2018-08-16 19:50:44 +00:00
|
|
|
From 685d43b29b2ac4b19572bda1ebeb989d69d74ebb Mon Sep 17 00:00:00 2001
|
2016-04-18 12:16:51 +00:00
|
|
|
From: Laszlo Ersek <lersek@redhat.com>
|
2017-11-14 15:05:26 +00:00
|
|
|
Date: Tue, 4 Nov 2014 23:02:55 +0100
|
2018-08-31 17:06:06 +00:00
|
|
|
Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default
|
|
|
|
keys
|
2016-04-18 12:16:51 +00:00
|
|
|
|
|
|
|
This application is meant to be invoked by the management layer, after
|
|
|
|
booting the UEFI shell and getting a shell prompt on the serial console.
|
|
|
|
The app enrolls a number of certificates (see below), and then reports
|
|
|
|
status to the serial console as well. The expected output is "info:
|
|
|
|
success":
|
|
|
|
|
|
|
|
> Shell> EnrollDefaultKeys.efi
|
|
|
|
> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
|
|
|
|
> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
|
|
|
|
> info: success
|
|
|
|
> Shell>
|
|
|
|
|
|
|
|
In case of success, the management layer can force off or reboot the VM
|
|
|
|
(for example with the "reset -s" or "reset -c" UEFI shell commands,
|
|
|
|
respectively), and start the guest installation with SecureBoot enabled.
|
|
|
|
|
|
|
|
PK:
|
|
|
|
- A unique, static, ad-hoc certificate whose private half has been
|
|
|
|
destroyed (more precisely, never saved) and is therefore unusable for
|
|
|
|
signing. (The command for creating this certificate is saved in the
|
2017-11-14 15:05:26 +00:00
|
|
|
source code.) Background:
|
|
|
|
|
|
|
|
On 09/30/14 20:00, Peter Jones wrote:
|
|
|
|
> We should generate a special key that's not in our normal signing chains
|
|
|
|
> for PK and KEK. The reason for this is that [in practice] PK gets
|
|
|
|
> treated as part of DB (*).
|
|
|
|
>
|
|
|
|
> [Shipping a key in our normal signing chains] as PK means you can run
|
|
|
|
> grub directly, in which case it won't have access to the shim protocol.
|
|
|
|
> When grub is run without the shim protocol registered, it assumes SB is
|
|
|
|
> disabled and boots without verifying the kernel. We don't want that to
|
|
|
|
> be a thing you can do, but allowing that is the inevitable result of
|
|
|
|
> shipping with any of our normal signing chain in PK or KEK.
|
|
|
|
>
|
|
|
|
> (* USRT has actually agreed that since you can escalate to this behavior
|
|
|
|
> if you have the secret half of a key in KEK or PK anyway, and many
|
|
|
|
> vendors had already shipped it this way, that it is fine and I think
|
|
|
|
> even *expected* at this point, even though it wasn't formally in the
|
|
|
|
> UEFI 2.3.1 Spec that introduced Secure Boot. I'll try and make sure the
|
|
|
|
> language reflects that in an upcoming spec revision.)
|
|
|
|
>
|
|
|
|
> So let me get SRT to issue a special key to use for PK and KEK. We can
|
|
|
|
> use it just for those operations, and make sure it's protected with the
|
|
|
|
> same processes and controls as our other signing keys.
|
|
|
|
|
|
|
|
Until SRT generates such a key for us, this ad-hoc key should be a good
|
|
|
|
placeholder.
|
2016-04-18 12:16:51 +00:00
|
|
|
|
|
|
|
KEK:
|
|
|
|
- same ad-hoc certificate as used for the PK,
|
|
|
|
- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool
|
|
|
|
package is signed (indirectly, through a chain) with this; enrolling
|
|
|
|
such a KEK should allow guests to install those updates.
|
|
|
|
|
|
|
|
DB:
|
|
|
|
- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows
|
|
|
|
Server 2012 R2,
|
|
|
|
- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI
|
|
|
|
oproms.
|
|
|
|
|
2017-11-14 15:05:26 +00:00
|
|
|
*UPDATE*
|
|
|
|
|
|
|
|
OvmfPkg: EnrollDefaultKeys: pick up official Red Hat PK/KEK (RHEL only)
|
|
|
|
|
|
|
|
Replace the placeholder ExampleCert with a certificate generated and
|
|
|
|
managed by the Red Hat Security Response Team.
|
|
|
|
|
|
|
|
> Certificate:
|
|
|
|
> Data:
|
|
|
|
> Version: 3 (0x2)
|
|
|
|
> Serial Number: 18371740789028339953 (0xfef588e8f396c0f1)
|
|
|
|
> Signature Algorithm: sha256WithRSAEncryption
|
|
|
|
> Issuer: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com
|
|
|
|
> Validity
|
|
|
|
> Not Before: Oct 31 11:15:37 2014 GMT
|
|
|
|
> Not After : Oct 25 11:15:37 2037 GMT
|
|
|
|
> Subject: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com
|
|
|
|
> Subject Public Key Info:
|
|
|
|
> Public Key Algorithm: rsaEncryption
|
|
|
|
> Public-Key: (2048 bit)
|
|
|
|
> Modulus:
|
|
|
|
> 00:90:1f:84:7b:8d:bc:eb:97:26:82:6d:88:ab:8a:
|
|
|
|
> c9:8c:68:70:f9:df:4b:07:b2:37:83:0b:02:c8:67:
|
|
|
|
> 68:30:9e:e3:f0:f0:99:4a:b8:59:57:c6:41:f6:38:
|
|
|
|
> 8b:fe:66:4c:49:e9:37:37:92:2e:98:01:1e:5b:14:
|
|
|
|
> 50:e6:a8:8d:25:0d:f5:86:e6:ab:30:cb:40:16:ea:
|
|
|
|
> 8d:8b:16:86:70:43:37:f2:ce:c0:91:df:71:14:8e:
|
|
|
|
> 99:0e:89:b6:4c:6d:24:1e:8c:e4:2f:4f:25:d0:ba:
|
|
|
|
> 06:f8:c6:e8:19:18:76:73:1d:81:6d:a8:d8:05:cf:
|
|
|
|
> 3a:c8:7b:28:c8:36:a3:16:0d:29:8c:99:9a:68:dc:
|
|
|
|
> ab:c0:4d:8d:bf:5a:bb:2b:a9:39:4b:04:97:1c:f9:
|
|
|
|
> 36:bb:c5:3a:86:04:ae:af:d4:82:7b:e0:ab:de:49:
|
|
|
|
> 05:68:fc:f6:ae:68:1a:6c:90:4d:57:19:3c:64:66:
|
|
|
|
> 03:f6:c7:52:9b:f7:94:cf:93:6a:a1:68:c9:aa:cf:
|
|
|
|
> 99:6b:bc:aa:5e:08:e7:39:1c:f7:f8:0f:ba:06:7e:
|
|
|
|
> f1:cb:e8:76:dd:fe:22:da:ad:3a:5e:5b:34:ea:b3:
|
|
|
|
> c9:e0:4d:04:29:7e:b8:60:b9:05:ef:b5:d9:17:58:
|
|
|
|
> 56:16:60:b9:30:32:f0:36:4a:c3:f2:79:8d:12:40:
|
|
|
|
> 70:f3
|
|
|
|
> Exponent: 65537 (0x10001)
|
|
|
|
> X509v3 extensions:
|
|
|
|
> X509v3 Basic Constraints:
|
|
|
|
> CA:FALSE
|
|
|
|
> Netscape Comment:
|
|
|
|
> OpenSSL Generated Certificate
|
|
|
|
> X509v3 Subject Key Identifier:
|
|
|
|
> 3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC
|
|
|
|
> X509v3 Authority Key Identifier:
|
|
|
|
> keyid:3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC
|
|
|
|
>
|
|
|
|
> Signature Algorithm: sha256WithRSAEncryption
|
|
|
|
> 5c:4d:92:88:b4:82:5f:1d:ad:8b:11:ec:df:06:a6:7a:a5:2b:
|
|
|
|
> 9f:37:55:0c:8d:6e:05:00:ad:b7:0c:41:89:69:cf:d6:65:06:
|
|
|
|
> 9b:51:78:d2:ad:c7:bf:9c:dc:05:73:7f:e7:1e:39:13:b4:ea:
|
