This patch adds support for RSA PSS verification.
Ported IPP Crypto for PSS from latest IPP github repo.
Secure boot lib and RSA wrappers functions are
updated. RSA verfication sheme is would be
based on SigType in Signature Header.
PcdCompSignSchemeSupportedMask indicates the signing
scheme included in IPP lib.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Hash verification of Public key hash should be based on
hash alg used with Hash store. Previously hash alg in
signature info is used. There would be instances where
hashstore hash alg differs from signing alg.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Hash and RSA signing parameters were hardcoded in
Crypto wrappers and secure boot libraries. This patch
address support for multiple hash and key sizes.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
This patch implements pubKey and signature updates done
in storage. Added info as sigining types, signing algo,
key sizes which could be used in secureboot and crypto
libraries.
Information from IASImage is transformed to updated
crypto and secure boot implementation. Only RSA2048 and sha256
support is updated as IAS image supports only this combination.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
HASH_STORE_TABLE is updated and HASH_STORE_DATA is added
to provide info with variable length sizes. Usage bits would
notify for multiple component/key using the same hash.
These data structure would optimize the hash store size
in storage.
PcdHashStoreSize would define the size of Hash store
to allocate in bios bootup.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
This will fully support PatchCheck.py.
- Remove all trailing whitespace
- Convert LF to CRLF by default
- Update EFI_D_* to DEBUG_*
- Re-enable CRLF check in PatchCheck.py
Signed-off-by: Aiden Park <aiden.park@intel.com>
Functionality to Crypto Hash function is guarded with an
PcdIppHashLibSupportedMask.
PcdIppHashLibSupportedMask indicates IPP crypto algo supported
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
Subash Lakkimsetti
Subash Lakkimsetti
Subash Lakkimsetti
Aiden Park
Guo Dong
Maurice Ma