diff options
9 files changed, 47 insertions, 1502 deletions
diff --git a/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch deleted file mode 100644 index 342fcc6231..0000000000 --- a/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch +++ /dev/null | |||
@@ -1,71 +0,0 @@ | |||
1 | From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001 | ||
2 | From: Laszlo Ersek <lersek@redhat.com> | ||
3 | Date: Fri, 2 Mar 2018 17:11:52 +0100 | ||
4 | Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation" | ||
5 | |||
6 | gcc-8 (which is part of Fedora 28) enables the new warning | ||
7 | "-Wstringop-truncation" in "-Wall". This warning is documented in detail | ||
8 | at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the | ||
9 | introduction says | ||
10 | |||
11 | > Warn for calls to bounded string manipulation functions such as strncat, | ||
12 | > strncpy, and stpncpy that may either truncate the copied string or leave | ||
13 | > the destination unchanged. | ||
14 | |||
15 | It breaks the BaseTools build with: | ||
16 | |||
17 | > EfiUtilityMsgs.c: In function 'PrintMessage': | ||
18 | > EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying | ||
19 | > between 0 and 511 bytes from a string of length 511 | ||
20 | > [-Werror=stringop-truncation] | ||
21 | > strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); | ||
22 | > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
23 | > EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying | ||
24 | > between 0 and 511 bytes from a string of length 511 | ||
25 | > [-Werror=stringop-truncation] | ||
26 | > strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); | ||
27 | > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
28 | > EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying | ||
29 | > between 0 and 511 bytes from a string of length 511 | ||
30 | > [-Werror=stringop-truncation] | ||
31 | > strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); | ||
32 | > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
33 | |||
34 | The right way to fix the warning would be to implement string concat with | ||
35 | snprintf(). However, Microsoft does not appear to support snprintf() | ||
36 | before VS2015 | ||
37 | <https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>, | ||
38 | so we just have to shut up the warning. The strncat() calls flagged above | ||
39 | are valid BTW. | ||
40 | |||
41 | Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> | ||
42 | Cc: Cole Robinson <crobinso@redhat.com> | ||
43 | Cc: Liming Gao <liming.gao@intel.com> | ||
44 | Cc: Paolo Bonzini <pbonzini@redhat.com> | ||
45 | Cc: Yonghong Zhu <yonghong.zhu@intel.com> | ||
46 | Contributed-under: TianoCore Contribution Agreement 1.1 | ||
47 | Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||
48 | Reviewed-by: Liming Gao <liming.gao@intel.com> | ||
49 | --- | ||
50 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
51 | Upstream-Status: Backport | ||
52 | |||
53 | BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- | ||
54 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
55 | |||
56 | Index: git/BaseTools/Source/C/Makefiles/header.makefile | ||
57 | =================================================================== | ||
58 | --- git.orig/BaseTools/Source/C/Makefiles/header.makefile | ||
59 | +++ git/BaseTools/Source/C/Makefiles/header.makefile | ||
60 | @@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) | ||
61 | BUILD_CPPFLAGS += $(INCLUDE) -O2 | ||
62 | ifeq ($(DARWIN),Darwin) | ||
63 | # assume clang or clang compatible flags on OS X | ||
64 | -BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g | ||
65 | +BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g | ||
66 | else | ||
67 | -BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g | ||
68 | +BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g | ||
69 | endif | ||
70 | BUILD_LFLAGS = $(LDFLAGS) | ||
71 | BUILD_CXXFLAGS += -Wno-unused-result | ||
diff --git a/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch b/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch deleted file mode 100644 index 5bb418b954..0000000000 --- a/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | From f65e9cc025278387b494c2383c5d9ff3bed98687 Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Sun, 11 Jun 2017 00:47:24 -0700 | ||
4 | Subject: [PATCH] ia32: Dont use -pie | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | |||
8 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
9 | --- | ||
10 | BaseTools/Conf/tools_def.template | 4 ++-- | ||
11 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
12 | |||
13 | Index: git/BaseTools/Conf/tools_def.template | ||
14 | =================================================================== | ||
15 | --- git.orig/BaseTools/Conf/tools_def.template | ||
16 | +++ git/BaseTools/Conf/tools_def.template | ||
17 | @@ -4336,7 +4336,7 @@ RELEASE_*_*_OBJCOPY_ADDDEBUGFLAG = | ||
18 | NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_NAME).debug | ||
19 | |||
20 | DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common | ||
21 | -DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe | ||
22 | +DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe -fno-PIE -no-pie | ||
23 | DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-address -mno-stack-arg-probe | ||
24 | DEFINE GCC_IPF_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency | ||
25 | DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -mfloat-abi=soft -fno-pic -fno-pie | ||
26 | @@ -4369,9 +4369,9 @@ DEFINE GCC_ARM_RC_FLAGS = -I | ||
27 | DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii | ||
28 | |||
29 | DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings | ||
30 | -DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables | ||
31 | +DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie | ||
32 | DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables | ||
33 | -DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 | ||
34 | +DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie | ||
35 | DEFINE GCC44_IA32_X64_ASLDLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable | ||
36 | DEFINE GCC44_IA32_X64_DLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map | ||
37 | DEFINE GCC44_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON) | ||
38 | @@ -4451,7 +4451,7 @@ DEFINE GCC48_AARCH64_ASLDLINK_FLAGS = D | ||
39 | |||
40 | DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) | ||
41 | DEFINE GCC49_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) | ||
42 | -DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 | ||
43 | +DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 -no-pie | ||
44 | DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable | ||
45 | DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map | ||
46 | DEFINE GCC49_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS) | ||
diff --git a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch deleted file mode 100644 index a076665c33..0000000000 --- a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch +++ /dev/null | |||
@@ -1,102 +0,0 @@ | |||
1 | From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001 | ||
2 | From: Laszlo Ersek <lersek@redhat.com> | ||
3 | Date: Fri, 2 Mar 2018 17:11:52 +0100 | ||
4 | Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict" | ||
5 | |||
6 | gcc-8 (which is part of Fedora 28) enables the new warning | ||
7 | "-Wrestrict" in "-Wall". This warning is documented in detail | ||
8 | at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the | ||
9 | introduction says | ||
10 | |||
11 | > Warn when an object referenced by a restrict-qualified parameter (or, in | ||
12 | > C++, a __restrict-qualified parameter) is aliased by another argument, | ||
13 | > or when copies between such objects overlap. | ||
14 | |||
15 | It breaks the BaseTools build (in the Brotli compression library) with: | ||
16 | |||
17 | > In function 'ProcessCommandsInternal', | ||
18 | > inlined from 'ProcessCommands' at dec/decode.c:1828:10: | ||
19 | > dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 | ||
20 | > bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at | ||
21 | > offset 16 [-Werror=restrict] | ||
22 | > memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); | ||
23 | > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
24 | > In function 'ProcessCommandsInternal', | ||
25 | > inlined from 'SafeProcessCommands' at dec/decode.c:1833:10: | ||
26 | > dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 | ||
27 | > bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at | ||
28 | > offset 16 [-Werror=restrict] | ||
29 | > memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); | ||
30 | > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
31 | |||
32 | Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail, | ||
33 | and concluded that the warning is a false positive: | ||
34 | |||
35 | > This seems safe to me, because it's preceded by: | ||
36 | > | ||
37 | > uint8_t* copy_dst = &s->ringbuffer[pos]; | ||
38 | > uint8_t* copy_src = &s->ringbuffer[src_start]; | ||
39 | > int dst_end = pos + i; | ||
40 | > int src_end = src_start + i; | ||
41 | > if (src_end > pos && dst_end > src_start) { | ||
42 | > /* Regions intersect. */ | ||
43 | > goto CommandPostWrapCopy; | ||
44 | > } | ||
45 | > | ||
46 | > If [src_start, src_start + i) and [pos, pos + i) don't intersect, then | ||
47 | > neither do [src_start + 16, src_start + i) and [pos + 16, pos + i). | ||
48 | > | ||
49 | > The if seems okay: | ||
50 | > | ||
51 | > (src_start + i > pos && pos + i > src_start) | ||
52 | > | ||
53 | > which can be rewritten to: | ||
54 | > | ||
55 | > (pos < src_start + i && src_start < pos + i) | ||
56 | > | ||
57 | > Then the numbers are in one of these two orders: | ||
58 | > | ||
59 | > pos <= src_start < pos + i <= src_start + i | ||
60 | > src_start <= pos < src_start + i <= pos + i | ||
61 | > | ||
62 | > These two would be allowed by the "if", but they can only happen if pos | ||
63 | > == src_start so they degenerate to the same two orders above: | ||
64 | > | ||
65 | > pos <= src_start < src_start + i <= pos + i | ||
66 | > src_start <= pos < pos + i <= src_start + i | ||
67 | > | ||
68 | > So it is a false positive in GCC. | ||
69 | |||
70 | Disable the warning for now. | ||
71 | |||
72 | Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> | ||
73 | Cc: Cole Robinson <crobinso@redhat.com> | ||
74 | Cc: Liming Gao <liming.gao@intel.com> | ||
75 | Cc: Paolo Bonzini <pbonzini@redhat.com> | ||
76 | Cc: Yonghong Zhu <yonghong.zhu@intel.com> | ||
77 | Reported-by: Cole Robinson <crobinso@redhat.com> | ||
78 | Contributed-under: TianoCore Contribution Agreement 1.1 | ||
79 | Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||