|
|
|
> b6:30:7d:40:75:ab:9c:43:0b:df:b0:c2:1b:bf:30:e0:f4:fe:
|
|
|
|
> c0:db:62:21:98:f6:c5:af:de:3b:4f:49:0a:e6:1e:f9:86:b0:
|
|
|
|
> 3f:0d:d6:d4:46:37:db:54:74:5e:ff:11:c2:60:c6:70:58:c5:
|
|
|
|
> 1c:6f:ec:b2:d8:6e:6f:c3:bc:33:87:38:a4:f3:44:64:9c:34:
|
|
|
|
> 3b:28:94:26:78:27:9f:16:17:e8:3b:69:0a:25:a9:73:36:7e:
|
|
|
|
> 9e:37:5c:ec:e8:3f:db:91:f9:12:b3:3d:ce:e7:dd:15:c3:ae:
|
|
|
|
> 8c:05:20:61:9b:95:de:9b:af:fa:b1:5c:1c:e5:97:e7:c3:34:
|
|
|
|
> 11:85:f5:8a:27:26:a4:70:36:ec:0c:f6:83:3d:90:f7:36:f3:
|
|
|
|
> f9:f3:15:d4:90:62:be:53:b4:af:d3:49:af:ef:f4:73:e8:7b:
|
|
|
|
> 76:e4:44:2a:37:ba:81:a4:99:0c:3a:31:24:71:a0:e4:e4:b7:
|
|
|
|
> 1a:cb:47:e4:aa:22:cf:ef:75:61:80:e3:43:b7:48:57:73:11:
|
|
|
|
> 3d:78:9b:69
|
|
|
|
> -----BEGIN CERTIFICATE-----
|
|
|
|
> MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
|
|
|
|
> BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
|
|
|
|
> 9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
|
|
|
|
> MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
|
|
|
|
> RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
|
|
|
|
> IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
|
|
|
|
> +d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
|
|
|
|
> huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
|
|
|
|
> bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
|
|
|
|
> 3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
|
|
|
|
> y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
|
|
|
|
> AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
|
|
|
|
> YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
|
|
|
|
> HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
|
|
|
|
> ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
|
|
|
|
> 3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
|
|
|
|
> 1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
|
|
|
|
> qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
|
|
|
|
> NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
|
|
|
|
> R+SqIs/vdWGA40O3SFdzET14m2k=
|
|
|
|
> -----END CERTIFICATE-----
|
|
|
|
|
|
|
|
Notes about the 9ece15a -> c9e5618 rebase:
|
|
|
|
- resolved conflicts in:
|
|
|
|
OvmfPkg/OvmfPkgIa32.dsc
|
|
|
|
OvmfPkg/OvmfPkgIa32X64.dsc
|
|
|
|
OvmfPkg/OvmfPkgX64.dsc
|
|
|
|
due to OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf having
|
|
|
|
disappeared in upstream (commit 57446bb9).
|
|
|
|
|
|
|
|
Notes about the c9e5618 -> b9ffeab rebase:
|
|
|
|
- Guid/VariableFormat.h now lives under MdeModulePkg.
|
|
|
|
|
|
|
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
|
|
|
|
|
|
|
- This patch now squashes the following commits:
|
|
|
|
- 014f459c197b OvmfPkg: EnrollDefaultKeys: application for enrolling
|
|
|
|
default keys (RH only)
|
|
|
|
- 18422a18d0e9 OvmfPkg/EnrollDefaultKeys: assign Status before reading
|
|
|
|
it (RH only)
|
|
|
|
- ddb90568e874 OvmfPkg/EnrollDefaultKeys: silence VS2015x86 warning (RH
|
|
|
|
only)
|
|
|
|
|
|
|
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
|
|
|
|
|
|
|
- This patch now squashes the following commits:
|
|
|
|
- c0b2615a9c0b OvmfPkg: EnrollDefaultKeys: application for enrolling
|
|
|
|
default keys (RH only)
|
|
|
|
- 22f4d33d0168 OvmfPkg/EnrollDefaultKeys: update SignatureOwner GUID for
|
|
|
|
Windows HCK (RH)
|
|
|
|
- ff7f2c1d870d OvmfPkg/EnrollDefaultKeys: expose CertType parameter of
|
|
|
|
EnrollListOfCerts (RH)
|
|
|
|
- aee7b5ba60b4 OvmfPkg/EnrollDefaultKeys: blacklist empty file in dbx
|
|
|
|
for Windows HCK (RH)
|
|
|
|
|
|
|
|
- Consequently, OvmfPkg/EnrollDefaultKeys/ is identical to the same
|
|
|
|
directory at the "RHEL-7.4" tag (49d06d386736).
|
|
|
|
|
2016-04-18 12:16:51 +00:00
|
|
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
2017-11-14 15:05:26 +00:00
|
|
|
(cherry picked from commit c0b2615a9c0b4a4be1bffe45681a32915449279d)
|
2018-05-29 21:06:35 +00:00
|
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
2016-04-18 12:16:51 +00:00
|
|
|
---
|
2018-05-29 21:06:35 +00:00
|
|
|
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 1015 +++++++++++++++++
|
|
|
|
.../EnrollDefaultKeys/EnrollDefaultKeys.inf | 52 +
|
|
|
|
OvmfPkg/OvmfPkgIa32.dsc | 4 +
|
|
|
|
OvmfPkg/OvmfPkgIa32X64.dsc | 4 +
|
|
|
|
OvmfPkg/OvmfPkgX64.dsc | 4 +
|
2017-11-14 15:05:26 +00:00
|
|
|
5 files changed, 1079 insertions(+)
|
2016-04-18 12:16:51 +00:00
|
|
|
create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
|
|
|
|
create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
|
|
|
|
|
|
|
|
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
|
|
|
|
new file mode 100644
|
2018-08-16 19:50:44 +00:00
|
|
|
index 0000000000..dd413df12d
|
2016-04-18 12:16:51 +00:00
|
|
|
--- /dev/null
|
|
|
|
+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
|
2017-11-14 15:05:26 +00:00
|
|
|
@@ -0,0 +1,1015 @@
|
|
|
|
+/** @file
|
|
|
|
+ Enroll default PK, KEK, DB.
|
|
|
|
+
|
|
|
|
+ Copyright (C) 2014, Red Hat, Inc.
|
|
|
|
+
|
|
|
|
+ This program and the accompanying materials are licensed and made available
|
|
|
|
+ under the terms and conditions of the BSD License which accompanies this
|
|
|
|
+ distribution. The full text of the license may be found at
|
|
|
|
+ http://opensource.org/licenses/bsd-license.
|
|
|
|
+
|
|
|
|
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
|
|
|
|
+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|
|
|
+**/
|
|
|
|
+#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
|
|
|
|
+#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
|
|
|
|
+#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
|
|
|
|
+#include <Library/BaseMemoryLib.h> // CopyGuid()
|
|
|
|
+#include <Library/DebugLib.h> // ASSERT()
|
|
|
|
+#include <Library/MemoryAllocationLib.h> // FreePool()
|
|
|
|
+#include <Library/ShellCEntryLib.h> // ShellAppMain()
|
|
|
|
+#include <Library/UefiLib.h> // AsciiPrint()
|
|
|
|
+#include <Library/UefiRuntimeServicesTableLib.h> // gRT
|
|
|
|
+
|
|
|
|
+//
|
|
|
|
+// We'll use the certificate below as both Platform Key and as first Key
|
|
|
|
+// Exchange Key.
|
|
|
|
+//
|
|
|
|
+// "Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com"
|
|
|
|
+// SHA1: fd:fc:7f:3c:7e:f3:e0:57:76:ad:d7:98:78:21:6c:9b:e0:e1:95:97
|
|
|
|
+//
|
|
|
|
+STATIC CONST UINT8 RedHatPkKek1[] = {
|
|
|
|
+ 0x30, 0x82, 0x03, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02,
|
|
|
|
+ 0x02, 0x09, 0x00, 0xfe, 0xf5, 0x88, 0xe8, 0xf3, 0x96, 0xc0, 0xf1, 0x30, 0x0d,
|
|
|
|
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
|
|
|
|
+ 0x30, 0x51, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22,
|
|
|
|
+ 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72,
|
|
|
|
+ 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45,
|
|
|
|
+ 0x4b, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06,
|
|
|
|
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73,
|
|
|
|
+ 0x65, 0x63, 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61,
|
|
|
|
+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30,
|
|
|
|
+ 0x33, 0x31, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x17, 0x0d, 0x33, 0x37,
|
|
|
|
+ 0x31, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x30, 0x51,
|
|
|
|
+ 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x52, 0x65,
|
|
|
|
+ 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20,
|
|
|
|
+ 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, 0x4b, 0x20,
|
|
|
|
+ 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a,
|
|
|
|
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, 0x65, 0x63,
|
|
|
|
+ 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74, 0x2e,
|
|
|
|
+ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
|
|
|
|
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
|
|
|
|
+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x90, 0x1f, 0x84,
|
|
|
|
+ 0x7b, 0x8d, 0xbc, 0xeb, 0x97, 0x26, 0x82, 0x6d, 0x88, 0xab, 0x8a, 0xc9, 0x8c,
|
|
|
|
+ 0x68, 0x70, 0xf9, 0xdf, 0x4b, 0x07, 0xb2, 0x37, 0x83, 0x0b, 0x02, 0xc8, 0x67,
|
|
|
|
+ 0x68, 0x30, 0x9e, 0xe3, 0xf0, 0xf0, 0x99, 0x4a, 0xb8, 0x59, 0x57, 0xc6, 0x41,
|
|
|
|
+ 0xf6, 0x38, 0x8b, 0xfe, 0x66, 0x4c, 0x49, 0xe9, 0x37, 0x37, 0x92, 0x2e, 0x98,
|
|
|
|
+ 0x01, 0x1e, 0x5b, 0x14, 0x50, 0xe6, 0xa8, 0x8d, 0x25, 0x0d, 0xf5, 0x86, 0xe6,
|
|
|
|
+ 0xab, 0x30, 0xcb, 0x40, 0x16, 0xea, 0x8d, 0x8b, 0x16, 0x86, 0x70, 0x43, 0x37,
|
|
|
|
+ 0xf2, 0xce, 0xc0, 0x91, 0xdf, 0x71, 0x14, 0x8e, 0x99, 0x0e, 0x89, 0xb6, 0x4c,
|
|
|
|
+ 0x6d, 0x24, 0x1e, 0x8c, 0xe4, 0x2f, 0x4f, 0x25, 0xd0, 0xba, 0x06, 0xf8, 0xc6,
|
|
|
|
+ 0xe8, 0x19, 0x18, 0x76, 0x73, 0x1d, 0x81, 0x6d, 0xa8, 0xd8, 0x05, 0xcf, 0x3a,
|
|
|
|
+ 0xc8, 0x7b, 0x28, 0xc8, 0x36, 0xa3, 0x16, 0x0d, 0x29, 0x8c, 0x99, 0x9a, 0x68,
|
|
|
|
+ 0xdc, 0xab, 0xc0, 0x4d, 0x8d, 0xbf, 0x5a, 0xbb, 0x2b, 0xa9, 0x39, 0x4b, 0x04,
|
|
|
|
+ 0x97, 0x1c, 0xf9, 0x36, 0xbb, 0xc5, 0x3a, 0x86, 0x04, 0xae, 0xaf, 0xd4, 0x82,
|
|
|
|
+ 0x7b, 0xe0, 0xab, 0xde, 0x49, 0x05, 0x68, 0xfc, 0xf6, 0xae, 0x68, 0x1a, 0x6c,
|
|
|
|
+ 0x90, 0x4d, 0x57, 0x19, 0x3c, 0x64, 0x66, 0x03, 0xf6, 0xc7, 0x52, 0x9b, 0xf7,
|
|
|
|
+ 0x94, 0xcf, 0x93, 0x6a, 0xa1, 0x68, 0xc9, 0xaa, 0xcf, 0x99, 0x6b, 0xbc, 0xaa,
|
|
|
|
+ 0x5e, 0x08, 0xe7, 0x39, 0x1c, 0xf7, 0xf8, 0x0f, 0xba, 0x06, 0x7e, 0xf1, 0xcb,
|
|
|
|
+ 0xe8, 0x76, 0xdd, 0xfe, 0x22, 0xda, 0xad, 0x3a, 0x5e, 0x5b, 0x34, 0xea, 0xb3,
|
|
|
|
+ 0xc9, 0xe0, 0x4d, 0x04, 0x29, 0x7e, 0xb8, 0x60, 0xb9, 0x05, 0xef, 0xb5, 0xd9,
|
|
|
|
+ 0x17, 0x58, 0x56, 0x16, 0x60, 0xb9, 0x30, 0x32, 0xf0, 0x36, 0x4a, 0xc3, 0xf2,
|
|
|
|
+ 0x79, 0x8d, 0x12, 0x40, 0x70, 0xf3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x7b,
|
|
|
|
+ 0x30, 0x79, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00,
|
|
|
|
+ 0x30, 0x2c, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d,
|
|
|
|
+ 0x04, 0x1f, 0x16, 0x1d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47,
|
|
|
|
+ 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74,
|
|
|
|
+ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
|
|
|
|
+ 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3c, 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a,
|
|
|
|
+ 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42, 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30,
|
|
|
|
+ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x3c,
|
|
|
|
+ 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a, 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42,
|
|
|
|
+ 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
|
|
|
|
+ 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
|
|
|
|
+ 0x5c, 0x4d, 0x92, 0x88, 0xb4, 0x82, 0x5f, 0x1d, 0xad, 0x8b, 0x11, 0xec, 0xdf,
|
|
|
|
+ 0x06, 0xa6, 0x7a, 0xa5, 0x2b, 0x9f, 0x37, 0x55, 0x0c, 0x8d, 0x6e, 0x05, 0x00,
|
|
|
|
+ 0xad, 0xb7, 0x0c, 0x41, 0x89, 0x69, 0xcf, 0xd6, 0x65, 0x06, 0x9b, 0x51, 0x78,
|
|
|
|
+ 0xd2, 0xad, 0xc7, 0xbf, 0x9c, 0xdc, 0x05, 0x73, 0x7f, 0xe7, 0x1e, 0x39, 0x13,
|
|
|
|
+ 0xb4, 0xea, 0xb6, 0x30, 0x7d, 0x40, 0x75, 0xab, 0x9c, 0x43, 0x0b, 0xdf, 0xb0,
|
|
|
|
+ 0xc2, 0x1b, 0xbf, 0x30, 0xe0, 0xf4, 0xfe, 0xc0, 0xdb, 0x62, 0x21, 0x98, 0xf6,
|
|
|
|
+ 0xc5, 0xaf, 0xde, 0x3b, 0x4f, 0x49, 0x0a, 0xe6, 0x1e, 0xf9, 0x86, 0xb0, 0x3f,
|
|
|
|
+ 0x0d, 0xd6, 0xd4, 0x46, 0x37, 0xdb, 0x54, 0x74, 0x5e, 0xff, 0x11, 0xc2, 0x60,
|
|
|
|
+ 0xc6, 0x70, 0x58, 0xc5, 0x1c, 0x6f, 0xec, 0xb2, 0xd8, 0x6e, 0x6f, 0xc3, 0xbc,
|
|
|
|
+ 0x33, 0x87, 0x38, 0xa4, 0xf3, 0x44, 0x64, 0x9c, 0x34, 0x3b, 0x28, 0x94, 0x26,
|
|
|
|
+ 0x78, 0x27, 0x9f, 0x16, 0x17, 0xe8, 0x3b, 0x69, 0x0a, 0x25, 0xa9, 0x73, 0x36,
|
|
|
|
+ 0x7e, 0x9e, 0x37, 0x5c, 0xec, 0xe8, 0x3f, 0xdb, 0x91, 0xf9, 0x12, 0xb3, 0x3d,
|
|
|
|
+ 0xce, 0xe7, 0xdd, 0x15, 0xc3, 0xae, 0x8c, 0x05, 0x20, 0x61, 0x9b, 0x95, 0xde,
|
|
|
|
+ 0x9b, 0xaf, 0xfa, 0xb1, 0x5c, 0x1c, 0xe5, 0x97, 0xe7, 0xc3, 0x34, 0x11, 0x85,
|
|
|
|
+ 0xf5, 0x8a, 0x27, 0x26, 0xa4, 0x70, 0x36, 0xec, 0x0c, 0xf6, 0x83, 0x3d, 0x90,
|
|
|
|
+ 0xf7, 0x36, 0xf3, 0xf9, 0xf3, 0x15, 0xd4, 0x90, 0x62, 0xbe, 0x53, 0xb4, 0xaf,
|
|
|
|
+ 0xd3, 0x49, 0xaf, 0xef, 0xf4, 0x73, 0xe8, 0x7b, 0x76, 0xe4, 0x44, 0x2a, 0x37,
|
|
|
|
+ 0xba, 0x81, 0xa4, 0x99, 0x0c, 0x3a, 0x31, 0x24, 0x71, 0xa0, 0xe4, 0xe4, 0xb7,
|
|
|
|
+ 0x1a, 0xcb, 0x47, 0xe4, 0xaa, 0x22, 0xcf, 0xef, 0x75, 0x61, 0x80, 0xe3, 0x43,
|
|
|
|
+ 0xb7, 0x48, 0x57, 0x73, 0x11, 0x3d, 0x78, 0x9b, 0x69
|
|
|
|
+};
|
|
|
|
+
|
|
|
|
+//
|
|
|
|
+// Second KEK: "Microsoft Corporation KEK CA 2011".
