]> git.proxmox.com Git - mirror_edk2.git/blobdiff - BaseTools/Source/Python/Pkcs7Sign/Readme.md
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
BaseTools/Pkcs7Sign: Add PKCS7 test key include files
[mirror_edk2.git] / BaseTools / Source / Python / Pkcs7Sign / Readme.md
diff --git a/BaseTools/Source/Python/Pkcs7Sign/Readme.md b/BaseTools/Source/Python/Pkcs7Sign/Readme.md
index fee0327876fc9b65722fabea7e0c46ddf615b258..5315b7fca488b0146986e7ea5fc74fd72a0fd3a5 100644 (file)
--- a/BaseTools/Source/Python/Pkcs7Sign/Readme.md
+++ b/BaseTools/Source/Python/Pkcs7Sign/Readme.md
@@ -116,3 +116,43 @@ Convert Key and Certificate for signing. Password is removed with -nodes flag fo
 \r
     openssl smime -verify -inform DER -in test.bin.p7 -content test.bin -CAfile TestRoot.pub.pem -out test.org.bin\r
 \r
+## Generate DSC PCD include files for Certificate\r
+\r
+The `BinToPcd` utility can be used to convert the binary Certificate file to a\r
+text file can be included from a DSC file to set a PCD to the contents of the\r
+Certificate file.\r
+\r
+The following 2 PCDs can be set to the PKCS7 Certificate value.  The first one\r
+supports a single certificate.  The second one supports multiple certificate\r
+values using the XDR format.\r
+* `gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer`\r
+* `gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr`\r
+\r
+Generate DSC PCD include files:\r
+```\r
+BinToPcd.py -i TestRoot.cer -p gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer -o TestRoot.cer.gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer.inc\r
+BinToPcd.py -i TestRoot.cer -p gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr -x -o TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc\r
+```\r
+\r
+These files can be used in `!include` statements in DSC file PCD sections.  For example:\r
+\r
+* Platform scoped fixed at build PCD section\r
+```\r
+[PcdsFixedAtBuild]\r
+  !include BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer.inc\r
+```\r
+\r
+* Platform scoped patchable in module PCD section\r
+```\r
+[PcdsPatchableInModule]\r
+  !include BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc\r
+```\r
+\r
+* Module scoped fixed at build PCD section\r
+```\r
+[Components]\r
+  FmpDevicePkg/FmpDxe/FmpDxe.inf {\r
+    <PcdsFixedAtBuild>\r
+      !include BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc\r
+  }\r
+```\r
EFI Development Kit II mirror for PVE