/ST=SH/O=TianoCore/OU=EDKII/CN=TestSub/emailAddress=edkii@tianocore.org
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
+CzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJ
+MRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZIhvcNAQkBFhNlZGtpaUB0aWFub2Nv
+cmUub3JnMB4XDTE3MDQxMDA4MzgwNFoXDTE4MDQxMDA4MzgwNFowdTELMAkGA1UE
+BhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsM
+BUVES0lJMREwDwYDVQQDDAhUZXN0Q2VydDEiMCAGCSqGSIb3DQEJARYTZWRraWlA
+dGlhbm9jb3JlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPe+
+2NX/Tf0iWMJgYMXMoWOiveX9FGx9YcwH+BKn9ZPZHig6CsZ6B17fwBWek8rIOAOR
+W8FL+UyRhsnKF/oKjMN7awiLjackjq8m0bPFHVl4dJooulHmSPCsRMeG/pWs4DVP
+WiIoF1uvXN6MZ3zt0hofgqPnGjJQF0HLECrPqyBv7sit9fIaNZ/clqcR3ZqdXQRU
+fEk7dE8pg+ZjNNa/5WTGwSBB7Ieku4jGbKybvpj6FtEP/8YyAJC3fOD+Y4PIQCnF
+xzWchOGrFcoeqgf/hLhzoiRvalgnvjczbo3W4sgFwFD/WxoDqb1l1moHyOubw5oT
+CdD+J+QwdFl1kCkG+K8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIB
+AQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50
+IENlcnRpZmljYXRlMB0GA1UdDgQWBBTACEuCjiL/cFrP+l8hECWctq+Q+TAfBgNV
+HSMEGDAWgBTWnWbWSXz6II1ddWkqQQp6A1ql6zAOBgNVHQ8BAf8EBAMCBeAwHQYD
+VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQA7
+vYHdpk9u63dpMKAt5MrKU9dxVn/wuqNaYQMucvQLpcE12fgWMhV2wOHlmk3fJxq7
+CnD8QVaRbL3OQYWQQDA+sGNSJ9r71WFFET++94Rny6BzTz+dkrvIS4WaL/vLZ17c
+/gOsMCZUlhodxDcSSkachab3eE/VTEzOMUm41YYeW7USIoNSSgkWSnwZQVgcIg93
+F9X6lIr0Ik6rxHMq2ManiuSh6cMjJMGYGf2/58TySIefrXTe2A3TKQR27OYjfXJO
+l/H7u+4HS9AVCA7b9NihR5iSho5HrWqNC4Mmuz8D8iFOI2nWcek86StDswtoqDtu
+yekXblzF5lQY0goqDiks
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 32 25 22 FA 81 B3 BF 25 E2 F7 8F 0B 1B C4 50 70 BB B7 85 96 
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQD3vtjV/039IljC
+YGDFzKFjor3l/RRsfWHMB/gSp/WT2R4oOgrGegde38AVnpPKyDgDkVvBS/lMkYbJ
+yhf6CozDe2sIi42nJI6vJtGzxR1ZeHSaKLpR5kjwrETHhv6VrOA1T1oiKBdbr1ze
+jGd87dIaH4Kj5xoyUBdByxAqz6sgb+7IrfXyGjWf3JanEd2anV0EVHxJO3RPKYPm
+YzTWv+VkxsEgQeyHpLuIxmysm76Y+hbRD//GMgCQt3zg/mODyEApxcc1nIThqxXK
+HqoH/4S4c6Ikb2pYJ743M26N1uLIBcBQ/1saA6m9ZdZqB8jrm8OaEwnQ/ifkMHRZ
+dZApBvivAgMBAAECggEBAJ8NtLJ27T/1vBxWuepjfL217sroFyOrv4y5FQgNMvnP
+q6/Ry7cvAupjJjP7EhFfR67qtIi92PjSeUG18HzEJykdZFMhHTlQnBZRCtKqWzRk
+xB9wxGXuPafeQW4D+hBn4632GvzQ1mYziKEMbShkmr3QuxO1PDlO+A9yahfCKbBx
+SPCo+McV+N4c8ft/0UPMxqJLcZSMWscrBMCw1OhGdHry4CEr+NWHBeAAUWXrGSlq
+BPwM6PT00fku1RwQrw0QZw0YKL8VH5iA/uD8hfuaO2YUlt2Z025csNRyIPrizr6v
+Q8Is7jetqPpXulWSBtSYoghTj97DeYQQsQwck+tQN6kCgYEA/beFmdojyc9CoLkd
+0MgwyPBdWma77rj80PAgeRm0hl2KQa8pA6dL/1y5x3vA25gqBr++q+KmSkYT6z/Z
+n3llOk6pRlSWFlxuSLHVjOb/Qp1V/uxEG68Tg8L/I3SlMWiQ+/MnsXNHh+WEtKcZ
+FCVd0ASA4NbsKYKflT2QgraDB00CgYEA+fmRrwRlkh2OxVrxpGFER2uosYGlwQiq
+Xb75eU8BnpO8CCnXtBK4Uv3J6l/zfc+Tr2LzzgPkQiWd4NF1/EFxCNQA5kxGcPf5
+F4f8dPr8CrADO1JNrX2ITHsosaaC1ImdW/r6tl66Ie2ueCImk5Yfu5DQv7JrKh/d
+lrTEUxJL2esCgYEA2VKBla9MSGjH4XOvHk7busJotC6be3fo1e9ZYWGrSAyHiIvI
+zeBXMHz0hPJz16UXGoDTideyKJyuIyul9Pu+wZrvU9bQWIcD0DDDgtW6gAzUxG8M
+R8pHJO26LVyUwyWWSrmUnmLoOndWnIck7CS1nqC849o0n7nLh8IcLlq3EWECgYEA
+1HkeLE4na2f2R6fChv8qAy7uJ1rUodwUuzQtZsAR11EpXSL7tpLG27veGXpPQ9vh
+Yw1PwAesx9Cjfklr6OtTAbb5wMaKhVExB6BNpL0E6KytQon1foaaCLASadXnlHIY
+L+uHmOWxfk9BodkdQwsyk8JGvPoRfq+xMH0b9qQxltsCgYEAtNf8yvoTXUHa2zje
+PvI6OiQjuiON5UIt9KkQNrIrcm4wiQ2eVdkCQcUstuXtmBtvnsrxlay0jbSz2bV6
+1sWlJIvfZJujC901yMs5+twr6jMuXZ6ashWF1f2UbwgtKvh49PPgly4RhWST3Kp1
+J1AmCrzTwtaNmTZd1g5IYreXpKw=
+-----END PRIVATE KEY-----
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
index f5b0ceca2e..f98462718c 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
@@ -1,19 +1,25 @@
------BEGIN CERTIFICATE-----
-MIIC/TCCAemgAwIBAgIQ0+nLBVt+jbJMSfzhFpRJrDAJBgUrDgMCHQUAMBIxEDAO
-BgNVBAMTB1Rlc3RTdWIwHhcNMTYwODA0MTUwMjMwWhcNMzkxMjMxMjM1OTU5WjAT
-MREwDwYDVQQDEwhUZXN0Q2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAJI8dhKiEX5+Kbjz2I3HwJwIb989vsou70Oyr6kHg9z9Qm1poD4PtErc+Go0
-KtZtv6AI2CbuXGI4KseabS09qXvVRXxUVSJMztl/XLxUEUIcn3bKSZLswPCpXbmg
-wYahzPiN1w+XevbIUWp32NoEA+NSwdFuzwALwIod7E4AJ97J2BCiP0o9Yf0NQVDJ
-dxu0zIZcC8UKS2dI1FB/TVR00l5t4Pr7CVCfSxRqiOfWW7nvQ51ncCQmWbptMQq9
-8d44HbUZoedDU7VFW2q938qMUeHFJLDyZ5OzKo39Ohr/zQXJQoSZMhol0Rqr8LZc
-ppQAJ7Oxiq9HEOr6mWKTKIim3psCAwEAAaNWMFQwDAYDVR0TAQH/BAIwADBEBgNV
-HQEEPTA7gBAeQOcW6KCBdWSbrvKQrBrfoRUwEzERMA8GA1UEAxMIVGVzdFJvb3SC
-ELOMZKZtPz2BS8i5NTXdHNMwCQYFKw4DAh0FAAOCAQEAK7YgK6iiTo07d3CSY4xG
-9N0QS2m4LsBPrF8pFmk5h6R81MFEdBZrA+zggbUujQ2IGB7k6F7WvP3F3B3AXZtx
-DW1FYrQheQhTT5wx85LxFdLy+q6uwUtJi/VyErPmZOcds3QaBXPvG/UykFbu24JV
-K2ScLpQVyzmkTN7GWSXrIO6eHHMQgeRX3XjRutbR8CKP1pWTOY+MO4G6YZqrzLdp
-opYFPgvdZpTL3IKSSkp31Amu5oidkvzLgallC3SOYdLZirWEIAAXW2LVYXwiiL6L
-HEIV/G9u85jhKhv/z9l8F/1Eg4HHGSYba8pf1HQA+WsQwi4BVp4x4MBoeHOolyVT
-/A==
------END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
+CzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJ
+MRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZIhvcNAQkBFhNlZGtpaUB0aWFub2Nv
+cmUub3JnMB4XDTE3MDQxMDA4MzgwNFoXDTE4MDQxMDA4MzgwNFowdTELMAkGA1UE
+BhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsM
+BUVES0lJMREwDwYDVQQDDAhUZXN0Q2VydDEiMCAGCSqGSIb3DQEJARYTZWRraWlA
+dGlhbm9jb3JlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPe+
+2NX/Tf0iWMJgYMXMoWOiveX9FGx9YcwH+BKn9ZPZHig6CsZ6B17fwBWek8rIOAOR
+W8FL+UyRhsnKF/oKjMN7awiLjackjq8m0bPFHVl4dJooulHmSPCsRMeG/pWs4DVP
+WiIoF1uvXN6MZ3zt0hofgqPnGjJQF0HLECrPqyBv7sit9fIaNZ/clqcR3ZqdXQRU
+fEk7dE8pg+ZjNNa/5WTGwSBB7Ieku4jGbKybvpj6FtEP/8YyAJC3fOD+Y4PIQCnF
+xzWchOGrFcoeqgf/hLhzoiRvalgnvjczbo3W4sgFwFD/WxoDqb1l1moHyOubw5oT
+CdD+J+QwdFl1kCkG+K8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIB
+AQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50
+IENlcnRpZmljYXRlMB0GA1UdDgQWBBTACEuCjiL/cFrP+l8hECWctq+Q+TAfBgNV
+HSMEGDAWgBTWnWbWSXz6II1ddWkqQQp6A1ql6zAOBgNVHQ8BAf8EBAMCBeAwHQYD
+VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQA7
+vYHdpk9u63dpMKAt5MrKU9dxVn/wuqNaYQMucvQLpcE12fgWMhV2wOHlmk3fJxq7
+CnD8QVaRbL3OQYWQQDA+sGNSJ9r71WFFET++94Rny6BzTz+dkrvIS4WaL/vLZ17c
+/gOsMCZUlhodxDcSSkachab3eE/VTEzOMUm41YYeW7USIoNSSgkWSnwZQVgcIg93
+F9X6lIr0Ik6rxHMq2ManiuSh6cMjJMGYGf2/58TySIefrXTe2A3TKQR27OYjfXJO
+l/H7u+4HS9AVCA7b9NihR5iSho5HrWqNC4Mmuz8D8iFOI2nWcek86StDswtoqDtu
+yekXblzF5lQY0goqDiks
+-----END CERTIFICATE-----
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer
index e42f073d84af32513cc83f292ebc78ca6b5a6239..4c9bf0be5ae5d69e833808716c998577aba6d221 100644
GIT binary patch
literal 1008
zcmXqLVt!-L#B^l=GZP~d6DPxgiANu8Pdo6#fR~L^tIebBJ1-+6H!FidW0N7b0Vf-C
zC<~h~ld~U;!@<K8>;dDjgE>M50w85vJe(n!iFx_X`9-OQd<HxqF>W4KR~K(jPeVZi
zeh{CTha)7lxFje)zr;|<Kml$eC!?5fYD#uyrb7wHh-9D<dih1^26E!OhUNw)h6V-}
zM&>34QDCkqoI5xi*~F-X9C(bZ49rc8{0s(7j9g4jjEoFBH8pb*c&;mdt9|z&>Hp1>
zt3rDkr-s>Y4-4LKs7dIkb*b`B-)l!gi$AZLx<dN%<hpqdPh^$mOlIf4zAF0q6Dh@(
z>&cPK0rFo(LMKn0{WWOAe!iFt>&T!P)50FEKH|KaHN3)=aejnoFrVNQeZG&&Bp2ni
zS!x^i9zXi}ot*JyqbUa?kMK<A7V?NU{+3Wu8-7Sww{~UwV$)X>o9)x9Cdo4f&rgb<
zDfG8kT6dmyj)~`bfA;<ZFSF;xSDN0^is^Xw%_H&Fw8tK93#Q1-{T9>C_r8R4BCl=K
z^P@gpRcjWuZcBF&4-K+<A?O>iXfi|6tLlcg=l9+(ZSdZin!J|Vx8zqO6Eh<N<Kkq4
zL<3o18j$5<5n~Y%TXn5ZTG#or?go{$W~ug@er?owYakDjR%Vef5Np7$0F;Jgg&7(D
zv#=U411SSOkN`hOfCZSG+mNFHn1+GTz{oK5-u)#aw<jr8NbNP8D|cO=OF%HTB=Lp8
zk<X$p4MM)`=3%K2j@7x_Gik!bITtQSEMEMlM<eRWL|=}>-=t35UB(gdNObCNUEQvY
z1`T^>ZF{JrV0ZV(@zB)s8scBx-P%`Pa5d<fXw~nv>;GPLoe=fR(CK>1X3wy!%kH1|
zXC!p<KU)9g@f)F?kF3N5{d|in*Soj+l&Q_@HagIE=#Kib_iHB4TNroV#PxyJ@wvX&
zubUT5{}J(Xo2kdgi(EzZe|>9Sp1I*6?HLq&FOV_VbkBsdJzZy<6_&gH*ACs#t@}Sz
q)Vt-v;mZ@|Oz{rAn)FI(byCLN;A3}|-kqh}S6QPs=Sf;ak1PPVc5WX4

literal 756
zcmXqLV)|gv#CT@`GZP~dlYohVdOfS{)K=#OOTO~VdVb1)lZ{oIkC{o9mBB#RP|$#%
zjX9KsS(qavwYVfGKflC4PMp`!%)r9H#L(2h(8MB2oY&aW(8w5wOf5|<qp)jgVpKBV
zW#iOp^Jx3d%gD&c%D~*j$j<<D2NzQlBO}9<XU6_vhuIfgm>GWfVVDzRL8OenS6aWx
zyvcjFy_vLRLSXE%{;h}GMDHgw?AuWh89n>2`lQS=r~2&XHM&Q)ypNf^*~>Y)m)nqq
zVO!UMm0uMv*q_~yUK?Pn_gh*=Oz&M7WBa!gSAyBoXL7skmz{9zc71LVkJp+Ni)<?S
z*Y^KA_~NO$?ayViWZ%q+PYTqVA*;D7yX&_zUxwz_ed!)98m|9jtpkd(4(#Tc&y=_}
zd3pOcqxp7XG4IZ>?iGLG7PLN~YgwIGW^-nAp6~JV4Li<$OS9jXv*5)XwS-+OS??Bl
z?PXZO^F3g-%Qd@pMH}5`#_Dm3>O1dPcwDoZ_E6kCHT9e=6Eh<N<6;j3Hv<=7c*`=f
z*cw<j2%Otmb^fX1@$AoUCSBQ|s%5%R6l>@<;fq9II5RS2^FH9Z@GjbZTd_ydi!ad+
z-`-?6`jju@cd)TRR>H1#7SVyp1y}1>|2=Wl5>1l+bE9-}*tchFt%~0{+|_peWA&S$
z6!OKA(<i3yY>oALZ(RwtFEJ`wDc>VYHKwneptH-3DJvz-)97@p$v>4RE*lQ56_;kM
zy&Tb@w~z0-_Nkct8mhK8cH3A4JyZX6X@_fee7*MuW!4w#(_cKw(VzdLxc;#Co=sWN
zTA#Bo->JW^e_=Hn&p+npy-jagY){m_J)IS8>JiHRdsT%L<L()*-M6|PD~7j;DvJk5
w&)Fjtxk78LRUM;B^Y;yj&-VJ?oH${*)=nPl)l(H@K9rne+9eYEaiXdh0N3>|0{{R3

diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
index 3ca5149d2a..1331933c3d 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
@@ -1,56 +1,58 @@
-Bag Attributes
-    localKeyID: 01 00 00 00 
-    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
-    friendlyName: PvkTmp:76c92422-d6f3-4763-9b80-b423fd921d00
-Key Attributes
-    X509v3 Key Usage: 80 
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCU5jNPVsMHoNCZ
-V8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CAvrh4WVub/SeSaczKjj6e
-gUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsbLBYu7lYBh/bI1FMHZ5kL
-Rr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9iUS6YHSm6a4r7Qw5oKfW+
-Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRfoRlKvUIqmfhZpg2lbbk3H
-z4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8LeYzJ14hJ7ncOEjWOpbh
-F0dlZc49AgMBAAECgf8dY26Sej8u15Xiri/l3zXgy7aR7uAAbFGoM8fv2exQgIDk
-FrdxTDtqzqTSxGAkfUWs4Ip2DUEeZDwF/qjW4FCzb3mI/QmNt70Yd9KsEDAmDkZ2
-wylcYC2l7IqVEl6HZMpNyiu5hfXdTn/tlkkUIiKr6POYmFR6IyPiS61Tm4LQXyhv
-iW+Lx0GqFQcH82CsbNRNgJGJk/BIiHn7kNDi5rRrKsmTuKEQB9iwF/rKp+lnJN0g
-4qTv2bbZVxj39QWdOovU5LCL+1WJdkA2mpFpZjBEsTdF+UEGCbixdiftfovnZa64
-rofw3pIxr97XS42D3OmdPmSokpwqcQtjTXfScCECgYEAvxBMHcEFMZX644hhZtH7
-t0/PCka9DUBZfe58r+lmgSvlbMCka9OvKGtr86+j0IdWqmGWxRHAuk3KR3NIC3EU
-mD0rYSWiStW0I/cmHidS/a9OdWWHtWi1LcXX7KBn9AjKjPzghqAfDAkRxYfZKLIo
-PRL44O/RM6nJ1j7az5CgWR0CgYEAx4FW/xVVL1Z0kn/VyNVYLdlhV4zMNn6Cu0ko
-jebQydDBh4Tsne2A4dPonZQSsEiJ6jhzaUZr7l5OAEp+0aX0M/h6JbxTcA4CK3Xr
-X2TAaOCkPc1r0I79ZduKymyMNrWfXHenvFVl57klp9eFRQJ6o+pZB9ysFzPHXbci
-4VCsX6ECgYBMqAdB8M1apafxXihmDl2FoJmar+LtzCGbqvGPyn772FbGGUxejqG5
-/89iB9gbtBELbvgEvSisFsXPgOso3Ae9RN2Aro68o50QyPocIv7jFVDPPRsDp6z5
-XmVRZNIQUO6jPln+6YNLWuAsdmKkN0Z5qoD8DnvK1JZMRQ+ZM5eB6QKBgQCuvz+w
-VsMyn4uj9o0PSK/gGRQGV7FX2iAwY7g98vrWix+40FlhS3MkWzTZMaXc+uyyV5ff
-kmtfcwLnhljm0XHBQ9fZzcdX0y1bXAI6oElYk8vIxnG1UEnsOgyrmcCG+zcHC1fE
-wxhri+TLyx9UfwNlKBOrq0KhYB00nQDUUpFpgQKBgQCPWpNeNQ8hCARnayhzu2fE
-HEPG1P/resOp0u+c4jy4TeHVa9806wqZlkYNRKNn09Ub5Ajpp05dwdb+JvUSkWwr
-vOmE94WeLg5FuNzPAQjwAe+Eq54Vk8TdAhdLSu1m2xdBKFtEOk6TQTmRBCiknwhg
-19TgHd8hEFnz6ZICAeWGbQ==
------END PRIVATE KEY-----
-Bag Attributes
-    localKeyID: 01 00 00 00 
-subject=/CN=TestRoot
-issuer=/CN=TestRoot
------BEGIN CERTIFICATE-----
-MIIC8DCCAdygAwIBAgIQNDAnfwU9lYVDoKT1DJrnyjAJBgUrDgMCHQUAMBMxETAP
-BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDE0OFoXDTM5MTIzMTIzNTk1OVow
-EzERMA8GA1UEAxMIVGVzdFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCU5jNPVsMHoNCZV8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CA
-vrh4WVub/SeSaczKjj6egUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsb
-LBYu7lYBh/bI1FMHZ5kLRr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9i
-US6YHSm6a4r7Qw5oKfW+Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRfo
-RlKvUIqmfhZpg2lbbk3Hz4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8
-LeYzJ14hJ7ncOEjWOpbhF0dlZc49AgMBAAGjSDBGMEQGA1UdAQQ9MDuAEM61es/l
-Icdr8+yS1L9lKjWhFTATMREwDwYDVQQDEwhUZXN0Um9vdIIQNDAnfwU9lYVDoKT1
-DJrnyjAJBgUrDgMCHQUAA4IBAQBrDeAK0O5bP7ZzSGLo9Fvh7dkAxeUOaPtTMzBq
-YLruOFtRY3DVfgX+5EUqFWIb/Nh1k1b25gaFIfcIRya5/gVOkCJU9DkJTFyOzXw7
-r0stGAb0XCQqZPdZdSiXqZAsukYCamRmSTLLXTT+JOREsMKtFxsFfdNYiC6+Dtcr
-yly/KCU92Ls8OFLmJ/rSuEVrX39LsCMF6K9n6OJsL5/4c3/DF7yyalsq82vT3H/f
-L9CrBgz+A+eNguyEPch97ctqWzVIVQf7qngaAbuYRYvaiuMhV4YVIxdQG5y8Glmo
-Kq06fgEkg/ewYea9T9mRkKcquQw7q5UgHPB0zgK6FF3xkSVK
------END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F4 2E C8 1D 29 A0 02 47 B7 93 2B 69 8D 8D D1 33 7A E3 09 30 
+subject=/C=CN/ST=SH/L=SH/O=TianoCore/OU=EDKII/CN=TestRoot/emailAddress=edkii@tianocore.org
+issuer=/C=CN/ST=SH/L=SH/O=TianoCore/OU=EDKII/CN=TestRoot/emailAddress=edkii@tianocore.org
+-----BEGIN CERTIFICATE-----
+MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
+VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQKDAlUaWFu
+b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdDEiMCAGCSqG
+SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDBaFw0x
+NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNV
+BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYD
+VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9y
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3u8GL/
+2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9eqW9fk
+GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTDhGULw7x
+phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM/Z3qS
+HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
+Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZWOtC010
++lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8GA1Ud
+IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSIngavTGdHtcv
+ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD9hrI3aYI
+WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5jFC
+14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
+oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIrM
+QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunORmgIwd
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F4 2E C8 1D 29 A0 02 47 B7 93 2B 69 8D 8D D1 33 7A E3 09 30 
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5KSlsYAzXI/Z9
+7vBi/9nJqlWMgZVWP7dWU7DCghLFO3UjuU3WxFVz86qVqBvzk36eQOQdIpyTBwvX
+qlvX5BohhNdjWQNQH/UUVZORm/VSsL8OXGg7WVKYllbhq8RDuwVXeEUBn1gVUw4R
+lC8O8aYZom6GOSszjcfF6+4eM9MylMFZxAyXCxJIXzP2YHR9V8ITLX2ph6M16pGD
+P2d6kh8BU59iX5kS/XMbLZ4rbDRJr08Hj8Dpa55feTXaKlyI7vZIYdqW40hGoJQc
+nfZchw7vdAmRDT1a58VMinqsoYW2Z0QXVVI66BFNWKKTAGLqe4Dtz73fdYBLuWVj
+rQtNdPpZAgMBAAECggEAci5d6wT4Jht5P4N/Ha2kweWWR8UJMFyuVD/bura3mITn
+4ZW92HjOMWjLgupeAkCsTi65/PWBFHG97cqSRHnXW2At6ofTsS9j1JxJGfvQtqNj
+zhlR9XdJperfvN5Nc277BkuWUj/O86d5/4Ef29lMknZGLeNHLs15qiWpe1p+HKvt
++DfL7Prl5qWA5G90QmXgRQJbThl1TYLCYkETB+9m3MIRm8Z01XKH+fm4ahgclEkG
+XaQl04DhMEo7A/sC8NUnozOMEf81Ixkt3wEpoEDtZ+WhRTrgLF23Q4sXAIBMlEfz
+Pz2UaX/9KBT1dRbZseStIjJKMc8qd+pC7Ww2tuHEOQKBgQDmLdFSgHc2URQW/Otj
+fr9S/Z7EPSOA/tmh4dFhQGwzKF4Us838deRz2cRTbgq5BHuBCrMEPRBiX8h4WLEB
+NVZ73JjgOfyshcDXWNg5noc9f24HYHMZnjcFmHNokpyIgxLl2qgN8f03doJEmKkj
+pm/VnfZmkGDd65IXRp8MYMTQOwKBgQDN7ofqKWK5SA+vt+tDOkCYq6eHKb9+ImPh
+PreikT5xc9SMtb0tGlIjKydsiqA9Jv1WRnpUG0fVfMyagBSOrKt9wC143VEvOtkR
+QJehmLLYG97HP7CXtniAWeKuc2pfCd+nGdHLFmduuTEEDcxab5LQc5dvYQ/RfznF
+YVunt73qewKBgQCg11VUpCYpU2CJa7SEMtY4hLbDg8FiazLiVqx7m4u/964+IyKG
+Dk9T0NDKR7PAc2xl0HclOBJR24J27erJ4F6NcKl2za5NU61cDV4SbT8tbvUQvInR
+Veg2xb+nTAOLtKOo8DDMhdMeRXZjvpU6LxwolhfOtYaqq+jK0PNkr933bwKBgA0G
+RiBgR7cyQJO7jSyuVYGSccERuePPZwPLBLBKgWmJiurvX6ynmoRQ6WhrCCF2AtXf
+FUOWih+Nih9HdIVllF8atYWMceML1MjLjguRbdZPRPLTK2cdClgL11NzR0oFhNi7
+wFIY86fEHL6F5OPfZKi8dtp7iBWW919tfe+IpoFbAoGBAMzNKKBHG5eMuKQI/Dww
+50PDHu25TGUiTc1bHx18v7mGlcvhEPkDYAKd3y7FN5VRoooarGYlLDHXez0FvDTa
+ABFUUad70bULTqRTSmld0I9CWWnYs0vaFKgIemddQ7W2eXr7N+N+ED+OK/PvWjMq
+LMKhChf252RfOYdB+WN6alVG
+-----END PRIVATE KEY-----
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
index 14b641897c..ae67e9c1b5 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
@@ -1,18 +1,23 @@
------BEGIN CERTIFICATE-----
-MIIC8DCCAdygAwIBAgIQNDAnfwU9lYVDoKT1DJrnyjAJBgUrDgMCHQUAMBMxETAP
-BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDE0OFoXDTM5MTIzMTIzNTk1OVow
-EzERMA8GA1UEAxMIVGVzdFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCU5jNPVsMHoNCZV8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CA
-vrh4WVub/SeSaczKjj6egUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsb
-LBYu7lYBh/bI1FMHZ5kLRr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9i
-US6YHSm6a4r7Qw5oKfW+Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRfo
-RlKvUIqmfhZpg2lbbk3Hz4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8
-LeYzJ14hJ7ncOEjWOpbhF0dlZc49AgMBAAGjSDBGMEQGA1UdAQQ9MDuAEM61es/l
-Icdr8+yS1L9lKjWhFTATMREwDwYDVQQDEwhUZXN0Um9vdIIQNDAnfwU9lYVDoKT1
-DJrnyjAJBgUrDgMCHQUAA4IBAQBrDeAK0O5bP7ZzSGLo9Fvh7dkAxeUOaPtTMzBq
-YLruOFtRY3DVfgX+5EUqFWIb/Nh1k1b25gaFIfcIRya5/gVOkCJU9DkJTFyOzXw7
-r0stGAb0XCQqZPdZdSiXqZAsukYCamRmSTLLXTT+JOREsMKtFxsFfdNYiC6+Dtcr
-yly/KCU92Ls8OFLmJ/rSuEVrX39LsCMF6K9n6OJsL5/4c3/DF7yyalsq82vT3H/f
-L9CrBgz+A+eNguyEPch97ctqWzVIVQf7qngaAbuYRYvaiuMhV4YVIxdQG5y8Glmo
-Kq06fgEkg/ewYea9T9mRkKcquQw7q5UgHPB0zgK6FF3xkSVK
------END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
+VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQKDAlUaWFu
+b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdDEiMCAGCSqG
+SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDBaFw0x
+NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNV
+BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYD
+VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9y
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3u8GL/
+2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9eqW9fk
+GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTDhGULw7x
+phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM/Z3qS
+HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
+Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZWOtC010
++lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8GA1Ud
+IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSIngavTGdHtcv
+ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD9hrI3aYI
+WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5jFC
+14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
+oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIrM
+QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunORmgIwd
+-----END CERTIFICATE-----
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
index 67f9d2560b..de988856e5 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
@@ -1,57 +1,59 @@
-Bag Attributes
-    localKeyID: 01 00 00 00 
-    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
-    friendlyName: PvkTmp:11e8b08d-46fb-45a2-90c4-d458be4a1276
-Key Attributes
-    X509v3 Key Usage: 80 
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCfNn3oUo5iCBXg
-x1AUxgHG/h23/WyThgYj2NAToG3S51i0MGamyjGP8GbBphRc0ORpIhQE8Va+NPjW
-cdoh4sXLOroW3Es26sR+cxdRwNF0/YxK/+JboYDmdUecgcwqipIv795bVQjRLCyT
-/+LjLXs/B3XM/jc4jHa7gs+AmwH2DXz9VTsIHmXrm/KGZ64VQzFbJYJl+KvFAmlm
-LcL+t099lyiJYL+3LY2ajonzkAidVQylIfsmhAlcnGee6MYfPxLQRe4pIIlhyXAK
-ZixBnAlZvifo3JRwTKXRHzkj6Vp5KhDsi/31Y54iLJQHiet/FlymIHrtkFpC47xi
-ndF6jNpfAgMBAAECggEAD4owC9xS+A/gosnmxRWhLXJhet3fb8llvAX4zpGau+Uc
-wVRKu1OCNucOAISx+W/iJhN6GhQRlWByO+wXkGB5UcwaRwpFb8dxBQPoGMYAgQdm
-XsOkV7E8dZdTirEYjmZsElsP5vY2dW7MWGhiFYO7mHv6ltbmk5G83Qci3biYyRKB
-4Qb+q/1yl9tdqRvMnLshgSNSa2onGiJ8k9NniSnfnKCc4S0pliy2Z5HOPQCi2QAk
-eVWORHz5jL8lzlVCflOL7VZiS13YORMDIj0S9LyMhXO4bAtsgWfldqOupNgNW0qI
-FwzrNvIXhQxeUiqylzfKNCzuBA11CFBnPt/+agv10QKBgQDH82PHMC3GH8Teq0lw
-J5G+zYQol1ikRU7O116cAcV04P8HAiAmZ2lrP4DSJWD3y3sOjnnK54KmXkHVcNJI
-IDjb8d/BZjuYqdylfKhoKNgAdI1WcNKOz7KOK6Le8/ZK1uh1ZHMA6M+L9mTtQjhW
-DyoMvEGsQmNHnYF5n3zPQWUMFQKBgQDL17jZMLOORK2U+Iqu0cTVttGUjg/agP+r
-D4RWwA6BKI0vW3fFOka9MsjBpRZkZdXucq1TusDl8/J30FD/Cjp/gt9RwCQAvk44
-Zp6HU3TFEsBdXU+3XeJqTtyJqFuPkRQWrd0UeudSiEJammAlzyF7pPZioF1mucOA
-nCcDecLFowKBgBv1gKI9rmjh0FmCggZYwhx4CF7UquRtfJOXsfcGmGG7hG2qcmxs
-UWVZv92itGhx34ctjQI+VRqGW5ZI7F6BgvHeZHdaoEK8ncnWIIZQD8QgiBLqO8cU
-a9dNarzaSDo2ytJ/dUVPSJY9oec7Nz1xaWPWfyhjMBa3g39KOd2RO1vxAoGBAMRD
-Q9r6JSeJwId6diy0FAyhJVEfJux+36tYGVddO5nn7Wf3bW4cGhf4WYr45IJt+njH
-OVMwsKG3K3FoxVOKCaDT5SjVEtUUZkOvqlspY3iMAWLjgOlQH7uzimuQCfhE+06K
-wB4D581zHFAX6xL8R4TA4+k59jP+D9o4fue9yGZ5AoGAMn+TsY1IZFSY1fw6TTHq
-sp9PiYQQqTMjRkzE7GRXbb1rdE6WoLkSk4Dz4u/B9E7YVzTZggYhPisChu6wZPtK
-IiXBGu8h3GygUGI/WdNRKHW5nst9IZWrtVJ06c87jWqOktbgBnrbqXUG1rgRZr+i
-n3sJLF+GGwzdp/gCxLMH66M=
------END PRIVATE KEY-----
-Bag Attributes
-    localKeyID: 01 00 00 00 
-subject=/CN=TestSub
-issuer=/CN=TestRoot
------BEGIN CERTIFICATE-----
-MIIDADCCAeygAwIBAgIQs4xkpm0/PYFLyLk1Nd0c0zAJBgUrDgMCHQUAMBMxETAP
-BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDIwOVoXDTM5MTIzMTIzNTk1OVow
-EjEQMA4GA1UEAxMHVGVzdFN1YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAJ82fehSjmIIFeDHUBTGAcb+Hbf9bJOGBiPY0BOgbdLnWLQwZqbKMY/wZsGm
-FFzQ5GkiFATxVr40+NZx2iHixcs6uhbcSzbqxH5zF1HA0XT9jEr/4luhgOZ1R5yB
-zCqKki/v3ltVCNEsLJP/4uMtez8Hdcz+NziMdruCz4CbAfYNfP1VOwgeZeub8oZn
-rhVDMVslgmX4q8UCaWYtwv63T32XKIlgv7ctjZqOifOQCJ1VDKUh+yaECVycZ57o
-xh8/EtBF7ikgiWHJcApmLEGcCVm+J+jclHBMpdEfOSPpWnkqEOyL/fVjniIslAeJ
-638WXKYgeu2QWkLjvGKd0XqM2l8CAwEAAaNZMFcwDwYDVR0TAQH/BAUwAwEB/zBE
-BgNVHQEEPTA7gBDOtXrP5SHHa/PsktS/ZSo1oRUwEzERMA8GA1UEAxMIVGVzdFJv
-b3SCEDQwJ38FPZWFQ6Ck9Qya58owCQYFKw4DAh0FAAOCAQEAFT8uXdMSHCmatVNg
-LMKsyVA/jJgXGncHmAy59Vjo2+KCIooEuY3NaK527LxB1yi9+UyMe2+Ia4KWcEGY
-+mb+PDTDrlsYtjIU3aRzDpyXUrkYV/D6vZaw+zsgAquQkCi+WwEYZ4uCSUznlcyt
-U3p2Rd/+tvQqq5UerPfRBIs6JTUerwRGUQurTNpzqCGClo3zi58yuOEbNIrOzW1D
-MtQFKUtKkMx4rg6NT9kq/ICXt8k3UIsXh52NTYchkLlsnCgaoKzW2DFqSMFL3KC0
-NmQtmKaPo3mBIYJT0WDofYzas2TQO8cBiQHGrSqXNFAfI5eUo3qLtsRE+7Z9F2Mw
-HgNmsA==
------END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4098 (0x1002)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = CN, ST = SH, L = SH, O = TianoCore, OU = EDKII, CN = TestRoot, emailAddress = edkii@tianocore.org
+        Validity
+            Not Before: Apr 10 08:33:45 2017 GMT
+            Not After : Apr 10 08:33:45 2018 GMT
+        Subject: C = CN, ST = SH, O = TianoCore, OU = EDKII, CN = TestSub, emailAddress = edkii@tianocore.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c5:3a:af:16:34:9a:14:61:74:8c:39:1a:04:1f:
+                    7b:95:d3:40:b7:ea:26:a7:7b:8d:76:d3:86:1b:7c:
+                    07:17:d2:56:72:36:13:b4:6c:75:b7:bf:d1:35:d1:
+                    31:d5:9a:07:c1:62:4e:aa:3d:bd:d8:40:8b:48:9a:
+                    c5:46:c4:c3:10:2c:d4:82:d9:6d:f4:c3:de:85:fa:
+                    34:1d:d1:74:7a:5f:16:34:59:2b:2b:03:61:46:62:
+                    d7:88:62:59:4d:d8:55:00:52:54:e1:15:5e:a9:ec:
+                    d6:e8:51:fd:ef:8e:68:5f:d2:40:d2:61:ef:2c:1d:
+                    5b:a7:6e:14:4c:12:bc:60:81:8e:66:c9:84:51:c2:
+                    89:51:fc:e5:7f:86:9a:78:a4:c1:f7:0f:a9:a5:97:
+                    60:dd:6f:c8:a0:fd:ea:07:2f:01:36:0a:e8:bd:0e:
+                    dc:48:2e:85:22:7b:bb:db:68:78:eb:cd:6a:54:07:
+                    f7:81:a5:52:8f:f3:5c:09:1e:76:a3:d1:91:8f:ee:
+                    86:2c:85:49:99:96:4f:5f:5b:0d:08:ae:d8:20:e8:
+                    e3:67:70:c6:ec:0e:0e:bd:bf:3c:f6:db:e4:45:d5:
+                    7a:bb:9f:d1:3b:18:89:fc:63:ac:c2:30:b8:fa:bb:
+                    8a:24:63:4e:79:58:78:72:ab:27:36:3d:bb:4f:47:
+                    d6:ef
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D6:9D:66:D6:49:7C:FA:20:8D:5D:75:69:2A:41:0A:7A:03:5A:A5:EB
+            X509v3 Authority Key Identifier: 
+                keyid:16:AA:D6:8E:1B:2D:43:F3:2D:B0:24:AD:36:65:3F:B2:FA:B1:2C:ED
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         83:3c:ae:b2:fc:99:3d:33:b3:da:ca:26:83:8c:a9:ae:f8:bb:
+         ad:05:37:97:a5:f8:0d:2b:4e:3e:e5:b7:12:68:f8:64:d4:bd:
+         ff:65:7d:57:98:61:cd:47:10:a5:6a:bd:66:89:74:ce:5e:28:
+         29:39:67:c9:1f:54:ec:78:76:b1:dd:04:91:63:b6:8c:2f:86:
+         59:1f:c4:2b:a1:4a:8c:a8:5b:f6:8a:92:f0:83:bb:92:92:5c:
+         b1:1c:18:95:3d:d6:be:6d:79:9d:4f:7b:92:1f:68:f5:1f:cd:
+         f4:37:2d:1e:e3:f6:eb:f2:8a:a4:8d:a1:c5:db:0c:3a:59:01:
+         dc:be:a9:c1:0b:04:ba:e8:02:a9:85:cd:d7:48:0d:f6:60:30:
+         2b:05:ba:e0:c7:d8:9f:23:14:37:04:0a:a7:bc:b6:c8:25:31:
+         e4:9a:41:a5:83:c2:ee:89:d3:fa:a5:7c:ae:a6:14:22:a4:5f:
+         73:03:f2:7b:3c:51:f7:76:2a:0a:cf:ee:71:35:1c:bc:ff:3f:
+         9b:d5:b1:33:e0:b6:fc:2a:c8:ab:84:89:cd:fa:1c:ee:12:8c:
+         07:ba:93:46:50:b3:3f:73:05:be:67:58:60:90:05:2c:d3:b6:
+         19:7c:a4:f0:6e:ee:d4:f2:0e:f5:02:79:5f:2c:28:83:1e:83:
+         c6:92:ba:7c
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
index a12d8374ae..04402ea983 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
@@ -1,19 +1,23 @@
------BEGIN CERTIFICATE-----
-MIIDADCCAeygAwIBAgIQs4xkpm0/PYFLyLk1Nd0c0zAJBgUrDgMCHQUAMBMxETAP
-BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDIwOVoXDTM5MTIzMTIzNTk1OVow
-EjEQMA4GA1UEAxMHVGVzdFN1YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAJ82fehSjmIIFeDHUBTGAcb+Hbf9bJOGBiPY0BOgbdLnWLQwZqbKMY/wZsGm
-FFzQ5GkiFATxVr40+NZx2iHixcs6uhbcSzbqxH5zF1HA0XT9jEr/4luhgOZ1R5yB
-zCqKki/v3ltVCNEsLJP/4uMtez8Hdcz+NziMdruCz4CbAfYNfP1VOwgeZeub8oZn
-rhVDMVslgmX4q8UCaWYtwv63T32XKIlgv7ctjZqOifOQCJ1VDKUh+yaECVycZ57o
-xh8/EtBF7ikgiWHJcApmLEGcCVm+J+jclHBMpdEfOSPpWnkqEOyL/fVjniIslAeJ
-638WXKYgeu2QWkLjvGKd0XqM2l8CAwEAAaNZMFcwDwYDVR0TAQH/BAUwAwEB/zBE
-BgNVHQEEPTA7gBDOtXrP5SHHa/PsktS/ZSo1oRUwEzERMA8GA1UEAxMIVGVzdFJv
-b3SCEDQwJ38FPZWFQ6Ck9Qya58owCQYFKw4DAh0FAAOCAQEAFT8uXdMSHCmatVNg
-LMKsyVA/jJgXGncHmAy59Vjo2+KCIooEuY3NaK527LxB1yi9+UyMe2+Ia4KWcEGY
-+mb+PDTDrlsYtjIU3aRzDpyXUrkYV/D6vZaw+zsgAquQkCi+WwEYZ4uCSUznlcyt
-U3p2Rd/+tvQqq5UerPfRBIs6JTUerwRGUQurTNpzqCGClo3zi58yuOEbNIrOzW1D
-MtQFKUtKkMx4rg6NT9kq/ICXt8k3UIsXh52NTYchkLlsnCgaoKzW2DFqSMFL3KC0
-NmQtmKaPo3mBIYJT0WDofYzas2TQO8cBiQHGrSqXNFAfI5eUo3qLtsRE+7Z9F2Mw
-HgNmsA==
------END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID1jCCAr6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAkNO
+MQswCQYDVQQIDAJTSDELMAkGA1UEBwwCU0gxEjAQBgNVBAoMCVRpYW5vQ29yZTEO
+MAwGA1UECwwFRURLSUkxETAPBgNVBAMMCFRlc3RSb290MSIwIAYJKoZIhvcNAQkB
+FhNlZGtpaUB0aWFub2NvcmUub3JnMB4XDTE3MDQxMDA4MzM0NVoXDTE4MDQxMDA4
+MzM0NVowdDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFu
+b0NvcmUxDjAMBgNVBAsMBUVES0lJMRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZI
+hvcNAQkBFhNlZGtpaUB0aWFub2NvcmUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAxTqvFjSaFGF0jDkaBB97ldNAt+omp3uNdtOGG3wHF9JWcjYT
+tGx1t7/RNdEx1ZoHwWJOqj292ECLSJrFRsTDECzUgtlt9MPehfo0HdF0el8WNFkr
+KwNhRmLXiGJZTdhVAFJU4RVeqezW6FH9745oX9JA0mHvLB1bp24UTBK8YIGOZsmE
+UcKJUfzlf4aaeKTB9w+ppZdg3W/IoP3qBy8BNgrovQ7cSC6FInu722h4681qVAf3
+gaVSj/NcCR52o9GRj+6GLIVJmZZPX1sNCK7YIOjjZ3DG7A4Ovb889tvkRdV6u5/R
+OxiJ/GOswjC4+ruKJGNOeVh4cqsnNj27T0fW7wIDAQABo2MwYTAdBgNVHQ4EFgQU
+1p1m1kl8+iCNXXVpKkEKegNapeswHwYDVR0jBBgwFoAUFqrWjhstQ/MtsCStNmU/
+svqxLO0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN
+AQELBQADggEBAIM8rrL8mT0zs9rKJoOMqa74u60FN5el+A0rTj7ltxJo+GTUvf9l
+fVeYYc1HEKVqvWaJdM5eKCk5Z8kfVOx4drHdBJFjtowvhlkfxCuhSoyoW/aKkvCD
+u5KSXLEcGJU91r5teZ1Pe5IfaPUfzfQ3LR7j9uvyiqSNocXbDDpZAdy+qcELBLro
+AqmFzddIDfZgMCsFuuDH2J8jFDcECqe8tsglMeSaQaWDwu6J0/qlfK6mFCKkX3MD
+8ns8Ufd2KgrP7nE1HLz/P5vVsTPgtvwqyKuEic36HO4SjAe6k0ZQsz9zBb5nWGCQ
+BSzTthl8pPBu7tTyDvUCeV8sKIMeg8aSunw=
+-----END CERTIFICATE-----
-- 
2.12.2.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] BaseTools/Pkcs7Sign: Update the test certificates & Readme.md
Posted by Yao, Jiewen 6 years, 11 months ago
Reviewed-by: Jiewen.yao@intel.com

Do we also need update the default PCD definition in SecurityPkg?

Thank you
Yao Jiewen

> -----Original Message-----
> From: Long, Qin
> Sent: Tuesday, April 11, 2017 3:56 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; Dong, Eric <eric.dong@intel.com>
> Cc: edk2-devel@lists.01.org
> Subject: [Patch] BaseTools/Pkcs7Sign: Update the test certificates & Readme.md
> 
> The old TestRoot certificate used for Pkcs7Sign is not compliant to
> Root CA certificate requirement with incorrect basic constraints and
> key usage setting.
> When OpenSSL in CryptoPkg was updated from 1.0.2xx to the latest
> 1.1.0xx, the CA certificate checking was enforced for more extension
> validations, which will raise the verification failure when stilling
> using the old sample certificates.
> 
> This patch re-generated one set of test certificates used in
> Pkcs7Sign demo, and updated the corresponding Readme.md to describe
> how to set the options in openssl configuration file.
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Long Qin <qin.long@intel.com>
> ---
>  BaseTools/Source/Python/Pkcs7Sign/Readme.md        |  42 +++++++-
>  BaseTools/Source/Python/Pkcs7Sign/TestCert.pem     | 117
> +++++++++++----------
>  BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem |  44 ++++----
>  BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer     | Bin 756 -> 1008 bytes
>  BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem     | 114
> ++++++++++----------
>  BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem |  41 ++++----
>  BaseTools/Source/Python/Pkcs7Sign/TestSub.pem      | 116
> ++++++++++----------
>  BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem  |  42 ++++----
>  8 files changed, 286 insertions(+), 230 deletions(-)
> 
> diff --git a/BaseTools/Source/Python/Pkcs7Sign/Readme.md
> b/BaseTools/Source/Python/Pkcs7Sign/Readme.md
> index c904907000..fee0327876 100644
> --- a/BaseTools/Source/Python/Pkcs7Sign/Readme.md
> +++ b/BaseTools/Source/Python/Pkcs7Sign/Readme.md
> @@ -21,10 +21,44 @@ You may need the following steps for initialization:
> 
>      rd ./demoCA /S/Q
>      mkdir ./demoCA
> -    echo "" > ./demoCA/index.txt
> +    echo.>./demoCA/index.txt
>      echo 01 > ./demoCA/serial
>      mkdir ./demoCA/newcerts
> 
> +OpenSSL will apply the options from the specified sections in openssl.cnf when
> creating certificates or certificate signing requests. Make sure your configuration
> in openssl.cnf is correct and rational for certificate constraints.
> +The following sample sections were used when generating test certificates in
> this readme.
> +    ...
> +    [ req ]
> +    default_bits        = 2048
> +    default_keyfile     = privkey.pem
> +    distinguished_name  = req_distinguished_name
> +    attributes          = req_attributes
> +    x509_extensions     = v3_ca       # The extensions to add to the self
> signed cert
> +    ...
> +    [ v3_ca ]
> +    # Extensions for a typical Root CA.
> +    subjectKeyIdentifier=hash
> +    authorityKeyIdentifier=keyid:always,issuer
> +    basicConstraints = critical,CA:true
> +    keyUsage = critical, digitalSignature, cRLSign, keyCertSign
> +    ...
> +    [ v3_intermediate_ca ]
> +    # Extensions for a typical intermediate CA.
> +    subjectKeyIdentifier = hash
> +    authorityKeyIdentifier = keyid:always,issuer
> +    basicConstraints = critical, CA:true
> +    keyUsage = critical, digitalSignature, cRLSign, keyCertSign
> +    ...
> +    [ usr_cert ]
> +    # Extensions for user end certificates.
> +    basicConstraints = CA:FALSE
> +    nsCertType = client, email
> +    subjectKeyIdentifier = hash
> +    authorityKeyIdentifier = keyid,issuer
> +    keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
> +    extendedKeyUsage = clientAuth, emailProtection
> +    ...
> +
>  * Generate the certificate chain:
> 
>  NOTE: User MUST set a UNIQUE "Common Name" on the different certificate
> @@ -37,7 +71,7 @@ Generate a root key:
> 
>  Generate a self-signed root certificate:
> 
> -    openssl req -new -x509 -days 3650 -key TestRoot.key -out TestRoot.crt
> +    openssl req -extensions v3_ca -new -x509 -days 3650 -key TestRoot.key
> -out TestRoot.crt
>      openssl x509 -in TestRoot.crt -out TestRoot.cer -outform DER
>      openssl x509 -inform DER -in TestRoot.cer -outform PEM -out
> TestRoot.pub.pem
> 
> @@ -50,7 +84,7 @@ Generate the intermediate key:
>  Generate the intermediate certificate:
> 
>      openssl req -new -days 3650 -key TestSub.key -out TestSub.csr
> -    openssl ca -extensions v3_ca -in TestSub.csr -days 3650 -out TestSub.crt
> -cert TestRoot.crt -keyfile TestRoot.key
> +    openssl ca -extensions v3_intermediate_ca -in TestSub.csr -days 3650 -out
> TestSub.crt -cert TestRoot.crt -keyfile TestRoot.key
>      openssl x509 -in TestSub.crt -out TestSub.cer -outform DER
>      openssl x509 -inform DER -in TestSub.cer -outform PEM -out
> TestSub.pub.pem
> 
> @@ -63,7 +97,7 @@ Generate User key:
>  Generate User certificate:
> 
>      openssl req -new -days 3650 -key TestCert.key -out TestCert.csr
> -    openssl ca -in TestCert.csr -days 3650 -out TestCert.crt -cert TestSub.crt
> -keyfile TestSub.key`
> +    openssl ca -extensions usr_cert -in TestCert.csr -days 3650 -out TestCert.crt
> -cert TestSub.crt -keyfile TestSub.key
>      openssl x509 -in TestCert.crt -out TestCert.cer -outform DER
>      openssl x509 -inform DER -in TestCert.cer -outform PEM -out
> TestCert.pub.pem
> 
> diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
> b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
> index 7e1035816c..6378567523 100644
> --- a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
> +++ b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
> @@ -1,57 +1,60 @@
> -Bag Attributes
> -    localKeyID: 01 00 00 00
> -    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
> -    friendlyName: PvkTmp:133cc061-112c-467a-b8cf-dc0a56d7830e
> -Key Attributes
> -    X509v3 Key Usage: 80
> ------BEGIN PRIVATE KEY-----
> -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCSPHYSohF+fim
> 4
> -89iNx8CcCG/fPb7KLu9Dsq+pB4Pc/UJtaaA+D7RK3PhqNCrWbb+gCNgm7lxiOCrH
> -mm0tPal71UV8VFUiTM7Zf1y8VBFCHJ92ykmS7MDwqV25oMGGocz4jdcPl3r2yFF
> q
> -d9jaBAPjUsHRbs8AC8CKHexOACfeydgQoj9KPWH9DUFQyXcbtMyGXAvFCktnSN
> RQ
> -f01UdNJebeD6+wlQn0sUaojn1lu570OdZ3AkJlm6bTEKvfHeOB21GaHnQ1O1RVtq
> -vd/KjFHhxSSw8meTsyqN/Toa/80FyUKEmTIaJdEaq/C2XKaUACezsYqvRxDq+pli
> -kyiIpt6bAgMBAAECggEAEeqpdrf3l71iZEAwCJLwNM3N0xawEPp2Ix+56OY8UC+R
> -W3FlCiWHa+Kt5uk0VGhG4Zcj0IVEuV3zU9hGRxQ2dy8Wn9h/Q8AQWdKCbKqKIM
> T7
> -/qRjJkauju3ZR1x8SX/6anuKXWUsUh8R5o7/eRqj1U6242+FmhZWhTWMVbQsLl3y
> -AShlw56zwdto543Ssl+MLuUtkxT4UZwmo6k/BucvdYsvwWp8dAluhDp2onAfOML
> n
> -10Bk3Bl9AgnpcQEeGwFConmgBv31UhdYftfIj2R4tTZRDuC+GzRT6jl1Qu6JfPSp
> -30tmW5x3aa3946VZw2DKNiBqqYllJM1+kkzmGj+jgQKBgQC1Pzl8gv3q2TH9MlTD
> -Tn9rUEs5OhjCrgZrSXoY2rfLcqJf2Tqm6I4xsVXvuePMyu8+DRD1Xizq6otUzNsN
> -qh+UVkGRrFYRsgCgv1ratUti2ZlIPrR3JZsz8f23TAMGFFWCNHDH2rb1UanRD+g8
> -vO4fQM8FPxBfb6wcgDYqNNMdGwKBgQDOjKhqp5sNNXNF7/rfH6H8RfKVOXuC
> K1Xy
> -PU3Hgzd1wMfoebku4j5zQi2topzy664k9oeLCJj4GNDeHAqMttWD6TzDlMGJfdnj
> -bNcrr+HnqUXByU2kS+bcTgBzsyT/1m1M7pKwtSYJzYXP1AHQny3Ip5kutCMo19td
> -R4LfdebcgQKBgF3CHQzJ/mw0euWN2cdGnid3W9J4uUJMH8n0MpMU4ar+2/xVN
> UAO
> -YTBXmirusGbKO8SPocwsMXQ8bGMrrc19yeREUpr22XdB6408L9WfnyW9hsuWlG
> hm
> -LclLT4I4cf/9GNbIJedcvvRckEozvmFdIplMP0tpeiDEdfYwZNSkiuktAoGBAL5m
> -gTXYDSFO/VUiFFOsOElyPV174LOsuQyVoGZjOjOtI1rVInTqkAD1p1/hf+aahSyD
> -qYzrvv8s+RVWKg9u10JDNgVg0kupHLr98RfPiWJg8vHhXFYwtb6tlNMS9+9yvczm
> -O4jzY/4zW7+qQoYKxkyq2pVn7uVOnmPNcQIHEGqBAoGBAJMfZV2vpxY6kti8SXz
> b
> -PscYI3ZbbKyJLq4+KHGcKCqqbLiY4ao8vflDyDwBm+TJg4xq9wjJAN2riE9nuuds
> -99mYW/8R30BIfiH/4oBHjggb0NC5K3vHR4KGDKcUiIKZPv1r7mNeYw227N4n/dPM
> -NXjlZVuS6mqc2T+GPzAJj/Uf
> ------END PRIVATE KEY-----
> -Bag Attributes
> -    localKeyID: 01 00 00 00
> -subject=/CN=TestCert
> -issuer=/CN=TestSub
> ------BEGIN CERTIFICATE-----
> -MIIC/TCCAemgAwIBAgIQ0+nLBVt+jbJMSfzhFpRJrDAJBgUrDgMCHQUAMBIxEDA
> O
> -BgNVBAMTB1Rlc3RTdWIwHhcNMTYwODA0MTUwMjMwWhcNMzkxMjMxMjM
> 1OTU5WjAT
> -MREwDwYDVQQDEwhUZXN0Q2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADC
> CAQoC
> -ggEBAJI8dhKiEX5+Kbjz2I3HwJwIb989vsou70Oyr6kHg9z9Qm1poD4PtErc+Go0
> -KtZtv6AI2CbuXGI4KseabS09qXvVRXxUVSJMztl/XLxUEUIcn3bKSZLswPCpXbmg
> -wYahzPiN1w+XevbIUWp32NoEA+NSwdFuzwALwIod7E4AJ97J2BCiP0o9Yf0NQVD
> J
> -dxu0zIZcC8UKS2dI1FB/TVR00l5t4Pr7CVCfSxRqiOfWW7nvQ51ncCQmWbptMQq9
> -8d44HbUZoedDU7VFW2q938qMUeHFJLDyZ5OzKo39Ohr/zQXJQoSZMhol0Rqr8LZ
> c
> -ppQAJ7Oxiq9HEOr6mWKTKIim3psCAwEAAaNWMFQwDAYDVR0TAQH/BAIwADB
> EBgNV
> -HQEEPTA7gBAeQOcW6KCBdWSbrvKQrBrfoRUwEzERMA8GA1UEAxMIVGVzdFJvb
> 3SC
> -ELOMZKZtPz2BS8i5NTXdHNMwCQYFKw4DAh0FAAOCAQEAK7YgK6iiTo07d3CSY4x
> G
> -9N0QS2m4LsBPrF8pFmk5h6R81MFEdBZrA+zggbUujQ2IGB7k6F7WvP3F3B3AXZtx
> -DW1FYrQheQhTT5wx85LxFdLy+q6uwUtJi/VyErPmZOcds3QaBXPvG/UykFbu24JV
> -K2ScLpQVyzmkTN7GWSXrIO6eHHMQgeRX3XjRutbR8CKP1pWTOY+MO4G6YZqrz
> Ldp
> -opYFPgvdZpTL3IKSSkp31Amu5oidkvzLgallC3SOYdLZirWEIAAXW2LVYXwiiL6L
> -HEIV/G9u85jhKhv/z9l8F/1Eg4HHGSYba8pf1HQA+WsQwi4BVp4x4MBoeHOolyVT
> -/A==
> ------END CERTIFICATE-----
> +Bag Attributes
> +    localKeyID: 32 25 22 FA 81 B3 BF 25 E2 F7 8F 0B 1B C4 50 70 BB B7 85 96
> +subject=/C=CN/ST=SH/O=TianoCore/OU=EDKII/CN=TestCert/emailAddress=ed
> kii@tianocore.org
> +issuer=/C=CN/ST=SH/O=TianoCore/OU=EDKII/CN=TestSub/emailAddress=edkii
> @tianocore.org
> +-----BEGIN CERTIFICATE-----
> +MIIEKzCCAxOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhM
> CQ04x
> +CzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBU
> VES0lJ
> +MRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZIhvcNAQkBFhNlZGtpaUB0aWFu
> b2Nv
> +cmUub3JnMB4XDTE3MDQxMDA4MzgwNFoXDTE4MDQxMDA4MzgwNFowdTEL
> MAkGA1UE
> +BhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBg
> NVBAsM
> +BUVES0lJMREwDwYDVQQDDAhUZXN0Q2VydDEiMCAGCSqGSIb3DQEJARYTZWR
> raWlA
> +dGlhbm9jb3JlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPe
> +
> +2NX/Tf0iWMJgYMXMoWOiveX9FGx9YcwH+BKn9ZPZHig6CsZ6B17fwBWek8rIOA
> OR
> +W8FL+UyRhsnKF/oKjMN7awiLjackjq8m0bPFHVl4dJooulHmSPCsRMeG/pWs4DV
> P
> +WiIoF1uvXN6MZ3zt0hofgqPnGjJQF0HLECrPqyBv7sit9fIaNZ/clqcR3ZqdXQRU
> +fEk7dE8pg+ZjNNa/5WTGwSBB7Ieku4jGbKybvpj6FtEP/8YyAJC3fOD+Y4PIQCnF
> +xzWchOGrFcoeqgf/hLhzoiRvalgnvjczbo3W4sgFwFD/WxoDqb1l1moHyOubw5oT
> +CdD+J+QwdFl1kCkG+K8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSA
> GG+EIB
> +AQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW
> 50
> +IENlcnRpZmljYXRlMB0GA1UdDgQWBBTACEuCjiL/cFrP+l8hECWctq+Q+TAfBgNV
> +HSMEGDAWgBTWnWbWSXz6II1ddWkqQQp6A1ql6zAOBgNVHQ8BAf8EBAMCBe
> AwHQYD
> +VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4I
> BAQA7
> +vYHdpk9u63dpMKAt5MrKU9dxVn/wuqNaYQMucvQLpcE12fgWMhV2wOHlmk3f
> Jxq7
> +CnD8QVaRbL3OQYWQQDA+sGNSJ9r71WFFET++94Rny6BzTz+dkrvIS4WaL/vLZ17c
> +/gOsMCZUlhodxDcSSkachab3eE/VTEzOMUm41YYeW7USIoNSSgkWSnwZQVgcIg
> 93
> +F9X6lIr0Ik6rxHMq2ManiuSh6cMjJMGYGf2/58TySIefrXTe2A3TKQR27OYjfXJO
> +l/H7u+4HS9AVCA7b9NihR5iSho5HrWqNC4Mmuz8D8iFOI2nWcek86StDswtoqDtu
> +yekXblzF5lQY0goqDiks
> +-----END CERTIFICATE-----
> +Bag Attributes
> +    localKeyID: 32 25 22 FA 81 B3 BF 25 E2 F7 8F 0B 1B C4 50 70 BB B7 85 96
> +Key Attributes: <No Attributes>
> +-----BEGIN PRIVATE KEY-----
> +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQD3vtjV/039IljC
> +YGDFzKFjor3l/RRsfWHMB/gSp/WT2R4oOgrGegde38AVnpPKyDgDkVvBS/lMkYbJ
> +yhf6CozDe2sIi42nJI6vJtGzxR1ZeHSaKLpR5kjwrETHhv6VrOA1T1oiKBdbr1ze
> +jGd87dIaH4Kj5xoyUBdByxAqz6sgb+7IrfXyGjWf3JanEd2anV0EVHxJO3RPKYPm
> +YzTWv+VkxsEgQeyHpLuIxmysm76Y+hbRD//GMgCQt3zg/mODyEApxcc1nIThqxX
> K
> +HqoH/4S4c6Ikb2pYJ743M26N1uLIBcBQ/1saA6m9ZdZqB8jrm8OaEwnQ/ifkMHRZ
> +dZApBvivAgMBAAECggEBAJ8NtLJ27T/1vBxWuepjfL217sroFyOrv4y5FQgNMvnP
> +q6/Ry7cvAupjJjP7EhFfR67qtIi92PjSeUG18HzEJykdZFMhHTlQnBZRCtKqWzRk
> +xB9wxGXuPafeQW4D+hBn4632GvzQ1mYziKEMbShkmr3QuxO1PDlO+A9yahfCK
> bBx
> +SPCo+McV+N4c8ft/0UPMxqJLcZSMWscrBMCw1OhGdHry4CEr+NWHBeAAUWX
> rGSlq
> +BPwM6PT00fku1RwQrw0QZw0YKL8VH5iA/uD8hfuaO2YUlt2Z025csNRyIPrizr6v
> +Q8Is7jetqPpXulWSBtSYoghTj97DeYQQsQwck+tQN6kCgYEA/beFmdojyc9CoLkd
> +0MgwyPBdWma77rj80PAgeRm0hl2KQa8pA6dL/1y5x3vA25gqBr++q+KmSkYT6z/
> Z
> +n3llOk6pRlSWFlxuSLHVjOb/Qp1V/uxEG68Tg8L/I3SlMWiQ+/MnsXNHh+WEtKcZ
> +FCVd0ASA4NbsKYKflT2QgraDB00CgYEA+fmRrwRlkh2OxVrxpGFER2uosYGlwQiq
> +Xb75eU8BnpO8CCnXtBK4Uv3J6l/zfc+Tr2LzzgPkQiWd4NF1/EFxCNQA5kxGcPf5
> +F4f8dPr8CrADO1JNrX2ITHsosaaC1ImdW/r6tl66Ie2ueCImk5Yfu5DQv7JrKh/d
> +lrTEUxJL2esCgYEA2VKBla9MSGjH4XOvHk7busJotC6be3fo1e9ZYWGrSAyHiIvI
> +zeBXMHz0hPJz16UXGoDTideyKJyuIyul9Pu+wZrvU9bQWIcD0DDDgtW6gAzUxG8
> M
> +R8pHJO26LVyUwyWWSrmUnmLoOndWnIck7CS1nqC849o0n7nLh8IcLlq3EWECgY
> EA
> +1HkeLE4na2f2R6fChv8qAy7uJ1rUodwUuzQtZsAR11EpXSL7tpLG27veGXpPQ9vh
> +Yw1PwAesx9Cjfklr6OtTAbb5wMaKhVExB6BNpL0E6KytQon1foaaCLASadXnlHIY
> +L+uHmOWxfk9BodkdQwsyk8JGvPoRfq+xMH0b9qQxltsCgYEAtNf8yvoTXUHa2zj
> e
> +PvI6OiQjuiON5UIt9KkQNrIrcm4wiQ2eVdkCQcUstuXtmBtvnsrxlay0jbSz2bV6
> +1sWlJIvfZJujC901yMs5+twr6jMuXZ6ashWF1f2UbwgtKvh49PPgly4RhWST3Kp1
> +J1AmCrzTwtaNmTZd1g5IYreXpKw=
> +-----END PRIVATE KEY-----
> diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
> b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
> index f5b0ceca2e..f98462718c 100644
> --- a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
> +++ b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
> @@ -1,19 +1,25 @@
> ------BEGIN CERTIFICATE-----
> -MIIC/TCCAemgAwIBAgIQ0+nLBVt+jbJMSfzhFpRJrDAJBgUrDgMCHQUAMBIxEDA
> O
> -BgNVBAMTB1Rlc3RTdWIwHhcNMTYwODA0MTUwMjMwWhcNMzkxMjMxMjM
> 1OTU5WjAT
> -MREwDwYDVQQDEwhUZXN0Q2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADC
> CAQoC
> -ggEBAJI8dhKiEX5+Kbjz2I3HwJwIb989vsou70Oyr6kHg9z9Qm1poD4PtErc+Go0
> -KtZtv6AI2CbuXGI4KseabS09qXvVRXxUVSJMztl/XLxUEUIcn3bKSZLswPCpXbmg
> -wYahzPiN1w+XevbIUWp32NoEA+NSwdFuzwALwIod7E4AJ97J2BCiP0o9Yf0NQVD
> J
> -dxu0zIZcC8UKS2dI1FB/TVR00l5t4Pr7CVCfSxRqiOfWW7nvQ51ncCQmWbptMQq9
> -8d44HbUZoedDU7VFW2q938qMUeHFJLDyZ5OzKo39Ohr/zQXJQoSZMhol0Rqr8LZ
> c
> -ppQAJ7Oxiq9HEOr6mWKTKIim3psCAwEAAaNWMFQwDAYDVR0TAQH/BAIwADB
> EBgNV
> -HQEEPTA7gBAeQOcW6KCBdWSbrvKQrBrfoRUwEzERMA8GA1UEAxMIVGVzdFJvb
> 3SC
> -ELOMZKZtPz2BS8i5NTXdHNMwCQYFKw4DAh0FAAOCAQEAK7YgK6iiTo07d3CSY4x
> G
> -9N0QS2m4LsBPrF8pFmk5h6R81MFEdBZrA+zggbUujQ2IGB7k6F7WvP3F3B3AXZtx
> -DW1FYrQheQhTT5wx85LxFdLy+q6uwUtJi/VyErPmZOcds3QaBXPvG/UykFbu24JV
> -K2ScLpQVyzmkTN7GWSXrIO6eHHMQgeRX3XjRutbR8CKP1pWTOY+MO4G6YZqrz
> Ldp
> -opYFPgvdZpTL3IKSSkp31Amu5oidkvzLgallC3SOYdLZirWEIAAXW2LVYXwiiL6L
> -HEIV/G9u85jhKhv/z9l8F/1Eg4HHGSYba8pf1HQA+WsQwi4BVp4x4MBoeHOolyVT
> -/A==
> ------END CERTIFICATE-----
> +-----BEGIN CERTIFICATE-----
> +MIIEKzCCAxOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhM
> CQ04x
> +CzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBU
> VES0lJ
> +MRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZIhvcNAQkBFhNlZGtpaUB0aWFu
> b2Nv
> +cmUub3JnMB4XDTE3MDQxMDA4MzgwNFoXDTE4MDQxMDA4MzgwNFowdTEL
> MAkGA1UE
> +BhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBg
> NVBAsM
> +BUVES0lJMREwDwYDVQQDDAhUZXN0Q2VydDEiMCAGCSqGSIb3DQEJARYTZWR
> raWlA
> +dGlhbm9jb3JlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPe
> +
> +2NX/Tf0iWMJgYMXMoWOiveX9FGx9YcwH+BKn9ZPZHig6CsZ6B17fwBWek8rIOA
> OR
> +W8FL+UyRhsnKF/oKjMN7awiLjackjq8m0bPFHVl4dJooulHmSPCsRMeG/pWs4DV
> P
> +WiIoF1uvXN6MZ3zt0hofgqPnGjJQF0HLECrPqyBv7sit9fIaNZ/clqcR3ZqdXQRU
> +fEk7dE8pg+ZjNNa/5WTGwSBB7Ieku4jGbKybvpj6FtEP/8YyAJC3fOD+Y4PIQCnF
> +xzWchOGrFcoeqgf/hLhzoiRvalgnvjczbo3W4sgFwFD/WxoDqb1l1moHyOubw5oT
> +CdD+J+QwdFl1kCkG+K8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSA
> GG+EIB
> +AQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW
> 50
> +IENlcnRpZmljYXRlMB0GA1UdDgQWBBTACEuCjiL/cFrP+l8hECWctq+Q+TAfBgNV
> +HSMEGDAWgBTWnWbWSXz6II1ddWkqQQp6A1ql6zAOBgNVHQ8BAf8EBAMCBe
> AwHQYD
> +VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4I
> BAQA7
> +vYHdpk9u63dpMKAt5MrKU9dxVn/wuqNaYQMucvQLpcE12fgWMhV2wOHlmk3f
> Jxq7
> +CnD8QVaRbL3OQYWQQDA+sGNSJ9r71WFFET++94Rny6BzTz+dkrvIS4WaL/vLZ17c
> +/gOsMCZUlhodxDcSSkachab3eE/VTEzOMUm41YYeW7USIoNSSgkWSnwZQVgcIg
> 93
> +F9X6lIr0Ik6rxHMq2ManiuSh6cMjJMGYGf2/58TySIefrXTe2A3TKQR27OYjfXJO
> +l/H7u+4HS9AVCA7b9NihR5iSho5HrWqNC4Mmuz8D8iFOI2nWcek86StDswtoqDtu
> +yekXblzF5lQY0goqDiks
> +-----END CERTIFICATE-----
> diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer
> b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer
> index
> e42f073d84af32513cc83f292ebc78ca6b5a6239..4c9bf0be5ae5d69e833808716c9985
> 77aba6d221 100644
> GIT binary patch
> literal 1008
> zcmXqLVt!-L#B^l=GZP~d6DPxgiANu8Pdo6#fR~L^tIebBJ1-+6H!FidW0N7b0Vf-C
> zC<~h~ld~U;!@<K8>;dDjgE>M50w85vJe(n!iFx_X`9-OQd<HxqF>W4KR~K(jPeVZi
> zeh{CTha)7lxFje)zr;|<Kml$eC!?5fYD#uyrb7wHh-9D<dih1^26E!OhUNw)h6V-}
> zM&>34QDCkqoI5xi*~F-X9C(bZ49rc8{0s(7j9g4jjEoFBH8pb*c&;mdt9|z&>Hp1>
> zt3rDkr-s>Y4-4LKs7dIkb*b`B-)l!gi$AZLx<dN%<hpqdPh^$mOlIf4zAF0q6Dh@(
> z>&cPK0rFo(LMKn0{WWOAe!iFt>&T!P)50FEKH|KaHN3)=aejnoFrVNQeZG&&Bp2
> ni
> zS!x^i9zXi}ot*JyqbUa?kMK<A7V?NU{+3Wu8-7Sww{~UwV$)X>o9)x9Cdo4f&rgb<
> zDfG8kT6dmyj)~`bfA;<ZFSF;xSDN0^is^Xw%_H&Fw8tK93#Q1-{T9>C_r8R4BCl=K
> z^P@gpRcjWuZcBF&4-K+<A?O>iXfi|6tLlcg=l9+(ZSdZin!J|Vx8zqO6Eh<N<Kkq4
> zL<3o18j$5<5n~Y%TXn5ZTG#or?go{$W~ug@er?owYakDjR%Vef5Np7$0F;Jgg&7(D
> zv#=U411SSOkN`hOfCZSG+mNFHn1+GTz{oK5-u)#aw<jr8NbNP8D|cO=OF%HTB=
> Lp8
> zk<X$p4MM)`=3%K2j@7x_Gik!bITtQSEMEMlM<eRWL|=}>-=t35UB(gdNObCNUE
> QvY
> z1`T^>ZF{JrV0ZV(@zB)s8scBx-P%`Pa5d<fXw~nv>;GPLoe=fR(CK>1X3wy!%kH1|
> zXC!p<KU)9g@f)F?kF3N5{d|in*Soj+l&Q_@HagIE=#Kib_iHB4TNroV#PxyJ@wvX&
> zubUT5{}J(Xo2kdgi(EzZe|>9Sp1I*6?HLq&FOV_VbkBsdJzZy<6_&gH*ACs#t@}Sz
> q)Vt-v;mZ@|Oz{rAn)FI(byCLN;A3}|-kqh}S6QPs=Sf;ak1PPVc5WX4
> 
> literal 756
> zcmXqLV)|gv#CT@`GZP~dlYohVdOfS{)K=#OOTO~VdVb1)lZ{oIkC{o9mBB#RP|$#%
> zjX9KsS(qavwYVfGKflC4PMp`!%)r9H#L(2h(8MB2oY&aW(8w5wOf5|<qp)jgVpKBV
> zW#iOp^Jx3d%gD&c%D~*j$j<<D2NzQlBO}9<XU6_vhuIfgm>GWfVVDzRL8OenS6
> aWx
> zyvcjFy_vLRLSXE%{;h}GMDHgw?AuWh89n>2`lQS=r~2&XHM&Q)ypNf^*~>Y)m)n
> qq
> zVO!UMm0uMv*q_~yUK?Pn_gh*=Oz&M7WBa!gSAyBoXL7skmz{9zc71LVkJp+Ni)
> <?S
> z*Y^KA_~NO$?ayViWZ%q+PYTqVA*;D7yX&_zUxwz_ed!)98m|9jtpkd(4(#Tc&y=_
> }
> zd3pOcqxp7XG4IZ>?iGLG7PLN~YgwIGW^-nAp6~JV4Li<$OS9jXv*5)XwS-+OS??Bl
> z?PXZO^F3g-%Qd@pMH}5`#_Dm3>O1dPcwDoZ_E6kCHT9e=6Eh<N<6;j3Hv<=7c*
> `=f
> z*cw<j2%Otmb^fX1@$AoUCSBQ|s%5%R6l>@<;fq9II5RS2^FH9Z@GjbZTd_ydi!ad
> +
> z-`-?6`jju@cd)TRR>H1#7SVyp1y}1>|2=Wl5>1l+bE9-}*tchFt%~0{+|_peWA&S$
> z6!OKA(<i3yY>oALZ(RwtFEJ`wDc>VYHKwneptH-3DJvz-)97@p$v>4RE*lQ56_;kM
> zy&Tb@w~z0-_Nkct8mhK8cH3A4JyZX6X@_fee7*MuW!4w#(_cKw(VzdLxc;#Co=s
> WN
> zTA#Bo->JW^e_=Hn&p+npy-jagY){m_J)IS8>JiHRdsT%L<L()*-M6|PD~7j;DvJk5
> w&)Fjtxk78LRUM;B^Y;yj&-VJ?oH${*)=nPl)l(H@K9rne+9eYEaiXdh0N3>|0{{R3
> 
> diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
> b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
> index 3ca5149d2a..1331933c3d 100644
> --- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
> +++ b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
> @@ -1,56 +1,58 @@
> -Bag Attributes
> -    localKeyID: 01 00 00 00
> -    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
> -    friendlyName: PvkTmp:76c92422-d6f3-4763-9b80-b423fd921d00
> -Key Attributes
> -    X509v3 Key Usage: 80
> ------BEGIN PRIVATE KEY-----
> -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCU5jNPVsMHoN
> CZ
> -V8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CAvrh4WVub/SeSaczKjj6e
> -gUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsbLBYu7lYBh/bI1FMHZ5kL
> -Rr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9iUS6YHSm6a4r7Qw5oKfW
> +
> -Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRfoRlKvUIqmfhZpg2lbbk3H
> -z4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8LeYzJ14hJ7ncOEjWOpbh
> -F0dlZc49AgMBAAECgf8dY26Sej8u15Xiri/l3zXgy7aR7uAAbFGoM8fv2exQgIDk
> -FrdxTDtqzqTSxGAkfUWs4Ip2DUEeZDwF/qjW4FCzb3mI/QmNt70Yd9KsEDAmDkZ
> 2
> -wylcYC2l7IqVEl6HZMpNyiu5hfXdTn/tlkkUIiKr6POYmFR6IyPiS61Tm4LQXyhv
> -iW+Lx0GqFQcH82CsbNRNgJGJk/BIiHn7kNDi5rRrKsmTuKEQB9iwF/rKp+lnJN0g
> -4qTv2bbZVxj39QWdOovU5LCL+1WJdkA2mpFpZjBEsTdF+UEGCbixdiftfovnZa64
> -rofw3pIxr97XS42D3OmdPmSokpwqcQtjTXfScCECgYEAvxBMHcEFMZX644hhZtH7
> -t0/PCka9DUBZfe58r+lmgSvlbMCka9OvKGtr86+j0IdWqmGWxRHAuk3KR3NIC3EU
> -mD0rYSWiStW0I/cmHidS/a9OdWWHtWi1LcXX7KBn9AjKjPzghqAfDAkRxYfZKLIo
> -PRL44O/RM6nJ1j7az5CgWR0CgYEAx4FW/xVVL1Z0kn/VyNVYLdlhV4zMNn6Cu0ko
> -jebQydDBh4Tsne2A4dPonZQSsEiJ6jhzaUZr7l5OAEp+0aX0M/h6JbxTcA4CK3Xr
> -X2TAaOCkPc1r0I79ZduKymyMNrWfXHenvFVl57klp9eFRQJ6o+pZB9ysFzPHXbci
> -4VCsX6ECgYBMqAdB8M1apafxXihmDl2FoJmar+LtzCGbqvGPyn772FbGGUxejqG
> 5
> -/89iB9gbtBELbvgEvSisFsXPgOso3Ae9RN2Aro68o50QyPocIv7jFVDPPRsDp6z5
> -XmVRZNIQUO6jPln+6YNLWuAsdmKkN0Z5qoD8DnvK1JZMRQ+ZM5eB6QKBgQCu
> vz+w
> -VsMyn4uj9o0PSK/gGRQGV7FX2iAwY7g98vrWix+40FlhS3MkWzTZMaXc+uyyV5ff
> -kmtfcwLnhljm0XHBQ9fZzcdX0y1bXAI6oElYk8vIxnG1UEnsOgyrmcCG+zcHC1fE
> -wxhri+TLyx9UfwNlKBOrq0KhYB00nQDUUpFpgQKBgQCPWpNeNQ8hCARnayhzu
> 2fE
> -HEPG1P/resOp0u+c4jy4TeHVa9806wqZlkYNRKNn09Ub5Ajpp05dwdb+JvUSkWwr
> -vOmE94WeLg5FuNzPAQjwAe+Eq54Vk8TdAhdLSu1m2xdBKFtEOk6TQTmRBCiknw
> hg
> -19TgHd8hEFnz6ZICAeWGbQ==
> ------END PRIVATE KEY-----
> -Bag Attributes
> -    localKeyID: 01 00 00 00
> -subject=/CN=TestRoot
> -issuer=/CN=TestRoot
> ------BEGIN CERTIFICATE-----
> -MIIC8DCCAdygAwIBAgIQNDAnfwU9lYVDoKT1DJrnyjAJBgUrDgMCHQUAMBMxE
> TAP
> -BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDE0OFoXDTM5MTIzMTIzNTk1
> OVow
> -EzERMA8GA1UEAxMIVGVzdFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
> ggEK
> -AoIBAQCU5jNPVsMHoNCZV8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CA
> -vrh4WVub/SeSaczKjj6egUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsb
> -LBYu7lYBh/bI1FMHZ5kLRr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9i
> -US6YHSm6a4r7Qw5oKfW+Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRf
> o
> -RlKvUIqmfhZpg2lbbk3Hz4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8
> -LeYzJ14hJ7ncOEjWOpbhF0dlZc49AgMBAAGjSDBGMEQGA1UdAQQ9MDuAEM61
> es/l
> -Icdr8+yS1L9lKjWhFTATMREwDwYDVQQDEwhUZXN0Um9vdIIQNDAnfwU9lYVDo
> KT1
> -DJrnyjAJBgUrDgMCHQUAA4IBAQBrDeAK0O5bP7ZzSGLo9Fvh7dkAxeUOaPtTMz
> Bq
> -YLruOFtRY3DVfgX+5EUqFWIb/Nh1k1b25gaFIfcIRya5/gVOkCJU9DkJTFyOzXw7
> -r0stGAb0XCQqZPdZdSiXqZAsukYCamRmSTLLXTT+JOREsMKtFxsFfdNYiC6+Dtcr
> -yly/KCU92Ls8OFLmJ/rSuEVrX39LsCMF6K9n6OJsL5/4c3/DF7yyalsq82vT3H/f
> -L9CrBgz+A+eNguyEPch97ctqWzVIVQf7qngaAbuYRYvaiuMhV4YVIxdQG5y8Glmo
> -Kq06fgEkg/ewYea9T9mRkKcquQw7q5UgHPB0zgK6FF3xkSVK
> ------END CERTIFICATE-----
> +Bag Attributes
> +    localKeyID: F4 2E C8 1D 29 A0 02 47 B7 93 2B 69 8D 8D D1 33 7A E3 09 30
> +subject=/C=CN/ST=SH/L=SH/O=TianoCore/OU=EDKII/CN=TestRoot/emailAddr
> ess=edkii@tianocore.org
> +issuer=/C=CN/ST=SH/L=SH/O=TianoCore/OU=EDKII/CN=TestRoot/emailAddres
> s=edkii@tianocore.org
> +-----BEGIN CERTIFICATE-----
> +MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCMQs
> wCQYD
> +VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQKDAl
> UaWFu
> +b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdDEiM
> CAGCSqG
> +SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDBaFw
> 0x
> +NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU0gxC
> zAJBgNV
> +BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJMR
> EwDwYD
> +VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9jb3JlL
> m9y
> +ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3u8G
> L/
> +2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9eqW9f
> k
> +GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTDhGU
> Lw7x
> +phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM/Z3
> qS
> +HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
> +Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZWOtC0
> 10
> ++lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8GA1
> Ud
> +IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf8wD
> gYD
> +VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSIngavTG
> dHtcv
> +ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD9hrI
> 3aYI
> +WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5jFC
> +14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
> +oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIrM
> +QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunORmgI
> wd
> +-----END CERTIFICATE-----
> +Bag Attributes
> +    localKeyID: F4 2E C8 1D 29 A0 02 47 B7 93 2B 69 8D 8D D1 33 7A E3 09 30
> +Key Attributes: <No Attributes>
> +-----BEGIN PRIVATE KEY-----
> +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5KSlsYAzXI/Z9
> +7vBi/9nJqlWMgZVWP7dWU7DCghLFO3UjuU3WxFVz86qVqBvzk36eQOQdIpyTB
> wvX
> +qlvX5BohhNdjWQNQH/UUVZORm/VSsL8OXGg7WVKYllbhq8RDuwVXeEUBn1gV
> Uw4R
> +lC8O8aYZom6GOSszjcfF6+4eM9MylMFZxAyXCxJIXzP2YHR9V8ITLX2ph6M16pGD
> +P2d6kh8BU59iX5kS/XMbLZ4rbDRJr08Hj8Dpa55feTXaKlyI7vZIYdqW40hGoJQc
> +nfZchw7vdAmRDT1a58VMinqsoYW2Z0QXVVI66BFNWKKTAGLqe4Dtz73fdYBLuW
> Vj
> +rQtNdPpZAgMBAAECggEAci5d6wT4Jht5P4N/Ha2kweWWR8UJMFyuVD/bura3m
> ITn
> +4ZW92HjOMWjLgupeAkCsTi65/PWBFHG97cqSRHnXW2At6ofTsS9j1JxJGfvQtqNj
> +zhlR9XdJperfvN5Nc277BkuWUj/O86d5/4Ef29lMknZGLeNHLs15qiWpe1p+HKvt
> ++DfL7Prl5qWA5G90QmXgRQJbThl1TYLCYkETB+9m3MIRm8Z01XKH+fm4ahgclEkG
> +XaQl04DhMEo7A/sC8NUnozOMEf81Ixkt3wEpoEDtZ+WhRTrgLF23Q4sXAIBMlEfz
> +Pz2UaX/9KBT1dRbZseStIjJKMc8qd+pC7Ww2tuHEOQKBgQDmLdFSgHc2URQW/
> Otj
> +fr9S/Z7EPSOA/tmh4dFhQGwzKF4Us838deRz2cRTbgq5BHuBCrMEPRBiX8h4WLEB
> +NVZ73JjgOfyshcDXWNg5noc9f24HYHMZnjcFmHNokpyIgxLl2qgN8f03doJEmKkj
> +pm/VnfZmkGDd65IXRp8MYMTQOwKBgQDN7ofqKWK5SA+vt+tDOkCYq6eHKb9
> +ImPh
> +PreikT5xc9SMtb0tGlIjKydsiqA9Jv1WRnpUG0fVfMyagBSOrKt9wC143VEvOtkR
> +QJehmLLYG97HP7CXtniAWeKuc2pfCd+nGdHLFmduuTEEDcxab5LQc5dvYQ/RfznF
> +YVunt73qewKBgQCg11VUpCYpU2CJa7SEMtY4hLbDg8FiazLiVqx7m4u/964+IyKG
> +Dk9T0NDKR7PAc2xl0HclOBJR24J27erJ4F6NcKl2za5NU61cDV4SbT8tbvUQvInR
> +Veg2xb+nTAOLtKOo8DDMhdMeRXZjvpU6LxwolhfOtYaqq+jK0PNkr933bwKBgA0
> G
> +RiBgR7cyQJO7jSyuVYGSccERuePPZwPLBLBKgWmJiurvX6ynmoRQ6WhrCCF2AtXf
> +FUOWih+Nih9HdIVllF8atYWMceML1MjLjguRbdZPRPLTK2cdClgL11NzR0oFhNi7
> +wFIY86fEHL6F5OPfZKi8dtp7iBWW919tfe+IpoFbAoGBAMzNKKBHG5eMuKQI/Dw
> w
> +50PDHu25TGUiTc1bHx18v7mGlcvhEPkDYAKd3y7FN5VRoooarGYlLDHXez0FvDTa
> +ABFUUad70bULTqRTSmld0I9CWWnYs0vaFKgIemddQ7W2eXr7N+N+ED+OK/PvW
> jMq
> +LMKhChf252RfOYdB+WN6alVG
> +-----END PRIVATE KEY-----
> diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
> b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
> index 14b641897c..ae67e9c1b5 100644
> --- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
> +++ b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
> @@ -1,18 +1,23 @@
> ------BEGIN CERTIFICATE-----
> -MIIC8DCCAdygAwIBAgIQNDAnfwU9lYVDoKT1DJrnyjAJBgUrDgMCHQUAMBMxE
> TAP
> -BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDE0OFoXDTM5MTIzMTIzNTk1
> OVow
> -EzERMA8GA1UEAxMIVGVzdFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
> ggEK
> -AoIBAQCU5jNPVsMHoNCZV8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CA
> -vrh4WVub/SeSaczKjj6egUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsb
> -LBYu7lYBh/bI1FMHZ5kLRr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9i
> -US6YHSm6a4r7Qw5oKfW+Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRf
> o
> -RlKvUIqmfhZpg2lbbk3Hz4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8
> -LeYzJ14hJ7ncOEjWOpbhF0dlZc49AgMBAAGjSDBGMEQGA1UdAQQ9MDuAEM61
> es/l
> -Icdr8+yS1L9lKjWhFTATMREwDwYDVQQDEwhUZXN0Um9vdIIQNDAnfwU9lYVDo
> KT1
> -DJrnyjAJBgUrDgMCHQUAA4IBAQBrDeAK0O5bP7ZzSGLo9Fvh7dkAxeUOaPtTMz
> Bq
> -YLruOFtRY3DVfgX+5EUqFWIb/Nh1k1b25gaFIfcIRya5/gVOkCJU9DkJTFyOzXw7
> -r0stGAb0XCQqZPdZdSiXqZAsukYCamRmSTLLXTT+JOREsMKtFxsFfdNYiC6+Dtcr
> -yly/KCU92Ls8OFLmJ/rSuEVrX39LsCMF6K9n6OJsL5/4c3/DF7yyalsq82vT3H/f
> -L9CrBgz+A+eNguyEPch97ctqWzVIVQf7qngaAbuYRYvaiuMhV4YVIxdQG5y8Glmo
> -Kq06fgEkg/ewYea9T9mRkKcquQw7q5UgHPB0zgK6FF3xkSVK
> ------END CERTIFICATE-----
> +-----BEGIN CERTIFICATE-----
> +MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCMQs
> wCQYD
> +VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQKDAl
> UaWFu
> +b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdDEiM
> CAGCSqG
> +SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDBaFw
> 0x
> +NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU0gxC
> zAJBgNV
> +BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJMR
> EwDwYD
> +VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9jb3JlL
> m9y
> +ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3u8G
> L/
> +2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9eqW9f
> k
