From 6ac749e232076b00f93998e01e74722a05010829 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: May 21 2016 13:45:56 +0000 Subject: spec: document patches, reorder them a bit --- diff --git a/0001-EXCLUDE_SHELL_FROM_FD.patch b/0001-EXCLUDE_SHELL_FROM_FD.patch deleted file mode 100644 index d084003..0000000 --- a/0001-EXCLUDE_SHELL_FROM_FD.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 144ac2186d46a9a6cbf4d4174b6db1865d7de1d7 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Thu, 18 Feb 2016 10:52:44 +0100 -Subject: [PATCH] EXCLUDE_SHELL_FROM_FD - ---- - OvmfPkg/OvmfPkgIa32.fdf | 2 ++ - OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ - OvmfPkg/OvmfPkgX64.fdf | 2 ++ - 3 files changed, 6 insertions(+) - -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 93a51a5..9ae7982 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf - - INF FatPkg/EnhancedFatDxe/Fat.inf - -+!ifndef $(EXCLUDE_SHELL_FROM_FD) - !ifndef $(USE_OLD_SHELL) - INF ShellPkg/Application/Shell/Shell.inf - !else - INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf - !endif -+!endif - - FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) { - SECTION RAW = MdeModulePkg/Logo/Logo.bmp -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index aad16a6..f58f18a 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf - - INF FatPkg/EnhancedFatDxe/Fat.inf - -+!ifndef $(EXCLUDE_SHELL_FROM_FD) - !ifndef $(USE_OLD_SHELL) - INF ShellPkg/Application/Shell/Shell.inf - !else - INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf - !endif -+!endif - - FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) { - SECTION RAW = MdeModulePkg/Logo/Logo.bmp -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 387b808..4e0c0ab 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf - - INF FatPkg/EnhancedFatDxe/Fat.inf - -+!ifndef $(EXCLUDE_SHELL_FROM_FD) - !ifndef $(USE_OLD_SHELL) - INF ShellPkg/Application/Shell/Shell.inf - !else - INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf - !endif -+!endif - - FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) { - SECTION RAW = MdeModulePkg/Logo/Logo.bmp --- -1.8.3.1 - diff --git a/0001-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch b/0001-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch deleted file mode 100644 index 1c28761..0000000 --- a/0001-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch +++ /dev/null @@ -1,113 +0,0 @@ -From c8e5617ebaaa8be91a32be48dcf3dc7157b00d2c Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 25 Feb 2014 18:40:35 +0100 -Subject: [PATCH] MdeModulePkg: TerminalDxe: add other text resolutions - -When the console output is multiplexed to several devices by -ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes -supported by all console output devices. - -Two notable output devices are provided by: -(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe, -(2) MdeModulePkg/Universal/Console/TerminalDxe. - -GraphicsConsoleDxe supports four modes at most -- see -InitializeGraphicsConsoleTextMode(): - -(1a) 80x25 (required by the UEFI spec as mode 0), -(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec - requires the driver to provide it as mode 1), -(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI - spec requires from all plug-in graphics devices), -(1d) "full screen" resolution, derived form the underlying GOP's - horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH - (8) and EFI_GLYPH_HEIGHT (19), respectively. - -The automatic "full screen resolution" makes GraphicsConsoleDxe's -character console very flexible. However, TerminalDxe (which runs on -serial ports) only provides the following fixed resolutions -- see -InitializeTerminalConsoleTextMode(): - -(2a) 80x25 (required by the UEFI spec as mode 0), -(2b) 80x50 (since the character resolution of a serial device cannot be - interrogated easily, this is added unconditionally as mode 1) -(2c) modes 2 and above come from "mTerminalConsoleModeData". This table - currently only contains one mode, 100x31. - -When ConSplitterDxe combines (1) and (2), multiplexing console output to -both video output and serial terminal, the list of commonly supported text -modes (ie. the "intersection") comprises: - -(3a) 80x25, unconditionally, from (1a) and (2a), -(3b) 80x50, if the graphics console provides at least 640x950 pixel - resolution, from (1b) and (2b) -(3c) 100x31, if the graphics device is a plug-in one (because in that case - 800x600 is a mandated pixel resolution), from (1c) and (2c). - -Unfortunately, the "full screen resolution" (1d) of the GOP-based text -console is not available in general. - -Mitigate this problem by extending "mTerminalConsoleModeData" with a -handful of text resolutions that are derived from widespread maximal pixel -resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out -the most frequent (1d) values from the intersection, and eg. the MODE -command in the UEFI shell will offer the "best" (ie. full screen) -resolution too. - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek ---- - .../Universal/Console/TerminalDxe/Terminal.c | 37 +++++++++++++++++++++- - 1 file changed, 36 insertions(+), 1 deletion(-) - -diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c -index 6fde3b2..787bd35 100644 ---- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c -+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c -@@ -103,7 +103,42 @@ TERMINAL_DEV mTerminalDevTemplate = { - }; - - TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = { -- {100, 31}, -+ { 100, 25 }, // from graphics resolution 800 x 480 -+ { 100, 31 }, // from graphics resolution 800 x 600 -+ { 104, 32 }, // from graphics resolution 832 x 624 -+ { 120, 33 }, // from graphics resolution 960 x 640 -+ { 128, 31 }, // from graphics resolution 1024 x 600 -+ { 128, 40 }, // from graphics resolution 1024 x 768 -+ { 144, 45 }, // from graphics resolution 1152 x 864 -+ { 144, 45 }, // from graphics resolution 1152 x 870 -+ { 160, 37 }, // from graphics resolution 1280 x 720 -+ { 160, 40 }, // from graphics resolution 1280 x 760 -+ { 160, 40 }, // from graphics resolution 1280 x 768 -+ { 160, 42 }, // from graphics resolution 1280 x 800 -+ { 160, 50 }, // from graphics resolution 1280 x 960 -+ { 160, 53 }, // from graphics resolution 1280 x 1024 -+ { 170, 40 }, // from graphics resolution 1360 x 768 -+ { 170, 40 }, // from graphics resolution 1366 x 768 -+ { 175, 55 }, // from graphics resolution 1400 x 1050 -+ { 180, 47 }, // from graphics resolution 1440 x 900 -+ { 200, 47 }, // from graphics resolution 1600 x 900 -+ { 200, 63 }, // from graphics resolution 1600 x 1200 -+ { 210, 55 }, // from graphics resolution 1680 x 1050 -+ { 240, 56 }, // from graphics resolution 1920 x 1080 -+ { 240, 63 }, // from graphics resolution 1920 x 1200 -+ { 240, 75 }, // from graphics resolution 1920 x 1440 -+ { 250, 105 }, // from graphics resolution 2000 x 2000 -+ { 256, 80 }, // from graphics resolution 2048 x 1536 -+ { 256, 107 }, // from graphics resolution 2048 x 2048 -+ { 320, 75 }, // from graphics resolution 2560 x 1440 -+ { 320, 84 }, // from graphics resolution 2560 x 1600 -+ { 320, 107 }, // from graphics resolution 2560 x 2048 -+ { 350, 110 }, // from graphics resolution 2800 x 2100 -+ { 400, 126 }, // from graphics resolution 3200 x 2400 -+ { 480, 113 }, // from graphics resolution 3840 x 2160 -+ { 512, 113 }, // from graphics resolution 4096 x 2160 -+ { 960, 227 }, // from graphics resolution 7680 x 4320 -+ { 1024, 227 }, // from graphics resolution 8192 x 4320 - // - // New modes can be added here. - // --- -1.8.3.1 - diff --git a/0001-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/0001-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch deleted file mode 100644 index 2e927e9..0000000 --- a/0001-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +++ /dev/null @@ -1,1126 +0,0 @@ -From 89d722b43fba95708ba16ef676a989a6e02a55f5 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Mon, 6 Jul 2015 20:22:02 +0200 -Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default - keys - -(A port of the patch -to Gerd's public RPMs.) - -This application is meant to be invoked by the management layer, after -booting the UEFI shell and getting a shell prompt on the serial console. -The app enrolls a number of certificates (see below), and then reports -status to the serial console as well. The expected output is "info: -success": - -> Shell> EnrollDefaultKeys.efi -> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 -> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 -> info: success -> Shell> - -In case of success, the management layer can force off or reboot the VM -(for example with the "reset -s" or "reset -c" UEFI shell commands, -respectively), and start the guest installation with SecureBoot enabled. - -PK: -- A unique, static, ad-hoc certificate whose private half has been - destroyed (more precisely, never saved) and is therefore unusable for - signing. (The command for creating this certificate is saved in the - source code.) - -KEK: -- same ad-hoc certificate as used for the PK, -- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool - package is signed (indirectly, through a chain) with this; enrolling - such a KEK should allow guests to install those updates. - -DB: -- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows - Server 2012 R2, -- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI - oproms. - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 960 ++++++++++++++++++++++++ - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 51 ++ - OvmfPkg/OvmfPkgIa32.dsc | 4 + - OvmfPkg/OvmfPkgIa32X64.dsc | 4 + - OvmfPkg/OvmfPkgX64.dsc | 4 + - 5 files changed, 1023 insertions(+) - create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c - create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf - -diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c -new file mode 100644 -index 000000000000..a1dddb2fb5be ---- /dev/null -+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c -@@ -0,0 +1,960 @@ -+/** @file -+ Enroll default PK, KEK, DB. -+ -+ Copyright (C) 2014, Red Hat, Inc. -+ -+ This program and the accompanying materials are licensed and made available -+ under the terms and conditions of the BSD License which accompanies this -+ distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license. -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT -+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+**/ -+#include // gEfiCustomModeEnableGuid -+#include // EFI_SETUP_MODE_NAME -+#include // EFI_IMAGE_SECURITY_DATABASE -+#include // CopyGuid() -+#include // ASSERT() -+#include // FreePool() -+#include // ShellAppMain() -+#include // AsciiPrint() -+#include // gRT -+ -+// -+// The example self-signed certificate below, which we'll use for both Platform -+// Key, and first Key Exchange Key, has been generated with the following -+// non-interactive openssl command. The passphrase is read from /dev/urandom, -+// and not saved, and the private key is written to /dev/null. In other words, -+// we can't sign anything else against this certificate, which is our purpose. -+// -+/* -+ openssl req \ -+ -passout file:<(head -c 16 /dev/urandom) \ -+ -x509 \ -+ -newkey rsa:2048 \ -+ -keyout /dev/null \ -+ -outform DER \ -+ -subj $( -+ printf /C=US -+ printf /ST=TestStateOrProvince -+ printf /L=TestLocality -+ printf /O=TestOrganization -+ printf /OU=TestOrganizationalUnit -+ printf /CN=TestCommonName -+ printf /emailAddress=test@example.com -+ ) \ -+ 2>/dev/null \ -+ | xxd -i -+*/ -+STATIC CONST UINT8 ExampleCert[] = { -+ 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, -+ 0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, -+ 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, -+ 0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, -+ 0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, -+ 0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, -+ 0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, -+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, -+ 0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, -+ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, -+ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, -+ 0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, -+ 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, -+ 0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, -+ 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, -+ 0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34, -+ 0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81, -+ 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, -+ 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54, -+ 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f, -+ 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, -+ 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, -+ 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10, -+ 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, -+ 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, -+ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30, -+ 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43, -+ 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, -+ 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, -+ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, -+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, -+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce, -+ 0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21, -+ 0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc, -+ 0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae, -+ 0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16, -+ 0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b, -+ 0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77, -+ 0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce, -+ 0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31, -+ 0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35, -+ 0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d, -+ 0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a, -+ 0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24, -+ 0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2, -+ 0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d, -+ 0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b, -+ 0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3, -+ 0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1, -+ 0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4, -+ 0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68, -+ 0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, -+ 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, -+ 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, -+ 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, -+ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, -+ 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, -+ 0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, -+ 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, -+ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38, -+ 0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9, -+ 0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a, -+ 0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c, -+ 0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59, -+ 0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4, -+ 0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81, -+ 0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c, -+ 0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f, -+ 0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b, -+ 0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04, -+ 0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f, -+ 0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e, -+ 0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f, -+ 0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03, -+ 0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84, -+ 0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d, -+ 0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5, -+ 0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1, -+ 0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19, -+ 0x26, 0x5b, 0xc0, 0x3d, 0xc7 -+}; -+ -+// -+// Second KEK: "Microsoft Corporation KEK CA 2011". -+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30 -+// -+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK. -+// -+STATIC CONST UINT8 MicrosoftKEK[] = { -+ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, -+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, -+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, -+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, -+ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, -+ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30, -+ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, -+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, -+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, -+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, -+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, -+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, -+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, -+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, -+ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, -+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, -+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, -+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad, -+ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d, -+ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb, -+ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3, -+ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b, -+ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac, -+ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8, -+ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0, -+ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2, -+ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89, -+ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2, -+ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03, -+ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e, -+ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb, -+ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f, -+ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa, -+ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f, -+ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6, -+ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf, -+ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07, -+ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30, -+ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, -+ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, -+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4, -+ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f, -+ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, -+ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, -+ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, -+ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, -+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, -+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11, -+ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30, -+ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0, -+ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, -+ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, -+ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, -+ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, -+ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, -+ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, -+ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, -+ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, -+ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, -+ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, -+ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, -+ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, -+ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, -+ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a, -+ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66, -+ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a, -+ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64, -+ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58, -+ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0, -+ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5, -+ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec, -+ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7, -+ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28, -+ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79, -+ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b, -+ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8, -+ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19, -+ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58, -+ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d, -+ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d, -+ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8, -+ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60, -+ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac, -+ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87, -+ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd, -+ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81, -+ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92, -+ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0, -+ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf, -+ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb, -+ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68, -+ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad, -+ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82, -+ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14, -+ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f, -+ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b, -+ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0, -+ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d, -+ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38, -+ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c, -+ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14, -+ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5, -+ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e -+}; -+ -+// -+// First DB entry: "Microsoft Windows Production PCA 2011" -+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d -+// -+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain -+// rooted in this certificate. -+// -+STATIC CONST UINT8 MicrosoftPCA[] = { -+ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, -+ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, -+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, -+ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17, -+ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32, -+ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31, -+ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, -+ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, -+ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, -+ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, -+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, -+ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, -+ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63, -+ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, -+ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, -+ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, -+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, -+ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7, -+ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb, -+ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b, -+ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3, -+ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0, -+ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74, -+ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67, -+ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53, -+ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23, -+ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3, -+ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff, -+ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2, -+ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22, -+ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3, -+ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b, -+ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc, -+ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6, -+ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8, -+ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8, -+ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03, -+ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10, -+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, -+ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, -+ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9, -+ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b, -+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, -+ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, -+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, -+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, -+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, -+ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94, -+ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d, -+ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45, -+ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, -+ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, -+ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, -+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41, -+ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, -+ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, -+ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, -+ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a, -+ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, -+ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, -+ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, -+ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14, -+ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc, -+ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0, -+ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61, -+ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda, -+ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a, -+ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2, -+ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea, -+ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30, -+ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86, -+ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8, -+ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae, -+ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8, -+ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac, -+ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84, -+ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73, -+ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73, -+ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60, -+ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6, -+ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a, -+ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba, -+ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce, -+ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f, -+ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e, -+ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3, -+ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45, -+ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0, -+ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24, -+ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c, -+ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf, -+ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c, -+ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2, -+ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c, -+ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47, -+ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a, -+ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21, -+ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86, -+ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6, -+ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9, -+ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4, -+ 0x62, 0x1c, 0x59, 0x7e -+}; -+ -+// -+// Second DB entry: "Microsoft Corporation UEFI CA 2011" -+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3 -+// -+// To verify the "shim" binary and PCI expansion ROMs with. -+// -+STATIC CONST UINT8 MicrosoftUefiCA[] = { -+ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, -+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, -+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, -+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, -+ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32, -+ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30, -+ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, -+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, -+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, -+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, -+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, -+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, -+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06, -+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, -+ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, -+ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, -+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7, -+ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43, -+ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73, -+ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3, -+ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54, -+ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c, -+ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f, -+ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae, -+ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d, -+ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa, -+ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff, -+ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b, -+ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6, -+ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62, -+ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08, -+ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7, -+ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2, -+ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f, -+ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b, -+ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a, -+ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76, -+ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, -+ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23, -+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16, -+ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37, -+ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03, -+ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd, -+ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b, -+ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, -+ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, -+ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, -+ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, -+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, -+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, -+ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, -+ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, -+ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, -+ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, -+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, -+ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, -+ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, -+ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, -+ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, -+ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, -+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, -+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, -+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, -+ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, -+ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, -+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, -+ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76, -+ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef, -+ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13, -+ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82, -+ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a, -+ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20, -+ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90, -+ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52, -+ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d, -+ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf, -+ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49, -+ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34, -+ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75, -+ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9, -+ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f, -+ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c, -+ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56, -+ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae, -+ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a, -+ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c, -+ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59, -+ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d, -+ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53, -+ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b, -+ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98, -+ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85, -+ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2, -+ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2, -+ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c, -+ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b, -+ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27, -+ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6, -+ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f, -+ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55, -+ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e, -+ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62, -+ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8, -+ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6, -+ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75, -+ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58 -+}; -+ -+// -+// The most important thing about the variable payload is that it is a list of -+// lists, where the element size of any given *inner* list is constant. -+// -+// Since X509 certificates vary in size, each of our *inner* lists will contain -+// one element only (one X.509 certificate). This is explicitly mentioned in -+// the UEFI specification, in "28.4.1 Signature Database", in a Note. -+// -+// The list structure looks as follows: -+// -+// struct EFI_VARIABLE_AUTHENTICATION_2 { | -+// struct EFI_TIME { | -+// UINT16 Year; | -+// UINT8 Month; | -+// UINT8 Day; | -+// UINT8 Hour; | -+// UINT8 Minute; | -+// UINT8 Second; | -+// UINT8 Pad1; | -+// UINT32 Nanosecond; | -+// INT16 TimeZone; | -+// UINT8 Daylight; | -+// UINT8 Pad2; | -+// } TimeStamp; | -+// | -+// struct WIN_CERTIFICATE_UEFI_GUID { | | -+// struct WIN_CERTIFICATE { | | -+// UINT32 dwLength; ----------------------------------------+ | -+// UINT16 wRevision; | | -+// UINT16 wCertificateType; | | -+// } Hdr; | +- DataSize -+// | | -+// EFI_GUID CertType; | | -+// UINT8 CertData[1] = { <--- "struct hack" | | -+// struct EFI_SIGNATURE_LIST { | | | -+// EFI_GUID SignatureType; | | | -+// UINT32 SignatureListSize; -------------------------+ | | -+// UINT32 SignatureHeaderSize; | | | -+// UINT32 SignatureSize; ---------------------------+ | | | -+// UINT8 SignatureHeader[SignatureHeaderSize]; | | | | -+// v | | | -+// struct EFI_SIGNATURE_DATA { | | | | -+// EFI_GUID SignatureOwner; | | | | -+// UINT8 SignatureData[1] = { <--- "struct hack" | | | | -+// X.509 payload | | | | -+// } | | | | -+// } Signatures[]; | | | -+// } SigLists[]; | | -+// }; | | -+// } AuthInfo; | | -+// }; | -+// -+// Given that the "struct hack" invokes undefined behavior (which is why C99 -+// introduced the flexible array member), and because subtracting those pesky -+// sizes of 1 is annoying, and because the format is fully specified in the -+// UEFI specification, we'll introduce two matching convenience structures that -+// are customized for our X.509 purposes. -+// -+#pragma pack(1) -+typedef struct { -+ EFI_TIME TimeStamp; -+ -+ // -+ // dwLength covers data below -+ // -+ UINT32 dwLength; -+ UINT16 wRevision; -+ UINT16 wCertificateType; -+ EFI_GUID CertType; -+} SINGLE_HEADER; -+ -+typedef struct { -+ // -+ // SignatureListSize covers data below -+ // -+ EFI_GUID SignatureType; -+ UINT32 SignatureListSize; -+ UINT32 SignatureHeaderSize; // constant 0 -+ UINT32 SignatureSize; -+ -+ // -+ // SignatureSize covers data below -+ // -+ EFI_GUID SignatureOwner; -+ -+ // -+ // X.509 certificate follows -+ // -+} REPEATING_HEADER; -+#pragma pack() -+ -+/** -+ Enroll a set of DER-formatted X.509 certificates in a global variable, -+ overwriting it. -+ -+ The variable will be rewritten with NV+BS+RT+AT attributes. -+ -+ @param[in] VariableName The name of the variable to overwrite. -+ -+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to -+ overwrite. -+ -+ @param[in] ... A list of -+ -+ IN CONST UINT8 *Cert, -+ IN UINTN CertSize, -+ IN CONST EFI_GUID *OwnerGuid -+ -+ triplets. If the first component of a triplet is -+ NULL, then the other two components are not -+ accessed, and processing is terminated. The list of -+ X.509 certificates is enrolled in the variable -+ specified, overwriting it. The OwnerGuid component -+ identifies the agent installing the certificate. -+ -+ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert -+ value is NULL), or one of the CertSize values -+ is 0, or one of the CertSize values would -+ overflow the accumulated UINT32 data size. -+ -+ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable -+ payload. -+ -+ @retval EFI_SUCCESS Enrollment successful; the variable has been -+ overwritten (or created). -+ -+ @return Error codes from gRT->GetTime() and -+ gRT->SetVariable(). -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+EnrollListOfX509Certs ( -+ IN CHAR16 *VariableName, -+ IN EFI_GUID *VendorGuid, -+ ... -+ ) -+{ -+ UINTN DataSize; -+ SINGLE_HEADER *SingleHeader; -+ REPEATING_HEADER *RepeatingHeader; -+ VA_LIST Marker; -+ CONST UINT8 *Cert; -+ EFI_STATUS Status; -+ UINT8 *Data; -+ UINT8 *Position; -+ -+ // -+ // compute total size first, for UINT32 range check, and allocation -+ // -+ DataSize = sizeof *SingleHeader; -+ VA_START (Marker, VendorGuid); -+ for (Cert = VA_ARG (Marker, CONST UINT8 *); -+ Cert != NULL; -+ Cert = VA_ARG (Marker, CONST UINT8 *)) { -+ UINTN CertSize; -+ -+ CertSize = VA_ARG (Marker, UINTN); -+ (VOID)VA_ARG (Marker, CONST EFI_GUID *); -+ -+ if (CertSize == 0 || -+ CertSize > MAX_UINT32 - sizeof *RepeatingHeader || -+ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) { -+ Status = EFI_INVALID_PARAMETER; -+ break; -+ } -+ DataSize += sizeof *RepeatingHeader + CertSize; -+ } -+ VA_END (Marker); -+ -+ if (DataSize == sizeof *SingleHeader) { -+ Status = EFI_INVALID_PARAMETER; -+ } -+ if (EFI_ERROR (Status)) { -+ goto Out; -+ } -+ -+ Data = AllocatePool (DataSize); -+ if (Data == NULL) { -+ Status = EFI_OUT_OF_RESOURCES; -+ goto Out; -+ } -+ -+ Position = Data; -+ -+ SingleHeader = (SINGLE_HEADER *)Position; -+ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL); -+ if (EFI_ERROR (Status)) { -+ goto FreeData; -+ } -+ SingleHeader->TimeStamp.Pad1 = 0; -+ SingleHeader->TimeStamp.Nanosecond = 0; -+ SingleHeader->TimeStamp.TimeZone = 0; -+ SingleHeader->TimeStamp.Daylight = 0; -+ SingleHeader->TimeStamp.Pad2 = 0; -+#if 0 -+ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp; -+#else -+ // -+ // This looks like a bug in edk2. According to the UEFI specification, -+ // dwLength is "The length of the entire certificate, including the length of -+ // the header, in bytes". That shouldn't stop right after CertType -- it -+ // should include everything below it. -+ // -+ SingleHeader->dwLength = sizeof *SingleHeader -+ - sizeof SingleHeader->TimeStamp; -+#endif -+ SingleHeader->wRevision = 0x0200; -+ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID; -+ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid); -+ Position += sizeof *SingleHeader; -+ -+ VA_START (Marker, VendorGuid); -+ for (Cert = VA_ARG (Marker, CONST UINT8 *); -+ Cert != NULL; -+ Cert = VA_ARG (Marker, CONST UINT8 *)) { -+ UINTN CertSize; -+ CONST EFI_GUID *OwnerGuid; -+ -+ CertSize = VA_ARG (Marker, UINTN); -+ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *); -+ -+ RepeatingHeader = (REPEATING_HEADER *)Position; -+ CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid); -+ RepeatingHeader->SignatureListSize = sizeof *RepeatingHeader + CertSize; -+ RepeatingHeader->SignatureHeaderSize = 0; -+ RepeatingHeader->SignatureSize = -+ sizeof RepeatingHeader->SignatureOwner + CertSize; -+ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid); -+ Position += sizeof *RepeatingHeader; -+ -+ CopyMem (Position, Cert, CertSize); -+ Position += CertSize; -+ } -+ VA_END (Marker); -+ -+ ASSERT (Data + DataSize == Position); -+ -+ Status = gRT->SetVariable (VariableName, VendorGuid, -+ (EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS | -+ EFI_VARIABLE_RUNTIME_ACCESS | -+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS), -+ DataSize, Data); -+ -+FreeData: -+ FreePool (Data); -+ -+Out: -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName, -+ VendorGuid, Status); -+ } -+ return Status; -+} -+ -+ -+STATIC -+EFI_STATUS -+EFIAPI -+GetExact ( -+ IN CHAR16 *VariableName, -+ IN EFI_GUID *VendorGuid, -+ OUT VOID *Data, -+ IN UINTN DataSize, -+ IN BOOLEAN AllowMissing -+ ) -+{ -+ UINTN Size; -+ EFI_STATUS Status; -+ -+ Size = DataSize; -+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data); -+ if (EFI_ERROR (Status)) { -+ if (Status == EFI_NOT_FOUND && AllowMissing) { -+ ZeroMem (Data, DataSize); -+ return EFI_SUCCESS; -+ } -+ -+ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName, -+ VendorGuid, Status); -+ return Status; -+ } -+ -+ if (Size != DataSize) { -+ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, " -+ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size); -+ return EFI_PROTOCOL_ERROR; -+ } -+ -+ return EFI_SUCCESS; -+} -+ -+typedef struct { -+ UINT8 SetupMode; -+ UINT8 SecureBoot; -+ UINT8 SecureBootEnable; -+ UINT8 CustomMode; -+ UINT8 VendorKeys; -+} SETTINGS; -+ -+STATIC -+EFI_STATUS -+EFIAPI -+GetSettings ( -+ OUT SETTINGS *Settings -+ ) -+{ -+ EFI_STATUS Status; -+ -+ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME, -+ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable, -+ sizeof Settings->SecureBootEnable, TRUE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE); -+ return Status; -+} -+ -+STATIC -+VOID -+EFIAPI -+PrintSettings ( -+ IN CONST SETTINGS *Settings -+ ) -+{ -+ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d " -+ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot, -+ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys); -+} -+ -+ -+INTN -+EFIAPI -+ShellAppMain ( -+ IN UINTN Argc, -+ IN CHAR16 **Argv -+ ) -+{ -+ EFI_STATUS Status; -+ SETTINGS Settings; -+ -+ Status = GetSettings (&Settings); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ PrintSettings (&Settings); -+ -+ if (Settings.SetupMode != 1) { -+ AsciiPrint ("error: already in User Mode\n"); -+ return 1; -+ } -+ -+ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) { -+ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE; -+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ (EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS), -+ sizeof Settings.CustomMode, &Settings.CustomMode); -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, -+ &gEfiCustomModeEnableGuid, Status); -+ return 1; -+ } -+ } -+ -+ Status = EnrollListOfX509Certs ( -+ EFI_IMAGE_SECURITY_DATABASE, -+ &gEfiImageSecurityDatabaseGuid, -+ MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid, -+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfX509Certs ( -+ EFI_KEY_EXCHANGE_KEY_NAME, -+ &gEfiGlobalVariableGuid, -+ ExampleCert, sizeof ExampleCert, &gEfiCallerIdGuid, -+ MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfX509Certs ( -+ EFI_PLATFORM_KEY_NAME, -+ &gEfiGlobalVariableGuid, -+ ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; -+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ sizeof Settings.CustomMode, &Settings.CustomMode); -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, -+ &gEfiCustomModeEnableGuid, Status); -+ return 1; -+ } -+ -+ Status = GetSettings (&Settings); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ PrintSettings (&Settings); -+ -+ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 || -+ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 || -+ Settings.VendorKeys != 0) { -+ AsciiPrint ("error: unexpected\n"); -+ return 1; -+ } -+ -+ AsciiPrint ("info: success\n"); -+ return 0; -+} -diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -new file mode 100644 -index 000000000000..30c127f2ecb4 ---- /dev/null -+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -@@ -0,0 +1,51 @@ -+## @file -+# Enroll default PK, KEK, DB. -+# -+# Copyright (C) 2014, Red Hat, Inc. -+# -+# This program and the accompanying materials are licensed and made available -+# under the terms and conditions of the BSD License which accompanies this -+# distribution. The full text of the license may be found at -+# http://opensource.org/licenses/bsd-license. -+# -+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR -+# IMPLIED. -+## -+ -+[Defines] -+ INF_VERSION = 0x00010006 -+ BASE_NAME = EnrollDefaultKeys -+ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A -+ MODULE_TYPE = UEFI_APPLICATION -+ VERSION_STRING = 0.1 -+ ENTRY_POINT = ShellCEntryLib -+ -+# -+# VALID_ARCHITECTURES = IA32 X64 -+# -+ -+[Sources] -+ EnrollDefaultKeys.c -+ -+[Packages] -+ MdePkg/MdePkg.dec -+ MdeModulePkg/MdeModulePkg.dec -+ SecurityPkg/SecurityPkg.dec -+ ShellPkg/ShellPkg.dec -+ -+[Guids] -+ gEfiCertPkcs7Guid -+ gEfiCertX509Guid -+ gEfiCustomModeEnableGuid -+ gEfiGlobalVariableGuid -+ gEfiImageSecurityDatabaseGuid -+ gEfiSecureBootEnableDisableGuid -+ -+[LibraryClasses] -+ BaseMemoryLib -+ DebugLib -+ MemoryAllocationLib -+ ShellCEntryLib -+ UefiLib -+ UefiRuntimeServicesTableLib -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 012e24817e5a..1e0e71aea606 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -743,6 +743,10 @@ [Components] - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif - - OvmfPkg/PlatformDxe/Platform.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 23c09d1e6083..6346f2db0006 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -752,6 +752,10 @@ [Components.X64] - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif - - OvmfPkg/PlatformDxe/Platform.inf -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index b0b6b3770e84..7a0d7eb7a75f 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -750,6 +750,10 @@ [Components] - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif - - OvmfPkg/PlatformDxe/Platform.inf --- -1.8.3.1 - diff --git a/0001-OvmfPkg-SmbiosPlatformDxe-install-legacy-QEMU-tables.patch b/0001-OvmfPkg-SmbiosPlatformDxe-install-legacy-QEMU-tables.patch deleted file mode 100644 index 43fa070..0000000 --- a/0001-OvmfPkg-SmbiosPlatformDxe-install-legacy-QEMU-tables.patch +++ /dev/null @@ -1,1084 +0,0 @@ -From 0e182f2305a84fdf62ff2631de6e363a5a881287 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 5 Jun 2013 10:14:34 +0200 -Subject: [PATCH 1/3] OvmfPkg/SmbiosPlatformDxe: install legacy QEMU tables and - save fields (X86) - -Introduce basic legacy SMBIOS machinery for the QEMU platform: -- Install SMBIOS tables that QEMU passes down in complete form via fw_cfg. -- Stash individual fields that QEMU passes down to override the boot - firmware's default SMBIOS tables. -- Add helper functions that OVMF's default SMBIOS tables will need. - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c | 694 ++++++++++++++++++++++++ - OvmfPkg/SmbiosPlatformDxe/QemuLegacy.h | 52 ++ - OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h | 221 ++++++++ - OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c | 17 +- - OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf | 2 + - 5 files changed, 983 insertions(+), 3 deletions(-) - create mode 100644 OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c - create mode 100644 OvmfPkg/SmbiosPlatformDxe/QemuLegacy.h - create mode 100644 OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h - -diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c -new file mode 100644 -index 0000000..9c57558 ---- /dev/null -+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c -@@ -0,0 +1,694 @@ -+/** @file -+ This file fetches and installs SMBIOS tables on the QEMU hypervisor. -+ -+ Copyright (C) 2013, Red Hat, Inc. -+ -+ This program and the accompanying materials are licensed and made available -+ under the terms and conditions of the BSD License which accompanies this -+ distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license.php -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT -+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+**/ -+ -+#include -+ -+#include "QemuLegacy.h" -+#include "QemuLegacyInternal.h" -+ -+ -+// -+// An SMBIOS entry exported by QEMU over fw_cfg can have one of the following -+// types. -+// -+typedef enum -+{ -+ ET_FIELD, // defines one field in some SMBIOS table -+ ET_TABLE // defines an SMBIOS table instance in entirety -+} FW_CFG_SMBIOS_ENTRY_TYPE; -+ -+// -+// Header type introducing each entry in the QemuFwCfgItemX86SmbiosTables -+// fw_cfg blob. -+// -+#pragma pack(1) -+typedef struct { -+ UINT16 Size; // including payload and this header -+ UINT8 Type; // value from FW_CFG_SMBIOS_ENTRY_TYPE -+} FW_CFG_SMBIOS_ENTRY_HDR; -+#pragma pack() -+ -+// -+// Fields included at the beginning of the the payload in QEMU SMBIOS entries -+// with ET_FIELD type. -+// -+#pragma pack(1) -+typedef struct { -+ UINT8 TableType; // SMBIOS table type to patch -+ UINT16 Offset; // offset of a field in the formatted area -+} FW_CFG_SMBIOS_FIELD; -+#pragma pack() -+ -+ -+/** -+ Initialize a context object tracking SMBIOS table installation and patches -+ for fields. -+ -+ @param[out] Context A BUILD_CONTEXT object allocated dynamically and -+ initialized. -+ -+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed. -+ @retval EFI_SUCCESS Allocation and initialization successful. -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+InitSmbiosContext ( -+ OUT BUILD_CONTEXT **Context -+ ) -+{ -+ *Context = AllocateZeroPool (sizeof **Context); -+ if (*Context == NULL) { -+ DEBUG ((DEBUG_ERROR, "%a: out of memory\n", __FUNCTION__)); -+ return EFI_OUT_OF_RESOURCES; -+ } -+ return EFI_SUCCESS; -+} -+ -+ -+/** -+ Release a context object tracking SMBIOS table installation and patches for -+ fields. -+ -+ @param[in,out] Context The BUILD_CONTEXT object to tear down. -+**/ -+STATIC -+VOID -+EFIAPI -+UninitSmbiosContext ( -+ IN OUT BUILD_CONTEXT *Context -+ ) -+{ -+ INT32 Type; -+ INT32 Idx; -+ -+ // -+ // free all patches -+ // -+ for (Type = 0; Type < TABLE_TYPE_LIMIT; ++Type) { -+ for (Idx = 0; Idx < PATCH_SUBSCRIPT_LIMIT; ++Idx) { -+ PATCH *Patch; -+ -+ Patch = &Context->Table[Type].Patch[Idx]; -+ if (Patch->Base != NULL) { -+ FreePool (Patch->Base); -+ } -+ } -+ } -+ FreePool (Context); -+} -+ -+ -+/** -+ Save a patch targeting an SMBIOS field in dynamically allocated memory. -+ -+ @param[in,out] Context The initialized BUILD_CONTEXT object to save the -+ patch in. -+ @param[in] TableType The patch to be saved targets this table type. -+ Patches for table types equal to or greater than -+ TABLE_TYPE_LIMIT are ignored. -+ @param[in] FieldOffset The patch to be saved targets the field that -+ begins at offset FieldOffset in SMBIOS table type -+ TableType. FieldOffset is enforced not to point -+ into the SMBIOS table header. A FieldOffset value -+ equal to or greater than 255 is rejected, since -+ the formatted area of an SMBIOS table never -+ exceeds 255 bytes. FieldOffset is not validated -+ against actual field offsets here, it is only -+ saved for later lookup. -+ @param[in] PatchData Byte array constituting the patch body. -+ @param[in] PatchSize Number of bytes in PatchData. -+ -+ @retval EFI_SUCCESS Patch has been either ignored due to not -+ meeting the criterion on TableType, or it has -+ been saved successfully. -+ @retval EFI_INVALID_PARAMETER FieldOffset is invalid. -+ @retval EFI_OUT_OF_RESOURCES Couldn't allocate memory for the patch. -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+SaveSmbiosPatch ( -+ IN OUT BUILD_CONTEXT *Context, -+ IN UINT8 TableType, -+ IN UINT16 FieldOffset, -+ IN UINT8 *PatchData, -+ IN UINT16 PatchSize -+) -+{ -+ UINT8 *NewBase; -+ PATCH *Patch; -+ -+ if (TableType >= TABLE_TYPE_LIMIT) { -+ DEBUG ((DEBUG_VERBOSE, -+ "%a: ignoring patch for unsupported table type %d\n", -+ __FUNCTION__, TableType)); -+ return EFI_SUCCESS; -+ } -+ -+ if (FieldOffset < FIELD_OFFSET_MINIMUM -+ || FieldOffset - FIELD_OFFSET_MINIMUM >= PATCH_SUBSCRIPT_LIMIT) { -+ DEBUG ((DEBUG_ERROR, -+ "%a: invalid patch for table type %d field offset %d\n", -+ __FUNCTION__, TableType, FieldOffset)); -+ return EFI_INVALID_PARAMETER; -+ } -+ -+ NewBase = AllocateCopyPool (PatchSize, PatchData); -+ if (PatchSize > 0 && NewBase == NULL) { -+ DEBUG ((DEBUG_ERROR, "%a: table type %d field offset %d: out of memory\n", -+ __FUNCTION__, TableType, FieldOffset)); -+ return EFI_OUT_OF_RESOURCES; -+ } -+ -+ Patch = &Context->Table[TableType].Patch[FieldOffset - FIELD_OFFSET_MINIMUM]; -+ // -+ // replace previous patch if it exists -+ // -+ if (Patch->Base != NULL) { -+ DEBUG ((DEBUG_VERBOSE, -+ "%a: replacing prior patch for table type %d field offset %d\n", -+ __FUNCTION__, TableType, FieldOffset)); -+ FreePool (Patch->Base); -+ } -+ -+ Patch->Base = NewBase; -+ Patch->Size = PatchSize; -+ return EFI_SUCCESS; -+} -+ -+ -+/** -+ Apply a saved patch to a field located in the formatted are of a not yet -+ installed SMBIOS table. -+ -+ The patch is looked up based on (Context, TableType, FieldOffset). -+ -+ @param[in] Context The BUILD_CONTEXT object storing saved patches. -+ @param[in] TableType Selects the table type for which the patch has been -+ saved. It is assumed that the caller has validated -+ TableType against TABLE_TYPE_LIMIT (upper -+ exclusive). -+ @param[in] FieldOffset Selects the SMBIOS field for which the patch has -+ been saved. It is assumed that the caller has -+ validated FieldOffset against FIELD_OFFSET_MINIMUM -+ (lower inclusive) and 255 (upper exclusive). -+ @param[in] FieldSize The caller supplies the size of the field to patch -+ in FieldSize. The patch saved for -+ TableType:FieldOffset, if any, is only applied if -+ its size equals FieldSize. -+ @param[out] TableBase Base of the SMBIOS table of type TableType in which -+ the field starting at FieldOffset needs to be -+ patched. -+ -+ @retval EFI_NOT_FOUND No patch found for TableType:FieldOffset in -+ Context. This return value is considered -+ informative (ie. non-fatal). -+ @retval EFI_INVALID_PARAMETER Patch found for TableType:FieldOffset, but its -+ size doesn't match FieldSize. This result is -+ considered a fatal error of the patch origin. -+ @retval EFI_SUCCESS The SMBIOS table at TableBase has been patched -+ starting at FieldOffset for a length of -+ FieldSize. -+**/ -+EFI_STATUS -+EFIAPI -+PatchSmbiosFormatted ( -+ IN BUILD_CONTEXT *Context, -+ IN UINT8 TableType, -+ IN UINT16 FieldOffset, -+ IN UINT16 FieldSize, -+ OUT UINT8 *TableBase -+ ) -+{ -+ PATCH *Patch; -+ -+ ASSERT (TableType < TABLE_TYPE_LIMIT); -+ ASSERT (FieldOffset >= FIELD_OFFSET_MINIMUM); -+ ASSERT (FieldOffset - FIELD_OFFSET_MINIMUM < PATCH_SUBSCRIPT_LIMIT); -+ -+ Patch = &Context->Table[TableType].Patch[FieldOffset - FIELD_OFFSET_MINIMUM]; -+ if (Patch->Base == NULL) { -+ return EFI_NOT_FOUND; -+ } -+ -+ if (Patch->Size != FieldSize) { -+ DEBUG ((DEBUG_ERROR, "%a: table type %d, field offset %d: " -+ "patch size %d doesn't match field size %d\n", -+ __FUNCTION__, TableType, FieldOffset, Patch->Size, FieldSize)); -+ return EFI_INVALID_PARAMETER; -+ } -+ -+ CopyMem (TableBase + FieldOffset, Patch->Base, FieldSize); -+ return EFI_SUCCESS; -+} -+ -+ -+/** -+ Apply a saved patch to a text string located in the unformatted area of an -+ already installed SMBIOS table. -+ -+ The patch is looked up based on (Context, TableType, FieldOffset). -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used previously -+ for installing the SMBIOS table. -+ @param[in] SmbiosHandle The EFI_SMBIOS_HANDLE previously returned by -+ Smbios->Add(). -+ @param[in] Context The BUILD_CONTEXT object storing saved patches. -+ @param[in] TableType Selects the table type for which the patch has been -+ saved. It is assumed that the caller has validated -+ TableType against TABLE_TYPE_LIMIT (upper -+ exclusive). -+ @param[in] FieldOffset Selects the SMBIOS field for which the patch has -+ been saved. It is assumed that the caller has -+ validated FieldOffset against FIELD_OFFSET_MINIMUM -+ (lower inclusive) and 255 (upper exclusive). -+ It is also assumed that TableBase[FieldOffset] -+ accesses a field of type SMBIOS_TABLE_STRING, ie. a -+ field in the formatted area that identifies an -+ existent text string in the unformatted area. Text -+ string identifiers are one-based. -+ @param[out] TableBase Base of the SMBIOS table of type TableType in which -+ the SMBIOS_TABLE_STRING field at FieldOffset -+ identifies the existent text string to update. -+ -+ @retval EFI_NOT_FOUND No patch found for TableType:FieldOffset in -+ Context. This return value is considered -+ informative (ie. non-fatal). -+ @retval EFI_INVALID_PARAMETER Patch found for TableType:FieldOffset, but it -+ doesn't end with a NUL character. This result -+ is considered a fatal error of the patch -+ origin. -+ @retval EFI_SUCCESS The text string identified by -+ TableBase[FieldOffset] has been replaced in -+ the installed SMBIOS table under SmbiosHandle. -+ @return Error codes returned by -+ Smbios->UpdateString(). EFI_NOT_FOUND shall -+ not be returned. -+**/ -+EFI_STATUS -+EFIAPI -+PatchSmbiosUnformatted ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_SMBIOS_HANDLE SmbiosHandle, -+ IN BUILD_CONTEXT *Context, -+ IN UINT8 TableType, -+ IN UINT16 FieldOffset, -+ IN UINT8 *TableBase -+ ) -+{ -+ PATCH *Patch; -+ UINTN StringNumber; -+ EFI_STATUS Status; -+ -+ ASSERT (TableType < TABLE_TYPE_LIMIT); -+ ASSERT (FieldOffset >= FIELD_OFFSET_MINIMUM); -+ ASSERT (FieldOffset - FIELD_OFFSET_MINIMUM < PATCH_SUBSCRIPT_LIMIT); -+ -+ Patch = &Context->Table[TableType].Patch[FieldOffset - FIELD_OFFSET_MINIMUM]; -+ if (Patch->Base == NULL) { -+ return EFI_NOT_FOUND; -+ } -+ -+ if (Patch->Size == 0 || Patch->Base[Patch->Size - 1] != '\0') { -+ DEBUG ((DEBUG_ERROR, "%a: table type %d, field offset %d: " -+ "missing terminator, or trailing garbage\n", -+ __FUNCTION__, TableType, FieldOffset)); -+ return EFI_INVALID_PARAMETER; -+ } -+ -+ StringNumber = TableBase[FieldOffset]; -+ ASSERT (StringNumber != 0); -+ -+ Status = Smbios->UpdateString (Smbios, &SmbiosHandle, &StringNumber, -+ (CHAR8 *)Patch->Base); -+ if (EFI_ERROR (Status)) { -+ ASSERT (Status != EFI_NOT_FOUND); -+ DEBUG ((DEBUG_ERROR, "%a: table type %d, field offset %d, " -+ "string number %d: Smbios->UpdateString(): %r\n", __FUNCTION__, -+ TableType, FieldOffset, TableBase[FieldOffset], Status)); -+ return Status; -+ } -+ return EFI_SUCCESS; -+} -+ -+ -+/** -+ Process an SMBIOS firmware configuration entry with ET_FIELD type, exported -+ by QEMU under QemuFwCfgItemX86SmbiosTables. -+ -+ Such entries describe patches to be saved with SaveSmbiosPatch(). -+ -+ @param[in,out] Context The BUILD_CONTEXT object tracking saved patches. -+ @param[in] Payload Points to the buffer to parse as -+ FW_CFG_SMBIOS_FIELD. -+ @param[in] PayloadSize Number of bytes in Payload. -+ -+ @retval EFI_INVALID_PARAMETER PayloadSize is less than the size of -+ FW_CFG_SMBIOS_FIELD -- fields describing -+ the patch are incomplete. -+ @retval EFI_SUCCESS Payload has been parsed and patch has been -+ saved successfully. -+ @return Error codes returned by SaveSmbiosPatch(). -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+VisitSmbiosField ( -+ IN OUT BUILD_CONTEXT *Context, -+ IN UINT8 *Payload, -+ IN UINT16 PayloadSize -+ ) -+{ -+ FW_CFG_SMBIOS_FIELD *Field; -+ -+ if (PayloadSize < (INT32) sizeof *Field) { -+ DEBUG ((DEBUG_ERROR, "%a: required minimum size %d, available %d\n", -+ __FUNCTION__, (INT32) sizeof *Field, PayloadSize)); -+ return EFI_INVALID_PARAMETER; -+ } -+ -+ Field = (FW_CFG_SMBIOS_FIELD *) Payload; -+ return SaveSmbiosPatch (Context, Field->TableType, Field->Offset, -+ Payload + sizeof *Field, (UINT16) (PayloadSize - sizeof *Field)); -+} -+ -+ -+/** -+ Process an SMBIOS firmware configuration entry with ET_TABLE type, exported -+ by QEMU under QemuFwCfgItemX86SmbiosTables. -+ -+ Such entries describe entire SMBIOS table instances to install verbatim. This -+ module never overrides tables installed in this manner with default tables. -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for -+ installing SMBIOS tables. -+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle -+ tracks the origin of installed SMBIOS tables. -+ @param[in,out] Context The BUILD_CONTEXT object tracking installed -+ tables. -+ @param[in] Payload Points to the buffer to install as an SMBIOS -+ table. -+ @param[in] PayloadSize Number of bytes in Payload. -+ -+ @retval EFI_INVALID_PARAMETER The buffer at Payload, interpreted as an -+ SMBIOS table, failed basic sanity checks. -+ @retval EFI_SUCCESS Payload has been installed successfully as an -+ SMBIOS table. -+ @return Error codes returned by Smbios->Add(). -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+VisitSmbiosTable ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_HANDLE ProducerHandle, -+ IN OUT BUILD_CONTEXT *Context, -+ IN UINT8 *Payload, -+ IN UINT16 PayloadSize -+ ) -+{ -+ SMBIOS_STRUCTURE *SmbiosHeader; -+ UINT16 MinimumSize; -+ EFI_SMBIOS_HANDLE SmbiosHandle; -+ EFI_STATUS Status; -+ -+ // -+ // Basic sanity checks only in order to help debugging and to catch blatantly -+ // invalid data passed with "-smbios file=binary_file" on the QEMU command -+ // line. Beyond these we don't enforce correct, type-specific SMBIOS table -+ // formatting. -+ // -+ if (PayloadSize < (INT32) sizeof *SmbiosHeader) { -+ DEBUG ((DEBUG_ERROR, "%a: required minimum size %d, available %d\n", -+ __FUNCTION__, (INT32) sizeof *SmbiosHeader, PayloadSize)); -+ return EFI_INVALID_PARAMETER; -+ } -+ -+ SmbiosHeader = (SMBIOS_STRUCTURE *) Payload; -+ -+ if (SmbiosHeader->Length < (INT32) sizeof *SmbiosHeader) { -+ DEBUG ((DEBUG_ERROR, "%a: required minimum size %d, stated %d\n", -+ __FUNCTION__, (INT32) sizeof *SmbiosHeader, SmbiosHeader->Length)); -+ return EFI_INVALID_PARAMETER; -+ } -+ -+ MinimumSize = (UINT16) (SmbiosHeader->Length + 2); -+ -+ if (PayloadSize < MinimumSize) { -+ DEBUG ((DEBUG_ERROR, -+ "%a: minimum for formatted area plus terminator is %d, available %d\n", -+ __FUNCTION__, MinimumSize, PayloadSize)); -+ return EFI_INVALID_PARAMETER; -+ } -+ -+ if (Payload[PayloadSize - 2] != '\0' || -+ Payload[PayloadSize - 1] != '\0') { -+ DEBUG ((DEBUG_ERROR, "%a: missing terminator, or trailing garbage\n", -+ __FUNCTION__)); -+ return EFI_INVALID_PARAMETER; -+ } -+ -+ // -+ // request unique handle -+ // -+ SmbiosHandle = SMBIOS_HANDLE_PI_RESERVED; -+ Status = Smbios->Add (Smbios, ProducerHandle, &SmbiosHandle, -+ (EFI_SMBIOS_TABLE_HEADER *) SmbiosHeader); -+ if (EFI_ERROR (Status)) { -+ DEBUG ((DEBUG_ERROR, "%a: Smbios->Add(): %r\n", __FUNCTION__, Status)); -+ return Status; -+ } -+ -+ // -+ // track known tables -+ // -+ if (SmbiosHeader->Type < TABLE_TYPE_LIMIT) { -+ Context->Table[SmbiosHeader->Type].Installed = TRUE; -+ } -+ return EFI_SUCCESS; -+} -+ -+ -+/** -+ Traverse the SMBIOS firmware configuration blob exported by QEMU under -+ QemuFwCfgItemX86SmbiosTables, processing each entry in turn. -+ -+ Entries with ET_FIELD type are parsed as patches for the SMBIOS tables this -+ module installs as fallbacks, while entries of type ET_TABLE are parsed and -+ installed as verbatim SMBIOS tables. -+ -+ Unknown entry types are silently skipped. Any error encountered during -+ traversal (for example, a recognized but malformed entry) aborts the -+ iteration, leaving the function with a possibly incomplete set of installed -+ tables. -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for -+ installing SMBIOS tables. -+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle -+ tracks the origin of installed SMBIOS tables. -+ @param[in,out] Context The BUILD_CONTEXT object tracking installed -+ tables and saved patches. -+ -+ @retval EFI_SUCCESS The firmware configuration interface is -+ unavailable (no patches saved, no tables -+ installed). -+ @retval EFI_SUCCESS Traversal complete. Tables provided by QEMU -+ have been installed. Patches have been saved -+ for any default tables that will be necessary. -+ @retval EFI_INVALID_PARAMETER Encountered a corrupt entry in the SMBIOS -+ firmware configuration blob. -+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed. -+ @return Error codes returned by VisitSmbiosField() and -+ VisitSmbiosTable(). -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+ScanQemuSmbios ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_HANDLE ProducerHandle, -+ IN OUT BUILD_CONTEXT *Context -+ ) -+{ -+ EFI_STATUS Status; -+ UINT16 NumEntries; -+ UINT16 CurEntry; -+ -+ Status = EFI_SUCCESS; -+ -+ if (!QemuFwCfgIsAvailable ()) { -+ return Status; -+ } -+ -+ QemuFwCfgSelectItem (QemuFwCfgItemX86SmbiosTables); -+ -+ NumEntries = QemuFwCfgRead16 (); -+ for (CurEntry = 0; CurEntry < NumEntries && !EFI_ERROR (Status); -+ ++CurEntry) { -+ FW_CFG_SMBIOS_ENTRY_HDR Header; -+ UINT16 PayloadSize; -+ UINT8 *Payload; -+ -+ QemuFwCfgReadBytes (sizeof Header, &Header); -+ -+ if (Header.Size < (INT32) sizeof Header) { -+ DEBUG ((DEBUG_ERROR, "%a: invalid header size %d in entry %d\n", -+ __FUNCTION__, Header.Size, CurEntry)); -+ return EFI_INVALID_PARAMETER; -+ } -+ -+ PayloadSize = (UINT16) (Header.Size - sizeof Header); -+ Payload = AllocatePool (PayloadSize); -+ -+ if (PayloadSize > 0 && Payload == NULL) { -+ DEBUG ((DEBUG_ERROR, "%a: failed to allocate %d bytes for entry %d\n", -+ __FUNCTION__, PayloadSize, CurEntry)); -+ return EFI_OUT_OF_RESOURCES; -+ } -+ -+ QemuFwCfgReadBytes (PayloadSize, Payload); -+ -+ // -+ // dump the payload -+ // -+ DEBUG_CODE ( -+ UINT16 Idx; -+ -+ DEBUG ((DEBUG_VERBOSE, -+ "%a: entry %d, type %d, payload size %d, payload hex dump follows:", -+ __FUNCTION__, CurEntry, Header.Type, PayloadSize)); -+ for (Idx = 0; Idx < PayloadSize; ++Idx) { -+ switch (Idx % 16) { -+ case 0: -+ DEBUG ((DEBUG_VERBOSE, "\n%04X:", Idx)); -+ break; -+ case 8: -+ DEBUG ((DEBUG_VERBOSE, " ")); -+ break; -+ default: -+ ; -+ } -+ DEBUG ((DEBUG_VERBOSE, " %02X", Payload[Idx])); -+ } -+ DEBUG ((DEBUG_VERBOSE, "\n")); -+ ); -+ -+ switch (Header.Type) { -+ case ET_FIELD: -+ Status = VisitSmbiosField (Context, Payload, PayloadSize); -+ break; -+ case ET_TABLE: -+ Status = VisitSmbiosTable (Smbios, ProducerHandle, Context, Payload, -+ PayloadSize); -+ break; -+ default: -+ ; -+ } -+ -+ FreePool (Payload); -+ } -+ -+ return Status; -+} -+ -+ -+/** -+ Install some of the default SMBIOS tables for table types that QEMU hasn't -+ provided under QemuFwCfgItemX86SmbiosTables, but are required by the -+ SMBIOS-2.7.1 specification. -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for -+ installing SMBIOS tables. -+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle -+ tracks the origin of installed SMBIOS tables. -+ @param[in,out] Context The BUILD_CONTEXT object tracking installed -+ tables and saved patches. -+ -+ @return Status codes returned by the InstallSmbiosTypeXX() functions, -+ including the final EFI_SUCCESS if all such calls succeed. -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+InstallDefaultTables ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_HANDLE ProducerHandle, -+ IN OUT BUILD_CONTEXT *Context -+ ) -+{ -+ return EFI_SUCCESS; -+} -+ -+ -+/** -+ Fetch and install SMBIOS tables on the QEMU hypervisor. -+ -+ First, tables provided by QEMU in entirety are installed verbatim. -+ -+ Then the function prepares some of the remaining tables required by the -+ SMBIOS-2.7.1 specification. For each such table, -+ - if QEMU provides any fields for the table, they take effect verbatim, -+ - remaining fields are set by this function. -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for installing -+ the SMBIOS tables. -+ @param[in] ImageHandle The image handle of the calling module, passed as -+ ProducerHandle to the Smbios->Add() call. -+ -+ @retval EFI_SUCCESS All tables have been installed. -+ @retval EFI_UNSUPPORTED The pair (Smbios->MajorVersion, -+ Smbios->MinorVersion) precedes (2, 3) -+ lexicographically. -+ @return Error codes returned by Smbios->Add() or -+ internal functions. Some tables may not have -+ been installed or fully patched. -+**/ -+EFI_STATUS -+EFIAPI -+InstallQemuSmbiosTables ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_HANDLE ImageHandle -+ ) -+{ -+ EFI_STATUS Status; -+ BUILD_CONTEXT *Context; -+ -+ if (Smbios->MajorVersion < 2 || Smbios->MinorVersion < 3) { -+ DEBUG ((DEBUG_ERROR, "%a: unsupported Smbios version %d.%d\n", -+ __FUNCTION__, Smbios->MajorVersion, Smbios->MinorVersion)); -+ return EFI_UNSUPPORTED; -+ } -+ -+ Status = InitSmbiosContext (&Context); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ // -+ // and must agree. -+ // -+ ASSERT (sizeof(SMBIOS_STRUCTURE) == sizeof(EFI_SMBIOS_TABLE_HEADER)); -+ -+ Status = ScanQemuSmbios (Smbios, ImageHandle, Context); -+ if (EFI_ERROR (Status)) { -+ goto Cleanup; -+ } -+ -+ Status = InstallDefaultTables (Smbios, ImageHandle, Context); -+ -+Cleanup: -+ UninitSmbiosContext (Context); -+ return Status; -+} -diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.h b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.h -new file mode 100644 -index 0000000..40d5ad3 ---- /dev/null -+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.h -@@ -0,0 +1,52 @@ -+/** @file -+ This header file provides QEMU-specific public prototypes for the main driver -+ file, "SmbiosPlatformDxe.c". -+ -+ Copyright (C) 2013, Red Hat, Inc. -+ -+ This program and the accompanying materials are licensed and made available -+ under the terms and conditions of the BSD License which accompanies this -+ distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license.php -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT -+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+**/ -+ -+#ifndef _QEMU_LEGACY_H_ -+#define _QEMU_LEGACY_H_ -+ -+#include -+ -+ -+/** -+ Fetch and install SMBIOS tables on the QEMU hypervisor. -+ -+ First, tables provided by QEMU in entirety are installed verbatim. -+ -+ Then the function prepares some of the remaining tables required by the -+ SMBIOS-2.7.1 specification. For each such table, -+ - if QEMU provides any fields for the table, they take effect verbatim, -+ - remaining fields are set by this function. -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for installing -+ the SMBIOS tables. -+ @param[in] ImageHandle The image handle of the calling module, passed as -+ ProducerHandle to the Smbios->Add() call. -+ -+ @retval EFI_SUCCESS All tables have been installed. -+ @retval EFI_UNSUPPORTED The pair (Smbios->MajorVersion, -+ Smbios->MinorVersion) precedes (2, 3) -+ lexicographically. -+ @return Error codes returned by Smbios->Add() or -+ internal functions. Some tables may not have -+ been installed or fully patched. -+**/ -+EFI_STATUS -+EFIAPI -+InstallQemuSmbiosTables ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_HANDLE ImageHandle -+ ); -+ -+#endif -diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h -new file mode 100644 -index 0000000..8613407 ---- /dev/null -+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h -@@ -0,0 +1,221 @@ -+/** @file -+ This header provides common includes, and communicates internal types, -+ function prototypes and macros between "Qemu.c" and "QemuTypeXX.c", that -+ relate to the installation and patching of SMBIOS tables on the QEMU -+ platform. -+ -+ Copyright (C) 2013, Red Hat, Inc. -+ -+ This program and the accompanying materials are licensed and made available -+ under the terms and conditions of the BSD License which accompanies this -+ distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license.php -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT -+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+**/ -+ -+#ifndef _QEMU_LEGACY_INTERNAL_H_ -+#define _QEMU_LEGACY_INTERNAL_H_ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+ -+// -+// Type identifiers of all tables mandated by the SMBIOS-2.7.1 specification -+// fall strictly under this limit. -+// -+#define TABLE_TYPE_LIMIT (EFI_SMBIOS_TYPE_SYSTEM_BOOT_INFORMATION + 1) -+ -+ -+// -+// Track a patch in dynamic memory, originating from a QEMU SMBIOS firmware -+// configuration entry with ET_FIELD type. -+// -+typedef struct { -+ UINT8 *Base; -+ UINT16 Size; -+} PATCH; -+ -+ -+#define FIELD_OFFSET_MINIMUM ((INT32) sizeof(SMBIOS_STRUCTURE)) -+#define PATCH_SUBSCRIPT_LIMIT (255 - FIELD_OFFSET_MINIMUM) -+ -+// -+// The following structure tracks the installation of each SMBIOS table with a -+// type below TABLE_TYPE_LIMIT, and captures QEMU SMBIOS firmware configuration -+// entries with ET_FIELD type that target the default table for the same type. -+// -+typedef struct { -+ BOOLEAN Installed; // at least one instance of the type has been installed -+ -+ PATCH Patch[PATCH_SUBSCRIPT_LIMIT]; // Patches indexed by the field offset -+ // that they target in this specific -+ // table type. Patching the SMBIOS table -+ // header is not allowed, hence we can -+ // shift down field offsets. An unused -+ // element has zeroed-out fields. -+} TABLE_CONTEXT; -+ -+ -+// -+// Track the installation of, and stored patches for, all table types below -+// TABLE_TYPE_LIMIT. -+// -+typedef struct { -+ TABLE_CONTEXT Table[TABLE_TYPE_LIMIT]; -+} BUILD_CONTEXT; -+ -+ -+// -+// Convenience / safety macro for defining C structure types for default SMBIOS -+// tables. -+// -+// Rules of use: -+// - Use only within #pragma pack(1). -+// - This macro depends on the macro -+// "OVMF_TYPE ## TableType ## _STRINGS" specifying the text strings -+// (unformatted area) for TableType. Each "QemuTypeXX.c" file needs to -+// provide said macro before using the one below. -+// -+#define OVMF_SMBIOS(TableType) \ -+ typedef struct { \ -+ SMBIOS_TABLE_TYPE##TableType Base; \ -+ UINT8 Strings[sizeof OVMF_TYPE##TableType##_STRINGS]; \ -+ } OVMF_TYPE##TableType -+ -+ -+// -+// Convenience / safety macro for patching a field in the formatted area of -+// an SMBIOS table. -+// -+#define PATCH_FORMATTED(Context, TableType, OvmfTablePtr, FieldName) \ -+ PatchSmbiosFormatted ( \ -+ Context, \ -+ TableType, \ -+ (UINT16) OFFSET_OF (SMBIOS_TABLE_TYPE##TableType, FieldName), \ -+ (UINT16) sizeof (OvmfTablePtr)->Base.FieldName, \ -+ (UINT8 *) (OvmfTablePtr) \ -+ ) -+ -+ -+/** -+ Apply a saved patch to a field located in the formatted are of a not yet -+ installed SMBIOS table. -+ -+ The patch is looked up based on (Context, TableType, FieldOffset). -+ -+ @param[in] Context The BUILD_CONTEXT object storing saved patches. -+ @param[in] TableType Selects the table type for which the patch has been -+ saved. It is assumed that the caller has validated -+ TableType against TABLE_TYPE_LIMIT (upper -+ exclusive). -+ @param[in] FieldOffset Selects the SMBIOS field for which the patch has -+ been saved. It is assumed that the caller has -+ validated FieldOffset against FIELD_OFFSET_MINIMUM -+ (lower inclusive) and 255 (upper exclusive). -+ @param[in] FieldSize The caller supplies the size of the field to patch -+ in FieldSize. The patch saved for -+ TableType:FieldOffset, if any, is only applied if -+ its size equals FieldSize. -+ @param[out] TableBase Base of the SMBIOS table of type TableType in which -+ the field starting at FieldOffset needs to be -+ patched. -+ -+ @retval EFI_NOT_FOUND No patch found for TableType:FieldOffset in -+ Context. This return value is considered -+ informative (ie. non-fatal). -+ @retval EFI_INVALID_PARAMETER Patch found for TableType:FieldOffset, but its -+ size doesn't match FieldSize. This result is -+ considered a fatal error of the patch origin. -+ @retval EFI_SUCCESS The SMBIOS table at TableBase has been patched -+ starting at FieldOffset for a length of -+ FieldSize. -+**/ -+EFI_STATUS -+EFIAPI -+PatchSmbiosFormatted ( -+ IN BUILD_CONTEXT *Context, -+ IN UINT8 TableType, -+ IN UINT16 FieldOffset, -+ IN UINT16 FieldSize, -+ OUT UINT8 *TableBase -+ ); -+ -+ -+// -+// Convenience / safety macro for patching a string in the unformatted area of -+// an SMBIOS table. -+// -+#define PATCH_UNFORMATTED(Smbios, SmbiosHandle, Context, TableType, \ -+ OvmfTablePtr, FieldName) \ -+ \ -+ PatchSmbiosUnformatted ( \ -+ Smbios, \ -+ SmbiosHandle, \ -+ Context, \ -+ TableType, \ -+ (UINT16) OFFSET_OF (SMBIOS_TABLE_TYPE##TableType, FieldName), \ -+ (UINT8 *) (OvmfTablePtr) \ -+ ) -+ -+ -+/** -+ Apply a saved patch to a text string located in the unformatted area of an -+ already installed SMBIOS table. -+ -+ The patch is looked up based on (Context, TableType, FieldOffset). -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used previously -+ for installing the SMBIOS table. -+ @param[in] SmbiosHandle The EFI_SMBIOS_HANDLE previously returned by -+ Smbios->Add(). -+ @param[in] Context The BUILD_CONTEXT object storing saved patches. -+ @param[in] TableType Selects the table type for which the patch has been -+ saved. It is assumed that the caller has validated -+ TableType against TABLE_TYPE_LIMIT (upper -+ exclusive). -+ @param[in] FieldOffset Selects the SMBIOS field for which the patch has -+ been saved. It is assumed that the caller has -+ validated FieldOffset against FIELD_OFFSET_MINIMUM -+ (lower inclusive) and 255 (upper exclusive). -+ It is also assumed that TableBase[FieldOffset] -+ accesses a field of type SMBIOS_TABLE_STRING, ie. a -+ field in the formatted area that identifies an -+ existent text string in the unformatted area. Text -+ string identifiers are one-based. -+ @param[out] TableBase Base of the SMBIOS table of type TableType in which -+ the SMBIOS_TABLE_STRING field at FieldOffset -+ identifies the existent text string to update. -+ -+ @retval EFI_NOT_FOUND No patch found for TableType:FieldOffset in -+ Context. This return value is considered -+ informative (ie. non-fatal). -+ @retval EFI_INVALID_PARAMETER Patch found for TableType:FieldOffset, but it -+ doesn't end with a NUL character. This result -+ is considered a fatal error of the patch -+ origin. -+ @retval EFI_SUCCESS The text string identified by -+ TableBase[FieldOffset] has been replaced in -+ the installed SMBIOS table under SmbiosHandle. -+ @return Error codes returned by -+ Smbios->UpdateString(). EFI_NOT_FOUND shall -+ not be returned. -+**/ -+EFI_STATUS -+EFIAPI -+PatchSmbiosUnformatted ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_SMBIOS_HANDLE SmbiosHandle, -+ IN BUILD_CONTEXT *Context, -+ IN UINT8 TableType, -+ IN UINT16 FieldOffset, -+ IN UINT8 *TableBase -+ ); -+ -+#endif -diff --git a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c -index 29948a4..b7c1d0d 100644 ---- a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c -+++ b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c -@@ -1,6 +1,7 @@ - /** @file - This driver installs SMBIOS information for OVMF - -+ Copyright (C) 2013, Red Hat, Inc. - Copyright (c) 2011, Bei Guan - Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.
- -@@ -15,6 +16,9 @@ - **/ - - #include "SmbiosPlatformDxe.h" -+#if defined (MDE_CPU_IA32) || defined (MDE_CPU_X64) -+#include "QemuLegacy.h" -+#endif - - #define TYPE0_STRINGS \ - "EFI Development Kit II / OVMF\0" /* Vendor */ \ -@@ -27,10 +31,10 @@ - typedef struct { - SMBIOS_TABLE_TYPE0 Base; - UINT8 Strings[sizeof(TYPE0_STRINGS)]; --} OVMF_TYPE0; -+} OVMF_DEFAULT_TYPE0; - #pragma pack() - --STATIC CONST OVMF_TYPE0 mOvmfDefaultType0 = { -+STATIC CONST OVMF_DEFAULT_TYPE0 mOvmfDefaultType0 = { - { - // SMBIOS_STRUCTURE Hdr - { -@@ -202,7 +206,14 @@ SmbiosTablePublishEntry ( - SmbiosTables = GetQemuSmbiosTables (); - } - -- if (SmbiosTables != NULL) { -+ if (SmbiosTables == NULL) { -+#if defined (MDE_CPU_IA32) || defined (MDE_CPU_X64) -+ // -+ // Handle QEMU's legacy SMBIOS interface. -+ // -+ Status = InstallQemuSmbiosTables (Smbios, ImageHandle); -+#endif -+ } else { - Status = InstallAllStructures (Smbios, SmbiosTables); - - // -diff --git a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf -index 3b90aac..8c9f43c 100644 ---- a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf -+++ b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf -@@ -1,6 +1,7 @@ - ## @file - # This driver installs SMBIOS information for OVMF - # -+# Copyright (C) 2013, Red Hat, Inc. - # Copyright (c) 2011, Bei Guan - # Copyright (c) 2011, Intel Corporation. All rights reserved.
- # -@@ -35,6 +36,7 @@ - - [Sources.IA32, Sources.X64] - X86Xen.c -+ QemuLegacy.c - - [Sources.ARM, Sources.AARCH64] - ArmXen.c --- -1.8.3.1 - diff --git a/0001-OvmfPkg-disable-multi-processor-support-for-boot-tim.patch b/0001-OvmfPkg-disable-multi-processor-support-for-boot-tim.patch deleted file mode 100644 index 2592b07..0000000 --- a/0001-OvmfPkg-disable-multi-processor-support-for-boot-tim.patch +++ /dev/null @@ -1,68 +0,0 @@ -From dd48ac51d1df4f718b4401b188d2824aebcc341c Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 26 Nov 2014 16:32:06 +0100 -Subject: [PATCH] OvmfPkg: disable multi-processor support for boot time - -We have no useful workload for APs, so let's not start them up, because -they would spin indefinitely until ExitBootServices(). - -Setting gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber to 1 -causes InitializeMpSupport() in "UefiCpuPkg/CpuDxe/CpuMp.c" to return -early. - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/OvmfPkgIa32.dsc | 4 ++++ - OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++ - OvmfPkg/OvmfPkgX64.dsc | 4 ++++ - 3 files changed, 12 insertions(+) - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 6598102..1730812 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -329,6 +329,10 @@ - # IRQs 5, 9, 10, 11 are level-triggered - gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20 - -+ # We have no useful workload for APs, so let's not start them up, because -+ # they would spin indefinitely until ExitBootServices(). -+ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|1 -+ - ################################################################################ - # - # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 4de961f..370ae50 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -335,6 +335,10 @@ - # IRQs 5, 9, 10, 11 are level-triggered - gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20 - -+ # We have no useful workload for APs, so let's not start them up, because -+ # they would spin indefinitely until ExitBootServices(). -+ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|1 -+ - ################################################################################ - # - # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 6c38081..175d5f4 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -334,6 +334,10 @@ - # IRQs 5, 9, 10, 11 are level-triggered - gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20 - -+ # We have no useful workload for APs, so let's not start them up, because -+ # they would spin indefinitely until ExitBootServices(). -+ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|1 -+ - ################################################################################ - # - # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform --- -1.8.3.1 - diff --git a/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch index e3c5c99..441ae4c 100644 --- a/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +++ b/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -1,8 +1,6 @@ -From 4475c02d63dda9e2da4c663593491a01ae8c6b5a Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 27 Jan 2016 03:05:18 +0100 -Subject: [PATCH 1/5] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in - NvmExpressDxe +Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE level. @@ -63,6 +61,3 @@ index e88e70d..eb3ad3f 100644 MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf --- -1.8.3.1 - diff --git a/0001-pick-up-any-display-device-not-only-vga.patch b/0001-pick-up-any-display-device-not-only-vga.patch deleted file mode 100644 index de874d2..0000000 --- a/0001-pick-up-any-display-device-not-only-vga.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 71de9d92e78ae0a7c351f9daf84109bbbaca400a Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Thu, 13 Mar 2014 08:08:41 +0100 -Subject: [PATCH] pick up any display device, not only vga - ---- - OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c -index ab9c93e..d3f5908 100644 ---- a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c -+++ b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c -@@ -593,7 +593,7 @@ DetectAndPreparePlatformPciDevicePath ( - // - // Here we decide which VGA device to enable in PCI bus - // -- if (IS_PCI_VGA (Pci)) { -+ if (IS_PCI_DISPLAY (Pci)) { - // - // Add them to ConOut. - // --- -1.8.3.1 - diff --git a/0002-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch b/0002-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch deleted file mode 100644 index 8a4d751..0000000 --- a/0002-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch +++ /dev/null @@ -1,272 +0,0 @@ -From 26146b77f6d54c44fbb984bacf8bf31683e8d477 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 5 Jun 2013 10:25:13 +0200 -Subject: [PATCH 2/3] OvmfPkg/SmbiosPlatformDxe: install+patch default legacy - type0 table (X86) - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c | 5 +- - OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h | 30 ++++ - OvmfPkg/SmbiosPlatformDxe/QemuType0.c | 180 ++++++++++++++++++++++++ - OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf | 1 + - 4 files changed, 215 insertions(+), 1 deletion(-) - create mode 100644 OvmfPkg/SmbiosPlatformDxe/QemuType0.c - -diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c -index 9c57558..ed75a01 100644 ---- a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c -+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c -@@ -628,7 +628,10 @@ InstallDefaultTables ( - IN OUT BUILD_CONTEXT *Context - ) - { -- return EFI_SUCCESS; -+ EFI_STATUS Status; -+ -+ Status = InstallSmbiosType0 (Smbios, ProducerHandle, Context); -+ return Status; - } - - -diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h -index 8613407..ca776b5 100644 ---- a/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h -+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h -@@ -218,4 +218,34 @@ PatchSmbiosUnformatted ( - IN UINT8 *TableBase - ); - -+ -+/** -+ Install default (fallback) table for SMBIOS Type 0. -+ -+ In case QEMU has provided no Type 0 SMBIOS table in whole, prepare one here, -+ patch it with any referring saved patches, and install it. -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for -+ installing SMBIOS tables. -+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle -+ tracks the origin of installed SMBIOS tables. -+ @param[in,out] Context The BUILD_CONTEXT object tracking installed -+ tables and saved patches. -+ -+ @retval EFI_SUCCESS A Type 0 table has already been installed from the -+ SMBIOS firmware configuration blob. -+ @retval EFI_SUCCESS No Type 0 table was installed previously, and installing -+ the default here has succeeded. -+ @return Error codes from the PATCH_FORMATTED() and -+ PATCH_UNFORMATTED() macros, except EFI_NOT_FOUND, which -+ is only an informative result of theirs. -+**/ -+EFI_STATUS -+EFIAPI -+InstallSmbiosType0 ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_HANDLE ProducerHandle, -+ IN OUT BUILD_CONTEXT *Context -+ ); -+ - #endif -diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuType0.c b/OvmfPkg/SmbiosPlatformDxe/QemuType0.c -new file mode 100644 -index 0000000..9ec5d76 ---- /dev/null -+++ b/OvmfPkg/SmbiosPlatformDxe/QemuType0.c -@@ -0,0 +1,180 @@ -+/** @file -+ Install the default Type 0 SMBIOS table if QEMU doesn't provide one through -+ the firmware configuration interface. -+ -+ Copyright (C) 2013, Red Hat, Inc. -+ -+ This program and the accompanying materials are licensed and made available -+ under the terms and conditions of the BSD License which accompanies this -+ distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license.php -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT -+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+**/ -+ -+#include "QemuLegacyInternal.h" -+ -+ -+// -+// Text strings (unformatted area) for the default Tpe 0 SMBIOS table. -+// -+// All possible strings must be provided because Smbios->UpdateString() can -+// only update existing strings, it can't introduce new ones. -+// -+#define OVMF_TYPE0_STRINGS \ -+ "EFI Development Kit II / OVMF\0" /* Vendor */ \ -+ "0.1\0" /* BiosVersion */ \ -+ "06/03/2013\0" /* BiosReleaseDate */ -+ -+ -+// -+// Type definition and contents of the default Type 0 SMBIOS table. -+// -+#pragma pack(1) -+OVMF_SMBIOS (0); -+#pragma pack() -+ -+STATIC CONST OVMF_TYPE0 mOvmfType0 = { -+ { -+ // SMBIOS_STRUCTURE Hdr -+ { -+ EFI_SMBIOS_TYPE_BIOS_INFORMATION, // UINT8 Type -+ sizeof (SMBIOS_TABLE_TYPE0) // UINT8 Length -+ }, -+ 1, // SMBIOS_TABLE_STRING Vendor -+ 2, // SMBIOS_TABLE_STRING BiosVersion -+ 0xE800,// UINT16 BiosSegment -+ 3, // SMBIOS_TABLE_STRING BiosReleaseDate -+ 0, // UINT8 BiosSize -+ { 0 }, // MISC_BIOS_CHARACTERISTICS BiosCharacteristics -+ { 0 }, // UINT8 BIOSCharacteristicsExtensionBytes[2] -+ 0, // UINT8 SystemBiosMajorRelease -+ 1, // UINT8 SystemBiosMinorRelease -+ 0xFF, // UINT8 EmbeddedControllerFirmwareMajorRelease -+ 0xFF // UINT8 EmbeddedControllerFirmwareMinorRelease -+ }, -+ OVMF_TYPE0_STRINGS -+}; -+ -+ -+/** -+ Install default (fallback) table for SMBIOS Type 0. -+ -+ In case QEMU has provided no Type 0 SMBIOS table in whole, prepare one here, -+ patch it with any referring saved patches, and install it. -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for -+ installing SMBIOS tables. -+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle -+ tracks the origin of installed SMBIOS tables. -+ @param[in,out] Context The BUILD_CONTEXT object tracking installed -+ tables and saved patches. -+ -+ @retval EFI_SUCCESS A Type 0 table has already been installed from the -+ SMBIOS firmware configuration blob. -+ @retval EFI_SUCCESS No Type 0 table was installed previously, and installing -+ the default here has succeeded. -+ @return Error codes from the PATCH_FORMATTED() and -+ PATCH_UNFORMATTED() macros, except EFI_NOT_FOUND, which -+ is only an informative result of theirs. -+**/ -+EFI_STATUS -+EFIAPI -+InstallSmbiosType0 ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_HANDLE ProducerHandle, -+ IN OUT BUILD_CONTEXT *Context -+ ) -+{ -+ TABLE_CONTEXT *Table; -+ OVMF_TYPE0 OvmfType0; -+ MISC_BIOS_CHARACTERISTICS_EXTENSION *Ext; -+ EFI_STATUS Status; -+ EFI_SMBIOS_HANDLE SmbiosHandle; -+ -+ Table = &Context->Table[0]; -+ if (Table->Installed) { -+ return EFI_SUCCESS; -+ } -+ -+ CopyMem (&OvmfType0, &mOvmfType0, sizeof OvmfType0); -+ Ext = (VOID *) &OvmfType0.Base.BIOSCharacteristicsExtensionBytes[0]; -+ -+ OvmfType0.Base.BiosCharacteristics.BiosCharacteristicsNotSupported = 1; -+ Ext->SystemReserved.UefiSpecificationSupported = 1; -+ Ext->SystemReserved.VirtualMachineSupported = 1; -+ -+ // -+ // Default contents ready. Formatted fields must be patched before installing -+ // the table, while strings in the unformatted area will be patched -+ // afterwards. -+ // -+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, BiosSegment); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, BiosSize); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, BiosCharacteristics); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, -+ BIOSCharacteristicsExtensionBytes); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, SystemBiosMajorRelease); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, SystemBiosMinorRelease); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, -+ EmbeddedControllerFirmwareMajorRelease); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, -+ EmbeddedControllerFirmwareMinorRelease); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ -+ // -+ // Install SMBIOS table with patched formatted area and default strings. -+ // -+ SmbiosHandle = SMBIOS_HANDLE_PI_RESERVED; -+ Status = Smbios->Add (Smbios, ProducerHandle, &SmbiosHandle, -+ (EFI_SMBIOS_TABLE_HEADER *) &OvmfType0); -+ if (EFI_ERROR (Status)) { -+ DEBUG ((DEBUG_ERROR, "%a: Smbios->Add(): %r\n", __FUNCTION__, Status)); -+ return Status; -+ } -+ Table->Installed = TRUE; -+ -+ // -+ // Patch strings in the unformatted area of the installed table. -+ // -+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 0, &OvmfType0, -+ Vendor); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 0, &OvmfType0, -+ BiosVersion); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 0, &OvmfType0, -+ BiosReleaseDate); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ return EFI_SUCCESS; -+} -diff --git a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf -index 8c9f43c..3483b9c 100644 ---- a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf -+++ b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf -@@ -37,6 +37,7 @@ - [Sources.IA32, Sources.X64] - X86Xen.c - QemuLegacy.c -+ QemuType0.c - - [Sources.ARM, Sources.AARCH64] - ArmXen.c --- -1.8.3.1 - diff --git a/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch b/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch index cf4426c..aa3a9eb 100644 --- a/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch +++ b/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch @@ -1,8 +1,6 @@ -From c6e5bbe0378662620e736c82bcd0d08db42e5979 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 27 Jan 2016 03:05:18 +0100 -Subject: [PATCH 2/5] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in the DXE - core +Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in the DXE core The DXE core logs a bunch of Properties Table and Memory Attributes Table related information, on the EFI_D_VERBOSE level, that I am at the moment @@ -55,6 +53,3 @@ index eb3ad3f..0e02ba8 100644 } IntelFrameworkModulePkg/Universal/StatusCode/RuntimeDxe/StatusCodeRuntimeDxe.inf --- -1.8.3.1 - diff --git a/0003-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch b/0003-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch deleted file mode 100644 index bf2254f..0000000 --- a/0003-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch +++ /dev/null @@ -1,270 +0,0 @@ -From 1b10131728dd1cff48ef1ce46820d89f21708852 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 5 Jun 2013 10:28:09 +0200 -Subject: [PATCH 3/3] OvmfPkg/SmbiosPlatformDxe: install+patch default legacy - type1 table (X86) - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c | 5 + - OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h | 30 ++++ - OvmfPkg/SmbiosPlatformDxe/QemuType1.c | 178 ++++++++++++++++++++++++ - OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf | 1 + - 4 files changed, 214 insertions(+) - create mode 100644 OvmfPkg/SmbiosPlatformDxe/QemuType1.c - -diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c -index ed75a01..6507cc0 100644 ---- a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c -+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c -@@ -631,6 +631,11 @@ InstallDefaultTables ( - EFI_STATUS Status; - - Status = InstallSmbiosType0 (Smbios, ProducerHandle, Context); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = InstallSmbiosType1 (Smbios, ProducerHandle, Context); - return Status; - } - -diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h -index ca776b5..4a2e824 100644 ---- a/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h -+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h -@@ -248,4 +248,34 @@ InstallSmbiosType0 ( - IN OUT BUILD_CONTEXT *Context - ); - -+ -+/** -+ Install default (fallback) table for SMBIOS Type 1. -+ -+ In case QEMU has provided no Type 1 SMBIOS table in whole, prepare one here, -+ patch it with any referring saved patches, and install it. -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for -+ installing SMBIOS tables. -+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle -+ tracks the origin of installed SMBIOS tables. -+ @param[in,out] Context The BUILD_CONTEXT object tracking installed -+ tables and saved patches. -+ -+ @retval EFI_SUCCESS A Type 1 table has already been installed from the -+ SMBIOS firmware configuration blob. -+ @retval EFI_SUCCESS No Type 1 table was installed previously, and installing -+ the default here has succeeded. -+ @return Error codes from the PATCH_FORMATTED() and -+ PATCH_UNFORMATTED() macros, except EFI_NOT_FOUND, which -+ is only an informative result of theirs. -+**/ -+EFI_STATUS -+EFIAPI -+InstallSmbiosType1 ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_HANDLE ProducerHandle, -+ IN OUT BUILD_CONTEXT *Context -+ ); -+ - #endif -diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuType1.c b/OvmfPkg/SmbiosPlatformDxe/QemuType1.c -new file mode 100644 -index 0000000..ff48164 ---- /dev/null -+++ b/OvmfPkg/SmbiosPlatformDxe/QemuType1.c -@@ -0,0 +1,178 @@ -+/** @file -+ Install the default Type 1 SMBIOS table if QEMU doesn't provide one through -+ the firmware configuration interface. -+ -+ Copyright (C) 2013, Red Hat, Inc. -+ -+ This program and the accompanying materials are licensed and made available -+ under the terms and conditions of the BSD License which accompanies this -+ distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license.php -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT -+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+**/ -+ -+#include "QemuLegacyInternal.h" -+ -+ -+// -+// Text strings (unformatted area) for the default Tpe 1 SMBIOS table. -+// -+// All possible strings must be provided because Smbios->UpdateString() can -+// only update existing strings, it can't introduce new ones. -+// -+#define OVMF_TYPE1_STRINGS \ -+ "QEMU\0" /* Manufacturer */ \ -+ "QEMU Virtual Machine\0" /* ProductName */ \ -+ "n/a\0" /* Version */ \ -+ "n/a\0" /* SerialNumber */ \ -+ "n/a\0" /* SKUNumber */ \ -+ "n/a\0" /* Family */ -+ -+ -+// -+// Type definition and contents of the default Type 1 SMBIOS table. -+// -+#pragma pack(1) -+OVMF_SMBIOS (1); -+#pragma pack() -+ -+STATIC CONST OVMF_TYPE1 mOvmfType1 = { -+ { -+ // SMBIOS_STRUCTURE Hdr -+ { -+ EFI_SMBIOS_TYPE_SYSTEM_INFORMATION, // UINT8 Type -+ sizeof (SMBIOS_TABLE_TYPE1) // UINT8 Length -+ }, -+ 1, // SMBIOS_TABLE_STRING Manufacturer -+ 2, // SMBIOS_TABLE_STRING ProductName -+ 3, // SMBIOS_TABLE_STRING Version -+ 4, // SMBIOS_TABLE_STRING SerialNumber -+ { 0 }, // GUID Uuid -+ SystemWakeupTypePowerSwitch, // UINT8 WakeUpType -+ 5, // SMBIOS_TABLE_STRING SKUNumber -+ 6, // SMBIOS_TABLE_STRING Family -+ }, -+ OVMF_TYPE1_STRINGS -+}; -+ -+ -+/** -+ Install default (fallback) table for SMBIOS Type 1. -+ -+ In case QEMU has provided no Type 1 SMBIOS table in whole, prepare one here, -+ patch it with any referring saved patches, and install it. -+ -+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for -+ installing SMBIOS tables. -+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle -+ tracks the origin of installed SMBIOS tables. -+ @param[in,out] Context The BUILD_CONTEXT object tracking installed -+ tables and saved patches. -+ -+ @retval EFI_SUCCESS A Type 1 table has already been installed from the -+ SMBIOS firmware configuration blob. -+ @retval EFI_SUCCESS No Type 1 table was installed previously, and installing -+ the default here has succeeded. -+ @return Error codes from the PATCH_FORMATTED() and -+ PATCH_UNFORMATTED() macros, except EFI_NOT_FOUND, which -+ is only an informative result of theirs. -+**/ -+EFI_STATUS -+EFIAPI -+InstallSmbiosType1 ( -+ IN EFI_SMBIOS_PROTOCOL *Smbios, -+ IN EFI_HANDLE ProducerHandle, -+ IN OUT BUILD_CONTEXT *Context -+ ) -+{ -+ TABLE_CONTEXT *Table; -+ OVMF_TYPE1 OvmfType1; -+ EFI_STATUS Status; -+ EFI_SMBIOS_HANDLE SmbiosHandle; -+ -+ Table = &Context->Table[1]; -+ if (Table->Installed) { -+ return EFI_SUCCESS; -+ } -+ -+ CopyMem (&OvmfType1, &mOvmfType1, sizeof OvmfType1); -+ -+ QemuFwCfgSelectItem (QemuFwCfgItemSystemUuid); -+ OvmfType1.Base.Uuid.Data1 = SwapBytes32 (QemuFwCfgRead32 ()); -+ OvmfType1.Base.Uuid.Data2 = SwapBytes16 (QemuFwCfgRead16 ()); -+ OvmfType1.Base.Uuid.Data3 = SwapBytes16 (QemuFwCfgRead16 ()); -+ QemuFwCfgReadBytes (sizeof OvmfType1.Base.Uuid.Data4, -+ &OvmfType1.Base.Uuid.Data4); -+ -+ // -+ // Default contents ready. Formatted fields must be patched before installing -+ // the table, while strings in the unformatted area will be patched -+ // afterwards. -+ // -+ Status = PATCH_FORMATTED (Context, 1, &OvmfType1, Uuid); -+ switch (Status) { -+ case EFI_NOT_FOUND: -+ break; -+ case EFI_SUCCESS: -+ OvmfType1.Base.Uuid.Data1 = SwapBytes32 (OvmfType1.Base.Uuid.Data1); -+ OvmfType1.Base.Uuid.Data2 = SwapBytes16 (OvmfType1.Base.Uuid.Data2); -+ OvmfType1.Base.Uuid.Data3 = SwapBytes16 (OvmfType1.Base.Uuid.Data3); -+ break; -+ default: -+ return Status; -+ } -+ -+ Status = PATCH_FORMATTED (Context, 1, &OvmfType1, WakeUpType); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ -+ // -+ // Install SMBIOS table with patched formatted area and default strings. -+ // -+ SmbiosHandle = SMBIOS_HANDLE_PI_RESERVED; -+ Status = Smbios->Add (Smbios, ProducerHandle, &SmbiosHandle, -+ (EFI_SMBIOS_TABLE_HEADER *) &OvmfType1); -+ if (EFI_ERROR (Status)) { -+ DEBUG ((DEBUG_ERROR, "%a: Smbios->Add(): %r\n", __FUNCTION__, Status)); -+ return Status; -+ } -+ Table->Installed = TRUE; -+ -+ // -+ // Patch strings in the unformatted area of the installed table. -+ // -+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1, -+ Manufacturer); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1, -+ ProductName); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1, -+ Version); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1, -+ SerialNumber); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1, -+ SKUNumber); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1, -+ Family); -+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) { -+ return Status; -+ } -+ return EFI_SUCCESS; -+} -diff --git a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf -index 3483b9c..1f7dfca 100644 ---- a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf -+++ b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf -@@ -38,6 +38,7 @@ - X86Xen.c - QemuLegacy.c - QemuType0.c -+ QemuType1.c - - [Sources.ARM, Sources.AARCH64] - ArmXen.c --- -1.8.3.1 - diff --git a/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch b/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch index 447fdfd..ecf487d 100644 --- a/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch +++ b/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch @@ -1,7 +1,6 @@ -From 214090228fb08f03737ba90d29e23dc7b2235614 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sun, 8 Jul 2012 14:26:07 +0200 -Subject: [PATCH 3/5] OvmfPkg: enable DEBUG_VERBOSE +Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE Enable verbose debug logs. @@ -51,6 +50,3 @@ index 0e02ba8..1836c25 100644 !ifdef $(SOURCE_DEBUG_ENABLE) gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 --- -1.8.3.1 - diff --git a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch index c59c207..1bb9ee3 100644 --- a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch +++ b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch @@ -1,7 +1,6 @@ -From f468bab8fa61f7b7d0b0149f374945eb549af16e Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 20 Feb 2014 22:54:45 +0100 -Subject: [PATCH 4/5] OvmfPkg: increase max debug message length to 512 +Subject: [PATCH] OvmfPkg: increase max debug message length to 512 Contributed-under: TianoCore Contribution Agreement 1.0 --- @@ -21,6 +20,3 @@ index 44850a9..b6927d0 100644 /** This constructor function does not have to do anything. --- -1.8.3.1 - diff --git a/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch index d8052ba..f1274ea 100644 --- a/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +++ b/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch @@ -1,7 +1,6 @@ -From 82175ef201595d45a0959249a36f4ffd74047fdb Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 20 May 2014 23:41:56 +0200 -Subject: [PATCH 5/5] OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim +Subject: [PATCH] OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim Contributed-under: TianoCore Contribution Agreement 1.0 --- @@ -519,6 +518,3 @@ index cc9b6e1..db37f1d 100644 + /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00, }; #endif --- -1.8.3.1 - diff --git a/0006-EXCLUDE_SHELL_FROM_FD.patch b/0006-EXCLUDE_SHELL_FROM_FD.patch new file mode 100644 index 0000000..1e2f7d6 --- /dev/null +++ b/0006-EXCLUDE_SHELL_FROM_FD.patch @@ -0,0 +1,64 @@ +From: Gerd Hoffmann +Date: Thu, 18 Feb 2016 10:52:44 +0100 +Subject: [PATCH] EXCLUDE_SHELL_FROM_FD + +--- + OvmfPkg/OvmfPkgIa32.fdf | 2 ++ + OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ + OvmfPkg/OvmfPkgX64.fdf | 2 ++ + 3 files changed, 6 insertions(+) + +diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf +index 93a51a5..9ae7982 100644 +--- a/OvmfPkg/OvmfPkgIa32.fdf ++++ b/OvmfPkg/OvmfPkgIa32.fdf +@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + + INF FatPkg/EnhancedFatDxe/Fat.inf + ++!ifndef $(EXCLUDE_SHELL_FROM_FD) + !ifndef $(USE_OLD_SHELL) + INF ShellPkg/Application/Shell/Shell.inf + !else + INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf + !endif ++!endif + + FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) { + SECTION RAW = MdeModulePkg/Logo/Logo.bmp +diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf +index aad16a6..f58f18a 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.fdf ++++ b/OvmfPkg/OvmfPkgIa32X64.fdf +@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + + INF FatPkg/EnhancedFatDxe/Fat.inf + ++!ifndef $(EXCLUDE_SHELL_FROM_FD) + !ifndef $(USE_OLD_SHELL) + INF ShellPkg/Application/Shell/Shell.inf + !else + INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf + !endif ++!endif + + FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) { + SECTION RAW = MdeModulePkg/Logo/Logo.bmp +diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf +index 387b808..4e0c0ab 100644 +--- a/OvmfPkg/OvmfPkgX64.fdf ++++ b/OvmfPkg/OvmfPkgX64.fdf +@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + + INF FatPkg/EnhancedFatDxe/Fat.inf + ++!ifndef $(EXCLUDE_SHELL_FROM_FD) + !ifndef $(USE_OLD_SHELL) + INF ShellPkg/Application/Shell/Shell.inf + !else + INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf + !endif ++!endif + + FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) { + SECTION RAW = MdeModulePkg/Logo/Logo.bmp diff --git a/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch new file mode 100644 index 0000000..2b1fae6 --- /dev/null +++ b/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch @@ -0,0 +1,1122 @@ +From: Laszlo Ersek +Date: Mon, 6 Jul 2015 20:22:02 +0200 +Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default + keys + +(A port of the patch +to Gerd's public RPMs.) + +This application is meant to be invoked by the management layer, after +booting the UEFI shell and getting a shell prompt on the serial console. +The app enrolls a number of certificates (see below), and then reports +status to the serial console as well. The expected output is "info: +success": + +> Shell> EnrollDefaultKeys.efi +> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 +> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 +> info: success +> Shell> + +In case of success, the management layer can force off or reboot the VM +(for example with the "reset -s" or "reset -c" UEFI shell commands, +respectively), and start the guest installation with SecureBoot enabled. + +PK: +- A unique, static, ad-hoc certificate whose private half has been + destroyed (more precisely, never saved) and is therefore unusable for + signing. (The command for creating this certificate is saved in the + source code.) + +KEK: +- same ad-hoc certificate as used for the PK, +- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool + package is signed (indirectly, through a chain) with this; enrolling + such a KEK should allow guests to install those updates. + +DB: +- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows + Server 2012 R2, +- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI + oproms. + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +--- + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 960 ++++++++++++++++++++++++ + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 51 ++ + OvmfPkg/OvmfPkgIa32.dsc | 4 + + OvmfPkg/OvmfPkgIa32X64.dsc | 4 + + OvmfPkg/OvmfPkgX64.dsc | 4 + + 5 files changed, 1023 insertions(+) + create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c + create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf + +diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c +new file mode 100644 +index 0000000..081212b +--- /dev/null ++++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c +@@ -0,0 +1,960 @@ ++/** @file ++ Enroll default PK, KEK, DB. ++ ++ Copyright (C) 2014, Red Hat, Inc. ++ ++ This program and the accompanying materials are licensed and made available ++ under the terms and conditions of the BSD License which accompanies this ++ distribution. The full text of the license may be found at ++ http://opensource.org/licenses/bsd-license. ++ ++ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT ++ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++**/ ++#include // gEfiCustomModeEnableGuid ++#include // EFI_SETUP_MODE_NAME ++#include // EFI_IMAGE_SECURITY_DATABASE ++#include // CopyGuid() ++#include // ASSERT() ++#include // FreePool() ++#include // ShellAppMain() ++#include // AsciiPrint() ++#include // gRT ++ ++// ++// The example self-signed certificate below, which we'll use for both Platform ++// Key, and first Key Exchange Key, has been generated with the following ++// non-interactive openssl command. The passphrase is read from /dev/urandom, ++// and not saved, and the private key is written to /dev/null. In other words, ++// we can't sign anything else against this certificate, which is our purpose. ++// ++/* ++ openssl req \ ++ -passout file:<(head -c 16 /dev/urandom) \ ++ -x509 \ ++ -newkey rsa:2048 \ ++ -keyout /dev/null \ ++ -outform DER \ ++ -subj $( ++ printf /C=US ++ printf /ST=TestStateOrProvince ++ printf /L=TestLocality ++ printf /O=TestOrganization ++ printf /OU=TestOrganizationalUnit ++ printf /CN=TestCommonName ++ printf /emailAddress=test@example.com ++ ) \ ++ 2>/dev/null \ ++ | xxd -i ++*/ ++STATIC CONST UINT8 ExampleCert[] = { ++ 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02, ++ 0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d, ++ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, ++ 0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, ++ 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, ++ 0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, ++ 0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, ++ 0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, ++ 0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, ++ 0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, ++ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, ++ 0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, ++ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, ++ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, ++ 0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, ++ 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, ++ 0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, ++ 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, ++ 0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34, ++ 0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81, ++ 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, ++ 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54, ++ 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f, ++ 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, ++ 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, ++ 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10, ++ 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, ++ 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, ++ 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, ++ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30, ++ 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43, ++ 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d, ++ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, ++ 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, ++ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, ++ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, ++ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce, ++ 0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21, ++ 0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc, ++ 0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae, ++ 0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16, ++ 0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b, ++ 0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77, ++ 0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce, ++ 0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31, ++ 0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35, ++ 0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d, ++ 0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a, ++ 0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24, ++ 0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2, ++ 0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d, ++ 0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b, ++ 0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3, ++ 0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1, ++ 0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4, ++ 0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68, ++ 0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, ++ 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, ++ 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, ++ 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, ++ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, ++ 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, ++ 0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, ++ 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, ++ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38, ++ 0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9, ++ 0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a, ++ 0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c, ++ 0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59, ++ 0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4, ++ 0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81, ++ 0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c, ++ 0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f, ++ 0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b, ++ 0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04, ++ 0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f, ++ 0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e, ++ 0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f, ++ 0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03, ++ 0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84, ++ 0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d, ++ 0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5, ++ 0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1, ++ 0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19, ++ 0x26, 0x5b, 0xc0, 0x3d, 0xc7 ++}; ++ ++// ++// Second KEK: "Microsoft Corporation KEK CA 2011". ++// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30 ++// ++// "dbx" updates in "dbxtool" are signed with a key derived from this KEK. ++// ++STATIC CONST UINT8 MicrosoftKEK[] = { ++ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02, ++ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, ++ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, ++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, ++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, ++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, ++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, ++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, ++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, ++ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, ++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, ++ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, ++ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, ++ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, ++ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, ++ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30, ++ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, ++ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, ++ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, ++ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, ++ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, ++ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, ++ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, ++ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, ++ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, ++ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, ++ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, ++ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad, ++ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d, ++ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb, ++ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3, ++ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b, ++ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac, ++ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8, ++ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0, ++ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2, ++ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89, ++ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2, ++ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03, ++ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e, ++ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb, ++ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f, ++ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa, ++ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f, ++ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6, ++ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf, ++ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07, ++ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30, ++ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, ++ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, ++ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4, ++ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f, ++ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, ++ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, ++ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, ++ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, ++ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, ++ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11, ++ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30, ++ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0, ++ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, ++ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, ++ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, ++ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, ++ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, ++ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, ++ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, ++ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, ++ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, ++ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, ++ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, ++ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, ++ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, ++ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, ++ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a, ++ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66, ++ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a, ++ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64, ++ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58, ++ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0, ++ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5, ++ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec, ++ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7, ++ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28, ++ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79, ++ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b, ++ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8, ++ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19, ++ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58, ++ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d, ++ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d, ++ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8, ++ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60, ++ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac, ++ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87, ++ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd, ++ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81, ++ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92, ++ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0, ++ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf, ++ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb, ++ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68, ++ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad, ++ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82, ++ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14, ++ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f, ++ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b, ++ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0, ++ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d, ++ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38, ++ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c, ++ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14, ++ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5, ++ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e ++}; ++ ++// ++// First DB entry: "Microsoft Windows Production PCA 2011" ++// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d ++// ++// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain ++// rooted in this certificate. ++// ++STATIC CONST UINT8 MicrosoftPCA[] = { ++ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02, ++ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, ++ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, ++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, ++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, ++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, ++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, ++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, ++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, ++ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, ++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, ++ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, ++ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17, ++ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32, ++ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31, ++ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, ++ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, ++ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, ++ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, ++ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, ++ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, ++ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, ++ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63, ++ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, ++ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, ++ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, ++ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, ++ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7, ++ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb, ++ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b, ++ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3, ++ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0, ++ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74, ++ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67, ++ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53, ++ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23, ++ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3, ++ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff, ++ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2, ++ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22, ++ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3, ++ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b, ++ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc, ++ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6, ++ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8, ++ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8, ++ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03, ++ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10, ++ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, ++ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, ++ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9, ++ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b, ++ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, ++ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, ++ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, ++ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, ++ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, ++ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94, ++ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d, ++ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45, ++ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, ++ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, ++ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, ++ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41, ++ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, ++ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, ++ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, ++ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a, ++ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, ++ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, ++ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, ++ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, ++ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, ++ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14, ++ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc, ++ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0, ++ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61, ++ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda, ++ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a, ++ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2, ++ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea, ++ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30, ++ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86, ++ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8, ++ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae, ++ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8, ++ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac, ++ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84, ++ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73, ++ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73, ++ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60, ++ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6, ++ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a, ++ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba, ++ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce, ++ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f, ++ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e, ++ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3, ++ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45, ++ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0, ++ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24, ++ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c, ++ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf, ++ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c, ++ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2, ++ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c, ++ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47, ++ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a, ++ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21, ++ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86, ++ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6, ++ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9, ++ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4, ++ 0x62, 0x1c, 0x59, 0x7e ++}; ++ ++// ++// Second DB entry: "Microsoft Corporation UEFI CA 2011" ++// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3 ++// ++// To verify the "shim" binary and PCI expansion ROMs with. ++// ++STATIC CONST UINT8 MicrosoftUefiCA[] = { ++ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02, ++ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, ++ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, ++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, ++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, ++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, ++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, ++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, ++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, ++ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, ++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, ++ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, ++ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, ++ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, ++ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32, ++ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30, ++ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, ++ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, ++ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, ++ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, ++ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, ++ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, ++ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06, ++ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, ++ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, ++ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, ++ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, ++ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, ++ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7, ++ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43, ++ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73, ++ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3, ++ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54, ++ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c, ++ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f, ++ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae, ++ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d, ++ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa, ++ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff, ++ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b, ++ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6, ++ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62, ++ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08, ++ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7, ++ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2, ++ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f, ++ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b, ++ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a, ++ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76, ++ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, ++ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23, ++ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16, ++ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37, ++ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03, ++ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd, ++ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b, ++ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, ++ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, ++ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, ++ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, ++ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, ++ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, ++ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, ++ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, ++ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, ++ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, ++ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, ++ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, ++ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, ++ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, ++ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, ++ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, ++ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, ++ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, ++ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, ++ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, ++ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, ++ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, ++ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, ++ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76, ++ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef, ++ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13, ++ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82, ++ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a, ++ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20, ++ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90, ++ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52, ++ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d, ++ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf, ++ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49, ++ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34, ++ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75, ++ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9, ++ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f, ++ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c, ++ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56, ++ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae, ++ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a, ++ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c, ++ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59, ++ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d, ++ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53, ++ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b, ++ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98, ++ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85, ++ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2, ++ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2, ++ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c, ++ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b, ++ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27, ++ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6, ++ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f, ++ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55, ++ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e, ++ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62, ++ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8, ++ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6, ++ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75, ++ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58 ++}; ++ ++// ++// The most important thing about the variable payload is that it is a list of ++// lists, where the element size of any given *inner* list is constant. ++// ++// Since X509 certificates vary in size, each of our *inner* lists will contain ++// one element only (one X.509 certificate). This is explicitly mentioned in ++// the UEFI specification, in "28.4.1 Signature Database", in a Note. ++// ++// The list structure looks as follows: ++// ++// struct EFI_VARIABLE_AUTHENTICATION_2 { | ++// struct EFI_TIME { | ++// UINT16 Year; | ++// UINT8 Month; | ++// UINT8 Day; | ++// UINT8 Hour; | ++// UINT8 Minute; | ++// UINT8 Second; | ++// UINT8 Pad1; | ++// UINT32 Nanosecond; | ++// INT16 TimeZone; | ++// UINT8 Daylight; | ++// UINT8 Pad2; | ++// } TimeStamp; | ++// | ++// struct WIN_CERTIFICATE_UEFI_GUID { | | ++// struct WIN_CERTIFICATE { | | ++// UINT32 dwLength; ----------------------------------------+ | ++// UINT16 wRevision; | | ++// UINT16 wCertificateType; | | ++// } Hdr; | +- DataSize ++// | | ++// EFI_GUID CertType; | | ++// UINT8 CertData[1] = { <--- "struct hack" | | ++// struct EFI_SIGNATURE_LIST { | | | ++// EFI_GUID SignatureType; | | | ++// UINT32 SignatureListSize; -------------------------+ | | ++// UINT32 SignatureHeaderSize; | | | ++// UINT32 SignatureSize; ---------------------------+ | | | ++// UINT8 SignatureHeader[SignatureHeaderSize]; | | | | ++// v | | | ++// struct EFI_SIGNATURE_DATA { | | | | ++// EFI_GUID SignatureOwner; | | | | ++// UINT8 SignatureData[1] = { <--- "struct hack" | | | | ++// X.509 payload | | | | ++// } | | | | ++// } Signatures[]; | | | ++// } SigLists[]; | | ++// }; | | ++// } AuthInfo; | | ++// }; | ++// ++// Given that the "struct hack" invokes undefined behavior (which is why C99 ++// introduced the flexible array member), and because subtracting those pesky ++// sizes of 1 is annoying, and because the format is fully specified in the ++// UEFI specification, we'll introduce two matching convenience structures that ++// are customized for our X.509 purposes. ++// ++#pragma pack(1) ++typedef struct { ++ EFI_TIME TimeStamp; ++ ++ // ++ // dwLength covers data below ++ // ++ UINT32 dwLength; ++ UINT16 wRevision; ++ UINT16 wCertificateType; ++ EFI_GUID CertType; ++} SINGLE_HEADER; ++ ++typedef struct { ++ // ++ // SignatureListSize covers data below ++ // ++ EFI_GUID SignatureType; ++ UINT32 SignatureListSize; ++ UINT32 SignatureHeaderSize; // constant 0 ++ UINT32 SignatureSize; ++ ++ // ++ // SignatureSize covers data below ++ // ++ EFI_GUID SignatureOwner; ++ ++ // ++ // X.509 certificate follows ++ // ++} REPEATING_HEADER; ++#pragma pack() ++ ++/** ++ Enroll a set of DER-formatted X.509 certificates in a global variable, ++ overwriting it. ++ ++ The variable will be rewritten with NV+BS+RT+AT attributes. ++ ++ @param[in] VariableName The name of the variable to overwrite. ++ ++ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to ++ overwrite. ++ ++ @param[in] ... A list of ++ ++ IN CONST UINT8 *Cert, ++ IN UINTN CertSize, ++ IN CONST EFI_GUID *OwnerGuid ++ ++ triplets. If the first component of a triplet is ++ NULL, then the other two components are not ++ accessed, and processing is terminated. The list of ++ X.509 certificates is enrolled in the variable ++ specified, overwriting it. The OwnerGuid component ++ identifies the agent installing the certificate. ++ ++ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert ++ value is NULL), or one of the CertSize values ++ is 0, or one of the CertSize values would ++ overflow the accumulated UINT32 data size. ++ ++ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable ++ payload. ++ ++ @retval EFI_SUCCESS Enrollment successful; the variable has been ++ overwritten (or created). ++ ++ @return Error codes from gRT->GetTime() and ++ gRT->SetVariable(). ++**/ ++STATIC ++EFI_STATUS ++EFIAPI ++EnrollListOfX509Certs ( ++ IN CHAR16 *VariableName, ++ IN EFI_GUID *VendorGuid, ++ ... ++ ) ++{ ++ UINTN DataSize; ++ SINGLE_HEADER *SingleHeader; ++ REPEATING_HEADER *RepeatingHeader; ++ VA_LIST Marker; ++ CONST UINT8 *Cert; ++ EFI_STATUS Status; ++ UINT8 *Data; ++ UINT8 *Position; ++ ++ // ++ // compute total size first, for UINT32 range check, and allocation ++ // ++ DataSize = sizeof *SingleHeader; ++ VA_START (Marker, VendorGuid); ++ for (Cert = VA_ARG (Marker, CONST UINT8 *); ++ Cert != NULL; ++ Cert = VA_ARG (Marker, CONST UINT8 *)) { ++ UINTN CertSize; ++ ++ CertSize = VA_ARG (Marker, UINTN); ++ (VOID)VA_ARG (Marker, CONST EFI_GUID *); ++ ++ if (CertSize == 0 || ++ CertSize > MAX_UINT32 - sizeof *RepeatingHeader || ++ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) { ++ Status = EFI_INVALID_PARAMETER; ++ break; ++ } ++ DataSize += sizeof *RepeatingHeader + CertSize; ++ } ++ VA_END (Marker); ++ ++ if (DataSize == sizeof *SingleHeader) { ++ Status = EFI_INVALID_PARAMETER; ++ } ++ if (EFI_ERROR (Status)) { ++ goto Out; ++ } ++ ++ Data = AllocatePool (DataSize); ++ if (Data == NULL) { ++ Status = EFI_OUT_OF_RESOURCES; ++ goto Out; ++ } ++ ++ Position = Data; ++ ++ SingleHeader = (SINGLE_HEADER *)Position; ++ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL); ++ if (EFI_ERROR (Status)) { ++ goto FreeData; ++ } ++ SingleHeader->TimeStamp.Pad1 = 0; ++ SingleHeader->TimeStamp.Nanosecond = 0; ++ SingleHeader->TimeStamp.TimeZone = 0; ++ SingleHeader->TimeStamp.Daylight = 0; ++ SingleHeader->TimeStamp.Pad2 = 0; ++#if 0 ++ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp; ++#else ++ // ++ // This looks like a bug in edk2. According to the UEFI specification, ++ // dwLength is "The length of the entire certificate, including the length of ++ // the header, in bytes". That shouldn't stop right after CertType -- it ++ // should include everything below it. ++ // ++ SingleHeader->dwLength = sizeof *SingleHeader ++ - sizeof SingleHeader->TimeStamp; ++#endif ++ SingleHeader->wRevision = 0x0200; ++ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID; ++ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid); ++ Position += sizeof *SingleHeader; ++ ++ VA_START (Marker, VendorGuid); ++ for (Cert = VA_ARG (Marker, CONST UINT8 *); ++ Cert != NULL; ++ Cert = VA_ARG (Marker, CONST UINT8 *)) { ++ UINTN CertSize; ++ CONST EFI_GUID *OwnerGuid; ++ ++ CertSize = VA_ARG (Marker, UINTN); ++ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *); ++ ++ RepeatingHeader = (REPEATING_HEADER *)Position; ++ CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid); ++ RepeatingHeader->SignatureListSize = sizeof *RepeatingHeader + CertSize; ++ RepeatingHeader->SignatureHeaderSize = 0; ++ RepeatingHeader->SignatureSize = ++ sizeof RepeatingHeader->SignatureOwner + CertSize; ++ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid); ++ Position += sizeof *RepeatingHeader; ++ ++ CopyMem (Position, Cert, CertSize); ++ Position += CertSize; ++ } ++ VA_END (Marker); ++ ++ ASSERT (Data + DataSize == Position); ++ ++ Status = gRT->SetVariable (VariableName, VendorGuid, ++ (EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | ++ EFI_VARIABLE_RUNTIME_ACCESS | ++ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS), ++ DataSize, Data); ++ ++FreeData: ++ FreePool (Data); ++ ++Out: ++ if (EFI_ERROR (Status)) { ++ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName, ++ VendorGuid, Status); ++ } ++ return Status; ++} ++ ++ ++STATIC ++EFI_STATUS ++EFIAPI ++GetExact ( ++ IN CHAR16 *VariableName, ++ IN EFI_GUID *VendorGuid, ++ OUT VOID *Data, ++ IN UINTN DataSize, ++ IN BOOLEAN AllowMissing ++ ) ++{ ++ UINTN Size; ++ EFI_STATUS Status; ++ ++ Size = DataSize; ++ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data); ++ if (EFI_ERROR (Status)) { ++ if (Status == EFI_NOT_FOUND && AllowMissing) { ++ ZeroMem (Data, DataSize); ++ return EFI_SUCCESS; ++ } ++ ++ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName, ++ VendorGuid, Status); ++ return Status; ++ } ++ ++ if (Size != DataSize) { ++ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, " ++ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size); ++ return EFI_PROTOCOL_ERROR; ++ } ++ ++ return EFI_SUCCESS; ++} ++ ++typedef struct { ++ UINT8 SetupMode; ++ UINT8 SecureBoot; ++ UINT8 SecureBootEnable; ++ UINT8 CustomMode; ++ UINT8 VendorKeys; ++} SETTINGS; ++ ++STATIC ++EFI_STATUS ++EFIAPI ++GetSettings ( ++ OUT SETTINGS *Settings ++ ) ++{ ++ EFI_STATUS Status; ++ ++ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, ++ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ ++ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, ++ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ ++ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME, ++ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable, ++ sizeof Settings->SecureBootEnable, TRUE); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ ++ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, ++ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ ++ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid, ++ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE); ++ return Status; ++} ++ ++STATIC ++VOID ++EFIAPI ++PrintSettings ( ++ IN CONST SETTINGS *Settings ++ ) ++{ ++ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d " ++ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot, ++ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys); ++} ++ ++ ++INTN ++EFIAPI ++ShellAppMain ( ++ IN UINTN Argc, ++ IN CHAR16 **Argv ++ ) ++{ ++ EFI_STATUS Status; ++ SETTINGS Settings; ++ ++ Status = GetSettings (&Settings); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ PrintSettings (&Settings); ++ ++ if (Settings.SetupMode != 1) { ++ AsciiPrint ("error: already in User Mode\n"); ++ return 1; ++ } ++ ++ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) { ++ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE; ++ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, ++ (EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS), ++ sizeof Settings.CustomMode, &Settings.CustomMode); ++ if (EFI_ERROR (Status)) { ++ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, ++ &gEfiCustomModeEnableGuid, Status); ++ return 1; ++ } ++ } ++ ++ Status = EnrollListOfX509Certs ( ++ EFI_IMAGE_SECURITY_DATABASE, ++ &gEfiImageSecurityDatabaseGuid, ++ MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid, ++ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid, ++ NULL); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ ++ Status = EnrollListOfX509Certs ( ++ EFI_KEY_EXCHANGE_KEY_NAME, ++ &gEfiGlobalVariableGuid, ++ ExampleCert, sizeof ExampleCert, &gEfiCallerIdGuid, ++ MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid, ++ NULL); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ ++ Status = EnrollListOfX509Certs ( ++ EFI_PLATFORM_KEY_NAME, ++ &gEfiGlobalVariableGuid, ++ ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid, ++ NULL); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ ++ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; ++ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, ++ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, ++ sizeof Settings.CustomMode, &Settings.CustomMode); ++ if (EFI_ERROR (Status)) { ++ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, ++ &gEfiCustomModeEnableGuid, Status); ++ return 1; ++ } ++ ++ Status = GetSettings (&Settings); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ PrintSettings (&Settings); ++ ++ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 || ++ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 || ++ Settings.VendorKeys != 0) { ++ AsciiPrint ("error: unexpected\n"); ++ return 1; ++ } ++ ++ AsciiPrint ("info: success\n"); ++ return 0; ++} +diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf +new file mode 100644 +index 0000000..ac919bb +--- /dev/null ++++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf +@@ -0,0 +1,51 @@ ++## @file ++# Enroll default PK, KEK, DB. ++# ++# Copyright (C) 2014, Red Hat, Inc. ++# ++# This program and the accompanying materials are licensed and made available ++# under the terms and conditions of the BSD License which accompanies this ++# distribution. The full text of the license may be found at ++# http://opensource.org/licenses/bsd-license. ++# ++# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR ++# IMPLIED. ++## ++ ++[Defines] ++ INF_VERSION = 0x00010006 ++ BASE_NAME = EnrollDefaultKeys ++ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A ++ MODULE_TYPE = UEFI_APPLICATION ++ VERSION_STRING = 0.1 ++ ENTRY_POINT = ShellCEntryLib ++ ++# ++# VALID_ARCHITECTURES = IA32 X64 ++# ++ ++[Sources] ++ EnrollDefaultKeys.c ++ ++[Packages] ++ MdePkg/MdePkg.dec ++ MdeModulePkg/MdeModulePkg.dec ++ SecurityPkg/SecurityPkg.dec ++ ShellPkg/ShellPkg.dec ++ ++[Guids] ++ gEfiCertPkcs7Guid ++ gEfiCertX509Guid ++ gEfiCustomModeEnableGuid ++ gEfiGlobalVariableGuid ++ gEfiImageSecurityDatabaseGuid ++ gEfiSecureBootEnableDisableGuid ++ ++[LibraryClasses] ++ BaseMemoryLib ++ DebugLib ++ MemoryAllocationLib ++ ShellCEntryLib ++ UefiLib ++ UefiRuntimeServicesTableLib +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index aaaaaa8..90980d4 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -725,6 +725,10 @@ + + !if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf ++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { ++ ++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf ++ } + !endif + + OvmfPkg/PlatformDxe/Platform.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index b4545b3..4d0ec9c 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -734,6 +734,10 @@ + + !if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf ++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { ++ ++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf ++ } + !endif + + OvmfPkg/PlatformDxe/Platform.inf +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 1836c25..aca5476 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -732,6 +732,10 @@ + + !if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf ++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { ++ ++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf ++ } + !endif + + OvmfPkg/PlatformDxe/Platform.inf diff --git a/0008-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch b/0008-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch new file mode 100644 index 0000000..aaf8ba6 --- /dev/null +++ b/0008-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch @@ -0,0 +1,109 @@ +From: Laszlo Ersek +Date: Tue, 25 Feb 2014 18:40:35 +0100 +Subject: [PATCH] MdeModulePkg: TerminalDxe: add other text resolutions + +When the console output is multiplexed to several devices by +ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes +supported by all console output devices. + +Two notable output devices are provided by: +(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe, +(2) MdeModulePkg/Universal/Console/TerminalDxe. + +GraphicsConsoleDxe supports four modes at most -- see +InitializeGraphicsConsoleTextMode(): + +(1a) 80x25 (required by the UEFI spec as mode 0), +(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec + requires the driver to provide it as mode 1), +(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI + spec requires from all plug-in graphics devices), +(1d) "full screen" resolution, derived form the underlying GOP's + horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH + (8) and EFI_GLYPH_HEIGHT (19), respectively. + +The automatic "full screen resolution" makes GraphicsConsoleDxe's +character console very flexible. However, TerminalDxe (which runs on +serial ports) only provides the following fixed resolutions -- see +InitializeTerminalConsoleTextMode(): + +(2a) 80x25 (required by the UEFI spec as mode 0), +(2b) 80x50 (since the character resolution of a serial device cannot be + interrogated easily, this is added unconditionally as mode 1) +(2c) modes 2 and above come from "mTerminalConsoleModeData". This table + currently only contains one mode, 100x31. + +When ConSplitterDxe combines (1) and (2), multiplexing console output to +both video output and serial terminal, the list of commonly supported text +modes (ie. the "intersection") comprises: + +(3a) 80x25, unconditionally, from (1a) and (2a), +(3b) 80x50, if the graphics console provides at least 640x950 pixel + resolution, from (1b) and (2b) +(3c) 100x31, if the graphics device is a plug-in one (because in that case + 800x600 is a mandated pixel resolution), from (1c) and (2c). + +Unfortunately, the "full screen resolution" (1d) of the GOP-based text +console is not available in general. + +Mitigate this problem by extending "mTerminalConsoleModeData" with a +handful of text resolutions that are derived from widespread maximal pixel +resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out +the most frequent (1d) values from the intersection, and eg. the MODE +command in the UEFI shell will offer the "best" (ie. full screen) +resolution too. + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +--- + .../Universal/Console/TerminalDxe/Terminal.c | 37 +++++++++++++++++++++- + 1 file changed, 36 insertions(+), 1 deletion(-) + +diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +index 6fde3b2..787bd35 100644 +--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c ++++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +@@ -103,7 +103,42 @@ TERMINAL_DEV mTerminalDevTemplate = { + }; + + TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = { +- {100, 31}, ++ { 100, 25 }, // from graphics resolution 800 x 480 ++ { 100, 31 }, // from graphics resolution 800 x 600 ++ { 104, 32 }, // from graphics resolution 832 x 624 ++ { 120, 33 }, // from graphics resolution 960 x 640 ++ { 128, 31 }, // from graphics resolution 1024 x 600 ++ { 128, 40 }, // from graphics resolution 1024 x 768 ++ { 144, 45 }, // from graphics resolution 1152 x 864 ++ { 144, 45 }, // from graphics resolution 1152 x 870 ++ { 160, 37 }, // from graphics resolution 1280 x 720 ++ { 160, 40 }, // from graphics resolution 1280 x 760 ++ { 160, 40 }, // from graphics resolution 1280 x 768 ++ { 160, 42 }, // from graphics resolution 1280 x 800 ++ { 160, 50 }, // from graphics resolution 1280 x 960 ++ { 160, 53 }, // from graphics resolution 1280 x 1024 ++ { 170, 40 }, // from graphics resolution 1360 x 768 ++ { 170, 40 }, // from graphics resolution 1366 x 768 ++ { 175, 55 }, // from graphics resolution 1400 x 1050 ++ { 180, 47 }, // from graphics resolution 1440 x 900 ++ { 200, 47 }, // from graphics resolution 1600 x 900 ++ { 200, 63 }, // from graphics resolution 1600 x 1200 ++ { 210, 55 }, // from graphics resolution 1680 x 1050 ++ { 240, 56 }, // from graphics resolution 1920 x 1080 ++ { 240, 63 }, // from graphics resolution 1920 x 1200 ++ { 240, 75 }, // from graphics resolution 1920 x 1440 ++ { 250, 105 }, // from graphics resolution 2000 x 2000 ++ { 256, 80 }, // from graphics resolution 2048 x 1536 ++ { 256, 107 }, // from graphics resolution 2048 x 2048 ++ { 320, 75 }, // from graphics resolution 2560 x 1440 ++ { 320, 84 }, // from graphics resolution 2560 x 1600 ++ { 320, 107 }, // from graphics resolution 2560 x 2048 ++ { 350, 110 }, // from graphics resolution 2800 x 2100 ++ { 400, 126 }, // from graphics resolution 3200 x 2400 ++ { 480, 113 }, // from graphics resolution 3840 x 2160 ++ { 512, 113 }, // from graphics resolution 4096 x 2160 ++ { 960, 227 }, // from graphics resolution 7680 x 4320 ++ { 1024, 227 }, // from graphics resolution 8192 x 4320 + // + // New modes can be added here. + // diff --git a/0009-pick-up-any-display-device-not-only-vga.patch b/0009-pick-up-any-display-device-not-only-vga.patch new file mode 100644 index 0000000..732d76d --- /dev/null +++ b/0009-pick-up-any-display-device-not-only-vga.patch @@ -0,0 +1,21 @@ +From: Gerd Hoffmann +Date: Thu, 13 Mar 2014 08:08:41 +0100 +Subject: [PATCH] pick up any display device, not only vga + +--- + OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c +index 0bc02ba..5024caf 100644 +--- a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c ++++ b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c +@@ -586,7 +586,7 @@ DetectAndPreparePlatformPciDevicePath ( + // + // Here we decide which VGA device to enable in PCI bus + // +- if (IS_PCI_VGA (Pci)) { ++ if (IS_PCI_DISPLAY (Pci)) { + // + // Add them to ConOut. + // diff --git a/edk2.spec b/edk2.spec index fc23aca..e7f22f2 100644 --- a/edk2.spec +++ b/edk2.spec @@ -15,17 +15,22 @@ Source1: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz Source3: build-iso.sh Source9: update-tarball.sh -Patch1: 0001-pick-up-any-display-device-not-only-vga.patch -Patch2: 0001-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch -Patch3: 0001-EXCLUDE_SHELL_FROM_FD.patch - -Patch10: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch -Patch11: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch -Patch12: 0003-OvmfPkg-enable-DEBUG_VERBOSE.patch -Patch13: 0004-OvmfPkg-increase-max-debug-message-length-to-512.patch -Patch14: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch - -Patch20: 0001-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +# Debug output tweaks, not for upstream +Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +Patch0002: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch +Patch0003: 0003-OvmfPkg-enable-DEBUG_VERBOSE.patch +Patch0004: 0004-OvmfPkg-increase-max-debug-message-length-to-512.patch +Patch0005: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +# Exclude EFI shell from firmware, suggested by pjones re: secureboot. +# Not for upstream, see bug 1325023#c16 +Patch0006: 0006-EXCLUDE_SHELL_FROM_FD.patch +# Ship EnrollDefaultKeys application. +# Not for upstream, see bug 1325023#c16 +Patch0007: 0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +# More text console resolutions. Upstreaming attempted, but failed +Patch0008: 0008-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch +# Support qemu 'secondary-vga'. Not send upstream yet +Patch0009: 0009-pick-up-any-display-device-not-only-vga.patch # # actual firmware builds are done on x86_64 and aarch64, @@ -101,17 +106,7 @@ AARCH64 UEFI Firmware %prep %setup -q -n tianocore-%{name}-%{edk2_githash} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 - -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 - -%patch20 -p1 +%autopatch -p1 # add openssl tar -C CryptoPkg/Library/OpensslLib -xf %{SOURCE1}