|
|
|
|
+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
|
|
|
|
+//
|
|
|
|
+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK.
|
|
|
|
+//
|
|
|
|
+STATIC CONST UINT8 MicrosoftKEK[] = {
|
|
|
|
+ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02,
|
|
|
|
+ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30,
|
|
|
|
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
|
|
|
|
+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
|
|
|
|
+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
|
|
|
|
+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
|
|
|
|
+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
|
|
|
|
+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
|
|
|
|
+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
|
|
|
|
+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
|
|
|
|
+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
|
|
|
|
+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
|
|
|
|
+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
|
|
|
|
+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
|
|
|
|
+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
|
|
|
|
+ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32,
|
|
|
|
+ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30,
|
|
|
|
+ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
|
|
|
|
+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
|
|
|
|
+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
|
|
|
|
+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
|
|
|
|
+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
|
|
|
|
+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
|
|
|
|
+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06,
|
|
|
|
+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
|
|
|
|
+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
|
|
|
|
+ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31,
|
|
|
|
+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
|
|
|
+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
|
|
|
|
+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad,
|
|
|
|
+ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d,
|
|
|
|
+ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb,
|
|
|
|
+ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3,
|
|
|
|
+ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b,
|
|
|
|
+ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac,
|
|
|
|
+ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8,
|
|
|
|
+ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0,
|
|
|
|
+ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2,
|
|
|
|
+ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89,
|
|
|
|
+ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2,
|
|
|
|
+ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03,
|
|
|
|
+ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e,
|
|
|
|
+ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb,
|
|
|
|
+ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f,
|
|
|
|
+ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa,
|
|
|
|
+ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f,
|
|
|
|
+ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6,
|
|
|
|
+ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf,
|
|
|
|
+ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07,
|
|
|
|
+ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30,
|
|
|
|
+ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
|
|
|
|
+ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,
|
|
|
|
+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4,
|
|
|
|
+ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f,
|
|
|
|
+ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02,
|
|
|
|
+ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00,
|
|
|
|
+ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01,
|
|
|
|
+ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
|
|
|
|
+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
|
|
|
|
+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11,
|
|
|
|
+ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30,
|
|
|
|
+ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0,
|
|
|
|
+ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63,
|
|
|
|
+ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
|
|
|
|
+ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70,
|
|
|
|
+ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f,
|
|
|
|
+ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f,
|
|
|
|
+ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63,
|
|
|
|
+ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
|
|
|
|
+ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
|
|
|
|
+ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
|
|
|
|
+ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
|
|
|
|
+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74,
|
|
|
|
+ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61,
|
|
|
|
+ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d,
|
|
|
|
+ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09,
|
|
|
|
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
|
|
|
|
+ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a,
|
|
|
|
+ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66,
|
|
|
|
+ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a,
|
|
|
|
+ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64,
|
|
|
|
+ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58,
|
|
|
|
+ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0,
|
|
|
|
+ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5,
|
|
|
|
+ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec,
|
|
|
|
+ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7,
|
|
|
|
+ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28,
|
|
|
|
+ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79,
|
|
|
|
+ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b,
|
|
|
|
+ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8,
|
|
|
|
+ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19,
|
|
|
|
+ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58,
|
|
|
|
+ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d,
|
|
|
|
+ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d,
|
|
|
|
+ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8,
|
|
|
|
+ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60,
|
|
|
|
+ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac,
|
|
|
|
+ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87,
|
|
|
|
+ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd,
|
|
|
|
+ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81,
|
|
|
|
+ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92,
|
|
|
|
+ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0,
|
|
|
|
+ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf,
|
|
|
|
+ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb,
|
|
|
|
+ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68,
|
|
|
|
+ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad,
|
|
|
|
+ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82,
|
|
|
|
+ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14,
|
|
|
|
+ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f,
|
|
|
|
+ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b,
|
|
|
|
+ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0,
|
|
|
|
+ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d,
|
|
|
|
+ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38,
|
|
|
|
+ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c,
|
|
|
|
+ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14,
|
|
|
|
+ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5,
|
|
|
|
+ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e
|
|
|
|
+};
|
|
|
|
+
|
|
|
|
+//
|
|
|
|
+// First DB entry: "Microsoft Windows Production PCA 2011"
|
|
|
|
+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
|
|
|
|
+//
|
|
|
|
+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain
|
|
|
|
+// rooted in this certificate.
|
|
|
|
+//
|
|
|
|
+STATIC CONST UINT8 MicrosoftPCA[] = {
|
|
|
|
+ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02,
|
|
|
|
+ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30,
|
|
|
|
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
|
|
|
|
+ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
|
|
|
|
+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
|
|
|
|
+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
|
|
|
|
+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
|
|
|
|
+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
|
|
|
|
+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
|
|
|
|
+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30,
|
|
|
|
+ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f,
|
|
|
|
+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72,
|
|
|
|
+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
|
|
|
|
+ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17,
|
|
|
|
+ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32,
|
|
|
|
+ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31,
|
|
|
|
+ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
|
|
|
|
+ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
|
|
|
|
+ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
|
|
|
|
+ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
|
|
|
|
+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
|
|
|
|
+ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
|
|
|
|
+ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31,
|
|
|
|
+ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63,
|
|
|
|
+ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77,
|
|
|
|
+ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20,
|
|
|
|
+ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30,
|
|
|
|
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
|
|
|
|
+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,
|
|
|
|
+ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7,
|
|
|
|
+ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb,
|
|
|
|
+ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b,
|
|
|
|
+ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3,
|
|
|
|
+ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0,
|
|
|
|
+ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74,
|
|
|
|
+ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67,
|
|
|
|
+ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53,
|
|
|
|
+ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23,
|
|
|
|
+ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3,
|
|
|
|
+ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff,
|
|
|
|
+ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2,
|
|
|
|
+ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22,
|
|
|
|
+ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3,
|
|
|
|
+ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b,
|
|
|
|
+ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc,
|
|
|
|
+ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6,
|
|
|
|
+ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8,
|
|
|
|
+ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8,
|
|
|
|
+ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03,
|
|
|
|
+ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10,
|
|
|
|
+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03,
|
|
|
|
+ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
|
|
|
|
+ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9,
|
|
|
|
+ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b,
|
|
|
|
+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00,
|
|
|
|
+ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03,
|
|
|
|
+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03,
|
|
|
|
+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
|
|
|
|
+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
|
|
|
|
+ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94,
|
|
|
|
+ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d,
|
|
|
|
+ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45,
|
|
|
|
+ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69,
|
|
|
|
+ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70,
|
|
|
|
+ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
|
|
|
|
+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41,
|
|
|
|
+ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33,
|
|
|
|
+ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
|
|
|
|
+ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06,
|
|
|
|
+ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a,
|
|
|
|
+ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
|
|
|
|
+ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65,
|
|
|
|
+ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72,
|
|
|
|
+ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32,
|
|
|
|
+ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
|
|
|
|
+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14,
|
|
|
|
+ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc,
|
|
|
|
+ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0,
|
|
|
|
+ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61,
|
|
|
|
+ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda,
|
|
|
|
+ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a,
|
|
|
|
+ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2,
|
|
|
|
+ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea,
|
|
|
|
+ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30,
|
|
|
|
+ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86,
|
|
|
|
+ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8,
|
|
|
|
+ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae,
|
|
|
|
+ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8,
|
|
|
|
+ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac,
|
|
|
|
+ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84,
|
|
|
|
+ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73,
|
|
|
|
+ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73,
|
|
|
|
+ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60,
|
|
|
|
+ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6,
|
|
|
|
+ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a,
|
|
|
|
+ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba,
|
|
|
|
+ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce,
|
|
|
|
+ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f,
|
|
|
|
+ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e,
|
|
|
|
+ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3,
|
|
|
|
+ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45,
|
|
|
|
+ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0,
|
|
|
|
+ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24,
|
|
|
|
+ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c,
|
|
|
|
+ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf,
|
|
|
|
+ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c,
|
|
|
|
+ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2,
|
|
|
|
+ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c,
|
|
|
|
+ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47,
|
|
|
|
+ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a,
|
|
|
|
+ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21,
|
|
|
|
+ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86,
|
|
|
|
+ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6,
|
|
|
|
+ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9,
|
|
|
|
+ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4,
|
|
|
|
+ 0x62, 0x1c, 0x59, 0x7e
|
|
|
|
+};
|
|
|
|
+
|
|
|
|
+//
|
|
|
|
+// Second DB entry: "Microsoft Corporation UEFI CA 2011"
|
|
|
|
+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
|
|
|
|
+//
|
|
|
|
+// To verify the "shim" binary and PCI expansion ROMs with.
|
|
|
|
+//
|
|
|
|
+STATIC CONST UINT8 MicrosoftUefiCA[] = {
|
|
|
|
+ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02,
|
|
|
|
+ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30,
|
|
|
|
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
|
|
|
|
+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
|
|
|
|
+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
|
|
|
|
+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
|
|
|
|
+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
|
|
|
|
+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
|
|
|
|
+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
|
|
|
|
+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
|
|
|
|
+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
|
|
|
|
+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
|
|
|
|
+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
|
|
|
|
+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
|
|
|
|
+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
|
|
|
|
+ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32,
|
|
|
|
+ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30,
|
|
|
|
+ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
|
|
|
|
+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
|
|
|
|
+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
|
|
|
|
+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
|
|
|
|
+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
|
|
|
|
+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
|
|
|
|
+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06,
|
|
|
|
+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
|
|
|
|
+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
|
|
|
|
+ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31,
|
|
|
|
+ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
|
|
|
|
+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
|
|
|
|
+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7,
|
|
|
|
+ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43,
|
|
|
|
+ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73,
|
|
|
|
+ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3,
|
|
|
|
+ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54,
|
|
|
|
+ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c,
|
|
|
|
+ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f,
|
|
|
|
+ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae,
|
|
|
|
+ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d,
|
|
|
|
+ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa,
|
|
|
|
+ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff,
|
|
|
|
+ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b,
|
|
|
|
+ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6,
|
|
|
|
+ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62,
|
|
|
|
+ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08,
|
|
|
|
+ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7,
|
|
|
|
+ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2,
|
|
|
|
+ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f,
|
|
|
|
+ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b,
|
|
|
|
+ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a,
|
|
|
|
+ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76,
|
|
|
|
+ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01,
|
|
|
|
+ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23,
|
|
|
|
+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16,
|
|
|
|
+ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37,
|
|
|
|
+ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03,
|
|
|
|
+ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd,
|
|
|
|
+ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b,
|
|
|
|
+ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14,
|
|
|
|
+ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43,
|
|
|
|
+ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
|
|
|
|
+ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
|
|
|
|
+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
|
|
|
|
+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58,
|
|
|
|
+ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8,
|
|
|
|
+ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51,
|
|
|
|
+ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
|
|
|
|
+ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
|
|
|
|
+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f,
|
|
|
|
+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43,
|
|
|
|
+ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f,
|
|
|
|
+ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e,
|
|
|
|
+ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
|
|
|
|
+ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01,
|
|
|
|
+ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
|
|
|
|
+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
|
|
|
|
+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72,
|
|
|
|
+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50,
|
|
|
|
+ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30,
|
|
|
|
+ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06,
|
|
|
|
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
|
|
|
|
+ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76,
|
|
|
|
+ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef,
|
|
|
|
+ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13,
|
|
|
|
+ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82,
|
|
|
|
+ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a,
|
|
|
|
+ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20,
|
|
|
|
+ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90,
|
|
|
|
+ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52,
|
|
|
|
+ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d,
|
|
|
|
+ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf,
|
|
|
|
+ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49,
|
|
|
|
+ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34,
|
|
|
|
+ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75,
|
|
|
|
+ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9,
|
|
|
|
+ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f,
|
|
|
|
+ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c,
|
|
|
|
+ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56,
|
|
|
|
+ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae,
|
|
|
|
+ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a,
|
|
|
|
+ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c,
|
|
|
|
+ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59,
|
|
|
|
+ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d,
|
|
|
|
+ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53,
|
|
|
|
+ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b,
|
|
|
|
+ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98,
|
|
|
|
+ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85,
|
|
|
|
+ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2,
|
|
|
|
+ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2,
|
|
|
|
+ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c,
|
|
|
|
+ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b,
|
|
|
|
+ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27,
|
|
|
|
+ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6,
|
|
|
|
+ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f,
|
|
|
|
+ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55,
|
|
|
|
+ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e,
|
|
|
|
+ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62,
|
|
|
|
+ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8,
|
|
|
|
+ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6,
|
|
|
|
+ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75,
|
|
|
|
+ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58
|
|
|
|
+};
|
|
|
|
+
|
|
|
|
+//
|
|
|
|
+// The Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmDBXisPresent test case
|
|
|
|
+// of the Secure Boot Logo Test in the Microsoft Hardware Certification Kit
|
|
|
|
+// expects that the "dbx" variable exist.
|
|
|
|
+//
|
|
|
|
+// The article at <https://technet.microsoft.com/en-us/library/dn747883.aspx>
|
|
|
|
+// writes (excerpt):
|
|
|
|
+//
|
|
|
|
+// Windows 8.1 Secure Boot Key Creation and Management Guidance
|
|
|
|
+// 1. Secure Boot, Windows 8.1 and Key Management
|
|
|
|
+// 1.4 Signature Databases (Db and Dbx)
|
|
|
|
+// 1.4.3 Forbidden Signature Database (dbx)
|
|
|
|
+//
|
|
|
|
+// The contents of EFI_IMAGE_SIGNATURE_DATABASE1 dbx must be checked when
|
|
|
|
+// verifying images before checking db and any matches must prevent the
|
|
|
|
+// image from executing. The database may contain multiple certificates,
|
|
|
|
+// keys, and hashes in order to identify forbidden images. The Windows
|
|
|
|
+// Hardware Certification Requirements state that a dbx must be present, so
|
|
|
|
+// any dummy value, such as the SHA-256 hash of 0, may be used as a safe
|
|
|
|
+// placeholder until such time as Microsoft begins delivering dbx updates.
|
|
|
|
+//
|
|
|
|
+// The byte array below captures the SHA256 checksum of the empty file,
|
|
|
|
+// blacklisting it for loading & execution. This qualifies as a dummy, since
|
|
|
|
+// the empty file is not a valid UEFI binary anyway.
|
|
|
|
+//
|
|
|
|
+// Technically speaking, we could also capture an official (although soon to be
|
|
|
|
+// obsolete) dbx update from <http://www.uefi.org/revocationlistfile>. However,
|
|
|
|
+// the terms and conditions on distributing that binary aren't exactly light
|
|
|
|
+// reading, so let's best steer clear of it, and follow the "dummy entry"
|
|
|
|
+// practice recommended -- in natural English langauge -- in the
|
|
|
|
+// above-referenced TechNet article.
|
|
|
|
+//
|
|
|
|
+STATIC CONST UINT8 mSha256OfDevNull[] = {
|
|
|
|
+ 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99,
|
|
|
|
+ 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95,
|
|
|
|
+ 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
|
|
|
|
+};
|
|
|
|
+
|
|
|
|
+//
|
|
|
|
+// The following test cases of the Secure Boot Logo Test in the Microsoft
|
|
|
|
+// Hardware Certification Kit:
|
|
|
|
+//
|
|
|
|
+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent
|
|
|
|
+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB
|
|
|
|
+//
|
|
|
|
+// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be
|
|
|
|
+// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the
|
|
|
|
+// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509
|
|
|
|
+// certificates:
|
|
|
|
+//
|
|
|
|
+// - "Microsoft Corporation KEK CA 2011" (in KEK)
|
|
|
|
+// - "Microsoft Windows Production PCA 2011" (in db)
|
|
|
|
+// - "Microsoft Corporation UEFI CA 2011" (in db)
|
|
|
|
+//
|
|
|
|
+// This is despite the fact that the UEFI specification requires
|
|
|
|
+// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS,
|
|
|
|
+// application or driver) that enrolled and therefore owns
|
|
|
|
+// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued
|
|
|
|
+// EFI_SIGNATURE_DATA.SignatureData.
|
|
|
|
+//
|
|
|
|
+STATIC CONST EFI_GUID mMicrosoftOwnerGuid = {
|
|
|
|
+ 0x77fa9abd, 0x0359, 0x4d32,
|
|
|
|
+ { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },
|
|
|
|
+};
|
|
|
|
+
|
|
|
|
+//
|
|
|
|
+// The most important thing about the variable payload is that it is a list of
|
|
|
|
+// lists, where the element size of any given *inner* list is constant.
|
|
|
|
+//
|
|
|
|
+// Since X509 certificates vary in size, each of our *inner* lists will contain
|
|
|
|
+// one element only (one X.509 certificate). This is explicitly mentioned in
|
|
|
|
+// the UEFI specification, in "28.4.1 Signature Database", in a Note.
|
|
|
|
+//
|
|
|
|
+// The list structure looks as follows:
|
|
|
|
+//
|
|
|
|
+// struct EFI_VARIABLE_AUTHENTICATION_2 { |
|
|
|
|
+// struct EFI_TIME { |
|
|
|
|
+// UINT16 Year; |
|
|
|
|
+// UINT8 Month; |
|
|
|
|
+// UINT8 Day; |
|
|
|
|
+// UINT8 Hour; |
|
|
|
|
+// UINT8 Minute; |
|
|
|
|
+// UINT8 Second; |
|
|
|
|
+// UINT8 Pad1; |
|
|
|
|
+// UINT32 Nanosecond; |
|
|
|
|
+// INT16 TimeZone; |
|
|
|
|
+// UINT8 Daylight; |
|
|
|
|
+// UINT8 Pad2; |
|
|
|
|
+// } TimeStamp; |
|
|
|
|
+// |
|
|
|
|
+// struct WIN_CERTIFICATE_UEFI_GUID { | |
|
|
|
|
+// struct WIN_CERTIFICATE { | |
|
|
|
|
+// UINT32 dwLength; ----------------------------------------+ |
|
|
|
|
+// UINT16 wRevision; | |
|
|
|
|
+// UINT16 wCertificateType; | |
|
|
|
|
+// } Hdr; | +- DataSize
|
|
|
|
+// | |
|
|
|
|
+// EFI_GUID CertType; | |
|
|
|
|
+// UINT8 CertData[1] = { <--- "struct hack" | |
|
|
|
|
+// struct EFI_SIGNATURE_LIST { | | |
|
|
|
|
+// EFI_GUID SignatureType; | | |
|
|
|
|
+// UINT32 SignatureListSize; -------------------------+ | |
|
|
|
|
+// UINT32 SignatureHeaderSize; | | |
|
|
|
|
+// UINT32 SignatureSize; ---------------------------+ | | |
|
|
|
|
+// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
|
|
|
|
+// v | | |
|
|
|
|
+// struct EFI_SIGNATURE_DATA { | | | |
|
|
|
|
+// EFI_GUID SignatureOwner; | | | |
|
|
|
|
+// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
|
|
|
|
+// X.509 payload | | | |
|
|
|
|
+// } | | | |
|
|
|
|
+// } Signatures[]; | | |
|
|
|
|
+// } SigLists[]; | |
|
|
|
|
+// }; | |
|
|
|
|
+// } AuthInfo; | |
|
|
|
|
+// }; |
|
|
|
|
+//
|
|
|
|
+// Given that the "struct hack" invokes undefined behavior (which is why C99
|
|
|
|
+// introduced the flexible array member), and because subtracting those pesky
|
|
|
|
+// sizes of 1 is annoying, and because the format is fully specified in the
|
|
|
|
+// UEFI specification, we'll introduce two matching convenience structures that
|
|
|
|
+// are customized for our X.509 purposes.
|
|
|
|
+//
|
|
|
|
+#pragma pack(1)
|
|
|
|
+typedef struct {
|
|
|
|
+ EFI_TIME TimeStamp;
|
|
|
|
+
|
|
|
|
+ //
|
|
|
|
+ // dwLength covers data below
|
|
|
|
+ //
|
|
|
|
+ UINT32 dwLength;
|
|
|
|
+ UINT16 wRevision;
|
|
|
|
+ UINT16 wCertificateType;
|
|
|
|
+ EFI_GUID CertType;
|
|
|
|
+} SINGLE_HEADER;
|
|
|
|
+
|
|
|
|
+typedef struct {
|
|
|
|
+ //
|
|
|
|
+ // SignatureListSize covers data below
|
|
|
|
+ //
|
|
|
|
+ EFI_GUID SignatureType;
|
|
|
|
+ UINT32 SignatureListSize;
|
|
|
|
+ UINT32 SignatureHeaderSize; // constant 0
|
|
|
|
+ UINT32 SignatureSize;
|
|
|
|
+
|
|
|
|
+ //
|
|
|
|
+ // SignatureSize covers data below
|
|
|
|
+ //
|
|
|
|
+ EFI_GUID SignatureOwner;
|
|
|
|
+
|
|
|
|
+ //
|
|
|
|
+ // X.509 certificate follows
|
|
|
|
+ //
|
|
|
|
+} REPEATING_HEADER;
|
|
|
|
+#pragma pack()
|
|
|
|
+
|
|
|
|
+/**
|
|
|
|
+ Enroll a set of certificates in a global variable, overwriting it.
|
|
|
|
+
|
|
|
|
+ The variable will be rewritten with NV+BS+RT+AT attributes.
|
|
|
|
+
|
|
|
|
+ @param[in] VariableName The name of the variable to overwrite.
|
|
|
|
+
|
|
|
|
+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to
|
|
|
|
+ overwrite.
|
|
|
|
+
|
|
|
|
+ @param[in] CertType The GUID determining the type of all the
|
|
|
|
+ certificates in the set that is passed in. For
|
|
|
|
+ example, gEfiCertX509Guid stands for DER-encoded
|
|
|
|
+ X.509 certificates, while gEfiCertSha256Guid stands
|
|
|
|
+ for SHA256 image hashes.
|
|
|
|
+
|
|
|
|
+ @param[in] ... A list of
|
|
|
|
+
|
|
|
|
+ IN CONST UINT8 *Cert,
|
|
|
|
+ IN UINTN CertSize,
|
|
|
|
+ IN CONST EFI_GUID *OwnerGuid
|
|
|
|
+
|
|
|
|
+ triplets. If the first component of a triplet is
|
|
|
|
+ NULL, then the other two components are not
|
|
|
|
+ accessed, and processing is terminated. The list of
|
|
|
|
+ certificates is enrolled in the variable specified,
|
|
|
|
+ overwriting it. The OwnerGuid component identifies
|
|
|
|
+ the agent installing the certificate.
|
|
|
|
+
|
|
|
|
+ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert
|
|
|
|
+ value is NULL), or one of the CertSize values
|
|
|
|
+ is 0, or one of the CertSize values would
|
|
|
|
+ overflow the accumulated UINT32 data size.
|
|
|
|
+
|
|
|
|
+ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable
|
|
|
|
+ payload.
|
|
|
|
+
|
|
|
|
+ @retval EFI_SUCCESS Enrollment successful; the variable has been
|
|
|
|
+ overwritten (or created).
|
|
|
|
+
|
|
|
|
+ @return Error codes from gRT->GetTime() and
|
|
|
|
+ gRT->SetVariable().
|
|
|
|
+**/
|
|
|
|
+STATIC
|
|
|
|
+EFI_STATUS
|
|
|
|
+EFIAPI
|
|
|
|
+EnrollListOfCerts (
|
|
|
|
+ IN CHAR16 *VariableName,
|
|
|
|
+ IN EFI_GUID *VendorGuid,
|
|
|
|
+ IN EFI_GUID *CertType,
|
|
|
|
+ ...
|
|
|
|
+ )
|
|
|
|
+{
|
|
|
|
+ UINTN DataSize;
|
|
|
|
+ SINGLE_HEADER *SingleHeader;
|
|
|
|
+ REPEATING_HEADER *RepeatingHeader;
|
|
|
|
+ VA_LIST Marker;
|
|
|
|
+ CONST UINT8 *Cert;
|
|
|
|
+ EFI_STATUS Status;
|
|
|
|
+ UINT8 *Data;
|
|
|
|
+ UINT8 *Position;
|
|
|
|
+
|
|
|
|
+ Status = EFI_SUCCESS;
|
|
|
|
+
|
|
|
|
+ //
|
|
|
|
+ // compute total size first, for UINT32 range check, and allocation
|
|
|
|
+ //
|
|
|
|
+ DataSize = sizeof *SingleHeader;
|
|
|
|
+ VA_START (Marker, CertType);
|
|
|
|
+ for (Cert = VA_ARG (Marker, CONST UINT8 *);
|
|
|
|
+ Cert != NULL;
|
|
|
|
+ Cert = VA_ARG (Marker, CONST UINT8 *)) {
|
|
|
|
+ UINTN CertSize;
|
|
|
|
+
|
|
|
|
+ CertSize = VA_ARG (Marker, UINTN);
|
|
|
|
+ (VOID)VA_ARG (Marker, CONST EFI_GUID *);
|
|
|
|
+
|
|
|
|
+ if (CertSize == 0 ||
|
|
|
|
+ CertSize > MAX_UINT32 - sizeof *RepeatingHeader ||
|
|
|
|
+ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) {
|
|
|
|
+ Status = EFI_INVALID_PARAMETER;
|
|
|
|
+ break;
|
|
|
|
+ }
|
|
|
|
+ DataSize += sizeof *RepeatingHeader + CertSize;
|
|
|
|
+ }
|
|
|
|
+ VA_END (Marker);
|
|
|
|
+
|
|
|
|
+ if (DataSize == sizeof *SingleHeader) {
|
|
|
|
+ Status = EFI_INVALID_PARAMETER;
|
|
|
|
+ }
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ goto Out;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Data = AllocatePool (DataSize);
|
|
|
|
+ if (Data == NULL) {
|
|
|
|
+ Status = EFI_OUT_OF_RESOURCES;
|
|
|
|
+ goto Out;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Position = Data;
|
|
|
|
+
|
|
|
|
+ SingleHeader = (SINGLE_HEADER *)Position;
|
|
|
|
+ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ goto FreeData;
|
|
|
|
+ }
|
|
|
|
+ SingleHeader->TimeStamp.Pad1 = 0;
|
|
|
|
+ SingleHeader->TimeStamp.Nanosecond = 0;
|
|
|
|
+ SingleHeader->TimeStamp.TimeZone = 0;
|
|
|
|
+ SingleHeader->TimeStamp.Daylight = 0;
|
|
|
|
+ SingleHeader->TimeStamp.Pad2 = 0;
|
|
|
|
+#if 0
|
|
|
|
+ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp;
|
|
|
|
+#else
|
|
|
|
+ //
|
|
|
|
+ // This looks like a bug in edk2. According to the UEFI specification,
|
|
|
|
+ // dwLength is "The length of the entire certificate, including the length of
|
|
|
|
+ // the header, in bytes". That shouldn't stop right after CertType -- it
|
|
|
|
+ // should include everything below it.
|
|
|
|
+ //
|
|
|
|
+ SingleHeader->dwLength = sizeof *SingleHeader
|
|
|
|
+ - sizeof SingleHeader->TimeStamp;
|
|
|
|
+#endif
|
|
|
|
+ SingleHeader->wRevision = 0x0200;
|
|
|
|
+ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID;
|
|
|
|
+ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid);
|
|
|
|
+ Position += sizeof *SingleHeader;
|
|
|
|
+
|
|
|
|
+ VA_START (Marker, CertType);
|
|
|
|
+ for (Cert = VA_ARG (Marker, CONST UINT8 *);
|
|
|
|
+ Cert != NULL;
|
|
|
|
+ Cert = VA_ARG (Marker, CONST UINT8 *)) {
|
|
|
|
+ UINTN CertSize;
|
|
|
|
+ CONST EFI_GUID *OwnerGuid;
|
|
|
|
+
|
|
|
|
+ CertSize = VA_ARG (Marker, UINTN);
|
|
|
|
+ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *);
|
|
|
|
+
|
|
|
|
+ RepeatingHeader = (REPEATING_HEADER *)Position;
|
|
|
|
+ CopyGuid (&RepeatingHeader->SignatureType, CertType);
|
|
|
|
+ RepeatingHeader->SignatureListSize =
|
|
|
|
+ (UINT32)(sizeof *RepeatingHeader + CertSize);
|
|
|
|
+ RepeatingHeader->SignatureHeaderSize = 0;
|
|
|
|
+ RepeatingHeader->SignatureSize =
|
|
|
|
+ (UINT32)(sizeof RepeatingHeader->SignatureOwner + CertSize);
|
|
|
|
+ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid);
|
|
|
|
+ Position += sizeof *RepeatingHeader;
|
|
|
|
+
|
|
|
|
+ CopyMem (Position, Cert, CertSize);
|
|
|
|
+ Position += CertSize;
|
|
|
|
+ }
|
|
|
|
+ VA_END (Marker);
|
|
|
|
+
|
|
|
|
+ ASSERT (Data + DataSize == Position);
|
|
|
|
+
|
|
|
|
+ Status = gRT->SetVariable (VariableName, VendorGuid,
|
|
|
|
+ (EFI_VARIABLE_NON_VOLATILE |
|
|
|
|
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
|
|
|
|
+ EFI_VARIABLE_RUNTIME_ACCESS |
|
|
|
|
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
|
|
|
|
+ DataSize, Data);
|
|
|
|
+
|
|
|
|
+FreeData:
|
|
|
|
+ FreePool (Data);
|
|
|
|
+
|
|
|
|
+Out:
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName,
|
|
|
|
+ VendorGuid, Status);
|
|
|
|
+ }
|
|
|
|
+ return Status;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+STATIC
|
|
|
|
+EFI_STATUS
|
|
|
|
+EFIAPI
|
|
|
|
+GetExact (
|
|
|
|
+ IN CHAR16 *VariableName,
|
|
|
|
+ IN EFI_GUID *VendorGuid,
|
|
|
|
+ OUT VOID *Data,
|
|
|
|
+ IN UINTN DataSize,
|
|
|
|
+ IN BOOLEAN AllowMissing
|
|
|
|
+ )
|
|
|
|
+{
|
|
|
|
+ UINTN Size;
|
|
|
|
+ EFI_STATUS Status;
|
|
|
|
+
|
|
|
|
+ Size = DataSize;
|
|
|
|
+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ if (Status == EFI_NOT_FOUND && AllowMissing) {
|
|
|
|
+ ZeroMem (Data, DataSize);
|
|
|
|
+ return EFI_SUCCESS;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName,
|
|
|
|
+ VendorGuid, Status);
|
|
|
|
+ return Status;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (Size != DataSize) {
|
|
|
|
+ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, "
|
|
|
|
+ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size);
|
|
|
|
+ return EFI_PROTOCOL_ERROR;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ return EFI_SUCCESS;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+typedef struct {
|
|
|
|
+ UINT8 SetupMode;
|
|
|
|
+ UINT8 SecureBoot;
|
|
|
|
+ UINT8 SecureBootEnable;
|
|
|
|
+ UINT8 CustomMode;
|
|
|
|
+ UINT8 VendorKeys;
|
|
|
|
+} SETTINGS;
|
|
|
|
+
|
|
|
|
+STATIC
|
|
|
|
+EFI_STATUS
|
|
|
|
+EFIAPI
|
|
|
|
+GetSettings (
|
|
|
|
+ OUT SETTINGS *Settings
|
|
|
|
+ )
|
|
|
|
+{
|
|
|
|
+ EFI_STATUS Status;
|
|
|
|
+
|
|
|
|
+ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid,
|
|
|
|
+ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ return Status;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
|
|
|
|
+ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ return Status;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME,
|
|
|
|
+ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable,
|
|
|
|
+ sizeof Settings->SecureBootEnable, TRUE);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ return Status;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
|
|
|
|
+ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ return Status;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid,
|
|
|
|
+ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE);
|
|
|
|
+ return Status;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+STATIC
|
|
|
|
+VOID
|
|
|
|
+EFIAPI
|
|
|
|
+PrintSettings (
|
|
|
|
+ IN CONST SETTINGS *Settings
|
|
|
|
+ )
|
|
|
|
+{
|
|
|
|
+ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d "
|
|
|
|
+ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot,
|
|
|
|
+ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+INTN
|
|
|
|
+EFIAPI
|
|
|
|
+ShellAppMain (
|
|
|
|
+ IN UINTN Argc,
|
|
|
|
+ IN CHAR16 **Argv
|
|
|
|
+ )
|
|
|
|
+{