80 | Reviewed-by: Liming Gao <liming.gao@intel.com> | ||
81 | --- | ||
82 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
83 | Upstream-Status: Backport | ||
84 | BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- | ||
85 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
86 | |||
87 | Index: git/BaseTools/Source/C/Makefiles/header.makefile | ||
88 | =================================================================== | ||
89 | --- git.orig/BaseTools/Source/C/Makefiles/header.makefile | ||
90 | +++ git/BaseTools/Source/C/Makefiles/header.makefile | ||
91 | @@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) | ||
92 | BUILD_CPPFLAGS += $(INCLUDE) -O2 | ||
93 | ifeq ($(DARWIN),Darwin) | ||
94 | # assume clang or clang compatible flags on OS X | ||
95 | -BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g | ||
96 | +BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g | ||
97 | else | ||
98 | -BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g | ||
99 | +BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g | ||
100 | endif | ||
101 | BUILD_LFLAGS = $(LDFLAGS) | ||
102 | BUILD_CXXFLAGS += -Wno-unused-result | ||
diff --git a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch deleted file mode 100644 index 920723e326..0000000000 --- a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch +++ /dev/null | |||
@@ -1,53 +0,0 @@ | |||
1 | From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001 | ||
2 | From: Laszlo Ersek <lersek@redhat.com> | ||
3 | Date: Wed, 7 Mar 2018 10:17:28 +0100 | ||
4 | Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx" | ||
5 | options on OSX | ||
6 | |||
7 | I recently added the gcc-8 specific "-Wno-stringop-truncation" and | ||
8 | "-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 / | ||
9 | clang, OSX) and otherwise (gcc, Linux / Cygwin). | ||
10 | |||
11 | I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does | ||
12 | not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and | ||
13 | "-Wno-restrict" options, yet the build completed fine (by GCC design). | ||
14 | |||
15 | Regarding OSX, my expectation was that | ||
16 | |||
17 | - XCODE5 / clang would either recognize these warnings options (because | ||
18 | clang does recognize most -W options of gcc), | ||
19 | |||
20 | - or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags | ||
21 | that it didn't recognize. | ||
22 | |||
23 | Neither is the case; the new flags have broken the BaseTools build on OSX. | ||
24 | Revert them (for OSX only). | ||
25 | |||
26 | Cc: Liming Gao <liming.gao@intel.com> | ||
27 | Cc: Yonghong Zhu <yonghong.zhu@intel.com> | ||
28 | Reported-by: Liming Gao <liming.gao@intel.com> | ||
29 | Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231 | ||
30 | Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929 | ||
31 | Contributed-under: TianoCore Contribution Agreement 1.1 | ||
32 | Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||
33 | Reviewed-by: Liming Gao <liming.gao@intel.com> | ||
34 | Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> | ||
35 | --- | ||
36 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
37 | Upstream-Status: Backport | ||
38 | BaseTools/Source/C/Makefiles/header.makefile | 2 +- | ||
39 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
40 | |||
41 | Index: git/BaseTools/Source/C/Makefiles/header.makefile | ||
42 | =================================================================== | ||
43 | --- git.orig/BaseTools/Source/C/Makefiles/header.makefile | ||
44 | +++ git/BaseTools/Source/C/Makefiles/header.makefile | ||
45 | @@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) | ||
46 | BUILD_CPPFLAGS += $(INCLUDE) -O2 | ||
47 | ifeq ($(DARWIN),Darwin) | ||
48 | # assume clang or clang compatible flags on OS X | ||
49 | -BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g | ||
50 | +BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g | ||
51 | else | ||
52 | BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g | ||
53 | endif | ||
diff --git a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch index 65b5c16dcb..070b0ac5a6 100644 --- a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch +++ b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch | |||
@@ -1,6 +1,6 @@ | |||
1 | From 2320650c6d381b914fe91b2dedaa5870279a8bcf Mon Sep 17 00:00:00 2001 | 1 | From 2320650c6d381b914fe91b2dedaa5870279a8bcf Mon Sep 17 00:00:00 2001 |
2 | From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> | 2 | From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> |
3 | Date: Sun, 27 Nov 2016 18:42:55 -0800 | 3 | Date: Fri, 26 Jul 2019 17:34:26 -0400 |
4 | Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake | 4 | Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake |
5 | 5 | ||
6 | Prepend the build flags with those of bitbake. This is to build | 6 | Prepend the build flags with those of bitbake. This is to build |
@@ -9,31 +9,42 @@ using the bitbake native sysroot include and library directories. | |||
9 | Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com> | 9 | Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com> |
10 | Upstream-Status: Pending | 10 | Upstream-Status: Pending |
11 | --- | 11 | --- |
12 | BaseTools/Source/C/Makefiles/header.makefile | 8 ++++---- | 12 | BaseTools/Source/C/Makefiles/header.makefile | 10 +++++----- |
13 | 1 file changed, 4 insertions(+), 4 deletions(-) | 13 | 1 file changed, 5 insertions(+), 5 deletions(-) |
14 | 14 | ||
15 | Index: git/BaseTools/Source/C/Makefiles/header.makefile | 15 | Index: git/BaseTools/Source/C/Makefiles/header.makefile |
16 | =================================================================== | 16 | =================================================================== |
17 | --- git.orig/BaseTools/Source/C/Makefiles/header.makefile | 17 | --- git.orig/BaseTools/Source/C/Makefiles/header.makefile |
18 | +++ git/BaseTools/Source/C/Makefiles/header.makefile | 18 | +++ git/BaseTools/Source/C/Makefiles/header.makefile |
19 | @@ -44,15 +44,15 @@ ARCH_INCLUDE = -I $(MAKEROOT)/Include/AA | 19 | @@ -62,23 +62,23 @@ $(error Bad HOST_ARCH) |
20 | endif | 20 | endif |
21 | 21 | ||
22 | INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE) | 22 | INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE) |
23 | -BUILD_CPPFLAGS = $(INCLUDE) -O2 | 23 | -BUILD_CPPFLAGS = $(INCLUDE) |
24 | +BUILD_CPPFLAGS += $(INCLUDE) -O2 | 24 | +BUILD_CPPFLAGS += $(INCLUDE) |
25 | |||
26 | # keep EXTRA_OPTFLAGS last | ||
27 | BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS) | ||
28 | |||
25 | ifeq ($(DARWIN),Darwin) | 29 | ifeq ($(DARWIN),Darwin) |
26 | # assume clang or clang compatible flags on OS X | 30 | # assume clang or clang compatible flags on OS X |
27 | -BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g | 31 | -BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \ |
28 | +BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g | 32 | +BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \ |
33 | -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g | ||
29 | else | 34 | else |
30 | -BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g | 35 | -BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \ |
31 | +BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g | 36 | +BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \ |
37 | -fno-delete-null-pointer-checks -Wall -Werror \ | ||
38 | -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \ | ||
39 | -Wno-unused-result -nostdlib -g | ||
32 | endif | 40 | endif |
33 | -BUILD_LFLAGS = | 41 | -BUILD_LFLAGS = |
34 | -BUILD_CXXFLAGS = -Wno-unused-result | 42 | -BUILD_CXXFLAGS = -Wno-unused-result |
35 | +BUILD_LFLAGS = $(LDFLAGS) | 43 | +BUILD_LFLAGS = $(LDFLAGS) |
36 | +BUILD_CXXFLAGS += -Wno-unused-result | 44 | +BUILD_CXXFLAGS += -Wno-unused-result |
37 | 45 | ||
38 | ifeq ($(ARCH), IA32) | 46 | ifeq ($(HOST_ARCH), IA32) |
39 | # | 47 | # |
48 | -- | ||
49 | 2.20.1 | ||
50 | |||
diff --git a/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch deleted file mode 100644 index 7ad7cdf0ce..0000000000 --- a/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001 | ||
2 | From: Laszlo Ersek <lersek@redhat.com> | ||
3 | Date: Fri, 2 Mar 2018 17:11:52 +0100 | ||
4 | Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow" | ||
5 | warning with memcpy() | ||
6 | |||
7 | gcc-8 (which is part of Fedora 28) enables the new warning | ||
8 | "-Wstringop-overflow" in "-Wall". This warning is documented in detail at | ||
9 | <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the | ||
10 | introduction says | ||
11 | |||
12 | > Warn for calls to string manipulation functions such as memcpy and | ||
13 | > strcpy that are determined to overflow the destination buffer. | ||
14 | |||
15 | It breaks the BaseTools build with: | ||
16 | |||
17 | > GenVtf.c: In function 'ConvertVersionInfo': | ||
18 | > GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length | ||
19 | > of the source argument [-Werror=stringop-overflow=] | ||
20 | > strncpy (TemStr + 4 - Length, Str, Length); | ||
21 | > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
22 | > GenVtf.c:130:14: note: length computed here | ||
23 | > Length = strlen(Str); | ||
24 | > ^~~~~~~~~~~ | ||
25 | |||
26 | It is a false positive because, while the bound equals the length of the | ||
27 | source argument, the destination pointer is moved back towards the | ||
28 | beginning of the destination buffer by the same amount (and this amount is | ||
29 | range-checked first, so we can't precede the start of the dest buffer). | ||
30 | |||
31 | Replace both strncpy() calls with memcpy(). | ||
32 | |||
33 | Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> | ||
34 | Cc: Cole Robinson <crobinso@redhat.com> | ||
35 | Cc: Liming Gao <liming.gao@intel.com> | ||
36 | Cc: Paolo Bonzini <pbonzini@redhat.com> | ||
37 | Cc: Yonghong Zhu <yonghong.zhu@intel.com> | ||
38 | Reported-by: Cole Robinson <crobinso@redhat.com> | ||
39 | Contributed-under: TianoCore Contribution Agreement 1.1 | ||
40 | Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||
41 | Reviewed-by: Liming Gao <liming.gao@intel.com> | ||
42 | --- | ||
43 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
44 | Upstream-Status: Backport | ||
45 | BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++-- | ||
46 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
47 | |||
48 | diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c | ||
49 | index 2ae9a7be2c..0cd33e71e9 100644 | ||
50 | --- a/BaseTools/Source/C/GenVtf/GenVtf.c | ||
51 | +++ b/BaseTools/Source/C/GenVtf/GenVtf.c | ||
52 | @@ -129,9 +129,9 @@ Returns: | ||
53 | } else { | ||
54 | Length = strlen(Str); | ||
55 | if (Length < 4) { | ||
56 | - strncpy (TemStr + 4 - Length, Str, Length); | ||
57 | + memcpy (TemStr + 4 - Length, Str, Length); | ||
