diff options
Diffstat (limited to 'OvmfPkg/EnrollDefaultKeys')
-rw-r--r-- | OvmfPkg/EnrollDefaultKeys/AuthData.c | 28 | ||||
-rw-r--r-- | OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 7 | ||||
-rw-r--r-- | OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h | 2 | ||||
-rw-r--r-- | OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 2 |
4 files changed, 6 insertions, 33 deletions
diff --git a/OvmfPkg/EnrollDefaultKeys/AuthData.c b/OvmfPkg/EnrollDefaultKeys/AuthData.c index e0a543785f..9a96dcc440 100644 --- a/OvmfPkg/EnrollDefaultKeys/AuthData.c +++ b/OvmfPkg/EnrollDefaultKeys/AuthData.c @@ -523,31 +523,3 @@ CONST UINT8 mSha256OfDevNull[] = { };
CONST UINTN mSizeOfSha256OfDevNull = sizeof mSha256OfDevNull;
-
-
-//
-// The following test cases of the Secure Boot Logo Test in the Microsoft
-// Hardware Certification Kit:
-//
-// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent
-// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB
-//
-// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be
-// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the
-// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509
-// certificates:
-//
-// - "Microsoft Corporation KEK CA 2011" (in KEK)
-// - "Microsoft Windows Production PCA 2011" (in db)
-// - "Microsoft Corporation UEFI CA 2011" (in db)
-//
-// This is despite the fact that the UEFI specification requires
-// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS,
-// application or driver) that enrolled and therefore owns
-// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued
-// EFI_SIGNATURE_DATA.SignatureData.
-//
-CONST EFI_GUID mMicrosoftOwnerGuid = {
- 0x77fa9abd, 0x0359, 0x4d32,
- { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },
-};
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c index 528718b15a..e4f6a50e00 100644 --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c @@ -8,6 +8,7 @@ #include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
+#include <Guid/MicrosoftVendor.h> // gMicrosoftVendorGuid
#include <Library/BaseMemoryLib.h> // CopyGuid()
#include <Library/DebugLib.h> // ASSERT()
#include <Library/MemoryAllocationLib.h> // FreePool()
@@ -315,8 +316,8 @@ ShellAppMain ( EFI_IMAGE_SECURITY_DATABASE,
&gEfiImageSecurityDatabaseGuid,
&gEfiCertX509Guid,
- mMicrosoftPca, mSizeOfMicrosoftPca, &mMicrosoftOwnerGuid,
- mMicrosoftUefiCa, mSizeOfMicrosoftUefiCa, &mMicrosoftOwnerGuid,
+ mMicrosoftPca, mSizeOfMicrosoftPca, &gMicrosoftVendorGuid,
+ mMicrosoftUefiCa, mSizeOfMicrosoftUefiCa, &gMicrosoftVendorGuid,
NULL);
if (EFI_ERROR (Status)) {
return 1;
@@ -337,7 +338,7 @@ ShellAppMain ( &gEfiGlobalVariableGuid,
&gEfiCertX509Guid,
mRedHatPkKek1, mSizeOfRedHatPkKek1, &gEfiCallerIdGuid,
- mMicrosoftKek, mSizeOfMicrosoftKek, &mMicrosoftOwnerGuid,
+ mMicrosoftKek, mSizeOfMicrosoftKek, &gMicrosoftVendorGuid,
NULL);
if (EFI_ERROR (Status)) {
return 1;
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h index 07f4aa04e4..e3a7e43da4 100644 --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h @@ -138,6 +138,4 @@ extern CONST UINTN mSizeOfMicrosoftUefiCa; extern CONST UINT8 mSha256OfDevNull[];
extern CONST UINTN mSizeOfSha256OfDevNull;
-extern CONST EFI_GUID mMicrosoftOwnerGuid;
-
#endif /* ENROLL_DEFAULT_KEYS_H_ */
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf index 3f093c7685..28db52586a 100644 --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf @@ -22,6 +22,7 @@ [Packages]
MdeModulePkg/MdeModulePkg.dec
MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec
ShellPkg/ShellPkg.dec
@@ -33,6 +34,7 @@ gEfiGlobalVariableGuid
gEfiImageSecurityDatabaseGuid
gEfiSecureBootEnableDisableGuid
+ gMicrosoftVendorGuid
[LibraryClasses]
BaseMemoryLib
|