diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2019-04-25 21:49:38 +0200 |
|---|---|---|
| committer | Laszlo Ersek <lersek@redhat.com> | 2019-04-30 14:26:40 +0200 |
| commit | 7eeaa7585a98dafbc1523423f77185b4dd031393 (patch) | |
| tree | 5ee234f974c30fb761d62de605791f25cd8d67f7 /OvmfPkg/EnrollDefaultKeys | |
| parent | a79b115adeab638feeedde2f3d3dcb141e4b445b (diff) | |
| download | edk2-7eeaa7585a98dafbc1523423f77185b4dd031393.tar.gz edk2-7eeaa7585a98dafbc1523423f77185b4dd031393.tar.bz2 edk2-7eeaa7585a98dafbc1523423f77185b4dd031393.zip | |
OvmfPkg/EnrollDefaultKeys: extract MICROSOFT_VENDOR_GUID
The GUID
77FA9ABD-0359-4D32-BD60-28F4E78F784B
is specified in MSDN, at
<https://msdn.microsoft.com/en-us/ie/dn932805(v=vs.94)>, therefore it
deserves an entry in the package DEC file, and a header file under
"Include/Guid".
(Arguably, this GUID declaration / definition could even live under
SecurityPkg, but the edk2 tradition has been to hoist GUIDs,
protocols/PPIs, and lib classes from OvmfPkg to a core package only when
dependent C code is added to the core package.)
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
Diffstat (limited to 'OvmfPkg/EnrollDefaultKeys')
| -rw-r--r-- | OvmfPkg/EnrollDefaultKeys/AuthData.c | 28 | ||||
| -rw-r--r-- | OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 7 | ||||
| -rw-r--r-- | OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h | 2 | ||||
| -rw-r--r-- | OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 2 |
4 files changed, 6 insertions, 33 deletions
diff --git a/OvmfPkg/EnrollDefaultKeys/AuthData.c b/OvmfPkg/EnrollDefaultKeys/AuthData.c index e0a543785f..9a96dcc440 100644 --- a/OvmfPkg/EnrollDefaultKeys/AuthData.c +++ b/OvmfPkg/EnrollDefaultKeys/AuthData.c @@ -523,31 +523,3 @@ CONST UINT8 mSha256OfDevNull[] = { };
CONST UINTN mSizeOfSha256OfDevNull = sizeof mSha256OfDevNull;
-
-
-//
-// The following test cases of the Secure Boot Logo Test in the Microsoft
-// Hardware Certification Kit:
-//
-// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent
-// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB
-//
-// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be
-// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the
-// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509
-// certificates:
-//
-// - "Microsoft Corporation KEK CA 2011" (in KEK)
-// - "Microsoft Windows Production PCA 2011" (in db)
-// - "Microsoft Corporation UEFI CA 2011" (in db)
-//
-// This is despite the fact that the UEFI specification requires
-// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS,
-// application or driver) that enrolled and therefore owns
-// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued
-// EFI_SIGNATURE_DATA.SignatureData.
-//
-CONST EFI_GUID mMicrosoftOwnerGuid = {
- 0x77fa9abd, 0x0359, 0x4d32,
- { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },
-};
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c index 528718b15a..e4f6a50e00 100644 --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c @@ -8,6 +8,7 @@ #include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
+#include <Guid/MicrosoftVendor.h> // gMicrosoftVendorGuid
#include <Library/BaseMemoryLib.h> // CopyGuid()
#include <Library/DebugLib.h> // ASSERT()
#include <Library/MemoryAllocationLib.h> // FreePool()
@@ -315,8 +316,8 @@ ShellAppMain ( EFI_IMAGE_SECURITY_DATABASE,
&gEfiImageSecurityDatabaseGuid,
&gEfiCertX509Guid,
- mMicrosoftPca, mSizeOfMicrosoftPca, &mMicrosoftOwnerGuid,
- mMicrosoftUefiCa, mSizeOfMicrosoftUefiCa, &mMicrosoftOwnerGuid,
+ mMicrosoftPca, mSizeOfMicrosoftPca, &gMicrosoftVendorGuid,
+ mMicrosoftUefiCa, mSizeOfMicrosoftUefiCa, &gMicrosoftVendorGuid,
NULL);
if (EFI_ERROR (Status)) {
return 1;
@@ -337,7 +338,7 @@ ShellAppMain ( &gEfiGlobalVariableGuid,
&gEfiCertX509Guid,
mRedHatPkKek1, mSizeOfRedHatPkKek1, &gEfiCallerIdGuid,
- mMicrosoftKek, mSizeOfMicrosoftKek, &mMicrosoftOwnerGuid,
+ mMicrosoftKek, mSizeOfMicrosoftKek, &gMicrosoftVendorGuid,
NULL);
if (EFI_ERROR (Status)) {
return 1;
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h index 07f4aa04e4..e3a7e43da4 100644 --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h @@ -138,6 +138,4 @@ extern CONST UINTN mSizeOfMicrosoftUefiCa; extern CONST UINT8 mSha256OfDevNull[];
extern CONST UINTN mSizeOfSha256OfDevNull;
-extern CONST EFI_GUID mMicrosoftOwnerGuid;
-
#endif /* ENROLL_DEFAULT_KEYS_H_ */
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf index 3f093c7685..28db52586a 100644 --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf @@ -22,6 +22,7 @@ [Packages]
MdeModulePkg/MdeModulePkg.dec
MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec
ShellPkg/ShellPkg.dec
@@ -33,6 +34,7 @@ gEfiGlobalVariableGuid
gEfiImageSecurityDatabaseGuid
gEfiSecureBootEnableDisableGuid
+ gMicrosoftVendorGuid
[LibraryClasses]
BaseMemoryLib
|