> +GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTDhGU
> Lw7x
> +phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM/Z3
> qS
> +HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
> +Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZWOtC0
> 10
> ++lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8GA1
> Ud
> +IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf8wD
> gYD
> +VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSIngavTG
> dHtcv
> +ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD9hrI
> 3aYI
> +WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5jFC
> +14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
> +oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIrM
> +QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunORmgI
> wd
> +-----END CERTIFICATE-----
> diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
> b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
> index 67f9d2560b..de988856e5 100644
> --- a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
> +++ b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
> @@ -1,57 +1,59 @@
> -Bag Attributes
> -    localKeyID: 01 00 00 00
> -    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
> -    friendlyName: PvkTmp:11e8b08d-46fb-45a2-90c4-d458be4a1276
> -Key Attributes
> -    X509v3 Key Usage: 80
> ------BEGIN PRIVATE KEY-----
> -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCfNn3oUo5iCBX
> g
> -x1AUxgHG/h23/WyThgYj2NAToG3S51i0MGamyjGP8GbBphRc0ORpIhQE8Va+NPj
> W
> -cdoh4sXLOroW3Es26sR+cxdRwNF0/YxK/+JboYDmdUecgcwqipIv795bVQjRLCyT
> -/+LjLXs/B3XM/jc4jHa7gs+AmwH2DXz9VTsIHmXrm/KGZ64VQzFbJYJl+KvFAmlm
> -LcL+t099lyiJYL+3LY2ajonzkAidVQylIfsmhAlcnGee6MYfPxLQRe4pIIlhyXAK
> -ZixBnAlZvifo3JRwTKXRHzkj6Vp5KhDsi/31Y54iLJQHiet/FlymIHrtkFpC47xi
> -ndF6jNpfAgMBAAECggEAD4owC9xS+A/gosnmxRWhLXJhet3fb8llvAX4zpGau+Uc
> -wVRKu1OCNucOAISx+W/iJhN6GhQRlWByO+wXkGB5UcwaRwpFb8dxBQPoGMY
> AgQdm
> -XsOkV7E8dZdTirEYjmZsElsP5vY2dW7MWGhiFYO7mHv6ltbmk5G83Qci3biYyRKB
> -4Qb+q/1yl9tdqRvMnLshgSNSa2onGiJ8k9NniSnfnKCc4S0pliy2Z5HOPQCi2QAk
> -eVWORHz5jL8lzlVCflOL7VZiS13YORMDIj0S9LyMhXO4bAtsgWfldqOupNgNW0qI
> -FwzrNvIXhQxeUiqylzfKNCzuBA11CFBnPt/+agv10QKBgQDH82PHMC3GH8Teq0lw
> -J5G+zYQol1ikRU7O116cAcV04P8HAiAmZ2lrP4DSJWD3y3sOjnnK54KmXkHVcNJI
> -IDjb8d/BZjuYqdylfKhoKNgAdI1WcNKOz7KOK6Le8/ZK1uh1ZHMA6M+L9mTtQjhW
> -DyoMvEGsQmNHnYF5n3zPQWUMFQKBgQDL17jZMLOORK2U+Iqu0cTVttGUjg/a
> gP+r
> -D4RWwA6BKI0vW3fFOka9MsjBpRZkZdXucq1TusDl8/J30FD/Cjp/gt9RwCQAvk44
> -Zp6HU3TFEsBdXU+3XeJqTtyJqFuPkRQWrd0UeudSiEJammAlzyF7pPZioF1mucOA
> -nCcDecLFowKBgBv1gKI9rmjh0FmCggZYwhx4CF7UquRtfJOXsfcGmGG7hG2qcmx
> s
> -UWVZv92itGhx34ctjQI+VRqGW5ZI7F6BgvHeZHdaoEK8ncnWIIZQD8QgiBLqO8cU
> -a9dNarzaSDo2ytJ/dUVPSJY9oec7Nz1xaWPWfyhjMBa3g39KOd2RO1vxAoGBAMR
> D
> -Q9r6JSeJwId6diy0FAyhJVEfJux+36tYGVddO5nn7Wf3bW4cGhf4WYr45IJt+njH
> -OVMwsKG3K3FoxVOKCaDT5SjVEtUUZkOvqlspY3iMAWLjgOlQH7uzimuQCfhE+06
> K
> -wB4D581zHFAX6xL8R4TA4+k59jP+D9o4fue9yGZ5AoGAMn+TsY1IZFSY1fw6TTHq
> -sp9PiYQQqTMjRkzE7GRXbb1rdE6WoLkSk4Dz4u/B9E7YVzTZggYhPisChu6wZPtK
> -IiXBGu8h3GygUGI/WdNRKHW5nst9IZWrtVJ06c87jWqOktbgBnrbqXUG1rgRZr+i
> -n3sJLF+GGwzdp/gCxLMH66M=
> ------END PRIVATE KEY-----
> -Bag Attributes
> -    localKeyID: 01 00 00 00
> -subject=/CN=TestSub
> -issuer=/CN=TestRoot
> ------BEGIN CERTIFICATE-----
> -MIIDADCCAeygAwIBAgIQs4xkpm0/PYFLyLk1Nd0c0zAJBgUrDgMCHQUAMBMxET
> AP
> -BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDIwOVoXDTM5MTIzMTIzNTk
> 1OVow
> -EjEQMA4GA1UEAxMHVGVzdFN1YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCA
> QoC
> -ggEBAJ82fehSjmIIFeDHUBTGAcb+Hbf9bJOGBiPY0BOgbdLnWLQwZqbKMY/wZsG
> m
> -FFzQ5GkiFATxVr40+NZx2iHixcs6uhbcSzbqxH5zF1HA0XT9jEr/4luhgOZ1R5yB
> -zCqKki/v3ltVCNEsLJP/4uMtez8Hdcz+NziMdruCz4CbAfYNfP1VOwgeZeub8oZn
> -rhVDMVslgmX4q8UCaWYtwv63T32XKIlgv7ctjZqOifOQCJ1VDKUh+yaECVycZ57o
> -xh8/EtBF7ikgiWHJcApmLEGcCVm+J+jclHBMpdEfOSPpWnkqEOyL/fVjniIslAeJ
> -638WXKYgeu2QWkLjvGKd0XqM2l8CAwEAAaNZMFcwDwYDVR0TAQH/BAUwAw
> EB/zBE
> -BgNVHQEEPTA7gBDOtXrP5SHHa/PsktS/ZSo1oRUwEzERMA8GA1UEAxMIVGVzdF
> Jv
> -b3SCEDQwJ38FPZWFQ6Ck9Qya58owCQYFKw4DAh0FAAOCAQEAFT8uXdMSHCm
> atVNg
> -LMKsyVA/jJgXGncHmAy59Vjo2+KCIooEuY3NaK527LxB1yi9+UyMe2+Ia4KWcEGY
> -+mb+PDTDrlsYtjIU3aRzDpyXUrkYV/D6vZaw+zsgAquQkCi+WwEYZ4uCSUznlcyt
> -U3p2Rd/+tvQqq5UerPfRBIs6JTUerwRGUQurTNpzqCGClo3zi58yuOEbNIrOzW1D
> -MtQFKUtKkMx4rg6NT9kq/ICXt8k3UIsXh52NTYchkLlsnCgaoKzW2DFqSMFL3KC0
> -NmQtmKaPo3mBIYJT0WDofYzas2TQO8cBiQHGrSqXNFAfI5eUo3qLtsRE+7Z9F2M
> w
> -HgNmsA==
> ------END CERTIFICATE-----
> +Certificate:
> +    Data:
> +        Version: 3 (0x2)
> +        Serial Number: 4098 (0x1002)
> +    Signature Algorithm: sha256WithRSAEncryption
> +        Issuer: C = CN, ST = SH, L = SH, O = TianoCore, OU = EDKII, CN =
> TestRoot, emailAddress = edkii@tianocore.org
> +        Validity
> +            Not Before: Apr 10 08:33:45 2017 GMT
> +            Not After : Apr 10 08:33:45 2018 GMT
> +        Subject: C = CN, ST = SH, O = TianoCore, OU = EDKII, CN = TestSub,
> emailAddress = edkii@tianocore.org
> +        Subject Public Key Info:
> +            Public Key Algorithm: rsaEncryption
> +                Public-Key: (2048 bit)
> +                Modulus:
> +                    00:c5:3a:af:16:34:9a:14:61:74:8c:39:1a:04:1f:
> +                    7b:95:d3:40:b7:ea:26:a7:7b:8d:76:d3:86:1b:7c:
> +                    07:17:d2:56:72:36:13:b4:6c:75:b7:bf:d1:35:d1:
> +                    31:d5:9a:07:c1:62:4e:aa:3d:bd:d8:40:8b:48:9a:
> +                    c5:46:c4:c3:10:2c:d4:82:d9:6d:f4:c3:de:85:fa:
> +                    34:1d:d1:74:7a:5f:16:34:59:2b:2b:03:61:46:62:
> +                    d7:88:62:59:4d:d8:55:00:52:54:e1:15:5e:a9:ec:
> +                    d6:e8:51:fd:ef:8e:68:5f:d2:40:d2:61:ef:2c:1d:
> +                    5b:a7:6e:14:4c:12:bc:60:81:8e:66:c9:84:51:c2:
> +                    89:51:fc:e5:7f:86:9a:78:a4:c1:f7:0f:a9:a5:97:
> +                    60:dd:6f:c8:a0:fd:ea:07:2f:01:36:0a:e8:bd:0e:
> +                    dc:48:2e:85:22:7b:bb:db:68:78:eb:cd:6a:54:07:
> +                    f7:81:a5:52:8f:f3:5c:09:1e:76:a3:d1:91:8f:ee:
> +                    86:2c:85:49:99:96:4f:5f:5b:0d:08:ae:d8:20:e8:
> +                    e3:67:70:c6:ec:0e:0e:bd:bf:3c:f6:db:e4:45:d5:
> +                    7a:bb:9f:d1:3b:18:89:fc:63:ac:c2:30:b8:fa:bb:
> +                    8a:24:63:4e:79:58:78:72:ab:27:36:3d:bb:4f:47:
> +                    d6:ef
> +                Exponent: 65537 (0x10001)
> +        X509v3 extensions:
> +            X509v3 Subject Key Identifier:
> +
> D6:9D:66:D6:49:7C:FA:20:8D:5D:75:69:2A:41:0A:7A:03:5A:A5:EB
> +            X509v3 Authority Key Identifier:
> +
> keyid:16:AA:D6:8E:1B:2D:43:F3:2D:B0:24:AD:36:65:3F:B2:FA:B1:2C:ED
> +
> +            X509v3 Basic Constraints: critical
> +                CA:TRUE
> +            X509v3 Key Usage: critical
> +                Digital Signature, Certificate Sign, CRL Sign
> +    Signature Algorithm: sha256WithRSAEncryption
> +         83:3c:ae:b2:fc:99:3d:33:b3:da:ca:26:83:8c:a9:ae:f8:bb:
> +         ad:05:37:97:a5:f8:0d:2b:4e:3e:e5:b7:12:68:f8:64:d4:bd:
> +         ff:65:7d:57:98:61:cd:47:10:a5:6a:bd:66:89:74:ce:5e:28:
> +         29:39:67:c9:1f:54:ec:78:76:b1:dd:04:91:63:b6:8c:2f:86:
> +         59:1f:c4:2b:a1:4a:8c:a8:5b:f6:8a:92:f0:83:bb:92:92:5c:
> +         b1:1c:18:95:3d:d6:be:6d:79:9d:4f:7b:92:1f:68:f5:1f:cd:
> +         f4:37:2d:1e:e3:f6:eb:f2:8a:a4:8d:a1:c5:db:0c:3a:59:01:
> +         dc:be:a9:c1:0b:04:ba:e8:02:a9:85:cd:d7:48:0d:f6:60:30:
> +         2b:05:ba:e0:c7:d8:9f:23:14:37:04:0a:a7:bc:b6:c8:25:31:
> +         e4:9a:41:a5:83:c2:ee:89:d3:fa:a5:7c:ae:a6:14:22:a4:5f:
> +         73:03:f2:7b:3c:51:f7:76:2a:0a:cf:ee:71:35:1c:bc:ff:3f:
> +         9b:d5:b1:33:e0:b6:fc:2a:c8:ab:84:89:cd:fa:1c:ee:12:8c:
> +         07:ba:93:46:50:b3:3f:73:05:be:67:58:60:90:05:2c:d3:b6:
> +         19:7c:a4:f0:6e:ee:d4:f2:0e:f5:02:79:5f:2c:28:83:1e:83:
> +         c6:92:ba:7c
> diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
> b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
> index a12d8374ae..04402ea983 100644
> --- a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
> +++ b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
> @@ -1,19 +1,23 @@
> ------BEGIN CERTIFICATE-----
> -MIIDADCCAeygAwIBAgIQs4xkpm0/PYFLyLk1Nd0c0zAJBgUrDgMCHQUAMBMxET
> AP
> -BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDIwOVoXDTM5MTIzMTIzNTk
> 1OVow
> -EjEQMA4GA1UEAxMHVGVzdFN1YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCA
> QoC
> -ggEBAJ82fehSjmIIFeDHUBTGAcb+Hbf9bJOGBiPY0BOgbdLnWLQwZqbKMY/wZsG
> m
> -FFzQ5GkiFATxVr40+NZx2iHixcs6uhbcSzbqxH5zF1HA0XT9jEr/4luhgOZ1R5yB
> -zCqKki/v3ltVCNEsLJP/4uMtez8Hdcz+NziMdruCz4CbAfYNfP1VOwgeZeub8oZn
> -rhVDMVslgmX4q8UCaWYtwv63T32XKIlgv7ctjZqOifOQCJ1VDKUh+yaECVycZ57o
> -xh8/EtBF7ikgiWHJcApmLEGcCVm+J+jclHBMpdEfOSPpWnkqEOyL/fVjniIslAeJ
> -638WXKYgeu2QWkLjvGKd0XqM2l8CAwEAAaNZMFcwDwYDVR0TAQH/BAUwAw
> EB/zBE
> -BgNVHQEEPTA7gBDOtXrP5SHHa/PsktS/ZSo1oRUwEzERMA8GA1UEAxMIVGVzdF
> Jv
> -b3SCEDQwJ38FPZWFQ6Ck9Qya58owCQYFKw4DAh0FAAOCAQEAFT8uXdMSHCm
> atVNg
> -LMKsyVA/jJgXGncHmAy59Vjo2+KCIooEuY3NaK527LxB1yi9+UyMe2+Ia4KWcEGY
> -+mb+PDTDrlsYtjIU3aRzDpyXUrkYV/D6vZaw+zsgAquQkCi+WwEYZ4uCSUznlcyt
> -U3p2Rd/+tvQqq5UerPfRBIs6JTUerwRGUQurTNpzqCGClo3zi58yuOEbNIrOzW1D
> -MtQFKUtKkMx4rg6NT9kq/ICXt8k3UIsXh52NTYchkLlsnCgaoKzW2DFqSMFL3KC0
> -NmQtmKaPo3mBIYJT0WDofYzas2TQO8cBiQHGrSqXNFAfI5eUo3qLtsRE+7Z9F2M
> w
> -HgNmsA==
> ------END CERTIFICATE-----
> +-----BEGIN CERTIFICATE-----
> +MIID1jCCAr6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAkNO
> +MQswCQYDVQQIDAJTSDELMAkGA1UEBwwCU0gxEjAQBgNVBAoMCVRpYW5vQ
> 29yZTEO
> +MAwGA1UECwwFRURLSUkxETAPBgNVBAMMCFRlc3RSb290MSIwIAYJKoZIhvcN
> AQkB
> +FhNlZGtpaUB0aWFub2NvcmUub3JnMB4XDTE3MDQxMDA4MzM0NVoXDTE4M
> DQxMDA4
> +MzM0NVowdDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKD
> AlUaWFu
> +b0NvcmUxDjAMBgNVBAsMBUVES0lJMRAwDgYDVQQDDAdUZXN0U3ViMSIwIA
> YJKoZI
> +hvcNAQkBFhNlZGtpaUB0aWFub2NvcmUub3JnMIIBIjANBgkqhkiG9w0BAQEFAA
> OC
> +AQ8AMIIBCgKCAQEAxTqvFjSaFGF0jDkaBB97ldNAt+omp3uNdtOGG3wHF9JWcjY
> T
> +tGx1t7/RNdEx1ZoHwWJOqj292ECLSJrFRsTDECzUgtlt9MPehfo0HdF0el8WNFkr
> +KwNhRmLXiGJZTdhVAFJU4RVeqezW6FH9745oX9JA0mHvLB1bp24UTBK8YIGOZs
> mE
> +UcKJUfzlf4aaeKTB9w+ppZdg3W/IoP3qBy8BNgrovQ7cSC6FInu722h4681qVAf3
> +gaVSj/NcCR52o9GRj+6GLIVJmZZPX1sNCK7YIOjjZ3DG7A4Ovb889tvkRdV6u5/R
> +OxiJ/GOswjC4+ruKJGNOeVh4cqsnNj27T0fW7wIDAQABo2MwYTAdBgNVHQ4EF
> gQU
> +1p1m1kl8+iCNXXVpKkEKegNapeswHwYDVR0jBBgwFoAUFqrWjhstQ/MtsCStNm
> U/
> +svqxLO0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZ
> IhvcN
> +AQELBQADggEBAIM8rrL8mT0zs9rKJoOMqa74u60FN5el+A0rTj7ltxJo+GTUvf9l
> +fVeYYc1HEKVqvWaJdM5eKCk5Z8kfVOx4drHdBJFjtowvhlkfxCuhSoyoW/aKkvCD
> +u5KSXLEcGJU91r5teZ1Pe5IfaPUfzfQ3LR7j9uvyiqSNocXbDDpZAdy+qcELBLro
> +AqmFzddIDfZgMCsFuuDH2J8jFDcECqe8tsglMeSaQaWDwu6J0/qlfK6mFCKkX3M
> D
> +8ns8Ufd2KgrP7nE1HLz/P5vVsTPgtvwqyKuEic36HO4SjAe6k0ZQsz9zBb5nWGCQ
> +BSzTthl8pPBu7tTyDvUCeV8sKIMeg8aSunw=
> +-----END CERTIFICATE-----
> --
> 2.12.2.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] BaseTools/Pkcs7Sign: Update the test certificates & Readme.md
Posted by Long, Qin 6 years, 11 months ago
Yes.
It will be another patch to update the sample PCD data.


> -----Original Message-----
> From: Yao, Jiewen
> Sent: Tuesday, April 11, 2017 4:00 PM
> To: Long, Qin; Dong, Eric
> Cc: edk2-devel@lists.01.org
> Subject: RE: [Patch] BaseTools/Pkcs7Sign: Update the test certificates &
> Readme.md
> 
> Reviewed-by: Jiewen.yao@intel.com
> 
> Do we also need update the default PCD definition in SecurityPkg?
> 
> Thank you
> Yao Jiewen
> 
> > -----Original Message-----
> > From: Long, Qin
> > Sent: Tuesday, April 11, 2017 3:56 PM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; Dong, Eric
> > <eric.dong@intel.com>
> > Cc: edk2-devel@lists.01.org
> > Subject: [Patch] BaseTools/Pkcs7Sign: Update the test certificates &
> > Readme.md
> >
> > The old TestRoot certificate used for Pkcs7Sign is not compliant to
> > Root CA certificate requirement with incorrect basic constraints and
> > key usage setting.
> > When OpenSSL in CryptoPkg was updated from 1.0.2xx to the latest
> > 1.1.0xx, the CA certificate checking was enforced for more extension
> > validations, which will raise the verification failure when stilling
> > using the old sample certificates.
> >
> > This patch re-generated one set of test certificates used in Pkcs7Sign
> > demo, and updated the corresponding Readme.md to describe how to set
> > the options in openssl configuration file.
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Eric Dong <eric.dong@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Long Qin <qin.long@intel.com>
> > ---
> >  BaseTools/Source/Python/Pkcs7Sign/Readme.md        |  42 +++++++-
> >  BaseTools/Source/Python/Pkcs7Sign/TestCert.pem     | 117
> > +++++++++++----------
> >  BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem |  44 ++++----
> >  BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer     | Bin 756 -> 1008
> bytes
> >  BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem     | 114
> > ++++++++++----------
> >  BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem |  41 ++++----
> >  BaseTools/Source/Python/Pkcs7Sign/TestSub.pem      | 116
> > ++++++++++----------
> >  BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem  |  42 ++++----
> >  8 files changed, 286 insertions(+), 230 deletions(-)
> >
> > diff --git a/BaseTools/Source/Python/Pkcs7Sign/Readme.md
> > b/BaseTools/Source/Python/Pkcs7Sign/Readme.md
> > index c904907000..fee0327876 100644
> > --- a/BaseTools/Source/Python/Pkcs7Sign/Readme.md
> > +++ b/BaseTools/Source/Python/Pkcs7Sign/Readme.md
> > @@ -21,10 +21,44 @@ You may need the following steps for initialization:
> >
> >      rd ./demoCA /S/Q
> >      mkdir ./demoCA
> > -    echo "" > ./demoCA/index.txt
> > +    echo.>./demoCA/index.txt
> >      echo 01 > ./demoCA/serial
> >      mkdir ./demoCA/newcerts
> >
> > +OpenSSL will apply the options from the specified sections in
> > +openssl.cnf when
> > creating certificates or certificate signing requests. Make sure your
> > configuration in openssl.cnf is correct and rational for certificate constraints.
> > +The following sample sections were used when generating test
> > +certificates in
> > this readme.
> > +    ...
> > +    [ req ]
> > +    default_bits        = 2048
> > +    default_keyfile     = privkey.pem
> > +    distinguished_name  = req_distinguished_name
> > +    attributes          = req_attributes
> > +    x509_extensions     = v3_ca       # The extensions to add to the self
> > signed cert
> > +    ...
> > +    [ v3_ca ]
> > +    # Extensions for a typical Root CA.
> > +    subjectKeyIdentifier=hash
> > +    authorityKeyIdentifier=keyid:always,issuer
> > +    basicConstraints = critical,CA:true
> > +    keyUsage = critical, digitalSignature, cRLSign, keyCertSign
> > +    ...
> > +    [ v3_intermediate_ca ]
> > +    # Extensions for a typical intermediate CA.
> > +    subjectKeyIdentifier = hash
> > +    authorityKeyIdentifier = keyid:always,issuer
> > +    basicConstraints = critical, CA:true
> > +    keyUsage = critical, digitalSignature, cRLSign, keyCertSign
> > +    ...
> > +    [ usr_cert ]
> > +    # Extensions for user end certificates.
> > +    basicConstraints = CA:FALSE
> > +    nsCertType = client, email
> > +    subjectKeyIdentifier = hash
> > +    authorityKeyIdentifier = keyid,issuer
> > +    keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
> > +    extendedKeyUsage = clientAuth, emailProtection
> > +    ...
> > +
> >  * Generate the certificate chain:
> >
> >  NOTE: User MUST set a UNIQUE "Common Name" on the different
> > certificate @@ -37,7 +71,7 @@ Generate a root key:
> >
> >  Generate a self-signed root certificate:
> >
> > -    openssl req -new -x509 -days 3650 -key TestRoot.key -out TestRoot.crt
> > +    openssl req -extensions v3_ca -new -x509 -days 3650 -key
> > + TestRoot.key
> > -out TestRoot.crt
> >      openssl x509 -in TestRoot.crt -out TestRoot.cer -outform DER
> >      openssl x509 -inform DER -in TestRoot.cer -outform PEM -out
> > TestRoot.pub.pem
> >
> > @@ -50,7 +84,7 @@ Generate the intermediate key:
> >  Generate the intermediate certificate:
> >
> >      openssl req -new -days 3650 -key TestSub.key -out TestSub.csr
> > -    openssl ca -extensions v3_ca -in TestSub.csr -days 3650 -out TestSub.crt
> > -cert TestRoot.crt -keyfile TestRoot.key
> > +    openssl ca -extensions v3_intermediate_ca -in TestSub.csr -days
> > + 3650 -out
> > TestSub.crt -cert TestRoot.crt -keyfile TestRoot.key
> >      openssl x509 -in TestSub.crt -out TestSub.cer -outform DER
> >      openssl x509 -inform DER -in TestSub.cer -outform PEM -out
> > TestSub.pub.pem
> >
> > @@ -63,7 +97,7 @@ Generate User key:
> >  Generate User certificate:
> >
> >      openssl req -new -days 3650 -key TestCert.key -out TestCert.csr
> > -    openssl ca -in TestCert.csr -days 3650 -out TestCert.crt -cert TestSub.crt
> > -keyfile TestSub.key`
> > +    openssl ca -extensions usr_cert -in TestCert.csr -days 3650 -out
> > + TestCert.crt
> > -cert TestSub.crt -keyfile TestSub.key
> >      openssl x509 -in TestCert.crt -out TestCert.cer -outform DER
> >      openssl x509 -inform DER -in TestCert.cer -outform PEM -out
> > TestCert.pub.pem
> >
> > diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
> > b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
> > index 7e1035816c..6378567523 100644
> > --- a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
> > +++ b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
> > @@ -1,57 +1,60 @@
> > -Bag Attributes
> > -    localKeyID: 01 00 00 00
> > -    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
> > -    friendlyName: PvkTmp:133cc061-112c-467a-b8cf-dc0a56d7830e
> > -Key Attributes
> > -    X509v3 Key Usage: 80
> > ------BEGIN PRIVATE KEY-----
> > -
> MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCSPHYSohF+
> fim
> > 4
> > -
> 89iNx8CcCG/fPb7KLu9Dsq+pB4Pc/UJtaaA+D7RK3PhqNCrWbb+gCNgm7lxiOC
> rH
> > -
> mm0tPal71UV8VFUiTM7Zf1y8VBFCHJ92ykmS7MDwqV25oMGGocz4jdcPl3r2y
> FF
> > q
> > -
> d9jaBAPjUsHRbs8AC8CKHexOACfeydgQoj9KPWH9DUFQyXcbtMyGXAvFCktn
> SN
> > RQ
> > -
> f01UdNJebeD6+wlQn0sUaojn1lu570OdZ3AkJlm6bTEKvfHeOB21GaHnQ1O1R
> Vtq
> > -
> vd/KjFHhxSSw8meTsyqN/Toa/80FyUKEmTIaJdEaq/C2XKaUACezsYqvRxDq+pl
> i
> > -
> kyiIpt6bAgMBAAECggEAEeqpdrf3l71iZEAwCJLwNM3N0xawEPp2Ix+56OY8UC
> +R
> > -
> W3FlCiWHa+Kt5uk0VGhG4Zcj0IVEuV3zU9hGRxQ2dy8Wn9h/Q8AQWdKCbKq
> KIM
> > T7
> > -
> /qRjJkauju3ZR1x8SX/6anuKXWUsUh8R5o7/eRqj1U6242+FmhZWhTWMVbQs
> Ll3y
> > -
> AShlw56zwdto543Ssl+MLuUtkxT4UZwmo6k/BucvdYsvwWp8dAluhDp2onAfO
> ML
> > n
> > -
> 10Bk3Bl9AgnpcQEeGwFConmgBv31UhdYftfIj2R4tTZRDuC+GzRT6jl1Qu6JfPSp
> > -
> 30tmW5x3aa3946VZw2DKNiBqqYllJM1+kkzmGj+jgQKBgQC1Pzl8gv3q2TH9MlT
> D
> > -
> Tn9rUEs5OhjCrgZrSXoY2rfLcqJf2Tqm6I4xsVXvuePMyu8+DRD1Xizq6otUzNsN
> > -
> qh+UVkGRrFYRsgCgv1ratUti2ZlIPrR3JZsz8f23TAMGFFWCNHDH2rb1UanRD+g
> 8
> > -
> vO4fQM8FPxBfb6wcgDYqNNMdGwKBgQDOjKhqp5sNNXNF7/rfH6H8RfKVOX
> uC
> > K1Xy
> > -
> PU3Hgzd1wMfoebku4j5zQi2topzy664k9oeLCJj4GNDeHAqMttWD6TzDlMGJfd
> nj
> > -
> bNcrr+HnqUXByU2kS+bcTgBzsyT/1m1M7pKwtSYJzYXP1AHQny3Ip5kutCMo1
> 9td
> > -
> R4LfdebcgQKBgF3CHQzJ/mw0euWN2cdGnid3W9J4uUJMH8n0MpMU4ar+2/x
> VN
> > UAO
> > -
> YTBXmirusGbKO8SPocwsMXQ8bGMrrc19yeREUpr22XdB6408L9WfnyW9hsu
> WlG
> > hm
> > -
> LclLT4I4cf/9GNbIJedcvvRckEozvmFdIplMP0tpeiDEdfYwZNSkiuktAoGBAL5m
> > -
> gTXYDSFO/VUiFFOsOElyPV174LOsuQyVoGZjOjOtI1rVInTqkAD1p1/hf+aahSyD
> > -
> qYzrvv8s+RVWKg9u10JDNgVg0kupHLr98RfPiWJg8vHhXFYwtb6tlNMS9+9yvcz
> m
> > -
> O4jzY/4zW7+qQoYKxkyq2pVn7uVOnmPNcQIHEGqBAoGBAJMfZV2vpxY6kti8
> SXz
> > b
> > -
> PscYI3ZbbKyJLq4+KHGcKCqqbLiY4ao8vflDyDwBm+TJg4xq9wjJAN2riE9nuuds
> > -
> 99mYW/8R30BIfiH/4oBHjggb0NC5K3vHR4KGDKcUiIKZPv1r7mNeYw227N4n/d
> PM
> > -NXjlZVuS6mqc2T+GPzAJj/Uf
> > ------END PRIVATE KEY-----
> > -Bag Attributes
> > -    localKeyID: 01 00 00 00
> > -subject=/CN=TestCert
> > -issuer=/CN=TestSub
> > ------BEGIN CERTIFICATE-----
> > -
> MIIC/TCCAemgAwIBAgIQ0+nLBVt+jbJMSfzhFpRJrDAJBgUrDgMCHQUAMBIx
> EDA
> > O
> > -
> BgNVBAMTB1Rlc3RTdWIwHhcNMTYwODA0MTUwMjMwWhcNMzkxMjMxM
> jM
> > 1OTU5WjAT
> > -
> MREwDwYDVQQDEwhUZXN0Q2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEP
> ADC
> > CAQoC
> > -
> ggEBAJI8dhKiEX5+Kbjz2I3HwJwIb989vsou70Oyr6kHg9z9Qm1poD4PtErc+Go0
> > -
> KtZtv6AI2CbuXGI4KseabS09qXvVRXxUVSJMztl/XLxUEUIcn3bKSZLswPCpXbm
> g
> > -
> wYahzPiN1w+XevbIUWp32NoEA+NSwdFuzwALwIod7E4AJ97J2BCiP0o9Yf0N
> QVD
> > J
> > -
> dxu0zIZcC8UKS2dI1FB/TVR00l5t4Pr7CVCfSxRqiOfWW7nvQ51ncCQmWbptM
> Qq9
> > -
> 8d44HbUZoedDU7VFW2q938qMUeHFJLDyZ5OzKo39Ohr/zQXJQoSZMhol0Rqr
> 8LZ
> > c
> > -
> ppQAJ7Oxiq9HEOr6mWKTKIim3psCAwEAAaNWMFQwDAYDVR0TAQH/BAIw
> ADB
> > EBgNV
> > -
> HQEEPTA7gBAeQOcW6KCBdWSbrvKQrBrfoRUwEzERMA8GA1UEAxMIVGVzd
> FJvb
> > 3SC
> > -
> ELOMZKZtPz2BS8i5NTXdHNMwCQYFKw4DAh0FAAOCAQEAK7YgK6iiTo07d3CS
> Y4x
> > G
> > -
> 9N0QS2m4LsBPrF8pFmk5h6R81MFEdBZrA+zggbUujQ2IGB7k6F7WvP3F3B3AX
> Ztx
> > -
> DW1FYrQheQhTT5wx85LxFdLy+q6uwUtJi/VyErPmZOcds3QaBXPvG/UykFbu2
> 4JV
> > -
> K2ScLpQVyzmkTN7GWSXrIO6eHHMQgeRX3XjRutbR8CKP1pWTOY+MO4G6YZ
> qrz
> > Ldp
> > -
> opYFPgvdZpTL3IKSSkp31Amu5oidkvzLgallC3SOYdLZirWEIAAXW2LVYXwiiL6L
> > -
> HEIV/G9u85jhKhv/z9l8F/1Eg4HHGSYba8pf1HQA+WsQwi4BVp4x4MBoeHOoly
> VT
> > -/A==
> > ------END CERTIFICATE-----
> > +Bag Attributes
> > +    localKeyID: 32 25 22 FA 81 B3 BF 25 E2 F7 8F 0B 1B C4 50 70 BB B7
> > +85 96
> >
> +subject=/C=CN/ST=SH/O=TianoCore/OU=EDKII/CN=TestCert/emailAddress
> =ed
> > kii@tianocore.org
> >
> +issuer=/C=CN/ST=SH/O=TianoCore/OU=EDKII/CN=TestSub/emailAddress=
> edkii
> > @tianocore.org
> > +-----BEGIN CERTIFICATE-----
> >
> +MIIEKzCCAxOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEB
> hM
> > CQ04x
> >
> +CzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAs
> MBU
> > VES0lJ
> >
> +MRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZIhvcNAQkBFhNlZGtpaUB0a
> WFu
> > b2Nv
> >
> +cmUub3JnMB4XDTE3MDQxMDA4MzgwNFoXDTE4MDQxMDA4MzgwNFow
> dTEL
> > MAkGA1UE
> >
> +BhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjA
> MBg
> > NVBAsM
> >
> +BUVES0lJMREwDwYDVQQDDAhUZXN0Q2VydDEiMCAGCSqGSIb3DQEJARYT
> ZWR
> > raWlA
> >
> +dGlhbm9jb3JlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
> APe
> > +
> >
> +2NX/Tf0iWMJgYMXMoWOiveX9FGx9YcwH+BKn9ZPZHig6CsZ6B17fwBWek8r
> IOA
> > OR
> >
> +W8FL+UyRhsnKF/oKjMN7awiLjackjq8m0bPFHVl4dJooulHmSPCsRMeG/pWs
> 4DV
> > P
> >
> +WiIoF1uvXN6MZ3zt0hofgqPnGjJQF0HLECrPqyBv7sit9fIaNZ/clqcR3ZqdXQRU
> >
> +fEk7dE8pg+ZjNNa/5WTGwSBB7Ieku4jGbKybvpj6FtEP/8YyAJC3fOD+Y4PIQC
> nF
> >
> +xzWchOGrFcoeqgf/hLhzoiRvalgnvjczbo3W4sgFwFD/WxoDqb1l1moHyOubw
> 5oT
> >
> +CdD+J+QwdFl1kCkG+K8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWC
> GSA
> > GG+EIB
> >
> +AQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xp
> ZW
> > 50
> >
> +IENlcnRpZmljYXRlMB0GA1UdDgQWBBTACEuCjiL/cFrP+l8hECWctq+Q+TAfBg
> NV
> >
> +HSMEGDAWgBTWnWbWSXz6II1ddWkqQQp6A1ql6zAOBgNVHQ8BAf8EBAM
> CBe
> > AwHQYD
> >
> +VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwU
> AA4I
> > BAQA7
> >
> +vYHdpk9u63dpMKAt5MrKU9dxVn/wuqNaYQMucvQLpcE12fgWMhV2wOHl
> mk3f
> > Jxq7
> >
> +CnD8QVaRbL3OQYWQQDA+sGNSJ9r71WFFET++94Rny6BzTz+dkrvIS4WaL/v
> LZ17c
> >
> +/gOsMCZUlhodxDcSSkachab3eE/VTEzOMUm41YYeW7USIoNSSgkWSnwZQ
> VgcIg
> > 93
> >
> +F9X6lIr0Ik6rxHMq2ManiuSh6cMjJMGYGf2/58TySIefrXTe2A3TKQR27OYjfXJO
> >
> +l/H7u+4HS9AVCA7b9NihR5iSho5HrWqNC4Mmuz8D8iFOI2nWcek86StDswto
> qDtu
> > +yekXblzF5lQY0goqDiks
> > +-----END CERTIFICATE-----
> > +Bag Attributes
> > +    localKeyID: 32 25 22 FA 81 B3 BF 25 E2 F7 8F 0B 1B C4 50 70 BB B7
> > +85 96 Key Attributes: <No Attributes> -----BEGIN PRIVATE KEY-----
> >
> +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQD3vtjV/0
> 39IljC
> >
> +YGDFzKFjor3l/RRsfWHMB/gSp/WT2R4oOgrGegde38AVnpPKyDgDkVvBS/lM
> kYbJ
> > +yhf6CozDe2sIi42nJI6vJtGzxR1ZeHSaKLpR5kjwrETHhv6VrOA1T1oiKBdbr1ze
> >
> +jGd87dIaH4Kj5xoyUBdByxAqz6sgb+7IrfXyGjWf3JanEd2anV0EVHxJO3RPKYP
> m
> >
> +YzTWv+VkxsEgQeyHpLuIxmysm76Y+hbRD//GMgCQt3zg/mODyEApxcc1nIT
> hqxX
> > K
> >
> +HqoH/4S4c6Ikb2pYJ743M26N1uLIBcBQ/1saA6m9ZdZqB8jrm8OaEwnQ/ifkM
> HRZ
> >
> +dZApBvivAgMBAAECggEBAJ8NtLJ27T/1vBxWuepjfL217sroFyOrv4y5FQgNMv
> nP
> >
> +q6/Ry7cvAupjJjP7EhFfR67qtIi92PjSeUG18HzEJykdZFMhHTlQnBZRCtKqWzRk
> >
> +xB9wxGXuPafeQW4D+hBn4632GvzQ1mYziKEMbShkmr3QuxO1PDlO+A9yah
> fCK
> > bBx
> >
> +SPCo+McV+N4c8ft/0UPMxqJLcZSMWscrBMCw1OhGdHry4CEr+NWHBeAA
> UWX
> > rGSlq
> >
> +BPwM6PT00fku1RwQrw0QZw0YKL8VH5iA/uD8hfuaO2YUlt2Z025csNRyIPrizr
> 6v
> >
> +Q8Is7jetqPpXulWSBtSYoghTj97DeYQQsQwck+tQN6kCgYEA/beFmdojyc9CoL
> kd
> >
> +0MgwyPBdWma77rj80PAgeRm0hl2KQa8pA6dL/1y5x3vA25gqBr++q+KmSkY
> T6z/
> > Z
> >
> +n3llOk6pRlSWFlxuSLHVjOb/Qp1V/uxEG68Tg8L/I3SlMWiQ+/MnsXNHh+WEt
> KcZ
> >
> +FCVd0ASA4NbsKYKflT2QgraDB00CgYEA+fmRrwRlkh2OxVrxpGFER2uosYGlw
> Qiq
> >
> +Xb75eU8BnpO8CCnXtBK4Uv3J6l/zfc+Tr2LzzgPkQiWd4NF1/EFxCNQA5kxGcP
> f5
> >
> +F4f8dPr8CrADO1JNrX2ITHsosaaC1ImdW/r6tl66Ie2ueCImk5Yfu5DQv7JrKh/d
> >
> +lrTEUxJL2esCgYEA2VKBla9MSGjH4XOvHk7busJotC6be3fo1e9ZYWGrSAyHiIvI
> >
> +zeBXMHz0hPJz16UXGoDTideyKJyuIyul9Pu+wZrvU9bQWIcD0DDDgtW6gAzU
> xG8
> > M
> >
> +R8pHJO26LVyUwyWWSrmUnmLoOndWnIck7CS1nqC849o0n7nLh8IcLlq3EW
> ECgY
> > EA
> >
> +1HkeLE4na2f2R6fChv8qAy7uJ1rUodwUuzQtZsAR11EpXSL7tpLG27veGXpPQ
> 9vh
> >
> +Yw1PwAesx9Cjfklr6OtTAbb5wMaKhVExB6BNpL0E6KytQon1foaaCLASadXnl
> HIY
> >
> +L+uHmOWxfk9BodkdQwsyk8JGvPoRfq+xMH0b9qQxltsCgYEAtNf8yvoTXUH
> a2zj
> > e
> >
> +PvI6OiQjuiON5UIt9KkQNrIrcm4wiQ2eVdkCQcUstuXtmBtvnsrxlay0jbSz2bV6
> >
> +1sWlJIvfZJujC901yMs5+twr6jMuXZ6ashWF1f2UbwgtKvh49PPgly4RhWST3K
> p1
> > +J1AmCrzTwtaNmTZd1g5IYreXpKw=
> > +-----END PRIVATE KEY-----
> > diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
> > b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
> > index f5b0ceca2e..f98462718c 100644
> > --- a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
> > +++ b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
> > @@ -1,19 +1,25 @@
> > ------BEGIN CERTIFICATE-----
> > -
> MIIC/TCCAemgAwIBAgIQ0+nLBVt+jbJMSfzhFpRJrDAJBgUrDgMCHQUAMBIx
> EDA
> > O
> > -
> BgNVBAMTB1Rlc3RTdWIwHhcNMTYwODA0MTUwMjMwWhcNMzkxMjMxM
> jM
> > 1OTU5WjAT
> > -
> MREwDwYDVQQDEwhUZXN0Q2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEP
> ADC
> > CAQoC
> > -
> ggEBAJI8dhKiEX5+Kbjz2I3HwJwIb989vsou70Oyr6kHg9z9Qm1poD4PtErc+Go0
> > -
> KtZtv6AI2CbuXGI4KseabS09qXvVRXxUVSJMztl/XLxUEUIcn3bKSZLswPCpXbm
> g
> > -
> wYahzPiN1w+XevbIUWp32NoEA+NSwdFuzwALwIod7E4AJ97J2BCiP0o9Yf0N
> QVD
> > J
> > -
> dxu0zIZcC8UKS2dI1FB/TVR00l5t4Pr7CVCfSxRqiOfWW7nvQ51ncCQmWbptM
> Qq9
> > -
> 8d44HbUZoedDU7VFW2q938qMUeHFJLDyZ5OzKo39Ohr/zQXJQoSZMhol0Rqr
> 8LZ
> > c
> > -
> ppQAJ7Oxiq9HEOr6mWKTKIim3psCAwEAAaNWMFQwDAYDVR0TAQH/BAIw
> ADB
> > EBgNV
> > -
> HQEEPTA7gBAeQOcW6KCBdWSbrvKQrBrfoRUwEzERMA8GA1UEAxMIVGVzd
> FJvb
> > 3SC
> > -
> ELOMZKZtPz2BS8i5NTXdHNMwCQYFKw4DAh0FAAOCAQEAK7YgK6iiTo07d3CS
> Y4x
> > G
> > -
> 9N0QS2m4LsBPrF8pFmk5h6R81MFEdBZrA+zggbUujQ2IGB7k6F7WvP3F3B3AX
> Ztx
> > -
> DW1FYrQheQhTT5wx85LxFdLy+q6uwUtJi/VyErPmZOcds3QaBXPvG/UykFbu2
> 4JV
> > -
> K2ScLpQVyzmkTN7GWSXrIO6eHHMQgeRX3XjRutbR8CKP1pWTOY+MO4G6YZ
> qrz
> > Ldp
> > -
> opYFPgvdZpTL3IKSSkp31Amu5oidkvzLgallC3SOYdLZirWEIAAXW2LVYXwiiL6L
> > -
> HEIV/G9u85jhKhv/z9l8F/1Eg4HHGSYba8pf1HQA+WsQwi4BVp4x4MBoeHOoly
> VT
> > -/A==
> > ------END CERTIFICATE-----
> > +-----BEGIN CERTIFICATE-----
> >
> +MIIEKzCCAxOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEB
> hM
> > CQ04x
> >
> +CzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAs
> MBU
> > VES0lJ
> >
> +MRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZIhvcNAQkBFhNlZGtpaUB0a
