UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot

Main ChangeLogs includes: 1. Introduce the new GUID and structure definitions for certificate hash and timestamp support; 2. Update Image Verification Library to support DBT signature checking; 3. Update the related SecureBoot Configuration Pages; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
author: Qin Long <qin.long@intel.com> 2014-11-14 08:41:12 +0000
committer: qlong <qlong@Edk2> 2014-11-14 08:41:12 +0000
commit: 20333c6d566748d7c78c1b546ba8f37c6d253dea (patch)
tree: cdd1196a23f4b41bf0c732ea82b49a86b51ad6de /SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
parent: 2e70cf8ade0dd1e023274f7358c7c72cfd17460c (diff)
download: edk2-20333c6d566748d7c78c1b546ba8f37c6d253dea.zip
edk2-20333c6d566748d7c78c1b546ba8f37c6d253dea.tar.gz
edk2-20333c6d566748d7c78c1b546ba8f37c6d253dea.tar.bz2
1 files changed, 15 insertions, 12 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
index e6d21f5..ef400c4 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@@ -62,40 +62,40 @@
   ## SOMETIMES_CONSUMES      ## Variable:L"CustomMode"
   ## SOMETIMES_PRODUCES      ## Variable:L"CustomMode"
   gEfiCustomModeEnableGuid
-    
+
   ## SOMETIMES_CONSUMES      ## Variable:L"SecureBootEnable"
   ## SOMETIMES_PRODUCES      ## Variable:L"SecureBootEnable"
   gEfiSecureBootEnableDisableGuid
-  
+
   ## SOMETIMES_CONSUMES      ## GUID            # Unique ID for the type of the signature.
   ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.
   gEfiCertRsa2048Guid
-  
+
   ## SOMETIMES_CONSUMES      ## GUID            # Unique ID for the type of the signature.
-  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.                               
+  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.
   gEfiCertX509Guid
-  
+
   ## SOMETIMES_CONSUMES      ## GUID            # Unique ID for the type of the signature.
-  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.   
+  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.
   gEfiCertSha1Guid
-  
+
   ## SOMETIMES_CONSUMES      ## GUID            # Unique ID for the type of the signature.
-  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.   
+  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.
   gEfiCertSha256Guid
-  
+
   ## SOMETIMES_CONSUMES      ## Variable:L"db"
   ## SOMETIMES_PRODUCES      ## Variable:L"db"
   ## SOMETIMES_CONSUMES      ## Variable:L"dbx"
   ## SOMETIMES_PRODUCES      ## Variable:L"dbx"
   gEfiImageSecurityDatabaseGuid
-    
+
   ## SOMETIMES_CONSUMES      ## Variable:L"SetupMode"
   ## SOMETIMES_PRODUCES      ## Variable:L"PK"
   ## SOMETIMES_CONSUMES      ## Variable:L"KEK"
   ## SOMETIMES_PRODUCES      ## Variable:L"KEK"
   ## SOMETIMES_CONSUMES      ## Variable:L"SecureBoot"
   gEfiGlobalVariableGuid
-  
+
   gEfiIfrTianoGuid                              ## PRODUCES            ## GUID       # HII opcode
   ## PRODUCES                ## HII
   ## CONSUMES                ## HII
@@ -105,6 +105,10 @@
   gEfiFileSystemVolumeLabelInfoIdGuid           ## SOMETIMES_CONSUMES  ## GUID  # Indicate the information type
   gEfiFileInfoGuid                              ## SOMETIMES_CONSUMES  ## GUID  # Indicate the information type
 
+  gEfiCertX509Sha256Guid                        ## SOMETIMES_PRODUCES  ## GUID  # Unique ID for the type of the certificate.
+  gEfiCertX509Sha384Guid                        ## SOMETIMES_PRODUCES  ## GUID  # Unique ID for the type of the certificate.
+  gEfiCertX509Sha512Guid                        ## SOMETIMES_PRODUCES  ## GUID  # Unique ID for the type of the certificate.
+
 [Protocols]
   gEfiHiiConfigAccessProtocolGuid               ## PRODUCES
   gEfiDevicePathProtocolGuid                    ## PRODUCES
@@ -119,4 +123,3 @@
 
 [UserExtensions.TianoCore."ExtraFiles"]
   SecureBootConfigDxeExtra.uni
-  
-\ No newline at end of file
author	Qin Long <qin.long@intel.com>	2014-11-14 08:41:12 +0000
committer	qlong <qlong@Edk2>	2014-11-14 08:41:12 +0000
commit	20333c6d566748d7c78c1b546ba8f37c6d253dea (patch)
tree	cdd1196a23f4b41bf0c732ea82b49a86b51ad6de /SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
parent	2e70cf8ade0dd1e023274f7358c7c72cfd17460c (diff)
download	edk2-20333c6d566748d7c78c1b546ba8f37c6d253dea.zip edk2-20333c6d566748d7c78c1b546ba8f37c6d253dea.tar.gz edk2-20333c6d566748d7c78c1b546ba8f37c6d253dea.tar.bz2