tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BaseTools/Pkcs7Sign: Add PKCS7 test key include files 

https://bugzilla.tianocore.org/show_bug.cgi?id=1073

Add PCD statement include files for the PKCS7 test key.
* gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
* gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr

These include files can be used in !include statements in PCD
sections of a platform DSC file to assign these PCDs to the
test key certificate values.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
This commit is contained in:
Kinney, Michael D 2018-04-15 22:02:05 -07:00
parent dd4cae4d82
commit 526dd0245b
3 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
BaseTools/Source/Python/Pkcs7Sign/Readme.md
View File

@ -116,3 +116,43 @@ Convert Key and Certificate for signing. Password is removed with -nodes flag fo
openssl smime -verify -inform DER -in test.bin.p7 -content test.bin -CAfile TestRoot.pub.pem -out test.org.bin openssl smime -verify -inform DER -in test.bin.p7 -content test.bin -CAfile TestRoot.pub.pem -out test.org.bin
## Generate DSC PCD include files for Certificate
The `BinToPcd` utility can be used to convert the binary Certificate file to a
text file can be included from a DSC file to set a PCD to the contents of the
Certificate file.
The following 2 PCDs can be set to the PKCS7 Certificate value. The first one
supports a single certificate. The second one supports multiple certificate
values using the XDR format.
* `gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer`
* `gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr`
Generate DSC PCD include files:
```
BinToPcd.py -i TestRoot.cer -p gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer -o TestRoot.cer.gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer.inc
BinToPcd.py -i TestRoot.cer -p gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr -x -o TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc
```
These files can be used in `!include` statements in DSC file PCD sections. For example:
* Platform scoped fixed at build PCD section
```
[PcdsFixedAtBuild]
!include BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer.inc
```
* Platform scoped patchable in module PCD section
```
[PcdsPatchableInModule]
!include BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc
```
* Module scoped fixed at build PCD section
```
[Components]
FmpDevicePkg/FmpDxe/FmpDxe.inf {
<PcdsFixedAtBuild>
!include BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc
}
```

1
BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer.inc Normal file
View File

File diff suppressed because one or more lines are too long

1
BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc Normal file
View File

File diff suppressed because one or more lines are too long