> WFu
> > b2Nv
> >
> +cmUub3JnMB4XDTE3MDQxMDA4MzgwNFoXDTE4MDQxMDA4MzgwNFow
> dTEL
> > MAkGA1UE
> >
> +BhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjA
> MBg
> > NVBAsM
> >
> +BUVES0lJMREwDwYDVQQDDAhUZXN0Q2VydDEiMCAGCSqGSIb3DQEJARYT
> ZWR
> > raWlA
> >
> +dGlhbm9jb3JlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
> APe
> > +
> >
> +2NX/Tf0iWMJgYMXMoWOiveX9FGx9YcwH+BKn9ZPZHig6CsZ6B17fwBWek8r
> IOA
> > OR
> >
> +W8FL+UyRhsnKF/oKjMN7awiLjackjq8m0bPFHVl4dJooulHmSPCsRMeG/pWs
> 4DV
> > P
> >
> +WiIoF1uvXN6MZ3zt0hofgqPnGjJQF0HLECrPqyBv7sit9fIaNZ/clqcR3ZqdXQRU
> >
> +fEk7dE8pg+ZjNNa/5WTGwSBB7Ieku4jGbKybvpj6FtEP/8YyAJC3fOD+Y4PIQC
> nF
> >
> +xzWchOGrFcoeqgf/hLhzoiRvalgnvjczbo3W4sgFwFD/WxoDqb1l1moHyOubw
> 5oT
> >
> +CdD+J+QwdFl1kCkG+K8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWC
> GSA
> > GG+EIB
> >
> +AQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xp
> ZW
> > 50
> >
> +IENlcnRpZmljYXRlMB0GA1UdDgQWBBTACEuCjiL/cFrP+l8hECWctq+Q+TAfBg
> NV
> >
> +HSMEGDAWgBTWnWbWSXz6II1ddWkqQQp6A1ql6zAOBgNVHQ8BAf8EBAM
> CBe
> > AwHQYD
> >
> +VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwU
> AA4I
> > BAQA7
> >
> +vYHdpk9u63dpMKAt5MrKU9dxVn/wuqNaYQMucvQLpcE12fgWMhV2wOHl
> mk3f
> > Jxq7
> >
> +CnD8QVaRbL3OQYWQQDA+sGNSJ9r71WFFET++94Rny6BzTz+dkrvIS4WaL/v
> LZ17c
> >
> +/gOsMCZUlhodxDcSSkachab3eE/VTEzOMUm41YYeW7USIoNSSgkWSnwZQ
> VgcIg
> > 93
> >
> +F9X6lIr0Ik6rxHMq2ManiuSh6cMjJMGYGf2/58TySIefrXTe2A3TKQR27OYjfXJO
> >
> +l/H7u+4HS9AVCA7b9NihR5iSho5HrWqNC4Mmuz8D8iFOI2nWcek86StDswto
> qDtu
> > +yekXblzF5lQY0goqDiks
> > +-----END CERTIFICATE-----
> > diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer
> > b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer
> > index
> >
> e42f073d84af32513cc83f292ebc78ca6b5a6239..4c9bf0be5ae5d69e833808716c
> 99
> > 85
> > 77aba6d221 100644
> > GIT binary patch
> > literal 1008
> > zcmXqLVt!-L#B^l=GZP~d6DPxgiANu8Pdo6#fR~L^tIebBJ1-
> +6H!FidW0N7b0Vf-C
> > zC<~h~ld~U;!@<K8>;dDjgE>M50w85vJe(n!iFx_X`9-
> OQd<HxqF>W4KR~K(jPeVZi
> > zeh{CTha)7lxFje)zr;|<Kml$eC!?5fYD#uyrb7wHh-
> 9D<dih1^26E!OhUNw)h6V-}
> > zM&>34QDCkqoI5xi*~F-
> X9C(bZ49rc8{0s(7j9g4jjEoFBH8pb*c&;mdt9|z&>Hp1>
> > zt3rDkr-s>Y4-4LKs7dIkb*b`B-
> )l!gi$AZLx<dN%<hpqdPh^$mOlIf4zAF0q6Dh@(
> >
> z>&cPK0rFo(LMKn0{WWOAe!iFt>&T!P)50FEKH|KaHN3)=aejnoFrVNQeZG&&
> Bp2
> > ni
> > zS!x^i9zXi}ot*JyqbUa?kMK<A7V?NU{+3Wu8-
> 7Sww{~UwV$)X>o9)x9Cdo4f&rgb<
> > zDfG8kT6dmyj)~`bfA;<ZFSF;xSDN0^is^Xw%_H&Fw8tK93#Q1-
> {T9>C_r8R4BCl=K
> > z^P@gpRcjWuZcBF&4-
> K+<A?O>iXfi|6tLlcg=l9+(ZSdZin!J|Vx8zqO6Eh<N<Kkq4
> >
> zL<3o18j$5<5n~Y%TXn5ZTG#or?go{$W~ug@er?owYakDjR%Vef5Np7$0F;Jgg
> &7(D
> > zv#=U411SSOkN`hOfCZSG+mNFHn1+GTz{oK5-
> u)#aw<jr8NbNP8D|cO=OF%HTB=
> > Lp8
> > zk<X$p4MM)`=3%K2j@7x_Gik!bITtQSEMEMlM<eRWL|=}>-
> =t35UB(gdNObCNUE
> > QvY
> > z1`T^>ZF{JrV0ZV(@zB)s8scBx-
> P%`Pa5d<fXw~nv>;GPLoe=fR(CK>1X3wy!%kH1|
> >
> zXC!p<KU)9g@f)F?kF3N5{d|in*Soj+l&Q_@HagIE=#Kib_iHB4TNroV#PxyJ@w
> vX&
> >
> zubUT5{}J(Xo2kdgi(EzZe|>9Sp1I*6?HLq&FOV_VbkBsdJzZy<6_&gH*ACs#t@}
> Sz
> > q)Vt-v;mZ@|Oz{rAn)FI(byCLN;A3}|-kqh}S6QPs=Sf;ak1PPVc5WX4
> >
> > literal 756
> >
> zcmXqLV)|gv#CT@`GZP~dlYohVdOfS{)K=#OOTO~VdVb1)lZ{oIkC{o9mBB#RP
> |$#%
> >
> zjX9KsS(qavwYVfGKflC4PMp`!%)r9H#L(2h(8MB2oY&aW(8w5wOf5|<qp)jgVp
> KBV
> >
> zW#iOp^Jx3d%gD&c%D~*j$j<<D2NzQlBO}9<XU6_vhuIfgm>GWfVVDzRL8Oe
> nS6
> > aWx
> >
> zyvcjFy_vLRLSXE%{;h}GMDHgw?AuWh89n>2`lQS=r~2&XHM&Q)ypNf^*~>Y)
> m)n
> > qq
> >
> zVO!UMm0uMv*q_~yUK?Pn_gh*=Oz&M7WBa!gSAyBoXL7skmz{9zc71LVkJp
> +Ni)
> > <?S
> >
> z*Y^KA_~NO$?ayViWZ%q+PYTqVA*;D7yX&_zUxwz_ed!)98m|9jtpkd(4(#Tc
> &y=_
> > }
> > zd3pOcqxp7XG4IZ>?iGLG7PLN~YgwIGW^-nAp6~JV4Li<$OS9jXv*5)XwS-
> +OS??Bl
> > z?PXZO^F3g-
> %Qd@pMH}5`#_Dm3>O1dPcwDoZ_E6kCHT9e=6Eh<N<6;j3Hv<=7c*
> > `=f
> >
> z*cw<j2%Otmb^fX1@$AoUCSBQ|s%5%R6l>@<;fq9II5RS2^FH9Z@GjbZTd_y
> di!ad
> > +
> > z-`-?6`jju@cd)TRR>H1#7SVyp1y}1>|2=Wl5>1l+bE9-
> }*tchFt%~0{+|_peWA&S$
> > z6!OKA(<i3yY>oALZ(RwtFEJ`wDc>VYHKwneptH-3DJvz-
> )97@p$v>4RE*lQ56_;kM
> > zy&Tb@w~z0-
> _Nkct8mhK8cH3A4JyZX6X@_fee7*MuW!4w#(_cKw(VzdLxc;#Co=s
> > WN
> > zTA#Bo->JW^e_=Hn&p+npy-jagY){m_J)IS8>JiHRdsT%L<L()*-
> M6|PD~7j;DvJk5
> > w&)Fjtxk78LRUM;B^Y;yj&-
> VJ?oH${*)=nPl)l(H@K9rne+9eYEaiXdh0N3>|0{{R3
> >
> > diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
> > b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
> > index 3ca5149d2a..1331933c3d 100644
> > --- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
> > +++ b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
> > @@ -1,56 +1,58 @@
> > -Bag Attributes
> > -    localKeyID: 01 00 00 00
> > -    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
> > -    friendlyName: PvkTmp:76c92422-d6f3-4763-9b80-b423fd921d00
> > -Key Attributes
> > -    X509v3 Key Usage: 80
> > ------BEGIN PRIVATE KEY-----
> > -
> MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCU5jNPVsM
> HoN
> > CZ
> > -
> V8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CAvrh4WVub/SeSaczKjj6e
> > -
> gUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsbLBYu7lYBh/bI1FMHZ
> 5kL
> > -
> Rr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9iUS6YHSm6a4r7Qw5oKf
> W
> > +
> > -
> Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRfoRlKvUIqmfhZpg2lbbk3
> H
> > -
> z4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8LeYzJ14hJ7ncOEjWOp
> bh
> > -
> F0dlZc49AgMBAAECgf8dY26Sej8u15Xiri/l3zXgy7aR7uAAbFGoM8fv2exQgIDk
> > -
> FrdxTDtqzqTSxGAkfUWs4Ip2DUEeZDwF/qjW4FCzb3mI/QmNt70Yd9KsEDAm
> DkZ
> > 2
> > -wylcYC2l7IqVEl6HZMpNyiu5hfXdTn/tlkkUIiKr6POYmFR6IyPiS61Tm4LQXyhv
> > -
> iW+Lx0GqFQcH82CsbNRNgJGJk/BIiHn7kNDi5rRrKsmTuKEQB9iwF/rKp+lnJN0g
> > -
> 4qTv2bbZVxj39QWdOovU5LCL+1WJdkA2mpFpZjBEsTdF+UEGCbixdiftfovnZa6
> 4
> > -
> rofw3pIxr97XS42D3OmdPmSokpwqcQtjTXfScCECgYEAvxBMHcEFMZX644hhZt
> H7
> > -
> t0/PCka9DUBZfe58r+lmgSvlbMCka9OvKGtr86+j0IdWqmGWxRHAuk3KR3NIC
> 3EU
> > -
> mD0rYSWiStW0I/cmHidS/a9OdWWHtWi1LcXX7KBn9AjKjPzghqAfDAkRxYfZKLI
> o
> > -
> PRL44O/RM6nJ1j7az5CgWR0CgYEAx4FW/xVVL1Z0kn/VyNVYLdlhV4zMNn6Cu
> 0ko
> > -
> jebQydDBh4Tsne2A4dPonZQSsEiJ6jhzaUZr7l5OAEp+0aX0M/h6JbxTcA4CK3Xr
> > -
> X2TAaOCkPc1r0I79ZduKymyMNrWfXHenvFVl57klp9eFRQJ6o+pZB9ysFzPHXb
> ci
> > -
> 4VCsX6ECgYBMqAdB8M1apafxXihmDl2FoJmar+LtzCGbqvGPyn772FbGGUxej
> qG
> > 5
> > -
> /89iB9gbtBELbvgEvSisFsXPgOso3Ae9RN2Aro68o50QyPocIv7jFVDPPRsDp6z5
> > -
> XmVRZNIQUO6jPln+6YNLWuAsdmKkN0Z5qoD8DnvK1JZMRQ+ZM5eB6QKBg
> QCu
> > vz+w
> > -
> VsMyn4uj9o0PSK/gGRQGV7FX2iAwY7g98vrWix+40FlhS3MkWzTZMaXc+uyyV
> 5ff
> > -
> kmtfcwLnhljm0XHBQ9fZzcdX0y1bXAI6oElYk8vIxnG1UEnsOgyrmcCG+zcHC1fE
> > -
> wxhri+TLyx9UfwNlKBOrq0KhYB00nQDUUpFpgQKBgQCPWpNeNQ8hCARnay
> hzu
> > 2fE
> > -
> HEPG1P/resOp0u+c4jy4TeHVa9806wqZlkYNRKNn09Ub5Ajpp05dwdb+JvUSk
> Wwr
> > -
> vOmE94WeLg5FuNzPAQjwAe+Eq54Vk8TdAhdLSu1m2xdBKFtEOk6TQTmRBCi
> knw
> > hg
> > -19TgHd8hEFnz6ZICAeWGbQ==
> > ------END PRIVATE KEY-----
> > -Bag Attributes
> > -    localKeyID: 01 00 00 00
> > -subject=/CN=TestRoot
> > -issuer=/CN=TestRoot
> > ------BEGIN CERTIFICATE-----
> > -
> MIIC8DCCAdygAwIBAgIQNDAnfwU9lYVDoKT1DJrnyjAJBgUrDgMCHQUAMB
> MxE
> > TAP
> > -
> BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDE0OFoXDTM5MTIzMTIzN
> Tk1
> > OVow
> > -
> EzERMA8GA1UEAxMIVGVzdFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBD
> wAw
> > ggEK
> > -
> AoIBAQCU5jNPVsMHoNCZV8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV3
> 2CA
> > -
> vrh4WVub/SeSaczKjj6egUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLv
> sb
> > -
> LBYu7lYBh/bI1FMHZ5kLRr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9
> i
> > -
> US6YHSm6a4r7Qw5oKfW+Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swF
> vRf
> > o
> > -
> RlKvUIqmfhZpg2lbbk3Hz4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hy
> E8
> > -
> LeYzJ14hJ7ncOEjWOpbhF0dlZc49AgMBAAGjSDBGMEQGA1UdAQQ9MDuAE
> M61
> > es/l
> > -
> Icdr8+yS1L9lKjWhFTATMREwDwYDVQQDEwhUZXN0Um9vdIIQNDAnfwU9lYV
> Do
> > KT1
> > -
> DJrnyjAJBgUrDgMCHQUAA4IBAQBrDeAK0O5bP7ZzSGLo9Fvh7dkAxeUOaPtT
> Mz
> > Bq
> > -
> YLruOFtRY3DVfgX+5EUqFWIb/Nh1k1b25gaFIfcIRya5/gVOkCJU9DkJTFyOzXw7
> > -
> r0stGAb0XCQqZPdZdSiXqZAsukYCamRmSTLLXTT+JOREsMKtFxsFfdNYiC6+Dtc
> r
> > -yly/KCU92Ls8OFLmJ/rSuEVrX39LsCMF6K9n6OJsL5/4c3/DF7yyalsq82vT3H/f
> > -
> L9CrBgz+A+eNguyEPch97ctqWzVIVQf7qngaAbuYRYvaiuMhV4YVIxdQG5y8Gl
> mo
> > -Kq06fgEkg/ewYea9T9mRkKcquQw7q5UgHPB0zgK6FF3xkSVK
> > ------END CERTIFICATE-----
> > +Bag Attributes
> > +    localKeyID: F4 2E C8 1D 29 A0 02 47 B7 93 2B 69 8D 8D D1 33 7A E3
> > +09 30
> >
> +subject=/C=CN/ST=SH/L=SH/O=TianoCore/OU=EDKII/CN=TestRoot/emailA
> ddr
> > ess=edkii@tianocore.org
> >
> +issuer=/C=CN/ST=SH/L=SH/O=TianoCore/OU=EDKII/CN=TestRoot/emailAd
> dres
> > s=edkii@tianocore.org
> > +-----BEGIN CERTIFICATE-----
> >
> +MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCM
> Qs
> > wCQYD
> >
> +VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQ
> KDAl
> > UaWFu
> >
> +b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdD
> EiM
> > CAGCSqG
> >
> +SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDB
> aFw
> > 0x
> >
> +NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU
> 0gxC
> > zAJBgNV
> >
> +BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJ
> MR
> > EwDwYD
> >
> +VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9j
> b3JlL
> > m9y
> >
> +ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3
> u8G
> > L/
> >
> +2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9e
> qW9f
> > k
> >
> +GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTD
> hGU
> > Lw7x
> >
> +phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM
> /Z3
> > qS
> >
> +HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
> >
> +Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZW
> OtC0
> > 10
> >
> ++lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8
> GA1
> > Ud
> >
> +IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf
> 8wD
> > gYD
> >
> +VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSInga
> vTG
> > dHtcv
> >
> +ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD
> 9hrI
> > 3aYI
> >
> +WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5j
> FC
> > +14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
> >
> +oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIr
> M
> >
> +QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunOR
> mgI
> > wd
> > +-----END CERTIFICATE-----
> > +Bag Attributes
> > +    localKeyID: F4 2E C8 1D 29 A0 02 47 B7 93 2B 69 8D 8D D1 33 7A E3
> > +09 30 Key Attributes: <No Attributes> -----BEGIN PRIVATE KEY-----
> >
> +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5KSlsYAzX
> I/Z9
> >
> +7vBi/9nJqlWMgZVWP7dWU7DCghLFO3UjuU3WxFVz86qVqBvzk36eQOQdIp
> yTB
> > wvX
> >
> +qlvX5BohhNdjWQNQH/UUVZORm/VSsL8OXGg7WVKYllbhq8RDuwVXeEUBn
> 1gV
> > Uw4R
> >
> +lC8O8aYZom6GOSszjcfF6+4eM9MylMFZxAyXCxJIXzP2YHR9V8ITLX2ph6M16
> pGD
> >
> +P2d6kh8BU59iX5kS/XMbLZ4rbDRJr08Hj8Dpa55feTXaKlyI7vZIYdqW40hGoJQc
> >
> +nfZchw7vdAmRDT1a58VMinqsoYW2Z0QXVVI66BFNWKKTAGLqe4Dtz73fdYB
> LuW
> > Vj
> >
> +rQtNdPpZAgMBAAECggEAci5d6wT4Jht5P4N/Ha2kweWWR8UJMFyuVD/bur
> a3m
> > ITn
> >
> +4ZW92HjOMWjLgupeAkCsTi65/PWBFHG97cqSRHnXW2At6ofTsS9j1JxJGfvQt
> qNj
> >
> +zhlR9XdJperfvN5Nc277BkuWUj/O86d5/4Ef29lMknZGLeNHLs15qiWpe1p+HK
> vt
> >
> ++DfL7Prl5qWA5G90QmXgRQJbThl1TYLCYkETB+9m3MIRm8Z01XKH+fm4ahgc
> lEkG
> >
> +XaQl04DhMEo7A/sC8NUnozOMEf81Ixkt3wEpoEDtZ+WhRTrgLF23Q4sXAIBM
> lEfz
> >
> +Pz2UaX/9KBT1dRbZseStIjJKMc8qd+pC7Ww2tuHEOQKBgQDmLdFSgHc2URQ
> W/
> > Otj
> >
> +fr9S/Z7EPSOA/tmh4dFhQGwzKF4Us838deRz2cRTbgq5BHuBCrMEPRBiX8h4
> WLEB
> >
> +NVZ73JjgOfyshcDXWNg5noc9f24HYHMZnjcFmHNokpyIgxLl2qgN8f03doJEm
> Kkj
> >
> +pm/VnfZmkGDd65IXRp8MYMTQOwKBgQDN7ofqKWK5SA+vt+tDOkCYq6eH
> Kb9
> > +ImPh
> >
> +PreikT5xc9SMtb0tGlIjKydsiqA9Jv1WRnpUG0fVfMyagBSOrKt9wC143VEvOtk
> R
> >
> +QJehmLLYG97HP7CXtniAWeKuc2pfCd+nGdHLFmduuTEEDcxab5LQc5dvYQ/R
> fznF
> >
> +YVunt73qewKBgQCg11VUpCYpU2CJa7SEMtY4hLbDg8FiazLiVqx7m4u/964+Iy
> KG
> >
> +Dk9T0NDKR7PAc2xl0HclOBJR24J27erJ4F6NcKl2za5NU61cDV4SbT8tbvUQvInR
> >
> +Veg2xb+nTAOLtKOo8DDMhdMeRXZjvpU6LxwolhfOtYaqq+jK0PNkr933bwK
> BgA0
> > G
> >
> +RiBgR7cyQJO7jSyuVYGSccERuePPZwPLBLBKgWmJiurvX6ynmoRQ6WhrCCF2
> AtXf
> >
> +FUOWih+Nih9HdIVllF8atYWMceML1MjLjguRbdZPRPLTK2cdClgL11NzR0oFh
> Ni7
> >
> +wFIY86fEHL6F5OPfZKi8dtp7iBWW919tfe+IpoFbAoGBAMzNKKBHG5eMuKQI
> /Dw
> > w
> >
> +50PDHu25TGUiTc1bHx18v7mGlcvhEPkDYAKd3y7FN5VRoooarGYlLDHXez0Fv
> DTa
> >
> +ABFUUad70bULTqRTSmld0I9CWWnYs0vaFKgIemddQ7W2eXr7N+N+ED+OK/
> PvW
> > jMq
> > +LMKhChf252RfOYdB+WN6alVG
> > +-----END PRIVATE KEY-----
> > diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
> > b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
> > index 14b641897c..ae67e9c1b5 100644
> > --- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
> > +++ b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
> > @@ -1,18 +1,23 @@
> > ------BEGIN CERTIFICATE-----
> > -
> MIIC8DCCAdygAwIBAgIQNDAnfwU9lYVDoKT1DJrnyjAJBgUrDgMCHQUAMB
> MxE
> > TAP
> > -
> BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDE0OFoXDTM5MTIzMTIzN
> Tk1
> > OVow
> > -
> EzERMA8GA1UEAxMIVGVzdFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBD
> wAw
> > ggEK
> > -
> AoIBAQCU5jNPVsMHoNCZV8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV3
> 2CA
> > -
> vrh4WVub/SeSaczKjj6egUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLv
> sb
> > -
> LBYu7lYBh/bI1FMHZ5kLRr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9
> i
> > -
> US6YHSm6a4r7Qw5oKfW+Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swF
