Hi,
The BaseCryptLib has wrapped some helper functions for PKCS#7 signedData. You
can try the following approach to obtain the subject name of image signer:
-> Locate the Authenticode signature from the signed image (based on security
table info in PE headers);
-> Use Pkcs7GetSigners() to get the signer’s certificate from the signedData;
-> Use X509GetSubjectName() to retrieve the name string from the signer’s X509
certificate;
The subject names (e.g. XYZ company name and ABC company name) could be used to
distinguish a particular image here.
Best Regards & Thanks,
LONG, Qin
From: Neeraj Ladkani [mailto:neeraj.ladk...@gmail.com]
Sent: Saturday, May 16, 2015 3:11 PM
To: edk2-devel@lists.sourceforge.net
Subject: [edk2] Authenticate an UEFI Image ?
Hello,
We have two
UEFI i
mages in our partition, the goal is to find a particular image from two ( names
could change, size could change , location could change ) and start it.
all we know is one image is signed using a certificate issued by XYZ company
and second image is signed using a certificate issued by ABC company.
how can we authenticate the image to determine who signed this image? ( we are
in BDS phase)
Is there any "clean way" to authenticate an UEFI image to see if its signed by
a certificate issued by XYZ company? We have done the implementation but its
not straight fwd and required many core file changes. looking for a cleaner
solution from platform package ( existing protocol or service that we could
use?)
Thanks in advance
Thanks
Neeraj
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel