};\r
\r
CONST UINTN mSizeOfSha256OfDevNull = sizeof mSha256OfDevNull;\r
-\r
-\r
-//\r
-// The following test cases of the Secure Boot Logo Test in the Microsoft\r
-// Hardware Certification Kit:\r
-//\r
-// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent\r
-// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB\r
-//\r
-// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be\r
-// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the\r
-// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509\r
-// certificates:\r
-//\r
-// - "Microsoft Corporation KEK CA 2011" (in KEK)\r
-// - "Microsoft Windows Production PCA 2011" (in db)\r
-// - "Microsoft Corporation UEFI CA 2011" (in db)\r
-//\r
-// This is despite the fact that the UEFI specification requires\r
-// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS,\r
-// application or driver) that enrolled and therefore owns\r
-// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued\r
-// EFI_SIGNATURE_DATA.SignatureData.\r
-//\r
-CONST EFI_GUID mMicrosoftOwnerGuid = {\r
- 0x77fa9abd, 0x0359, 0x4d32,\r
- { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },\r
-};\r
#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid\r
#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME\r
#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE\r
+#include <Guid/MicrosoftVendor.h> // gMicrosoftVendorGuid\r
#include <Library/BaseMemoryLib.h> // CopyGuid()\r
#include <Library/DebugLib.h> // ASSERT()\r
#include <Library/MemoryAllocationLib.h> // FreePool()\r
EFI_IMAGE_SECURITY_DATABASE,\r
&gEfiImageSecurityDatabaseGuid,\r
&gEfiCertX509Guid,\r
- mMicrosoftPca, mSizeOfMicrosoftPca, &mMicrosoftOwnerGuid,\r
- mMicrosoftUefiCa, mSizeOfMicrosoftUefiCa, &mMicrosoftOwnerGuid,\r
+ mMicrosoftPca, mSizeOfMicrosoftPca, &gMicrosoftVendorGuid,\r
+ mMicrosoftUefiCa, mSizeOfMicrosoftUefiCa, &gMicrosoftVendorGuid,\r
NULL);\r
if (EFI_ERROR (Status)) {\r
return 1;\r
&gEfiGlobalVariableGuid,\r
&gEfiCertX509Guid,\r
mRedHatPkKek1, mSizeOfRedHatPkKek1, &gEfiCallerIdGuid,\r
- mMicrosoftKek, mSizeOfMicrosoftKek, &mMicrosoftOwnerGuid,\r
+ mMicrosoftKek, mSizeOfMicrosoftKek, &gMicrosoftVendorGuid,\r
NULL);\r
if (EFI_ERROR (Status)) {\r
return 1;\r
extern CONST UINT8 mSha256OfDevNull[];\r
extern CONST UINTN mSizeOfSha256OfDevNull;\r
\r
-extern CONST EFI_GUID mMicrosoftOwnerGuid;\r
-\r
#endif /* ENROLL_DEFAULT_KEYS_H_ */\r
[Packages]\r
MdeModulePkg/MdeModulePkg.dec\r
MdePkg/MdePkg.dec\r
+ OvmfPkg/OvmfPkg.dec\r
SecurityPkg/SecurityPkg.dec\r
ShellPkg/ShellPkg.dec\r
\r
gEfiGlobalVariableGuid\r
gEfiImageSecurityDatabaseGuid\r
gEfiSecureBootEnableDisableGuid\r
+ gMicrosoftVendorGuid\r
\r
[LibraryClasses]\r
BaseMemoryLib\r
--- /dev/null
+/** @file\r
+ Declare the GUID that is expected:\r
+\r
+ - as EFI_SIGNATURE_DATA.SignatureOwner GUID in association with X509 and\r
+ RSA2048 Secure Boot certificates issued by/for Microsoft,\r
+\r
+ - as UEFI variable vendor GUID in association with (unspecified)\r
+ Microsoft-owned variables.\r
+\r
+ Copyright (C) 2014-2019, Red Hat, Inc.\r
+\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+ @par Specification Reference:\r
+ - MSDN: System.Fundamentals.Firmware at\r
+ <https://msdn.microsoft.com/en-us/ie/dn932805(v=vs.94)>.\r
+**/\r
+\r
+#ifndef MICROSOFT_VENDOR_H_\r
+#define MICROSOFT_VENDOR_H_\r
+\r
+#include <Uefi/UefiBaseType.h>\r
+\r
+//\r
+// The following test cases of the Secure Boot Logo Test in the Microsoft\r
+// Hardware Certification Kit:\r
+//\r
+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent\r
+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB\r
+//\r
+// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be\r
+// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the\r
+// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509\r
+// certificates:\r
+//\r
+// - "Microsoft Corporation KEK CA 2011" (in KEK)\r
+// - "Microsoft Windows Production PCA 2011" (in db)\r
+// - "Microsoft Corporation UEFI CA 2011" (in db)\r
+//\r
+// This is despite the fact that the UEFI specification requires\r
+// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS,\r
+// application or driver) that enrolled and therefore owns\r
+// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued\r
+// EFI_SIGNATURE_DATA.SignatureData.\r
+//\r
+#define MICROSOFT_VENDOR_GUID \\r
+ { 0x77fa9abd, \\r
+ 0x0359, \\r
+ 0x4d32, \\r
+ { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b }, \\r
+ }\r
+\r
+extern EFI_GUID gMicrosoftVendorGuid;\r
+\r
+#endif /* MICROSOFT_VENDOR_H_ */\r
gQemuRamfbGuid = {0x557423a1, 0x63ab, 0x406c, {0xbe, 0x7e, 0x91, 0xcd, 0xbc, 0x08, 0xc4, 0x57}}\r
gXenBusRootDeviceGuid = {0xa732241f, 0x383d, 0x4d9c, {0x8a, 0xe1, 0x8e, 0x09, 0x83, 0x75, 0x89, 0xd7}}\r
gRootBridgesConnectedEventGroupGuid = {0x24a2d66f, 0xeedd, 0x4086, {0x90, 0x42, 0xf2, 0x6e, 0x47, 0x97, 0xee, 0x69}}\r
+ gMicrosoftVendorGuid = {0x77fa9abd, 0x0359, 0x4d32, {0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b}}\r
\r
[Protocols]\r
gVirtioDeviceProtocolGuid = {0xfa920010, 0x6785, 0x4941, {0xb6, 0xec, 0x49, 0x8c, 0x57, 0x9f, 0x16, 0x0a}}\r
projects / mirror_edk2.git / commitdiff