diff --git a/0001-EXCLUDE_SHELL_FROM_FD.patch b/0001-EXCLUDE_SHELL_FROM_FD.patch
deleted file mode 100644
index d084003..0000000
--- a/0001-EXCLUDE_SHELL_FROM_FD.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 144ac2186d46a9a6cbf4d4174b6db1865d7de1d7 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 18 Feb 2016 10:52:44 +0100
-Subject: [PATCH] EXCLUDE_SHELL_FROM_FD
-
----
- OvmfPkg/OvmfPkgIa32.fdf | 2 ++
- OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
- OvmfPkg/OvmfPkgX64.fdf | 2 ++
- 3 files changed, 6 insertions(+)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index 93a51a5..9ae7982 100644
---- a/OvmfPkg/OvmfPkgIa32.fdf
-+++ b/OvmfPkg/OvmfPkgIa32.fdf
-@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-
- INF FatPkg/EnhancedFatDxe/Fat.inf
-
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !ifndef $(USE_OLD_SHELL)
- INF ShellPkg/Application/Shell/Shell.inf
- !else
- INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
- !endif
-+!endif
-
- FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) {
- SECTION RAW = MdeModulePkg/Logo/Logo.bmp
-diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index aad16a6..f58f18a 100644
---- a/OvmfPkg/OvmfPkgIa32X64.fdf
-+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
-@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-
- INF FatPkg/EnhancedFatDxe/Fat.inf
-
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !ifndef $(USE_OLD_SHELL)
- INF ShellPkg/Application/Shell/Shell.inf
- !else
- INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf
- !endif
-+!endif
-
- FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) {
- SECTION RAW = MdeModulePkg/Logo/Logo.bmp
-diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index 387b808..4e0c0ab 100644
---- a/OvmfPkg/OvmfPkgX64.fdf
-+++ b/OvmfPkg/OvmfPkgX64.fdf
-@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-
- INF FatPkg/EnhancedFatDxe/Fat.inf
-
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !ifndef $(USE_OLD_SHELL)
- INF ShellPkg/Application/Shell/Shell.inf
- !else
- INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
- !endif
-+!endif
-
- FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) {
- SECTION RAW = MdeModulePkg/Logo/Logo.bmp
---
-1.8.3.1
-
diff --git a/0001-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch b/0001-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
deleted file mode 100644
index 1c28761..0000000
--- a/0001-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From c8e5617ebaaa8be91a32be48dcf3dc7157b00d2c Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 25 Feb 2014 18:40:35 +0100
-Subject: [PATCH] MdeModulePkg: TerminalDxe: add other text resolutions
-
-When the console output is multiplexed to several devices by
-ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes
-supported by all console output devices.
-
-Two notable output devices are provided by:
-(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe,
-(2) MdeModulePkg/Universal/Console/TerminalDxe.
-
-GraphicsConsoleDxe supports four modes at most -- see
-InitializeGraphicsConsoleTextMode():
-
-(1a) 80x25 (required by the UEFI spec as mode 0),
-(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec
- requires the driver to provide it as mode 1),
-(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI
- spec requires from all plug-in graphics devices),
-(1d) "full screen" resolution, derived form the underlying GOP's
- horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH
- (8) and EFI_GLYPH_HEIGHT (19), respectively.
-
-The automatic "full screen resolution" makes GraphicsConsoleDxe's
-character console very flexible. However, TerminalDxe (which runs on
-serial ports) only provides the following fixed resolutions -- see
-InitializeTerminalConsoleTextMode():
-
-(2a) 80x25 (required by the UEFI spec as mode 0),
-(2b) 80x50 (since the character resolution of a serial device cannot be
- interrogated easily, this is added unconditionally as mode 1)
-(2c) modes 2 and above come from "mTerminalConsoleModeData". This table
- currently only contains one mode, 100x31.
-
-When ConSplitterDxe combines (1) and (2), multiplexing console output to
-both video output and serial terminal, the list of commonly supported text
-modes (ie. the "intersection") comprises:
-
-(3a) 80x25, unconditionally, from (1a) and (2a),
-(3b) 80x50, if the graphics console provides at least 640x950 pixel
- resolution, from (1b) and (2b)
-(3c) 100x31, if the graphics device is a plug-in one (because in that case
- 800x600 is a mandated pixel resolution), from (1c) and (2c).
-
-Unfortunately, the "full screen resolution" (1d) of the GOP-based text
-console is not available in general.
-
-Mitigate this problem by extending "mTerminalConsoleModeData" with a
-handful of text resolutions that are derived from widespread maximal pixel
-resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out
-the most frequent (1d) values from the intersection, and eg. the MODE
-command in the UEFI shell will offer the "best" (ie. full screen)
-resolution too.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
----
- .../Universal/Console/TerminalDxe/Terminal.c | 37 +++++++++++++++++++++-
- 1 file changed, 36 insertions(+), 1 deletion(-)
-
-diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-index 6fde3b2..787bd35 100644
---- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-@@ -103,7 +103,42 @@ TERMINAL_DEV mTerminalDevTemplate = {
- };
-
- TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {
-- {100, 31},
-+ { 100, 25 }, // from graphics resolution 800 x 480
-+ { 100, 31 }, // from graphics resolution 800 x 600
-+ { 104, 32 }, // from graphics resolution 832 x 624
-+ { 120, 33 }, // from graphics resolution 960 x 640
-+ { 128, 31 }, // from graphics resolution 1024 x 600
-+ { 128, 40 }, // from graphics resolution 1024 x 768
-+ { 144, 45 }, // from graphics resolution 1152 x 864
-+ { 144, 45 }, // from graphics resolution 1152 x 870
-+ { 160, 37 }, // from graphics resolution 1280 x 720
-+ { 160, 40 }, // from graphics resolution 1280 x 760
-+ { 160, 40 }, // from graphics resolution 1280 x 768
-+ { 160, 42 }, // from graphics resolution 1280 x 800
-+ { 160, 50 }, // from graphics resolution 1280 x 960
-+ { 160, 53 }, // from graphics resolution 1280 x 1024
-+ { 170, 40 }, // from graphics resolution 1360 x 768
-+ { 170, 40 }, // from graphics resolution 1366 x 768
-+ { 175, 55 }, // from graphics resolution 1400 x 1050
-+ { 180, 47 }, // from graphics resolution 1440 x 900
-+ { 200, 47 }, // from graphics resolution 1600 x 900
-+ { 200, 63 }, // from graphics resolution 1600 x 1200
-+ { 210, 55 }, // from graphics resolution 1680 x 1050
-+ { 240, 56 }, // from graphics resolution 1920 x 1080
-+ { 240, 63 }, // from graphics resolution 1920 x 1200
-+ { 240, 75 }, // from graphics resolution 1920 x 1440
-+ { 250, 105 }, // from graphics resolution 2000 x 2000
-+ { 256, 80 }, // from graphics resolution 2048 x 1536
-+ { 256, 107 }, // from graphics resolution 2048 x 2048
-+ { 320, 75 }, // from graphics resolution 2560 x 1440
-+ { 320, 84 }, // from graphics resolution 2560 x 1600
-+ { 320, 107 }, // from graphics resolution 2560 x 2048
-+ { 350, 110 }, // from graphics resolution 2800 x 2100
-+ { 400, 126 }, // from graphics resolution 3200 x 2400
-+ { 480, 113 }, // from graphics resolution 3840 x 2160
-+ { 512, 113 }, // from graphics resolution 4096 x 2160
-+ { 960, 227 }, // from graphics resolution 7680 x 4320
-+ { 1024, 227 }, // from graphics resolution 8192 x 4320
- //
- // New modes can be added here.
- //
---
-1.8.3.1
-
diff --git a/0001-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/0001-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
deleted file mode 100644
index 2e927e9..0000000
--- a/0001-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
+++ /dev/null
@@ -1,1126 +0,0 @@
-From 89d722b43fba95708ba16ef676a989a6e02a55f5 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Mon, 6 Jul 2015 20:22:02 +0200
-Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default
- keys
-
-(A port of the <https://bugzilla.redhat.com/show_bug.cgi?id=1148296> patch
-to Gerd's public RPMs.)
-
-This application is meant to be invoked by the management layer, after
-booting the UEFI shell and getting a shell prompt on the serial console.
-The app enrolls a number of certificates (see below), and then reports
-status to the serial console as well. The expected output is "info:
-success":
-
-> Shell> EnrollDefaultKeys.efi
-> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
-> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
-> info: success
-> Shell>
-
-In case of success, the management layer can force off or reboot the VM
-(for example with the "reset -s" or "reset -c" UEFI shell commands,
-respectively), and start the guest installation with SecureBoot enabled.
-
-PK:
-- A unique, static, ad-hoc certificate whose private half has been
- destroyed (more precisely, never saved) and is therefore unusable for
- signing. (The command for creating this certificate is saved in the
- source code.)
-
-KEK:
-- same ad-hoc certificate as used for the PK,
-- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool
- package is signed (indirectly, through a chain) with this; enrolling
- such a KEK should allow guests to install those updates.
-
-DB:
-- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows
- Server 2012 R2,
-- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI
- oproms.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
----
- OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 960 ++++++++++++++++++++++++
- OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 51 ++
- OvmfPkg/OvmfPkgIa32.dsc | 4 +
- OvmfPkg/OvmfPkgIa32X64.dsc | 4 +
- OvmfPkg/OvmfPkgX64.dsc | 4 +
- 5 files changed, 1023 insertions(+)
- create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
- create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-
-diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
-new file mode 100644
-index 000000000000..a1dddb2fb5be
---- /dev/null
-+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
-@@ -0,0 +1,960 @@
-+/** @file
-+ Enroll default PK, KEK, DB.
-+
-+ Copyright (C) 2014, Red Hat, Inc.
-+
-+ This program and the accompanying materials are licensed and made available
-+ under the terms and conditions of the BSD License which accompanies this
-+ distribution. The full text of the license may be found at
-+ http://opensource.org/licenses/bsd-license.
-+
-+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
-+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+**/
-+#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
-+#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
-+#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
-+#include <Library/BaseMemoryLib.h> // CopyGuid()
-+#include <Library/DebugLib.h> // ASSERT()
-+#include <Library/MemoryAllocationLib.h> // FreePool()
-+#include <Library/ShellCEntryLib.h> // ShellAppMain()
-+#include <Library/UefiLib.h> // AsciiPrint()
-+#include <Library/UefiRuntimeServicesTableLib.h> // gRT
-+
-+//
-+// The example self-signed certificate below, which we'll use for both Platform
-+// Key, and first Key Exchange Key, has been generated with the following
-+// non-interactive openssl command. The passphrase is read from /dev/urandom,
-+// and not saved, and the private key is written to /dev/null. In other words,
-+// we can't sign anything else against this certificate, which is our purpose.
-+//
-+/*
-+ openssl req \
-+ -passout file:<(head -c 16 /dev/urandom) \
-+ -x509 \
-+ -newkey rsa:2048 \
-+ -keyout /dev/null \
-+ -outform DER \
-+ -subj $(
-+ printf /C=US
-+ printf /ST=TestStateOrProvince
-+ printf /L=TestLocality
-+ printf /O=TestOrganization
-+ printf /OU=TestOrganizationalUnit
-+ printf /CN=TestCommonName
-+ printf /emailAddress=test@example.com
-+ ) \
-+ 2>/dev/null \
-+ | xxd -i
-+*/
-+STATIC CONST UINT8 ExampleCert[] = {
-+ 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d,
-+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
-+ 0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
-+ 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
-+ 0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50,
-+ 0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
-+ 0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61,
-+ 0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a,
-+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
-+ 0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
-+ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31,
-+ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73,
-+ 0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f,
-+ 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
-+ 0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
-+ 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30,
-+ 0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34,
-+ 0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81,
-+ 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
-+ 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54,
-+ 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f,
-+ 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
-+ 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69,
-+ 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10,
-+ 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
-+ 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
-+ 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
-+ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30,
-+ 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43,
-+ 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d,
-+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10,
-+ 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
-+ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
-+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
-+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce,
-+ 0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21,
-+ 0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc,
-+ 0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae,
-+ 0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16,
-+ 0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b,
-+ 0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77,
-+ 0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce,
-+ 0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31,
-+ 0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35,
-+ 0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d,
-+ 0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a,
-+ 0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24,
-+ 0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2,
-+ 0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d,
-+ 0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b,
-+ 0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3,
-+ 0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1,
-+ 0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4,
-+ 0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68,
-+ 0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50,
-+ 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
-+ 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3,
-+ 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
-+ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e,
-+ 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29,
-+ 0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
-+ 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
-+ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38,
-+ 0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9,
-+ 0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a,
-+ 0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c,
-+ 0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59,
-+ 0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4,
-+ 0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81,
-+ 0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c,
-+ 0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f,
-+ 0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b,
-+ 0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04,
-+ 0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f,
-+ 0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e,
-+ 0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f,
-+ 0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03,
-+ 0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84,
-+ 0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d,
-+ 0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5,
-+ 0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1,
-+ 0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19,
-+ 0x26, 0x5b, 0xc0, 0x3d, 0xc7
-+};
-+
-+//
-+// Second KEK: "Microsoft Corporation KEK CA 2011".
-+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
-+//
-+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK.
-+//
-+STATIC CONST UINT8 MicrosoftKEK[] = {
-+ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
-+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
-+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
-+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
-+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
-+ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32,
-+ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30,
-+ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
-+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
-+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
-+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
-+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
-+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
-+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06,
-+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
-+ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31,
-+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
-+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad,
-+ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d,
-+ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb,
-+ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3,
-+ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b,
-+ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac,
-+ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8,
-+ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0,
-+ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2,
-+ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89,
-+ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2,
-+ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03,
-+ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e,
-+ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb,
-+ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f,
-+ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa,
-+ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f,
-+ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6,
-+ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf,
-+ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07,
-+ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30,
-+ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
-+ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,
-+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4,
-+ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f,
-+ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02,
-+ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00,
-+ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01,
-+ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
-+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
-+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11,
-+ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30,
-+ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0,
-+ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63,
-+ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
-+ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70,
-+ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f,
-+ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f,
-+ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63,
-+ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
-+ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
-+ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
-+ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74,
-+ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61,
-+ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d,
-+ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09,
-+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
-+ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a,
-+ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66,
-+ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a,
-+ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64,
-+ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58,
-+ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0,
-+ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5,
-+ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec,
-+ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7,
-+ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28,
-+ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79,
-+ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b,
-+ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8,
-+ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19,
-+ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58,
-+ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d,
-+ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d,
-+ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8,
-+ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60,
-+ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac,
-+ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87,
-+ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd,
-+ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81,
-+ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92,
-+ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0,
-+ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf,
-+ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb,
-+ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68,
-+ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad,
-+ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82,
-+ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14,
-+ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f,
-+ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b,
-+ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0,
-+ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d,
-+ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38,
-+ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c,
-+ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14,
-+ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5,
-+ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e
-+};
-+
-+//
-+// First DB entry: "Microsoft Windows Production PCA 2011"
-+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
-+//
-+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain
-+// rooted in this certificate.
-+//
-+STATIC CONST UINT8 MicrosoftPCA[] = {
-+ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30,
-+ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72,
-+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
-+ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17,
-+ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32,
-+ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31,
-+ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
-+ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
-+ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
-+ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
-+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
-+ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31,
-+ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63,
-+ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77,
-+ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20,
-+ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
-+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,
-+ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7,
-+ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb,
-+ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b,
-+ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3,
-+ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0,
-+ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74,
-+ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67,
-+ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53,
-+ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23,
-+ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3,
-+ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff,
-+ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2,
-+ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22,
-+ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3,
-+ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b,
-+ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc,
-+ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6,
-+ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8,
-+ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8,
-+ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03,
-+ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10,
-+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03,
-+ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
-+ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9,
-+ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b,
-+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00,
-+ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03,
-+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03,
-+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
-+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
-+ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94,
-+ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d,
-+ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45,
-+ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69,
-+ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70,
-+ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
-+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41,
-+ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33,
-+ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
-+ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06,
-+ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a,
-+ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65,
-+ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72,
-+ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32,
-+ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14,
-+ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc,
-+ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0,
-+ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61,
-+ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda,
-+ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a,
-+ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2,
-+ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea,
-+ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30,
-+ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86,
-+ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8,
-+ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae,
-+ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8,
-+ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac,
-+ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84,
-+ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73,
-+ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73,
-+ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60,
-+ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6,
-+ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a,
-+ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba,
-+ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce,
-+ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f,
-+ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e,
-+ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3,
-+ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45,
-+ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0,
-+ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24,
-+ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c,
-+ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf,
-+ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c,
-+ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2,
-+ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c,
-+ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47,
-+ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a,
-+ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21,
-+ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86,
-+ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6,
-+ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9,
-+ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4,
-+ 0x62, 0x1c, 0x59, 0x7e
-+};
-+
-+//
-+// Second DB entry: "Microsoft Corporation UEFI CA 2011"
-+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
-+//
-+// To verify the "shim" binary and PCI expansion ROMs with.
-+//
-+STATIC CONST UINT8 MicrosoftUefiCA[] = {
-+ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
-+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
-+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
-+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
-+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
-+ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32,
-+ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30,
-+ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
-+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
-+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
-+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
-+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
-+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
-+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06,
-+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
-+ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31,
-+ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
-+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7,
-+ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43,
-+ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73,
-+ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3,
-+ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54,
-+ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c,
-+ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f,
-+ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae,
-+ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d,
-+ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa,
-+ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff,
-+ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b,
-+ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6,
-+ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62,
-+ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08,
-+ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7,
-+ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2,
-+ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f,
-+ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b,
-+ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a,
-+ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76,
-+ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01,
-+ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23,
-+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16,
-+ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37,
-+ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03,
-+ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd,
-+ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b,
-+ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14,
-+ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43,
-+ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
-+ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
-+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
-+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58,
-+ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8,
-+ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51,
-+ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
-+ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f,
-+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43,
-+ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f,
-+ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e,
-+ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
-+ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01,
-+ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
-+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
-+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72,
-+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50,
-+ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30,
-+ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06,
-+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
-+ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76,
-+ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef,
-+ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13,
-+ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82,
-+ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a,
-+ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20,
-+ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90,
-+ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52,
-+ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d,
-+ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf,
-+ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49,
-+ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34,
-+ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75,
-+ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9,
-+ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f,
-+ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c,
-+ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56,
-+ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae,
-+ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a,
-+ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c,
-+ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59,
-+ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d,
-+ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53,
-+ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b,
-+ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98,
-+ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85,
-+ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2,
-+ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2,
-+ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c,
-+ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b,
-+ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27,
-+ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6,
-+ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f,
-+ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55,
-+ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e,
-+ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62,
-+ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8,
-+ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6,
-+ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75,
-+ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58
-+};
-+
-+//
-+// The most important thing about the variable payload is that it is a list of
-+// lists, where the element size of any given *inner* list is constant.
-+//
-+// Since X509 certificates vary in size, each of our *inner* lists will contain
-+// one element only (one X.509 certificate). This is explicitly mentioned in
-+// the UEFI specification, in "28.4.1 Signature Database", in a Note.
-+//
-+// The list structure looks as follows:
-+//
-+// struct EFI_VARIABLE_AUTHENTICATION_2 { |
-+// struct EFI_TIME { |
-+// UINT16 Year; |
-+// UINT8 Month; |
-+// UINT8 Day; |
-+// UINT8 Hour; |
-+// UINT8 Minute; |
-+// UINT8 Second; |
-+// UINT8 Pad1; |
-+// UINT32 Nanosecond; |
-+// INT16 TimeZone; |
-+// UINT8 Daylight; |
-+// UINT8 Pad2; |
-+// } TimeStamp; |
-+// |
-+// struct WIN_CERTIFICATE_UEFI_GUID { | |
-+// struct WIN_CERTIFICATE { | |
-+// UINT32 dwLength; ----------------------------------------+ |
-+// UINT16 wRevision; | |
-+// UINT16 wCertificateType; | |
-+// } Hdr; | +- DataSize
-+// | |
-+// EFI_GUID CertType; | |
-+// UINT8 CertData[1] = { <--- "struct hack" | |
-+// struct EFI_SIGNATURE_LIST { | | |
-+// EFI_GUID SignatureType; | | |
-+// UINT32 SignatureListSize; -------------------------+ | |
-+// UINT32 SignatureHeaderSize; | | |
-+// UINT32 SignatureSize; ---------------------------+ | | |
-+// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
-+// v | | |
-+// struct EFI_SIGNATURE_DATA { | | | |
-+// EFI_GUID SignatureOwner; | | | |
-+// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
-+// X.509 payload | | | |
-+// } | | | |
-+// } Signatures[]; | | |
-+// } SigLists[]; | |
-+// }; | |
-+// } AuthInfo; | |
-+// }; |
-+//
-+// Given that the "struct hack" invokes undefined behavior (which is why C99
-+// introduced the flexible array member), and because subtracting those pesky
-+// sizes of 1 is annoying, and because the format is fully specified in the
-+// UEFI specification, we'll introduce two matching convenience structures that
-+// are customized for our X.509 purposes.
-+//
-+#pragma pack(1)
-+typedef struct {
-+ EFI_TIME TimeStamp;
-+
-+ //
-+ // dwLength covers data below
-+ //
-+ UINT32 dwLength;
-+ UINT16 wRevision;
-+ UINT16 wCertificateType;
-+ EFI_GUID CertType;
-+} SINGLE_HEADER;
-+
-+typedef struct {
-+ //
-+ // SignatureListSize covers data below
-+ //
-+ EFI_GUID SignatureType;
-+ UINT32 SignatureListSize;
-+ UINT32 SignatureHeaderSize; // constant 0
-+ UINT32 SignatureSize;
-+
-+ //
-+ // SignatureSize covers data below
-+ //
-+ EFI_GUID SignatureOwner;
-+
-+ //
-+ // X.509 certificate follows
-+ //
-+} REPEATING_HEADER;
-+#pragma pack()
-+
-+/**
-+ Enroll a set of DER-formatted X.509 certificates in a global variable,
-+ overwriting it.
-+
-+ The variable will be rewritten with NV+BS+RT+AT attributes.
-+
-+ @param[in] VariableName The name of the variable to overwrite.
-+
-+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to
-+ overwrite.
-+
-+ @param[in] ... A list of
-+
-+ IN CONST UINT8 *Cert,
-+ IN UINTN CertSize,
-+ IN CONST EFI_GUID *OwnerGuid
-+
-+ triplets. If the first component of a triplet is
-+ NULL, then the other two components are not
-+ accessed, and processing is terminated. The list of
-+ X.509 certificates is enrolled in the variable
-+ specified, overwriting it. The OwnerGuid component
-+ identifies the agent installing the certificate.
-+
-+ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert
-+ value is NULL), or one of the CertSize values
-+ is 0, or one of the CertSize values would
-+ overflow the accumulated UINT32 data size.
-+
-+ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable
-+ payload.
-+
-+ @retval EFI_SUCCESS Enrollment successful; the variable has been
-+ overwritten (or created).
-+
-+ @return Error codes from gRT->GetTime() and
-+ gRT->SetVariable().
-+**/
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+EnrollListOfX509Certs (
-+ IN CHAR16 *VariableName,
-+ IN EFI_GUID *VendorGuid,
-+ ...
-+ )
-+{
-+ UINTN DataSize;
-+ SINGLE_HEADER *SingleHeader;
-+ REPEATING_HEADER *RepeatingHeader;
-+ VA_LIST Marker;
-+ CONST UINT8 *Cert;
-+ EFI_STATUS Status;
-+ UINT8 *Data;
-+ UINT8 *Position;
-+
-+ //
-+ // compute total size first, for UINT32 range check, and allocation
-+ //
-+ DataSize = sizeof *SingleHeader;
-+ VA_START (Marker, VendorGuid);
-+ for (Cert = VA_ARG (Marker, CONST UINT8 *);
-+ Cert != NULL;
-+ Cert = VA_ARG (Marker, CONST UINT8 *)) {
-+ UINTN CertSize;
-+
-+ CertSize = VA_ARG (Marker, UINTN);
-+ (VOID)VA_ARG (Marker, CONST EFI_GUID *);
-+
-+ if (CertSize == 0 ||
-+ CertSize > MAX_UINT32 - sizeof *RepeatingHeader ||
-+ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) {
-+ Status = EFI_INVALID_PARAMETER;
-+ break;
-+ }
-+ DataSize += sizeof *RepeatingHeader + CertSize;
-+ }
-+ VA_END (Marker);
-+
-+ if (DataSize == sizeof *SingleHeader) {
-+ Status = EFI_INVALID_PARAMETER;
-+ }
-+ if (EFI_ERROR (Status)) {
-+ goto Out;
-+ }
-+
-+ Data = AllocatePool (DataSize);
-+ if (Data == NULL) {
-+ Status = EFI_OUT_OF_RESOURCES;
-+ goto Out;
-+ }
-+
-+ Position = Data;
-+
-+ SingleHeader = (SINGLE_HEADER *)Position;
-+ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL);
-+ if (EFI_ERROR (Status)) {
-+ goto FreeData;
-+ }
-+ SingleHeader->TimeStamp.Pad1 = 0;
-+ SingleHeader->TimeStamp.Nanosecond = 0;
-+ SingleHeader->TimeStamp.TimeZone = 0;
-+ SingleHeader->TimeStamp.Daylight = 0;
-+ SingleHeader->TimeStamp.Pad2 = 0;
-+#if 0
-+ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp;
-+#else
-+ //
-+ // This looks like a bug in edk2. According to the UEFI specification,
-+ // dwLength is "The length of the entire certificate, including the length of
-+ // the header, in bytes". That shouldn't stop right after CertType -- it
-+ // should include everything below it.
-+ //
-+ SingleHeader->dwLength = sizeof *SingleHeader
-+ - sizeof SingleHeader->TimeStamp;
-+#endif
-+ SingleHeader->wRevision = 0x0200;
-+ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID;
-+ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid);
-+ Position += sizeof *SingleHeader;
-+
-+ VA_START (Marker, VendorGuid);
-+ for (Cert = VA_ARG (Marker, CONST UINT8 *);
-+ Cert != NULL;
-+ Cert = VA_ARG (Marker, CONST UINT8 *)) {
-+ UINTN CertSize;
-+ CONST EFI_GUID *OwnerGuid;
-+
-+ CertSize = VA_ARG (Marker, UINTN);
-+ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *);
-+
-+ RepeatingHeader = (REPEATING_HEADER *)Position;
-+ CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid);
-+ RepeatingHeader->SignatureListSize = sizeof *RepeatingHeader + CertSize;
-+ RepeatingHeader->SignatureHeaderSize = 0;
-+ RepeatingHeader->SignatureSize =
-+ sizeof RepeatingHeader->SignatureOwner + CertSize;
-+ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid);
-+ Position += sizeof *RepeatingHeader;
-+
-+ CopyMem (Position, Cert, CertSize);
-+ Position += CertSize;
-+ }
-+ VA_END (Marker);
-+
-+ ASSERT (Data + DataSize == Position);
-+
-+ Status = gRT->SetVariable (VariableName, VendorGuid,
-+ (EFI_VARIABLE_NON_VOLATILE |
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
-+ EFI_VARIABLE_RUNTIME_ACCESS |
-+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
-+ DataSize, Data);
-+
-+FreeData:
-+ FreePool (Data);
-+
-+Out:
-+ if (EFI_ERROR (Status)) {
-+ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName,
-+ VendorGuid, Status);
-+ }
-+ return Status;
-+}
-+
-+
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+GetExact (
-+ IN CHAR16 *VariableName,
-+ IN EFI_GUID *VendorGuid,
-+ OUT VOID *Data,
-+ IN UINTN DataSize,
-+ IN BOOLEAN AllowMissing
-+ )
-+{
-+ UINTN Size;
-+ EFI_STATUS Status;
-+
-+ Size = DataSize;
-+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data);
-+ if (EFI_ERROR (Status)) {
-+ if (Status == EFI_NOT_FOUND && AllowMissing) {
-+ ZeroMem (Data, DataSize);
-+ return EFI_SUCCESS;
-+ }
-+
-+ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName,
-+ VendorGuid, Status);
-+ return Status;
-+ }
-+
-+ if (Size != DataSize) {
-+ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, "
-+ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size);
-+ return EFI_PROTOCOL_ERROR;
-+ }
-+
-+ return EFI_SUCCESS;
-+}
-+
-+typedef struct {
-+ UINT8 SetupMode;
-+ UINT8 SecureBoot;
-+ UINT8 SecureBootEnable;
-+ UINT8 CustomMode;
-+ UINT8 VendorKeys;
-+} SETTINGS;
-+
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+GetSettings (
-+ OUT SETTINGS *Settings
-+ )
-+{
-+ EFI_STATUS Status;
-+
-+ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid,
-+ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
-+ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME,
-+ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable,
-+ sizeof Settings->SecureBootEnable, TRUE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid,
-+ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE);
-+ return Status;
-+}
-+
-+STATIC
-+VOID
-+EFIAPI
-+PrintSettings (
-+ IN CONST SETTINGS *Settings
-+ )
-+{
-+ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d "
-+ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot,
-+ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys);
-+}
-+
-+
-+INTN
-+EFIAPI
-+ShellAppMain (
-+ IN UINTN Argc,
-+ IN CHAR16 **Argv
-+ )
-+{
-+ EFI_STATUS Status;
-+ SETTINGS Settings;
-+
-+ Status = GetSettings (&Settings);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+ PrintSettings (&Settings);
-+
-+ if (Settings.SetupMode != 1) {
-+ AsciiPrint ("error: already in User Mode\n");
-+ return 1;
-+ }
-+
-+ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) {
-+ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE;
-+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+ (EFI_VARIABLE_NON_VOLATILE |
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS),
-+ sizeof Settings.CustomMode, &Settings.CustomMode);
-+ if (EFI_ERROR (Status)) {
-+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
-+ &gEfiCustomModeEnableGuid, Status);
-+ return 1;
-+ }
-+ }
-+
-+ Status = EnrollListOfX509Certs (
-+ EFI_IMAGE_SECURITY_DATABASE,
-+ &gEfiImageSecurityDatabaseGuid,
-+ MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid,
-+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid,
-+ NULL);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+
-+ Status = EnrollListOfX509Certs (
-+ EFI_KEY_EXCHANGE_KEY_NAME,
-+ &gEfiGlobalVariableGuid,
-+ ExampleCert, sizeof ExampleCert, &gEfiCallerIdGuid,
-+ MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid,
-+ NULL);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+
-+ Status = EnrollListOfX509Certs (
-+ EFI_PLATFORM_KEY_NAME,
-+ &gEfiGlobalVariableGuid,
-+ ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid,
-+ NULL);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+
-+ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE;
-+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
-+ sizeof Settings.CustomMode, &Settings.CustomMode);
-+ if (EFI_ERROR (Status)) {
-+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
-+ &gEfiCustomModeEnableGuid, Status);
-+ return 1;
-+ }
-+
-+ Status = GetSettings (&Settings);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+ PrintSettings (&Settings);
-+
-+ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 ||
-+ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 ||
-+ Settings.VendorKeys != 0) {
-+ AsciiPrint ("error: unexpected\n");
-+ return 1;
-+ }
-+
-+ AsciiPrint ("info: success\n");
-+ return 0;
-+}
-diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-new file mode 100644
-index 000000000000..30c127f2ecb4
---- /dev/null
-+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-@@ -0,0 +1,51 @@
-+## @file
-+# Enroll default PK, KEK, DB.
-+#
-+# Copyright (C) 2014, Red Hat, Inc.
-+#
-+# This program and the accompanying materials are licensed and made available
-+# under the terms and conditions of the BSD License which accompanies this
-+# distribution. The full text of the license may be found at
-+# http://opensource.org/licenses/bsd-license.
-+#
-+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
-+# IMPLIED.
-+##
-+
-+[Defines]
-+ INF_VERSION = 0x00010006
-+ BASE_NAME = EnrollDefaultKeys
-+ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A
-+ MODULE_TYPE = UEFI_APPLICATION
-+ VERSION_STRING = 0.1
-+ ENTRY_POINT = ShellCEntryLib
-+
-+#
-+# VALID_ARCHITECTURES = IA32 X64
-+#
-+
-+[Sources]
-+ EnrollDefaultKeys.c
-+
-+[Packages]
-+ MdePkg/MdePkg.dec
-+ MdeModulePkg/MdeModulePkg.dec
-+ SecurityPkg/SecurityPkg.dec
-+ ShellPkg/ShellPkg.dec
-+
-+[Guids]
-+ gEfiCertPkcs7Guid
-+ gEfiCertX509Guid
-+ gEfiCustomModeEnableGuid
-+ gEfiGlobalVariableGuid
-+ gEfiImageSecurityDatabaseGuid
-+ gEfiSecureBootEnableDisableGuid
-+
-+[LibraryClasses]
-+ BaseMemoryLib
-+ DebugLib
-+ MemoryAllocationLib
-+ ShellCEntryLib
-+ UefiLib
-+ UefiRuntimeServicesTableLib
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 012e24817e5a..1e0e71aea606 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -743,6 +743,10 @@ [Components]
-
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+ <LibraryClasses>
-+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+ }
- !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 23c09d1e6083..6346f2db0006 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -752,6 +752,10 @@ [Components.X64]
-
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+ <LibraryClasses>
-+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+ }
- !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index b0b6b3770e84..7a0d7eb7a75f 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -750,6 +750,10 @@ [Components]
-
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+ <LibraryClasses>
-+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+ }
- !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
---
-1.8.3.1
-
diff --git a/0001-OvmfPkg-SmbiosPlatformDxe-install-legacy-QEMU-tables.patch b/0001-OvmfPkg-SmbiosPlatformDxe-install-legacy-QEMU-tables.patch
deleted file mode 100644
index 43fa070..0000000
--- a/0001-OvmfPkg-SmbiosPlatformDxe-install-legacy-QEMU-tables.patch
+++ /dev/null
@@ -1,1084 +0,0 @@
-From 0e182f2305a84fdf62ff2631de6e363a5a881287 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 5 Jun 2013 10:14:34 +0200
-Subject: [PATCH 1/3] OvmfPkg/SmbiosPlatformDxe: install legacy QEMU tables and
- save fields (X86)
-
-Introduce basic legacy SMBIOS machinery for the QEMU platform:
-- Install SMBIOS tables that QEMU passes down in complete form via fw_cfg.
-- Stash individual fields that QEMU passes down to override the boot
- firmware's default SMBIOS tables.
-- Add helper functions that OVMF's default SMBIOS tables will need.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
----
- OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c | 694 ++++++++++++++++++++++++
- OvmfPkg/SmbiosPlatformDxe/QemuLegacy.h | 52 ++
- OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h | 221 ++++++++
- OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c | 17 +-
- OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf | 2 +
- 5 files changed, 983 insertions(+), 3 deletions(-)
- create mode 100644 OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c
- create mode 100644 OvmfPkg/SmbiosPlatformDxe/QemuLegacy.h
- create mode 100644 OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h
-
-diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c
-new file mode 100644
-index 0000000..9c57558
---- /dev/null
-+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c
-@@ -0,0 +1,694 @@
-+/** @file
-+ This file fetches and installs SMBIOS tables on the QEMU hypervisor.
-+
-+ Copyright (C) 2013, Red Hat, Inc.
-+
-+ This program and the accompanying materials are licensed and made available
-+ under the terms and conditions of the BSD License which accompanies this
-+ distribution. The full text of the license may be found at
-+ http://opensource.org/licenses/bsd-license.php
-+
-+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
-+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+**/
-+
-+#include <Library/MemoryAllocationLib.h>
-+
-+#include "QemuLegacy.h"
-+#include "QemuLegacyInternal.h"
-+
-+
-+//
-+// An SMBIOS entry exported by QEMU over fw_cfg can have one of the following
-+// types.
-+//
-+typedef enum
-+{
-+ ET_FIELD, // defines one field in some SMBIOS table
-+ ET_TABLE // defines an SMBIOS table instance in entirety
-+} FW_CFG_SMBIOS_ENTRY_TYPE;
-+
-+//
-+// Header type introducing each entry in the QemuFwCfgItemX86SmbiosTables
-+// fw_cfg blob.
-+//
-+#pragma pack(1)
-+typedef struct {
-+ UINT16 Size; // including payload and this header
-+ UINT8 Type; // value from FW_CFG_SMBIOS_ENTRY_TYPE
-+} FW_CFG_SMBIOS_ENTRY_HDR;
-+#pragma pack()
-+
-+//
-+// Fields included at the beginning of the the payload in QEMU SMBIOS entries
-+// with ET_FIELD type.
-+//
-+#pragma pack(1)
-+typedef struct {
-+ UINT8 TableType; // SMBIOS table type to patch
-+ UINT16 Offset; // offset of a field in the formatted area
-+} FW_CFG_SMBIOS_FIELD;
-+#pragma pack()
-+
-+
-+/**
-+ Initialize a context object tracking SMBIOS table installation and patches
-+ for fields.
-+
-+ @param[out] Context A BUILD_CONTEXT object allocated dynamically and
-+ initialized.
-+
-+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
-+ @retval EFI_SUCCESS Allocation and initialization successful.
-+**/
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+InitSmbiosContext (
-+ OUT BUILD_CONTEXT **Context
-+ )
-+{
-+ *Context = AllocateZeroPool (sizeof **Context);
-+ if (*Context == NULL) {
-+ DEBUG ((DEBUG_ERROR, "%a: out of memory\n", __FUNCTION__));
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+ return EFI_SUCCESS;
-+}
-+
-+
-+/**
-+ Release a context object tracking SMBIOS table installation and patches for
-+ fields.
-+
-+ @param[in,out] Context The BUILD_CONTEXT object to tear down.
-+**/
-+STATIC
-+VOID
-+EFIAPI
-+UninitSmbiosContext (
-+ IN OUT BUILD_CONTEXT *Context
-+ )
-+{
-+ INT32 Type;
-+ INT32 Idx;
-+
-+ //
-+ // free all patches
-+ //
-+ for (Type = 0; Type < TABLE_TYPE_LIMIT; ++Type) {
-+ for (Idx = 0; Idx < PATCH_SUBSCRIPT_LIMIT; ++Idx) {
-+ PATCH *Patch;
-+
-+ Patch = &Context->Table[Type].Patch[Idx];
-+ if (Patch->Base != NULL) {
-+ FreePool (Patch->Base);
-+ }
-+ }
-+ }
-+ FreePool (Context);
-+}
-+
-+
-+/**
-+ Save a patch targeting an SMBIOS field in dynamically allocated memory.
-+
-+ @param[in,out] Context The initialized BUILD_CONTEXT object to save the
-+ patch in.
-+ @param[in] TableType The patch to be saved targets this table type.
-+ Patches for table types equal to or greater than
-+ TABLE_TYPE_LIMIT are ignored.
-+ @param[in] FieldOffset The patch to be saved targets the field that
-+ begins at offset FieldOffset in SMBIOS table type
-+ TableType. FieldOffset is enforced not to point
-+ into the SMBIOS table header. A FieldOffset value
-+ equal to or greater than 255 is rejected, since
-+ the formatted area of an SMBIOS table never
-+ exceeds 255 bytes. FieldOffset is not validated
-+ against actual field offsets here, it is only
-+ saved for later lookup.
-+ @param[in] PatchData Byte array constituting the patch body.
-+ @param[in] PatchSize Number of bytes in PatchData.
-+
-+ @retval EFI_SUCCESS Patch has been either ignored due to not
-+ meeting the criterion on TableType, or it has
-+ been saved successfully.
-+ @retval EFI_INVALID_PARAMETER FieldOffset is invalid.
-+ @retval EFI_OUT_OF_RESOURCES Couldn't allocate memory for the patch.
-+**/
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+SaveSmbiosPatch (
-+ IN OUT BUILD_CONTEXT *Context,
-+ IN UINT8 TableType,
-+ IN UINT16 FieldOffset,
-+ IN UINT8 *PatchData,
-+ IN UINT16 PatchSize
-+)
-+{
-+ UINT8 *NewBase;
-+ PATCH *Patch;
-+
-+ if (TableType >= TABLE_TYPE_LIMIT) {
-+ DEBUG ((DEBUG_VERBOSE,
-+ "%a: ignoring patch for unsupported table type %d\n",
-+ __FUNCTION__, TableType));
-+ return EFI_SUCCESS;
-+ }
-+
-+ if (FieldOffset < FIELD_OFFSET_MINIMUM
-+ || FieldOffset - FIELD_OFFSET_MINIMUM >= PATCH_SUBSCRIPT_LIMIT) {
-+ DEBUG ((DEBUG_ERROR,
-+ "%a: invalid patch for table type %d field offset %d\n",
-+ __FUNCTION__, TableType, FieldOffset));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ NewBase = AllocateCopyPool (PatchSize, PatchData);
-+ if (PatchSize > 0 && NewBase == NULL) {
-+ DEBUG ((DEBUG_ERROR, "%a: table type %d field offset %d: out of memory\n",
-+ __FUNCTION__, TableType, FieldOffset));
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+
-+ Patch = &Context->Table[TableType].Patch[FieldOffset - FIELD_OFFSET_MINIMUM];
-+ //
-+ // replace previous patch if it exists
-+ //
-+ if (Patch->Base != NULL) {
-+ DEBUG ((DEBUG_VERBOSE,
-+ "%a: replacing prior patch for table type %d field offset %d\n",
-+ __FUNCTION__, TableType, FieldOffset));
-+ FreePool (Patch->Base);
-+ }
-+
-+ Patch->Base = NewBase;
-+ Patch->Size = PatchSize;
-+ return EFI_SUCCESS;
-+}
-+
-+
-+/**
-+ Apply a saved patch to a field located in the formatted are of a not yet
-+ installed SMBIOS table.
-+
-+ The patch is looked up based on (Context, TableType, FieldOffset).
-+
-+ @param[in] Context The BUILD_CONTEXT object storing saved patches.
-+ @param[in] TableType Selects the table type for which the patch has been
-+ saved. It is assumed that the caller has validated
-+ TableType against TABLE_TYPE_LIMIT (upper
-+ exclusive).
-+ @param[in] FieldOffset Selects the SMBIOS field for which the patch has
-+ been saved. It is assumed that the caller has
-+ validated FieldOffset against FIELD_OFFSET_MINIMUM
-+ (lower inclusive) and 255 (upper exclusive).
-+ @param[in] FieldSize The caller supplies the size of the field to patch
-+ in FieldSize. The patch saved for
-+ TableType:FieldOffset, if any, is only applied if
-+ its size equals FieldSize.
-+ @param[out] TableBase Base of the SMBIOS table of type TableType in which
-+ the field starting at FieldOffset needs to be
-+ patched.
-+
-+ @retval EFI_NOT_FOUND No patch found for TableType:FieldOffset in
-+ Context. This return value is considered
-+ informative (ie. non-fatal).
-+ @retval EFI_INVALID_PARAMETER Patch found for TableType:FieldOffset, but its
-+ size doesn't match FieldSize. This result is
-+ considered a fatal error of the patch origin.
-+ @retval EFI_SUCCESS The SMBIOS table at TableBase has been patched
-+ starting at FieldOffset for a length of
-+ FieldSize.
-+**/
-+EFI_STATUS
-+EFIAPI
-+PatchSmbiosFormatted (
-+ IN BUILD_CONTEXT *Context,
-+ IN UINT8 TableType,
-+ IN UINT16 FieldOffset,
-+ IN UINT16 FieldSize,
-+ OUT UINT8 *TableBase
-+ )
-+{
-+ PATCH *Patch;
-+
-+ ASSERT (TableType < TABLE_TYPE_LIMIT);
-+ ASSERT (FieldOffset >= FIELD_OFFSET_MINIMUM);
-+ ASSERT (FieldOffset - FIELD_OFFSET_MINIMUM < PATCH_SUBSCRIPT_LIMIT);
-+
-+ Patch = &Context->Table[TableType].Patch[FieldOffset - FIELD_OFFSET_MINIMUM];
-+ if (Patch->Base == NULL) {
-+ return EFI_NOT_FOUND;
-+ }
-+
-+ if (Patch->Size != FieldSize) {
-+ DEBUG ((DEBUG_ERROR, "%a: table type %d, field offset %d: "
-+ "patch size %d doesn't match field size %d\n",
-+ __FUNCTION__, TableType, FieldOffset, Patch->Size, FieldSize));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ CopyMem (TableBase + FieldOffset, Patch->Base, FieldSize);
-+ return EFI_SUCCESS;
-+}
-+
-+
-+/**
-+ Apply a saved patch to a text string located in the unformatted area of an
-+ already installed SMBIOS table.
-+
-+ The patch is looked up based on (Context, TableType, FieldOffset).
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used previously
-+ for installing the SMBIOS table.
-+ @param[in] SmbiosHandle The EFI_SMBIOS_HANDLE previously returned by
-+ Smbios->Add().
-+ @param[in] Context The BUILD_CONTEXT object storing saved patches.
-+ @param[in] TableType Selects the table type for which the patch has been
-+ saved. It is assumed that the caller has validated
-+ TableType against TABLE_TYPE_LIMIT (upper
-+ exclusive).
-+ @param[in] FieldOffset Selects the SMBIOS field for which the patch has
-+ been saved. It is assumed that the caller has
-+ validated FieldOffset against FIELD_OFFSET_MINIMUM
-+ (lower inclusive) and 255 (upper exclusive).
-+ It is also assumed that TableBase[FieldOffset]
-+ accesses a field of type SMBIOS_TABLE_STRING, ie. a
-+ field in the formatted area that identifies an
-+ existent text string in the unformatted area. Text
-+ string identifiers are one-based.
-+ @param[out] TableBase Base of the SMBIOS table of type TableType in which
-+ the SMBIOS_TABLE_STRING field at FieldOffset
-+ identifies the existent text string to update.
-+
-+ @retval EFI_NOT_FOUND No patch found for TableType:FieldOffset in
-+ Context. This return value is considered
-+ informative (ie. non-fatal).
-+ @retval EFI_INVALID_PARAMETER Patch found for TableType:FieldOffset, but it
-+ doesn't end with a NUL character. This result
-+ is considered a fatal error of the patch
-+ origin.
-+ @retval EFI_SUCCESS The text string identified by
-+ TableBase[FieldOffset] has been replaced in
-+ the installed SMBIOS table under SmbiosHandle.
-+ @return Error codes returned by
-+ Smbios->UpdateString(). EFI_NOT_FOUND shall
-+ not be returned.
-+**/
-+EFI_STATUS
-+EFIAPI
-+PatchSmbiosUnformatted (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_SMBIOS_HANDLE SmbiosHandle,
-+ IN BUILD_CONTEXT *Context,
-+ IN UINT8 TableType,
-+ IN UINT16 FieldOffset,
-+ IN UINT8 *TableBase
-+ )
-+{
-+ PATCH *Patch;
-+ UINTN StringNumber;
-+ EFI_STATUS Status;
-+
-+ ASSERT (TableType < TABLE_TYPE_LIMIT);
-+ ASSERT (FieldOffset >= FIELD_OFFSET_MINIMUM);
-+ ASSERT (FieldOffset - FIELD_OFFSET_MINIMUM < PATCH_SUBSCRIPT_LIMIT);
-+
-+ Patch = &Context->Table[TableType].Patch[FieldOffset - FIELD_OFFSET_MINIMUM];
-+ if (Patch->Base == NULL) {
-+ return EFI_NOT_FOUND;
-+ }
-+
-+ if (Patch->Size == 0 || Patch->Base[Patch->Size - 1] != '\0') {
-+ DEBUG ((DEBUG_ERROR, "%a: table type %d, field offset %d: "
-+ "missing terminator, or trailing garbage\n",
-+ __FUNCTION__, TableType, FieldOffset));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ StringNumber = TableBase[FieldOffset];
-+ ASSERT (StringNumber != 0);
-+
-+ Status = Smbios->UpdateString (Smbios, &SmbiosHandle, &StringNumber,
-+ (CHAR8 *)Patch->Base);
-+ if (EFI_ERROR (Status)) {
-+ ASSERT (Status != EFI_NOT_FOUND);
-+ DEBUG ((DEBUG_ERROR, "%a: table type %d, field offset %d, "
-+ "string number %d: Smbios->UpdateString(): %r\n", __FUNCTION__,
-+ TableType, FieldOffset, TableBase[FieldOffset], Status));
-+ return Status;
-+ }
-+ return EFI_SUCCESS;
-+}
-+
-+
-+/**
-+ Process an SMBIOS firmware configuration entry with ET_FIELD type, exported
-+ by QEMU under QemuFwCfgItemX86SmbiosTables.
-+
-+ Such entries describe patches to be saved with SaveSmbiosPatch().
-+
-+ @param[in,out] Context The BUILD_CONTEXT object tracking saved patches.
-+ @param[in] Payload Points to the buffer to parse as
-+ FW_CFG_SMBIOS_FIELD.
-+ @param[in] PayloadSize Number of bytes in Payload.
-+
-+ @retval EFI_INVALID_PARAMETER PayloadSize is less than the size of
-+ FW_CFG_SMBIOS_FIELD -- fields describing
-+ the patch are incomplete.
-+ @retval EFI_SUCCESS Payload has been parsed and patch has been
-+ saved successfully.
-+ @return Error codes returned by SaveSmbiosPatch().
-+**/
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+VisitSmbiosField (
-+ IN OUT BUILD_CONTEXT *Context,
-+ IN UINT8 *Payload,
-+ IN UINT16 PayloadSize
-+ )
-+{
-+ FW_CFG_SMBIOS_FIELD *Field;
-+
-+ if (PayloadSize < (INT32) sizeof *Field) {
-+ DEBUG ((DEBUG_ERROR, "%a: required minimum size %d, available %d\n",
-+ __FUNCTION__, (INT32) sizeof *Field, PayloadSize));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ Field = (FW_CFG_SMBIOS_FIELD *) Payload;
-+ return SaveSmbiosPatch (Context, Field->TableType, Field->Offset,
-+ Payload + sizeof *Field, (UINT16) (PayloadSize - sizeof *Field));
-+}
-+
-+
-+/**
-+ Process an SMBIOS firmware configuration entry with ET_TABLE type, exported
-+ by QEMU under QemuFwCfgItemX86SmbiosTables.
-+
-+ Such entries describe entire SMBIOS table instances to install verbatim. This
-+ module never overrides tables installed in this manner with default tables.
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for
-+ installing SMBIOS tables.
-+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle
-+ tracks the origin of installed SMBIOS tables.
-+ @param[in,out] Context The BUILD_CONTEXT object tracking installed
-+ tables.
-+ @param[in] Payload Points to the buffer to install as an SMBIOS
-+ table.
-+ @param[in] PayloadSize Number of bytes in Payload.
-+
-+ @retval EFI_INVALID_PARAMETER The buffer at Payload, interpreted as an
-+ SMBIOS table, failed basic sanity checks.
-+ @retval EFI_SUCCESS Payload has been installed successfully as an
-+ SMBIOS table.
-+ @return Error codes returned by Smbios->Add().
-+**/
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+VisitSmbiosTable (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_HANDLE ProducerHandle,
-+ IN OUT BUILD_CONTEXT *Context,
-+ IN UINT8 *Payload,
-+ IN UINT16 PayloadSize
-+ )
-+{
-+ SMBIOS_STRUCTURE *SmbiosHeader;
-+ UINT16 MinimumSize;
-+ EFI_SMBIOS_HANDLE SmbiosHandle;
-+ EFI_STATUS Status;
-+
-+ //
-+ // Basic sanity checks only in order to help debugging and to catch blatantly
-+ // invalid data passed with "-smbios file=binary_file" on the QEMU command
-+ // line. Beyond these we don't enforce correct, type-specific SMBIOS table
-+ // formatting.
-+ //
-+ if (PayloadSize < (INT32) sizeof *SmbiosHeader) {
-+ DEBUG ((DEBUG_ERROR, "%a: required minimum size %d, available %d\n",
-+ __FUNCTION__, (INT32) sizeof *SmbiosHeader, PayloadSize));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ SmbiosHeader = (SMBIOS_STRUCTURE *) Payload;
-+
-+ if (SmbiosHeader->Length < (INT32) sizeof *SmbiosHeader) {
-+ DEBUG ((DEBUG_ERROR, "%a: required minimum size %d, stated %d\n",
-+ __FUNCTION__, (INT32) sizeof *SmbiosHeader, SmbiosHeader->Length));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ MinimumSize = (UINT16) (SmbiosHeader->Length + 2);
-+
-+ if (PayloadSize < MinimumSize) {
-+ DEBUG ((DEBUG_ERROR,
-+ "%a: minimum for formatted area plus terminator is %d, available %d\n",
-+ __FUNCTION__, MinimumSize, PayloadSize));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ if (Payload[PayloadSize - 2] != '\0' ||
-+ Payload[PayloadSize - 1] != '\0') {
-+ DEBUG ((DEBUG_ERROR, "%a: missing terminator, or trailing garbage\n",
-+ __FUNCTION__));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ //
-+ // request unique handle
-+ //
-+ SmbiosHandle = SMBIOS_HANDLE_PI_RESERVED;
-+ Status = Smbios->Add (Smbios, ProducerHandle, &SmbiosHandle,
-+ (EFI_SMBIOS_TABLE_HEADER *) SmbiosHeader);
-+ if (EFI_ERROR (Status)) {
-+ DEBUG ((DEBUG_ERROR, "%a: Smbios->Add(): %r\n", __FUNCTION__, Status));
-+ return Status;
-+ }
-+
-+ //
-+ // track known tables
-+ //
-+ if (SmbiosHeader->Type < TABLE_TYPE_LIMIT) {
-+ Context->Table[SmbiosHeader->Type].Installed = TRUE;
-+ }
-+ return EFI_SUCCESS;
-+}
-+
-+
-+/**
-+ Traverse the SMBIOS firmware configuration blob exported by QEMU under
-+ QemuFwCfgItemX86SmbiosTables, processing each entry in turn.
-+
-+ Entries with ET_FIELD type are parsed as patches for the SMBIOS tables this
-+ module installs as fallbacks, while entries of type ET_TABLE are parsed and
-+ installed as verbatim SMBIOS tables.
-+
-+ Unknown entry types are silently skipped. Any error encountered during
-+ traversal (for example, a recognized but malformed entry) aborts the
-+ iteration, leaving the function with a possibly incomplete set of installed
-+ tables.
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for
-+ installing SMBIOS tables.
-+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle
-+ tracks the origin of installed SMBIOS tables.
-+ @param[in,out] Context The BUILD_CONTEXT object tracking installed
-+ tables and saved patches.
-+
-+ @retval EFI_SUCCESS The firmware configuration interface is
-+ unavailable (no patches saved, no tables
-+ installed).
-+ @retval EFI_SUCCESS Traversal complete. Tables provided by QEMU
-+ have been installed. Patches have been saved
-+ for any default tables that will be necessary.
-+ @retval EFI_INVALID_PARAMETER Encountered a corrupt entry in the SMBIOS
-+ firmware configuration blob.
-+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
-+ @return Error codes returned by VisitSmbiosField() and
-+ VisitSmbiosTable().
-+**/
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+ScanQemuSmbios (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_HANDLE ProducerHandle,
-+ IN OUT BUILD_CONTEXT *Context
-+ )
-+{
-+ EFI_STATUS Status;
-+ UINT16 NumEntries;
-+ UINT16 CurEntry;
-+
-+ Status = EFI_SUCCESS;
-+
-+ if (!QemuFwCfgIsAvailable ()) {
-+ return Status;
-+ }
-+
-+ QemuFwCfgSelectItem (QemuFwCfgItemX86SmbiosTables);
-+
-+ NumEntries = QemuFwCfgRead16 ();
-+ for (CurEntry = 0; CurEntry < NumEntries && !EFI_ERROR (Status);
-+ ++CurEntry) {
-+ FW_CFG_SMBIOS_ENTRY_HDR Header;
-+ UINT16 PayloadSize;
-+ UINT8 *Payload;
-+
-+ QemuFwCfgReadBytes (sizeof Header, &Header);
-+
-+ if (Header.Size < (INT32) sizeof Header) {
-+ DEBUG ((DEBUG_ERROR, "%a: invalid header size %d in entry %d\n",
-+ __FUNCTION__, Header.Size, CurEntry));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ PayloadSize = (UINT16) (Header.Size - sizeof Header);
-+ Payload = AllocatePool (PayloadSize);
-+
-+ if (PayloadSize > 0 && Payload == NULL) {
-+ DEBUG ((DEBUG_ERROR, "%a: failed to allocate %d bytes for entry %d\n",
-+ __FUNCTION__, PayloadSize, CurEntry));
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+
-+ QemuFwCfgReadBytes (PayloadSize, Payload);
-+
-+ //
-+ // dump the payload
-+ //
-+ DEBUG_CODE (
-+ UINT16 Idx;
-+
-+ DEBUG ((DEBUG_VERBOSE,
-+ "%a: entry %d, type %d, payload size %d, payload hex dump follows:",
-+ __FUNCTION__, CurEntry, Header.Type, PayloadSize));
-+ for (Idx = 0; Idx < PayloadSize; ++Idx) {
-+ switch (Idx % 16) {
-+ case 0:
-+ DEBUG ((DEBUG_VERBOSE, "\n%04X:", Idx));
-+ break;
-+ case 8:
-+ DEBUG ((DEBUG_VERBOSE, " "));
-+ break;
-+ default:
-+ ;
-+ }
-+ DEBUG ((DEBUG_VERBOSE, " %02X", Payload[Idx]));
-+ }
-+ DEBUG ((DEBUG_VERBOSE, "\n"));
-+ );
-+
-+ switch (Header.Type) {
-+ case ET_FIELD:
-+ Status = VisitSmbiosField (Context, Payload, PayloadSize);
-+ break;
-+ case ET_TABLE:
-+ Status = VisitSmbiosTable (Smbios, ProducerHandle, Context, Payload,
-+ PayloadSize);
-+ break;
-+ default:
-+ ;
-+ }
-+
-+ FreePool (Payload);
-+ }
-+
-+ return Status;
-+}
-+
-+
-+/**
-+ Install some of the default SMBIOS tables for table types that QEMU hasn't
-+ provided under QemuFwCfgItemX86SmbiosTables, but are required by the
-+ SMBIOS-2.7.1 specification.
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for
-+ installing SMBIOS tables.
-+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle
-+ tracks the origin of installed SMBIOS tables.
-+ @param[in,out] Context The BUILD_CONTEXT object tracking installed
-+ tables and saved patches.
-+
-+ @return Status codes returned by the InstallSmbiosTypeXX() functions,
-+ including the final EFI_SUCCESS if all such calls succeed.
-+**/
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+InstallDefaultTables (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_HANDLE ProducerHandle,
-+ IN OUT BUILD_CONTEXT *Context
-+ )
-+{
-+ return EFI_SUCCESS;
-+}
-+
-+
-+/**
-+ Fetch and install SMBIOS tables on the QEMU hypervisor.
-+
-+ First, tables provided by QEMU in entirety are installed verbatim.
-+
-+ Then the function prepares some of the remaining tables required by the
-+ SMBIOS-2.7.1 specification. For each such table,
-+ - if QEMU provides any fields for the table, they take effect verbatim,
-+ - remaining fields are set by this function.
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for installing
-+ the SMBIOS tables.
-+ @param[in] ImageHandle The image handle of the calling module, passed as
-+ ProducerHandle to the Smbios->Add() call.
-+
-+ @retval EFI_SUCCESS All tables have been installed.
-+ @retval EFI_UNSUPPORTED The pair (Smbios->MajorVersion,
-+ Smbios->MinorVersion) precedes (2, 3)
-+ lexicographically.
-+ @return Error codes returned by Smbios->Add() or
-+ internal functions. Some tables may not have
-+ been installed or fully patched.
-+**/
-+EFI_STATUS
-+EFIAPI
-+InstallQemuSmbiosTables (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_HANDLE ImageHandle
-+ )
-+{
-+ EFI_STATUS Status;
-+ BUILD_CONTEXT *Context;
-+
-+ if (Smbios->MajorVersion < 2 || Smbios->MinorVersion < 3) {
-+ DEBUG ((DEBUG_ERROR, "%a: unsupported Smbios version %d.%d\n",
-+ __FUNCTION__, Smbios->MajorVersion, Smbios->MinorVersion));
-+ return EFI_UNSUPPORTED;
-+ }
-+
-+ Status = InitSmbiosContext (&Context);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ //
-+ // <IndustryStandard/SmBios.h> and <Protocol/Smbios.h> must agree.
-+ //
-+ ASSERT (sizeof(SMBIOS_STRUCTURE) == sizeof(EFI_SMBIOS_TABLE_HEADER));
-+
-+ Status = ScanQemuSmbios (Smbios, ImageHandle, Context);
-+ if (EFI_ERROR (Status)) {
-+ goto Cleanup;
-+ }
-+
-+ Status = InstallDefaultTables (Smbios, ImageHandle, Context);
-+
-+Cleanup:
-+ UninitSmbiosContext (Context);
-+ return Status;
-+}
-diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.h b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.h
-new file mode 100644
-index 0000000..40d5ad3
---- /dev/null
-+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.h
-@@ -0,0 +1,52 @@
-+/** @file
-+ This header file provides QEMU-specific public prototypes for the main driver
-+ file, "SmbiosPlatformDxe.c".
-+
-+ Copyright (C) 2013, Red Hat, Inc.
-+
-+ This program and the accompanying materials are licensed and made available
-+ under the terms and conditions of the BSD License which accompanies this
-+ distribution. The full text of the license may be found at
-+ http://opensource.org/licenses/bsd-license.php
-+
-+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
-+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+**/
-+
-+#ifndef _QEMU_LEGACY_H_
-+#define _QEMU_LEGACY_H_
-+
-+#include <Protocol/Smbios.h>
-+
-+
-+/**
-+ Fetch and install SMBIOS tables on the QEMU hypervisor.
-+
-+ First, tables provided by QEMU in entirety are installed verbatim.
-+
-+ Then the function prepares some of the remaining tables required by the
-+ SMBIOS-2.7.1 specification. For each such table,
-+ - if QEMU provides any fields for the table, they take effect verbatim,
-+ - remaining fields are set by this function.
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for installing
-+ the SMBIOS tables.
-+ @param[in] ImageHandle The image handle of the calling module, passed as
-+ ProducerHandle to the Smbios->Add() call.
-+
-+ @retval EFI_SUCCESS All tables have been installed.
-+ @retval EFI_UNSUPPORTED The pair (Smbios->MajorVersion,
-+ Smbios->MinorVersion) precedes (2, 3)
-+ lexicographically.
-+ @return Error codes returned by Smbios->Add() or
-+ internal functions. Some tables may not have
-+ been installed or fully patched.
-+**/
-+EFI_STATUS
-+EFIAPI
-+InstallQemuSmbiosTables (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_HANDLE ImageHandle
-+ );
-+
-+#endif
-diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h
-new file mode 100644
-index 0000000..8613407
---- /dev/null
-+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h
-@@ -0,0 +1,221 @@
-+/** @file
-+ This header provides common includes, and communicates internal types,
-+ function prototypes and macros between "Qemu.c" and "QemuTypeXX.c", that
-+ relate to the installation and patching of SMBIOS tables on the QEMU
-+ platform.
-+
-+ Copyright (C) 2013, Red Hat, Inc.
-+
-+ This program and the accompanying materials are licensed and made available
-+ under the terms and conditions of the BSD License which accompanies this
-+ distribution. The full text of the license may be found at
-+ http://opensource.org/licenses/bsd-license.php
-+
-+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
-+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+**/
-+
-+#ifndef _QEMU_LEGACY_INTERNAL_H_
-+#define _QEMU_LEGACY_INTERNAL_H_
-+
-+#include <IndustryStandard/SmBios.h>
-+#include <Library/BaseLib.h>
-+#include <Library/BaseMemoryLib.h>
-+#include <Library/DebugLib.h>
-+#include <Library/QemuFwCfgLib.h>
-+#include <Protocol/Smbios.h>
-+
-+
-+//
-+// Type identifiers of all tables mandated by the SMBIOS-2.7.1 specification
-+// fall strictly under this limit.
-+//
-+#define TABLE_TYPE_LIMIT (EFI_SMBIOS_TYPE_SYSTEM_BOOT_INFORMATION + 1)
-+
-+
-+//
-+// Track a patch in dynamic memory, originating from a QEMU SMBIOS firmware
-+// configuration entry with ET_FIELD type.
-+//
-+typedef struct {
-+ UINT8 *Base;
-+ UINT16 Size;
-+} PATCH;
-+
-+
-+#define FIELD_OFFSET_MINIMUM ((INT32) sizeof(SMBIOS_STRUCTURE))
-+#define PATCH_SUBSCRIPT_LIMIT (255 - FIELD_OFFSET_MINIMUM)
-+
-+//
-+// The following structure tracks the installation of each SMBIOS table with a
-+// type below TABLE_TYPE_LIMIT, and captures QEMU SMBIOS firmware configuration
-+// entries with ET_FIELD type that target the default table for the same type.
-+//
-+typedef struct {
-+ BOOLEAN Installed; // at least one instance of the type has been installed
-+
-+ PATCH Patch[PATCH_SUBSCRIPT_LIMIT]; // Patches indexed by the field offset
-+ // that they target in this specific
-+ // table type. Patching the SMBIOS table
-+ // header is not allowed, hence we can
-+ // shift down field offsets. An unused
-+ // element has zeroed-out fields.
-+} TABLE_CONTEXT;
-+
-+
-+//
-+// Track the installation of, and stored patches for, all table types below
-+// TABLE_TYPE_LIMIT.
-+//
-+typedef struct {
-+ TABLE_CONTEXT Table[TABLE_TYPE_LIMIT];
-+} BUILD_CONTEXT;
-+
-+
-+//
-+// Convenience / safety macro for defining C structure types for default SMBIOS
-+// tables.
-+//
-+// Rules of use:
-+// - Use only within #pragma pack(1).
-+// - This macro depends on the macro
-+// "OVMF_TYPE ## TableType ## _STRINGS" specifying the text strings
-+// (unformatted area) for TableType. Each "QemuTypeXX.c" file needs to
-+// provide said macro before using the one below.
-+//
-+#define OVMF_SMBIOS(TableType) \
-+ typedef struct { \
-+ SMBIOS_TABLE_TYPE##TableType Base; \
-+ UINT8 Strings[sizeof OVMF_TYPE##TableType##_STRINGS]; \
-+ } OVMF_TYPE##TableType
-+
-+
-+//
-+// Convenience / safety macro for patching a field in the formatted area of
-+// an SMBIOS table.
