tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/BaseTools/Source/Python/Common/Uefi/Capsule/FmpAuthHeader.py

191 lines
7.7 KiB
Python
Raw Normal View History

BaseTools/Capsule: Add Capsule Generation Tools https://bugzilla.tianocore.org/show_bug.cgi?id=945 Based on content from the following branch https://github.com/Microsoft/MS_UEFI/tree/share/beta/CapsuleTools * Convert C tools to Python * Add common python modules to: BaseTools/Source/Python/Common/Uefi/Capsule BaseTools/Source/Python/Common/Edk2/Capsule * Add GenerateCapsule.py to BaseTools/Source/Python/Capsule * Add Windows and Posix wrappers for GenerateCapsule.py usage: GenerateCapsule [-h] [-o OUTPUTFILE] (-e | -d | --dump-info) [--capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset}] [--capoemflag CAPSULEOEMFLAG] [--guid GUID] [--hardware-instance HARDWAREINSTANCE] [--monotonic-count MONOTONICCOUNT] [--fw-version FWVERSION] [--lsv LOWESTSUPPORTEDVERSION] [--pfx-file SIGNTOOLPFXFILE] [--signer-private-cert OPENSSLSIGNERPRIVATECERTFILE] [--other-public-cert OPENSSLOTHERPUBLICCERTFILE] [--trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE] [--signing-tool-path SIGNINGTOOLPATH] [--version] [-v] [-q] [--debug [0-9]] InputFile Generate a capsule. Copyright (c) 2018, Intel Corporation. All rights reserved. positional arguments: InputFile Input binary payload filename. optional arguments: -h, --help show this help message and exit -o OUTPUTFILE, --output OUTPUTFILE Output filename. -e, --encode Encode file -d, --decode Decode file --dump-info Display FMP Payload Header information --capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset} Capsule flag can be PersistAcrossReset, or PopulateSystemTable or InitiateReset or not set --capoemflag CAPSULEOEMFLAG Capsule OEM Flag is an integer between 0x0000 and 0xffff. --guid GUID The FMP/ESRT GUID in registry format. Required for encode operations. --hardware-instance HARDWAREINSTANCE The 64-bit hardware instance. The default is 0x0000000000000000 --monotonic-count MONOTONICCOUNT 64-bit monotonic count value in header. Default is 0x0000000000000000. --fw-version FWVERSION The 32-bit version of the binary payload (e.g. 0x11223344 or 5678). --lsv LOWESTSUPPORTEDVERSION The 32-bit lowest supported version of the binary payload (e.g. 0x11223344 or 5678). --pfx-file SIGNTOOLPFXFILE signtool PFX certificate filename. --signer-private-cert OPENSSLSIGNERPRIVATECERTFILE OpenSSL signer private certificate filename. --other-public-cert OPENSSLOTHERPUBLICCERTFILE OpenSSL other public certificate filename. --trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE OpenSSL trusted public certificate filename. --signing-tool-path SIGNINGTOOLPATH Path to signtool or OpenSSL tool. Optional if path to tools are already in PATH. --version show program's version number and exit -v, --verbose Turn on verbose output with informational messages printed, including capsule headers and warning messages. -q, --quiet Disable all messages except fatal errors. --debug [0-9] Set debug level Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yonghong Zhu <yonghong.zhu@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-05-02 05:54:46 +02:00
