diff --git a/.gitignore b/.gitignore
index 1a61eb8..bbfdb74 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
/openssl-*-hobbled.tar.xz
/edk2-*.tar.xz
/qemu-ovmf-secureboot-*.tar.gz
-/edk2-edk2-stable201903.tar.gz
+/edk2-*.tar.gz
+/softfloat-20180726-gitb64af41.tar.xz
diff --git a/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
index f9b0326..50e08da 100644
--- a/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
+++ b/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
@@ -1,4 +1,4 @@
-From 69da45eedaef8b6a02a0c77933330bcb0ec137e8 Mon Sep 17 00:00:00 2001
+From c9b16fbf5a762cd95bdd8b40c72b3e471c5cf84b Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe
@@ -16,10 +16,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 5b885590b2..3f77f78a68 100644
+index e74a9d5a51..ef8bd35153 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -739,7 +739,10 @@
+@@ -735,7 +735,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@@ -32,10 +32,10 @@ index 5b885590b2..3f77f78a68 100644
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index bbf0853ee6..3fb003e670 100644
+index 67ac015991..dfd47378e7 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -748,7 +748,10 @@
+@@ -744,7 +744,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@@ -48,10 +48,10 @@ index bbf0853ee6..3fb003e670 100644
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index d81460f520..26bbfecddf 100644
+index 68073ef55b..fdccae3976 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -746,7 +746,10 @@
+@@ -742,7 +742,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
diff --git a/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch b/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
index 6401920..9c67f7a 100644
--- a/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
+++ b/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
@@ -1,4 +1,4 @@
-From 98991ce22e7347461a3f5a912a1f885776ace4cf Mon Sep 17 00:00:00 2001
+From 4a3f9b9691c88b316f45a163470c255a393d2dc9 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in the DXE core
@@ -17,10 +17,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 files changed, 6 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 3f77f78a68..89d380b72a 100644
+index ef8bd35153..5cd51062a7 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -645,6 +645,8 @@
+@@ -641,6 +641,8 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
@@ -30,10 +30,10 @@ index 3f77f78a68..89d380b72a 100644
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 3fb003e670..e87d840a0c 100644
+index dfd47378e7..05fe5661dc 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -654,6 +654,8 @@
+@@ -650,6 +650,8 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
@@ -43,10 +43,10 @@ index 3fb003e670..e87d840a0c 100644
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 26bbfecddf..d6df5771e6 100644
+index fdccae3976..4f3566cd14 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -652,6 +652,8 @@
+@@ -648,6 +648,8 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
diff --git a/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch b/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
index be68aa0..bd6656c 100644
--- a/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
+++ b/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
@@ -1,4 +1,4 @@
-From ec976161fc60922a53106f2aa3d17a2b5f7f577c Mon Sep 17 00:00:00 2001
+From e69ceee47877b92dca587592b477dee7aba8e4cd Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 8 Jul 2012 14:26:07 +0200
Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE
@@ -14,10 +14,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 89d380b72a..453b3563ab 100644
+index 5cd51062a7..6b1bf39246 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -484,7 +484,7 @@
+@@ -479,7 +479,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
@@ -27,10 +27,10 @@ index 89d380b72a..453b3563ab 100644
!ifdef $(SOURCE_DEBUG_ENABLE)
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index e87d840a0c..41ff89c3db 100644
+index 05fe5661dc..a1c083ec7b 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -489,7 +489,7 @@
+@@ -484,7 +484,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
@@ -40,10 +40,10 @@ index e87d840a0c..41ff89c3db 100644
!ifdef $(SOURCE_DEBUG_ENABLE)
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index d6df5771e6..c12a90a83c 100644
+index 4f3566cd14..7ee9d2b359 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -489,7 +489,7 @@
+@@ -484,7 +484,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
diff --git a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
index a1ddd5b..79b227f 100644
--- a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
+++ b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
@@ -1,4 +1,4 @@
-From 4baed0985163d9b34a55e97905da77660f6dc118 Mon Sep 17 00:00:00 2001
+From 4f43c23c001910836cbf76644daad38ec7ceb240 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 20 Feb 2014 22:54:45 +0100
Subject: [PATCH] OvmfPkg: increase max debug message length to 512
@@ -16,15 +16,15 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-index 36cde54976..c0c4eaee0f 100644
+index 3dfa3126c3..9451c50c70 100644
--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-@@ -27,7 +27,7 @@
+@@ -21,7 +21,7 @@
//
// Define the maximum debug and assert message length that this library supports
//
-#define MAX_DEBUG_MESSAGE_LENGTH 0x100
+#define MAX_DEBUG_MESSAGE_LENGTH 0x200
- /**
- Prints a debug message to the debug output device if the specified error level is enabled.
+ //
+ // VA_LIST can not initialize to NULL for all compiler, so we use this to
diff --git a/0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
index d4bafdc..4e8aef5 100644
--- a/0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
+++ b/0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
@@ -1,4 +1,4 @@
-From 2f0378ed75fd17e9ddd4e15b475197f6c6147b6c Mon Sep 17 00:00:00 2001
+From 07b59d495afdcf98ffbc6dc2dbaa0978690bf3c0 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 11 Jun 2014 23:33:33 +0200
Subject: [PATCH] advertise OpenSSL on TianoCore splash screen / boot logo
@@ -113,10 +113,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index a77d71bcea..319254f0db 100644
+index cf28478977..bd64ea610d 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -347,7 +347,11 @@
+@@ -360,7 +360,11 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
@@ -129,10 +129,10 @@ index a77d71bcea..319254f0db 100644
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-index 098d40b61b..514759a637 100644
+index 31f615a9d0..764954c84a 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-@@ -203,7 +203,11 @@ READ_LOCK_STATUS = TRUE
+@@ -176,7 +176,11 @@ READ_LOCK_STATUS = TRUE
#
# TianoCore logo (splash screen)
#
@@ -145,10 +145,10 @@ index 098d40b61b..514759a637 100644
#
# Ramdisk support
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-index 1e5388ae70..daa8ee7009 100644
+index 596e59739c..eea9ccaebb 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-@@ -331,7 +331,11 @@
+@@ -344,7 +344,11 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
@@ -3026,10 +3026,10 @@ index 0000000000..7227ac3910
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol."
+
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 453b3563ab..5dd44bceb7 100644
+index 6b1bf39246..5ef48d2410 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -695,7 +695,11 @@
+@@ -691,7 +691,11 @@
NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
!endif
}
@@ -3042,10 +3042,10 @@ index 453b3563ab..5dd44bceb7 100644
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index 4999403ad7..77d0d3f131 100644
+index e428334702..87e008e6fe 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
-@@ -293,7 +293,11 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+@@ -292,7 +292,11 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf
@@ -3058,10 +3058,10 @@ index 4999403ad7..77d0d3f131 100644
#
# Network modules
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 41ff89c3db..9a14a26845 100644
+index a1c083ec7b..b55a88d1c4 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -704,7 +704,11 @@
+@@ -700,7 +700,11 @@
NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
!endif
}
@@ -3074,10 +3074,10 @@ index 41ff89c3db..9a14a26845 100644
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index d0cc107928..da68440ddb 100644
+index 6ddffe7547..7dd8940c5f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
-@@ -294,7 +294,11 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+@@ -293,7 +293,11 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf
@@ -3090,10 +3090,10 @@ index d0cc107928..da68440ddb 100644
#
# Network modules
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index c12a90a83c..0f888b0373 100644
+index 7ee9d2b359..80ba78628e 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -702,7 +702,11 @@
+@@ -698,7 +698,11 @@
NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
!endif
}
@@ -3106,10 +3106,10 @@ index c12a90a83c..0f888b0373 100644
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index d0cc107928..da68440ddb 100644
+index 6ddffe7547..7dd8940c5f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
-@@ -294,7 +294,11 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+@@ -293,7 +293,11 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf
diff --git a/0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
index 91d0348..5883e3d 100644
--- a/0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
+++ b/0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
@@ -1,4 +1,4 @@
-From 17be7ae189a51fa09d2ccf9bedefb481c5ed22ea Mon Sep 17 00:00:00 2001
+From fcd392ab40bcc478d5136959781e37ed629e03ac Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 12 Jun 2014 00:17:59 +0200
Subject: [PATCH] OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim
@@ -29,10 +29,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 files changed, 308 insertions(+), 175 deletions(-)
diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm
-index 18fa9209d4..f87ed5cf30 100644
+index cb2a60d827..26fe1bcc32 100644
--- a/OvmfPkg/QemuVideoDxe/VbeShim.asm
+++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm
-@@ -18,7 +18,7 @@
+@@ -12,7 +12,7 @@
;------------------------------------------------------------------------------
; enable this macro for debug messages
diff --git a/0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch b/0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
index 5a18c92..692e46b 100644
--- a/0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
+++ b/0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
@@ -1,4 +1,4 @@
-From 07ce34a8761d89ab3d6009576f995ff48bbd7487 Mon Sep 17 00:00:00 2001
+From 1506edb0d4cd40517e557354d517c1f762725b4b Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 18:40:35 +0100
Subject: [PATCH] MdeModulePkg: TerminalDxe: add other text resolutions
@@ -76,10 +76,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 file changed, 38 insertions(+), 3 deletions(-)
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-index 66dd3ad550..78a198379a 100644
+index c76b2c5100..eff9d9787f 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-@@ -113,9 +113,44 @@ TERMINAL_DEV mTerminalDevTemplate = {
+@@ -107,9 +107,44 @@ TERMINAL_DEV mTerminalDevTemplate = {
};
TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {
diff --git a/0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
index 3c6cf4b..75d9245 100644
--- a/0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
+++ b/0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
@@ -1,4 +1,4 @@
-From 84e29eaec51ad2365674fbbaa6556c456b983367 Mon Sep 17 00:00:00 2001
+From 21285bd60350b5f6e7c6a90889a59d169db5b32f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 22:40:01 +0100
Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode
@@ -37,10 +37,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 files changed, 36 insertions(+)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
-index a2130bc439..dcd118ba62 100644
+index 6cba729982..e2d59349c9 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
-@@ -1968,6 +1968,10 @@
+@@ -1945,6 +1945,10 @@
# @Prompt The address mask when memory encryption is enabled.
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047
@@ -52,10 +52,10 @@ index a2130bc439..dcd118ba62 100644
## Specify memory size with page number for PEI code when
# Loading Module at Fixed Address feature is enabled.
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
-index 4d7218e415..295e7641a5 100644
+index 7ef655cca5..1113252df2 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
-@@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -64,7 +64,7 @@ index 4d7218e415..295e7641a5 100644
#include "Terminal.h"
//
-@@ -86,6 +88,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
+@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 };
CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 };
@@ -81,7 +81,7 @@ index 4d7218e415..295e7641a5 100644
//
// Body of the ConOut functions
//
-@@ -508,6 +520,24 @@ TerminalConOutSetMode (
+@@ -502,6 +514,24 @@ TerminalConOutSetMode (
return EFI_DEVICE_ERROR;
}
@@ -107,10 +107,10 @@ index 4d7218e415..295e7641a5 100644
Status = This->ClearScreen (This);
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
-index 15b4ac1c33..a704bc17e5 100644
+index 24e164ef4d..d1160ed1c7 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
-@@ -60,6 +60,7 @@
+@@ -55,6 +55,7 @@
DebugLib
PcdLib
BaseLib
@@ -118,7 +118,7 @@ index 15b4ac1c33..a704bc17e5 100644
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"ConInDev"
-@@ -88,6 +89,7 @@
+@@ -83,6 +84,7 @@
[Pcd]
gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable ## CONSUMES
diff --git a/0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
index 2546753..706dfc2 100644
--- a/0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
+++ b/0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
@@ -1,4 +1,4 @@
-From 040bd938a84163ba1f196de97f9137bcc84f653d Mon Sep 17 00:00:00 2001
+From 50d915724e8283db90d402d8cd8ce10bdd93c3cb Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 15:59:06 +0200
Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH
@@ -29,10 +29,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 files changed, 5 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 5dd44bceb7..702d3a86c4 100644
+index 5ef48d2410..f03cbe713f 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -531,6 +531,7 @@
+@@ -527,6 +527,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@@ -41,10 +41,10 @@ index 5dd44bceb7..702d3a86c4 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 9a14a26845..46bc3a0b77 100644
+index b55a88d1c4..248030402c 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -537,6 +537,7 @@
+@@ -533,6 +533,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@@ -53,10 +53,10 @@ index 9a14a26845..46bc3a0b77 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 0f888b0373..31c5933016 100644
+index 80ba78628e..2788e84401 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -536,6 +536,7 @@
+@@ -532,6 +532,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@@ -65,10 +65,10 @@ index 0f888b0373..31c5933016 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
-index 22139a64cb..64b8034117 100644
+index 3ba2459872..bbbf1ac2a8 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
-@@ -670,6 +670,7 @@ InitializePlatform (
+@@ -667,6 +667,7 @@ InitializePlatform (
PeiFvInitialization ();
MemMapInitialization ();
NoexecDxeInitialization ();
@@ -77,10 +77,10 @@ index 22139a64cb..64b8034117 100644
InstallClearCacheCallback ();
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
-index 5c8dd0fe6d..035ce249fe 100644
+index f660c2d9e4..3e0d7917ab 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
-@@ -96,6 +96,7 @@
+@@ -90,6 +90,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
diff --git a/0010-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch b/0010-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
index 5fa8cc9..33c3d46 100644
--- a/0010-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
+++ b/0010-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
@@ -1,4 +1,4 @@
-From 1931e213b6185c87f95f8ce6aec005272dba2621 Mon Sep 17 00:00:00 2001
+From a5249c3f4b359fde1bd6b526239ad2805012e97d Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 12 Apr 2016 20:50:25 +0200
Subject: [PATCH] ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules
@@ -22,10 +22,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
-index eff4a21650..adf1ff6c6a 100644
+index 4d27d7d30b..feceed5f93 100644
--- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
+++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
-@@ -22,7 +22,7 @@
+@@ -15,7 +15,7 @@
FILE_GUID = B271F41F-B841-48A9-BA8D-545B4BC2E2BF
MODULE_TYPE = BASE
VERSION_STRING = 1.0
diff --git a/0011-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/0011-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
index e25543e..1085a00 100644
--- a/0011-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
+++ b/0011-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
@@ -1,4 +1,4 @@
-From 18b097d4857f31d0117e31872d989b39c30215a6 Mon Sep 17 00:00:00 2001
+From 1bb7a4dfcc190606f30f0a4ec3575db709392e6c Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 26 Jul 2015 08:02:50 +0000
Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line
@@ -31,10 +31,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index 319254f0db..9a2b861fae 100644
+index bd64ea610d..ccbadffd65 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -221,6 +221,8 @@
+@@ -233,6 +233,8 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
@@ -43,7 +43,7 @@ index 319254f0db..9a2b861fae 100644
[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
-@@ -297,7 +299,10 @@
+@@ -310,7 +312,10 @@
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
diff --git a/0012-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/0012-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
index a5c6f80..b86c613 100644
--- a/0012-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
+++ b/0012-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
@@ -1,4 +1,4 @@
-From 026848dd55609cd184cd8fef3b312236e0ee3024 Mon Sep 17 00:00:00 2001
+From 7e6180b3e73d7fb2a18f3c15ccba632d8c933f95 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 4 Nov 2014 23:02:53 +0100
Subject: [PATCH] OvmfPkg: allow exclusion of the shell from the firmware image
@@ -55,10 +55,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 files changed, 8 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index 77d0d3f131..aa07387d19 100644
+index 87e008e6fe..21872aeecb 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
-@@ -288,10 +288,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+@@ -287,10 +287,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@@ -72,10 +72,10 @@ index 77d0d3f131..aa07387d19 100644
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index da68440ddb..585d97685a 100644
+index 7dd8940c5f..95c04fd8f4 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
-@@ -289,10 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+@@ -288,10 +288,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@@ -90,10 +90,10 @@ index da68440ddb..585d97685a 100644
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index da68440ddb..585d97685a 100644
+index 7dd8940c5f..95c04fd8f4 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
-@@ -289,10 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+@@ -288,10 +288,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
diff --git a/0014-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
similarity index 93%
rename from 0014-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
rename to 0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
index 1e66bb3..e9049e5 100644
--- a/0014-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
+++ b/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
@@ -1,4 +1,4 @@
-From ddb3084986db65a9006d28d5e9b6f0f7969cf2c0 Mon Sep 17 00:00:00 2001
+From 01046984f4e68e7f0ef8649c0bf30803f4059b66 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 13:49:43 +0200
Subject: [PATCH] ArmPlatformPkg: introduce fixed PCD for early hello message
@@ -36,10 +36,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 file changed, 7 insertions(+)
diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
-index 44c00bd0c1..40c8ec3251 100644
+index c8ea183313..bab4804a17 100644
--- a/ArmPlatformPkg/ArmPlatformPkg.dec
+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
-@@ -114,6 +114,13 @@
+@@ -108,6 +108,13 @@
## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045
diff --git a/0013-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/0013-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
deleted file mode 100644
index 168326b..0000000
--- a/0013-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
+++ /dev/null
@@ -1,1328 +0,0 @@
-From deeaddfb366703c157668588947e5f1767a1193a Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 4 Nov 2014 23:02:55 +0100
-Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default
- keys
-
-This application is meant to be invoked by the management layer, after
-booting the UEFI shell and getting a shell prompt on the serial console.
-The app enrolls a number of certificates (see below), and then reports
-status to the serial console as well. The expected output is "info:
-success":
-
-> Shell> EnrollDefaultKeys.efi
-> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
-> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
-> info: success
-> Shell>
-
-In case of success, the management layer can force off or reboot the VM
-(for example with the "reset -s" or "reset -c" UEFI shell commands,
-respectively), and start the guest installation with SecureBoot enabled.
-
-PK:
-- A unique, static, ad-hoc certificate whose private half has been
- destroyed (more precisely, never saved) and is therefore unusable for
- signing. (The command for creating this certificate is saved in the
- source code.) Background:
-
-On 09/30/14 20:00, Peter Jones wrote:
-> We should generate a special key that's not in our normal signing chains
-> for PK and KEK. The reason for this is that [in practice] PK gets
-> treated as part of DB (*).
->
-> [Shipping a key in our normal signing chains] as PK means you can run
-> grub directly, in which case it won't have access to the shim protocol.
-> When grub is run without the shim protocol registered, it assumes SB is
-> disabled and boots without verifying the kernel. We don't want that to
-> be a thing you can do, but allowing that is the inevitable result of
-> shipping with any of our normal signing chain in PK or KEK.
->
-> (* USRT has actually agreed that since you can escalate to this behavior
-> if you have the secret half of a key in KEK or PK anyway, and many
-> vendors had already shipped it this way, that it is fine and I think
-> even *expected* at this point, even though it wasn't formally in the
-> UEFI 2.3.1 Spec that introduced Secure Boot. I'll try and make sure the
-> language reflects that in an upcoming spec revision.)
->
-> So let me get SRT to issue a special key to use for PK and KEK. We can
-> use it just for those operations, and make sure it's protected with the
-> same processes and controls as our other signing keys.
-
- Until SRT generates such a key for us, this ad-hoc key should be a good
- placeholder.
-
-KEK:
-- same ad-hoc certificate as used for the PK,
-- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool
- package is signed (indirectly, through a chain) with this; enrolling
- such a KEK should allow guests to install those updates.
-
-DB:
-- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows
- Server 2012 R2,
-- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI
- oproms.
-
-*UPDATE*
-
-OvmfPkg: EnrollDefaultKeys: pick up official Red Hat PK/KEK (RHEL only)
-
-Replace the placeholder ExampleCert with a certificate generated and
-managed by the Red Hat Security Response Team.
-
-> Certificate:
-> Data:
-> Version: 3 (0x2)
-> Serial Number: 18371740789028339953 (0xfef588e8f396c0f1)
-> Signature Algorithm: sha256WithRSAEncryption
-> Issuer: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com
-> Validity
-> Not Before: Oct 31 11:15:37 2014 GMT
-> Not After : Oct 25 11:15:37 2037 GMT
-> Subject: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com
-> Subject Public Key Info:
-> Public Key Algorithm: rsaEncryption
-> Public-Key: (2048 bit)
-> Modulus:
-> 00:90:1f:84:7b:8d:bc:eb:97:26:82:6d:88:ab:8a:
-> c9:8c:68:70:f9:df:4b:07:b2:37:83:0b:02:c8:67:
-> 68:30:9e:e3:f0:f0:99:4a:b8:59:57:c6:41:f6:38:
-> 8b:fe:66:4c:49:e9:37:37:92:2e:98:01:1e:5b:14:
-> 50:e6:a8:8d:25:0d:f5:86:e6:ab:30:cb:40:16:ea:
-> 8d:8b:16:86:70:43:37:f2:ce:c0:91:df:71:14:8e:
-> 99:0e:89:b6:4c:6d:24:1e:8c:e4:2f:4f:25:d0:ba:
-> 06:f8:c6:e8:19:18:76:73:1d:81:6d:a8:d8:05:cf:
-> 3a:c8:7b:28:c8:36:a3:16:0d:29:8c:99:9a:68:dc:
-> ab:c0:4d:8d:bf:5a:bb:2b:a9:39:4b:04:97:1c:f9:
-> 36:bb:c5:3a:86:04:ae:af:d4:82:7b:e0:ab:de:49:
-> 05:68:fc:f6:ae:68:1a:6c:90:4d:57:19:3c:64:66:
-> 03:f6:c7:52:9b:f7:94:cf:93:6a:a1:68:c9:aa:cf:
-> 99:6b:bc:aa:5e:08:e7:39:1c:f7:f8:0f:ba:06:7e:
-> f1:cb:e8:76:dd:fe:22:da:ad:3a:5e:5b:34:ea:b3:
-> c9:e0:4d:04:29:7e:b8:60:b9:05:ef:b5:d9:17:58:
-> 56:16:60:b9:30:32:f0:36:4a:c3:f2:79:8d:12:40:
-> 70:f3
-> Exponent: 65537 (0x10001)
-> X509v3 extensions:
-> X509v3 Basic Constraints:
-> CA:FALSE
-> Netscape Comment:
-> OpenSSL Generated Certificate
-> X509v3 Subject Key Identifier:
-> 3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC
-> X509v3 Authority Key Identifier:
-> keyid:3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC
->
-> Signature Algorithm: sha256WithRSAEncryption
-> 5c:4d:92:88:b4:82:5f:1d:ad:8b:11:ec:df:06:a6:7a:a5:2b:
-> 9f:37:55:0c:8d:6e:05:00:ad:b7:0c:41:89:69:cf:d6:65:06:
-> 9b:51:78:d2:ad:c7:bf:9c:dc:05:73:7f:e7:1e:39:13:b4:ea:
-> b6:30:7d:40:75:ab:9c:43:0b:df:b0:c2:1b:bf:30:e0:f4:fe:
-> c0:db:62:21:98:f6:c5:af:de:3b:4f:49:0a:e6:1e:f9:86:b0:
-> 3f:0d:d6:d4:46:37:db:54:74:5e:ff:11:c2:60:c6:70:58:c5:
-> 1c:6f:ec:b2:d8:6e:6f:c3:bc:33:87:38:a4:f3:44:64:9c:34:
-> 3b:28:94:26:78:27:9f:16:17:e8:3b:69:0a:25:a9:73:36:7e:
-> 9e:37:5c:ec:e8:3f:db:91:f9:12:b3:3d:ce:e7:dd:15:c3:ae:
-> 8c:05:20:61:9b:95:de:9b:af:fa:b1:5c:1c:e5:97:e7:c3:34:
-> 11:85:f5:8a:27:26:a4:70:36:ec:0c:f6:83:3d:90:f7:36:f3:
-> f9:f3:15:d4:90:62:be:53:b4:af:d3:49:af:ef:f4:73:e8:7b:
-> 76:e4:44:2a:37:ba:81:a4:99:0c:3a:31:24:71:a0:e4:e4:b7:
-> 1a:cb:47:e4:aa:22:cf:ef:75:61:80:e3:43:b7:48:57:73:11:
-> 3d:78:9b:69
-> -----BEGIN CERTIFICATE-----
-> MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
-> BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
-> 9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
-> MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
-> RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
-> IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
-> +d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
-> huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
-> bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
-> 3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
-> y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
-> AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
-> YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
-> HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
-> ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
-> 3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
-> 1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
-> qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
-> NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
-> R+SqIs/vdWGA40O3SFdzET14m2k=
-> -----END CERTIFICATE-----
-
-Notes about the 9ece15a -> c9e5618 rebase:
-- resolved conflicts in:
- OvmfPkg/OvmfPkgIa32.dsc
- OvmfPkg/OvmfPkgIa32X64.dsc
- OvmfPkg/OvmfPkgX64.dsc
- due to OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf having
- disappeared in upstream (commit 57446bb9).
-
-Notes about the c9e5618 -> b9ffeab rebase:
-- Guid/VariableFormat.h now lives under MdeModulePkg.
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- This patch now squashes the following commits:
- - 014f459c197b OvmfPkg: EnrollDefaultKeys: application for enrolling
- default keys (RH only)
- - 18422a18d0e9 OvmfPkg/EnrollDefaultKeys: assign Status before reading
- it (RH only)
- - ddb90568e874 OvmfPkg/EnrollDefaultKeys: silence VS2015x86 warning (RH
- only)
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- This patch now squashes the following commits:
- - c0b2615a9c0b OvmfPkg: EnrollDefaultKeys: application for enrolling
- default keys (RH only)
- - 22f4d33d0168 OvmfPkg/EnrollDefaultKeys: update SignatureOwner GUID for
- Windows HCK (RH)
- - ff7f2c1d870d OvmfPkg/EnrollDefaultKeys: expose CertType parameter of
- EnrollListOfCerts (RH)
- - aee7b5ba60b4 OvmfPkg/EnrollDefaultKeys: blacklist empty file in dbx
- for Windows HCK (RH)
-
-- Consequently, OvmfPkg/EnrollDefaultKeys/ is identical to the same
- directory at the "RHEL-7.4" tag (49d06d386736).
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit c0b2615a9c0b4a4be1bffe45681a32915449279d)
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 1015 +++++++++++++++++
- .../EnrollDefaultKeys/EnrollDefaultKeys.inf | 52 +
- OvmfPkg/OvmfPkgIa32.dsc | 4 +
- OvmfPkg/OvmfPkgIa32X64.dsc | 4 +
- OvmfPkg/OvmfPkgX64.dsc | 4 +
- 5 files changed, 1079 insertions(+)
- create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
- create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-
-diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
-new file mode 100644
-index 0000000000..dd413df12d
---- /dev/null
-+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
-@@ -0,0 +1,1015 @@
-+/** @file
-+ Enroll default PK, KEK, DB.
-+
-+ Copyright (C) 2014, Red Hat, Inc.
-+
-+ This program and the accompanying materials are licensed and made available
-+ under the terms and conditions of the BSD License which accompanies this
-+ distribution. The full text of the license may be found at
-+ http://opensource.org/licenses/bsd-license.
-+
-+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
-+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+**/
-+#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
-+#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
-+#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
-+#include <Library/BaseMemoryLib.h> // CopyGuid()
-+#include <Library/DebugLib.h> // ASSERT()
-+#include <Library/MemoryAllocationLib.h> // FreePool()
-+#include <Library/ShellCEntryLib.h> // ShellAppMain()
-+#include <Library/UefiLib.h> // AsciiPrint()
-+#include <Library/UefiRuntimeServicesTableLib.h> // gRT
-+
-+//
-+// We'll use the certificate below as both Platform Key and as first Key
-+// Exchange Key.
