Commit Graph

13 Commits

Author SHA1 Message Date
Kinney, Michael D 526dd0245b BaseTools/Pkcs7Sign: Add PKCS7 test key include files
https://bugzilla.tianocore.org/show_bug.cgi?id=1073

Add PCD statement include files for the PKCS7 test key.
* gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
* gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr

These include files can be used in !include statements in PCD
sections of a platform DSC file to assign these PCDs to the
test key certificate values.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-08-03 15:36:06 -07:00
Gary Lin ccaa7754a2 BaseTools: Adjust the spaces around commas and colons
Based on "futurize -f lib2to3.fixes.fix_ws_comma"

Contributed-under: TianoCore Contribution Agreement 1.1
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-06-27 16:33:25 +08:00
Gary Lin 87d2afd07c BaseTools: Remove the old python "not-equal"
Replace "<>" with "!=" to be compatible with python3.

Contributed-under: TianoCore Contribution Agreement 1.1
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-06-27 16:33:22 +08:00
Gary Lin 72443dd250 BaseTools: Refactor python print statements
Refactor print statements to be compatible with python 3.
Based on "futurize -f libfuturize.fixes.fix_print_with_import"

Contributed-under: TianoCore Contribution Agreement 1.1
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
2018-06-27 16:33:21 +08:00
Yonghong Zhu b10515378d BaseTools: Pkcs7Sign Tool to support OPENSSL_PATH has space
Update Pkcs7Sign Tool to support the case that OPENSSL_PATH has space
characters.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-04-27 21:19:29 +08:00
Long Qin f536d7c3ed BaseTools/Pkcs7Sign: Update the test certificates & Readme.md
The old TestRoot certificate used for Pkcs7Sign is not compliant to
Root CA certificate requirement with incorrect basic constraints and
key usage setting.
When OpenSSL in CryptoPkg was updated from 1.0.2xx to the latest
1.1.0xx, the CA certificate checking was enforced for more extension
validations, which will raise the verification failure when stilling
using the old sample certificates.

This patch re-generated one set of test certificates used in
Pkcs7Sign demo, and updated the corresponding Readme.md to describe
how to set the options in openssl configuration file.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-04-12 13:15:24 +08:00
Yonghong Zhu a5f26fefca BaseTools: Update Pkcs7 and RSA2048 tool with shell=True
Pkcs7Sign, Rsa2048Sha256Sign and Rsa2048Sha256GenerateKeys doesn't work
on Linux. It needs to be changed with shell=True.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-03-29 16:45:24 +08:00
Yonghong Zhu 8a0933f436 BaseTools: Update some tool with shell=True
Pkcs7Sign, Rsa2048Sha256Sign and Rsa2048Sha256GenerateKeys doesn't work
on Linux. It needs to be changed with shell=True.

Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=423
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-03-18 16:38:04 +08:00
Jiewen Yao fdaf78424d BaseTools/Pkcs7: Add readme.md
Add readme.md to describe the X.509 certificate generation.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Qin Long <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
2016-11-04 22:30:43 +08:00
Jiewen Yao e9d0933d45 BaseTool/Pkcs7: Add TestRoot.cer.
We add this binary data file for TestRoot.cer.
So that a platform may include this default file in FDF,
to check if the platform is using default test key,
or different production key.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2016-11-03 13:44:45 +08:00
Yonghong Zhu 245cda6641 BaseTools: Update sign tool to make MonotonicCount *after* Payload
The WIN_CERTIFICATE_UEFI_GUID AuthInfo defined in the UEFI spec
mentioned that It is a signature across the image data and the
Monotonic Count value. After clarification, we do the signature
calculation, we put MonotonicCount after Payload.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Jiewen Yao <jiewen.yao@intel.com>
2016-10-17 13:26:22 +08:00
Yonghong Zhu 11eaa7affb BaseTools: Change source files to DOS format
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-09-04 13:25:49 +08:00
Yonghong Zhu cd1c960469 BaseTools: Add the PKCS7 tool
Provide the PKCS7 Tool to support the CertType - EFI_CERT_TYPE_PKCS7_GUID,
then user can use this tool to add EFI_FIRMWARE_IMAGE_AUTHENTICATION
for a binary.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-08-19 15:33:25 +08:00