UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot

Main ChangeLogs includes: 1. Introduce the new GUID and structure definitions for certificate hash and timestamp support; 2. Update Image Verification Library to support DBT signature checking; 3. Update the related SecureBoot Configuration Pages; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-14 08:41:12 +00:00
parent 2e70cf8ade
commit 20333c6d56
14 changed files with 1972 additions and 588 deletions
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@@ -62,40 +62,40 @@
  ## SOMETIMES_CONSUMES      ## Variable:L"CustomMode"
  ## SOMETIMES_PRODUCES      ## Variable:L"CustomMode"
  gEfiCustomModeEnableGuid
-    
+
  ## SOMETIMES_CONSUMES      ## Variable:L"SecureBootEnable"
  ## SOMETIMES_PRODUCES      ## Variable:L"SecureBootEnable"
  gEfiSecureBootEnableDisableGuid
-  
+
  ## SOMETIMES_CONSUMES      ## GUID            # Unique ID for the type of the signature.
  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.
  gEfiCertRsa2048Guid
-  
+
  ## SOMETIMES_CONSUMES      ## GUID            # Unique ID for the type of the signature.
-  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.                               
+  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.
  gEfiCertX509Guid
-  
+
  ## SOMETIMES_CONSUMES      ## GUID            # Unique ID for the type of the signature.
-  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.   
+  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.
  gEfiCertSha1Guid
-  
+
  ## SOMETIMES_CONSUMES      ## GUID            # Unique ID for the type of the signature.
-  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.   
+  ## SOMETIMES_PRODUCES      ## GUID            # Unique ID for the type of the signature.
  gEfiCertSha256Guid
-  
+
  ## SOMETIMES_CONSUMES      ## Variable:L"db"
  ## SOMETIMES_PRODUCES      ## Variable:L"db"
  ## SOMETIMES_CONSUMES      ## Variable:L"dbx"
  ## SOMETIMES_PRODUCES      ## Variable:L"dbx"
  gEfiImageSecurityDatabaseGuid
-    
+
  ## SOMETIMES_CONSUMES      ## Variable:L"SetupMode"
  ## SOMETIMES_PRODUCES      ## Variable:L"PK"
  ## SOMETIMES_CONSUMES      ## Variable:L"KEK"
  ## SOMETIMES_PRODUCES      ## Variable:L"KEK"
  ## SOMETIMES_CONSUMES      ## Variable:L"SecureBoot"
  gEfiGlobalVariableGuid
-  
+
  gEfiIfrTianoGuid                              ## PRODUCES            ## GUID       # HII opcode
  ## PRODUCES                ## HII
  ## CONSUMES                ## HII
@@ -105,6 +105,10 @@
  gEfiFileSystemVolumeLabelInfoIdGuid           ## SOMETIMES_CONSUMES  ## GUID  # Indicate the information type
  gEfiFileInfoGuid                              ## SOMETIMES_CONSUMES  ## GUID  # Indicate the information type

+  gEfiCertX509Sha256Guid                        ## SOMETIMES_PRODUCES  ## GUID  # Unique ID for the type of the certificate.
+  gEfiCertX509Sha384Guid                        ## SOMETIMES_PRODUCES  ## GUID  # Unique ID for the type of the certificate.
+  gEfiCertX509Sha512Guid                        ## SOMETIMES_PRODUCES  ## GUID  # Unique ID for the type of the certificate.
+
 [Protocols]
  gEfiHiiConfigAccessProtocolGuid               ## PRODUCES
  gEfiDevicePathProtocolGuid                    ## PRODUCES
@@ -119,4 +123,3 @@

 [UserExtensions.TianoCore."ExtraFiles"]
  SecureBootConfigDxeExtra.uni
-