BaseTools/Capsule: Support Different Hash Algorithm for Payload Digest

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4821

- The capsule payload digest got hardcoded inside the GenerateCapsule
  script as "sha256".

- It would be hard for the caller to change the supported hash algorithm
  which supported on OpenSSL or Windows signtool program and platform.

- Capsule payload digest signed data is followed by the PKCS#7 standard,
  in EDK-II CryptoPkg "Pkcs7Verify ()" is supported to validate with
  several hash algorithms naturally.
  (md5, sha1, sha256, sha384, and sha512)

- Deliver below changes within this patch,
  (1) Introduce an optional argument "--hash-algorithm" to assign
      the caller expected one and leave the default value "sha256"
      to support the backward compatibility.

  (2) Add the double quotes to put the string of certificate's
      subject name inside it.

  (3) Set "Open" argument of "SignToolSubjectName" into "False".

  (4) Set "Convert" argument of "SignToolSubjectName: into "str".

  (5) Correct the actual name of the "--subject-name" flag.

  (6) Add back correct number of arguments for PayloadDescriptor
      class object initializing.

Note:
- Platform needs to support the correspond hash algorithm to validate
  the digital signature or the failure would be observed.

- Set the md5 and sha1 algorithm as EOL based on the CryptoPkg supported
  table and reject the capsule creation.

Signed-off-by: Jason1 Lin <jason1.lin@intel.com>

0 files changed, 0 insertions, 0 deletions