X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=BaseTools%2FSource%2FPython%2FPkcs7Sign%2FReadme.md;fp=BaseTools%2FSource%2FPython%2FPkcs7Sign%2FReadme.md;h=5315b7fca488b0146986e7ea5fc74fd72a0fd3a5;hp=fee0327876fc9b65722fabea7e0c46ddf615b258;hb=526dd0245bf0db6a01c21943201a4572747bca7f;hpb=dd4cae4d82c7477273f3da455084844db5cca0c0 diff --git a/BaseTools/Source/Python/Pkcs7Sign/Readme.md b/BaseTools/Source/Python/Pkcs7Sign/Readme.md index fee0327876..5315b7fca4 100644 --- a/BaseTools/Source/Python/Pkcs7Sign/Readme.md +++ b/BaseTools/Source/Python/Pkcs7Sign/Readme.md @@ -116,3 +116,43 @@ Convert Key and Certificate for signing. Password is removed with -nodes flag fo openssl smime -verify -inform DER -in test.bin.p7 -content test.bin -CAfile TestRoot.pub.pem -out test.org.bin +## Generate DSC PCD include files for Certificate + +The `BinToPcd` utility can be used to convert the binary Certificate file to a +text file can be included from a DSC file to set a PCD to the contents of the +Certificate file. + +The following 2 PCDs can be set to the PKCS7 Certificate value. The first one +supports a single certificate. The second one supports multiple certificate +values using the XDR format. +* `gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer` +* `gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr` + +Generate DSC PCD include files: +``` +BinToPcd.py -i TestRoot.cer -p gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer -o TestRoot.cer.gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer.inc +BinToPcd.py -i TestRoot.cer -p gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr -x -o TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc +``` + +These files can be used in `!include` statements in DSC file PCD sections. For example: + +* Platform scoped fixed at build PCD section +``` +[PcdsFixedAtBuild] + !include BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer.inc +``` + +* Platform scoped patchable in module PCD section +``` +[PcdsPatchableInModule] + !include BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc +``` + +* Module scoped fixed at build PCD section +``` +[Components] + FmpDevicePkg/FmpDxe/FmpDxe.inf { + + !include BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer.gFmpDevicePkgTokenSpaceGuid.PcdFmpDevicePkcs7CertBufferXdr.inc + } +```