## @file
# Module that encodes and decodes a EFI_FIRMWARE_IMAGE_AUTHENTICATION with
# certificate data and payload data.
#
BaseTools/Capsule: Supports multiple payloads and drivers in capsule REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1834 1)Add arguments "--embedded-driver" to support embedded driver in command line. 2)Add arguments "--update-image-index" to identify ImageIndex within the device in command line. 3)Add arguments "-j JSONFILE" to support multiple payloads and embedded drivers with JSON file. The update is in a backwards compatible manner, so all command line options to support single payload are still supported. But all the options associated with multiple payloads should be provided in a JSON file. Cc: Bob Feng <bob.c.feng@intel.com> Signed-off-by: Eric Jin <eric.jin@intel.com> Reviewed-by: Bob Feng <bob.c.feng@intel.com>
2019-06-26 07:55:35 +02:00
# Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
BaseTools: Replace BSD License with BSD+Patent License https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Bob Feng <bob.c.feng@intel.com>
2019-04-04 01:03:11 +02:00
# SPDX-License-Identifier: BSD-2-Clause-Patent
BaseTools/Capsule: Add Capsule Generation Tools https://bugzilla.tianocore.org/show_bug.cgi?id=945 Based on content from the following branch https://github.com/Microsoft/MS_UEFI/tree/share/beta/CapsuleTools * Convert C tools to Python * Add common python modules to: BaseTools/Source/Python/Common/Uefi/Capsule BaseTools/Source/Python/Common/Edk2/Capsule * Add GenerateCapsule.py to BaseTools/Source/Python/Capsule * Add Windows and Posix wrappers for GenerateCapsule.py usage: GenerateCapsule [-h] [-o OUTPUTFILE] (-e | -d | --dump-info) [--capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset}] [--capoemflag CAPSULEOEMFLAG] [--guid GUID] [--hardware-instance HARDWAREINSTANCE] [--monotonic-count MONOTONICCOUNT] [--fw-version FWVERSION] [--lsv LOWESTSUPPORTEDVERSION] [--pfx-file SIGNTOOLPFXFILE] [--signer-private-cert OPENSSLSIGNERPRIVATECERTFILE] [--other-public-cert OPENSSLOTHERPUBLICCERTFILE] [--trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE] [--signing-tool-path SIGNINGTOOLPATH] [--version] [-v] [-q] [--debug [0-9]] InputFile Generate a capsule. Copyright (c) 2018, Intel Corporation. All rights reserved. positional arguments: InputFile Input binary payload filename. optional arguments: -h, --help show this help message and exit -o OUTPUTFILE, --output OUTPUTFILE Output filename. -e, --encode Encode file -d, --decode Decode file --dump-info Display FMP Payload Header information --capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset} Capsule flag can be PersistAcrossReset, or PopulateSystemTable or InitiateReset or not set --capoemflag CAPSULEOEMFLAG Capsule OEM Flag is an integer between 0x0000 and 0xffff. --guid GUID The FMP/ESRT GUID in registry format. Required for encode operations. --hardware-instance HARDWAREINSTANCE The 64-bit hardware instance. The default is 0x0000000000000000 --monotonic-count MONOTONICCOUNT 64-bit monotonic count value in header. Default is 0x0000000000000000. --fw-version FWVERSION The 32-bit version of the binary payload (e.g. 0x11223344 or 5678). --lsv LOWESTSUPPORTEDVERSION The 32-bit lowest supported version of the binary payload (e.g. 0x11223344 or 5678). --pfx-file SIGNTOOLPFXFILE signtool PFX certificate filename. --signer-private-cert OPENSSLSIGNERPRIVATECERTFILE OpenSSL signer private certificate filename. --other-public-cert OPENSSLOTHERPUBLICCERTFILE OpenSSL other public certificate filename. --trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE OpenSSL trusted public certificate filename. --signing-tool-path SIGNINGTOOLPATH Path to signtool or OpenSSL tool. Optional if path to tools are already in PATH. --version show program's version number and exit -v, --verbose Turn on verbose output with informational messages printed, including capsule headers and warning messages. -q, --quiet Disable all messages except fatal errors. --debug [0-9] Set debug level Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yonghong Zhu <yonghong.zhu@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-05-02 05:54:46 +02:00
#
'''
FmpAuthHeader
'''
import struct
import uuid
class FmpAuthHeaderClass (object):
