riscv-gnu-toolchain/qemu/roms/edk2.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Jiaqi Gao <jiaqi.gao@intel.com>	2021-04-26 12:31:15 +0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2021-04-26 16:24:32 +0000
commit	5396354b868bd6652600a654bba7df16701ac1cb (patch)
tree	adbd75ce839b10914da913b3db02f5635276d3d3 /BaseTools/BuildEnv
parent	f2f4c6be2dba3f8e97ac544b9c3da71e9f81b294 (diff)
download	edk2-5396354b868bd6652600a654bba7df16701ac1cb.zip edk2-5396354b868bd6652600a654bba7df16701ac1cb.tar.gz edk2-5396354b868bd6652600a654bba7df16701ac1cb.tar.bz2

SecurityPkg: Add constraints on PK strength

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3293 Add constraints on the key strength of enrolled platform key(PK), which must be greater than or equal to 2048 bit. PK key strength is required by Intel SDL and MSFT, etc. This limitation prevents user from using weak keys as PK. The original code to check the certificate file type is placed in a new function CheckX509Certificate(), which checks if the X.509 certificate meets the requirements of encode type, RSA-Key strengh, etc. Cc: Min Xu <min.m.xu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com> Reviewed-by: Min Xu <min.m.xu@intel.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>

Diffstat (limited to 'BaseTools/BuildEnv')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: