-
Notifications
You must be signed in to change notification settings - Fork 48
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Partial Revert "SecurityPkg/SecureBoot: Support RSA4096 and RSA3072" (#…
…224) ## Description Edk2 updated AuthVariable and secureboot to allow them to use SHA384 and SHA512. The AuthVariable addition is good because it allows signing this with the PK but the secureboot addition is unnecessary. The secureboot change has things hashed by all three algorithms and then checking them in the DBX for SHA256, SHA384 and SHA512 lists to make sure it's not on any of them. The issue with this is two fold. 1. This will have a performance impact. One that many platforms will not want. 2. This is completely unnecessary because the only group putting things in the DBX is Microsoft and we only use SHA256. For these reasons it makes sense to revert the change in the secureboot logic and keep the AuthVariable changes. Commit in edk2 for reference: tianocore/edk2@bbf1822 - [] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested Tested on Intel Physical systems. No issues seen. ## Integration Instructions N/A
- Loading branch information
1 parent
dd5922c
commit 36b848b
Showing
5 changed files
with
35 additions
and
108 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters