diff options
Diffstat (limited to 'external/poky/meta/recipes-core/ovmf')
14 files changed, 143 insertions, 1596 deletions
diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch deleted file mode 100644 index 342fcc62..00000000 --- a/external/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek <lersek@redhat.com> -Date: Fri, 2 Mar 2018 17:11:52 +0100 -Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation" - -gcc-8 (which is part of Fedora 28) enables the new warning -"-Wstringop-truncation" in "-Wall". This warning is documented in detail -at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the -introduction says - -> Warn for calls to bounded string manipulation functions such as strncat, -> strncpy, and stpncpy that may either truncate the copied string or leave -> the destination unchanged. - -It breaks the BaseTools build with: - -> EfiUtilityMsgs.c: In function 'PrintMessage': -> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying -> between 0 and 511 bytes from a string of length 511 -> [-Werror=stringop-truncation] -> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying -> between 0 and 511 bytes from a string of length 511 -> [-Werror=stringop-truncation] -> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying -> between 0 and 511 bytes from a string of length 511 -> [-Werror=stringop-truncation] -> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The right way to fix the warning would be to implement string concat with -snprintf(). However, Microsoft does not appear to support snprintf() -before VS2015 -<https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>, -so we just have to shut up the warning. The strncat() calls flagged above -are valid BTW. - -Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> -Cc: Cole Robinson <crobinso@redhat.com> -Cc: Liming Gao <liming.gao@intel.com> -Cc: Paolo Bonzini <pbonzini@redhat.com> -Cc: Yonghong Zhu <yonghong.zhu@intel.com> -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek <lersek@redhat.com> -Reviewed-by: Liming Gao <liming.gao@intel.com> ---- -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Backport - - BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: git/BaseTools/Source/C/Makefiles/header.makefile -=================================================================== ---- git.orig/BaseTools/Source/C/Makefiles/header.makefile -+++ git/BaseTools/Source/C/Makefiles/header.makefile -@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) - BUILD_CPPFLAGS += $(INCLUDE) -O2
- ifeq ($(DARWIN),Darwin)
- # assume clang or clang compatible flags on OS X
--BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
- else
--BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
- endif
- BUILD_LFLAGS = $(LDFLAGS)
- BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch deleted file mode 100644 index 5bb418b9..00000000 --- a/external/poky/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch +++ /dev/null @@ -1,46 +0,0 @@ -From f65e9cc025278387b494c2383c5d9ff3bed98687 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sun, 11 Jun 2017 00:47:24 -0700 -Subject: [PATCH] ia32: Dont use -pie - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - BaseTools/Conf/tools_def.template | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: git/BaseTools/Conf/tools_def.template -=================================================================== ---- git.orig/BaseTools/Conf/tools_def.template -+++ git/BaseTools/Conf/tools_def.template -@@ -4336,7 +4336,7 @@ RELEASE_*_*_OBJCOPY_ADDDEBUGFLAG = - NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_NAME).debug
-
- DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
--DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe
-+DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe -fno-PIE -no-pie
- DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-address -mno-stack-arg-probe
- DEFINE GCC_IPF_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency
- DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -mfloat-abi=soft -fno-pic -fno-pie
-@@ -4369,9 +4369,9 @@ DEFINE GCC_ARM_RC_FLAGS = -I - DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii
-
- DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
--DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables
-+DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
- DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
--DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
-+DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie
- DEFINE GCC44_IA32_X64_ASLDLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
- DEFINE GCC44_IA32_X64_DLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
- DEFINE GCC44_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON)
-@@ -4451,7 +4451,7 @@ DEFINE GCC48_AARCH64_ASLDLINK_FLAGS = D -
- DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
- DEFINE GCC49_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
--DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40
-+DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 -no-pie
- DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
- DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
- DEFINE GCC49_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0002-ovmf-update-path-to-native-BaseTools.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch index 94ae5d44..6ecb23b2 100644 --- a/external/poky/meta/recipes-core/ovmf/ovmf/0002-ovmf-update-path-to-native-BaseTools.patch +++ b/external/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch @@ -1,7 +1,7 @@ -From 9e632e3f9edd09632cc877dff6ea57608f979aab Mon Sep 17 00:00:00 2001 +From 0a8362cfb9f00870d70687475665b131dd82c947 Mon Sep 17 00:00:00 2001 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Date: Thu, 9 Jun 2016 02:23:01 -0700 -Subject: [PATCH] ovmf: update path to native BaseTools +Subject: [PATCH 1/5] ovmf: update path to native BaseTools BaseTools is a set of utilities to build EDK-based firmware. These utilities are used during the build process. Thus, they need to be built natively. @@ -11,15 +11,16 @@ with the appropriate location before building. Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Upstream-Status: Pending + --- OvmfPkg/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OvmfPkg/build.sh b/OvmfPkg/build.sh -index eb5eb73..9058fca 100755 +index 91b1442ade..1858dae31a 100755 --- a/OvmfPkg/build.sh +++ b/OvmfPkg/build.sh -@@ -30,7 +30,7 @@ then +@@ -24,7 +24,7 @@ then # this assumes svn pulls have the same root dir # export EDK_TOOLS_PATH=`pwd`/../BaseTools # This version is for the tools source in edk2 @@ -29,5 +30,5 @@ index eb5eb73..9058fca 100755 source edksetup.sh BaseTools else -- -2.8.1 +2.17.1 diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch deleted file mode 100644 index a076665c..00000000 --- a/external/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek <lersek@redhat.com> -Date: Fri, 2 Mar 2018 17:11:52 +0100 -Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict" - -gcc-8 (which is part of Fedora 28) enables the new warning -"-Wrestrict" in "-Wall". This warning is documented in detail -at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the -introduction says - -> Warn when an object referenced by a restrict-qualified parameter (or, in -> C++, a __restrict-qualified parameter) is aliased by another argument, -> or when copies between such objects overlap. - -It breaks the BaseTools build (in the Brotli compression library) with: - -> In function 'ProcessCommandsInternal', -> inlined from 'ProcessCommands' at dec/decode.c:1828:10: -> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 -> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at -> offset 16 [-Werror=restrict] -> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -> In function 'ProcessCommandsInternal', -> inlined from 'SafeProcessCommands' at dec/decode.c:1833:10: -> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 -> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at -> offset 16 [-Werror=restrict] -> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail, -and concluded that the warning is a false positive: - -> This seems safe to me, because it's preceded by: -> -> uint8_t* copy_dst = &s->ringbuffer[pos]; -> uint8_t* copy_src = &s->ringbuffer[src_start]; -> int dst_end = pos + i; -> int src_end = src_start + i; -> if (src_end > pos && dst_end > src_start) { -> /* Regions intersect. */ -> goto CommandPostWrapCopy; -> } -> -> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then -> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i). -> -> The if seems okay: -> -> (src_start + i > pos && pos + i > src_start) -> -> which can be rewritten to: -> -> (pos < src_start + i && src_start < pos + i) -> -> Then the numbers are in one of these two orders: -> -> pos <= src_start < pos + i <= src_start + i -> src_start <= pos < src_start + i <= pos + i -> -> These two would be allowed by the "if", but they can only happen if pos -> == src_start so they degenerate to the same two orders above: -> -> pos <= src_start < src_start + i <= pos + i -> src_start <= pos < pos + i <= src_start + i -> -> So it is a false positive in GCC. - -Disable the warning for now. - -Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> -Cc: Cole Robinson <crobinso@redhat.com> -Cc: Liming Gao <liming.gao@intel.com> -Cc: Paolo Bonzini <pbonzini@redhat.com> -Cc: Yonghong Zhu <yonghong.zhu@intel.com> -Reported-by: Cole Robinson <crobinso@redhat.com> -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek <lersek@redhat.com> -Reviewed-by: Liming Gao <liming.gao@intel.com> ---- -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Backport - BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: git/BaseTools/Source/C/Makefiles/header.makefile -=================================================================== ---- git.orig/BaseTools/Source/C/Makefiles/header.makefile -+++ git/BaseTools/Source/C/Makefiles/header.makefile -@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) - BUILD_CPPFLAGS += $(INCLUDE) -O2
- ifeq ($(DARWIN),Darwin)
- # assume clang or clang compatible flags on OS X
--BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
- else
--BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
- endif
- BUILD_LFLAGS = $(LDFLAGS)
- BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch new file mode 100644 index 00000000..f37ed018 --- /dev/null +++ b/external/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch @@ -0,0 +1,51 @@ +From a8bceaec1b16fffbf6810df05503d8ae9092b735 Mon Sep 17 00:00:00 2001 +From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> +Date: Fri, 26 Jul 2019 17:34:26 -0400 +Subject: [PATCH 2/5] BaseTools: makefile: adjust to build in under bitbake + +Prepend the build flags with those of bitbake. This is to build +using the bitbake native sysroot include and library directories. + +Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com> +Upstream-Status: Pending + +--- + BaseTools/Source/C/Makefiles/header.makefile | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile +index 4e9b36d98b..eb03ee33fa 100644 +--- a/BaseTools/Source/C/Makefiles/header.makefile ++++ b/BaseTools/Source/C/Makefiles/header.makefile +@@ -62,23 +62,23 @@ $(error Bad HOST_ARCH) + endif
+
+ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
+-BUILD_CPPFLAGS = $(INCLUDE)
++BUILD_CPPFLAGS += $(INCLUDE)
+
+ # keep EXTRA_OPTFLAGS last
+ BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
+
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
+ -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
+ else
+-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+ -fno-delete-null-pointer-checks -Wall -Werror \
+ -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
+ -Wno-unused-result -nostdlib -g
+ endif
+-BUILD_LFLAGS =
+-BUILD_CXXFLAGS = -Wno-unused-result
++BUILD_LFLAGS = $(LDFLAGS)
++BUILD_CXXFLAGS += -Wno-unused-result
+
+ ifeq ($(HOST_ARCH), IA32)
+ #
+-- +2.17.1 + diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch deleted file mode 100644 index 920723e3..00000000 --- a/external/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek <lersek@redhat.com> -Date: Wed, 7 Mar 2018 10:17:28 +0100 -Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx" - options on OSX - -I recently added the gcc-8 specific "-Wno-stringop-truncation" and -"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 / -clang, OSX) and otherwise (gcc, Linux / Cygwin). - -I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does -not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and -"-Wno-restrict" options, yet the build completed fine (by GCC design). - -Regarding OSX, my expectation was that - -- XCODE5 / clang would either recognize these warnings options (because - clang does recognize most -W options of gcc), - -- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags - that it didn't recognize. - -Neither is the case; the new flags have broken the BaseTools build on OSX. -Revert them (for OSX only). - -Cc: Liming Gao <liming.gao@intel.com> -Cc: Yonghong Zhu <yonghong.zhu@intel.com> -Reported-by: Liming Gao <liming.gao@intel.com> -Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231 -Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek <lersek@redhat.com> -Reviewed-by: Liming Gao <liming.gao@intel.com> -Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> ---- -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Backport - BaseTools/Source/C/Makefiles/header.makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: git/BaseTools/Source/C/Makefiles/header.makefile -=================================================================== ---- git.orig/BaseTools/Source/C/Makefiles/header.makefile -+++ git/BaseTools/Source/C/Makefiles/header.makefile -@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) - BUILD_CPPFLAGS += $(INCLUDE) -O2
- ifeq ($(DARWIN),Darwin)
- # assume clang or clang compatible flags on OS X
--BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
- else
- BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
- endif
diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch deleted file mode 100644 index 65b5c16d..00000000 --- a/external/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 2320650c6d381b914fe91b2dedaa5870279a8bcf Mon Sep 17 00:00:00 2001 -From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> -Date: Sun, 27 Nov 2016 18:42:55 -0800 -Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake - -Prepend the build flags with those of bitbake. This is to build -using the bitbake native sysroot include and library directories. - -Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com> -Upstream-Status: Pending ---- - BaseTools/Source/C/Makefiles/header.makefile | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -Index: git/BaseTools/Source/C/Makefiles/header.makefile -=================================================================== ---- git.orig/BaseTools/Source/C/Makefiles/header.makefile -+++ git/BaseTools/Source/C/Makefiles/header.makefile -@@ -44,15 +44,15 @@ ARCH_INCLUDE = -I $(MAKEROOT)/Include/AA - endif
-
- INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
--BUILD_CPPFLAGS = $(INCLUDE) -O2
-+BUILD_CPPFLAGS += $(INCLUDE) -O2
- ifeq ($(DARWIN),Darwin)
- # assume clang or clang compatible flags on OS X
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
- else
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
- endif
--BUILD_LFLAGS =
--BUILD_CXXFLAGS = -Wno-unused-result
-+BUILD_LFLAGS = $(LDFLAGS)
-+BUILD_CXXFLAGS += -Wno-unused-result
-
- ifeq ($(ARCH), IA32)
- #
diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0004-ovmf-enable-long-path-file.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0003-ovmf-enable-long-path-file.patch index d954fbe3..ab1e7db3 100644 --- a/external/poky/meta/recipes-core/ovmf/ovmf/0004-ovmf-enable-long-path-file.patch +++ b/external/poky/meta/recipes-core/ovmf/ovmf/0003-ovmf-enable-long-path-file.patch @@ -1,18 +1,28 @@ -From 032fc6b1f7691bd537fd2a6bd13821fcf3c45e64 Mon Sep 17 00:00:00 2001 +From 60a5f953f747e1e9e05a40157b651cba8ea57b91 Mon Sep 17 00:00:00 2001 From: Dengke Du <dengke.du@windriver.com> Date: Mon, 11 Sep 2017 02:21:55 -0400 -Subject: [PATCH] ovmf: enable long path file +Subject: [PATCH 3/5] ovmf: enable long path file Upstream-Status: Pending Signed-off-by: Dengke Du <dengke.du@windriver.com> + --- BaseTools/Source/C/Common/CommonLib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BaseTools/Source/C/Common/CommonLib.h b/BaseTools/Source/C/Common/CommonLib.h -index 2041b89e2d..8116aa2e35 100644 +index e1cce985f7..d67d03c70c 100644 --- a/BaseTools/Source/C/Common/CommonLib.h +++ b/BaseTools/Source/C/Common/CommonLib.h -@@ -22 +22 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +@@ -14,7 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + #include <assert.h>
+ #define PRINTED_GUID_BUFFER_SIZE 37 // including null-termination
+
-#define MAX_LONG_FILE_PATH 500
+#define MAX_LONG_FILE_PATH 1023
+
+ #define MAX_UINT64 ((UINT64)0xFFFFFFFFFFFFFFFFULL)
+ #define MAX_UINT32 ((UINT32)0xFFFFFFFF)
+-- +2.17.1 + diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch deleted file mode 100644 index 7ad7cdf0..00000000 --- a/external/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch +++ /dev/null @@ -1,66 +0,0 @@ -From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek <lersek@redhat.com> -Date: Fri, 2 Mar 2018 17:11:52 +0100 -Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow" - warning with memcpy() - -gcc-8 (which is part of Fedora 28) enables the new warning -"-Wstringop-overflow" in "-Wall". This warning is documented in detail at -<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the -introduction says - -> Warn for calls to string manipulation functions such as memcpy and -> strcpy that are determined to overflow the destination buffer. - -It breaks the BaseTools build with: - -> GenVtf.c: In function 'ConvertVersionInfo': -> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length -> of the source argument [-Werror=stringop-overflow=] -> strncpy (TemStr + 4 - Length, Str, Length); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -> GenVtf.c:130:14: note: length computed here -> Length = strlen(Str); -> ^~~~~~~~~~~ - -It is a false positive because, while the bound equals the length of the -source argument, the destination pointer is moved back towards the -beginning of the destination buffer by the same amount (and this amount is -range-checked first, so we can't precede the start of the dest buffer). - -Replace both strncpy() calls with memcpy(). - -Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> -Cc: Cole Robinson <crobinso@redhat.com> -Cc: Liming Gao <liming.gao@intel.com> -Cc: Paolo Bonzini <pbonzini@redhat.com> -Cc: Yonghong Zhu <yonghong.zhu@intel.com> -Reported-by: Cole Robinson <crobinso@redhat.com> -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek <lersek@redhat.com> -Reviewed-by: Liming Gao <liming.gao@intel.com> ---- -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Backport - BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c -index 2ae9a7be2c..0cd33e71e9 100644 ---- a/BaseTools/Source/C/GenVtf/GenVtf.c -+++ b/BaseTools/Source/C/GenVtf/GenVtf.c -@@ -129,9 +129,9 @@ Returns: - } else {
- Length = strlen(Str);
- if (Length < 4) {
-- strncpy (TemStr + 4 - Length, Str, Length);
-+ memcpy (TemStr + 4 - Length, Str, Length);
- } else {
-- strncpy (TemStr, Str + Length - 4, 4);
-+ memcpy (TemStr, Str + Length - 4, 4);
- }
-
- sscanf (
--- -2.17.0 - diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0004-ovmf-Update-to-latest.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0004-ovmf-Update-to-latest.patch new file mode 100644 index 00000000..c10a39d9 --- /dev/null +++ b/external/poky/meta/recipes-core/ovmf/ovmf/0004-ovmf-Update-to-latest.patch @@ -0,0 +1,46 @@ +From 94eff316b31b4d0348af28c77be5c00bc09fe8e7 Mon Sep 17 00:00:00 2001 +From: Steve Langasek <steve.langasek@ubuntu.com> +Date: Sat, 10 Jun 2017 01:39:36 -0700 +Subject: [PATCH 4/5] ovmf: Update to latest + +Description: pass -fno-stack-protector to all GCC toolchains + The upstream build rules inexplicably pass -fno-stack-protector only + when building for i386 and amd64. Add this essential argument to the + generic rules for gcc 4.4 and later. +Last-Updated: 2016-04-12 +Upstream-Status: Pending + +--- + BaseTools/Conf/tools_def.template | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template +index ca0b122dbb..b0066c2ab8 100755 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -1941,10 +1941,10 @@ DEFINE GCC_X64_RC_FLAGS = -I binary -O elf64-x86-64 -B i386 + DEFINE GCC_ARM_RC_FLAGS = -I binary -O elf32-littlearm -B arm --rename-section .data=.hii
+ DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii
+
+-DEFINE GCC48_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
++DEFINE GCC48_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
+ DEFINE GCC48_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
+-DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address
+-DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address
++DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -D EFI32 -fno-asynchronous-unwind-tables -Wno-address
++DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address
+ DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
+ DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive
+ DEFINE GCC48_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON)
+@@ -1953,7 +1953,7 @@ DEFINE GCC48_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF + DEFINE GCC48_ASM_FLAGS = DEF(GCC_ASM_FLAGS)
+ DEFINE GCC48_ARM_ASM_FLAGS = $(ARCHASM_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian
+ DEFINE GCC48_AARCH64_ASM_FLAGS = $(ARCHASM_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian
+-DEFINE GCC48_ARM_CC_FLAGS = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ARM_CC_FLAGS) -fstack-protector -mword-relocations
++DEFINE GCC48_ARM_CC_FLAGS = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ARM_CC_FLAGS) -mword-relocations
+ DEFINE GCC48_ARM_CC_XIPFLAGS = DEF(GCC_ARM_CC_XIPFLAGS)
+ DEFINE GCC48_AARCH64_CC_FLAGS = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) -mcmodel=large DEF(GCC_AARCH64_CC_FLAGS)
+ DEFINE GCC48_AARCH64_CC_XIPFLAGS = DEF(GCC_AARCH64_CC_XIPFLAGS)
+-- +2.17.1 + diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/external/poky/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch deleted file mode 100644 index 3aa6cc4a..00000000 --- a/external/poky/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +++ /dev/null @@ -1,1124 +0,0 @@ -From: Laszlo Ersek <lersek@redhat.com> -Date: Mon, 6 Jul 2015 20:22:02 +0200 -Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default - keys - -(A port of the <https://bugzilla.redhat.com/show_bug.cgi?id=1148296> patch -to Gerd's public RPMs.) - -This application is meant to be invoked by the management layer, after -booting the UEFI shell and getting a shell prompt on the serial console. -The app enrolls a number of certificates (see below), and then reports -status to the serial console as well. The expected output is "info: -success": - -> Shell> EnrollDefaultKeys.efi -> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 -> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 -> info: success -> Shell> - -In case of success, the management layer can force off or reboot the VM -(for example with the "reset -s" or "reset -c" UEFI shell commands, -respectively), and start the guest installation with SecureBoot enabled. - -PK: -- A unique, static, ad-hoc certificate whose private half has been - destroyed (more precisely, never saved) and is therefore unusable for - signing. (The command for creating this certificate is saved in the - source code.) - -KEK: -- same ad-hoc certificate as used for the PK, -- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool - package is signed (indirectly, through a chain) with this; enrolling - such a KEK should allow guests to install those updates. - -DB: -- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows - Server 2012 R2, -- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI - oproms. - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek <lersek@redhat.com> -Upstream-Status: Inappropriate [not author] -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> ---- - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 960 ++++++++++++++++++++++++ - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 51 ++ - OvmfPkg/OvmfPkgIa32.dsc | 4 + - OvmfPkg/OvmfPkgIa32X64.dsc | 4 + - OvmfPkg/OvmfPkgX64.dsc | 4 + - 5 files changed, 1023 insertions(+) - create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c - create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf - -diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c -new file mode 100644 -index 0000000..081212b ---- /dev/null -+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c -@@ -0,0 +1,960 @@ -+/** @file -+ Enroll default PK, KEK, DB. -+ -+ Copyright (C) 2014, Red Hat, Inc. -+ -+ This program and the accompanying materials are licensed and made available -+ under the terms and conditions of the BSD License which accompanies this -+ distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license. -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT -+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+**/ -+#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid -+#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME -+#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE -+#include <Library/BaseMemoryLib.h> // CopyGuid() -+#include <Library/DebugLib.h> // ASSERT() -+#include <Library/MemoryAllocationLib.h> // FreePool() -+#include <Library/ShellCEntryLib.h> // ShellAppMain() -+#include <Library/UefiLib.h> // AsciiPrint() -+#include <Library/UefiRuntimeServicesTableLib.h> // gRT -+ -+// -+// The example self-signed certificate below, which we'll use for both Platform -+// Key, and first Key Exchange Key, has been generated with the following -+// non-interactive openssl command. The passphrase is read from /dev/urandom, -+// and not saved, and the private key is written to /dev/null. In other words, -+// we can't sign anything else against this certificate, which is our purpose. -+// -+/* -+ openssl req \ -+ -passout file:<(head -c 16 /dev/urandom) \ -+ -x509 \ -+ -newkey rsa:2048 \ -+ -keyout /dev/null \ -+ -outform DER \ -+ -subj $( -+ printf /C=US -+ printf /ST=TestStateOrProvince -+ printf /L=TestLocality -+ printf /O=TestOrganization -+ printf /OU=TestOrganizationalUnit -+ printf /CN=TestCommonName -+ printf /emailAddress=test@example.com -+ ) \ -+ 2>/dev/null \ -+ | xxd -i -+*/ -+STATIC CONST UINT8 ExampleCert[] = { -+ 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, -+ 0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, -+ 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, -+ 0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, -+ 0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, -+ 0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, -+ 0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, -+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, -+ 0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, -+ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, -+ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, -+ 0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, -+ 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, -+ 0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, -+ 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, -+ 0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34, -+ 0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81, -+ 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, -+ 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54, -+ 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f, -+ 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, -+ 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, -+ 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10, -+ 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, -+ 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, -+ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30, -+ 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43, -+ 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, -+ 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, -+ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, -+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, -+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce, -+ 0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21, -+ 0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc, -+ 0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae, -+ 0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16, -+ 0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b, -+ 0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77, -+ 0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce, -+ 0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31, -+ 0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35, -+ 0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d, -+ 0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a, -+ 0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24, -+ 0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2, -+ 0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d, -+ 0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b, -+ 0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3, -+ 0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1, -+ 0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4, -+ 0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68, -+ 0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, -+ 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, -+ 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, -+ 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, -+ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, -+ 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, -+ 0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, -+ 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, -+ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38, -+ 0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9, -+ 0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a, -+ 0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c, -+ 0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59, -+ 0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4, -+ 0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81, -+ 0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c, -+ 0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f, -+ 0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b, -+ 0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04, -+ 0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f, -+ 0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e, -+ 0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f, -+ 0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03, -+ 0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84, -+ 0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d, -+ 0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5, -+ 0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1, -+ 0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19, -+ 0x26, 0x5b, 0xc0, 0x3d, 0xc7 -+}; -+ -+// -+// Second KEK: "Microsoft Corporation KEK CA 2011". -+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30 -+// -+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK. -+// -+STATIC CONST UINT8 MicrosoftKEK[] = { -+ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, -+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, -+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, -+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, -+ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, -+ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30, -+ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, -+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, -+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, -+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, -+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, -+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, -+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, -+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, -+ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, -+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, -+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, -+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad, -+ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d, -+ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb, -+ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3, -+ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b, -+ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac, -+ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8, -+ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0, -+ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2, -+ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89, -+ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2, -+ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03, -+ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e, -+ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb, -+ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f, -+ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa, -+ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f, -+ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6, -+ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf, -+ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07, -+ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30, -+ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, -+ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, -+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4, -+ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f, -+ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, -+ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, -+ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, -+ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, -+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, -+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11, -+ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30, -+ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0, -+ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, -+ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, -+ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, -+ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, -+ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, -+ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, -+ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, -+ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, -+ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, -+ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, -+ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, -+ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, -+ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, -+ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a, -+ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66, -+ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a, -+ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64, -+ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58, -+ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0, -+ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5, -+ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec, -+ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7, -+ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28, -+ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79, -+ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b, -+ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8, -+ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19, -+ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58, -+ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d, -+ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d, -+ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8, -+ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60, -+ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac, -+ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87, -+ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd, -+ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81, -+ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92, -+ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0, -+ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf, -+ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb, -+ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68, -+ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad, -+ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82, -+ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14, -+ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f, -+ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b, -+ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0, -+ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d, -+ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38, -+ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c, -+ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14, -+ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5, -+ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e -+}; -+ -+// -+// First DB entry: "Microsoft Windows Production PCA 2011" -+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d -+// -+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain -+// rooted in this certificate. -+// -+STATIC CONST UINT8 MicrosoftPCA[] = { -+ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, -+ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, -+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, -+ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17, -+ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32, -+ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31, -+ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, -+ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, -+ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, -+ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, -+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, -+ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, -+ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63, -+ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, -+ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, -+ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, -+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, -+ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7, -+ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb, -+ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b, -+ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3, -+ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0, -+ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74, -+ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67, -+ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53, -+ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23, -+ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3, -+ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff, -+ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2, -+ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22, -+ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3, -+ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b, -+ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc, -+ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6, -+ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8, -+ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8, -+ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03, -+ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10, -+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, -+ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, -+ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9, -+ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b, -+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, -+ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, -+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, -+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, -+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, -+ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94, -+ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d, -+ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45, -+ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, -+ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, -+ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, -+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41, -+ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, -+ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, -+ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, -+ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a, -+ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, -+ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, -+ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, -+ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14, -+ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc, -+ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0, -+ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61, -+ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda, -+ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a, -+ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2, -+ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea, -+ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30, -+ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86, -+ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8, -+ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae, -+ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8, -+ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac, -+ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84, -+ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73, -+ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73, -+ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60, -+ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6, -+ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a, -+ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba, -+ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce, -+ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f, -+ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e, -+ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3, -+ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45, -+ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0, -+ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24, -+ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c, -+ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf, -+ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c, -+ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2, -+ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c, -+ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47, -+ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a, -+ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21, -+ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86, -+ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6, -+ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9, -+ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4, -+ 0x62, 0x1c, 0x59, 0x7e -+}; -+ -+// -+// Second DB entry: "Microsoft Corporation UEFI CA 2011" -+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3 -+// -+// To verify the "shim" binary and PCI expansion ROMs with. -+// -+STATIC CONST UINT8 MicrosoftUefiCA[] = { -+ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, -+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, -+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, -+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, -+ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32, -+ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30, -+ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, -+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, -+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, -+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, -+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, -+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, -+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06, -+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, -+ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, -+ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, -+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7, -+ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43, -+ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73, -+ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3, -+ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54, -+ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c, -+ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f, -+ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae, -+ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d, -+ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa, -+ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff, -+ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b, -+ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6, -+ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62, -+ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08, -+ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7, -+ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2, -+ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f, -+ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b, -+ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a, -+ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76, -+ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, -+ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23, -+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16, -+ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37, -+ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03, -+ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd, -+ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b, -+ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, -+ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, -+ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, -+ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, -+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, -+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, -+ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, -+ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, -+ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, -+ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, -+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, -+ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, -+ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, -+ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, -+ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, -+ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, -+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, -+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, -+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, -+ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, -+ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, -+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, -+ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76, -+ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef, -+ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13, -+ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82, -+ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a, -+ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20, -+ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90, -+ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52, -+ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d, -+ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf, -+ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49, -+ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34, -+ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75, -+ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9, -+ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f, -+ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c, -+ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56, -+ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae, -+ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a, -+ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c, -+ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59, -+ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d, -+ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53, -+ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b, -+ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98, -+ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85, -+ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2, -+ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2, -+ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c, -+ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b, -+ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27, -+ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6, -+ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f, -+ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55, -+ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e, -+ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62, -+ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8, -+ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6, -+ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75, -+ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58 -+}; -+ -+// -+// The most important thing about the variable payload is that it is a list of -+// lists, where the element size of any given *inner* list is constant. -+// -+// Since X509 certificates vary in size, each of our *inner* lists will contain -+// one element only (one X.509 certificate). This is explicitly mentioned in -+// the UEFI specification, in "28.4.1 Signature Database", in a Note. -+// -+// The list structure looks as follows: -+// -+// struct EFI_VARIABLE_AUTHENTICATION_2 { | -+// struct EFI_TIME { | -+// UINT16 Year; | -+// UINT8 Month; | -+// UINT8 Day; | -+// UINT8 Hour; | -+// UINT8 Minute; | -+// UINT8 Second; | -+// UINT8 Pad1; | -+// UINT32 Nanosecond; | -+// INT16 TimeZone; | -+// UINT8 Daylight; | -+// UINT8 Pad2; | -+// } TimeStamp; | -+// | -+// struct WIN_CERTIFICATE_UEFI_GUID { | | -+// struct WIN_CERTIFICATE { | | -+// UINT32 dwLength; ----------------------------------------+ | -+// UINT16 wRevision; | | -+// UINT16 wCertificateType; | | -+// } Hdr; | +- DataSize -+// | | -+// EFI_GUID CertType; | | -+// UINT8 CertData[1] = { <--- "struct hack" | | -+// struct EFI_SIGNATURE_LIST { | | | -+// EFI_GUID SignatureType; | | | -+// UINT32 SignatureListSize; -------------------------+ | | -+// UINT32 SignatureHeaderSize; | | | -+// UINT32 SignatureSize; ---------------------------+ | | | -+// UINT8 SignatureHeader[SignatureHeaderSize]; | | | | -+// v | | | -+// struct EFI_SIGNATURE_DATA { | | | | -+// EFI_GUID SignatureOwner; | | | | -+// UINT8 SignatureData[1] = { <--- "struct hack" | | | | -+// X.509 payload | | | | -+// } | | | | -+// } Signatures[]; | | | -+// } SigLists[]; | | -+// }; | | -+// } AuthInfo; | | -+// }; | -+// -+// Given that the "struct hack" invokes undefined behavior (which is why C99 -+// introduced the flexible array member), and because subtracting those pesky -+// sizes of 1 is annoying, and because the format is fully specified in the -+// UEFI specification, we'll introduce two matching convenience structures that -+// are customized for our X.509 purposes. -+// -+#pragma pack(1) -+typedef struct { -+ EFI_TIME TimeStamp; -+ -+ // -+ // dwLength covers data below -+ // -+ UINT32 dwLength; -+ UINT16 wRevision; -+ UINT16 wCertificateType; -+ EFI_GUID CertType; -+} SINGLE_HEADER; -+ -+typedef struct { -+ // -+ // SignatureListSize covers data below -+ // -+ EFI_GUID SignatureType; -+ UINT32 SignatureListSize; -+ UINT32 SignatureHeaderSize; // constant 0 -+ UINT32 SignatureSize; -+ -+ // -+ // SignatureSize covers data below -+ // -+ EFI_GUID SignatureOwner; -+ -+ // -+ // X.509 certificate follows -+ // -+} REPEATING_HEADER; -+#pragma pack() -+ -+/** -+ Enroll a set of DER-formatted X.509 certificates in a global variable, -+ overwriting it. -+ -+ The variable will be rewritten with NV+BS+RT+AT attributes. -+ -+ @param[in] VariableName The name of the variable to overwrite. -+ -+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to -+ overwrite. -+ -+ @param[in] ... A list of -+ -+ IN CONST UINT8 *Cert, -+ IN UINTN CertSize, -+ IN CONST EFI_GUID *OwnerGuid -+ -+ triplets. If the first component of a triplet is -+ NULL, then the other two components are not -+ accessed, and processing is terminated. The list of -+ X.509 certificates is enrolled in the variable -+ specified, overwriting it. The OwnerGuid component -+ identifies the agent installing the certificate. -+ -+ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert -+ value is NULL), or one of the CertSize values -+ is 0, or one of the CertSize values would -+ overflow the accumulated UINT32 data size. -+ -+ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable -+ payload. -+ -+ @retval EFI_SUCCESS Enrollment successful; the variable has been -+ overwritten (or created). -+ -+ @return Error codes from gRT->GetTime() and -+ gRT->SetVariable(). -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+EnrollListOfX509Certs ( -+ IN CHAR16 *VariableName, -+ IN EFI_GUID *VendorGuid, -+ ... -+ ) -+{ -+ UINTN DataSize; -+ SINGLE_HEADER *SingleHeader; -+ REPEATING_HEADER *RepeatingHeader; -+ VA_LIST Marker; -+ CONST UINT8 *Cert; -+ EFI_STATUS Status = EFI_SUCCESS; -+ UINT8 *Data; -+ UINT8 *Position; -+ -+ // -+ // compute total size first, for UINT32 range check, and allocation -+ // -+ DataSize = sizeof *SingleHeader; -+ VA_START (Marker, VendorGuid); -+ for (Cert = VA_ARG (Marker, CONST UINT8 *); -+ Cert != NULL; -+ Cert = VA_ARG (Marker, CONST UINT8 *)) { -+ UINTN CertSize; -+ -+ CertSize = VA_ARG (Marker, UINTN); -+ (VOID)VA_ARG (Marker, CONST EFI_GUID *); -+ -+ if (CertSize == 0 || -+ CertSize > MAX_UINT32 - sizeof *RepeatingHeader || -+ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) { -+ Status = EFI_INVALID_PARAMETER; -+ break; -+ } -+ DataSize += sizeof *RepeatingHeader + CertSize; -+ } -+ VA_END (Marker); -+ -+ if (DataSize == sizeof *SingleHeader) { -+ Status = EFI_INVALID_PARAMETER; -+ } -+ if (EFI_ERROR (Status)) { -+ goto Out; -+ } -+ -+ Data = AllocatePool (DataSize); -+ if (Data == NULL) { -+ Status = EFI_OUT_OF_RESOURCES; -+ goto Out; -+ } -+ -+ Position = Data; -+ -+ SingleHeader = (SINGLE_HEADER *)Position; -+ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL); -+ if (EFI_ERROR (Status)) { -+ goto FreeData; -+ } -+ SingleHeader->TimeStamp.Pad1 = 0; -+ SingleHeader->TimeStamp.Nanosecond = 0; -+ SingleHeader->TimeStamp.TimeZone = 0; -+ SingleHeader->TimeStamp.Daylight = 0; -+ SingleHeader->TimeStamp.Pad2 = 0; -+#if 0 -+ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp; -+#else -+ // -+ // This looks like a bug in edk2. According to the UEFI specification, -+ // dwLength is "The length of the entire certificate, including the length of -+ // the header, in bytes". That shouldn't stop right after CertType -- it -+ // should include everything below it. -+ // -+ SingleHeader->dwLength = sizeof *SingleHeader -+ - sizeof SingleHeader->TimeStamp; -+#endif -+ SingleHeader->wRevision = 0x0200; -+ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID; -+ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid); -+ Position += sizeof *SingleHeader; -+ -+ VA_START (Marker, VendorGuid); -+ for (Cert = VA_ARG (Marker, CONST UINT8 *); -+ Cert != NULL; -+ Cert = VA_ARG (Marker, CONST UINT8 *)) { -+ UINTN CertSize; -+ CONST EFI_GUID *OwnerGuid; -+ -+ CertSize = VA_ARG (Marker, UINTN); -+ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *); -+ -+ RepeatingHeader = (REPEATING_HEADER *)Position; -+ CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid); -+ RepeatingHeader->SignatureListSize = sizeof *RepeatingHeader + CertSize; -+ RepeatingHeader->SignatureHeaderSize = 0; -+ RepeatingHeader->SignatureSize = -+ sizeof RepeatingHeader->SignatureOwner + CertSize; -+ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid); -+ Position += sizeof *RepeatingHeader; -+ -+ CopyMem (Position, Cert, CertSize); -+ Position += CertSize; -+ } -+ VA_END (Marker); -+ -+ ASSERT (Data + DataSize == Position); -+ -+ Status = gRT->SetVariable (VariableName, VendorGuid, -+ (EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS | -+ EFI_VARIABLE_RUNTIME_ACCESS | -+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS), -+ DataSize, Data); -+ -+FreeData: -+ FreePool (Data); -+ -+Out: -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName, -+ VendorGuid, Status); -+ } -+ return Status; -+} -+ -+ -+STATIC -+EFI_STATUS -+EFIAPI -+GetExact ( -+ IN CHAR16 *VariableName, -+ IN EFI_GUID *VendorGuid, -+ OUT VOID *Data, -+ IN UINTN DataSize, -+ IN BOOLEAN AllowMissing -+ ) -+{ -+ UINTN Size; -+ EFI_STATUS Status; -+ -+ Size = DataSize; -+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data); -+ if (EFI_ERROR (Status)) { -+ if (Status == EFI_NOT_FOUND && AllowMissing) { -+ ZeroMem (Data, DataSize); -+ return EFI_SUCCESS; -+ } -+ -+ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName, -+ VendorGuid, Status); -+ return Status; -+ } -+ -+ if (Size != DataSize) { -+ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, " -+ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size); -+ return EFI_PROTOCOL_ERROR; -+ } -+ -+ return EFI_SUCCESS; -+} -+ -+typedef struct { -+ UINT8 SetupMode; -+ UINT8 SecureBoot; -+ UINT8 SecureBootEnable; -+ UINT8 CustomMode; -+ UINT8 VendorKeys; -+} SETTINGS; -+ -+STATIC -+EFI_STATUS -+EFIAPI -+GetSettings ( -+ OUT SETTINGS *Settings -+ ) -+{ -+ EFI_STATUS Status; -+ -+ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME, -+ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable, -+ sizeof Settings->SecureBootEnable, TRUE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE); -+ return Status; -+} -+ -+STATIC -+VOID -+EFIAPI -+PrintSettings ( -+ IN CONST SETTINGS *Settings -+ ) -+{ -+ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d " -+ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot, -+ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys); -+} -+ -+ -+INTN -+EFIAPI -+ShellAppMain ( -+ IN UINTN Argc, -+ IN CHAR16 **Argv -+ ) -+{ -+ EFI_STATUS Status; -+ SETTINGS Settings; -+ -+ Status = GetSettings (&Settings); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ PrintSettings (&Settings); -+ -+ if (Settings.SetupMode != 1) { -+ AsciiPrint ("error: already in User Mode\n"); -+ return 1; -+ } -+ -+ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) { -+ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE; -+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ (EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS), -+ sizeof Settings.CustomMode, &Settings.CustomMode); -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, -+ &gEfiCustomModeEnableGuid, Status); -+ return 1; -+ } -+ } -+ -+ Status = EnrollListOfX509Certs ( -+ EFI_IMAGE_SECURITY_DATABASE, -+ &gEfiImageSecurityDatabaseGuid, -+ MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid, -+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfX509Certs ( -+ EFI_KEY_EXCHANGE_KEY_NAME, -+ &gEfiGlobalVariableGuid, -+ ExampleCert, sizeof ExampleCert, &gEfiCallerIdGuid, -+ MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfX509Certs ( -+ EFI_PLATFORM_KEY_NAME, -+ &gEfiGlobalVariableGuid, -+ ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; -+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ sizeof Settings.CustomMode, &Settings.CustomMode); -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, -+ &gEfiCustomModeEnableGuid, Status); -+ return 1; -+ } -+ -+ Status = GetSettings (&Settings); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ PrintSettings (&Settings); -+ -+ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 || -+ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 || -+ Settings.VendorKeys != 0) { -+ AsciiPrint ("error: unexpected\n"); -+ return 1; -+ } -+ -+ AsciiPrint ("info: success\n"); -+ return 0; -+} -diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -new file mode 100644 -index 0000000..ac919bb ---- /dev/null -+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -@@ -0,0 +1,51 @@ -+## @file -+# Enroll default PK, KEK, DB. -+# -+# Copyright (C) 2014, Red Hat, Inc. -+# -+# This program and the accompanying materials are licensed and made available -+# under the terms and conditions of the BSD License which accompanies this -+# distribution. The full text of the license may be found at -+# http://opensource.org/licenses/bsd-license. -+# -+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR -+# IMPLIED. -+## -+ -+[Defines] -+ INF_VERSION = 0x00010006 -+ BASE_NAME = EnrollDefaultKeys -+ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A -+ MODULE_TYPE = UEFI_APPLICATION -+ VERSION_STRING = 0.1 -+ ENTRY_POINT = ShellCEntryLib -+ -+# -+# VALID_ARCHITECTURES = IA32 X64 -+# -+ -+[Sources] -+ EnrollDefaultKeys.c -+ -+[Packages] -+ MdePkg/MdePkg.dec -+ MdeModulePkg/MdeModulePkg.dec -+ SecurityPkg/SecurityPkg.dec -+ ShellPkg/ShellPkg.dec -+ -+[Guids] -+ gEfiCertPkcs7Guid -+ gEfiCertX509Guid -+ gEfiCustomModeEnableGuid -+ gEfiGlobalVariableGuid -+ gEfiImageSecurityDatabaseGuid -+ gEfiSecureBootEnableDisableGuid -+ -+[LibraryClasses] -+ BaseMemoryLib -+ DebugLib -+ MemoryAllocationLib -+ ShellCEntryLib -+ UefiLib -+ UefiRuntimeServicesTableLib -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index fa9661c..e2e6ba3 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -764,6 +764,10 @@ -
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ <LibraryClasses> -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 667584a..a0ae1aa 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -773,6 +773,10 @@ -
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ <LibraryClasses> -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 5ae8469..87cee52 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -771,6 +771,10 @@ -
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ <LibraryClasses> -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/VfrCompile-increase-path-length-limit.patch b/external/poky/meta/recipes-core/ovmf/ovmf/VfrCompile-increase-path-length-limit.patch deleted file mode 100644 index bb12d8be..00000000 --- a/external/poky/meta/recipes-core/ovmf/ovmf/VfrCompile-increase-path-length-limit.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c7722d10c7bcf6be0adcf54abb1d406599dd7914 Mon Sep 17 00:00:00 2001 -From: Patrick Ohly <patrick.ohly@intel.com> -Date: Fri, 24 Feb 2017 01:40:02 +0100 -Subject: [PATCH] VfrCompile: increase path length limit - -The VfrCompile tool has a hard-coded maximum length for path names -which turned out to be too small by around 20 characters in the Yocto -autobuilder setup. Increasing the maximum by a factor of 4 is -relatively easy and makes the problem less likely. - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> ---- - BaseTools/Source/C/VfrCompile/EfiVfr.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/BaseTools/Source/C/VfrCompile/EfiVfr.h b/BaseTools/Source/C/VfrCompile/EfiVfr.h -index d187902..9ad4a7b 100644 ---- a/BaseTools/Source/C/VfrCompile/EfiVfr.h -+++ b/BaseTools/Source/C/VfrCompile/EfiVfr.h -@@ -19,7 +19,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - #include "Common/UefiInternalFormRepresentation.h"
- #include "Common/MdeModuleHii.h"
-
--#define MAX_PATH 255
-+#define MAX_PATH 1023
- #define MAX_VFR_LINE_LEN 4096
-
- #define EFI_IFR_MAX_LENGTH 0xFF
--- -2.1.4 - diff --git a/external/poky/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch b/external/poky/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch deleted file mode 100644 index 25e5b58e..00000000 --- a/external/poky/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch +++ /dev/null @@ -1,20 +0,0 @@ -Author: Steve Langasek <steve.langasek@ubuntu.com> -Description: pass -fno-stack-protector to all GCC toolchains - The upstream build rules inexplicably pass -fno-stack-protector only - when building for i386 and amd64. Add this essential argument to the - generic rules for gcc 4.4 and later. -Last-Updated: 2016-04-12 -Upstream-Status: Pending -Index: git/BaseTools/Conf/tools_def.template -=================================================================== ---- git.orig/BaseTools/Conf/tools_def.template -+++ git/BaseTools/Conf/tools_def.template -@@ -4368,7 +4368,7 @@ DEFINE GCC_IPF_RC_FLAGS = -I - DEFINE GCC_ARM_RC_FLAGS = -I binary -O elf32-littlearm -B arm --rename-section .data=.hii
- DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii
-
--DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
-+DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
- DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
- DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
- DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie
diff --git a/external/poky/meta/recipes-core/ovmf/ovmf_git.bb b/external/poky/meta/recipes-core/ovmf/ovmf_git.bb index d2ecb619..9667fa0c 100644 --- a/external/poky/meta/recipes-core/ovmf/ovmf_git.bb +++ b/external/poky/meta/recipes-core/ovmf/ovmf_git.bb @@ -2,9 +2,9 @@ SUMMARY = "OVMF - UEFI firmware for Qemu and KVM" DESCRIPTION = "OVMF is an EDK II based project to enable UEFI support for \ Virtual Machines. OVMF contains sample UEFI firmware for QEMU and KVM" HOMEPAGE = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF" -LICENSE = "BSD" +LICENSE = "BSD-2-Clause" LICENSE_class-target = "${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'BSD & OpenSSL', 'BSD', d)}" -LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=343dc88e82ff33d042074f62050c3496" +LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=06357ddc23f46577c2aeaeaf7b776d65" # Enabling Secure Boot adds a dependency on OpenSSL and implies # compiling OVMF twice, so it is disabled by default. Distros @@ -12,30 +12,16 @@ LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=343dc88e82ff33d042074f62050c3 PACKAGECONFIG ??= "" PACKAGECONFIG[secureboot] = ",,," -SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ - file://0001-ia32-Dont-use-pie.patch \ - file://0002-ovmf-update-path-to-native-BaseTools.patch \ - file://0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ - file://0004-ovmf-enable-long-path-file.patch \ - file://VfrCompile-increase-path-length-limit.patch \ - file://no-stack-protector-all-archs.patch \ - file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \ - file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \ - file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \ - file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \ +SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=git \ + file://0001-ovmf-update-path-to-native-BaseTools.patch \ + file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ + file://0003-ovmf-enable-long-path-file.patch \ + file://0004-ovmf-Update-to-latest.patch \ " -UPSTREAM_VERSION_UNKNOWN = "1" -OPENSSL_RELEASE = "openssl-1.1.0e" - -SRC_URI_append_class-target = " \ - ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/${OPENSSL_RELEASE}.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \ - file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \ -" - -SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3" -SRC_URI[openssl.md5sum] = "51c42d152122e474754aea96f66928c6" -SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c" +PV = "edk2-stable201911" +SRCREV = "bd85bf54c268204c7a698a96f3ccd96cd77952cd" +UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" inherit deploy @@ -43,11 +29,7 @@ PARALLEL_MAKE = "" S = "${WORKDIR}/git" -DEPENDS_class-native="util-linux-native iasl-native qemu-native" - -DEPENDS_class-target="ovmf-native" - -DEPENDS_append = " nasm-native" +DEPENDS = "nasm-native acpica-native ovmf-native util-linux-native" EDK_TOOLS_DIR="edk2_basetools" @@ -62,6 +44,8 @@ COMPATIBLE_HOST='(i.86|x86_64).*' OVMF_SECURE_BOOT_EXTRA_FLAGS ??= "" OVMF_SECURE_BOOT_FLAGS = "-DSECURE_BOOT_ENABLE=TRUE ${OVMF_SECURE_BOOT_EXTRA_FLAGS}" +export PYTHON_COMMAND = "${HOSTTOOLS_DIR}/python3" + do_patch[postfuncs] += "fix_basetools_location" fix_basetools_location () { } @@ -192,12 +176,9 @@ do_compile_class-target() { ln ${build_dir}/${OVMF_ARCH}/Shell.efi ${WORKDIR}/ovmf/ if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then - # See CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt and - # https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/ for - # building with Secure Boot enabled. + # Repeat build with the Secure Boot flags. bbnote "Building with Secure Boot." rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX - ln -sf ${OPENSSL_RELEASE} ${S}/CryptoPkg/Library/OpensslLib/openssl ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd @@ -232,6 +213,11 @@ FILES_ovmf-shell-efi = " \ efi/ \ " +DEPLOYDEP = "" +DEPLOYDEP_class-target = "qemu-system-native:do_populate_sysroot" +DEPLOYDEP_class-target += " ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'openssl-native:do_populate_sysroot', '', d)}" +do_deploy[depends] += "${DEPLOYDEP}" + do_deploy() { } do_deploy[cleandirs] = "${DEPLOYDIR}" @@ -245,6 +231,13 @@ do_deploy_class-target() { ; do qemu-img convert -f raw -O qcow2 ${WORKDIR}/ovmf/$i.fd ${DEPLOYDIR}/$i.qcow2 done + + if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then + # Create a test Platform Key and first Key Exchange Key to use with EnrollDefaultKeys + openssl req -new -x509 -newkey rsa:2048 -keyout ${DEPLOYDIR}/OvmfPkKek1.key \ + -out ${DEPLOYDIR}/OvmfPkKek1.crt -nodes -days 20 -subj "/CN=OVMFSecBootTest" + openssl x509 -in ${DEPLOYDIR}/OvmfPkKek1.crt -out ${DEPLOYDIR}/OvmfPkKek1.pem -outform PEM + fi } addtask do_deploy after do_compile before do_build |