git.proxmox.com Git - mirror_edk2.git/commit - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c

author	Jiaqi Gao <jiaqi.gao@intel.com>
	Mon, 26 Apr 2021 04:31:15 +0000 (12:31 +0800)
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
	Mon, 26 Apr 2021 16:24:32 +0000 (16:24 +0000)
commit	5396354b868bd6652600a654bba7df16701ac1cb
tree	adbd75ce839b10914da913b3db02f5635276d3d3	tree
parent	f2f4c6be2dba3f8e97ac544b9c3da71e9f81b294	commit \| diff

SecurityPkg: Add constraints on PK strength

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3293

Add constraints on the key strength of enrolled platform key(PK), which
must be greater than or equal to 2048 bit. PK key strength is required
by Intel SDL and MSFT, etc. This limitation prevents user from using
weak keys as PK.

The original code to check the certificate file type is placed in a new
function CheckX509Certificate(), which checks if the X.509 certificate
meets the requirements of encode type, RSA-Key strengh, etc.

Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c		diff \| blob \| blame \| history
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h		diff \| blob \| blame \| history