OvmfPkg/EnrollDefaultKeys: extract MICROSOFT_VENDOR_GUID

The GUID

  77FA9ABD-0359-4D32-BD60-28F4E78F784B

is specified in MSDN, at
<https://msdn.microsoft.com/en-us/ie/dn932805(v=vs.94)>, therefore it
deserves an entry in the package DEC file, and a header file under
"Include/Guid".

(Arguably, this GUID declaration / definition could even live under
SecurityPkg, but the edk2 tradition has been to hoist GUIDs,
protocols/PPIs, and lib classes from OvmfPkg to a core package only when
dependent C code is added to the core package.)

Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>

OvmfPkg/EnrollDefaultKeys/AuthData.c

@@ -523,31 +523,3 @@ CONST UINT8 mSha256OfDevNull[] = {
 };
 
 CONST UINTN mSizeOfSha256OfDevNull = sizeof mSha256OfDevNull;
-
-
-//
-// The following test cases of the Secure Boot Logo Test in the Microsoft
-// Hardware Certification Kit:
-//
-// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent
-// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB
-//
-// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be
-// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the
-// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509
-// certificates:
-//
-// - "Microsoft Corporation KEK CA 2011" (in KEK)
-// - "Microsoft Windows Production PCA 2011" (in db)
-// - "Microsoft Corporation UEFI CA 2011" (in db)
-//
-// This is despite the fact that the UEFI specification requires
-// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS,
-// application or driver) that enrolled and therefore owns
-// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued
-// EFI_SIGNATURE_DATA.SignatureData.
-//
-CONST EFI_GUID mMicrosoftOwnerGuid = {
-  0x77fa9abd, 0x0359, 0x4d32,
-  { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },
-};

OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c

@@ -8,6 +8,7 @@
 #include <Guid/AuthenticatedVariableFormat.h>    // gEfiCustomModeEnableGuid
 #include <Guid/GlobalVariable.h>                 // EFI_SETUP_MODE_NAME
 #include <Guid/ImageAuthentication.h>            // EFI_IMAGE_SECURITY_DATABASE
+#include <Guid/MicrosoftVendor.h>                // gMicrosoftVendorGuid
 #include <Library/BaseMemoryLib.h>               // CopyGuid()
 #include <Library/DebugLib.h>                    // ASSERT()
 #include <Library/MemoryAllocationLib.h>         // FreePool()
@@ -315,8 +316,8 @@ ShellAppMain (
              EFI_IMAGE_SECURITY_DATABASE,
              &gEfiImageSecurityDatabaseGuid,
              &gEfiCertX509Guid,
-             mMicrosoftPca,    mSizeOfMicrosoftPca,    &mMicrosoftOwnerGuid,
-             mMicrosoftUefiCa, mSizeOfMicrosoftUefiCa, &mMicrosoftOwnerGuid,
+             mMicrosoftPca,    mSizeOfMicrosoftPca,    &gMicrosoftVendorGuid,
+             mMicrosoftUefiCa, mSizeOfMicrosoftUefiCa, &gMicrosoftVendorGuid,
              NULL);
   if (EFI_ERROR (Status)) {
     return 1;
@@ -337,7 +338,7 @@ ShellAppMain (
              &gEfiGlobalVariableGuid,
              &gEfiCertX509Guid,
              mRedHatPkKek1, mSizeOfRedHatPkKek1, &gEfiCallerIdGuid,
-             mMicrosoftKek, mSizeOfMicrosoftKek, &mMicrosoftOwnerGuid,
+             mMicrosoftKek, mSizeOfMicrosoftKek, &gMicrosoftVendorGuid,
              NULL);
   if (EFI_ERROR (Status)) {
     return 1;

OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h

@@ -138,6 +138,4 @@ extern CONST UINTN mSizeOfMicrosoftUefiCa;
 extern CONST UINT8 mSha256OfDevNull[];
 extern CONST UINTN mSizeOfSha256OfDevNull;
 
-extern CONST EFI_GUID mMicrosoftOwnerGuid;
-
 #endif /* ENROLL_DEFAULT_KEYS_H_ */

OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf

@@ -22,6 +22,7 @@
 [Packages]
   MdeModulePkg/MdeModulePkg.dec
   MdePkg/MdePkg.dec
+  OvmfPkg/OvmfPkg.dec
   SecurityPkg/SecurityPkg.dec
   ShellPkg/ShellPkg.dec
 
@@ -33,6 +34,7 @@
   gEfiGlobalVariableGuid
   gEfiImageSecurityDatabaseGuid
   gEfiSecureBootEnableDisableGuid
+  gMicrosoftVendorGuid
 
 [LibraryClasses]
   BaseMemoryLib