# ///
# /// Image Attribute -Authentication Required
# ///
# typedef struct {
# ///
# /// It is included in the signature of AuthInfo. It is used to ensure freshness/no replay.
# /// It is incremented during each firmware image operation.
# ///
# UINT64 MonotonicCount;
# ///
# /// Provides the authorization for the firmware image operations. It is a signature across
# /// the image data and the Monotonic Count value. Caller uses the private key that is
# /// associated with a public key that has been provisioned via the key exchange.
# /// Because this is defined as a signature, WIN_CERTIFICATE_UEFI_GUID.CertType must
# /// be EFI_CERT_TYPE_PKCS7_GUID.
# ///
# WIN_CERTIFICATE_UEFI_GUID AuthInfo;
# } EFI_FIRMWARE_IMAGE_AUTHENTICATION;
#
# ///
# /// Certificate which encapsulates a GUID-specific digital signature
# ///
# typedef struct {
# ///
# /// This is the standard WIN_CERTIFICATE header, where
# /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID.
# ///
# WIN_CERTIFICATE Hdr;
# ///
# /// This is the unique id which determines the
# /// format of the CertData. .
# ///
# EFI_GUID CertType;
# ///
# /// The following is the certificate data. The format of
# /// the data is determined by the CertType.
# /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID,
# /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure.
# ///
# UINT8 CertData[1];
# } WIN_CERTIFICATE_UEFI_GUID;
#
# ///
# /// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
# ///
# typedef struct {
# ///
# /// The length of the entire certificate,
# /// including the length of the header, in bytes.
# ///
# UINT32 dwLength;
# ///
# /// The revision level of the WIN_CERTIFICATE
# /// structure. The current revision level is 0x0200.
# ///
# UINT16 wRevision;
# ///
# /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
# /// certificate types. The UEFI specification reserves the range of
# /// certificate type values from 0x0EF0 to 0x0EFF.
# ///
# UINT16 wCertificateType;
# ///
# /// The following is the actual certificate. The format of
# /// the certificate depends on wCertificateType.
# ///
# /// UINT8 bCertificate[ANYSIZE_ARRAY];
# ///
# } WIN_CERTIFICATE;
#
# #define WIN_CERT_TYPE_EFI_GUID 0x0EF1
#
# ///
# /// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315]
# /// SignedData value.
# ///
# #define EFI_CERT_TYPE_PKCS7_GUID \
# { \
# 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \
# }
_StructFormat = '<QIHH16s'
_StructSize = struct.calcsize (_StructFormat)
_MonotonicCountFormat = '<Q'
_MonotonicCountSize = struct.calcsize (_MonotonicCountFormat)
_StructAuthInfoFormat = '<IHH16s'
_StructAuthInfoSize = struct.calcsize (_StructAuthInfoFormat)
_WIN_CERT_REVISION = 0x0200
_WIN_CERT_TYPE_EFI_GUID = 0x0EF1
_EFI_CERT_TYPE_PKCS7_GUID = uuid.UUID ('4aafd29d-68df-49ee-8aa9-347d375665a7')
def __init__ (self):
self._Valid = False
self.MonotonicCount = 0
self.dwLength = self._StructAuthInfoSize
self.wRevision = self._WIN_CERT_REVISION
self.wCertificateType = self._WIN_CERT_TYPE_EFI_GUID
self.CertType = self._EFI_CERT_TYPE_PKCS7_GUID
self.CertData = b''
self.Payload = b''
def Encode (self):
if self.wRevision != self._WIN_CERT_REVISION:
raise ValueError
if self.wCertificateType != self._WIN_CERT_TYPE_EFI_GUID:
raise ValueError
if self.CertType != self._EFI_CERT_TYPE_PKCS7_GUID:
raise ValueError
self.dwLength = self._StructAuthInfoSize + len (self.CertData)
FmpAuthHeader = struct.pack (
self._StructFormat,
self.MonotonicCount,
self.dwLength,
self.wRevision,
self.wCertificateType,
self.CertType.bytes_le
)
self._Valid = True
return FmpAuthHeader + self.CertData + self.Payload
def Decode (self, Buffer):
if len (Buffer) < self._StructSize:
raise ValueError
(MonotonicCount, dwLength, wRevision, wCertificateType, CertType) = \
struct.unpack (
self._StructFormat,
Buffer[0:self._StructSize]
)
if dwLength < self._StructAuthInfoSize:
raise ValueError
if wRevision != self._WIN_CERT_REVISION:
raise ValueError
if wCertificateType != self._WIN_CERT_TYPE_EFI_GUID:
raise ValueError
if CertType != self._EFI_CERT_TYPE_PKCS7_GUID.bytes_le:
raise ValueError
self.MonotonicCount = MonotonicCount
self.dwLength = dwLength
self.wRevision = wRevision
self.wCertificateType = wCertificateType
BaseTools/Capsule: Fix CertType GUID byte order https://bugzilla.tianocore.org/show_bug.cgi?id=1024 Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yonghong Zhu <yonghong.zhu@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-07-28 09:00:08 +02:00
self.CertType = uuid.UUID (bytes_le = CertType)
BaseTools/Capsule: Add Capsule Generation Tools https://bugzilla.tianocore.org/show_bug.cgi?id=945 Based on content from the following branch https://github.com/Microsoft/MS_UEFI/tree/share/beta/CapsuleTools * Convert C tools to Python * Add common python modules to: BaseTools/Source/Python/Common/Uefi/Capsule BaseTools/Source/Python/Common/Edk2/Capsule * Add GenerateCapsule.py to BaseTools/Source/Python/Capsule * Add Windows and Posix wrappers for GenerateCapsule.py usage: GenerateCapsule [-h] [-o OUTPUTFILE] (-e | -d | --dump-info) [--capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset}] [--capoemflag CAPSULEOEMFLAG] [--guid GUID] [--hardware-instance HARDWAREINSTANCE] [--monotonic-count MONOTONICCOUNT] [--fw-version FWVERSION] [--lsv LOWESTSUPPORTEDVERSION] [--pfx-file SIGNTOOLPFXFILE] [--signer-private-cert OPENSSLSIGNERPRIVATECERTFILE] [--other-public-cert OPENSSLOTHERPUBLICCERTFILE] [--trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE] [--signing-tool-path SIGNINGTOOLPATH] [--version] [-v] [-q] [--debug [0-9]] InputFile Generate a capsule. Copyright (c) 2018, Intel Corporation. All rights reserved. positional arguments: InputFile Input binary payload filename. optional arguments: -h, --help show this help message and exit -o OUTPUTFILE, --output OUTPUTFILE Output filename. -e, --encode Encode file -d, --decode Decode file --dump-info Display FMP Payload Header information --capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset} Capsule flag can be PersistAcrossReset, or PopulateSystemTable or InitiateReset or not set --capoemflag CAPSULEOEMFLAG Capsule OEM Flag is an integer between 0x0000 and 0xffff. --guid GUID The FMP/ESRT GUID in registry format. Required for encode operations. --hardware-instance HARDWAREINSTANCE The 64-bit hardware instance. The default is 0x0000000000000000 --monotonic-count MONOTONICCOUNT 64-bit monotonic count value in header. Default is 0x0000000000000000. --fw-version FWVERSION The 32-bit version of the binary payload (e.g. 0x11223344 or 5678). --lsv LOWESTSUPPORTEDVERSION The 32-bit lowest supported version of the binary payload (e.g. 0x11223344 or 5678). --pfx-file SIGNTOOLPFXFILE signtool PFX certificate filename. --signer-private-cert OPENSSLSIGNERPRIVATECERTFILE OpenSSL signer private certificate filename. --other-public-cert OPENSSLOTHERPUBLICCERTFILE OpenSSL other public certificate filename. --trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE OpenSSL trusted public certificate filename. --signing-tool-path SIGNINGTOOLPATH Path to signtool or OpenSSL tool. Optional if path to tools are already in PATH. --version show program's version number and exit -v, --verbose Turn on verbose output with informational messages printed, including capsule headers and warning messages. -q, --quiet Disable all messages except fatal errors. --debug [0-9] Set debug level Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yonghong Zhu <yonghong.zhu@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-05-02 05:54:46 +02:00
self.CertData = Buffer[self._StructSize:self._MonotonicCountSize + self.dwLength]
self.Payload = Buffer[self._MonotonicCountSize + self.dwLength:]
self._Valid = True
return self.Payload
BaseTools/Capsule: Supports multiple payloads and drivers in capsule REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1834 1)Add arguments "--embedded-driver" to support embedded driver in command line. 2)Add arguments "--update-image-index" to identify ImageIndex within the device in command line. 3)Add arguments "-j JSONFILE" to support multiple payloads and embedded drivers with JSON file. The update is in a backwards compatible manner, so all command line options to support single payload are still supported. But all the options associated with multiple payloads should be provided in a JSON file. Cc: Bob Feng <bob.c.feng@intel.com> Signed-off-by: Eric Jin <eric.jin@intel.com> Reviewed-by: Bob Feng <bob.c.feng@intel.com>
