1. Change guid name from EFI_CERT_X509 to EFI_CERT_X509_GUID, per UEFI Specification...

2. Add the declaration for EFI_CERT_SHA224_GUID, EFI_CERT_SHA384_GUID and EFI_CERT_SHA512_GUID.
3. Update GUIDs description per UEFI Specification, 2.3.1.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11592 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h
index 99665e6898b588f9437edbe5645ad1f4086167e5..e7a42ca9e38bc0542effbe9301e196d36128c00a 100644 (file)
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -2,7 +2,7 @@
   Platform Key, Key Exchange Key, and Image signature database are defined \r
   for the signed image validation.\r
 \r
   Platform Key, Key Exchange Key, and Image signature database are defined \r
   for the signed image validation.\r
 \r

-  Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r

   This program and the accompanying materials                          \r
   are licensed and made available under the terms and conditions of the BSD License         \r
   which accompanies this distribution.  The full text of the license may be found at        \r
   This program and the accompanying materials                          \r
   are licensed and made available under the terms and conditions of the BSD License         \r
   which accompanies this distribution.  The full text of the license may be found at        \r


@@ -107,8 +107,9 @@ typedef struct {
 #pragma pack()\r
 \r
 ///\r
 #pragma pack()\r
 \r
 ///\r

-/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size should \r
-/// always be 0.  The SignatureSize should always be 32 bytes.\r
+/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall\r
+/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r
+/// 32 bytes.\r

 ///\r
 #define EFI_CERT_SHA256_GUID \\r
   { \\r
 ///\r
 #define EFI_CERT_SHA256_GUID \\r
   { \\r


@@ -116,8 +117,11 @@ typedef struct {
   }\r
 \r
 ///\r
   }\r
 \r
 ///\r

-/// This identifies a signature containing an RSA-2048 key. The SignatureHeader size should \r
-/// always be 0. The SignatureSize should always be 256 bytes.\r
+/// This identifies a signature containing an RSA-2048 key. The key (only the modulus\r
+/// since the public key exponent is known to be 0x10001) shall be stored in big-endian\r
+/// order.\r
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size \r
+/// of SignatureOwner component) + 32 bytes.\r

 ///\r
 #define EFI_CERT_RSA2048_GUID \\r
   { \\r
 ///\r
 #define EFI_CERT_RSA2048_GUID \\r
   { \\r


@@ -125,8 +129,9 @@ typedef struct {
   }\r
 \r
 ///\r
   }\r
 \r
 ///\r

-/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The \r
-/// SignatureHeader size should always be 0. The SignatureSize should always be 256 bytes.\r
+/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash.  The \r
+/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of \r
+/// SignatureOwner component) + 32 bytes.\r

 ///\r
 #define EFI_CERT_RSA2048_SHA256_GUID \\r
   { \\r
 ///\r
 #define EFI_CERT_RSA2048_SHA256_GUID \\r
   { \\r


@@ -134,8 +139,8 @@ typedef struct {
   }\r
 \r
 ///\r
   }\r
 \r
 ///\r

-/// This identifies a signature containing a SHA-1 hash.  The SignatureHeader size should always\r
-/// be 0. The SignatureSize should always be 20 bytes\r
+/// This identifies a signature containing a SHA-1 hash.  The SignatureSize shall always\r
+/// be 16 (size of SignatureOwner component) + 32 bytes.\r

 ///\r
 #define EFI_CERT_SHA1_GUID \\r
   { \\r
 ///\r
 #define EFI_CERT_SHA1_GUID \\r
   { \\r


@@ -143,8 +148,9 @@ typedef struct {
   }\r
 \r
 ///\r
   }\r
 \r
 ///\r

-/// This identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The \r
-/// SignatureHeader size should always be 0. The SignatureSize should always be 256 bytes.\r
+/// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash.  The \r
+/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of \r
+/// SignatureOwner component) + 32 bytes.\r

 ///\r
 #define EFI_CERT_RSA2048_SHA1_GUID \\r
   { \\r
 ///\r
 #define EFI_CERT_RSA2048_SHA1_GUID \\r
   { \\r


@@ -152,15 +158,49 @@ typedef struct {
   }\r
 \r
 ///\r
   }\r
 \r
 ///\r

-/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 certificate then \r
-/// verification of the signature of an image should validate the public key certificate in the image using \r
-/// certificate path verification, up to this X.509 certificate as a trusted root.\r
+/// This identifies a signature based on an X.509 certificate. If the signature is an X.509\r
+/// certificate then verification of the signature of an image should validate the public \r
+/// key certificate in the image using certificate path verification, up to this X.509 \r
+/// certificate as a trusted root.  The SignatureHeader size shall always be 0. The\r
+/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + \r
+/// the size of the certificate itself. \r
+/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST.\r

 ///\r
 ///\r

-#define EFI_CERT_X509 \\r
+#define EFI_CERT_X509_GUID \\r

   { \\r
     0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \\r
   }\r
 \r
   { \\r
     0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \\r
   }\r
 \r

+///\r
+/// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall\r
+/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r
+/// 28 bytes.\r
+///\r
+#define EFI_CERT_SHA224_GUID \\r
+  { \\r
+    0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \\r
+  }\r
+\r
+///\r
+/// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall\r
+/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r
+/// 48 bytes.\r
+///\r
+#define EFI_CERT_SHA384_GUID \\r
+  { \\r
+    0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \\r
+  }  \r
+\r
+///\r
+/// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall\r
+/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r
+/// 64 bytes.\r
+///\r
+#define EFI_CERT_SHA512_GUID \\r
+  { \\r
+    0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \\r
+  }\r
+  \r

 //***********************************************************************\r
 // Image Execution Information Table Definition\r
 //***********************************************************************\r
 //***********************************************************************\r
 // Image Execution Information Table Definition\r
 //***********************************************************************\r

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 419b0fc627903b2b7d20ced8b2c802d34368816c..c6c6e67a132fb79ccfab9628ab10c720f9b18a39 100644 (file)
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -365,6 +365,15 @@
   ## Include/Guid/ImageAuthentication.h\r
   gEfiCertX509Guid = { 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 }}\r
 \r
   ## Include/Guid/ImageAuthentication.h\r
   gEfiCertX509Guid = { 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 }}\r
 \r

+  ## Include/Guid/ImageAuthentication.h\r
+  gEfiCertSha224Guid = { 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd }}\r
+\r
+  ## Include/Guid/ImageAuthentication.h\r
+  gEfiCertSha384Guid = { 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1 }}\r
+\r
+  ## Include/Guid/ImageAuthentication.h\r
+  gEfiCertSha512Guid = { 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a }}\r
+\r

   #\r
   # GUID defined in UEFI2.2\r
   #\r
   #\r
   # GUID defined in UEFI2.2\r
   #\r