Pkcs7Sign, Rsa2048Sha256Sign and Rsa2048Sha256GenerateKeys doesn't work
on Linux. It needs to be changed with shell=True.
Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=423
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
We add this binary data file for TestRoot.cer.
So that a platform may include this default file in FDF,
to check if the platform is using default test key,
or different production key.
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
The WIN_CERTIFICATE_UEFI_GUID AuthInfo defined in the UEFI spec
mentioned that It is a signature across the image data and the
Monotonic Count value. After clarification, we do the signature
calculation, we put MonotonicCount after Payload.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Jiewen Yao <jiewen.yao@intel.com>
Provide the PKCS7 Tool to support the CertType - EFI_CERT_TYPE_PKCS7_GUID,
then user can use this tool to add EFI_FIRMWARE_IMAGE_AUTHENTICATION
for a binary.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