2019-06-26 07:55:35 +02:00
def IsSigned (self, Buffer):
if len (Buffer) < self._StructSize:
return False
(MonotonicCount, dwLength, wRevision, wCertificateType, CertType) = \
struct.unpack (
self._StructFormat,
Buffer[0:self._StructSize]
)
if CertType != self._EFI_CERT_TYPE_PKCS7_GUID.bytes_le:
return False
return True
BaseTools/Capsule: Add Capsule Generation Tools https://bugzilla.tianocore.org/show_bug.cgi?id=945 Based on content from the following branch https://github.com/Microsoft/MS_UEFI/tree/share/beta/CapsuleTools * Convert C tools to Python * Add common python modules to: BaseTools/Source/Python/Common/Uefi/Capsule BaseTools/Source/Python/Common/Edk2/Capsule * Add GenerateCapsule.py to BaseTools/Source/Python/Capsule * Add Windows and Posix wrappers for GenerateCapsule.py usage: GenerateCapsule [-h] [-o OUTPUTFILE] (-e | -d | --dump-info) [--capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset}] [--capoemflag CAPSULEOEMFLAG] [--guid GUID] [--hardware-instance HARDWAREINSTANCE] [--monotonic-count MONOTONICCOUNT] [--fw-version FWVERSION] [--lsv LOWESTSUPPORTEDVERSION] [--pfx-file SIGNTOOLPFXFILE] [--signer-private-cert OPENSSLSIGNERPRIVATECERTFILE] [--other-public-cert OPENSSLOTHERPUBLICCERTFILE] [--trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE] [--signing-tool-path SIGNINGTOOLPATH] [--version] [-v] [-q] [--debug [0-9]] InputFile Generate a capsule. Copyright (c) 2018, Intel Corporation. All rights reserved. positional arguments: InputFile Input binary payload filename. optional arguments: -h, --help show this help message and exit -o OUTPUTFILE, --output OUTPUTFILE Output filename. -e, --encode Encode file -d, --decode Decode file --dump-info Display FMP Payload Header information --capflag {PersistAcrossReset,PopulateSystemTable,InitiateReset} Capsule flag can be PersistAcrossReset, or PopulateSystemTable or InitiateReset or not set --capoemflag CAPSULEOEMFLAG Capsule OEM Flag is an integer between 0x0000 and 0xffff. --guid GUID The FMP/ESRT GUID in registry format. Required for encode operations. --hardware-instance HARDWAREINSTANCE The 64-bit hardware instance. The default is 0x0000000000000000 --monotonic-count MONOTONICCOUNT 64-bit monotonic count value in header. Default is 0x0000000000000000. --fw-version FWVERSION The 32-bit version of the binary payload (e.g. 0x11223344 or 5678). --lsv LOWESTSUPPORTEDVERSION The 32-bit lowest supported version of the binary payload (e.g. 0x11223344 or 5678). --pfx-file SIGNTOOLPFXFILE signtool PFX certificate filename. --signer-private-cert OPENSSLSIGNERPRIVATECERTFILE OpenSSL signer private certificate filename. --other-public-cert OPENSSLOTHERPUBLICCERTFILE OpenSSL other public certificate filename. --trusted-public-cert OPENSSLTRUSTEDPUBLICCERTFILE OpenSSL trusted public certificate filename. --signing-tool-path SIGNINGTOOLPATH Path to signtool or OpenSSL tool. Optional if path to tools are already in PATH. --version show program's version number and exit -v, --verbose Turn on verbose output with informational messages printed, including capsule headers and warning messages. -q, --quiet Disable all messages except fatal errors. --debug [0-9] Set debug level Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yonghong Zhu <yonghong.zhu@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-05-02 05:54:46 +02:00
def DumpInfo (self):
if not self._Valid:
raise ValueError
print ('EFI_FIRMWARE_IMAGE_AUTHENTICATION.MonotonicCount = {MonotonicCount:016X}'.format (MonotonicCount = self.MonotonicCount))
print ('EFI_FIRMWARE_IMAGE_AUTHENTICATION.AuthInfo.Hdr.dwLength = {dwLength:08X}'.format (dwLength = self.dwLength))
print ('EFI_FIRMWARE_IMAGE_AUTHENTICATION.AuthInfo.Hdr.wRevision = {wRevision:04X}'.format (wRevision = self.wRevision))
print ('EFI_FIRMWARE_IMAGE_AUTHENTICATION.AuthInfo.Hdr.wCertificateType = {wCertificateType:04X}'.format (wCertificateType = self.wCertificateType))
print ('EFI_FIRMWARE_IMAGE_AUTHENTICATION.AuthInfo.CertType = {Guid}'.format (Guid = str(self.CertType).upper()))
print ('sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION.AuthInfo.CertData) = {Size:08X}'.format (Size = len (self.CertData)))
print ('sizeof (Payload) = {Size:08X}'.format (Size = len (self.Payload)))