回复: [edk2-devel] [PATCH v2 1/2] MdePkg: Add UEFI 2.10 DeviceAuthentication

Thu, 21 Mar 2024 21:45:48 -0700 

Wenxing:

> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Wenxing Hou
> 发送时间: 2024年3月6日 11:24
> 收件人: devel@edk2.groups.io
> 抄送: Michael D Kinney <michael.d.kin...@intel.com>; Liming Gao
> <gaolim...@byosoft.com.cn>; Zhiguang Liu <zhiguang....@intel.com>; Jiewen
> Yao <jiewen....@intel.com>
> 主题: [edk2-devel] [PATCH v2 1/2] MdePkg: Add UEFI 2.10
> DeviceAuthentication
> 
> According to UEFI 2.10 spec
> 32.8.2 UEFI Device Signature Variable GUID and Variable Name section,
> add signature database for device authentication.
> 
> Cc: Michael D Kinney <michael.d.kin...@intel.com>
> Cc: Liming Gao <gaolim...@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang....@intel.com>
> Cc: Jiewen Yao <jiewen....@intel.com>
> Signed-off-by: Wenxing Hou <wenxing....@intel.com>
> ---
>  MdePkg/Include/Guid/DeviceAuthentication.h | 61
> ++++++++++++++++++++++
>  1 file changed, 61 insertions(+)
>  create mode 100644 MdePkg/Include/Guid/DeviceAuthentication.h
> 
> diff --git a/MdePkg/Include/Guid/DeviceAuthentication.h
> b/MdePkg/Include/Guid/DeviceAuthentication.h
> new file mode 100644
> index 0000000000..65dea4273d
> --- /dev/null
> +++ b/MdePkg/Include/Guid/DeviceAuthentication.h
> @@ -0,0 +1,61 @@
> +/** @file
> 
> +  Guid & data structure used for Device Security.
> 
> +
> 
> +  Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
> 
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +
> 
> +**/
> 
> +
> 
> +#ifndef EDKII_DEVICE_AUTHENTICATION_GUID_H_
> 
Here can use EFI_ prefix, because this definition is from UEFI spec. 

Thanks
Liming
> +#define EDKII_DEVICE_AUTHENTICATION_GUID_H_
> 
> +
> 
> +/**
> 
> +  This is a signature database for device authentication, instead of
image
> authentication.
> 
> +
> 
> +  The content of the signature database is same as the one in db/dbx. (a
list
> of EFI_SIGNATURE_LIST)
> 
> +**/
> 
> +#define EFI_DEVICE_SIGNATURE_DATABASE_GUID \
> 
> +  {0xb9c2b4f4, 0xbf5f, 0x462d, 0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d,
0xad}
> 
> +#define EFI_DEVICE_SECURITY_DATABASE  L"devdb"
> 
> +
> 
> +extern EFI_GUID  gEfiDeviceSignatureDatabaseGuid;
> 
> +
> 
> +/**
> 
> +  Signature Database:
> 
> +
> 
> +  +---------------------------------------+ <-----------------
> 
> +  | SignatureType (GUID)                  |                  |
> 
> +  +---------------------------------------+                  |
> 
> +  | SignatureListSize (UINT32)            |                  |
> 
> +  +---------------------------------------+                  |
> 
> +  | SignatureHeaderSize (UINT32)          |                  |
> 
> +  +---------------------------------------+                  |
> 
> +  | SignatureSize (UINT32)                |
> |-EFI_SIGNATURE_LIST (1)
> 
> +  +---------------------------------------+                  |
> 
> +  | SignatureHeader (SignatureHeaderSize) |                  |
> 
> +  +---------------------------------------+ <--              |
> 
> +  | SignatureOwner (GUID)                 |   |              |
> 
> +  +---------------------------------------+   |-EFI_SIGNATURE_DATA (1)
> 
> +  | SignatureData (SignatureSize - 16)    |   |              |
> 
> +  +---------------------------------------+ <--              |
> 
> +  | SignatureOwner (GUID)                 |   |              |
> 
> +  +---------------------------------------+   |-EFI_SIGNATURE_DATA (n)
> 
> +  | SignatureData (SignatureSize - 16)    |   |              |
> 
> +  +---------------------------------------+ <-----------------
> 
> +  | SignatureType (GUID)                  |                  |
> 
> +  +---------------------------------------+                  |
> 
> +  | SignatureListSize (UINT32)            |
> |-EFI_SIGNATURE_LIST (n)
> 
> +  +---------------------------------------+                  |
> 
> +  | ...                                   |                  |
> 
> +  +---------------------------------------+ <-----------------
> 
> +
> 
> +  SignatureType := EFI_CERT_SHAxxx_GUID |
> 
> +                   EFI_CERT_RSA2048_GUID |
> 
> +                   EFI_CERT_RSA2048_SHAxxx_GUID |
> 
> +                   EFI_CERT_X509_GUID |
> 
> +                   EFI_CERT_X509_SHAxxx_GUID
> 
> +  (xxx = 256, 384, 512)
> 
> +
> 
> +**/
> 
> +
> 
> +#endif
> 
> --
> 2.26.2.windows.1
> 
> 
> 
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#116415):
> https://edk2.groups.io/g/devel/message/116415
> Mute This Topic: https://groups.io/mt/104760005/4905953
> Group Owner: devel+ow...@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaolim...@byosoft.com.cn]
> -=-=-=-=-=-=
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117025): https://edk2.groups.io/g/devel/message/117025
Mute This Topic: https://groups.io/mt/105079881/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to