-+//
-+// "Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com"
-+// SHA1: fd:fc:7f:3c:7e:f3:e0:57:76:ad:d7:98:78:21:6c:9b:e0:e1:95:97
-+//
-+STATIC CONST UINT8 RedHatPkKek1[] = {
-+ 0x30, 0x82, 0x03, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x09, 0x00, 0xfe, 0xf5, 0x88, 0xe8, 0xf3, 0x96, 0xc0, 0xf1, 0x30, 0x0d,
-+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
-+ 0x30, 0x51, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22,
-+ 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72,
-+ 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45,
-+ 0x4b, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06,
-+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73,
-+ 0x65, 0x63, 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61,
-+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30,
-+ 0x33, 0x31, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x17, 0x0d, 0x33, 0x37,
-+ 0x31, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x30, 0x51,
-+ 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x52, 0x65,
-+ 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20,
-+ 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, 0x4b, 0x20,
-+ 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a,
-+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, 0x65, 0x63,
-+ 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74, 0x2e,
-+ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
-+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
-+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x90, 0x1f, 0x84,
-+ 0x7b, 0x8d, 0xbc, 0xeb, 0x97, 0x26, 0x82, 0x6d, 0x88, 0xab, 0x8a, 0xc9, 0x8c,
-+ 0x68, 0x70, 0xf9, 0xdf, 0x4b, 0x07, 0xb2, 0x37, 0x83, 0x0b, 0x02, 0xc8, 0x67,
-+ 0x68, 0x30, 0x9e, 0xe3, 0xf0, 0xf0, 0x99, 0x4a, 0xb8, 0x59, 0x57, 0xc6, 0x41,
-+ 0xf6, 0x38, 0x8b, 0xfe, 0x66, 0x4c, 0x49, 0xe9, 0x37, 0x37, 0x92, 0x2e, 0x98,
-+ 0x01, 0x1e, 0x5b, 0x14, 0x50, 0xe6, 0xa8, 0x8d, 0x25, 0x0d, 0xf5, 0x86, 0xe6,
-+ 0xab, 0x30, 0xcb, 0x40, 0x16, 0xea, 0x8d, 0x8b, 0x16, 0x86, 0x70, 0x43, 0x37,
-+ 0xf2, 0xce, 0xc0, 0x91, 0xdf, 0x71, 0x14, 0x8e, 0x99, 0x0e, 0x89, 0xb6, 0x4c,
-+ 0x6d, 0x24, 0x1e, 0x8c, 0xe4, 0x2f, 0x4f, 0x25, 0xd0, 0xba, 0x06, 0xf8, 0xc6,
-+ 0xe8, 0x19, 0x18, 0x76, 0x73, 0x1d, 0x81, 0x6d, 0xa8, 0xd8, 0x05, 0xcf, 0x3a,
-+ 0xc8, 0x7b, 0x28, 0xc8, 0x36, 0xa3, 0x16, 0x0d, 0x29, 0x8c, 0x99, 0x9a, 0x68,
-+ 0xdc, 0xab, 0xc0, 0x4d, 0x8d, 0xbf, 0x5a, 0xbb, 0x2b, 0xa9, 0x39, 0x4b, 0x04,
-+ 0x97, 0x1c, 0xf9, 0x36, 0xbb, 0xc5, 0x3a, 0x86, 0x04, 0xae, 0xaf, 0xd4, 0x82,
-+ 0x7b, 0xe0, 0xab, 0xde, 0x49, 0x05, 0x68, 0xfc, 0xf6, 0xae, 0x68, 0x1a, 0x6c,
-+ 0x90, 0x4d, 0x57, 0x19, 0x3c, 0x64, 0x66, 0x03, 0xf6, 0xc7, 0x52, 0x9b, 0xf7,
-+ 0x94, 0xcf, 0x93, 0x6a, 0xa1, 0x68, 0xc9, 0xaa, 0xcf, 0x99, 0x6b, 0xbc, 0xaa,
-+ 0x5e, 0x08, 0xe7, 0x39, 0x1c, 0xf7, 0xf8, 0x0f, 0xba, 0x06, 0x7e, 0xf1, 0xcb,
-+ 0xe8, 0x76, 0xdd, 0xfe, 0x22, 0xda, 0xad, 0x3a, 0x5e, 0x5b, 0x34, 0xea, 0xb3,
-+ 0xc9, 0xe0, 0x4d, 0x04, 0x29, 0x7e, 0xb8, 0x60, 0xb9, 0x05, 0xef, 0xb5, 0xd9,
-+ 0x17, 0x58, 0x56, 0x16, 0x60, 0xb9, 0x30, 0x32, 0xf0, 0x36, 0x4a, 0xc3, 0xf2,
-+ 0x79, 0x8d, 0x12, 0x40, 0x70, 0xf3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x7b,
-+ 0x30, 0x79, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00,
-+ 0x30, 0x2c, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d,
-+ 0x04, 0x1f, 0x16, 0x1d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47,
-+ 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74,
-+ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
-+ 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3c, 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a,
-+ 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42, 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30,
-+ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x3c,
-+ 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a, 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42,
-+ 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
-+ 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
-+ 0x5c, 0x4d, 0x92, 0x88, 0xb4, 0x82, 0x5f, 0x1d, 0xad, 0x8b, 0x11, 0xec, 0xdf,
-+ 0x06, 0xa6, 0x7a, 0xa5, 0x2b, 0x9f, 0x37, 0x55, 0x0c, 0x8d, 0x6e, 0x05, 0x00,
-+ 0xad, 0xb7, 0x0c, 0x41, 0x89, 0x69, 0xcf, 0xd6, 0x65, 0x06, 0x9b, 0x51, 0x78,
-+ 0xd2, 0xad, 0xc7, 0xbf, 0x9c, 0xdc, 0x05, 0x73, 0x7f, 0xe7, 0x1e, 0x39, 0x13,
-+ 0xb4, 0xea, 0xb6, 0x30, 0x7d, 0x40, 0x75, 0xab, 0x9c, 0x43, 0x0b, 0xdf, 0xb0,
-+ 0xc2, 0x1b, 0xbf, 0x30, 0xe0, 0xf4, 0xfe, 0xc0, 0xdb, 0x62, 0x21, 0x98, 0xf6,
-+ 0xc5, 0xaf, 0xde, 0x3b, 0x4f, 0x49, 0x0a, 0xe6, 0x1e, 0xf9, 0x86, 0xb0, 0x3f,
-+ 0x0d, 0xd6, 0xd4, 0x46, 0x37, 0xdb, 0x54, 0x74, 0x5e, 0xff, 0x11, 0xc2, 0x60,
-+ 0xc6, 0x70, 0x58, 0xc5, 0x1c, 0x6f, 0xec, 0xb2, 0xd8, 0x6e, 0x6f, 0xc3, 0xbc,
-+ 0x33, 0x87, 0x38, 0xa4, 0xf3, 0x44, 0x64, 0x9c, 0x34, 0x3b, 0x28, 0x94, 0x26,
-+ 0x78, 0x27, 0x9f, 0x16, 0x17, 0xe8, 0x3b, 0x69, 0x0a, 0x25, 0xa9, 0x73, 0x36,
-+ 0x7e, 0x9e, 0x37, 0x5c, 0xec, 0xe8, 0x3f, 0xdb, 0x91, 0xf9, 0x12, 0xb3, 0x3d,
-+ 0xce, 0xe7, 0xdd, 0x15, 0xc3, 0xae, 0x8c, 0x05, 0x20, 0x61, 0x9b, 0x95, 0xde,
-+ 0x9b, 0xaf, 0xfa, 0xb1, 0x5c, 0x1c, 0xe5, 0x97, 0xe7, 0xc3, 0x34, 0x11, 0x85,
-+ 0xf5, 0x8a, 0x27, 0x26, 0xa4, 0x70, 0x36, 0xec, 0x0c, 0xf6, 0x83, 0x3d, 0x90,
-+ 0xf7, 0x36, 0xf3, 0xf9, 0xf3, 0x15, 0xd4, 0x90, 0x62, 0xbe, 0x53, 0xb4, 0xaf,
-+ 0xd3, 0x49, 0xaf, 0xef, 0xf4, 0x73, 0xe8, 0x7b, 0x76, 0xe4, 0x44, 0x2a, 0x37,
-+ 0xba, 0x81, 0xa4, 0x99, 0x0c, 0x3a, 0x31, 0x24, 0x71, 0xa0, 0xe4, 0xe4, 0xb7,
-+ 0x1a, 0xcb, 0x47, 0xe4, 0xaa, 0x22, 0xcf, 0xef, 0x75, 0x61, 0x80, 0xe3, 0x43,
-+ 0xb7, 0x48, 0x57, 0x73, 0x11, 0x3d, 0x78, 0x9b, 0x69
-+};
-+
-+//
-+// Second KEK: "Microsoft Corporation KEK CA 2011".
-+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
-+//
-+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK.