> vRf
> > o
> > -
> RlKvUIqmfhZpg2lbbk3Hz4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hy
> E8
> > -
> LeYzJ14hJ7ncOEjWOpbhF0dlZc49AgMBAAGjSDBGMEQGA1UdAQQ9MDuAE
> M61
> > es/l
> > -
> Icdr8+yS1L9lKjWhFTATMREwDwYDVQQDEwhUZXN0Um9vdIIQNDAnfwU9lYV
> Do
> > KT1
> > -
> DJrnyjAJBgUrDgMCHQUAA4IBAQBrDeAK0O5bP7ZzSGLo9Fvh7dkAxeUOaPtT
> Mz
> > Bq
> > -
> YLruOFtRY3DVfgX+5EUqFWIb/Nh1k1b25gaFIfcIRya5/gVOkCJU9DkJTFyOzXw7
> > -
> r0stGAb0XCQqZPdZdSiXqZAsukYCamRmSTLLXTT+JOREsMKtFxsFfdNYiC6+Dtc
> r
> > -yly/KCU92Ls8OFLmJ/rSuEVrX39LsCMF6K9n6OJsL5/4c3/DF7yyalsq82vT3H/f
> > -
> L9CrBgz+A+eNguyEPch97ctqWzVIVQf7qngaAbuYRYvaiuMhV4YVIxdQG5y8Gl
> mo
> > -Kq06fgEkg/ewYea9T9mRkKcquQw7q5UgHPB0zgK6FF3xkSVK
> > ------END CERTIFICATE-----
> > +-----BEGIN CERTIFICATE-----
> >
> +MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCM
> Qs
> > wCQYD
> >
> +VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQ
> KDAl
> > UaWFu
> >
> +b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdD
> EiM
> > CAGCSqG
> >
> +SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDB
> aFw
> > 0x
> >
> +NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU
> 0gxC
> > zAJBgNV
> >
> +BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJ
> MR
> > EwDwYD
> >
> +VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9j
> b3JlL
> > m9y
> >
> +ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3
> u8G
> > L/
> >
> +2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9e
> qW9f
> > k
> >
> +GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTD
> hGU
> > Lw7x
> >
> +phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM
> /Z3
> > qS
> >
> +HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
> >
> +Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZW
> OtC0
> > 10
> >
> ++lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8
> GA1
> > Ud
> >
> +IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf
> 8wD
> > gYD
> >
> +VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSInga
> vTG
> > dHtcv
> >
> +ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD
> 9hrI
> > 3aYI
> >
> +WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5j
> FC
> > +14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
> >
> +oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIr
> M
> >
> +QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunOR
> mgI
> > wd
> > +-----END CERTIFICATE-----
> > diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
> > b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
> > index 67f9d2560b..de988856e5 100644
> > --- a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
> > +++ b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
> > @@ -1,57 +1,59 @@
> > -Bag Attributes
> > -    localKeyID: 01 00 00 00
> > -    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
> > -    friendlyName: PvkTmp:11e8b08d-46fb-45a2-90c4-d458be4a1276
> > -Key Attributes
> > -    X509v3 Key Usage: 80
> > ------BEGIN PRIVATE KEY-----
> > -
> MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCfNn3oUo5i
> CBX
> > g
> > -
> x1AUxgHG/h23/WyThgYj2NAToG3S51i0MGamyjGP8GbBphRc0ORpIhQE8Va+
> NPj
> > W
> > -
> cdoh4sXLOroW3Es26sR+cxdRwNF0/YxK/+JboYDmdUecgcwqipIv795bVQjRLC
> yT
> > -
> /+LjLXs/B3XM/jc4jHa7gs+AmwH2DXz9VTsIHmXrm/KGZ64VQzFbJYJl+KvFAml
> m
> > -LcL+t099lyiJYL+3LY2ajonzkAidVQylIfsmhAlcnGee6MYfPxLQRe4pIIlhyXAK
> > -ZixBnAlZvifo3JRwTKXRHzkj6Vp5KhDsi/31Y54iLJQHiet/FlymIHrtkFpC47xi
> > -
> ndF6jNpfAgMBAAECggEAD4owC9xS+A/gosnmxRWhLXJhet3fb8llvAX4zpGau
> +Uc
> > -
> wVRKu1OCNucOAISx+W/iJhN6GhQRlWByO+wXkGB5UcwaRwpFb8dxBQPoG
> MY
> > AgQdm
> > -
> XsOkV7E8dZdTirEYjmZsElsP5vY2dW7MWGhiFYO7mHv6ltbmk5G83Qci3biYyRK
> B
> > -
> 4Qb+q/1yl9tdqRvMnLshgSNSa2onGiJ8k9NniSnfnKCc4S0pliy2Z5HOPQCi2QAk
> > -
> eVWORHz5jL8lzlVCflOL7VZiS13YORMDIj0S9LyMhXO4bAtsgWfldqOupNgNW0
> qI
> > -
> FwzrNvIXhQxeUiqylzfKNCzuBA11CFBnPt/+agv10QKBgQDH82PHMC3GH8Teq
> 0lw
> > -
> J5G+zYQol1ikRU7O116cAcV04P8HAiAmZ2lrP4DSJWD3y3sOjnnK54KmXkHVcN
> JI
> > -
> IDjb8d/BZjuYqdylfKhoKNgAdI1WcNKOz7KOK6Le8/ZK1uh1ZHMA6M+L9mTtQj
> hW
> > -
> DyoMvEGsQmNHnYF5n3zPQWUMFQKBgQDL17jZMLOORK2U+Iqu0cTVttGUj
> g/a
> > gP+r
> > -
> D4RWwA6BKI0vW3fFOka9MsjBpRZkZdXucq1TusDl8/J30FD/Cjp/gt9RwCQAvk
> 44
> > -
> Zp6HU3TFEsBdXU+3XeJqTtyJqFuPkRQWrd0UeudSiEJammAlzyF7pPZioF1muc
> OA
> > -
> nCcDecLFowKBgBv1gKI9rmjh0FmCggZYwhx4CF7UquRtfJOXsfcGmGG7hG2qc
> mx
> > s
> > -
> UWVZv92itGhx34ctjQI+VRqGW5ZI7F6BgvHeZHdaoEK8ncnWIIZQD8QgiBLqO8
> cU
> > -
> a9dNarzaSDo2ytJ/dUVPSJY9oec7Nz1xaWPWfyhjMBa3g39KOd2RO1vxAoGBA
> MR
> > D
> > -
> Q9r6JSeJwId6diy0FAyhJVEfJux+36tYGVddO5nn7Wf3bW4cGhf4WYr45IJt+njH
> > -
> OVMwsKG3K3FoxVOKCaDT5SjVEtUUZkOvqlspY3iMAWLjgOlQH7uzimuQCfhE
> +06
> > K
> > -
> wB4D581zHFAX6xL8R4TA4+k59jP+D9o4fue9yGZ5AoGAMn+TsY1IZFSY1fw6TT
> Hq
> > -
> sp9PiYQQqTMjRkzE7GRXbb1rdE6WoLkSk4Dz4u/B9E7YVzTZggYhPisChu6wZPt
> K
> > -
> IiXBGu8h3GygUGI/WdNRKHW5nst9IZWrtVJ06c87jWqOktbgBnrbqXUG1rgRZr
> +i
> > -n3sJLF+GGwzdp/gCxLMH66M=
> > ------END PRIVATE KEY-----
> > -Bag Attributes
> > -    localKeyID: 01 00 00 00
> > -subject=/CN=TestSub
> > -issuer=/CN=TestRoot
> > ------BEGIN CERTIFICATE-----
> > -
> MIIDADCCAeygAwIBAgIQs4xkpm0/PYFLyLk1Nd0c0zAJBgUrDgMCHQUAMBM
> xET
> > AP
> > -
> BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDIwOVoXDTM5MTIzMTIz
> NTk
> > 1OVow
> > -
> EjEQMA4GA1UEAxMHVGVzdFN1YjCCASIwDQYJKoZIhvcNAQEBBQADggEPAD
> CCA
> > QoC
> > -
> ggEBAJ82fehSjmIIFeDHUBTGAcb+Hbf9bJOGBiPY0BOgbdLnWLQwZqbKMY/w
> ZsG
> > m
> > -FFzQ5GkiFATxVr40+NZx2iHixcs6uhbcSzbqxH5zF1HA0XT9jEr/4luhgOZ1R5yB
> > -
> zCqKki/v3ltVCNEsLJP/4uMtez8Hdcz+NziMdruCz4CbAfYNfP1VOwgeZeub8oZ
> n
> > -
> rhVDMVslgmX4q8UCaWYtwv63T32XKIlgv7ctjZqOifOQCJ1VDKUh+yaECVycZ57
> o
> > -
> xh8/EtBF7ikgiWHJcApmLEGcCVm+J+jclHBMpdEfOSPpWnkqEOyL/fVjniIslAeJ
> > -
> 638WXKYgeu2QWkLjvGKd0XqM2l8CAwEAAaNZMFcwDwYDVR0TAQH/BAUw
> Aw
> > EB/zBE
> > -
> BgNVHQEEPTA7gBDOtXrP5SHHa/PsktS/ZSo1oRUwEzERMA8GA1UEAxMIVGV
> zdF
> > Jv
> > -
> b3SCEDQwJ38FPZWFQ6Ck9Qya58owCQYFKw4DAh0FAAOCAQEAFT8uXdMSH
> Cm
> > atVNg
> > -
> LMKsyVA/jJgXGncHmAy59Vjo2+KCIooEuY3NaK527LxB1yi9+UyMe2+Ia4KWcE
> GY
> > -
> +mb+PDTDrlsYtjIU3aRzDpyXUrkYV/D6vZaw+zsgAquQkCi+WwEYZ4uCSUznlcy
> t
> > -
> U3p2Rd/+tvQqq5UerPfRBIs6JTUerwRGUQurTNpzqCGClo3zi58yuOEbNIrOzW
> 1D
> > -
> MtQFKUtKkMx4rg6NT9kq/ICXt8k3UIsXh52NTYchkLlsnCgaoKzW2DFqSMFL3K
> C0
> > -
> NmQtmKaPo3mBIYJT0WDofYzas2TQO8cBiQHGrSqXNFAfI5eUo3qLtsRE+7Z9F
> 2M
> > w
> > -HgNmsA==
> > ------END CERTIFICATE-----
> > +Certificate:
> > +    Data:
> > +        Version: 3 (0x2)
> > +        Serial Number: 4098 (0x1002)
> > +    Signature Algorithm: sha256WithRSAEncryption
> > +        Issuer: C = CN, ST = SH, L = SH, O = TianoCore, OU = EDKII,
> > +CN =
> > TestRoot, emailAddress = edkii@tianocore.org
> > +        Validity
> > +            Not Before: Apr 10 08:33:45 2017 GMT
> > +            Not After : Apr 10 08:33:45 2018 GMT
> > +        Subject: C = CN, ST = SH, O = TianoCore, OU = EDKII, CN =
> > + TestSub,
> > emailAddress = edkii@tianocore.org
> > +        Subject Public Key Info:
> > +            Public Key Algorithm: rsaEncryption
> > +                Public-Key: (2048 bit)
> > +                Modulus:
> > +                    00:c5:3a:af:16:34:9a:14:61:74:8c:39:1a:04:1f:
> > +                    7b:95:d3:40:b7:ea:26:a7:7b:8d:76:d3:86:1b:7c:
> > +                    07:17:d2:56:72:36:13:b4:6c:75:b7:bf:d1:35:d1:
> > +                    31:d5:9a:07:c1:62:4e:aa:3d:bd:d8:40:8b:48:9a:
> > +                    c5:46:c4:c3:10:2c:d4:82:d9:6d:f4:c3:de:85:fa:
> > +                    34:1d:d1:74:7a:5f:16:34:59:2b:2b:03:61:46:62:
> > +                    d7:88:62:59:4d:d8:55:00:52:54:e1:15:5e:a9:ec:
> > +                    d6:e8:51:fd:ef:8e:68:5f:d2:40:d2:61:ef:2c:1d:
> > +                    5b:a7:6e:14:4c:12:bc:60:81:8e:66:c9:84:51:c2:
> > +                    89:51:fc:e5:7f:86:9a:78:a4:c1:f7:0f:a9:a5:97:
> > +                    60:dd:6f:c8:a0:fd:ea:07:2f:01:36:0a:e8:bd:0e:
> > +                    dc:48:2e:85:22:7b:bb:db:68:78:eb:cd:6a:54:07:
> > +                    f7:81:a5:52:8f:f3:5c:09:1e:76:a3:d1:91:8f:ee:
> > +                    86:2c:85:49:99:96:4f:5f:5b:0d:08:ae:d8:20:e8:
> > +                    e3:67:70:c6:ec:0e:0e:bd:bf:3c:f6:db:e4:45:d5:
> > +                    7a:bb:9f:d1:3b:18:89:fc:63:ac:c2:30:b8:fa:bb:
> > +                    8a:24:63:4e:79:58:78:72:ab:27:36:3d:bb:4f:47:
> > +                    d6:ef
> > +                Exponent: 65537 (0x10001)
> > +        X509v3 extensions:
> > +            X509v3 Subject Key Identifier:
> > +
> > D6:9D:66:D6:49:7C:FA:20:8D:5D:75:69:2A:41:0A:7A:03:5A:A5:EB
> > +            X509v3 Authority Key Identifier:
> > +
> > keyid:16:AA:D6:8E:1B:2D:43:F3:2D:B0:24:AD:36:65:3F:B2:FA:B1:2C:ED
> > +
> > +            X509v3 Basic Constraints: critical
> > +                CA:TRUE
> > +            X509v3 Key Usage: critical
> > +                Digital Signature, Certificate Sign, CRL Sign
> > +    Signature Algorithm: sha256WithRSAEncryption
> > +         83:3c:ae:b2:fc:99:3d:33:b3:da:ca:26:83:8c:a9:ae:f8:bb:
> > +         ad:05:37:97:a5:f8:0d:2b:4e:3e:e5:b7:12:68:f8:64:d4:bd:
> > +         ff:65:7d:57:98:61:cd:47:10:a5:6a:bd:66:89:74:ce:5e:28:
> > +         29:39:67:c9:1f:54:ec:78:76:b1:dd:04:91:63:b6:8c:2f:86:
> > +         59:1f:c4:2b:a1:4a:8c:a8:5b:f6:8a:92:f0:83:bb:92:92:5c:
> > +         b1:1c:18:95:3d:d6:be:6d:79:9d:4f:7b:92:1f:68:f5:1f:cd:
> > +         f4:37:2d:1e:e3:f6:eb:f2:8a:a4:8d:a1:c5:db:0c:3a:59:01:
> > +         dc:be:a9:c1:0b:04:ba:e8:02:a9:85:cd:d7:48:0d:f6:60:30:
> > +         2b:05:ba:e0:c7:d8:9f:23:14:37:04:0a:a7:bc:b6:c8:25:31:
> > +         e4:9a:41:a5:83:c2:ee:89:d3:fa:a5:7c:ae:a6:14:22:a4:5f:
> > +         73:03:f2:7b:3c:51:f7:76:2a:0a:cf:ee:71:35:1c:bc:ff:3f:
> > +         9b:d5:b1:33:e0:b6:fc:2a:c8:ab:84:89:cd:fa:1c:ee:12:8c:
> > +         07:ba:93:46:50:b3:3f:73:05:be:67:58:60:90:05:2c:d3:b6:
> > +         19:7c:a4:f0:6e:ee:d4:f2:0e:f5:02:79:5f:2c:28:83:1e:83:
> > +         c6:92:ba:7c
> > diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
> > b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
> > index a12d8374ae..04402ea983 100644
> > --- a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
> > +++ b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
> > @@ -1,19 +1,23 @@
> > ------BEGIN CERTIFICATE-----
> > -
> MIIDADCCAeygAwIBAgIQs4xkpm0/PYFLyLk1Nd0c0zAJBgUrDgMCHQUAMBM
> xET
> > AP
> > -
> BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDIwOVoXDTM5MTIzMTIz
> NTk
> > 1OVow
> > -
> EjEQMA4GA1UEAxMHVGVzdFN1YjCCASIwDQYJKoZIhvcNAQEBBQADggEPAD
> CCA
> > QoC
> > -
> ggEBAJ82fehSjmIIFeDHUBTGAcb+Hbf9bJOGBiPY0BOgbdLnWLQwZqbKMY/w
> ZsG
> > m
> > -FFzQ5GkiFATxVr40+NZx2iHixcs6uhbcSzbqxH5zF1HA0XT9jEr/4luhgOZ1R5yB
> > -
> zCqKki/v3ltVCNEsLJP/4uMtez8Hdcz+NziMdruCz4CbAfYNfP1VOwgeZeub8oZ
> n
> > -
> rhVDMVslgmX4q8UCaWYtwv63T32XKIlgv7ctjZqOifOQCJ1VDKUh+yaECVycZ57
> o
> > -
> xh8/EtBF7ikgiWHJcApmLEGcCVm+J+jclHBMpdEfOSPpWnkqEOyL/fVjniIslAeJ
> > -
> 638WXKYgeu2QWkLjvGKd0XqM2l8CAwEAAaNZMFcwDwYDVR0TAQH/BAUw
> Aw
> > EB/zBE
> > -
> BgNVHQEEPTA7gBDOtXrP5SHHa/PsktS/ZSo1oRUwEzERMA8GA1UEAxMIVGV
> zdF
> > Jv
> > -
> b3SCEDQwJ38FPZWFQ6Ck9Qya58owCQYFKw4DAh0FAAOCAQEAFT8uXdMSH
> Cm
> > atVNg
> > -
> LMKsyVA/jJgXGncHmAy59Vjo2+KCIooEuY3NaK527LxB1yi9+UyMe2+Ia4KWcE
> GY
> > -
> +mb+PDTDrlsYtjIU3aRzDpyXUrkYV/D6vZaw+zsgAquQkCi+WwEYZ4uCSUznlcy
> t
> > -
> U3p2Rd/+tvQqq5UerPfRBIs6JTUerwRGUQurTNpzqCGClo3zi58yuOEbNIrOzW
> 1D
> > -
> MtQFKUtKkMx4rg6NT9kq/ICXt8k3UIsXh52NTYchkLlsnCgaoKzW2DFqSMFL3K
> C0
> > -
> NmQtmKaPo3mBIYJT0WDofYzas2TQO8cBiQHGrSqXNFAfI5eUo3qLtsRE+7Z9F
> 2M
> > w
> > -HgNmsA==
> > ------END CERTIFICATE-----
> > +-----BEGIN CERTIFICATE-----
> >
> +MIID1jCCAr6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTA
> kNO
> >
> +MQswCQYDVQQIDAJTSDELMAkGA1UEBwwCU0gxEjAQBgNVBAoMCVRpYW
> 5vQ
> > 29yZTEO
> >
> +MAwGA1UECwwFRURLSUkxETAPBgNVBAMMCFRlc3RSb290MSIwIAYJKoZIh
> vcN
> > AQkB
> >
> +FhNlZGtpaUB0aWFub2NvcmUub3JnMB4XDTE3MDQxMDA4MzM0NVoXDTE
> 4M
> > DQxMDA4
> >
> +MzM0NVowdDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQ
> QKD
> > AlUaWFu
> >
> +b0NvcmUxDjAMBgNVBAsMBUVES0lJMRAwDgYDVQQDDAdUZXN0U3ViMSI
> wIA
> > YJKoZI
> >
> +hvcNAQkBFhNlZGtpaUB0aWFub2NvcmUub3JnMIIBIjANBgkqhkiG9w0BAQE
> FAA
> > OC
> >
> +AQ8AMIIBCgKCAQEAxTqvFjSaFGF0jDkaBB97ldNAt+omp3uNdtOGG3wHF9J
> WcjY
> > T
> >
> +tGx1t7/RNdEx1ZoHwWJOqj292ECLSJrFRsTDECzUgtlt9MPehfo0HdF0el8WNF
> kr
> >
> +KwNhRmLXiGJZTdhVAFJU4RVeqezW6FH9745oX9JA0mHvLB1bp24UTBK8YIG
> OZs
> > mE
> >
> +UcKJUfzlf4aaeKTB9w+ppZdg3W/IoP3qBy8BNgrovQ7cSC6FInu722h4681qVAf
> 3
> >
> +gaVSj/NcCR52o9GRj+6GLIVJmZZPX1sNCK7YIOjjZ3DG7A4Ovb889tvkRdV6u5
> /R
> >
> +OxiJ/GOswjC4+ruKJGNOeVh4cqsnNj27T0fW7wIDAQABo2MwYTAdBgNVHQ
> 4EF
> > gQU
> >
> +1p1m1kl8+iCNXXVpKkEKegNapeswHwYDVR0jBBgwFoAUFqrWjhstQ/MtsCS
> tNm
> > U/
> >
> +svqxLO0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQY
> JKoZ
> > IhvcN
> >
> +AQELBQADggEBAIM8rrL8mT0zs9rKJoOMqa74u60FN5el+A0rTj7ltxJo+GTUvf9
> l
> >
> +fVeYYc1HEKVqvWaJdM5eKCk5Z8kfVOx4drHdBJFjtowvhlkfxCuhSoyoW/aKk
> vCD
> >
> +u5KSXLEcGJU91r5teZ1Pe5IfaPUfzfQ3LR7j9uvyiqSNocXbDDpZAdy+qcELBLro
> >
> +AqmFzddIDfZgMCsFuuDH2J8jFDcECqe8tsglMeSaQaWDwu6J0/qlfK6mFCKkX
> 3M
> > D
> >
> +8ns8Ufd2KgrP7nE1HLz/P5vVsTPgtvwqyKuEic36HO4SjAe6k0ZQsz9zBb5nWG
> CQ
> > +BSzTthl8pPBu7tTyDvUCeV8sKIMeg8aSunw=
> > +-----END CERTIFICATE-----
> > --
> > 2.12.2.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel