render / rpms / edk2

Forked from rpms/edk2 2 months ago
Clone

Blame 0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch

ed852e
From da502f7cc283055a65ab3caeaa62eb5c6a6fddb5 Mon Sep 17 00:00:00 2001
Gerd Hoffmann b0c3af
From: Laszlo Ersek <lersek@redhat.com>
Gerd Hoffmann b0c3af
Date: Mon, 6 Jul 2015 20:22:02 +0200
Gerd Hoffmann b0c3af
Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default
Gerd Hoffmann b0c3af
 keys
Gerd Hoffmann b0c3af
Gerd Hoffmann b0c3af
(A port of the <https://bugzilla.redhat.com/show_bug.cgi?id=1148296> patch
Gerd Hoffmann b0c3af
to Gerd's public RPMs.)
Gerd Hoffmann b0c3af
Gerd Hoffmann b0c3af
This application is meant to be invoked by the management layer, after
Gerd Hoffmann b0c3af
booting the UEFI shell and getting a shell prompt on the serial console.
Gerd Hoffmann b0c3af
The app enrolls a number of certificates (see below), and then reports
Gerd Hoffmann b0c3af
status to the serial console as well. The expected output is "info:
Gerd Hoffmann b0c3af
success":
Gerd Hoffmann b0c3af
Gerd Hoffmann b0c3af
> Shell> EnrollDefaultKeys.efi
Gerd Hoffmann b0c3af
> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
Gerd Hoffmann b0c3af
> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
Gerd Hoffmann b0c3af
> info: success
Gerd Hoffmann b0c3af
> Shell>
Gerd Hoffmann b0c3af
Gerd Hoffmann b0c3af
In case of success, the management layer can force off or reboot the VM
Gerd Hoffmann b0c3af
(for example with the "reset -s" or "reset -c" UEFI shell commands,
Gerd Hoffmann b0c3af
respectively), and start the guest installation with SecureBoot enabled.
Gerd Hoffmann b0c3af
Gerd Hoffmann b0c3af
PK:
Gerd Hoffmann b0c3af
- A unique, static, ad-hoc certificate whose private half has been
Gerd Hoffmann b0c3af
  destroyed (more precisely, never saved) and is therefore unusable for
Gerd Hoffmann b0c3af
  signing. (The command for creating this certificate is saved in the
Gerd Hoffmann b0c3af
  source code.)
Gerd Hoffmann b0c3af
Gerd Hoffmann b0c3af
KEK:
Gerd Hoffmann b0c3af
- same ad-hoc certificate as used for the PK,
Gerd Hoffmann b0c3af
- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool
Gerd Hoffmann b0c3af
  package is signed (indirectly, through a chain) with this; enrolling
Gerd Hoffmann b0c3af
  such a KEK should allow guests to install those updates.
Gerd Hoffmann b0c3af
Gerd Hoffmann b0c3af
DB:
Gerd Hoffmann b0c3af
- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows
Gerd Hoffmann b0c3af
  Server 2012 R2,
Gerd Hoffmann b0c3af
- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI
Gerd Hoffmann b0c3af
  oproms.
Gerd Hoffmann b0c3af
Gerd Hoffmann b0c3af
Contributed-under: TianoCore Contribution Agreement 1.0
Gerd Hoffmann b0c3af
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Gerd Hoffmann b0c3af
---
ed852e
 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c   | 963 ++++++++++++++++++++++++
Gerd Hoffmann b0c3af
 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf |  51 ++
Gerd Hoffmann b0c3af
 OvmfPkg/OvmfPkgIa32.dsc                         |   4 +
Gerd Hoffmann b0c3af
 OvmfPkg/OvmfPkgIa32X64.dsc                      |   4 +
Gerd Hoffmann b0c3af
 OvmfPkg/OvmfPkgX64.dsc                          |   4 +
ed852e
 5 files changed, 1026 insertions(+)
Gerd Hoffmann b0c3af
 create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
Gerd Hoffmann b0c3af
 create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
Gerd Hoffmann b0c3af
Gerd Hoffmann b0c3af
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
Gerd Hoffmann b0c3af
new file mode 100644
ed852e
index 0000000..447288f
Gerd Hoffmann b0c3af
--- /dev/null
Gerd Hoffmann b0c3af
+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
ed852e
@@ -0,0 +1,963 @@
Gerd Hoffmann b0c3af
+/** @file
Gerd Hoffmann b0c3af
+  Enroll default PK, KEK, DB.
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Copyright (C) 2014, Red Hat, Inc.
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  This program and the accompanying materials are licensed and made available
Gerd Hoffmann b0c3af
+  under the terms and conditions of the BSD License which accompanies this
Gerd Hoffmann b0c3af
+  distribution. The full text of the license may be found at
Gerd Hoffmann b0c3af
+  http://opensource.org/licenses/bsd-license.
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
Gerd Hoffmann b0c3af
+  WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Gerd Hoffmann b0c3af
+**/
Gerd Hoffmann b0c3af
+#include <Guid/AuthenticatedVariableFormat.h>    // gEfiCustomModeEnableGuid
Gerd Hoffmann b0c3af
+#include <Guid/GlobalVariable.h>                 // EFI_SETUP_MODE_NAME
Gerd Hoffmann b0c3af
+#include <Guid/ImageAuthentication.h>            // EFI_IMAGE_SECURITY_DATABASE
Gerd Hoffmann b0c3af
+#include <Library/BaseMemoryLib.h>               // CopyGuid()
Gerd Hoffmann b0c3af
+#include <Library/DebugLib.h>                    // ASSERT()
Gerd Hoffmann b0c3af
+#include <Library/MemoryAllocationLib.h>         // FreePool()
Gerd Hoffmann b0c3af
+#include <Library/ShellCEntryLib.h>              // ShellAppMain()
Gerd Hoffmann b0c3af
+#include <Library/UefiLib.h>                     // AsciiPrint()
Gerd Hoffmann b0c3af
+#include <Library/UefiRuntimeServicesTableLib.h> // gRT
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// The example self-signed certificate below, which we'll use for both Platform
Gerd Hoffmann b0c3af
+// Key, and first Key Exchange Key, has been generated with the following
Gerd Hoffmann b0c3af
+// non-interactive openssl command. The passphrase is read from /dev/urandom,
Gerd Hoffmann b0c3af
+// and not saved, and the private key is written to /dev/null. In other words,
Gerd Hoffmann b0c3af
+// we can't sign anything else against this certificate, which is our purpose.
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+/*
Gerd Hoffmann b0c3af
+   openssl req \
Gerd Hoffmann b0c3af
+     -passout file:<(head -c 16 /dev/urandom) \
Gerd Hoffmann b0c3af
+     -x509 \
Gerd Hoffmann b0c3af
+     -newkey rsa:2048 \
Gerd Hoffmann b0c3af
+     -keyout /dev/null \
Gerd Hoffmann b0c3af
+     -outform DER \
Gerd Hoffmann b0c3af
+     -subj $(
Gerd Hoffmann b0c3af
+       printf /C=US
Gerd Hoffmann b0c3af
+       printf /ST=TestStateOrProvince
Gerd Hoffmann b0c3af
+       printf /L=TestLocality
Gerd Hoffmann b0c3af
+       printf /O=TestOrganization
Gerd Hoffmann b0c3af
+       printf /OU=TestOrganizationalUnit
Gerd Hoffmann b0c3af
+       printf /CN=TestCommonName
Gerd Hoffmann b0c3af
+       printf /emailAddress=test@example.com
Gerd Hoffmann b0c3af
+     ) \
Gerd Hoffmann b0c3af
+     2>/dev/null \
Gerd Hoffmann b0c3af
+   | xxd -i
Gerd Hoffmann b0c3af
+*/
Gerd Hoffmann b0c3af
+STATIC CONST UINT8 ExampleCert[] = {
Gerd Hoffmann b0c3af
+  0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02,
Gerd Hoffmann b0c3af
+  0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d,
Gerd Hoffmann b0c3af
+  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
Gerd Hoffmann b0c3af
+  0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
Gerd Hoffmann b0c3af
+  0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
Gerd Hoffmann b0c3af
+  0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50,
Gerd Hoffmann b0c3af
+  0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
Gerd Hoffmann b0c3af
+  0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61,
Gerd Hoffmann b0c3af
+  0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a,
Gerd Hoffmann b0c3af
+  0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a,
Gerd Hoffmann b0c3af
+  0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
Gerd Hoffmann b0c3af
+  0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
Gerd Hoffmann b0c3af
+  0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31,
Gerd Hoffmann b0c3af
+  0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73,
Gerd Hoffmann b0c3af
+  0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f,
Gerd Hoffmann b0c3af
+  0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
Gerd Hoffmann b0c3af
+  0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
Gerd Hoffmann b0c3af
+  0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30,
Gerd Hoffmann b0c3af
+  0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34,
Gerd Hoffmann b0c3af
+  0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81,
Gerd Hoffmann b0c3af
+  0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
Gerd Hoffmann b0c3af
+  0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54,
Gerd Hoffmann b0c3af
+  0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f,
Gerd Hoffmann b0c3af
+  0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
Gerd Hoffmann b0c3af
+  0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69,
Gerd Hoffmann b0c3af
+  0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10,
Gerd Hoffmann b0c3af
+  0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
Gerd Hoffmann b0c3af
+  0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
Gerd Hoffmann b0c3af
+  0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
Gerd Hoffmann b0c3af
+  0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30,
Gerd Hoffmann b0c3af
+  0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43,
Gerd Hoffmann b0c3af
+  0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d,
Gerd Hoffmann b0c3af
+  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10,
Gerd Hoffmann b0c3af
+  0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
Gerd Hoffmann b0c3af
+  0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
Gerd Hoffmann b0c3af
+  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
Gerd Hoffmann b0c3af
+  0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce,
Gerd Hoffmann b0c3af
+  0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21,
Gerd Hoffmann b0c3af
+  0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc,
Gerd Hoffmann b0c3af
+  0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae,
Gerd Hoffmann b0c3af
+  0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16,
Gerd Hoffmann b0c3af
+  0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b,
Gerd Hoffmann b0c3af
+  0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77,
Gerd Hoffmann b0c3af
+  0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce,
Gerd Hoffmann b0c3af
+  0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31,
Gerd Hoffmann b0c3af
+  0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35,
Gerd Hoffmann b0c3af
+  0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d,
Gerd Hoffmann b0c3af
+  0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a,
Gerd Hoffmann b0c3af
+  0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24,
Gerd Hoffmann b0c3af
+  0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2,
Gerd Hoffmann b0c3af
+  0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d,
Gerd Hoffmann b0c3af
+  0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b,
Gerd Hoffmann b0c3af
+  0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3,
Gerd Hoffmann b0c3af
+  0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1,
Gerd Hoffmann b0c3af
+  0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4,
Gerd Hoffmann b0c3af
+  0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68,
Gerd Hoffmann b0c3af
+  0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50,
Gerd Hoffmann b0c3af
+  0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
Gerd Hoffmann b0c3af
+  0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3,
Gerd Hoffmann b0c3af
+  0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
Gerd Hoffmann b0c3af
+  0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e,
Gerd Hoffmann b0c3af
+  0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29,
Gerd Hoffmann b0c3af
+  0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
Gerd Hoffmann b0c3af
+  0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
Gerd Hoffmann b0c3af
+  0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38,
Gerd Hoffmann b0c3af
+  0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9,
Gerd Hoffmann b0c3af
+  0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a,
Gerd Hoffmann b0c3af
+  0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c,
Gerd Hoffmann b0c3af
+  0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59,
Gerd Hoffmann b0c3af
+  0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4,
Gerd Hoffmann b0c3af
+  0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81,
Gerd Hoffmann b0c3af
+  0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c,
Gerd Hoffmann b0c3af
+  0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f,
Gerd Hoffmann b0c3af
+  0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b,
Gerd Hoffmann b0c3af
+  0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04,
Gerd Hoffmann b0c3af
+  0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f,
Gerd Hoffmann b0c3af
+  0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e,
Gerd Hoffmann b0c3af
+  0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f,
Gerd Hoffmann b0c3af
+  0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03,
Gerd Hoffmann b0c3af
+  0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84,
Gerd Hoffmann b0c3af
+  0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d,
Gerd Hoffmann b0c3af
+  0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5,
Gerd Hoffmann b0c3af
+  0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1,
Gerd Hoffmann b0c3af
+  0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19,
Gerd Hoffmann b0c3af
+  0x26, 0x5b, 0xc0, 0x3d, 0xc7
Gerd Hoffmann b0c3af
+};
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// Second KEK: "Microsoft Corporation KEK CA 2011".
Gerd Hoffmann b0c3af
+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK.
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+STATIC CONST UINT8 MicrosoftKEK[] = {
Gerd Hoffmann b0c3af
+  0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02,
Gerd Hoffmann b0c3af
+  0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30,
Gerd Hoffmann b0c3af
+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
Gerd Hoffmann b0c3af
+  0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
Gerd Hoffmann b0c3af
+  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
Gerd Hoffmann b0c3af
+  0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
Gerd Hoffmann b0c3af
+  0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
Gerd Hoffmann b0c3af
+  0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
Gerd Hoffmann b0c3af
+  0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
Gerd Hoffmann b0c3af
+  0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
Gerd Hoffmann b0c3af
+  0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
Gerd Hoffmann b0c3af
+  0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
Gerd Hoffmann b0c3af
+  0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
Gerd Hoffmann b0c3af
+  0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
Gerd Hoffmann b0c3af
+  0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
Gerd Hoffmann b0c3af
+  0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32,
Gerd Hoffmann b0c3af
+  0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30,
Gerd Hoffmann b0c3af
+  0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
Gerd Hoffmann b0c3af
+  0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
Gerd Hoffmann b0c3af
+  0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
Gerd Hoffmann b0c3af
+  0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
Gerd Hoffmann b0c3af
+  0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
Gerd Hoffmann b0c3af
+  0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
Gerd Hoffmann b0c3af
+  0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06,
Gerd Hoffmann b0c3af
+  0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
Gerd Hoffmann b0c3af
+  0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
Gerd Hoffmann b0c3af
+  0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31,
Gerd Hoffmann b0c3af
+  0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
Gerd Hoffmann b0c3af
+  0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
Gerd Hoffmann b0c3af
+  0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad,
Gerd Hoffmann b0c3af
+  0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d,
Gerd Hoffmann b0c3af
+  0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb,
Gerd Hoffmann b0c3af
+  0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3,
Gerd Hoffmann b0c3af
+  0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b,
Gerd Hoffmann b0c3af
+  0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac,
Gerd Hoffmann b0c3af
+  0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8,
Gerd Hoffmann b0c3af
+  0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0,
Gerd Hoffmann b0c3af
+  0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2,
Gerd Hoffmann b0c3af
+  0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89,
Gerd Hoffmann b0c3af
+  0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2,
Gerd Hoffmann b0c3af
+  0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03,
Gerd Hoffmann b0c3af
+  0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e,
Gerd Hoffmann b0c3af
+  0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb,
Gerd Hoffmann b0c3af
+  0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f,
Gerd Hoffmann b0c3af
+  0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa,
Gerd Hoffmann b0c3af
+  0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f,
Gerd Hoffmann b0c3af
+  0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6,
Gerd Hoffmann b0c3af
+  0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf,
Gerd Hoffmann b0c3af
+  0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07,
Gerd Hoffmann b0c3af
+  0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30,
Gerd Hoffmann b0c3af
+  0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
Gerd Hoffmann b0c3af
+  0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,
Gerd Hoffmann b0c3af
+  0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4,
Gerd Hoffmann b0c3af
+  0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f,
Gerd Hoffmann b0c3af
+  0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02,
Gerd Hoffmann b0c3af
+  0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00,
Gerd Hoffmann b0c3af
+  0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01,
Gerd Hoffmann b0c3af
+  0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
Gerd Hoffmann b0c3af
+  0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
Gerd Hoffmann b0c3af
+  0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11,
Gerd Hoffmann b0c3af
+  0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30,
Gerd Hoffmann b0c3af
+  0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0,
Gerd Hoffmann b0c3af
+  0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63,
Gerd Hoffmann b0c3af
+  0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
Gerd Hoffmann b0c3af
+  0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70,
Gerd Hoffmann b0c3af
+  0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f,
Gerd Hoffmann b0c3af
+  0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f,
Gerd Hoffmann b0c3af
+  0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63,
Gerd Hoffmann b0c3af
+  0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
Gerd Hoffmann b0c3af
+  0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
Gerd Hoffmann b0c3af
+  0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
Gerd Hoffmann b0c3af
+  0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
Gerd Hoffmann b0c3af
+  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74,
Gerd Hoffmann b0c3af
+  0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61,
Gerd Hoffmann b0c3af
+  0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d,
Gerd Hoffmann b0c3af
+  0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09,
Gerd Hoffmann b0c3af
+  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
Gerd Hoffmann b0c3af
+  0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a,
Gerd Hoffmann b0c3af
+  0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66,
Gerd Hoffmann b0c3af
+  0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a,
Gerd Hoffmann b0c3af
+  0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64,
Gerd Hoffmann b0c3af
+  0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58,
Gerd Hoffmann b0c3af
+  0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0,
Gerd Hoffmann b0c3af
+  0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5,
Gerd Hoffmann b0c3af
+  0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec,
Gerd Hoffmann b0c3af
+  0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7,
Gerd Hoffmann b0c3af
+  0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28,
Gerd Hoffmann b0c3af
+  0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79,
Gerd Hoffmann b0c3af
+  0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b,
Gerd Hoffmann b0c3af
+  0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8,
Gerd Hoffmann b0c3af
+  0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19,
Gerd Hoffmann b0c3af
+  0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58,
Gerd Hoffmann b0c3af
+  0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d,
Gerd Hoffmann b0c3af
+  0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d,
Gerd Hoffmann b0c3af
+  0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8,
Gerd Hoffmann b0c3af
+  0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60,
Gerd Hoffmann b0c3af
+  0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac,
Gerd Hoffmann b0c3af
+  0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87,
Gerd Hoffmann b0c3af
+  0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd,
Gerd Hoffmann b0c3af
+  0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81,
Gerd Hoffmann b0c3af
+  0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92,
Gerd Hoffmann b0c3af
+  0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0,
Gerd Hoffmann b0c3af
+  0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf,
Gerd Hoffmann b0c3af
+  0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb,
Gerd Hoffmann b0c3af
+  0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68,
Gerd Hoffmann b0c3af
+  0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad,
Gerd Hoffmann b0c3af
+  0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82,
Gerd Hoffmann b0c3af
+  0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14,
Gerd Hoffmann b0c3af
+  0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f,
Gerd Hoffmann b0c3af
+  0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b,
Gerd Hoffmann b0c3af
+  0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0,
Gerd Hoffmann b0c3af
+  0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d,
Gerd Hoffmann b0c3af
+  0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38,
Gerd Hoffmann b0c3af
+  0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c,
Gerd Hoffmann b0c3af
+  0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14,
Gerd Hoffmann b0c3af
+  0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5,
Gerd Hoffmann b0c3af
+  0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e
Gerd Hoffmann b0c3af
+};
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// First DB entry: "Microsoft Windows Production PCA 2011"
Gerd Hoffmann b0c3af
+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain
Gerd Hoffmann b0c3af
+// rooted in this certificate.