58 | } else { | ||
59 | - strncpy (TemStr, Str + Length - 4, 4); | ||
60 | + memcpy (TemStr, Str + Length - 4, 4); | ||
61 | } | ||
62 | |||
63 | sscanf ( | ||
64 | -- | ||
65 | 2.17.0 | ||
66 | |||
diff --git a/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch deleted file mode 100644 index 3aa6cc4acb..0000000000 --- a/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +++ /dev/null | |||
@@ -1,1124 +0,0 @@ | |||
1 | From: Laszlo Ersek <lersek@redhat.com> | ||
2 | Date: Mon, 6 Jul 2015 20:22:02 +0200 | ||
3 | Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default | ||
4 | keys | ||
5 | |||
6 | (A port of the <https://bugzilla.redhat.com/show_bug.cgi?id=1148296> patch | ||
7 | to Gerd's public RPMs.) | ||
8 | |||
9 | This application is meant to be invoked by the management layer, after | ||
10 | booting the UEFI shell and getting a shell prompt on the serial console. | ||
11 | The app enrolls a number of certificates (see below), and then reports | ||
12 | status to the serial console as well. The expected output is "info: | ||
13 | success": | ||
14 | |||
15 | > Shell> EnrollDefaultKeys.efi | ||
16 | > info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 | ||
17 | > info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 | ||
18 | > info: success | ||
19 | > Shell> | ||
20 | |||
21 | In case of success, the management layer can force off or reboot the VM | ||
22 | (for example with the "reset -s" or "reset -c" UEFI shell commands, | ||
23 | respectively), and start the guest installation with SecureBoot enabled. | ||
24 | |||
25 | PK: | ||
26 | - A unique, static, ad-hoc certificate whose private half has been | ||
27 | destroyed (more precisely, never saved) and is therefore unusable for | ||
28 | signing. (The command for creating this certificate is saved in the | ||
29 | source code.) | ||
30 | |||
31 | KEK: | ||
32 | - same ad-hoc certificate as used for the PK, | ||
33 | - "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool | ||
34 | package is signed (indirectly, through a chain) with this; enrolling | ||
35 | such a KEK should allow guests to install those updates. | ||
36 | |||
37 | DB: | ||
38 | - "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows | ||
39 | Server 2012 R2, | ||
40 | - "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI | ||
41 | oproms. | ||
42 | |||
43 | Contributed-under: TianoCore Contribution Agreement 1.0 | ||
44 | Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||
45 | Upstream-Status: Inappropriate [not author] | ||
46 | Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> | ||
47 | --- | ||
48 | OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 960 ++++++++++++++++++++++++ | ||
49 | OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 51 ++ | ||
50 | OvmfPkg/OvmfPkgIa32.dsc | 4 + | ||
51 | OvmfPkg/OvmfPkgIa32X64.dsc | 4 + | ||
52 | OvmfPkg/OvmfPkgX64.dsc | 4 + | ||
53 | 5 files changed, 1023 insertions(+) | ||
54 | create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | ||
55 | create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | ||
56 | |||
57 | diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | ||
58 | new file mode 100644 | ||
59 | index 0000000..081212b | ||
60 | --- /dev/null | ||
61 | +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | ||
62 | @@ -0,0 +1,960 @@ | ||
63 | +/** @file | ||
64 | + Enroll default PK, KEK, DB. | ||
65 | + | ||
66 | + Copyright (C) 2014, Red Hat, Inc. | ||
67 | + | ||
68 | + This program and the accompanying materials are licensed and made available | ||
69 | + under the terms and conditions of the BSD License which accompanies this | ||
70 | + distribution. The full text of the license may be found at | ||
71 | + http://opensource.org/licenses/bsd-license. | ||
72 | + | ||
73 | + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT | ||
74 | + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. | ||
75 | +**/ | ||
76 | +#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid | ||
77 | +#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME | ||
78 | +#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE | ||
79 | +#include <Library/BaseMemoryLib.h> // CopyGuid() | ||
80 | +#include <Library/DebugLib.h> // ASSERT() | ||
81 | +#include <Library/MemoryAllocationLib.h> // FreePool() | ||
82 | +#include <Library/ShellCEntryLib.h> // ShellAppMain() | ||
83 | +#include <Library/UefiLib.h> // AsciiPrint() | ||
84 | +#include <Library/UefiRuntimeServicesTableLib.h> // gRT | ||
85 | + | ||
86 | +// | ||
87 | +// The example self-signed certificate below, which we'll use for both Platform | ||
88 | +// Key, and first Key Exchange Key, has been generated with the following | ||
89 | +// non-interactive openssl command. The passphrase is read from /dev/urandom, | ||
90 | +// and not saved, and the private key is written to /dev/null. In other words, | ||
91 | +// we can't sign anything else against this certificate, which is our purpose. | ||
92 | +// | ||
93 | +/* | ||
94 | + openssl req \ | ||
95 | + -passout file:<(head -c 16 /dev/urandom) \ | ||
96 | + -x509 \ | ||
97 | + -newkey rsa:2048 \ | ||
98 | + -keyout /dev/null \ | ||
99 | + -outform DER \ | ||
100 | + -subj $( | ||
101 | + printf /C=US | ||
102 | + printf /ST=TestStateOrProvince | ||
103 | + printf /L=TestLocality | ||
104 | + printf /O=TestOrganization | ||
105 | + printf /OU=TestOrganizationalUnit | ||
106 | + printf /CN=TestCommonName | ||
107 | + printf /emailAddress=test@example.com | ||
108 | + ) \ | ||
109 | + 2>/dev/null \ | ||
110 | + | xxd -i | ||
111 | +*/ | ||
112 | +STATIC CONST UINT8 ExampleCert[] = { | ||
113 | + 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02, | ||
114 | + 0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d, | ||
115 | + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, | ||
116 | + 0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, | ||
117 | + 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, | ||
118 | + 0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, | ||
119 | + 0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, | ||
120 | + 0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, | ||
121 | + 0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, | ||
122 | + 0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, | ||
123 | + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, | ||
124 | + 0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, | ||
125 | + 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, | ||
126 | + 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, | ||
127 | + 0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, | ||
128 | + 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, | ||
129 | + 0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, | ||
130 | + 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, | ||
131 | + 0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34, | ||
132 | + 0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81, | ||
133 | + 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, | ||
134 | + 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54, | ||
135 | + 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f, | ||
136 | + 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, | ||
137 | + 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, | ||
138 | + 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10, | ||
139 | + 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, | ||
140 | + 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, | ||
141 | + 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, | ||
142 | + 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30, | ||
143 | + 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43, | ||
144 | + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d, | ||
145 | + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, | ||
146 | + 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, | ||
147 | + 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, | ||
148 | + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, | ||
149 | + 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce, | ||
150 | + 0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21, | ||
151 | + 0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc, | ||
152 | + 0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae, | ||
153 | + 0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16, | ||
154 | + 0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b, | ||
155 | + 0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77, | ||
156 | + 0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce, | ||
157 | + 0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31, | ||
158 | + 0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35, | ||
159 | + 0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d, | ||
160 | + 0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a, | ||
161 | + 0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24, | ||
162 | + 0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2, | ||
163 | + 0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d, | ||
164 | + 0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b, | ||
165 | + 0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3, | ||
166 | + 0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1, | ||
167 | + 0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4, | ||
168 | + 0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68, | ||
169 | + 0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, | ||
170 | + 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, | ||
171 | + 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, | ||
172 | + 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, | ||
173 | + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, | ||
174 | + 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, | ||
175 | + 0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, | ||
176 | + 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, | ||
177 | + 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38, | ||
178 | + 0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9, | ||
179 | + 0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a, | ||
180 | + 0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c, | ||
181 | + 0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59, | ||
182 | + 0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4, | ||
183 | + 0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81, | ||
184 | + 0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c, | ||
185 | + 0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f, | ||
186 | + 0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b, | ||
187 | + 0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04, | ||
188 | + 0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f, | ||
189 | + 0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e, | ||
190 | + 0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f, | ||
191 | + 0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03, | ||
192 | + 0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84, | ||
193 | + 0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d, | ||
194 | + 0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5, | ||
195 | + 0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1, | ||
196 | + 0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19, | ||
197 | + 0x26, 0x5b, 0xc0, 0x3d, 0xc7 | ||
198 | +}; | ||
199 | + | ||
200 | +// | ||
201 | +// Second KEK: "Microsoft Corporation KEK CA 2011". | ||
202 | +// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30 | ||
203 | +// | ||
204 | +// "dbx" updates in "dbxtool" are signed with a key derived from this KEK. | ||
205 | +// | ||
206 | +STATIC CONST UINT8 MicrosoftKEK[] = { | ||
207 | + 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02, | ||
208 | + 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30, | ||
209 | + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, | ||
210 | + 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, | ||
211 | + 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, | ||
212 | + 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, | ||
213 | + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, | ||
214 | + 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, | ||
215 | + 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, | ||
216 | + 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, | ||
217 | + 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, | ||
218 | + 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, | ||
219 | + 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, | ||
220 | + 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, | ||
221 | + 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, | ||
222 | + 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, | ||
223 | + 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30, | ||
224 | + 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, | ||
225 | + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, | ||
226 | + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, | ||
227 | + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, | ||
228 | + 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, | ||
229 | + 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, | ||
230 | + 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, | ||
231 | + 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, | ||
232 | + 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, | ||
233 | + 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, | ||
234 | + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, | ||
235 | + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, | ||
236 | + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad, | ||
237 | + 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d, | ||
238 | + 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb, | ||
239 | + 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3, | ||
240 | + 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b, | ||
241 | + 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac, | ||
242 | + 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8, | ||
243 | + 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0, | ||
244 | + 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2, | ||
245 | + 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89, | ||
246 | + 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2, | ||
247 | + 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03, | ||
248 | + 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e, | ||
249 | + 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb, | ||
250 | + 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f, | ||
251 | + 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa, | ||
252 | + 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f, | ||
253 | + 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6, | ||
254 | + 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf, | ||
255 | + 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07, | ||
256 | + 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30, | ||
257 | + 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, | ||
258 | + 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, | ||
259 | + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4, | ||
260 | + 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f, | ||
261 | + 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, | ||
262 | + 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, | ||
263 | + 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, | ||
264 | + 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, | ||
265 | + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, | ||
266 | + 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11, | ||
267 | + 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30, | ||
268 | + 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0, | ||
269 | + 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, | ||
270 | + 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, | ||
271 | + 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, | ||
272 | + 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, | ||
273 | + 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, | ||
274 | + 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, | ||
275 | + 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, | ||
276 | + 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, | ||
277 | + 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, | ||
278 | + 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, | ||
279 | + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, | ||
280 | + 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, | ||
281 | + 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, | ||
282 | + 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, | ||
283 | + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, | ||
284 | + 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a, | ||
285 | + 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66, | ||
286 | + 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a, | ||
287 | + 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64, | ||
288 | + 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58, | ||
289 | + 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0, | ||
290 | + 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5, | ||
291 | + 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec, | ||
292 | + 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7, | ||
293 | + 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28, | ||
294 | + 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79, | ||
295 | + 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b, | ||
296 | + 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8, | ||
297 | + 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19, | ||
298 | + 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58, | ||
299 | + 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d, | ||
300 | + 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d, | ||
301 | + 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8, | ||
302 | + 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60, | ||
303 | + 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac, | ||
304 | + 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87, | ||
305 | + 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd, | ||
306 | + 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81, | ||
307 | + 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92, | ||
308 | + 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0, | ||
309 | + 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf, | ||
310 | + 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb, | ||
311 | + 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68, | ||
312 | + 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad, | ||
313 | + 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82, | ||
314 | + 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14, | ||
315 | + 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f, | ||
316 | + 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b, | ||
317 | + 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0, | ||
318 | + 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d, | ||
319 | + 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38, | ||
320 | + 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c, | ||
321 | + 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14, | ||
322 | + 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5, | ||
323 | + 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e | ||
324 | +}; | ||
325 | + | ||
326 | +// | ||
327 | +// First DB entry: "Microsoft Windows Production PCA 2011" | ||
328 | +// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d | ||
329 | +// | ||
330 | +// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain | ||
331 | +// rooted in this certificate. | ||
332 | +// | ||
333 | +STATIC CONST UINT8 MicrosoftPCA[] = { | ||
334 | + 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02, | ||
335 | + 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, | ||
336 | + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, | ||
337 | + 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, | ||
338 | + 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, | ||
339 | + 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, | ||
340 | + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, | ||
341 | + 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, | ||
342 | + 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, | ||
343 | + 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, | ||
344 | + 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, | ||
345 | + 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, | ||
346 | + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, | ||
347 | + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17, | ||
348 | + 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32, | ||
349 | + 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31, | ||
350 | + 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, | ||
351 | + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, | ||
352 | + 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, | ||
353 | + 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, | ||
354 | + 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, | ||
355 | + 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, | ||
356 | + 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, | ||
357 | + 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63, | ||
358 | + 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, | ||
359 | + 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, | ||
360 | + 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, | ||
361 | + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, | ||
362 | + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, | ||
363 | + 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7, | ||
364 | + 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb, | ||
365 | + 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b, | ||
366 | + 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3, | ||
367 | + 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0, | ||
368 | + 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74, | ||
369 | + 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67, | ||
370 | + 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53, | ||
371 | + 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23, | ||
372 | + 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3, | ||
373 | + 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff, | ||
374 | + 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2, | ||
375 | + 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22, | ||
376 | + 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3, | ||
377 | + 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b, | ||
378 | + 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc, | ||
379 | + 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6, | ||
380 | + 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8, | ||
381 | + 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8, | ||
382 | + 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03, | ||
383 | + 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10, | ||
384 | + 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, | ||
385 | + 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, | ||
386 | + 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9, | ||
387 | + 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b, | ||
388 | + 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, | ||
389 | + 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, | ||
390 | + 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, | ||
391 | + 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, | ||
392 | + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, | ||
393 | + 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94, | ||
394 | + 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d, | ||
395 | + 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45, | ||
396 | + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, | ||
397 | + 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, | ||
398 | + 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, | ||
399 | + 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41, | ||
400 | + 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, | ||
401 | + 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, | ||
402 | + 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, | ||
403 | + 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a, | ||
404 | + 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, | ||
405 | + 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, | ||
406 | + 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, | ||
407 | + 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, | ||
408 | + 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, | ||
409 | + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14, | ||
410 | + 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc, | ||
411 | + 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0, | ||
412 | + 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61, | ||
413 | + 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda, | ||
414 | + 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a, | ||
415 | + 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2, | ||
416 | + 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea, | ||
417 | + 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30, | ||
418 | + 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86, | ||
419 | + 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8, | ||
420 | + 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae, | ||
421 | + 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8, | ||
422 | + 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac, | ||
423 | + 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84, | ||
424 | + 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73, | ||
425 | + 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73, | ||
426 | + 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60, | ||
427 | + 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6, | ||
428 | + 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a, | ||
429 | + 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba, | ||
430 | + 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce, | ||
431 | + 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f, | ||
432 | + 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e, | ||
433 | + 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3, | ||
434 | + 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45, | ||
435 | + 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0, | ||
436 | + 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24, | ||
437 | + 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c, | ||
438 | + 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf, | ||
439 | + 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c, | ||
440 | + 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2, | ||
441 | + 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c, | ||
442 | + 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47, | ||
443 | + 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a, | ||
444 | + 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21, | ||
445 | + 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86, | ||
446 | + 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6, | ||
447 | + 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9, | ||
448 | + 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4, | ||
449 | + 0x62, 0x1c, 0x59, 0x7e | ||
450 | +}; | ||
451 | + | ||
452 | +// | ||
453 | +// Second DB entry: "Microsoft Corporation UEFI CA 2011" | ||
454 | +// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3 | ||
455 | +// | ||
456 | +// To verify the "shim" binary and PCI expansion ROMs with. | ||
457 | +// | ||
458 | +STATIC CONST UINT8 MicrosoftUefiCA[] = { | ||
459 | + 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02, | ||
460 | + 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30, | ||
461 | + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, | ||
462 | + 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, | ||
463 | + 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, | ||
464 | + 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, | ||
465 | + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, | ||
466 | + 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, | ||
467 | + 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, | ||
468 | + 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, | ||
469 | + 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, | ||
470 | + 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, | ||
471 | + 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, | ||
472 | + 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, | ||
473 | + 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, | ||
474 | + 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32, | ||
475 | + 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30, | ||
476 | + 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, | ||
477 | + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, | ||
478 | + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, | ||
479 | + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, | ||
480 | + 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, | ||
481 | + 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, | ||
482 | + 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06, | ||
483 | + 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, | ||
484 | + 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, | ||
485 | + 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, | ||
486 | + 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, | ||
487 | + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, | ||
488 | + 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7, | ||
489 | + 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43, | ||
490 | + 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73, | ||
491 | + 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3, | ||
492 | + 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54, | ||
493 | + 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c, | ||
494 | + 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f, | ||
495 | + 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae, | ||
496 | + 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d, | ||
497 | + 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa, | ||
498 | + 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff, | ||
499 | + 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b, | ||
500 | + 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6, | ||
501 | + 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62, | ||
502 | + 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08, | ||
503 | + 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7, | ||
504 | + 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2, | ||
505 | + 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f, | ||
506 | + 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b, | ||
507 | + 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a, | ||
508 | + 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76, | ||
509 | + 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, | ||
510 | + 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23, | ||
511 | + 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16, | ||
512 | + 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37, | ||
513 | + 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03, | ||
514 | + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd, | ||
515 | + 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b, | ||
516 | + 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, | ||
517 | + 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, | ||
518 | + 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, | ||
519 | + 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, | ||
520 | + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, | ||
521 | + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, | ||
522 | + 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, | ||
523 | + 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, | ||
524 | + 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, | ||
525 | + 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, | ||
526 | + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, | ||
527 | + 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, | ||
528 | + 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, | ||
529 | + 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, | ||
530 | + 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, | ||
531 | + 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, | ||
532 | + 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, | ||
533 | + 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, | ||
534 | + 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, | ||
535 | + 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, | ||
536 | + 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, | ||
537 | + 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, | ||
538 | + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, | ||
539 | + 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76, | ||
540 | + 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef, | ||
541 | + 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13, | ||
542 | + 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82, | ||
543 | + 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a, | ||
544 | + 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20, | ||
545 | + 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90, | ||
546 | + 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52, | ||
547 | + 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d, | ||
548 | + 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf, | ||
549 | + 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49, | ||
550 | + 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34, | ||
551 | + 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75, | ||
552 | + 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9, | ||
553 | + 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f, | ||
554 | + 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c, | ||
555 | + 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56, | ||
556 | + 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae, | ||
557 | + 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a, | ||
558 | + 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c, | ||
559 | + 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59, | ||
560 | + 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d, | ||
561 | + 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53, | ||
562 | + 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b, | ||
563 | + 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98, | ||
564 | + 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85, | ||
565 | + 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2, | ||
566 | + 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2, | ||
567 | + 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c, | ||
568 | + 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b, | ||
569 | + 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27, | ||
570 | + 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6, | ||
571 | + 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f, | ||
572 | + 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55, | ||
573 | + 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e, | ||
574 | + 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62, | ||
575 | + 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8, | ||
576 | + 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6, | ||
577 | + 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75, | ||
578 | + 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58 | ||
579 | +}; | ||
580 | + | ||
581 | +// | ||
582 | +// The most important thing about the variable payload is that it is a list of | ||
583 | +// lists, where the element size of any given *inner* list is constant. | ||
584 | +// | ||
585 | +// Since X509 certificates vary in size, each of our *inner* lists will contain | ||
586 | +// one element only (one X.509 certificate). This is explicitly mentioned in | ||
587 | +// the UEFI specification, in "28.4.1 Signature Database", in a Note. | ||
588 | +// | ||
589 | +// The list structure looks as follows: | ||
590 | +// | ||
591 | +// struct EFI_VARIABLE_AUTHENTICATION_2 { | | ||
592 | +// struct EFI_TIME { | | ||
593 | +// UINT16 Year; | | ||
594 | +// UINT8 Month; | | ||
595 | +// UINT8 Day; | | ||
596 | +// UINT8 Hour; | | ||
597 | +// UINT8 Minute; | | ||
598 | +// UINT8 Second; | | ||
599 | +// UINT8 Pad1; | | ||
600 | +// UINT32 Nanosecond; | | ||
601 | +// INT16 TimeZone; | | ||
602 | +// UINT8 Daylight; | | ||
603 | +// UINT8 Pad2; | | ||
604 | +// } TimeStamp; | | ||
605 | +// | | ||
606 | +// struct WIN_CERTIFICATE_UEFI_GUID { | | | ||
607 | +// struct WIN_CERTIFICATE { | | | ||
608 | +// UINT32 dwLength; ----------------------------------------+ | | ||
609 | +// UINT16 wRevision; | | | ||
610 | +// UINT16 wCertificateType; | | | ||
611 | +// } Hdr; | +- DataSize | ||
612 | +// | | | ||
613 | +// EFI_GUID CertType; | | | ||
614 | +// UINT8 CertData[1] = { <--- "struct hack" | | | ||
615 | +// struct EFI_SIGNATURE_LIST { | | | | ||
616 | +// EFI_GUID SignatureType; | | | | ||
617 | +// UINT32 SignatureListSize; -------------------------+ | | | ||
618 | +// UINT32 SignatureHeaderSize; | | | | ||
619 | +// UINT32 SignatureSize; ---------------------------+ | | | | ||
620 | +// UINT8 SignatureHeader[SignatureHeaderSize]; | | | | | ||
621 | +// v | | | | ||
622 | +// struct EFI_SIGNATURE_DATA { | | | | | ||
623 | +// EFI_GUID SignatureOwner; | | | | | ||
624 | +// UINT8 SignatureData[1] = { <--- "struct hack" | | | | | ||
625 | +// X.509 payload | | | | | ||
626 | +// } | | | | | ||
627 | +// } Signatures[]; | | | | ||
628 | +// } SigLists[]; | | | ||
629 | +// }; | | | ||
630 | +// } AuthInfo; | | | ||
631 | +// }; | | ||
632 | +// | ||
633 | +// Given that the "struct hack" invokes undefined behavior (which is why C99 | ||
634 | +// introduced the flexible array member), and because subtracting those pesky | ||
635 | +// sizes of 1 is annoying, and because the format is fully specified in the | ||
636 | +// UEFI specification, we'll introduce two matching convenience structures that | ||
637 | +// are customized for our X.509 purposes. | ||
638 | +// | ||
639 | +#pragma pack(1) | ||
640 | +typedef struct { | ||
641 | + EFI_TIME TimeStamp; | ||
642 | + | ||
643 | + // | ||
644 | + // dwLength covers data below | ||
645 | + // | ||
646 | + UINT32 dwLength; | ||
647 | + UINT16 wRevision; | ||
648 | + UINT16 wCertificateType; | ||
649 | + EFI_GUID CertType; | ||
650 | +} SINGLE_HEADER; | ||
651 | + | ||
652 | +typedef struct { | ||
653 | + // | ||
654 | + // SignatureListSize covers data below | ||
655 | + // | ||
656 | + EFI_GUID SignatureType; | ||
657 | + UINT32 SignatureListSize; | ||
658 | + UINT32 SignatureHeaderSize; // constant 0 | ||
659 | + UINT32 SignatureSize; | ||
660 | + | ||
661 | + // | ||
662 | + // SignatureSize covers data below | ||
663 | + // | ||
664 | + EFI_GUID SignatureOwner; | ||
665 | + | ||
666 | + // | ||
667 | + // X.509 certificate follows | ||
668 | + // | ||
669 | +} REPEATING_HEADER; | ||
670 | +#pragma pack() | ||
671 | + | ||
672 | +/** | ||
673 | + Enroll a set of DER-formatted X.509 certificates in a global variable, | ||
674 | + overwriting it. | ||
675 | + | ||
676 | + The variable will be rewritten with NV+BS+RT+AT attributes. | ||
677 | + | ||
678 | + @param[in] VariableName The name of the variable to overwrite. | ||
679 | + | ||
680 | + @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to | ||
681 | + overwrite. | ||
682 | + | ||
683 | + @param[in] ... A list of | ||
684 | + | ||
685 | + IN CONST UINT8 *Cert, | ||
686 | + IN UINTN CertSize, | ||
687 | + IN CONST EFI_GUID *OwnerGuid | ||
688 | + | ||
689 | + triplets. If the first component of a triplet is | ||
690 | + NULL, then the other two components are not | ||
691 | + accessed, and processing is terminated. The list of | ||
692 | + X.509 certificates is enrolled in the variable | ||
693 | + specified, overwriting it. The OwnerGuid component | ||
694 | + identifies the agent installing the certificate. | ||
695 | + | ||
696 | + @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert | ||
697 | + value is NULL), or one of the CertSize values | ||
698 | + is 0, or one of the CertSize values would | ||
699 | + overflow the accumulated UINT32 data size. | ||
700 | + | ||
701 | + @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable | ||
702 | + payload. | ||
703 | + | ||
704 | + @retval EFI_SUCCESS Enrollment successful; the variable has been | ||
705 | + overwritten (or created). | ||
706 | + | ||
707 | + @return Error codes from gRT->GetTime() and | ||
708 | + gRT->SetVariable(). | ||
709 | +**/ | ||
710 | +STATIC | ||
711 | +EFI_STATUS | ||
712 | +EFIAPI | ||
713 | +EnrollListOfX509Certs ( | ||
714 | + IN CHAR16 *VariableName, | ||
715 | + IN EFI_GUID *VendorGuid, | ||
716 | + ... | ||
717 | + ) | ||
718 | +{ | ||
719 | + UINTN DataSize; | ||
720 | + SINGLE_HEADER *SingleHeader; | ||
721 | + REPEATING_HEADER *RepeatingHeader; | ||
722 | + VA_LIST Marker; | ||
723 | + CONST UINT8 *Cert; | ||
724 | + EFI_STATUS Status = EFI_SUCCESS; | ||
725 | + UINT8 *Data; | ||
726 | + UINT8 *Position; | ||
727 | + | ||
728 | + // | ||
729 | + // compute total size first, for UINT32 range check, and allocation | ||
730 | + // | ||
731 | + DataSize = sizeof *SingleHeader; | ||
732 | + VA_START (Marker, VendorGuid); | ||
733 | + for (Cert = VA_ARG (Marker, CONST UINT8 *); | ||
734 | + Cert != NULL; | ||
735 | + Cert = VA_ARG (Marker, CONST UINT8 *)) { | ||
736 | + UINTN CertSize; | ||
737 | + | ||
738 | + CertSize = VA_ARG (Marker, UINTN); | ||
739 | + (VOID)VA_ARG (Marker, CONST EFI_GUID *); | ||
740 | + | ||
741 | + if (CertSize == 0 || | ||
742 | + CertSize > MAX_UINT32 - sizeof *RepeatingHeader || | ||
743 | + DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) { | ||
744 | + Status = EFI_INVALID_PARAMETER; | ||
745 | + break; | ||
746 | + } | ||
747 | + DataSize += sizeof *RepeatingHeader + CertSize; | ||
748 | + } | ||
749 | + VA_END (Marker); | ||
750 | + | ||
751 | + if (DataSize == sizeof *SingleHeader) { | ||
752 | + Status = EFI_INVALID_PARAMETER; | ||
753 | + } | ||
754 | + if (EFI_ERROR (Status)) { | ||
755 | + goto Out; | ||
756 | + } | ||
757 | + | ||
758 | + Data = AllocatePool (DataSize); | ||
759 | + if (Data == NULL) { | ||
760 | + Status = EFI_OUT_OF_RESOURCES; | ||
761 | + goto Out; | ||
762 | + } | ||
763 | + | ||
764 | + Position = Data; | ||
765 | + | ||
766 | + SingleHeader = (SINGLE_HEADER *)Position; | ||
767 | + Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL); | ||
768 | + if (EFI_ERROR (Status)) { | ||
769 | + goto FreeData; | ||
770 | + } | ||
771 | + SingleHeader->TimeStamp.Pad1 = 0; | ||
772 | + SingleHeader->TimeStamp.Nanosecond = 0; | ||
773 | + SingleHeader->TimeStamp.TimeZone = 0; | ||
774 | + SingleHeader->TimeStamp.Daylight = 0; | ||
775 | + SingleHeader->TimeStamp.Pad2 = 0; | ||
776 | +#if 0 | ||
777 | + SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp; | ||
778 | +#else | ||
779 | + // | ||
780 | + // This looks like a bug in edk2. According to the UEFI specification, | ||
781 | + // dwLength is "The length of the entire certificate, including the length of | ||
782 | + // the header, in bytes". That shouldn't stop right after CertType -- it | ||
783 | + // should include everything below it. | ||
784 | + // | ||
785 | + SingleHeader->dwLength = sizeof *SingleHeader | ||
786 | + - sizeof SingleHeader->TimeStamp; | ||
787 | +#endif | ||
788 | + SingleHeader->wRevision = 0x0200; | ||
789 | + SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID; | ||
790 | + CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid); | ||
791 | + Position += sizeof *SingleHeader; | ||
792 | + | ||
793 | + VA_START (Marker, VendorGuid); | ||
794 | + for (Cert = VA_ARG (Marker, CONST UINT8 *); | ||
795 | + Cert != NULL; | ||
796 | + Cert = VA_ARG (Marker, CONST UINT8 *)) { | ||
797 | + UINTN CertSize; | ||
798 | + CONST EFI_GUID *OwnerGuid; | ||
799 | + | ||
800 | + CertSize = VA_ARG (Marker, UINTN); | ||
801 | + OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *); | ||
802 | + | ||
803 | + RepeatingHeader = (REPEATING_HEADER *)Position; | ||
804 | + CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid); | ||
805 | + RepeatingHeader->SignatureListSize = sizeof *RepeatingHeader + CertSize; | ||
806 | + RepeatingHeader->SignatureHeaderSize = 0; | ||
807 | + RepeatingHeader->SignatureSize = | ||
808 | + sizeof RepeatingHeader->SignatureOwner + CertSize; | ||
809 | + CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid); | ||
810 | + Position += sizeof *RepeatingHeader; | ||
811 | + | ||
812 | + CopyMem (Position, Cert, CertSize); | ||
813 | + Position += CertSize; | ||
814 | + } | ||
815 | + VA_END (Marker); | ||
816 | + | ||
817 | + ASSERT (Data + DataSize == Position); | ||
818 | + | ||
819 | + Status = gRT->SetVariable (VariableName, VendorGuid, | ||
820 | + (EFI_VARIABLE_NON_VOLATILE | | ||
821 | + EFI_VARIABLE_BOOTSERVICE_ACCESS | | ||
822 | + EFI_VARIABLE_RUNTIME_ACCESS | | ||
823 | + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS), | ||
824 | + DataSize, Data); | ||
825 | + | ||
826 | +FreeData: | ||
827 | + FreePool (Data); | ||
828 | + | ||
829 | +Out: | ||
830 | + if (EFI_ERROR (Status)) { | ||
831 | + AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName, | ||
832 | + VendorGuid, Status); | ||
833 | + } | ||
834 | + return Status; | ||
835 | +} | ||
836 | + | ||
837 | + | ||
838 | +STATIC | ||
839 | +EFI_STATUS | ||
840 | +EFIAPI | ||
841 | +GetExact ( | ||
842 | + IN CHAR16 *VariableName, | ||
843 | + IN EFI_GUID *VendorGuid, | ||
844 | + OUT VOID *Data, | ||
845 | + IN UINTN DataSize, | ||
846 | + IN BOOLEAN AllowMissing | ||
847 | + ) | ||
848 | +{ | ||
849 | + UINTN Size; | ||
850 | + EFI_STATUS Status; | ||
851 | + | ||
852 | + Size = DataSize; | ||
853 | + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data); | ||
854 | + if (EFI_ERROR (Status)) { | ||
855 | + if (Status == EFI_NOT_FOUND && AllowMissing) { | ||
856 | + ZeroMem (Data, DataSize); | ||
857 | + return EFI_SUCCESS; | ||
858 | + } | ||
859 | + | ||
860 | + AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName, | ||
861 | + VendorGuid, Status); | ||
862 | + return Status; | ||
863 | + } | ||
864 | + | ||
865 | + if (Size != DataSize) { | ||
866 | + AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, " | ||
867 | + "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size); | ||
868 | + return EFI_PROTOCOL_ERROR; | ||
869 | + } | ||
870 | + | ||
871 | + return EFI_SUCCESS; | ||
872 | +} | ||
873 | + | ||
874 | +typedef struct { | ||
875 | + UINT8 SetupMode; | ||
876 | + UINT8 SecureBoot; | ||
877 | + UINT8 SecureBootEnable; | ||
878 | + UINT8 CustomMode; | ||
879 | + UINT8 VendorKeys; | ||
880 | +} SETTINGS; | ||
881 | + | ||
882 | +STATIC | ||
883 | +EFI_STATUS | ||
884 | +EFIAPI | ||
885 | +GetSettings ( | ||
886 | + OUT SETTINGS *Settings | ||
887 | + ) | ||
888 | +{ | ||
889 | + EFI_STATUS Status; | ||
890 | + | ||
891 | + Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, | ||
892 | + &Settings->SetupMode, sizeof Settings->SetupMode, FALSE); | ||
893 | + if (EFI_ERROR (Status)) { | ||
894 | + return Status; | ||
895 | + } | ||
896 | + | ||
897 | + Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, | ||
898 | + &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE); | ||
899 | + if (EFI_ERROR (Status)) { | ||
900 | + return Status; | ||
901 | + } | ||
902 | + | ||
903 | + Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME, | ||
904 | + &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable, | ||
905 | + sizeof Settings->SecureBootEnable, TRUE); | ||
906 | + if (EFI_ERROR (Status)) { | ||
907 | + return Status; | ||
908 | + } | ||
909 | + | ||
910 | + Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, | ||
911 | + &Settings->CustomMode, sizeof Settings->CustomMode, FALSE); | ||
912 | + if (EFI_ERROR (Status)) { | ||
913 | + return Status; | ||
914 | + } | ||
915 | + | ||
916 | + Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid, | ||
917 | + &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE); | ||
918 | + return Status; | ||
919 | +} | ||
920 | + | ||
921 | +STATIC | ||
922 | +VOID | ||
923 | +EFIAPI | ||
924 | +PrintSettings ( | ||
925 | + IN CONST SETTINGS *Settings | ||
926 | + ) | ||
927 | +{ | ||
928 | + AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d " | ||
929 | + "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot, | ||
930 | + Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys); | ||
931 | +} | ||
932 | + | ||
933 | + | ||
934 | +INTN | ||
935 | +EFIAPI | ||
936 | +ShellAppMain ( | ||
937 | + IN UINTN Argc, | ||
938 | + IN CHAR16 **Argv | ||
939 | + ) | ||
940 | +{ | ||
941 | + EFI_STATUS Status; | ||
942 | + SETTINGS Settings; | ||
943 | + | ||
944 | + Status = GetSettings (&Settings); | ||
945 | + if (EFI_ERROR (Status)) { | ||
946 | + return 1; | ||
947 | + } | ||
948 | + PrintSettings (&Settings); | ||
949 | + | ||
950 | + if (Settings.SetupMode != 1) { | ||
951 | + AsciiPrint ("error: already in User Mode\n"); | ||
952 | + return 1; | ||
953 | + } | ||
954 | + | ||
955 | + if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) { | ||
956 | + Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE; | ||
957 | + Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, | ||
958 | + (EFI_VARIABLE_NON_VOLATILE | | ||
959 | + EFI_VARIABLE_BOOTSERVICE_ACCESS), | ||
960 | + sizeof Settings.CustomMode, &Settings.CustomMode); | ||
961 | + if (EFI_ERROR (Status)) { | ||
962 | + AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, | ||
963 | + &gEfiCustomModeEnableGuid, Status); | ||
964 | + return 1; | ||
965 | + } | ||
966 | + } | ||
967 | + | ||
968 | + Status = EnrollListOfX509Certs ( | ||
969 | + EFI_IMAGE_SECURITY_DATABASE, | ||
970 | + &gEfiImageSecurityDatabaseGuid, | ||
971 | + MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid, | ||
972 | + MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid, | ||
973 | + NULL); | ||
974 | + if (EFI_ERROR (Status)) { | ||
975 | + return 1; | ||
976 | + } | ||
977 | + | ||
978 | + Status = EnrollListOfX509Certs ( | ||
979 | + EFI_KEY_EXCHANGE_KEY_NAME, | ||
980 | + &gEfiGlobalVariableGuid, | ||
981 | + ExampleCert, sizeof ExampleCert, &gEfiCallerIdGuid, | ||
982 | + MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid, | ||
983 | + NULL); | ||
984 | + if (EFI_ERROR (Status)) { | ||
985 | + return 1; | ||
986 | + } | ||
987 | + | ||
988 | + Status = EnrollListOfX509Certs ( | ||
989 | + EFI_PLATFORM_KEY_NAME, | ||
990 | + &gEfiGlobalVariableGuid, | ||
991 | + ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid, | ||
992 | + NULL); | ||
993 | + if (EFI_ERROR (Status)) { | ||
994 | + return 1; | ||
995 | + } | ||
996 | + | ||
997 | + Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; | ||
998 | + Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, | ||
999 | + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, | ||
1000 | + sizeof Settings.CustomMode, &Settings.CustomMode); | ||
1001 | + if (EFI_ERROR (Status)) { | ||
1002 | + AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, | ||
1003 | + &gEfiCustomModeEnableGuid, Status); | ||
1004 | + return 1; | ||
1005 | + } | ||
1006 | + | ||
1007 | + Status = GetSettings (&Settings); | ||
1008 | + if (EFI_ERROR (Status)) { | ||
1009 | + return 1; | ||
1010 | + } | ||
1011 | + PrintSettings (&Settings); | ||
1012 | + | ||
1013 | + if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 || | ||
1014 | + Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 || | ||
1015 | + Settings.VendorKeys != 0) { | ||
1016 | + AsciiPrint ("error: unexpected\n"); | ||
1017 | + return 1; | ||
1018 | + } | ||
1019 | + | ||
1020 | + AsciiPrint ("info: success\n"); | ||
1021 | + return 0; | ||
1022 | +} | ||
1023 | diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | ||
1024 | new file mode 100644 | ||
1025 | index 0000000..ac919bb | ||
1026 | --- /dev/null | ||
1027 | +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | ||
1028 | @@ -0,0 +1,51 @@ | ||
1029 | +## @file | ||
1030 | +# Enroll default PK, KEK, DB. | ||
1031 | +# | ||
1032 | +# Copyright (C) 2014, Red Hat, Inc. | ||
1033 | +# | ||
1034 | +# This program and the accompanying materials are licensed and made available | ||
1035 | +# under the terms and conditions of the BSD License which accompanies this | ||
1036 | +# distribution. The full text of the license may be found at | ||
1037 | +# http://opensource.org/licenses/bsd-license. | ||
1038 | +# | ||
1039 | +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, | ||
1040 | +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR | ||
1041 | +# IMPLIED. | ||
1042 | +## | ||
1043 | + | ||
1044 | +[Defines] | ||
1045 | + INF_VERSION = 0x00010006 | ||
1046 | + BASE_NAME = EnrollDefaultKeys | ||
1047 | + FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A | ||
1048 | + MODULE_TYPE = UEFI_APPLICATION | ||
1049 | + VERSION_STRING = 0.1 | ||
1050 | + ENTRY_POINT = ShellCEntryLib | ||
1051 | + | ||
1052 | +# | ||
1053 | +# VALID_ARCHITECTURES = IA32 X64 | ||
1054 | +# | ||
1055 | + | ||
1056 | +[Sources] | ||
1057 | + EnrollDefaultKeys.c | ||
1058 | + | ||
1059 | +[Packages] | ||
1060 | + MdePkg/MdePkg.dec | ||
1061 | + MdeModulePkg/MdeModulePkg.dec | ||
1062 | + SecurityPkg/SecurityPkg.dec | ||
1063 | + ShellPkg/ShellPkg.dec | ||
1064 | + | ||
1065 | +[Guids] | ||
1066 | + gEfiCertPkcs7Guid | ||
1067 | + gEfiCertX509Guid | ||
1068 | + gEfiCustomModeEnableGuid | ||
1069 | + gEfiGlobalVariableGuid | ||
1070 | + gEfiImageSecurityDatabaseGuid | ||
1071 | + gEfiSecureBootEnableDisableGuid | ||
1072 | + | ||
1073 | +[LibraryClasses] | ||
1074 | + BaseMemoryLib | ||
1075 | + DebugLib | ||
1076 | + MemoryAllocationLib | ||
1077 | + ShellCEntryLib | ||
1078 | + UefiLib | ||
1079 | + UefiRuntimeServicesTableLib | ||
1080 | diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc | ||
1081 | index fa9661c..e2e6ba3 100644 | ||
1082 | --- a/OvmfPkg/OvmfPkgIa32.dsc | ||
1083 | +++ b/OvmfPkg/OvmfPkgIa32.dsc | ||
1084 | @@ -764,6 +764,10 @@ | ||
1085 | |||
1086 | !if $(SECURE_BOOT_ENABLE) == TRUE | ||
1087 | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf | ||
1088 | + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { | ||
1089 | + <LibraryClasses> | ||
1090 | + ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf | ||
1091 | + } | ||
1092 | !endif | ||
1093 | |||
1094 | OvmfPkg/PlatformDxe/Platform.inf | ||
1095 | diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc | ||
1096 | index 667584a..a0ae1aa 100644 | ||
1097 | --- a/OvmfPkg/OvmfPkgIa32X64.dsc | ||
1098 | +++ b/OvmfPkg/OvmfPkgIa32X64.dsc | ||
1099 | @@ -773,6 +773,10 @@ | ||
1100 | |||
1101 | !if $(SECURE_BOOT_ENABLE) == TRUE | ||
1102 | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf | ||
1103 | + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { | ||
1104 | + <LibraryClasses> | ||
1105 | + ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf | ||
1106 | + } | ||
1107 | !endif | ||
1108 | |||
1109 | OvmfPkg/PlatformDxe/Platform.inf | ||
1110 | diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc | ||
1111 | index 5ae8469..87cee52 100644 | ||
1112 | --- a/OvmfPkg/OvmfPkgX64.dsc | ||
1113 | +++ b/OvmfPkg/OvmfPkgX64.dsc | ||
1114 | @@ -771,6 +771,10 @@ | ||
1115 | |||
1116 | !if $(SECURE_BOOT_ENABLE) == TRUE | ||
1117 | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf | ||
1118 | + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { | ||
1119 | + <LibraryClasses> | ||
1120 | + ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf | ||
1121 | + } | ||
1122 | !endif | ||
1123 | |||
1124 | OvmfPkg/PlatformDxe/Platform.inf | ||
diff --git a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch index 25e5b58e70..1b65348e84 100644 --- a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch +++ b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch | |||
@@ -9,12 +9,26 @@ Index: git/BaseTools/Conf/tools_def.template | |||
9 | =================================================================== | 9 | =================================================================== |
10 | --- git.orig/BaseTools/Conf/tools_def.template | 10 | --- git.orig/BaseTools/Conf/tools_def.template |
11 | +++ git/BaseTools/Conf/tools_def.template | 11 | +++ git/BaseTools/Conf/tools_def.template |
12 | @@ -4368,7 +4368,7 @@ DEFINE GCC_IPF_RC_FLAGS = -I | 12 | @@ -1736,10 +1736,10 @@ DEFINE GCC_X64_RC_FLAGS = -I binary -O elf64-x86-64 -B i386 |
13 | DEFINE GCC_ARM_RC_FLAGS = -I binary -O elf32-littlearm -B arm --rename-section .data=.hii | 13 | DEFINE GCC_ARM_RC_FLAGS = -I binary -O elf32-littlearm -B arm --rename-section .data=.hii |
14 | DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii | 14 | DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii |
15 | 15 | ||
16 | -DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings | 16 | -DEFINE GCC48_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings |
17 | +DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings | 17 | +DEFINE GCC48_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings |
18 | DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie | 18 | DEFINE GCC48_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 |
19 | DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables | 19 | -DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address |
20 | DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie | 20 | -DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address |
21 | +DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -D EFI32 -fno-asynchronous-unwind-tables -Wno-address | ||
22 | +DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address | ||
23 | DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable | ||
24 | DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive | ||
25 | DEFINE GCC48_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON) | ||
26 | @@ -1748,7 +1748,7 @@ DEFINE GCC48_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF | ||
27 | DEFINE GCC48_ASM_FLAGS = DEF(GCC_ASM_FLAGS) | ||
28 | DEFINE GCC48_ARM_ASM_FLAGS = $(ARCHASM_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian | ||
29 | DEFINE GCC48_AARCH64_ASM_FLAGS = $(ARCHASM_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian | ||
30 | -DEFINE GCC48_ARM_CC_FLAGS = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ARM_CC_FLAGS) -fstack-protector -mword-relocations | ||
31 | +DEFINE GCC48_ARM_CC_FLAGS = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ARM_CC_FLAGS) -mword-relocations | ||
32 | DEFINE GCC48_ARM_CC_XIPFLAGS = DEF(GCC_ARM_CC_XIPFLAGS) | ||
33 | DEFINE GCC48_AARCH64_CC_FLAGS = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) -mcmodel=large DEF(GCC_AARCH64_CC_FLAGS) | ||
34 | DEFINE GCC48_AARCH64_CC_XIPFLAGS = DEF(GCC_AARCH64_CC_XIPFLAGS) | ||
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index 71828d8d8d..11793f0d1a 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb | |||
@@ -4,7 +4,7 @@ Virtual Machines. OVMF contains sample UEFI firmware for QEMU and KVM" | |||
4 | HOMEPAGE = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF" | 4 | HOMEPAGE = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF" |
5 | LICENSE = "BSD" | 5 | LICENSE = "BSD" |
6 | LICENSE_class-target = "${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'BSD & OpenSSL', 'BSD', d)}" | 6 | LICENSE_class-target = "${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'BSD & OpenSSL', 'BSD', d)}" |
7 | LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=343dc88e82ff33d042074f62050c3496" | 7 | LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=06357ddc23f46577c2aeaeaf7b776d65" |
8 | 8 | ||
9 | # Enabling Secure Boot adds a dependency on OpenSSL and implies | 9 | # Enabling Secure Boot adds a dependency on OpenSSL and implies |
10 | # compiling OVMF twice, so it is disabled by default. Distros | 10 | # compiling OVMF twice, so it is disabled by default. Distros |
@@ -12,30 +12,15 @@ LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=343dc88e82ff33d042074f62050c3 | |||
12 | PACKAGECONFIG ??= "" | 12 | PACKAGECONFIG ??= "" |
13 | PACKAGECONFIG[secureboot] = ",,," | 13 | PACKAGECONFIG[secureboot] = ",,," |
14 | 14 | ||
15 | SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ | 15 | SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=git \ |
16 | file://0001-ia32-Dont-use-pie.patch \ | ||
17 | file://0002-ovmf-update-path-to-native-BaseTools.patch \ | 16 | file://0002-ovmf-update-path-to-native-BaseTools.patch \ |
18 | file://0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ | 17 | file://0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ |
19 | file://0004-ovmf-enable-long-path-file.patch \ | 18 | file://0004-ovmf-enable-long-path-file.patch \ |
20 | file://VfrCompile-increase-path-length-limit.patch \ | ||
21 | file://no-stack-protector-all-archs.patch \ | 19 | file://no-stack-protector-all-archs.patch \ |
22 | file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \ | ||
23 | file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \ | ||
24 | file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \ | ||
25 | file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \ | ||
26 | " | 20 | " |
27 | UPSTREAM_VERSION_UNKNOWN = "1" | 21 | UPSTREAM_VERSION_UNKNOWN = "1" |
28 | 22 | ||
29 | OPENSSL_RELEASE = "openssl-1.1.0e" | 23 | SRCREV="20d2e5a125e34fc8501026613a71549b2a1a3e54" |
30 | |||
31 | SRC_URI_append_class-target = " \ | ||
32 | ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/${OPENSSL_RELEASE}.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \ | ||
33 | file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \ | ||
34 | " | ||
35 | |||
36 | SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3" | ||
37 | SRC_URI[openssl.md5sum] = "51c42d152122e474754aea96f66928c6" | ||
38 | SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c" | ||
39 | 24 | ||
40 | inherit deploy | 25 | inherit deploy |
41 | 26 | ||
@@ -44,7 +29,7 @@ PARALLEL_MAKE = "" | |||
44 | S = "${WORKDIR}/git" | 29 | S = "${WORKDIR}/git" |
45 | 30 | ||
46 | DEPENDS_class-native="util-linux-native iasl-native" | 31 | DEPENDS_class-native="util-linux-native iasl-native" |
47 | DEPENDS_class-target="ovmf-native" | 32 | DEPENDS_class-target="ovmf-native bc-native" |
48 | 33 | ||
49 | DEPENDS_append = " nasm-native" | 34 | DEPENDS_append = " nasm-native" |
50 | 35 | ||
@@ -191,12 +176,9 @@ do_compile_class-target() { | |||
191 | ln ${build_dir}/${OVMF_ARCH}/Shell.efi ${WORKDIR}/ovmf/ | 176 | ln ${build_dir}/${OVMF_ARCH}/Shell.efi ${WORKDIR}/ovmf/ |
192 | 177 | ||
193 | if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then | 178 | if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then |
194 | # See CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt and | 179 | # Repeat build with the Secure Boot flags. |
195 | # https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/ for | ||
196 | # building with Secure Boot enabled. | ||
197 | bbnote "Building with Secure Boot." | 180 | bbnote "Building with Secure Boot." |
198 | rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX | 181 | rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX |
199 | ln -sf ${OPENSSL_RELEASE} ${S}/CryptoPkg/Library/OpensslLib/openssl | ||
200 | ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} | 182 | ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} |
201 | ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd | 183 | ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd |
202 | ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd | 184 | ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd |