The tianocore implementation is currently incomplete, it does VerifyBuffer but not VerifySignature. We have a use for VerifySignature in some Linux projects because we currently roll our own openssl implementations for verifying authenticode signatures, but we'd like to drop all of our internal ssl code in favour of a platform provided interface. The first step to doing this is to use Tianocore to demonstrate viability. I'm currently building my OVMF package with this patch:
https://build.opensuse.org/package/show/home:jejb1:UEFI/OVMF So I can experiment with a version of efitools that's using the VerifySignature function to perform all of the code signing verifications: http://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git/ Since we can now use pkcs7verifyDxe to load this protocol, we'd really like it to become an official part of tianocore so we can install it even on EFI versions that don't have it natively, meaning that we can ship it along with our shim/preloader systems without having to carry our own separate version of openssl. James _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