-+//
-+#define PATCH_FORMATTED(Context, TableType, OvmfTablePtr, FieldName) \
-+ PatchSmbiosFormatted ( \
-+ Context, \
-+ TableType, \
-+ (UINT16) OFFSET_OF (SMBIOS_TABLE_TYPE##TableType, FieldName), \
-+ (UINT16) sizeof (OvmfTablePtr)->Base.FieldName, \
-+ (UINT8 *) (OvmfTablePtr) \
-+ )
-+
-+
-+/**
-+ Apply a saved patch to a field located in the formatted are of a not yet
-+ installed SMBIOS table.
-+
-+ The patch is looked up based on (Context, TableType, FieldOffset).
-+
-+ @param[in] Context The BUILD_CONTEXT object storing saved patches.
-+ @param[in] TableType Selects the table type for which the patch has been
-+ saved. It is assumed that the caller has validated
-+ TableType against TABLE_TYPE_LIMIT (upper
-+ exclusive).
-+ @param[in] FieldOffset Selects the SMBIOS field for which the patch has
-+ been saved. It is assumed that the caller has
-+ validated FieldOffset against FIELD_OFFSET_MINIMUM
-+ (lower inclusive) and 255 (upper exclusive).
-+ @param[in] FieldSize The caller supplies the size of the field to patch
-+ in FieldSize. The patch saved for
-+ TableType:FieldOffset, if any, is only applied if
-+ its size equals FieldSize.
-+ @param[out] TableBase Base of the SMBIOS table of type TableType in which
-+ the field starting at FieldOffset needs to be
-+ patched.
-+
-+ @retval EFI_NOT_FOUND No patch found for TableType:FieldOffset in
-+ Context. This return value is considered
-+ informative (ie. non-fatal).
-+ @retval EFI_INVALID_PARAMETER Patch found for TableType:FieldOffset, but its
-+ size doesn't match FieldSize. This result is
-+ considered a fatal error of the patch origin.
-+ @retval EFI_SUCCESS The SMBIOS table at TableBase has been patched
-+ starting at FieldOffset for a length of
-+ FieldSize.
-+**/
-+EFI_STATUS
-+EFIAPI
-+PatchSmbiosFormatted (
-+ IN BUILD_CONTEXT *Context,
-+ IN UINT8 TableType,
-+ IN UINT16 FieldOffset,
-+ IN UINT16 FieldSize,
-+ OUT UINT8 *TableBase
-+ );
-+
-+
-+//
-+// Convenience / safety macro for patching a string in the unformatted area of
-+// an SMBIOS table.
-+//
-+#define PATCH_UNFORMATTED(Smbios, SmbiosHandle, Context, TableType, \
-+ OvmfTablePtr, FieldName) \
-+ \
-+ PatchSmbiosUnformatted ( \
-+ Smbios, \
-+ SmbiosHandle, \
-+ Context, \
-+ TableType, \
-+ (UINT16) OFFSET_OF (SMBIOS_TABLE_TYPE##TableType, FieldName), \
-+ (UINT8 *) (OvmfTablePtr) \
-+ )
-+
-+
-+/**
-+ Apply a saved patch to a text string located in the unformatted area of an
-+ already installed SMBIOS table.
-+
-+ The patch is looked up based on (Context, TableType, FieldOffset).
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used previously
-+ for installing the SMBIOS table.
-+ @param[in] SmbiosHandle The EFI_SMBIOS_HANDLE previously returned by
-+ Smbios->Add().
-+ @param[in] Context The BUILD_CONTEXT object storing saved patches.
-+ @param[in] TableType Selects the table type for which the patch has been
-+ saved. It is assumed that the caller has validated
-+ TableType against TABLE_TYPE_LIMIT (upper
-+ exclusive).
-+ @param[in] FieldOffset Selects the SMBIOS field for which the patch has
-+ been saved. It is assumed that the caller has
-+ validated FieldOffset against FIELD_OFFSET_MINIMUM
-+ (lower inclusive) and 255 (upper exclusive).
-+ It is also assumed that TableBase[FieldOffset]
-+ accesses a field of type SMBIOS_TABLE_STRING, ie. a
-+ field in the formatted area that identifies an
-+ existent text string in the unformatted area. Text
-+ string identifiers are one-based.
-+ @param[out] TableBase Base of the SMBIOS table of type TableType in which
-+ the SMBIOS_TABLE_STRING field at FieldOffset
-+ identifies the existent text string to update.
-+
-+ @retval EFI_NOT_FOUND No patch found for TableType:FieldOffset in
-+ Context. This return value is considered
-+ informative (ie. non-fatal).
-+ @retval EFI_INVALID_PARAMETER Patch found for TableType:FieldOffset, but it
-+ doesn't end with a NUL character. This result
-+ is considered a fatal error of the patch
-+ origin.
-+ @retval EFI_SUCCESS The text string identified by
-+ TableBase[FieldOffset] has been replaced in
-+ the installed SMBIOS table under SmbiosHandle.
-+ @return Error codes returned by
-+ Smbios->UpdateString(). EFI_NOT_FOUND shall
-+ not be returned.
-+**/
-+EFI_STATUS
-+EFIAPI
-+PatchSmbiosUnformatted (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_SMBIOS_HANDLE SmbiosHandle,
-+ IN BUILD_CONTEXT *Context,
-+ IN UINT8 TableType,
-+ IN UINT16 FieldOffset,
-+ IN UINT8 *TableBase
-+ );
-+
-+#endif
-diff --git a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c
-index 29948a4..b7c1d0d 100644
---- a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c
-+++ b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.c
-@@ -1,6 +1,7 @@
- /** @file
- This driver installs SMBIOS information for OVMF
-
-+ Copyright (C) 2013, Red Hat, Inc.
- Copyright (c) 2011, Bei Guan <gbtju85@gmail.com>
- Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
-
-@@ -15,6 +16,9 @@
- **/
-
- #include "SmbiosPlatformDxe.h"
-+#if defined (MDE_CPU_IA32) || defined (MDE_CPU_X64)
-+#include "QemuLegacy.h"
-+#endif
-
- #define TYPE0_STRINGS \
- "EFI Development Kit II / OVMF\0" /* Vendor */ \
-@@ -27,10 +31,10 @@
- typedef struct {
- SMBIOS_TABLE_TYPE0 Base;
- UINT8 Strings[sizeof(TYPE0_STRINGS)];
--} OVMF_TYPE0;
-+} OVMF_DEFAULT_TYPE0;
- #pragma pack()
-
--STATIC CONST OVMF_TYPE0 mOvmfDefaultType0 = {
-+STATIC CONST OVMF_DEFAULT_TYPE0 mOvmfDefaultType0 = {
- {
- // SMBIOS_STRUCTURE Hdr
- {
-@@ -202,7 +206,14 @@ SmbiosTablePublishEntry (
- SmbiosTables = GetQemuSmbiosTables ();
- }
-
-- if (SmbiosTables != NULL) {
-+ if (SmbiosTables == NULL) {
-+#if defined (MDE_CPU_IA32) || defined (MDE_CPU_X64)
-+ //
-+ // Handle QEMU's legacy SMBIOS interface.
-+ //
-+ Status = InstallQemuSmbiosTables (Smbios, ImageHandle);
-+#endif
-+ } else {
- Status = InstallAllStructures (Smbios, SmbiosTables);
-
- //
-diff --git a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
-index 3b90aac..8c9f43c 100644
---- a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
-+++ b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
-@@ -1,6 +1,7 @@
- ## @file
- # This driver installs SMBIOS information for OVMF
- #
-+# Copyright (C) 2013, Red Hat, Inc.
- # Copyright (c) 2011, Bei Guan <gbtju85@gmail.com>
- # Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
- #
-@@ -35,6 +36,7 @@
-
- [Sources.IA32, Sources.X64]
- X86Xen.c
-+ QemuLegacy.c
-
- [Sources.ARM, Sources.AARCH64]
- ArmXen.c
---
-1.8.3.1
-
diff --git a/0001-OvmfPkg-disable-multi-processor-support-for-boot-tim.patch b/0001-OvmfPkg-disable-multi-processor-support-for-boot-tim.patch
deleted file mode 100644
index 2592b07..0000000
--- a/0001-OvmfPkg-disable-multi-processor-support-for-boot-tim.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From dd48ac51d1df4f718b4401b188d2824aebcc341c Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 26 Nov 2014 16:32:06 +0100
-Subject: [PATCH] OvmfPkg: disable multi-processor support for boot time
-
-We have no useful workload for APs, so let's not start them up, because
-they would spin indefinitely until ExitBootServices().
-
-Setting gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber to 1
-causes InitializeMpSupport() in "UefiCpuPkg/CpuDxe/CpuMp.c" to return
-early.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
----
- OvmfPkg/OvmfPkgIa32.dsc | 4 ++++
- OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++
- OvmfPkg/OvmfPkgX64.dsc | 4 ++++
- 3 files changed, 12 insertions(+)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 6598102..1730812 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -329,6 +329,10 @@
- # IRQs 5, 9, 10, 11 are level-triggered
- gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20
-
-+ # We have no useful workload for APs, so let's not start them up, because
-+ # they would spin indefinitely until ExitBootServices().
-+ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|1
-+
- ################################################################################
- #
- # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 4de961f..370ae50 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -335,6 +335,10 @@
- # IRQs 5, 9, 10, 11 are level-triggered
- gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20
-
-+ # We have no useful workload for APs, so let's not start them up, because
-+ # they would spin indefinitely until ExitBootServices().
-+ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|1
-+
- ################################################################################
- #
- # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 6c38081..175d5f4 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -334,6 +334,10 @@
- # IRQs 5, 9, 10, 11 are level-triggered
- gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20
-
-+ # We have no useful workload for APs, so let's not start them up, because
-+ # they would spin indefinitely until ExitBootServices().
-+ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|1
-+
- ################################################################################
- #
- # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
---
-1.8.3.1
-
diff --git a/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
index e3c5c99..441ae4c 100644
--- a/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
+++ b/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
@@ -1,8 +1,6 @@
-From 4475c02d63dda9e2da4c663593491a01ae8c6b5a Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
-Subject: [PATCH 1/5] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
- NvmExpressDxe
+Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe
NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE
level.
@@ -63,6 +61,3 @@ index e88e70d..eb3ad3f 100644
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
---
-1.8.3.1
-
diff --git a/0001-pick-up-any-display-device-not-only-vga.patch b/0001-pick-up-any-display-device-not-only-vga.patch
deleted file mode 100644
index de874d2..0000000
--- a/0001-pick-up-any-display-device-not-only-vga.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 71de9d92e78ae0a7c351f9daf84109bbbaca400a Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 13 Mar 2014 08:08:41 +0100
-Subject: [PATCH] pick up any display device, not only vga
-
----
- OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
-index ab9c93e..d3f5908 100644
---- a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
-+++ b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
-@@ -593,7 +593,7 @@ DetectAndPreparePlatformPciDevicePath (
- //
- // Here we decide which VGA device to enable in PCI bus
- //
-- if (IS_PCI_VGA (Pci)) {
-+ if (IS_PCI_DISPLAY (Pci)) {
- //
- // Add them to ConOut.
- //
---
-1.8.3.1
-
diff --git a/0002-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch b/0002-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch
deleted file mode 100644
index 8a4d751..0000000
--- a/0002-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch
+++ /dev/null
@@ -1,272 +0,0 @@
-From 26146b77f6d54c44fbb984bacf8bf31683e8d477 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 5 Jun 2013 10:25:13 +0200
-Subject: [PATCH 2/3] OvmfPkg/SmbiosPlatformDxe: install+patch default legacy
- type0 table (X86)
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
----
- OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c | 5 +-
- OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h | 30 ++++
- OvmfPkg/SmbiosPlatformDxe/QemuType0.c | 180 ++++++++++++++++++++++++
- OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf | 1 +
- 4 files changed, 215 insertions(+), 1 deletion(-)
- create mode 100644 OvmfPkg/SmbiosPlatformDxe/QemuType0.c
-
-diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c
-index 9c57558..ed75a01 100644
---- a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c
-+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c
-@@ -628,7 +628,10 @@ InstallDefaultTables (
- IN OUT BUILD_CONTEXT *Context
- )
- {
-- return EFI_SUCCESS;
-+ EFI_STATUS Status;
-+
-+ Status = InstallSmbiosType0 (Smbios, ProducerHandle, Context);
-+ return Status;
- }
-
-
-diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h
-index 8613407..ca776b5 100644
---- a/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h
-+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h
-@@ -218,4 +218,34 @@ PatchSmbiosUnformatted (
- IN UINT8 *TableBase
- );
-
-+
-+/**
-+ Install default (fallback) table for SMBIOS Type 0.
-+
-+ In case QEMU has provided no Type 0 SMBIOS table in whole, prepare one here,
-+ patch it with any referring saved patches, and install it.
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for
-+ installing SMBIOS tables.
-+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle
-+ tracks the origin of installed SMBIOS tables.
-+ @param[in,out] Context The BUILD_CONTEXT object tracking installed
-+ tables and saved patches.
-+
-+ @retval EFI_SUCCESS A Type 0 table has already been installed from the
-+ SMBIOS firmware configuration blob.
-+ @retval EFI_SUCCESS No Type 0 table was installed previously, and installing
-+ the default here has succeeded.
-+ @return Error codes from the PATCH_FORMATTED() and
-+ PATCH_UNFORMATTED() macros, except EFI_NOT_FOUND, which
-+ is only an informative result of theirs.
-+**/
-+EFI_STATUS
-+EFIAPI
-+InstallSmbiosType0 (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_HANDLE ProducerHandle,
-+ IN OUT BUILD_CONTEXT *Context
-+ );
-+
- #endif
-diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuType0.c b/OvmfPkg/SmbiosPlatformDxe/QemuType0.c
-new file mode 100644
-index 0000000..9ec5d76
---- /dev/null
-+++ b/OvmfPkg/SmbiosPlatformDxe/QemuType0.c
-@@ -0,0 +1,180 @@
-+/** @file
-+ Install the default Type 0 SMBIOS table if QEMU doesn't provide one through
-+ the firmware configuration interface.
-+
-+ Copyright (C) 2013, Red Hat, Inc.
-+
-+ This program and the accompanying materials are licensed and made available
-+ under the terms and conditions of the BSD License which accompanies this
-+ distribution. The full text of the license may be found at
-+ http://opensource.org/licenses/bsd-license.php
-+
-+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
-+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+**/
-+
-+#include "QemuLegacyInternal.h"
-+
-+
-+//
-+// Text strings (unformatted area) for the default Tpe 0 SMBIOS table.
-+//
-+// All possible strings must be provided because Smbios->UpdateString() can
-+// only update existing strings, it can't introduce new ones.
-+//
-+#define OVMF_TYPE0_STRINGS \
-+ "EFI Development Kit II / OVMF\0" /* Vendor */ \
-+ "0.1\0" /* BiosVersion */ \
-+ "06/03/2013\0" /* BiosReleaseDate */
-+
-+
-+//
-+// Type definition and contents of the default Type 0 SMBIOS table.
-+//
-+#pragma pack(1)
-+OVMF_SMBIOS (0);
-+#pragma pack()
-+
-+STATIC CONST OVMF_TYPE0 mOvmfType0 = {
-+ {
-+ // SMBIOS_STRUCTURE Hdr
-+ {
-+ EFI_SMBIOS_TYPE_BIOS_INFORMATION, // UINT8 Type
-+ sizeof (SMBIOS_TABLE_TYPE0) // UINT8 Length
-+ },
-+ 1, // SMBIOS_TABLE_STRING Vendor
-+ 2, // SMBIOS_TABLE_STRING BiosVersion
-+ 0xE800,// UINT16 BiosSegment
-+ 3, // SMBIOS_TABLE_STRING BiosReleaseDate
-+ 0, // UINT8 BiosSize
-+ { 0 }, // MISC_BIOS_CHARACTERISTICS BiosCharacteristics
-+ { 0 }, // UINT8 BIOSCharacteristicsExtensionBytes[2]
-+ 0, // UINT8 SystemBiosMajorRelease
-+ 1, // UINT8 SystemBiosMinorRelease
-+ 0xFF, // UINT8 EmbeddedControllerFirmwareMajorRelease
-+ 0xFF // UINT8 EmbeddedControllerFirmwareMinorRelease
-+ },
-+ OVMF_TYPE0_STRINGS
-+};
-+
-+
-+/**
-+ Install default (fallback) table for SMBIOS Type 0.
-+
-+ In case QEMU has provided no Type 0 SMBIOS table in whole, prepare one here,
-+ patch it with any referring saved patches, and install it.
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for
-+ installing SMBIOS tables.
-+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle
-+ tracks the origin of installed SMBIOS tables.
-+ @param[in,out] Context The BUILD_CONTEXT object tracking installed
-+ tables and saved patches.
-+
-+ @retval EFI_SUCCESS A Type 0 table has already been installed from the
-+ SMBIOS firmware configuration blob.
-+ @retval EFI_SUCCESS No Type 0 table was installed previously, and installing
-+ the default here has succeeded.
-+ @return Error codes from the PATCH_FORMATTED() and
-+ PATCH_UNFORMATTED() macros, except EFI_NOT_FOUND, which
-+ is only an informative result of theirs.
-+**/
-+EFI_STATUS
-+EFIAPI
-+InstallSmbiosType0 (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_HANDLE ProducerHandle,
-+ IN OUT BUILD_CONTEXT *Context
-+ )
-+{
-+ TABLE_CONTEXT *Table;
-+ OVMF_TYPE0 OvmfType0;
-+ MISC_BIOS_CHARACTERISTICS_EXTENSION *Ext;
-+ EFI_STATUS Status;
-+ EFI_SMBIOS_HANDLE SmbiosHandle;
-+
-+ Table = &Context->Table[0];
-+ if (Table->Installed) {
-+ return EFI_SUCCESS;
-+ }
-+
-+ CopyMem (&OvmfType0, &mOvmfType0, sizeof OvmfType0);
-+ Ext = (VOID *) &OvmfType0.Base.BIOSCharacteristicsExtensionBytes[0];
-+
-+ OvmfType0.Base.BiosCharacteristics.BiosCharacteristicsNotSupported = 1;
-+ Ext->SystemReserved.UefiSpecificationSupported = 1;
-+ Ext->SystemReserved.VirtualMachineSupported = 1;
-+
-+ //
-+ // Default contents ready. Formatted fields must be patched before installing
-+ // the table, while strings in the unformatted area will be patched
-+ // afterwards.
-+ //
-+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, BiosSegment);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, BiosSize);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, BiosCharacteristics);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0,
-+ BIOSCharacteristicsExtensionBytes);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, SystemBiosMajorRelease);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0, SystemBiosMinorRelease);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0,
-+ EmbeddedControllerFirmwareMajorRelease);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_FORMATTED (Context, 0, &OvmfType0,
-+ EmbeddedControllerFirmwareMinorRelease);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+
-+ //
-+ // Install SMBIOS table with patched formatted area and default strings.
-+ //
-+ SmbiosHandle = SMBIOS_HANDLE_PI_RESERVED;
-+ Status = Smbios->Add (Smbios, ProducerHandle, &SmbiosHandle,
-+ (EFI_SMBIOS_TABLE_HEADER *) &OvmfType0);
-+ if (EFI_ERROR (Status)) {
-+ DEBUG ((DEBUG_ERROR, "%a: Smbios->Add(): %r\n", __FUNCTION__, Status));
-+ return Status;
-+ }
-+ Table->Installed = TRUE;
-+
-+ //
-+ // Patch strings in the unformatted area of the installed table.
-+ //
-+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 0, &OvmfType0,
-+ Vendor);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 0, &OvmfType0,
-+ BiosVersion);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 0, &OvmfType0,
-+ BiosReleaseDate);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ return EFI_SUCCESS;
-+}
-diff --git a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
-index 8c9f43c..3483b9c 100644
---- a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
-+++ b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
-@@ -37,6 +37,7 @@
- [Sources.IA32, Sources.X64]
- X86Xen.c
- QemuLegacy.c
-+ QemuType0.c
-
- [Sources.ARM, Sources.AARCH64]
- ArmXen.c
---
-1.8.3.1
-
diff --git a/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch b/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
index cf4426c..aa3a9eb 100644
--- a/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
+++ b/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
@@ -1,8 +1,6 @@
-From c6e5bbe0378662620e736c82bcd0d08db42e5979 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
-Subject: [PATCH 2/5] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in the DXE
- core
+Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in the DXE core
The DXE core logs a bunch of Properties Table and Memory Attributes Table
related information, on the EFI_D_VERBOSE level, that I am at the moment
@@ -55,6 +53,3 @@ index eb3ad3f..0e02ba8 100644
}
IntelFrameworkModulePkg/Universal/StatusCode/RuntimeDxe/StatusCodeRuntimeDxe.inf
---
-1.8.3.1
-
diff --git a/0003-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch b/0003-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch
deleted file mode 100644
index bf2254f..0000000
--- a/0003-OvmfPkg-SmbiosPlatformDxe-install-patch-default-lega.patch
+++ /dev/null
@@ -1,270 +0,0 @@
-From 1b10131728dd1cff48ef1ce46820d89f21708852 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 5 Jun 2013 10:28:09 +0200
-Subject: [PATCH 3/3] OvmfPkg/SmbiosPlatformDxe: install+patch default legacy
- type1 table (X86)
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
----
- OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c | 5 +
- OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h | 30 ++++
- OvmfPkg/SmbiosPlatformDxe/QemuType1.c | 178 ++++++++++++++++++++++++
- OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf | 1 +
- 4 files changed, 214 insertions(+)
- create mode 100644 OvmfPkg/SmbiosPlatformDxe/QemuType1.c
-
-diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c
-index ed75a01..6507cc0 100644
---- a/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c
-+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacy.c
-@@ -631,6 +631,11 @@ InstallDefaultTables (
- EFI_STATUS Status;
-
- Status = InstallSmbiosType0 (Smbios, ProducerHandle, Context);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = InstallSmbiosType1 (Smbios, ProducerHandle, Context);
- return Status;
- }
-
-diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h
-index ca776b5..4a2e824 100644
---- a/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h
-+++ b/OvmfPkg/SmbiosPlatformDxe/QemuLegacyInternal.h
-@@ -248,4 +248,34 @@ InstallSmbiosType0 (
- IN OUT BUILD_CONTEXT *Context
- );
-
-+
-+/**
-+ Install default (fallback) table for SMBIOS Type 1.
-+
-+ In case QEMU has provided no Type 1 SMBIOS table in whole, prepare one here,
-+ patch it with any referring saved patches, and install it.
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for
-+ installing SMBIOS tables.
-+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle
-+ tracks the origin of installed SMBIOS tables.
-+ @param[in,out] Context The BUILD_CONTEXT object tracking installed
-+ tables and saved patches.
-+
-+ @retval EFI_SUCCESS A Type 1 table has already been installed from the
-+ SMBIOS firmware configuration blob.
-+ @retval EFI_SUCCESS No Type 1 table was installed previously, and installing
-+ the default here has succeeded.
-+ @return Error codes from the PATCH_FORMATTED() and
-+ PATCH_UNFORMATTED() macros, except EFI_NOT_FOUND, which
-+ is only an informative result of theirs.
-+**/
-+EFI_STATUS
-+EFIAPI
-+InstallSmbiosType1 (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_HANDLE ProducerHandle,
-+ IN OUT BUILD_CONTEXT *Context
-+ );
-+
- #endif
-diff --git a/OvmfPkg/SmbiosPlatformDxe/QemuType1.c b/OvmfPkg/SmbiosPlatformDxe/QemuType1.c
-new file mode 100644
-index 0000000..ff48164
---- /dev/null
-+++ b/OvmfPkg/SmbiosPlatformDxe/QemuType1.c
-@@ -0,0 +1,178 @@
-+/** @file
-+ Install the default Type 1 SMBIOS table if QEMU doesn't provide one through
-+ the firmware configuration interface.
-+
-+ Copyright (C) 2013, Red Hat, Inc.
-+
-+ This program and the accompanying materials are licensed and made available
-+ under the terms and conditions of the BSD License which accompanies this
-+ distribution. The full text of the license may be found at
-+ http://opensource.org/licenses/bsd-license.php
-+
-+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
-+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+**/
-+
-+#include "QemuLegacyInternal.h"
-+
-+
-+//
-+// Text strings (unformatted area) for the default Tpe 1 SMBIOS table.
-+//
-+// All possible strings must be provided because Smbios->UpdateString() can
-+// only update existing strings, it can't introduce new ones.
-+//
-+#define OVMF_TYPE1_STRINGS \
-+ "QEMU\0" /* Manufacturer */ \
-+ "QEMU Virtual Machine\0" /* ProductName */ \
-+ "n/a\0" /* Version */ \
-+ "n/a\0" /* SerialNumber */ \
-+ "n/a\0" /* SKUNumber */ \
-+ "n/a\0" /* Family */
-+
-+
-+//
-+// Type definition and contents of the default Type 1 SMBIOS table.
-+//
-+#pragma pack(1)
-+OVMF_SMBIOS (1);
-+#pragma pack()
-+
-+STATIC CONST OVMF_TYPE1 mOvmfType1 = {
-+ {
-+ // SMBIOS_STRUCTURE Hdr
-+ {
-+ EFI_SMBIOS_TYPE_SYSTEM_INFORMATION, // UINT8 Type
-+ sizeof (SMBIOS_TABLE_TYPE1) // UINT8 Length
-+ },
-+ 1, // SMBIOS_TABLE_STRING Manufacturer
-+ 2, // SMBIOS_TABLE_STRING ProductName
-+ 3, // SMBIOS_TABLE_STRING Version
-+ 4, // SMBIOS_TABLE_STRING SerialNumber
-+ { 0 }, // GUID Uuid
-+ SystemWakeupTypePowerSwitch, // UINT8 WakeUpType
-+ 5, // SMBIOS_TABLE_STRING SKUNumber
-+ 6, // SMBIOS_TABLE_STRING Family
-+ },
-+ OVMF_TYPE1_STRINGS
-+};
-+
-+
-+/**
-+ Install default (fallback) table for SMBIOS Type 1.
-+
-+ In case QEMU has provided no Type 1 SMBIOS table in whole, prepare one here,
-+ patch it with any referring saved patches, and install it.
-+
-+ @param[in] Smbios The EFI_SMBIOS_PROTOCOL instance used for
-+ installing SMBIOS tables.
-+ @param[in] ProducerHandle Passed on to Smbios->Add(), ProducerHandle
-+ tracks the origin of installed SMBIOS tables.
-+ @param[in,out] Context The BUILD_CONTEXT object tracking installed
-+ tables and saved patches.
-+
-+ @retval EFI_SUCCESS A Type 1 table has already been installed from the
-+ SMBIOS firmware configuration blob.
-+ @retval EFI_SUCCESS No Type 1 table was installed previously, and installing
-+ the default here has succeeded.
-+ @return Error codes from the PATCH_FORMATTED() and
-+ PATCH_UNFORMATTED() macros, except EFI_NOT_FOUND, which
-+ is only an informative result of theirs.
-+**/
-+EFI_STATUS
-+EFIAPI
-+InstallSmbiosType1 (
-+ IN EFI_SMBIOS_PROTOCOL *Smbios,
-+ IN EFI_HANDLE ProducerHandle,
-+ IN OUT BUILD_CONTEXT *Context
-+ )
-+{
-+ TABLE_CONTEXT *Table;
-+ OVMF_TYPE1 OvmfType1;
-+ EFI_STATUS Status;
-+ EFI_SMBIOS_HANDLE SmbiosHandle;
-+
-+ Table = &Context->Table[1];
-+ if (Table->Installed) {
-+ return EFI_SUCCESS;
-+ }
-+
-+ CopyMem (&OvmfType1, &mOvmfType1, sizeof OvmfType1);
-+
-+ QemuFwCfgSelectItem (QemuFwCfgItemSystemUuid);
-+ OvmfType1.Base.Uuid.Data1 = SwapBytes32 (QemuFwCfgRead32 ());
-+ OvmfType1.Base.Uuid.Data2 = SwapBytes16 (QemuFwCfgRead16 ());
-+ OvmfType1.Base.Uuid.Data3 = SwapBytes16 (QemuFwCfgRead16 ());
-+ QemuFwCfgReadBytes (sizeof OvmfType1.Base.Uuid.Data4,
-+ &OvmfType1.Base.Uuid.Data4);
-+
-+ //
-+ // Default contents ready. Formatted fields must be patched before installing
-+ // the table, while strings in the unformatted area will be patched
-+ // afterwards.
-+ //
-+ Status = PATCH_FORMATTED (Context, 1, &OvmfType1, Uuid);
-+ switch (Status) {
-+ case EFI_NOT_FOUND:
-+ break;
-+ case EFI_SUCCESS:
-+ OvmfType1.Base.Uuid.Data1 = SwapBytes32 (OvmfType1.Base.Uuid.Data1);
-+ OvmfType1.Base.Uuid.Data2 = SwapBytes16 (OvmfType1.Base.Uuid.Data2);
-+ OvmfType1.Base.Uuid.Data3 = SwapBytes16 (OvmfType1.Base.Uuid.Data3);
-+ break;
-+ default:
-+ return Status;
-+ }
-+
-+ Status = PATCH_FORMATTED (Context, 1, &OvmfType1, WakeUpType);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+
-+ //
-+ // Install SMBIOS table with patched formatted area and default strings.
-+ //
-+ SmbiosHandle = SMBIOS_HANDLE_PI_RESERVED;
-+ Status = Smbios->Add (Smbios, ProducerHandle, &SmbiosHandle,
-+ (EFI_SMBIOS_TABLE_HEADER *) &OvmfType1);
-+ if (EFI_ERROR (Status)) {
-+ DEBUG ((DEBUG_ERROR, "%a: Smbios->Add(): %r\n", __FUNCTION__, Status));
-+ return Status;
-+ }
-+ Table->Installed = TRUE;
-+
-+ //
-+ // Patch strings in the unformatted area of the installed table.
-+ //
-+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1,
-+ Manufacturer);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1,
-+ ProductName);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1,
-+ Version);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1,
-+ SerialNumber);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1,
-+ SKUNumber);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ Status = PATCH_UNFORMATTED (Smbios, SmbiosHandle, Context, 1, &OvmfType1,
-+ Family);
-+ if (Status != EFI_NOT_FOUND && Status != EFI_SUCCESS) {
-+ return Status;
-+ }
-+ return EFI_SUCCESS;
-+}
-diff --git a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
-index 3483b9c..1f7dfca 100644
---- a/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
-+++ b/OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
-@@ -38,6 +38,7 @@
- X86Xen.c
- QemuLegacy.c
- QemuType0.c
-+ QemuType1.c
-
- [Sources.ARM, Sources.AARCH64]
- ArmXen.c
---
-1.8.3.1
-
diff --git a/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch b/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
index 447fdfd..ecf487d 100644
--- a/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
+++ b/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
@@ -1,7 +1,6 @@
-From 214090228fb08f03737ba90d29e23dc7b2235614 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 8 Jul 2012 14:26:07 +0200
-Subject: [PATCH 3/5] OvmfPkg: enable DEBUG_VERBOSE
+Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE
Enable verbose debug logs.
@@ -51,6 +50,3 @@ index 0e02ba8..1836c25 100644
!ifdef $(SOURCE_DEBUG_ENABLE)
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
---
-1.8.3.1
-
diff --git a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
index c59c207..1bb9ee3 100644
--- a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
+++ b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
@@ -1,7 +1,6 @@
-From f468bab8fa61f7b7d0b0149f374945eb549af16e Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 20 Feb 2014 22:54:45 +0100
-Subject: [PATCH 4/5] OvmfPkg: increase max debug message length to 512
+Subject: [PATCH] OvmfPkg: increase max debug message length to 512
Contributed-under: TianoCore Contribution Agreement 1.0
---
@@ -21,6 +20,3 @@ index 44850a9..b6927d0 100644
/**
This constructor function does not have to do anything.
---
-1.8.3.1
-
diff --git a/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
index d8052ba..f1274ea 100644
--- a/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
+++ b/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
@@ -1,7 +1,6 @@
-From 82175ef201595d45a0959249a36f4ffd74047fdb Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 20 May 2014 23:41:56 +0200
-Subject: [PATCH 5/5] OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim
+Subject: [PATCH] OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim
Contributed-under: TianoCore Contribution Agreement 1.0
---
@@ -519,6 +518,3 @@ index cc9b6e1..db37f1d 100644
+ /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00,
};
#endif
---
-1.8.3.1
-
diff --git a/0006-EXCLUDE_SHELL_FROM_FD.patch b/0006-EXCLUDE_SHELL_FROM_FD.patch
new file mode 100644
index 0000000..1e2f7d6
--- /dev/null
+++ b/0006-EXCLUDE_SHELL_FROM_FD.patch
@@ -0,0 +1,64 @@
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Thu, 18 Feb 2016 10:52:44 +0100
+Subject: [PATCH] EXCLUDE_SHELL_FROM_FD
+
+---
+ OvmfPkg/OvmfPkgIa32.fdf | 2 ++
+ OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
+ OvmfPkg/OvmfPkgX64.fdf | 2 ++
+ 3 files changed, 6 insertions(+)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 93a51a5..9ae7982 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+
+ INF FatPkg/EnhancedFatDxe/Fat.inf
+
++!ifndef $(EXCLUDE_SHELL_FROM_FD)
+ !ifndef $(USE_OLD_SHELL)
+ INF ShellPkg/Application/Shell/Shell.inf
+ !else
+ INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
+ !endif
++!endif
+
+ FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) {
+ SECTION RAW = MdeModulePkg/Logo/Logo.bmp
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index aad16a6..f58f18a 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+
+ INF FatPkg/EnhancedFatDxe/Fat.inf
+
++!ifndef $(EXCLUDE_SHELL_FROM_FD)
+ !ifndef $(USE_OLD_SHELL)
+ INF ShellPkg/Application/Shell/Shell.inf
+ !else
+ INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf
+ !endif
++!endif
+
+ FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) {
+ SECTION RAW = MdeModulePkg/Logo/Logo.bmp
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index 387b808..4e0c0ab 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -273,11 +273,13 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+
+ INF FatPkg/EnhancedFatDxe/Fat.inf
+
++!ifndef $(EXCLUDE_SHELL_FROM_FD)
+ !ifndef $(USE_OLD_SHELL)
+ INF ShellPkg/Application/Shell/Shell.inf
+ !else
+ INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
+ !endif
++!endif
+
+ FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) {
+ SECTION RAW = MdeModulePkg/Logo/Logo.bmp
diff --git a/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
new file mode 100644
index 0000000..2b1fae6
--- /dev/null
+++ b/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
@@ -0,0 +1,1122 @@
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Mon, 6 Jul 2015 20:22:02 +0200
+Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default
+ keys
+
+(A port of the <https://bugzilla.redhat.com/show_bug.cgi?id=1148296> patch
+to Gerd's public RPMs.)
+
+This application is meant to be invoked by the management layer, after
+booting the UEFI shell and getting a shell prompt on the serial console.
+The app enrolls a number of certificates (see below), and then reports
+status to the serial console as well. The expected output is "info:
+success":
+
+> Shell> EnrollDefaultKeys.efi
+> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
+> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
+> info: success
+> Shell>
+
+In case of success, the management layer can force off or reboot the VM
+(for example with the "reset -s" or "reset -c" UEFI shell commands,
+respectively), and start the guest installation with SecureBoot enabled.
+
+PK:
+- A unique, static, ad-hoc certificate whose private half has been
+ destroyed (more precisely, never saved) and is therefore unusable for
+ signing. (The command for creating this certificate is saved in the
+ source code.)
+
+KEK:
+- same ad-hoc certificate as used for the PK,
+- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool
+ package is signed (indirectly, through a chain) with this; enrolling
+ such a KEK should allow guests to install those updates.
+
+DB:
+- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows
+ Server 2012 R2,
+- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI
+ oproms.
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+---
+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 960 ++++++++++++++++++++++++
+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 51 ++
+ OvmfPkg/OvmfPkgIa32.dsc | 4 +
+ OvmfPkg/OvmfPkgIa32X64.dsc | 4 +
+ OvmfPkg/OvmfPkgX64.dsc | 4 +
+ 5 files changed, 1023 insertions(+)
+ create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
+ create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
+
+diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
+new file mode 100644
+index 0000000..081212b
+--- /dev/null
++++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
+@@ -0,0 +1,960 @@
++/** @file
++ Enroll default PK, KEK, DB.
++
++ Copyright (C) 2014, Red Hat, Inc.
++
++ This program and the accompanying materials are licensed and made available
++ under the terms and conditions of the BSD License which accompanies this
++ distribution. The full text of the license may be found at
++ http://opensource.org/licenses/bsd-license.
++
++ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
++ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++**/
++#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
++#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
++#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
++#include <Library/BaseMemoryLib.h> // CopyGuid()
++#include <Library/DebugLib.h> // ASSERT()
++#include <Library/MemoryAllocationLib.h> // FreePool()
++#include <Library/ShellCEntryLib.h> // ShellAppMain()
++#include <Library/UefiLib.h> // AsciiPrint()
++#include <Library/UefiRuntimeServicesTableLib.h> // gRT
++
++//
++// The example self-signed certificate below, which we'll use for both Platform
++// Key, and first Key Exchange Key, has been generated with the following
++// non-interactive openssl command. The passphrase is read from /dev/urandom,
++// and not saved, and the private key is written to /dev/null. In other words,
++// we can't sign anything else against this certificate, which is our purpose.
++//
++/*
++ openssl req \
++ -passout file:<(head -c 16 /dev/urandom) \
++ -x509 \
++ -newkey rsa:2048 \
++ -keyout /dev/null \
++ -outform DER \
++ -subj $(
++ printf /C=US
++ printf /ST=TestStateOrProvince
++ printf /L=TestLocality
++ printf /O=TestOrganization
++ printf /OU=TestOrganizationalUnit
++ printf /CN=TestCommonName
++ printf /emailAddress=test@example.com
++ ) \
++ 2>/dev/null \
++ | xxd -i
++*/
++STATIC CONST UINT8 ExampleCert[] = {
++ 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02,
++ 0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d,
++ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
++ 0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
++ 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
++ 0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50,
++ 0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
++ 0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61,
++ 0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a,
++ 0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a,
++ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
++ 0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
++ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31,
++ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73,
++ 0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f,
++ 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
++ 0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
++ 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30,
++ 0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34,
++ 0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81,
++ 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
++ 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54,
++ 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f,
++ 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
++ 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69,
++ 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10,
++ 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
++ 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
++ 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
++ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30,
++ 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43,
++ 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d,
++ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10,
++ 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
++ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
++ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
++ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce,
++ 0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21,
++ 0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc,
++ 0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae,
++ 0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16,
++ 0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b,
++ 0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77,
++ 0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce,
++ 0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31,
++ 0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35,
++ 0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d,
++ 0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a,
++ 0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24,
++ 0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2,
++ 0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d,
++ 0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b,
++ 0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3,
++ 0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1,
++ 0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4,
++ 0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68,
++ 0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50,
++ 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
++ 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3,
++ 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
++ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e,
++ 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29,
++ 0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
++ 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
++ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38,
++ 0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9,
++ 0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a,
++ 0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c,
++ 0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59,
++ 0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4,
++ 0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81,
++ 0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c,
++ 0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f,
++ 0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b,
++ 0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04,
++ 0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f,
++ 0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e,
++ 0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f,
++ 0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03,
++ 0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84,
++ 0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d,
++ 0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5,
++ 0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1,
++ 0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19,
++ 0x26, 0x5b, 0xc0, 0x3d, 0xc7
++};
++
++//
++// Second KEK: "Microsoft Corporation KEK CA 2011".
++// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
++//
++// "dbx" updates in "dbxtool" are signed with a key derived from this KEK.
++//
++STATIC CONST UINT8 MicrosoftKEK[] = {
++ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02,
++ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30,
++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
++ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
++ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
++ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
++ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
++ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
++ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32,
++ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30,
++ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
++ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
++ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
++ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
++ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
++ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
++ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06,
++ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
++ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
++ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31,
++ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
++ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad,
++ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d,
++ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb,
++ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3,
++ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b,
++ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac,
++ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8,
++ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0,
++ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2,
++ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89,
++ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2,
++ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03,
++ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e,
++ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb,
++ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f,
++ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa,
++ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f,
++ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6,
++ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf,
++ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07,
++ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30,
++ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
++ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,
++ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4,
++ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f,
++ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02,
++ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00,
++ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01,
++ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
++ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
++ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11,
++ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30,
++ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0,
++ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63,
++ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
++ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70,
++ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f,
++ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f,
++ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63,
++ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
++ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
++ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
++ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
++ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74,
++ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61,
++ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d,
++ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09,
++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
++ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a,
++ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66,
++ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a,
++ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64,
++ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58,
++ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0,
++ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5,
++ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec,
++ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7,
++ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28,
++ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79,
++ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b,
++ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8,
++ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19,
++ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58,
++ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d,
++ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d,
++ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8,
++ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60,
++ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac,
++ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87,
++ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd,
++ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81,
++ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92,
++ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0,
++ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf,
++ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb,
++ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68,
++ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad,
++ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82,
++ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14,
++ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f,
++ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b,
++ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0,
++ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d,
++ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38,
++ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c,
++ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14,
++ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5,
++ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e
++};
++
++//
++// First DB entry: "Microsoft Windows Production PCA 2011"
++// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
++//
++// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain
++// rooted in this certificate.
++//
++STATIC CONST UINT8 MicrosoftPCA[] = {
++ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02,
++ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30,
++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
++ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30,
++ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f,
++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72,
++ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
++ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17,
++ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32,
++ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31,
++ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
++ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
++ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
++ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
++ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
++ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
++ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31,
++ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63,
++ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77,
++ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20,
++ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30,
++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
++ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,
++ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7,
++ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb,
++ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b,
++ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3,
++ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0,
++ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74,
++ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67,
++ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53,
++ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23,
++ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3,
++ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff,
++ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2,
++ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22,
++ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3,
++ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b,
++ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc,
++ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6,
++ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8,
++ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8,
++ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03,
++ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10,
++ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03,
++ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
++ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9,
++ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b,
++ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00,
++ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03,
++ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03,
++ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
++ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
++ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94,
++ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d,
++ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45,
++ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69,
++ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70,
++ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
++ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41,
++ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33,
++ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
++ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06,
++ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a,
++ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
++ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65,
++ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72,
++ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32,
++ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
++ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14,
++ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc,
++ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0,
++ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61,
++ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda,
++ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a,
++ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2,
++ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea,
++ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30,
++ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86,
++ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8,
++ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae,
++ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8,
++ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac,
++ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84,
++ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73,
++ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73,
++ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60,
++ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6,
++ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a,
++ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba,
++ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce,
++ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f,
++ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e,
++ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3,
++ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45,
++ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0,
++ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24,
++ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c,
++ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf,
++ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c,
++ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2,
++ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c,
++ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47,
++ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a,
++ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21,
++ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86,
++ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6,
++ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9,
++ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4,
++ 0x62, 0x1c, 0x59, 0x7e
++};
++
++//
++// Second DB entry: "Microsoft Corporation UEFI CA 2011"
++// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
++//
++// To verify the "shim" binary and PCI expansion ROMs with.
++//
++STATIC CONST UINT8 MicrosoftUefiCA[] = {
++ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02,
++ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30,
++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
++ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
++ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
++ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
++ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
++ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
++ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32,
++ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30,
++ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
++ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
++ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
++ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
++ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
++ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
++ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06,
++ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
++ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
++ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31,
++ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
++ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
++ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7,
++ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43,
++ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73,
++ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3,
++ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54,
++ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c,
++ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f,
++ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae,
++ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d,
++ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa,
++ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff,
++ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b,
++ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6,
++ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62,
++ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08,
++ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7,
++ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2,
++ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f,
++ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b,
++ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a,
++ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76,
++ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01,
++ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23,
++ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16,
++ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37,
++ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03,
++ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd,
++ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b,
++ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14,
++ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43,
++ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
++ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
++ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
++ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58,
++ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8,
++ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51,
++ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
++ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
++ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f,
++ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43,
++ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f,
++ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e,
++ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
++ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01,
++ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
++ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
++ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72,
++ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50,
++ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30,
++ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06,
++ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
++ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76,
++ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef,
++ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13,
++ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82,
++ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a,
++ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20,
++ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90,
++ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52,
++ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d,
++ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf,
++ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49,
++ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34,
++ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75,
++ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9,
++ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f,
++ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c,
++ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56,
++ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae,
++ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a,
++ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c,
++ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59,
++ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d,
++ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53,
++ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b,
++ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98,
++ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85,
++ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2,
++ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2,
++ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c,
++ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b,
++ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27,
++ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6,
++ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f,
++ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55,
++ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e,
++ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62,
++ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8,
++ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6,
++ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75,
++ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58
++};
++
++//
++// The most important thing about the variable payload is that it is a list of
++// lists, where the element size of any given *inner* list is constant.
++//
++// Since X509 certificates vary in size, each of our *inner* lists will contain
++// one element only (one X.509 certificate). This is explicitly mentioned in
++// the UEFI specification, in "28.4.1 Signature Database", in a Note.
++//
++// The list structure looks as follows:
++//
++// struct EFI_VARIABLE_AUTHENTICATION_2 { |
++// struct EFI_TIME { |
++// UINT16 Year; |
++// UINT8 Month; |
++// UINT8 Day; |
++// UINT8 Hour; |
++// UINT8 Minute; |
++// UINT8 Second; |
++// UINT8 Pad1; |
++// UINT32 Nanosecond; |
++// INT16 TimeZone; |
++// UINT8 Daylight; |
++// UINT8 Pad2; |
++// } TimeStamp; |
++// |
++// struct WIN_CERTIFICATE_UEFI_GUID { | |
++// struct WIN_CERTIFICATE { | |
++// UINT32 dwLength; ----------------------------------------+ |
++// UINT16 wRevision; | |
++// UINT16 wCertificateType; | |
++// } Hdr; | +- DataSize
++// | |
++// EFI_GUID CertType; | |
++// UINT8 CertData[1] = { <--- "struct hack" | |
++// struct EFI_SIGNATURE_LIST { | | |
++// EFI_GUID SignatureType; | | |
++// UINT32 SignatureListSize; -------------------------+ | |
++// UINT32 SignatureHeaderSize; | | |
++// UINT32 SignatureSize; ---------------------------+ | | |
++// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
++// v | | |
++// struct EFI_SIGNATURE_DATA { | | | |
++// EFI_GUID SignatureOwner; | | | |
++// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
++// X.509 payload | | | |
++// } | | | |
++// } Signatures[]; | | |
++// } SigLists[]; | |
++// }; | |
++// } AuthInfo; | |
++// }; |
++//
++// Given that the "struct hack" invokes undefined behavior (which is why C99
++// introduced the flexible array member), and because subtracting those pesky
++// sizes of 1 is annoying, and because the format is fully specified in the
++// UEFI specification, we'll introduce two matching convenience structures that
++// are customized for our X.509 purposes.
++//
++#pragma pack(1)
++typedef struct {
++ EFI_TIME TimeStamp;
++
++ //
++ // dwLength covers data below
++ //
++ UINT32 dwLength;
++ UINT16 wRevision;
++ UINT16 wCertificateType;
++ EFI_GUID CertType;
++} SINGLE_HEADER;
++
++typedef struct {
++ //
++ // SignatureListSize covers data below
++ //
++ EFI_GUID SignatureType;
++ UINT32 SignatureListSize;
++ UINT32 SignatureHeaderSize; // constant 0
++ UINT32 SignatureSize;
++
++ //
++ // SignatureSize covers data below
++ //
++ EFI_GUID SignatureOwner;
++
++ //
++ // X.509 certificate follows
++ //
++} REPEATING_HEADER;
++#pragma pack()
++
++/**
++ Enroll a set of DER-formatted X.509 certificates in a global variable,
++ overwriting it.
++
++ The variable will be rewritten with NV+BS+RT+AT attributes.
++
++ @param[in] VariableName The name of the variable to overwrite.
++
++ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to
++ overwrite.
++
++ @param[in] ... A list of
++
++ IN CONST UINT8 *Cert,
++ IN UINTN CertSize,
++ IN CONST EFI_GUID *OwnerGuid
++
++ triplets. If the first component of a triplet is
++ NULL, then the other two components are not
++ accessed, and processing is terminated. The list of
++ X.509 certificates is enrolled in the variable
++ specified, overwriting it. The OwnerGuid component
++ identifies the agent installing the certificate.
++
++ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert
++ value is NULL), or one of the CertSize values
++ is 0, or one of the CertSize values would
++ overflow the accumulated UINT32 data size.
++
++ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable
++ payload.
++
++ @retval EFI_SUCCESS Enrollment successful; the variable has been
++ overwritten (or created).
++
++ @return Error codes from gRT->GetTime() and
++ gRT->SetVariable().
++**/
++STATIC
++EFI_STATUS
++EFIAPI
++EnrollListOfX509Certs (
++ IN CHAR16 *VariableName,
++ IN EFI_GUID *VendorGuid,
++ ...
++ )
++{
++ UINTN DataSize;
++ SINGLE_HEADER *SingleHeader;
++ REPEATING_HEADER *RepeatingHeader;
++ VA_LIST Marker;
++ CONST UINT8 *Cert;
++ EFI_STATUS Status;
++ UINT8 *Data;
++ UINT8 *Position;
++
++ //
++ // compute total size first, for UINT32 range check, and allocation
++ //
++ DataSize = sizeof *SingleHeader;
++ VA_START (Marker, VendorGuid);
++ for (Cert = VA_ARG (Marker, CONST UINT8 *);
++ Cert != NULL;
++ Cert = VA_ARG (Marker, CONST UINT8 *)) {
++ UINTN CertSize;
++
++ CertSize = VA_ARG (Marker, UINTN);
++ (VOID)VA_ARG (Marker, CONST EFI_GUID *);
++
++ if (CertSize == 0 ||
++ CertSize > MAX_UINT32 - sizeof *RepeatingHeader ||
++ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) {
++ Status = EFI_INVALID_PARAMETER;
++ break;
++ }
++ DataSize += sizeof *RepeatingHeader + CertSize;
++ }
++ VA_END (Marker);
++
++ if (DataSize == sizeof *SingleHeader) {
++ Status = EFI_INVALID_PARAMETER;
++ }
++ if (EFI_ERROR (Status)) {
++ goto Out;
++ }
++
++ Data = AllocatePool (DataSize);
++ if (Data == NULL) {
++ Status = EFI_OUT_OF_RESOURCES;
++ goto Out;
++ }
++
++ Position = Data;
++
++ SingleHeader = (SINGLE_HEADER *)Position;
++ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL);
++ if (EFI_ERROR (Status)) {
++ goto FreeData;
++ }
++ SingleHeader->TimeStamp.Pad1 = 0;
++ SingleHeader->TimeStamp.Nanosecond = 0;
++ SingleHeader->TimeStamp.TimeZone = 0;
++ SingleHeader->TimeStamp.Daylight = 0;
++ SingleHeader->TimeStamp.Pad2 = 0;
++#if 0
++ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp;
++#else
++ //
++ // This looks like a bug in edk2. According to the UEFI specification,
++ // dwLength is "The length of the entire certificate, including the length of
++ // the header, in bytes". That shouldn't stop right after CertType -- it
++ // should include everything below it.
++ //
++ SingleHeader->dwLength = sizeof *SingleHeader
++ - sizeof SingleHeader->TimeStamp;
++#endif
++ SingleHeader->wRevision = 0x0200;
++ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID;
++ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid);
++ Position += sizeof *SingleHeader;
++
++ VA_START (Marker, VendorGuid);
++ for (Cert = VA_ARG (Marker, CONST UINT8 *);
++ Cert != NULL;
++ Cert = VA_ARG (Marker, CONST UINT8 *)) {
++ UINTN CertSize;
++ CONST EFI_GUID *OwnerGuid;
++
++ CertSize = VA_ARG (Marker, UINTN);
++ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *);
++
++ RepeatingHeader = (REPEATING_HEADER *)Position;
++ CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid);
++ RepeatingHeader->SignatureListSize = sizeof *RepeatingHeader + CertSize;
++ RepeatingHeader->SignatureHeaderSize = 0;
++ RepeatingHeader->SignatureSize =
++ sizeof RepeatingHeader->SignatureOwner + CertSize;
++ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid);
++ Position += sizeof *RepeatingHeader;
++
++ CopyMem (Position, Cert, CertSize);
++ Position += CertSize;
++ }
++ VA_END (Marker);
++
++ ASSERT (Data + DataSize == Position);
++
++ Status = gRT->SetVariable (VariableName, VendorGuid,
++ (EFI_VARIABLE_NON_VOLATILE |
++ EFI_VARIABLE_BOOTSERVICE_ACCESS |
++ EFI_VARIABLE_RUNTIME_ACCESS |
++ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
++ DataSize, Data);
++
++FreeData:
++ FreePool (Data);
++
++Out:
++ if (EFI_ERROR (Status)) {
++ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName,
++ VendorGuid, Status);
++ }
++ return Status;
++}
++
++
++STATIC
++EFI_STATUS
++EFIAPI
++GetExact (
++ IN CHAR16 *VariableName,
++ IN EFI_GUID *VendorGuid,
++ OUT VOID *Data,
++ IN UINTN DataSize,
++ IN BOOLEAN AllowMissing
++ )
++{
++ UINTN Size;
++ EFI_STATUS Status;
++
++ Size = DataSize;
++ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data);
++ if (EFI_ERROR (Status)) {
++ if (Status == EFI_NOT_FOUND && AllowMissing) {
++ ZeroMem (Data, DataSize);
++ return EFI_SUCCESS;
++ }
++
++ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName,
++ VendorGuid, Status);
++ return Status;
++ }
++
++ if (Size != DataSize) {
++ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, "
++ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size);
++ return EFI_PROTOCOL_ERROR;
++ }
++
++ return EFI_SUCCESS;
++}
++
++typedef struct {
++ UINT8 SetupMode;
++ UINT8 SecureBoot;
++ UINT8 SecureBootEnable;
++ UINT8 CustomMode;
++ UINT8 VendorKeys;
++} SETTINGS;
++
++STATIC
++EFI_STATUS
++EFIAPI
++GetSettings (
++ OUT SETTINGS *Settings
++ )
++{
++ EFI_STATUS Status;
++
++ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid,
++ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE);
++ if (EFI_ERROR (Status)) {
++ return Status;
++ }
++
++ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
++ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE);
++ if (EFI_ERROR (Status)) {
++ return Status;
++ }
++
++ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME,
++ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable,
++ sizeof Settings->SecureBootEnable, TRUE);
++ if (EFI_ERROR (Status)) {
++ return Status;
++ }
++
++ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
++ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE);
++ if (EFI_ERROR (Status)) {
++ return Status;
++ }
++
++ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid,
++ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE);
++ return Status;
++}
++
++STATIC
++VOID
++EFIAPI
++PrintSettings (
++ IN CONST SETTINGS *Settings
++ )
++{
++ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d "
++ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot,
++ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys);
++}
++
++
++INTN
++EFIAPI
++ShellAppMain (
++ IN UINTN Argc,
++ IN CHAR16 **Argv
++ )
++{
++ EFI_STATUS Status;
++ SETTINGS Settings;
++
++ Status = GetSettings (&Settings);
++ if (EFI_ERROR (Status)) {
++ return 1;
++ }
++ PrintSettings (&Settings);
++
++ if (Settings.SetupMode != 1) {
++ AsciiPrint ("error: already in User Mode\n");
++ return 1;
++ }
++
++ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) {
++ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE;
++ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
++ (EFI_VARIABLE_NON_VOLATILE |
++ EFI_VARIABLE_BOOTSERVICE_ACCESS),
++ sizeof Settings.CustomMode, &Settings.CustomMode);
++ if (EFI_ERROR (Status)) {
++ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
++ &gEfiCustomModeEnableGuid, Status);
++ return 1;
++ }
++ }
++
++ Status = EnrollListOfX509Certs (
++ EFI_IMAGE_SECURITY_DATABASE,
++ &gEfiImageSecurityDatabaseGuid,
++ MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid,
++ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid,
++ NULL);
++ if (EFI_ERROR (Status)) {
++ return 1;
++ }
++
++ Status = EnrollListOfX509Certs (
++ EFI_KEY_EXCHANGE_KEY_NAME,
++ &gEfiGlobalVariableGuid,
++ ExampleCert, sizeof ExampleCert, &gEfiCallerIdGuid,
++ MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid,
++ NULL);
++ if (EFI_ERROR (Status)) {
++ return 1;
++ }
++
++ Status = EnrollListOfX509Certs (
++ EFI_PLATFORM_KEY_NAME,
++ &gEfiGlobalVariableGuid,
++ ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid,
++ NULL);
++ if (EFI_ERROR (Status)) {
++ return 1;
++ }
++
++ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE;
++ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
++ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
++ sizeof Settings.CustomMode, &Settings.CustomMode);
++ if (EFI_ERROR (Status)) {
++ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
++ &gEfiCustomModeEnableGuid, Status);
++ return 1;
++ }
++
++ Status = GetSettings (&Settings);
++ if (EFI_ERROR (Status)) {
++ return 1;
++ }
++ PrintSettings (&Settings);
++
++ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 ||
++ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 ||
++ Settings.VendorKeys != 0) {
++ AsciiPrint ("error: unexpected\n");
++ return 1;
++ }
++
++ AsciiPrint ("info: success\n");
++ return 0;
++}
+diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
+new file mode 100644
+index 0000000..ac919bb
+--- /dev/null
++++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
+@@ -0,0 +1,51 @@
++## @file
++# Enroll default PK, KEK, DB.
++#
++# Copyright (C) 2014, Red Hat, Inc.
++#
++# This program and the accompanying materials are licensed and made available
++# under the terms and conditions of the BSD License which accompanies this
++# distribution. The full text of the license may be found at
++# http://opensource.org/licenses/bsd-license.
++#
++# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED.
++##
++
++[Defines]
++ INF_VERSION = 0x00010006
++ BASE_NAME = EnrollDefaultKeys
++ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A
++ MODULE_TYPE = UEFI_APPLICATION
++ VERSION_STRING = 0.1
++ ENTRY_POINT = ShellCEntryLib
++
++#
++# VALID_ARCHITECTURES = IA32 X64
++#
++
++[Sources]
++ EnrollDefaultKeys.c
++
++[Packages]
++ MdePkg/MdePkg.dec
++ MdeModulePkg/MdeModulePkg.dec
++ SecurityPkg/SecurityPkg.dec
++ ShellPkg/ShellPkg.dec
++
++[Guids]
++ gEfiCertPkcs7Guid
++ gEfiCertX509Guid
++ gEfiCustomModeEnableGuid
++ gEfiGlobalVariableGuid
++ gEfiImageSecurityDatabaseGuid
++ gEfiSecureBootEnableDisableGuid
++
++[LibraryClasses]
++ BaseMemoryLib
++ DebugLib
++ MemoryAllocationLib
++ ShellCEntryLib
++ UefiLib
++ UefiRuntimeServicesTableLib
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index aaaaaa8..90980d4 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -725,6 +725,10 @@
+
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
++ <LibraryClasses>
++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
++ }
+ !endif
+
+ OvmfPkg/PlatformDxe/Platform.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index b4545b3..4d0ec9c 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -734,6 +734,10 @@
+
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
++ <LibraryClasses>
++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
++ }
+ !endif
+
+ OvmfPkg/PlatformDxe/Platform.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 1836c25..aca5476 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -732,6 +732,10 @@
+
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
++ <LibraryClasses>
++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
++ }
+ !endif
+
+ OvmfPkg/PlatformDxe/Platform.inf
diff --git a/0008-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch b/0008-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
new file mode 100644
index 0000000..aaf8ba6
--- /dev/null
+++ b/0008-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
@@ -0,0 +1,109 @@
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Tue, 25 Feb 2014 18:40:35 +0100
+Subject: [PATCH] MdeModulePkg: TerminalDxe: add other text resolutions
+
+When the console output is multiplexed to several devices by
+ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes
+supported by all console output devices.
+
+Two notable output devices are provided by:
+(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe,
+(2) MdeModulePkg/Universal/Console/TerminalDxe.
+
+GraphicsConsoleDxe supports four modes at most -- see
+InitializeGraphicsConsoleTextMode():
+
+(1a) 80x25 (required by the UEFI spec as mode 0),
+(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec
+ requires the driver to provide it as mode 1),
+(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI
+ spec requires from all plug-in graphics devices),
+(1d) "full screen" resolution, derived form the underlying GOP's
+ horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH
+ (8) and EFI_GLYPH_HEIGHT (19), respectively.
+
+The automatic "full screen resolution" makes GraphicsConsoleDxe's
+character console very flexible. However, TerminalDxe (which runs on
+serial ports) only provides the following fixed resolutions -- see
+InitializeTerminalConsoleTextMode():
+
+(2a) 80x25 (required by the UEFI spec as mode 0),
+(2b) 80x50 (since the character resolution of a serial device cannot be
+ interrogated easily, this is added unconditionally as mode 1)
+(2c) modes 2 and above come from "mTerminalConsoleModeData". This table
+ currently only contains one mode, 100x31.
+
+When ConSplitterDxe combines (1) and (2), multiplexing console output to
+both video output and serial terminal, the list of commonly supported text
+modes (ie. the "intersection") comprises:
+
+(3a) 80x25, unconditionally, from (1a) and (2a),
+(3b) 80x50, if the graphics console provides at least 640x950 pixel
+ resolution, from (1b) and (2b)
+(3c) 100x31, if the graphics device is a plug-in one (because in that case
+ 800x600 is a mandated pixel resolution), from (1c) and (2c).
+
+Unfortunately, the "full screen resolution" (1d) of the GOP-based text
+console is not available in general.
+
+Mitigate this problem by extending "mTerminalConsoleModeData" with a
+handful of text resolutions that are derived from widespread maximal pixel
+resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out
+the most frequent (1d) values from the intersection, and eg. the MODE
+command in the UEFI shell will offer the "best" (ie. full screen)
+resolution too.
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+---
+ .../Universal/Console/TerminalDxe/Terminal.c | 37 +++++++++++++++++++++-
+ 1 file changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
+index 6fde3b2..787bd35 100644
+--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
++++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
+@@ -103,7 +103,42 @@ TERMINAL_DEV mTerminalDevTemplate = {
+ };
+
+ TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {
+- {100, 31},
++ { 100, 25 }, // from graphics resolution 800 x 480
++ { 100, 31 }, // from graphics resolution 800 x 600
++ { 104, 32 }, // from graphics resolution 832 x 624
++ { 120, 33 }, // from graphics resolution 960 x 640
++ { 128, 31 }, // from graphics resolution 1024 x 600
++ { 128, 40 }, // from graphics resolution 1024 x 768
++ { 144, 45 }, // from graphics resolution 1152 x 864
++ { 144, 45 }, // from graphics resolution 1152 x 870
++ { 160, 37 }, // from graphics resolution 1280 x 720
++ { 160, 40 }, // from graphics resolution 1280 x 760
++ { 160, 40 }, // from graphics resolution 1280 x 768
++ { 160, 42 }, // from graphics resolution 1280 x 800
++ { 160, 50 }, // from graphics resolution 1280 x 960
++ { 160, 53 }, // from graphics resolution 1280 x 1024
++ { 170, 40 }, // from graphics resolution 1360 x 768
++ { 170, 40 }, // from graphics resolution 1366 x 768
++ { 175, 55 }, // from graphics resolution 1400 x 1050
++ { 180, 47 }, // from graphics resolution 1440 x 900
++ { 200, 47 }, // from graphics resolution 1600 x 900
++ { 200, 63 }, // from graphics resolution 1600 x 1200
++ { 210, 55 }, // from graphics resolution 1680 x 1050
++ { 240, 56 }, // from graphics resolution 1920 x 1080
++ { 240, 63 }, // from graphics resolution 1920 x 1200
++ { 240, 75 }, // from graphics resolution 1920 x 1440
++ { 250, 105 }, // from graphics resolution 2000 x 2000
++ { 256, 80 }, // from graphics resolution 2048 x 1536
++ { 256, 107 }, // from graphics resolution 2048 x 2048
++ { 320, 75 }, // from graphics resolution 2560 x 1440
++ { 320, 84 }, // from graphics resolution 2560 x 1600
++ { 320, 107 }, // from graphics resolution 2560 x 2048
++ { 350, 110 }, // from graphics resolution 2800 x 2100
++ { 400, 126 }, // from graphics resolution 3200 x 2400
++ { 480, 113 }, // from graphics resolution 3840 x 2160
++ { 512, 113 }, // from graphics resolution 4096 x 2160
++ { 960, 227 }, // from graphics resolution 7680 x 4320
++ { 1024, 227 }, // from graphics resolution 8192 x 4320
+ //
+ // New modes can be added here.
+ //
diff --git a/0009-pick-up-any-display-device-not-only-vga.patch b/0009-pick-up-any-display-device-not-only-vga.patch
new file mode 100644
index 0000000..732d76d
--- /dev/null
+++ b/0009-pick-up-any-display-device-not-only-vga.patch
@@ -0,0 +1,21 @@
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Thu, 13 Mar 2014 08:08:41 +0100
+Subject: [PATCH] pick up any display device, not only vga
+
+---
+ OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
+index 0bc02ba..5024caf 100644
+--- a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
++++ b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
+@@ -586,7 +586,7 @@ DetectAndPreparePlatformPciDevicePath (
+ //
+ // Here we decide which VGA device to enable in PCI bus
+ //
+- if (IS_PCI_VGA (Pci)) {
++ if (IS_PCI_DISPLAY (Pci)) {
+ //
+ // Add them to ConOut.
+ //
diff --git a/edk2.spec b/edk2.spec
index fc23aca..e7f22f2 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -15,17 +15,22 @@ Source1: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz
Source3: build-iso.sh
Source9: update-tarball.sh
-Patch1: 0001-pick-up-any-display-device-not-only-vga.patch
-Patch2: 0001-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
-Patch3: 0001-EXCLUDE_SHELL_FROM_FD.patch
-
-Patch10: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
-Patch11: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
-Patch12: 0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
-Patch13: 0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
-Patch14: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
-
-Patch20: 0001-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
+# Debug output tweaks, not for upstream
+Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
+Patch0002: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
+Patch0003: 0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
+Patch0004: 0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
+Patch0005: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
+# Exclude EFI shell from firmware, suggested by pjones re: secureboot.
+# Not for upstream, see bug 1325023#c16
+Patch0006: 0006-EXCLUDE_SHELL_FROM_FD.patch
+# Ship EnrollDefaultKeys application.
+# Not for upstream, see bug 1325023#c16
+Patch0007: 0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
+# More text console resolutions. Upstreaming attempted, but failed
+Patch0008: 0008-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch
+# Support qemu 'secondary-vga'. Not send upstream yet
+Patch0009: 0009-pick-up-any-display-device-not-only-vga.patch
#
# actual firmware builds are done on x86_64 and aarch64,
@@ -101,17 +106,7 @@ AARCH64 UEFI Firmware
%prep
%setup -q -n tianocore-%{name}-%{edk2_githash}
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-
-%patch20 -p1
+%autopatch -p1
# add openssl
tar -C CryptoPkg/Library/OpensslLib -xf %{SOURCE1}