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+STATIC CONST UINT8 MicrosoftPCA[] = {
Gerd Hoffmann b0c3af
+  0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02,
Gerd Hoffmann b0c3af
+  0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30,
Gerd Hoffmann b0c3af
+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
Gerd Hoffmann b0c3af
+  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
Gerd Hoffmann b0c3af
+  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
Gerd Hoffmann b0c3af
+  0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
Gerd Hoffmann b0c3af
+  0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
Gerd Hoffmann b0c3af
+  0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
Gerd Hoffmann b0c3af
+  0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
Gerd Hoffmann b0c3af
+  0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30,
Gerd Hoffmann b0c3af
+  0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f,
Gerd Hoffmann b0c3af
+  0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72,
Gerd Hoffmann b0c3af
+  0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
Gerd Hoffmann b0c3af
+  0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17,
Gerd Hoffmann b0c3af
+  0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32,
Gerd Hoffmann b0c3af
+  0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31,
Gerd Hoffmann b0c3af
+  0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
Gerd Hoffmann b0c3af
+  0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
Gerd Hoffmann b0c3af
+  0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
Gerd Hoffmann b0c3af
+  0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
Gerd Hoffmann b0c3af
+  0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
Gerd Hoffmann b0c3af
+  0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
Gerd Hoffmann b0c3af
+  0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31,
Gerd Hoffmann b0c3af
+  0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63,
Gerd Hoffmann b0c3af
+  0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77,
Gerd Hoffmann b0c3af
+  0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20,
Gerd Hoffmann b0c3af
+  0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30,
Gerd Hoffmann b0c3af
+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
Gerd Hoffmann b0c3af
+  0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,
Gerd Hoffmann b0c3af
+  0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7,
Gerd Hoffmann b0c3af
+  0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb,
Gerd Hoffmann b0c3af
+  0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b,
Gerd Hoffmann b0c3af
+  0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3,
Gerd Hoffmann b0c3af
+  0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0,
Gerd Hoffmann b0c3af
+  0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74,
Gerd Hoffmann b0c3af
+  0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67,
Gerd Hoffmann b0c3af
+  0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53,
Gerd Hoffmann b0c3af
+  0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23,
Gerd Hoffmann b0c3af
+  0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3,
Gerd Hoffmann b0c3af
+  0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff,
Gerd Hoffmann b0c3af
+  0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2,
Gerd Hoffmann b0c3af
+  0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22,
Gerd Hoffmann b0c3af
+  0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3,
Gerd Hoffmann b0c3af
+  0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b,
Gerd Hoffmann b0c3af
+  0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc,
Gerd Hoffmann b0c3af
+  0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6,
Gerd Hoffmann b0c3af
+  0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8,
Gerd Hoffmann b0c3af
+  0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8,
Gerd Hoffmann b0c3af
+  0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03,
Gerd Hoffmann b0c3af
+  0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10,
Gerd Hoffmann b0c3af
+  0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03,
Gerd Hoffmann b0c3af
+  0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
Gerd Hoffmann b0c3af
+  0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9,
Gerd Hoffmann b0c3af
+  0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b,
Gerd Hoffmann b0c3af
+  0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00,
Gerd Hoffmann b0c3af
+  0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03,
Gerd Hoffmann b0c3af
+  0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03,
Gerd Hoffmann b0c3af
+  0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
Gerd Hoffmann b0c3af
+  0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
Gerd Hoffmann b0c3af
+  0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94,
Gerd Hoffmann b0c3af
+  0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d,
Gerd Hoffmann b0c3af
+  0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45,
Gerd Hoffmann b0c3af
+  0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69,
Gerd Hoffmann b0c3af
+  0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70,
Gerd Hoffmann b0c3af
+  0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
Gerd Hoffmann b0c3af
+  0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41,
Gerd Hoffmann b0c3af
+  0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33,
Gerd Hoffmann b0c3af
+  0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
Gerd Hoffmann b0c3af
+  0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06,
Gerd Hoffmann b0c3af
+  0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a,
Gerd Hoffmann b0c3af
+  0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
Gerd Hoffmann b0c3af
+  0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65,
Gerd Hoffmann b0c3af
+  0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72,
Gerd Hoffmann b0c3af
+  0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32,
Gerd Hoffmann b0c3af
+  0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
Gerd Hoffmann b0c3af
+  0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14,
Gerd Hoffmann b0c3af
+  0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc,
Gerd Hoffmann b0c3af
+  0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0,
Gerd Hoffmann b0c3af
+  0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61,
Gerd Hoffmann b0c3af
+  0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda,
Gerd Hoffmann b0c3af
+  0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a,
Gerd Hoffmann b0c3af
+  0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2,
Gerd Hoffmann b0c3af
+  0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea,
Gerd Hoffmann b0c3af
+  0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30,
Gerd Hoffmann b0c3af
+  0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86,
Gerd Hoffmann b0c3af
+  0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8,
Gerd Hoffmann b0c3af
+  0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae,
Gerd Hoffmann b0c3af
+  0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8,
Gerd Hoffmann b0c3af
+  0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac,
Gerd Hoffmann b0c3af
+  0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84,
Gerd Hoffmann b0c3af
+  0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73,
Gerd Hoffmann b0c3af
+  0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73,
Gerd Hoffmann b0c3af
+  0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60,
Gerd Hoffmann b0c3af
+  0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6,
Gerd Hoffmann b0c3af
+  0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a,
Gerd Hoffmann b0c3af
+  0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba,
Gerd Hoffmann b0c3af
+  0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce,
Gerd Hoffmann b0c3af
+  0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f,
Gerd Hoffmann b0c3af
+  0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e,
Gerd Hoffmann b0c3af
+  0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3,
Gerd Hoffmann b0c3af
+  0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45,
Gerd Hoffmann b0c3af
+  0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0,
Gerd Hoffmann b0c3af
+  0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24,
Gerd Hoffmann b0c3af
+  0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c,
Gerd Hoffmann b0c3af
+  0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf,
Gerd Hoffmann b0c3af
+  0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c,
Gerd Hoffmann b0c3af
+  0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2,
Gerd Hoffmann b0c3af
+  0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c,
Gerd Hoffmann b0c3af
+  0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47,
Gerd Hoffmann b0c3af
+  0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a,
Gerd Hoffmann b0c3af
+  0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21,
Gerd Hoffmann b0c3af
+  0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86,
Gerd Hoffmann b0c3af
+  0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6,
Gerd Hoffmann b0c3af
+  0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9,
Gerd Hoffmann b0c3af
+  0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4,
Gerd Hoffmann b0c3af
+  0x62, 0x1c, 0x59, 0x7e
Gerd Hoffmann b0c3af
+};
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// Second DB entry: "Microsoft Corporation UEFI CA 2011"
Gerd Hoffmann b0c3af
+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// To verify the "shim" binary and PCI expansion ROMs with.
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+STATIC CONST UINT8 MicrosoftUefiCA[] = {
Gerd Hoffmann b0c3af
+  0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02,
Gerd Hoffmann b0c3af
+  0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30,
Gerd Hoffmann b0c3af
+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
Gerd Hoffmann b0c3af
+  0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
Gerd Hoffmann b0c3af
+  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
Gerd Hoffmann b0c3af
+  0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
Gerd Hoffmann b0c3af
+  0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
Gerd Hoffmann b0c3af
+  0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
Gerd Hoffmann b0c3af
+  0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
Gerd Hoffmann b0c3af
+  0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
Gerd Hoffmann b0c3af
+  0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
Gerd Hoffmann b0c3af
+  0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
Gerd Hoffmann b0c3af
+  0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
Gerd Hoffmann b0c3af
+  0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
Gerd Hoffmann b0c3af
+  0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
Gerd Hoffmann b0c3af
+  0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32,
Gerd Hoffmann b0c3af
+  0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30,
Gerd Hoffmann b0c3af
+  0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
Gerd Hoffmann b0c3af
+  0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
Gerd Hoffmann b0c3af
+  0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
Gerd Hoffmann b0c3af
+  0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
Gerd Hoffmann b0c3af
+  0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
Gerd Hoffmann b0c3af
+  0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
Gerd Hoffmann b0c3af
+  0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06,
Gerd Hoffmann b0c3af
+  0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
Gerd Hoffmann b0c3af
+  0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
Gerd Hoffmann b0c3af
+  0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31,
Gerd Hoffmann b0c3af
+  0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
Gerd Hoffmann b0c3af
+  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
Gerd Hoffmann b0c3af
+  0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7,
Gerd Hoffmann b0c3af
+  0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43,
Gerd Hoffmann b0c3af
+  0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73,
Gerd Hoffmann b0c3af
+  0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3,
Gerd Hoffmann b0c3af
+  0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54,
Gerd Hoffmann b0c3af
+  0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c,
Gerd Hoffmann b0c3af
+  0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f,
Gerd Hoffmann b0c3af
+  0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae,
Gerd Hoffmann b0c3af
+  0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d,
Gerd Hoffmann b0c3af
+  0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa,
Gerd Hoffmann b0c3af
+  0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff,
Gerd Hoffmann b0c3af
+  0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b,
Gerd Hoffmann b0c3af
+  0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6,
Gerd Hoffmann b0c3af
+  0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62,
Gerd Hoffmann b0c3af
+  0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08,
Gerd Hoffmann b0c3af
+  0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7,
Gerd Hoffmann b0c3af
+  0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2,
Gerd Hoffmann b0c3af
+  0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f,
Gerd Hoffmann b0c3af
+  0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b,
Gerd Hoffmann b0c3af
+  0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a,
Gerd Hoffmann b0c3af
+  0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76,
Gerd Hoffmann b0c3af
+  0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01,
Gerd Hoffmann b0c3af
+  0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23,
Gerd Hoffmann b0c3af
+  0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16,
Gerd Hoffmann b0c3af
+  0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37,
Gerd Hoffmann b0c3af
+  0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03,
Gerd Hoffmann b0c3af
+  0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd,
Gerd Hoffmann b0c3af
+  0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b,
Gerd Hoffmann b0c3af
+  0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14,
Gerd Hoffmann b0c3af
+  0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43,
Gerd Hoffmann b0c3af
+  0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
Gerd Hoffmann b0c3af
+  0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
Gerd Hoffmann b0c3af
+  0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
Gerd Hoffmann b0c3af
+  0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58,
Gerd Hoffmann b0c3af
+  0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8,
Gerd Hoffmann b0c3af
+  0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51,
Gerd Hoffmann b0c3af
+  0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
Gerd Hoffmann b0c3af
+  0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
Gerd Hoffmann b0c3af
+  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f,
Gerd Hoffmann b0c3af
+  0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43,
Gerd Hoffmann b0c3af
+  0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f,
Gerd Hoffmann b0c3af
+  0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e,
Gerd Hoffmann b0c3af
+  0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
Gerd Hoffmann b0c3af
+  0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01,
Gerd Hoffmann b0c3af
+  0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
Gerd Hoffmann b0c3af
+  0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
Gerd Hoffmann b0c3af
+  0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72,
Gerd Hoffmann b0c3af
+  0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50,
Gerd Hoffmann b0c3af
+  0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30,
Gerd Hoffmann b0c3af
+  0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06,
Gerd Hoffmann b0c3af
+  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
Gerd Hoffmann b0c3af
+  0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76,
Gerd Hoffmann b0c3af
+  0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef,
Gerd Hoffmann b0c3af
+  0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13,
Gerd Hoffmann b0c3af
+  0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82,
Gerd Hoffmann b0c3af
+  0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a,
Gerd Hoffmann b0c3af
+  0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20,
Gerd Hoffmann b0c3af
+  0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90,
Gerd Hoffmann b0c3af
+  0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52,
Gerd Hoffmann b0c3af
+  0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d,
Gerd Hoffmann b0c3af
+  0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf,
Gerd Hoffmann b0c3af
+  0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49,
Gerd Hoffmann b0c3af
+  0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34,
Gerd Hoffmann b0c3af
+  0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75,
Gerd Hoffmann b0c3af
+  0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9,
Gerd Hoffmann b0c3af
+  0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f,
Gerd Hoffmann b0c3af
+  0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c,
Gerd Hoffmann b0c3af
+  0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56,
Gerd Hoffmann b0c3af
+  0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae,
Gerd Hoffmann b0c3af
+  0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a,
Gerd Hoffmann b0c3af
+  0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c,
Gerd Hoffmann b0c3af
+  0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59,
Gerd Hoffmann b0c3af
+  0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d,
Gerd Hoffmann b0c3af
+  0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53,
Gerd Hoffmann b0c3af
+  0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b,
Gerd Hoffmann b0c3af
+  0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98,
Gerd Hoffmann b0c3af
+  0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85,
Gerd Hoffmann b0c3af
+  0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2,
Gerd Hoffmann b0c3af
+  0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2,
Gerd Hoffmann b0c3af
+  0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c,
Gerd Hoffmann b0c3af
+  0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b,
Gerd Hoffmann b0c3af
+  0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27,
Gerd Hoffmann b0c3af
+  0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6,
Gerd Hoffmann b0c3af
+  0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f,
Gerd Hoffmann b0c3af
+  0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55,
Gerd Hoffmann b0c3af
+  0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e,
Gerd Hoffmann b0c3af
+  0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62,
Gerd Hoffmann b0c3af
+  0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8,
Gerd Hoffmann b0c3af
+  0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6,
Gerd Hoffmann b0c3af
+  0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75,
Gerd Hoffmann b0c3af
+  0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58
Gerd Hoffmann b0c3af
+};
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// The most important thing about the variable payload is that it is a list of
Gerd Hoffmann b0c3af
+// lists, where the element size of any given *inner* list is constant.
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// Since X509 certificates vary in size, each of our *inner* lists will contain
Gerd Hoffmann b0c3af
+// one element only (one X.509 certificate). This is explicitly mentioned in
Gerd Hoffmann b0c3af
+// the UEFI specification, in "28.4.1 Signature Database", in a Note.
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// The list structure looks as follows:
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// struct EFI_VARIABLE_AUTHENTICATION_2 {                           |
Gerd Hoffmann b0c3af
+//   struct EFI_TIME {                                              |
Gerd Hoffmann b0c3af
+//     UINT16 Year;                                                 |
Gerd Hoffmann b0c3af
+//     UINT8  Month;                                                |
Gerd Hoffmann b0c3af
+//     UINT8  Day;                                                  |
Gerd Hoffmann b0c3af
+//     UINT8  Hour;                                                 |
Gerd Hoffmann b0c3af
+//     UINT8  Minute;                                               |
Gerd Hoffmann b0c3af
+//     UINT8  Second;                                               |
Gerd Hoffmann b0c3af
+//     UINT8  Pad1;                                                 |
Gerd Hoffmann b0c3af
+//     UINT32 Nanosecond;                                           |
Gerd Hoffmann b0c3af
+//     INT16  TimeZone;                                             |
Gerd Hoffmann b0c3af
+//     UINT8  Daylight;                                             |
Gerd Hoffmann b0c3af
+//     UINT8  Pad2;                                                 |
Gerd Hoffmann b0c3af
+//   } TimeStamp;                                                   |
Gerd Hoffmann b0c3af
+//                                                                  |
Gerd Hoffmann b0c3af
+//   struct WIN_CERTIFICATE_UEFI_GUID {                           | |
Gerd Hoffmann b0c3af
+//     struct WIN_CERTIFICATE {                                   | |
Gerd Hoffmann b0c3af
