Reviewed-by: Jiewen Yao
Merged https://github.com/tianocore/edk2/pull/4798
> -Original Message-
> From: Sheng, W
> Sent: Thursday, September 7, 2023 9:57 AM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J ;
> Xu, Min M ; Chen, Zeyi ; Wang,
> Fiona ; Lu, Xiaoyu1 ; Jiang,
> Guomin ; Kinney, Michael D
>
> Subject: [PATCH V9 0/2] Support RSA4096 and RSA3072
>
> Patch V9:
> Refine coding format for file AuthService.c
>
> Patch V8:
> Update the patch comments for CryptoPkg.
> Comment should be <76 characters in each line.
> Refine coding format.
>
> Patch V7:
> Drop raw RSA3072 and RSA4096. Only use gEfiCertX509Guid for RSA3072 and
> RSA4096
> Do the positive tests and the negative tests below. And got all the expected
> results.
>
> Patch V6:
> Remove the changes in MdePkg.
> The changes of patch v6 are in CryptoPkg and SecurityPkg.
> Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK.
> This signature type is used to check the supported signature and show the
> strings.
>
> Patch V5:
> Using define KEY_TYPE_RSASSA to replace the magic number.
>
> Patch V4:
> Determine the RSA algorithm by a supported algorithm list.
>
> Patch V3:
> Select SHA algorithm automaticly for a unsigned efi image.
>
> Patch V2:
> Determine the SHA algorithm by a supported algorithm list.
> Create SHA context for each algorithm.
>
> Test Case:
> 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under UEFI
> shell.
> 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under UEFI
> shell.
> 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under UEFI
> shell.
> 4. Enroll an unsigned efi image, execute the unsigned efi image under UEFI
> shell
>
> Test Result:
> Pass
>
> Negative Test Case:
> 1) Enroll a RSA2048 Cert, execute an unsigned efi image.
> 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image.
> 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image.
> 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 signed efi
> image.
>
> Test Result:
> Get "Access Denied" when try to execute the efi image.
>
> Cc: Jiewen Yao
> Cc: Jian J Wang
> Cc: Min Xu
> Cc: Zeyi Chen
> Cc: Fiona Wang
> Cc: Xiaoyu Lu
> Cc: Guomin Jiang
> Cc: Michael D Kinney
>
> Sheng Wei (2):
> CryptoPkg/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify
> SecurityPkg/SecureBoot: Support RSA4096 and RSA3072
>
> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +-
> .../Library/AuthVariableLib/AuthService.c | 225 +++---
> .../AuthVariableLib/AuthServiceInternal.h | 4 +-
> .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
> .../DxeImageVerificationLib.c | 74 +++---
> .../SecureBootConfigDxe.inf | 8 +
> .../SecureBootConfigImpl.c| 52 +++-
> .../SecureBootConfigImpl.h| 7 +
> .../SecureBootConfigStrings.uni | 2 +
> 9 files changed, 331 insertions(+), 86 deletions(-)
>
> --
> 2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108360): https://edk2.groups.io/g/devel/message/108360
Mute This Topic: https://groups.io/mt/101207366/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-