|
|
|
|
+ EFI_STATUS Status;
|
|
|
|
+ SETTINGS Settings;
|
|
|
|
+
|
|
|
|
+ Status = GetSettings (&Settings);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
+ PrintSettings (&Settings);
|
|
|
|
+
|
|
|
|
+ if (Settings.SetupMode != 1) {
|
|
|
|
+ AsciiPrint ("error: already in User Mode\n");
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) {
|
|
|
|
+ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE;
|
|
|
|
+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
|
|
|
|
+ (EFI_VARIABLE_NON_VOLATILE |
|
|
|
|
+ EFI_VARIABLE_BOOTSERVICE_ACCESS),
|
|
|
|
+ sizeof Settings.CustomMode, &Settings.CustomMode);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
|
|
|
|
+ &gEfiCustomModeEnableGuid, Status);
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Status = EnrollListOfCerts (
|
|
|
|
+ EFI_IMAGE_SECURITY_DATABASE,
|
|
|
|
+ &gEfiImageSecurityDatabaseGuid,
|
|
|
|
+ &gEfiCertX509Guid,
|
|
|
|
+ MicrosoftPCA, sizeof MicrosoftPCA, &mMicrosoftOwnerGuid,
|
|
|
|
+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &mMicrosoftOwnerGuid,
|
|
|
|
+ NULL);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Status = EnrollListOfCerts (
|
|
|
|
+ EFI_IMAGE_SECURITY_DATABASE1,
|
|
|
|
+ &gEfiImageSecurityDatabaseGuid,
|
|
|
|
+ &gEfiCertSha256Guid,
|
|
|
|
+ mSha256OfDevNull, sizeof mSha256OfDevNull, &gEfiCallerIdGuid,
|
|
|
|
+ NULL);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Status = EnrollListOfCerts (
|
|
|
|
+ EFI_KEY_EXCHANGE_KEY_NAME,
|
|
|
|
+ &gEfiGlobalVariableGuid,
|
|
|
|
+ &gEfiCertX509Guid,
|
|
|
|
+ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiCallerIdGuid,
|
|
|
|
+ MicrosoftKEK, sizeof MicrosoftKEK, &mMicrosoftOwnerGuid,
|
|
|
|
+ NULL);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Status = EnrollListOfCerts (
|
|
|
|
+ EFI_PLATFORM_KEY_NAME,
|
|
|
|
+ &gEfiGlobalVariableGuid,
|
|
|
|
+ &gEfiCertX509Guid,
|
|
|
|
+ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiGlobalVariableGuid,
|
|
|
|
+ NULL);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE;
|
|
|
|
+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
|
|
|
|
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
|
|
|
|
+ sizeof Settings.CustomMode, &Settings.CustomMode);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
|
|
|
|
+ &gEfiCustomModeEnableGuid, Status);
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ Status = GetSettings (&Settings);
|
|
|
|
+ if (EFI_ERROR (Status)) {
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
+ PrintSettings (&Settings);
|
|
|
|
+
|
|
|
|
+ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 ||
|
|
|
|
+ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 ||
|
|
|
|
+ Settings.VendorKeys != 0) {
|
|
|
|
+ AsciiPrint ("error: unexpected\n");
|
|
|
|
+ return 1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ AsciiPrint ("info: success\n");
|
|
|
|
+ return 0;
|
|
|
|
+}
|
2016-04-18 12:16:51 +00:00
|
|
|
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
|
|
|
|
new file mode 100644
|
2018-08-16 19:50:44 +00:00
|
|
|
index 0000000000..0ad86a2843
|
2016-04-18 12:16:51 +00:00
|
|
|
--- /dev/null
|
|
|
|
+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
@@ -0,0 +1,52 @@
|
|
|
|
+## @file
|
|
|
|
+# Enroll default PK, KEK, DB.
|
|
|
|
+#
|
|
|
|
+# Copyright (C) 2014, Red Hat, Inc.
|
|
|
|
+#
|
|
|
|
+# This program and the accompanying materials are licensed and made available
|
|
|
|
+# under the terms and conditions of the BSD License which accompanies this
|
|
|
|
+# distribution. The full text of the license may be found at
|
|
|
|
+# http://opensource.org/licenses/bsd-license.
|
|
|
|
+#
|
|
|
|
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|
|
|
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
|
|
|
|
+# IMPLIED.
|
|
|
|
+##
|
|
|
|
+
|
|
|
|
+[Defines]
|
|
|
|
+ INF_VERSION = 0x00010006
|
|
|
|
+ BASE_NAME = EnrollDefaultKeys
|
|
|
|
+ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A
|
|
|
|
+ MODULE_TYPE = UEFI_APPLICATION
|
|
|
|
+ VERSION_STRING = 0.1
|
|
|
|
+ ENTRY_POINT = ShellCEntryLib
|
|
|
|
+
|
|
|
|
+#
|
|
|
|
+# VALID_ARCHITECTURES = IA32 X64
|
|
|
|
+#
|
|
|
|
+
|
|
|
|
+[Sources]
|
|
|
|
+ EnrollDefaultKeys.c
|
|
|
|
+
|
|
|
|
+[Packages]
|
|
|
|
+ MdePkg/MdePkg.dec
|
|
|
|
+ MdeModulePkg/MdeModulePkg.dec
|
|
|
|
+ SecurityPkg/SecurityPkg.dec
|
|
|
|
+ ShellPkg/ShellPkg.dec
|
|
|
|
+
|
|
|
|
+[Guids]
|
|
|
|
+ gEfiCertPkcs7Guid
|
|
|
|
+ gEfiCertSha256Guid
|
|
|
|
+ gEfiCertX509Guid
|
|
|
|
+ gEfiCustomModeEnableGuid
|
|
|
|
+ gEfiGlobalVariableGuid
|
|
|
|
+ gEfiImageSecurityDatabaseGuid
|
|
|
|
+ gEfiSecureBootEnableDisableGuid
|
|
|
|
+
|
|
|
|
+[LibraryClasses]
|
|
|
|
+ BaseMemoryLib
|
|
|
|
+ DebugLib
|
|
|
|
+ MemoryAllocationLib
|
|
|
|
+ ShellCEntryLib
|
|
|
|
+ UefiLib
|
|
|
|
+ UefiRuntimeServicesTableLib
|
2016-04-18 12:16:51 +00:00
|
|
|
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
2018-08-16 19:50:44 +00:00
|
|
|
index 8dc3ad2be4..518f6db2c6 100644
|
2016-04-18 12:16:51 +00:00
|
|
|
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
|
|
|
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
2018-08-16 19:50:44 +00:00
|
|
|
@@ -876,6 +876,10 @@
|
2016-04-18 12:16:51 +00:00
|
|
|
|
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
|
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
|
|
|
|
+ <LibraryClasses>
|
|
|
|
+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
|
|
|
|
+ }
|
2016-04-18 12:16:51 +00:00
|
|
|
!endif
|
|
|
|
|
|
|
|
OvmfPkg/PlatformDxe/Platform.inf
|
|
|
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
2018-08-16 19:50:44 +00:00
|
|
|
index d81cd865d5..ed2f876e7e 100644
|
2016-04-18 12:16:51 +00:00
|
|
|
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
|
|
|
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
2018-08-16 19:50:44 +00:00
|
|
|
@@ -885,6 +885,10 @@
|
2016-04-18 12:16:51 +00:00
|
|
|
|
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
|
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
|
|
|
|
+ <LibraryClasses>
|
|
|
|
+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
|
|
|
|
+ }
|
2016-04-18 12:16:51 +00:00
|
|
|
!endif
|
|
|
|
|
|
|
|
OvmfPkg/PlatformDxe/Platform.inf
|
|
|
|
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
2018-08-16 19:50:44 +00:00
|
|
|
index 85bd8d4bf6..a12905f882 100644
|
2016-04-18 12:16:51 +00:00
|
|
|
--- a/OvmfPkg/OvmfPkgX64.dsc
|
|
|
|
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
2018-08-16 19:50:44 +00:00
|
|
|
@@ -883,6 +883,10 @@
|
2016-04-18 12:16:51 +00:00
|
|
|
|
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
|
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
2017-11-14 15:05:26 +00:00
|
|
|
+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
|
|
|
|
+ <LibraryClasses>
|
|
|
|
+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
|
|
|
|
+ }
|
2016-04-18 12:16:51 +00:00
|
|
|
!endif
|
|
|
|
|
|
|
|
OvmfPkg/PlatformDxe/Platform.inf
|