Re: [edk2] Authenticate an UEFI Image ?

Tue, 19 May 2015 09:40:06 -0700 

Hi,

The BaseCryptLib has wrapped some helper functions for PKCS#7 signedData. You 
can try the following approach to obtain the subject name of image signer:
-> Locate the Authenticode signature from the signed image (based on security 
table info in PE headers);
-> Use Pkcs7GetSigners() to get the signer’s certificate from the signedData;
-> Use X509GetSubjectName() to retrieve the name string from the signer’s X509 
certificate;

The subject names (e.g. XYZ company name and ABC company name) could be used to 
distinguish a particular image here.


Best Regards & Thanks,
LONG, Qin

From: Neeraj Ladkani [mailto:neeraj.ladk...@gmail.com]
Sent: Saturday, May 16, 2015 3:11 PM
To: edk2-devel@lists.sourceforge.net
Subject: [edk2] Authenticate an UEFI Image ?

Hello,

​We have two
​UEFI i
mages in our partition, the goal is to find a particular image from two ( names 
could change, size could change , location could change ) and start it.

all we know is one image is signed using a certificate issued by XYZ company 
and second image is signed using a certificate issued by ABC company.

​how can we authenticate the image to determine who signed this image? ( we are 
in BDS phase)

Is there any "clean way" to authenticate an UEFI image to see if its signed by 
a certificate issued by XYZ company? We have done the implementation but its 
not straight fwd and required many core file changes. looking for a cleaner 
solution from platform package ( existing protocol or service that we could 
use?)

Thanks in advance

Thanks
Neeraj




------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to