-+//
-+STATIC CONST UINT8 MicrosoftKEK[] = {
-+ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
-+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
-+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
-+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
-+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
-+ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32,
-+ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30,
-+ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
-+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
-+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
-+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
-+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
-+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
-+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06,
-+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
-+ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31,
-+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
-+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad,
-+ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d,
-+ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb,
-+ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3,
-+ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b,
-+ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac,
-+ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8,
-+ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0,
-+ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2,
-+ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89,
-+ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2,
-+ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03,
-+ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e,
-+ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb,
-+ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f,
-+ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa,
-+ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f,
-+ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6,
-+ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf,
-+ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07,
-+ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30,
-+ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
-+ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,
-+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4,
-+ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f,
-+ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02,
-+ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00,
-+ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01,
-+ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
-+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
-+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11,
-+ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30,
-+ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0,
-+ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63,
-+ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
-+ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70,
-+ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f,
-+ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f,
-+ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63,
-+ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
-+ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
-+ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
-+ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74,
-+ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61,
-+ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d,
-+ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09,
-+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
-+ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a,
-+ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66,
-+ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a,
-+ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64,
-+ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58,
-+ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0,
-+ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5,
-+ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec,
-+ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7,
-+ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28,
-+ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79,
-+ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b,
-+ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8,
-+ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19,
-+ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58,
-+ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d,
-+ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d,
-+ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8,
-+ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60,
-+ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac,
-+ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87,
-+ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd,
-+ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81,
-+ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92,
-+ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0,
-+ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf,
-+ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb,
-+ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68,
-+ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad,
-+ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82,
-+ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14,
-+ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f,
-+ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b,
-+ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0,
-+ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d,
-+ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38,
-+ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c,
-+ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14,
-+ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5,
-+ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e
-+};
-+
-+//
-+// First DB entry: "Microsoft Windows Production PCA 2011"
-+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
-+//
-+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain
-+// rooted in this certificate.
-+//
-+STATIC CONST UINT8 MicrosoftPCA[] = {
-+ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30,
-+ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72,
-+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
-+ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17,
-+ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32,
-+ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31,
-+ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
-+ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
-+ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
-+ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
-+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
-+ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31,
-+ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63,
-+ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77,
-+ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20,
-+ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
-+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,
-+ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7,
-+ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb,
-+ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b,
-+ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3,
-+ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0,
-+ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74,
-+ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67,
-+ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53,
-+ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23,
-+ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3,
-+ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff,
-+ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2,
-+ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22,
-+ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3,
-+ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b,
-+ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc,
-+ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6,
-+ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8,
-+ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8,
-+ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03,
-+ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10,
-+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03,
-+ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
-+ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9,
-+ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b,
-+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00,
-+ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03,
-+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03,
-+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
-+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
-+ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94,
-+ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d,
-+ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45,
-+ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69,
-+ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70,
-+ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
-+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41,
-+ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33,
-+ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
-+ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06,
-+ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a,
-+ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65,
-+ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72,
-+ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32,
-+ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14,
-+ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc,
-+ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0,
-+ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61,
-+ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda,
-+ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a,
-+ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2,
-+ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea,
-+ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30,
-+ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86,
-+ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8,
-+ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae,
-+ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8,
-+ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac,
-+ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84,
-+ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73,
-+ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73,
-+ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60,
-+ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6,
-+ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a,
-+ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba,
-+ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce,
-+ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f,
-+ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e,
-+ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3,
-+ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45,
-+ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0,
-+ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24,
-+ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c,
-+ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf,
-+ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c,
-+ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2,
-+ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c,
-+ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47,
-+ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a,
-+ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21,
-+ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86,
-+ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6,
-+ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9,
-+ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4,
-+ 0x62, 0x1c, 0x59, 0x7e
-+};
-+
-+//
-+// Second DB entry: "Microsoft Corporation UEFI CA 2011"
-+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
-+//
-+// To verify the "shim" binary and PCI expansion ROMs with.
-+//
-+STATIC CONST UINT8 MicrosoftUefiCA[] = {
-+ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
-+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
-+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
-+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
-+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
-+ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32,
-+ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30,
-+ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
-+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
-+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
-+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
-+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
-+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
-+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06,
-+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
-+ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31,
-+ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
-+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7,
-+ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43,
-+ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73,
-+ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3,
-+ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54,
-+ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c,
-+ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f,
-+ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae,
-+ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d,
-+ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa,
-+ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff,
-+ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b,
-+ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6,
-+ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62,
-+ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08,
-+ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7,
-+ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2,
-+ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f,
-+ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b,
-+ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a,
-+ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76,
-+ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01,
-+ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23,
-+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16,
-+ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37,
-+ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03,
-+ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd,
-+ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b,
-+ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14,
-+ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43,
-+ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
-+ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
-+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
-+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58,
-+ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8,
-+ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51,
-+ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
-+ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f,
-+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43,
-+ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f,
-+ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e,
-+ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
-+ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01,
-+ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
-+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
-+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72,
-+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50,
-+ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30,
-+ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06,
-+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
-+ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76,
-+ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef,
-+ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13,
-+ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82,
-+ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a,
-+ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20,
-+ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90,
-+ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52,
-+ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d,
-+ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf,
-+ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49,
-+ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34,
-+ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75,
-+ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9,
-+ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f,
-+ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c,
-+ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56,
-+ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae,
-+ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a,
-+ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c,
-+ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59,
-+ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d,
-+ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53,
-+ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b,
-+ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98,
-+ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85,
-+ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2,
-+ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2,
-+ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c,
-+ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b,
-+ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27,
-+ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6,
-+ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f,
-+ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55,
-+ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e,
-+ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62,
-+ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8,
-+ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6,
-+ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75,
-+ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58
-+};
-+
-+//
-+// The Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmDBXisPresent test case
-+// of the Secure Boot Logo Test in the Microsoft Hardware Certification Kit
-+// expects that the "dbx" variable exist.
-+//
-+// The article at <https://technet.microsoft.com/en-us/library/dn747883.aspx>
-+// writes (excerpt):
-+//
-+// Windows 8.1 Secure Boot Key Creation and Management Guidance
-+// 1. Secure Boot, Windows 8.1 and Key Management
-+// 1.4 Signature Databases (Db and Dbx)
-+// 1.4.3 Forbidden Signature Database (dbx)
-+//
-+// The contents of EFI_IMAGE_SIGNATURE_DATABASE1 dbx must be checked when
-+// verifying images before checking db and any matches must prevent the
-+// image from executing. The database may contain multiple certificates,
-+// keys, and hashes in order to identify forbidden images. The Windows
-+// Hardware Certification Requirements state that a dbx must be present, so
-+// any dummy value, such as the SHA-256 hash of 0, may be used as a safe
-+// placeholder until such time as Microsoft begins delivering dbx updates.
-+//
-+// The byte array below captures the SHA256 checksum of the empty file,
-+// blacklisting it for loading & execution. This qualifies as a dummy, since
-+// the empty file is not a valid UEFI binary anyway.
-+//
-+// Technically speaking, we could also capture an official (although soon to be
-+// obsolete) dbx update from <http://www.uefi.org/revocationlistfile>. However,
-+// the terms and conditions on distributing that binary aren't exactly light
-+// reading, so let's best steer clear of it, and follow the "dummy entry"
-+// practice recommended -- in natural English langauge -- in the
-+// above-referenced TechNet article.
-+//
-+STATIC CONST UINT8 mSha256OfDevNull[] = {
-+ 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99,
-+ 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95,
-+ 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
-+};
-+
-+//
-+// The following test cases of the Secure Boot Logo Test in the Microsoft
-+// Hardware Certification Kit:
-+//
-+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent
-+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB
-+//
-+// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be
-+// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the
-+// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509
-+// certificates:
-+//
-+// - "Microsoft Corporation KEK CA 2011" (in KEK)
-+// - "Microsoft Windows Production PCA 2011" (in db)
-+// - "Microsoft Corporation UEFI CA 2011" (in db)
-+//
-+// This is despite the fact that the UEFI specification requires
-+// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS,
-+// application or driver) that enrolled and therefore owns
-+// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued
-+// EFI_SIGNATURE_DATA.SignatureData.
-+//
-+STATIC CONST EFI_GUID mMicrosoftOwnerGuid = {
-+ 0x77fa9abd, 0x0359, 0x4d32,
-+ { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },
-+};
-+
-+//
-+// The most important thing about the variable payload is that it is a list of
-+// lists, where the element size of any given *inner* list is constant.
-+//
-+// Since X509 certificates vary in size, each of our *inner* lists will contain
-+// one element only (one X.509 certificate). This is explicitly mentioned in
-+// the UEFI specification, in "28.4.1 Signature Database", in a Note.
-+//
-+// The list structure looks as follows:
-+//
-+// struct EFI_VARIABLE_AUTHENTICATION_2 { |
-+// struct EFI_TIME { |
-+// UINT16 Year; |
-+// UINT8 Month; |
-+// UINT8 Day; |
-+// UINT8 Hour; |
-+// UINT8 Minute; |
-+// UINT8 Second; |
-+// UINT8 Pad1; |
-+// UINT32 Nanosecond; |
-+// INT16 TimeZone; |
-+// UINT8 Daylight; |
-+// UINT8 Pad2; |
-+// } TimeStamp; |
-+// |
-+// struct WIN_CERTIFICATE_UEFI_GUID { | |
-+// struct WIN_CERTIFICATE { | |
-+// UINT32 dwLength; ----------------------------------------+ |
-+// UINT16 wRevision; | |
-+// UINT16 wCertificateType; | |
-+// } Hdr; | +- DataSize
-+// | |
-+// EFI_GUID CertType; | |
-+// UINT8 CertData[1] = { <--- "struct hack" | |
-+// struct EFI_SIGNATURE_LIST { | | |
-+// EFI_GUID SignatureType; | | |
-+// UINT32 SignatureListSize; -------------------------+ | |
-+// UINT32 SignatureHeaderSize; | | |
-+// UINT32 SignatureSize; ---------------------------+ | | |
-+// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
-+// v | | |
-+// struct EFI_SIGNATURE_DATA { | | | |
-+// EFI_GUID SignatureOwner; | | | |
-+// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
-+// X.509 payload | | | |
-+// } | | | |
-+// } Signatures[]; | | |
-+// } SigLists[]; | |
-+// }; | |
-+// } AuthInfo; | |
-+// }; |
-+//
-+// Given that the "struct hack" invokes undefined behavior (which is why C99
-+// introduced the flexible array member), and because subtracting those pesky
-+// sizes of 1 is annoying, and because the format is fully specified in the
-+// UEFI specification, we'll introduce two matching convenience structures that
-+// are customized for our X.509 purposes.
-+//
-+#pragma pack(1)
-+typedef struct {
-+ EFI_TIME TimeStamp;
-+
-+ //
-+ // dwLength covers data below
-+ //
-+ UINT32 dwLength;
-+ UINT16 wRevision;
-+ UINT16 wCertificateType;
-+ EFI_GUID CertType;
-+} SINGLE_HEADER;
-+
-+typedef struct {
-+ //
-+ // SignatureListSize covers data below
-+ //
-+ EFI_GUID SignatureType;
-+ UINT32 SignatureListSize;
-+ UINT32 SignatureHeaderSize; // constant 0
-+ UINT32 SignatureSize;
-+
-+ //
-+ // SignatureSize covers data below
-+ //
-+ EFI_GUID SignatureOwner;
-+
-+ //
-+ // X.509 certificate follows
-+ //
-+} REPEATING_HEADER;
-+#pragma pack()
-+
-+/**
-+ Enroll a set of certificates in a global variable, overwriting it.
-+
-+ The variable will be rewritten with NV+BS+RT+AT attributes.
-+
-+ @param[in] VariableName The name of the variable to overwrite.
-+
-+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to
-+ overwrite.
-+
-+ @param[in] CertType The GUID determining the type of all the
-+ certificates in the set that is passed in. For
-+ example, gEfiCertX509Guid stands for DER-encoded
-+ X.509 certificates, while gEfiCertSha256Guid stands
-+ for SHA256 image hashes.
-+
-+ @param[in] ... A list of
-+
-+ IN CONST UINT8 *Cert,
-+ IN UINTN CertSize,
-+ IN CONST EFI_GUID *OwnerGuid
-+
-+ triplets. If the first component of a triplet is
-+ NULL, then the other two components are not
-+ accessed, and processing is terminated. The list of
-+ certificates is enrolled in the variable specified,
-+ overwriting it. The OwnerGuid component identifies
-+ the agent installing the certificate.
-+
-+ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert
-+ value is NULL), or one of the CertSize values
-+ is 0, or one of the CertSize values would
-+ overflow the accumulated UINT32 data size.
-+
-+ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable
-+ payload.
-+
-+ @retval EFI_SUCCESS Enrollment successful; the variable has been
-+ overwritten (or created).
-+
-+ @return Error codes from gRT->GetTime() and
-+ gRT->SetVariable().
-+**/
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+EnrollListOfCerts (
-+ IN CHAR16 *VariableName,
-+ IN EFI_GUID *VendorGuid,
-+ IN EFI_GUID *CertType,
-+ ...
-+ )
-+{
-+ UINTN DataSize;
-+ SINGLE_HEADER *SingleHeader;
-+ REPEATING_HEADER *RepeatingHeader;
-+ VA_LIST Marker;
-+ CONST UINT8 *Cert;
-+ EFI_STATUS Status;
-+ UINT8 *Data;
-+ UINT8 *Position;
-+
-+ Status = EFI_SUCCESS;
-+
-+ //
-+ // compute total size first, for UINT32 range check, and allocation
-+ //
-+ DataSize = sizeof *SingleHeader;
-+ VA_START (Marker, CertType);
-+ for (Cert = VA_ARG (Marker, CONST UINT8 *);
-+ Cert != NULL;
-+ Cert = VA_ARG (Marker, CONST UINT8 *)) {
-+ UINTN CertSize;
-+
-+ CertSize = VA_ARG (Marker, UINTN);
-+ (VOID)VA_ARG (Marker, CONST EFI_GUID *);
-+
-+ if (CertSize == 0 ||
-+ CertSize > MAX_UINT32 - sizeof *RepeatingHeader ||
-+ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) {
-+ Status = EFI_INVALID_PARAMETER;
-+ break;
-+ }
-+ DataSize += sizeof *RepeatingHeader + CertSize;
-+ }
-+ VA_END (Marker);
-+
-+ if (DataSize == sizeof *SingleHeader) {
-+ Status = EFI_INVALID_PARAMETER;
-+ }
-+ if (EFI_ERROR (Status)) {
-+ goto Out;
-+ }
-+
-+ Data = AllocatePool (DataSize);
-+ if (Data == NULL) {
-+ Status = EFI_OUT_OF_RESOURCES;
-+ goto Out;
-+ }
-+
-+ Position = Data;
-+
-+ SingleHeader = (SINGLE_HEADER *)Position;
-+ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL);
-+ if (EFI_ERROR (Status)) {
-+ goto FreeData;
-+ }
-+ SingleHeader->TimeStamp.Pad1 = 0;
-+ SingleHeader->TimeStamp.Nanosecond = 0;
-+ SingleHeader->TimeStamp.TimeZone = 0;
-+ SingleHeader->TimeStamp.Daylight = 0;
-+ SingleHeader->TimeStamp.Pad2 = 0;
-+#if 0
-+ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp;
-+#else
-+ //
-+ // This looks like a bug in edk2. According to the UEFI specification,
-+ // dwLength is "The length of the entire certificate, including the length of
-+ // the header, in bytes". That shouldn't stop right after CertType -- it
-+ // should include everything below it.
-+ //
-+ SingleHeader->dwLength = sizeof *SingleHeader
-+ - sizeof SingleHeader->TimeStamp;
-+#endif
-+ SingleHeader->wRevision = 0x0200;
-+ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID;
-+ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid);
-+ Position += sizeof *SingleHeader;
-+
-+ VA_START (Marker, CertType);
-+ for (Cert = VA_ARG (Marker, CONST UINT8 *);
-+ Cert != NULL;
-+ Cert = VA_ARG (Marker, CONST UINT8 *)) {
-+ UINTN CertSize;
-+ CONST EFI_GUID *OwnerGuid;
-+
-+ CertSize = VA_ARG (Marker, UINTN);
-+ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *);
-+
-+ RepeatingHeader = (REPEATING_HEADER *)Position;
-+ CopyGuid (&RepeatingHeader->SignatureType, CertType);
-+ RepeatingHeader->SignatureListSize =
-+ (UINT32)(sizeof *RepeatingHeader + CertSize);
-+ RepeatingHeader->SignatureHeaderSize = 0;
-+ RepeatingHeader->SignatureSize =
-+ (UINT32)(sizeof RepeatingHeader->SignatureOwner + CertSize);
-+ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid);
-+ Position += sizeof *RepeatingHeader;
-+
-+ CopyMem (Position, Cert, CertSize);
-+ Position += CertSize;
-+ }
-+ VA_END (Marker);
-+
-+ ASSERT (Data + DataSize == Position);
-+
-+ Status = gRT->SetVariable (VariableName, VendorGuid,
-+ (EFI_VARIABLE_NON_VOLATILE |
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
-+ EFI_VARIABLE_RUNTIME_ACCESS |
-+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
-+ DataSize, Data);
-+
-+FreeData:
-+ FreePool (Data);
-+
-+Out:
-+ if (EFI_ERROR (Status)) {
-+ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName,
-+ VendorGuid, Status);
-+ }
-+ return Status;
-+}
-+
-+
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+GetExact (
-+ IN CHAR16 *VariableName,
-+ IN EFI_GUID *VendorGuid,
-+ OUT VOID *Data,
-+ IN UINTN DataSize,
-+ IN BOOLEAN AllowMissing
-+ )
-+{
-+ UINTN Size;
-+ EFI_STATUS Status;
-+
-+ Size = DataSize;
-+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data);
-+ if (EFI_ERROR (Status)) {
-+ if (Status == EFI_NOT_FOUND && AllowMissing) {
-+ ZeroMem (Data, DataSize);
-+ return EFI_SUCCESS;
-+ }
-+
-+ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName,
-+ VendorGuid, Status);
-+ return Status;
-+ }
-+
-+ if (Size != DataSize) {
-+ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, "
-+ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size);
-+ return EFI_PROTOCOL_ERROR;
-+ }
-+
-+ return EFI_SUCCESS;
-+}
-+
-+typedef struct {
-+ UINT8 SetupMode;
-+ UINT8 SecureBoot;
-+ UINT8 SecureBootEnable;
-+ UINT8 CustomMode;
-+ UINT8 VendorKeys;
-+} SETTINGS;
-+
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+GetSettings (
-+ OUT SETTINGS *Settings
-+ )
-+{
-+ EFI_STATUS Status;
-+
-+ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid,
-+ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
-+ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME,
-+ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable,
-+ sizeof Settings->SecureBootEnable, TRUE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid,
-+ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE);
-+ return Status;
-+}
-+
-+STATIC
-+VOID
-+EFIAPI
-+PrintSettings (
-+ IN CONST SETTINGS *Settings
-+ )
-+{
-+ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d "
-+ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot,
-+ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys);
-+}
-+
-+
-+INTN
-+EFIAPI
-+ShellAppMain (
-+ IN UINTN Argc,
-+ IN CHAR16 **Argv
-+ )
-+{
-+ EFI_STATUS Status;
-+ SETTINGS Settings;
-+
-+ Status = GetSettings (&Settings);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+ PrintSettings (&Settings);
-+
-+ if (Settings.SetupMode != 1) {
-+ AsciiPrint ("error: already in User Mode\n");
-+ return 1;
-+ }
-+
-+ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) {
-+ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE;
-+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+ (EFI_VARIABLE_NON_VOLATILE |
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS),
-+ sizeof Settings.CustomMode, &Settings.CustomMode);
-+ if (EFI_ERROR (Status)) {
-+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
-+ &gEfiCustomModeEnableGuid, Status);
-+ return 1;
-+ }
-+ }
-+
-+ Status = EnrollListOfCerts (
-+ EFI_IMAGE_SECURITY_DATABASE,
-+ &gEfiImageSecurityDatabaseGuid,
-+ &gEfiCertX509Guid,
-+ MicrosoftPCA, sizeof MicrosoftPCA, &mMicrosoftOwnerGuid,
-+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &mMicrosoftOwnerGuid,
-+ NULL);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+
-+ Status = EnrollListOfCerts (
-+ EFI_IMAGE_SECURITY_DATABASE1,
-+ &gEfiImageSecurityDatabaseGuid,
-+ &gEfiCertSha256Guid,
-+ mSha256OfDevNull, sizeof mSha256OfDevNull, &gEfiCallerIdGuid,
-+ NULL);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+
-+ Status = EnrollListOfCerts (
-+ EFI_KEY_EXCHANGE_KEY_NAME,
-+ &gEfiGlobalVariableGuid,
-+ &gEfiCertX509Guid,
-+ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiCallerIdGuid,
-+ MicrosoftKEK, sizeof MicrosoftKEK, &mMicrosoftOwnerGuid,
-+ NULL);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+
-+ Status = EnrollListOfCerts (
-+ EFI_PLATFORM_KEY_NAME,
-+ &gEfiGlobalVariableGuid,
-+ &gEfiCertX509Guid,
-+ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiGlobalVariableGuid,
-+ NULL);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+
-+ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE;
-+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
-+ sizeof Settings.CustomMode, &Settings.CustomMode);
-+ if (EFI_ERROR (Status)) {
-+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
-+ &gEfiCustomModeEnableGuid, Status);
-+ return 1;
-+ }
-+
-+ Status = GetSettings (&Settings);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+ PrintSettings (&Settings);
-+
-+ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 ||
-+ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 ||
-+ Settings.VendorKeys != 0) {
-+ AsciiPrint ("error: unexpected\n");
-+ return 1;
-+ }
-+
-+ AsciiPrint ("info: success\n");
-+ return 0;
-+}
-diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-new file mode 100644
-index 0000000000..0ad86a2843
---- /dev/null
-+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-@@ -0,0 +1,52 @@
-+## @file
-+# Enroll default PK, KEK, DB.
-+#
-+# Copyright (C) 2014, Red Hat, Inc.
-+#
-+# This program and the accompanying materials are licensed and made available
-+# under the terms and conditions of the BSD License which accompanies this
-+# distribution. The full text of the license may be found at
-+# http://opensource.org/licenses/bsd-license.
-+#
-+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
-+# IMPLIED.
-+##
-+
-+[Defines]
-+ INF_VERSION = 0x00010006
-+ BASE_NAME = EnrollDefaultKeys
-+ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A
-+ MODULE_TYPE = UEFI_APPLICATION
-+ VERSION_STRING = 0.1
-+ ENTRY_POINT = ShellCEntryLib
-+
-+#
-+# VALID_ARCHITECTURES = IA32 X64
-+#
-+
-+[Sources]
-+ EnrollDefaultKeys.c
-+
-+[Packages]
-+ MdePkg/MdePkg.dec
-+ MdeModulePkg/MdeModulePkg.dec
-+ SecurityPkg/SecurityPkg.dec
-+ ShellPkg/ShellPkg.dec
-+
-+[Guids]
-+ gEfiCertPkcs7Guid
-+ gEfiCertSha256Guid
-+ gEfiCertX509Guid
-+ gEfiCustomModeEnableGuid
-+ gEfiGlobalVariableGuid
-+ gEfiImageSecurityDatabaseGuid
-+ gEfiSecureBootEnableDisableGuid
-+
-+[LibraryClasses]
-+ BaseMemoryLib
-+ DebugLib
-+ MemoryAllocationLib
-+ ShellCEntryLib
-+ UefiLib
-+ UefiRuntimeServicesTableLib
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 702d3a86c4..877f0fc83c 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -873,6 +873,10 @@
-
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+ <LibraryClasses>
-+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+ }
- !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 46bc3a0b77..6ff2121122 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -882,6 +882,10 @@
-
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+ <LibraryClasses>
-+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+ }
- !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 31c5933016..12676f5ba6 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -880,6 +880,10 @@
-
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+ <LibraryClasses>
-+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+ }
- !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
diff --git a/0015-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
similarity index 90%
rename from 0015-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
rename to 0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
index 23a2de2..134e8b2 100644
--- a/0015-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
+++ b/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
@@ -1,4 +1,4 @@
-From b317a290531118f54808ebe015ee1957262fdced Mon Sep 17 00:00:00 2001
+From d0d66aef08ebf250a33f2ef431dc86e5ba4390cd Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 13:59:20 +0200
Subject: [PATCH] ArmPlatformPkg: PrePeiCore: write early hello message to the
@@ -35,10 +35,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 files changed, 15 insertions(+)
diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-index dc47adbaff..cbd72232c7 100644
+index d379ad8b7a..ff1672f94d 100644
--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-@@ -117,6 +117,11 @@ PrimaryMain (
+@@ -111,6 +111,11 @@ PrimaryMain (
UINTN TemporaryRamBase;
UINTN TemporaryRamSize;
@@ -51,10 +51,10 @@ index dc47adbaff..cbd72232c7 100644
// Enable the GIC Distributor
diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-index 134a469427..af39fc017c 100644
+index 1500d2bd51..5b0790beac 100644
--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-@@ -35,6 +35,11 @@ PrimaryMain (
+@@ -29,6 +29,11 @@ PrimaryMain (
UINTN TemporaryRamBase;
UINTN TemporaryRamSize;
@@ -67,10 +67,10 @@ index 134a469427..af39fc017c 100644
// Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-index 160894620c..bf843d7768 100644
+index 7140c7f5b5..1d69a2b468 100644
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-@@ -21,6 +21,7 @@
+@@ -15,6 +15,7 @@
#include <Library/DebugLib.h>
#include <Library/IoLib.h>
#include <Library/PcdLib.h>
@@ -79,10 +79,10 @@ index 160894620c..bf843d7768 100644
#include <PiPei.h>
#include <Ppi/TemporaryRamSupport.h>
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-index e3a31fa7c6..1bc0c45420 100644
+index 0e112710dc..9a5ba1adcb 100644
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-@@ -72,6 +72,8 @@
+@@ -66,6 +66,8 @@
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
@@ -92,10 +92,10 @@ index e3a31fa7c6..1bc0c45420 100644
gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
gArmTokenSpaceGuid.PcdGicSgiIntId
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-index ec83cec2d8..20698fcfac 100644
+index c163a818c4..652260e6ab 100644
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-@@ -71,3 +71,5 @@
+@@ -65,3 +65,5 @@
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
diff --git a/0016-ArmVirtPkg-set-early-hello-message-RH-only.patch b/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch
similarity index 90%
rename from 0016-ArmVirtPkg-set-early-hello-message-RH-only.patch
rename to 0015-ArmVirtPkg-set-early-hello-message-RH-only.patch
index d667a2f..2945d9c 100644
--- a/0016-ArmVirtPkg-set-early-hello-message-RH-only.patch
+++ b/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch
@@ -1,4 +1,4 @@
-From 48efc8ca8b083936939d679e8b489dea97bcf695 Mon Sep 17 00:00:00 2001
+From 127d7ebe3107a6d0846c19f9c4587098ef96864d Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 14:07:17 +0200
Subject: [PATCH] ArmVirtPkg: set early hello message (RH only)
@@ -27,10 +27,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 file changed, 1 insertion(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index 9a2b861fae..dd644b181e 100644
+index ccbadffd65..6254900644 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -94,6 +94,7 @@
+@@ -105,6 +105,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE
[PcdsFixedAtBuild.common]
diff --git a/0099-Tweak-the-tools_def-to-support-cross-compiling.patch b/0016-Tweak-the-tools_def-to-support-cross-compiling.patch
similarity index 93%
rename from 0099-Tweak-the-tools_def-to-support-cross-compiling.patch
rename to 0016-Tweak-the-tools_def-to-support-cross-compiling.patch
index ef2f30a..4068498 100644
--- a/0099-Tweak-the-tools_def-to-support-cross-compiling.patch
+++ b/0016-Tweak-the-tools_def-to-support-cross-compiling.patch
@@ -1,4 +1,4 @@
-From 70e4530eefdb2cecc37fff91235e716ed76f2da2 Mon Sep 17 00:00:00 2001
+From 32c885fe4a0c410d17968565cf759798f9f0067b Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 16 Aug 2018 15:45:47 -0400
Subject: [PATCH] Tweak the tools_def to support cross-compiling.
@@ -12,10 +12,10 @@ Signed-off-by: Cole Robinson <crobinso@redhat.com>
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
-index 7bf682ffa9..ad1bbcbdc6 100755
+index 26a2cf604f..ab4aced67c 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
-@@ -3517,17 +3517,17 @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
+@@ -2114,17 +2114,17 @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
##################
# GCC5 IA32 definitions
##################
@@ -44,7 +44,7 @@ index 7bf682ffa9..ad1bbcbdc6 100755
*_GCC5_IA32_ASLCC_FLAGS = DEF(GCC5_ASLCC_FLAGS) -m32
*_GCC5_IA32_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
-@@ -3549,17 +3549,17 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
+@@ -2146,17 +2146,17 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
##################
# GCC5 X64 definitions
##################
diff --git a/edk2.spec b/edk2.spec
index d5df715..86df7fe 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -6,17 +6,18 @@
# https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build#Python_bytecompilation
%global __python %{__python3}
-%global edk2_date 20180815
-%global edk2_githash cb5f4f45ce
-%global openssl_version 1.1.0j
+
+# global edk2_date 20180815
+# global edk2_githash cb5f4f45ce
+
+%global edk2_stable_date 201905
+%global edk2_stable_str edk2-stable%{edk2_stable_date}
+%global openssl_version 1.1.1b
%global qosb_version 1.1.3
+%global softfloat_version 20180726-gitb64af41
-# Even though edk2 stable releases are YYYYMM, we need
-# to use YYYMMDD to avoid needing to bump package epoch
-# due to previous 'git' Version:
-%global edk2_stable_date 20190308
-%global edk2_stable_str edk2-stable201903
+%global skip_enroll 1
%define qosb_testing 0
%ifarch x86_64
@@ -49,7 +50,10 @@
Name: edk2
#Version: {edk2_date}git{edk2_githash}
-Version: %{edk2_stable_date}stable
+# Even though edk2 stable releases are YYYYMM, we need
+# to use YYYMMDD to avoid needing to bump package epoch
+# due to previous 'git' Version:
+Version: %{edk2_stable_date}01stable
Release: 1%{dist}
Summary: EFI Development Kit II
@@ -62,6 +66,7 @@ Source0: https://github.com/tianocore/edk2/archive/%{edk2_stable_str}.tar
Source1: openssl-%{openssl_version}-hobbled.tar.xz
Source2: ovmf-whitepaper-c770f8c.txt
Source3: https://github.com/puiterwijk/qemu-ovmf-secureboot/archive/v%{qosb_version}/qemu-ovmf-secureboot-%{qosb_version}.tar.gz
+Source4: softfloat-%{softfloat_version}.tar.xz
Source10: hobble-openssl
Source11: build-iso.sh
Source12: update-tarball.sh
@@ -80,15 +85,13 @@ Patch0009: 0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
Patch0010: 0010-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
Patch0011: 0011-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
Patch0012: 0012-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
-Patch0013: 0013-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
-Patch0014: 0014-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
-Patch0015: 0015-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
-Patch0016: 0016-ArmVirtPkg-set-early-hello-message-RH-only.patch
+Patch0013: 0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
+Patch0014: 0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
+Patch0015: 0015-ArmVirtPkg-set-early-hello-message-RH-only.patch
+Patch0016: 0016-Tweak-the-tools_def-to-support-cross-compiling.patch
+
%if 0%{?cross:1}
-# Tweak the tools_def to support cross-compiling.
-# These files are meant for customization, so this is not upstream too.
-Patch0099: 0099-Tweak-the-tools_def-to-support-cross-compiling.patch
%endif
%if 0%{?fedora:1}
@@ -222,7 +225,6 @@ armv7 UEFI Firmware
%prep
%setup -q -n edk2-%{edk2_stable_str}
-
# Ensure old shell and binary packages are not used
rm -rf EdkShellBinPkg
rm -rf EdkShellPkg
@@ -233,6 +235,8 @@ rm -rf ShellBinPkg
cp -a -- %{SOURCE2} .
# extract openssl into place
tar -xvf %{SOURCE1} --strip-components=1 --directory CryptoPkg/Library/OpensslLib/openssl
+# extract softfloat into place
+tar -xvf %{SOURCE4} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3/
# Extract QOSB
tar -xvf %{SOURCE3}
@@ -242,6 +246,8 @@ mv qemu-ovmf-secureboot-%{qosb_version}/LICENSE LICENSE.qosb
%autopatch -p1
base64 --decode < MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 > MdeModulePkg/Logo/Logo-OpenSSL.bmp
+
+
%build
source ./edksetup.sh
@@ -256,7 +262,7 @@ if test "$JOBS" != ""; then
fi
# common features
-CC_FLAGS="$CC_FLAGS --cmd-len=65536 -t %{TOOLCHAIN} -b DEBUG --hash"
+CC_FLAGS="$CC_FLAGS --cmd-len=65536 -b DEBUG --hash"
CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE"
CC_FLAGS="$CC_FLAGS -D TPM2_ENABLE"
@@ -307,14 +313,15 @@ cp Build/Ovmf3264/*/X64/Shell.efi ovmf/
cp Build/Ovmf3264/*/X64/EnrollDefaultKeys.efi ovmf
sh %{_sourcedir}/build-iso.sh ovmf/
-# Build enrolled VARS file
+%if !%{skip_enroll}
python3 qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator \
- --qemu-binary /usr/bin/qemu-system-x86_64 \
- --skip-testing \
- --ovmf-binary ovmf/OVMF_CODE.secboot.fd \
- --ovmf-template-vars ovmf/OVMF_VARS.fd \
- --uefi-shell-iso ovmf/UefiShell.iso \
- ovmf/OVMF_VARS.secboot.fd
+ --qemu-binary /usr/bin/qemu-system-x86_64 \
+ --ovmf-binary ovmf/OVMF_CODE.secboot.fd \
+ --ovmf-template-vars ovmf/OVMF_VARS.fd \
+ --uefi-shell-iso ovmf/UefiShell.iso \
+ --skip-testing \
+ ovmf/OVMF_VARS.secboot.fd
+%endif
%endif
@@ -357,22 +364,27 @@ dd of="arm/QEMU_EFI-pflash.raw" if="arm/QEMU_EFI.fd" conv=notrunc
dd of="arm/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64
%endif
+
+
%check
%if 0%{?build_ovmf_x64:1}
%if 0%{?qosb_testing}
-# Verify enrolled VARS file
+%if !%{skip_enroll}
python3 qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator \
- --qemu-binary /usr/bin/qemu-system-x86_64 \
- --skip-enrollment \
- --print-output \
- --ovmf-binary ovmf/OVMF_CODE.secboot.fd \
- --ovmf-template-vars ovmf/OVMF_VARS.fd \
- --uefi-shell-iso ovmf/UefiShell.iso \
- --no-download \
- --kernel-path `rpm -ql kernel-core | grep "\/vmlinuz$" -m 1` \
- ovmf/OVMF_VARS.secboot.fd
+ --qemu-binary /usr/bin/qemu-system-x86_64 \
+ --ovmf-binary ovmf/OVMF_CODE.secboot.fd \
+ --ovmf-template-vars ovmf/OVMF_VARS.fd \
+ --uefi-shell-iso ovmf/UefiShell.iso \
+ --skip-enrollment \
+ --print-output \
+ --no-download \
+ --kernel-path `rpm -ql kernel-core | grep "\/vmlinuz$" -m 1` \
+ ovmf/OVMF_VARS.secboot.fd
%endif
%endif
+%endif
+
+
%install
cp CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl
@@ -522,6 +534,10 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
%changelog
+* Thu Jul 11 2019 Cole Robinson <crobinso@redhat.com> - 20190501stable-1
+- Update to stable-201905
+- Update to openssl-1.1.1b
+
* Mon Mar 18 2019 Cole Robinson <aintdiscole@gmail.com> - 20190308stable-1
- Use YYYYMMDD versioning to fix upgrade path
diff --git a/sources b/sources
index 660fae5..47de423 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,4 @@
SHA512 (qemu-ovmf-secureboot-1.1.3.tar.gz) = f830a525f66379e8e3c61d006fab49547e6709f7aa0f95e70f23c7d26407cc804a0ced9dcfd26af63391d603e9cb5a0714c222c7cdca8599e41852e22e13be80
-SHA512 (edk2-edk2-stable201903.tar.gz) = 44021473e137b0b7863608192badbee154aa2fe49f71b476597d83fa4046ae0f6b174acc27c4b7b185925ea9627b357bb444d98fc027031064645da91c54e0df
-SHA512 (openssl-1.1.0j-hobbled.tar.xz) = 9d2c24a634d4669742f2ac78196def4b9f35dd9977aca375c1edbc0b20cbeb62c651cbcd106e6d485a1d83d2c35f60cc0acf24b158ed685cc1780ed4415ceecf
+SHA512 (edk2-edk2-stable201905.tar.gz) = 91188923f7d1ab83c0d6abf7ec6d59f357d0341a617ad6a3ae05f3d0e041dff43f62b014b0c5fc5d15e16d8f1c279c581a5cd64b31e3d52b340d7ef90adb50f1
+SHA512 (openssl-1.1.1b-hobbled.tar.xz) = 8055b19bfeec41fe0607c04d468d2f16a1e5fe02642c8deb67b00878be7e28ab266d13da41b9576800cba0b9448253f26f72ab8889d666f5d23103648f80bea1
+SHA512 (softfloat-20180726-gitb64af41.tar.xz) = f079debd1bfcc0fe64329a8947b0689ef49246793edcdd28a2879f6550c652b0cf0f53ac4f6f5ab61ac4f7933972e0019d0ab63eb9931b6884c2909f3a5ead30