audk/VariableAuthenticated at 12a4d0cb9dd9e241fcd86f2ff78d1560ea1ffe67 - audk

History

Jiaqi Gao 5396354b86 SecurityPkg: Add constraints on PK strength REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3293 Add constraints on the key strength of enrolled platform key(PK), which must be greater than or equal to 2048 bit. PK key strength is required by Intel SDL and MSFT, etc. This limitation prevents user from using weak keys as PK. The original code to check the certificate file type is placed in a new function CheckX509Certificate(), which checks if the X.509 certificate meets the requirements of encode type, RSA-Key strengh, etc. Cc: Min Xu <min.m.xu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com> Reviewed-by: Min Xu <min.m.xu@intel.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>	2021-04-26 16:24:32 +00:00
..
SecureBootConfigDxe	SecurityPkg: Add constraints on PK strength	2021-04-26 16:24:32 +00:00

Jiaqi Gao 5396354b86 SecurityPkg: Add constraints on PK strength

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3293

Add constraints on the key strength of enrolled platform key(PK), which
must be greater than or equal to 2048 bit. PK key strength is required
by Intel SDL and MSFT, etc. This limitation prevents user from using
weak keys as PK.

The original code to check the certificate file type is placed in a new
function CheckX509Certificate(), which checks if the X.509 certificate
meets the requirements of encode type, RSA-Key strengh, etc.

Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>

2021-04-26 16:24:32 +00:00

SecureBootConfigDxe

SecurityPkg: Add constraints on PK strength

2021-04-26 16:24:32 +00:00