+//       UINT32 dwLength; ----------------------------------------+ |
Gerd Hoffmann b0c3af
+//       UINT16 wRevision;                                        | |
Gerd Hoffmann b0c3af
+//       UINT16 wCertificateType;                                 | |
Gerd Hoffmann b0c3af
+//     } Hdr;                                                     | +- DataSize
Gerd Hoffmann b0c3af
+//                                                                | |
Gerd Hoffmann b0c3af
+//     EFI_GUID CertType;                                         | |
Gerd Hoffmann b0c3af
+//     UINT8    CertData[1] = { <--- "struct hack"                | |
Gerd Hoffmann b0c3af
+//       struct EFI_SIGNATURE_LIST {                            | | |
Gerd Hoffmann b0c3af
+//         EFI_GUID SignatureType;                              | | |
Gerd Hoffmann b0c3af
+//         UINT32   SignatureListSize; -------------------------+ | |
Gerd Hoffmann b0c3af
+//         UINT32   SignatureHeaderSize;                        | | |
Gerd Hoffmann b0c3af
+//         UINT32   SignatureSize; ---------------------------+ | | |
Gerd Hoffmann b0c3af
+//         UINT8    SignatureHeader[SignatureHeaderSize];     | | | |
Gerd Hoffmann b0c3af
+//                                                            v | | |
Gerd Hoffmann b0c3af
+//         struct EFI_SIGNATURE_DATA {                        | | | |
Gerd Hoffmann b0c3af
+//           EFI_GUID SignatureOwner;                         | | | |
Gerd Hoffmann b0c3af
+//           UINT8    SignatureData[1] = { <--- "struct hack" | | | |
Gerd Hoffmann b0c3af
+//             X.509 payload                                  | | | |
Gerd Hoffmann b0c3af
+//           }                                                | | | |
Gerd Hoffmann b0c3af
+//         } Signatures[];                                      | | |
Gerd Hoffmann b0c3af
+//       } SigLists[];                                            | |
Gerd Hoffmann b0c3af
+//     };                                                         | |
Gerd Hoffmann b0c3af
+//   } AuthInfo;                                                  | |
Gerd Hoffmann b0c3af
+// };                                                               |
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+// Given that the "struct hack" invokes undefined behavior (which is why C99
Gerd Hoffmann b0c3af
+// introduced the flexible array member), and because subtracting those pesky
Gerd Hoffmann b0c3af
+// sizes of 1 is annoying, and because the format is fully specified in the
Gerd Hoffmann b0c3af
+// UEFI specification, we'll introduce two matching convenience structures that
Gerd Hoffmann b0c3af
+// are customized for our X.509 purposes.
Gerd Hoffmann b0c3af
+//
Gerd Hoffmann b0c3af
+#pragma pack(1)
Gerd Hoffmann b0c3af
+typedef struct {
Gerd Hoffmann b0c3af
+  EFI_TIME TimeStamp;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  // dwLength covers data below
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  UINT32   dwLength;
Gerd Hoffmann b0c3af
+  UINT16   wRevision;
Gerd Hoffmann b0c3af
+  UINT16   wCertificateType;
Gerd Hoffmann b0c3af
+  EFI_GUID CertType;
Gerd Hoffmann b0c3af
+} SINGLE_HEADER;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+typedef struct {
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  // SignatureListSize covers data below
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  EFI_GUID SignatureType;
Gerd Hoffmann b0c3af
+  UINT32   SignatureListSize;
Gerd Hoffmann b0c3af
+  UINT32   SignatureHeaderSize; // constant 0
Gerd Hoffmann b0c3af
+  UINT32   SignatureSize;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  // SignatureSize covers data below
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  EFI_GUID SignatureOwner;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  // X.509 certificate follows
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+} REPEATING_HEADER;
Gerd Hoffmann b0c3af
+#pragma pack()
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+/**
Gerd Hoffmann b0c3af
+  Enroll a set of DER-formatted X.509 certificates in a global variable,
Gerd Hoffmann b0c3af
+  overwriting it.
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  The variable will be rewritten with NV+BS+RT+AT attributes.
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  @param[in] VariableName  The name of the variable to overwrite.
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  @param[in] VendorGuid    The namespace (ie. vendor GUID) of the variable to
Gerd Hoffmann b0c3af
+                           overwrite.
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  @param[in] ...           A list of
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+                             IN CONST UINT8    *Cert,
Gerd Hoffmann b0c3af
+                             IN UINTN          CertSize,
Gerd Hoffmann b0c3af
+                             IN CONST EFI_GUID *OwnerGuid
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+                           triplets. If the first component of a triplet is
Gerd Hoffmann b0c3af
+                           NULL, then the other two components are not
Gerd Hoffmann b0c3af
+                           accessed, and processing is terminated. The list of
Gerd Hoffmann b0c3af
+                           X.509 certificates is enrolled in the variable
Gerd Hoffmann b0c3af
+                           specified, overwriting it. The OwnerGuid component
Gerd Hoffmann b0c3af
+                           identifies the agent installing the certificate.
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  @retval EFI_INVALID_PARAMETER  The triplet list is empty (ie. the first Cert
Gerd Hoffmann b0c3af
+                                 value is NULL), or one of the CertSize values
Gerd Hoffmann b0c3af
+                                 is 0, or one of the CertSize values would
Gerd Hoffmann b0c3af
+                                 overflow the accumulated UINT32 data size.
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  @retval EFI_OUT_OF_RESOURCES   Out of memory while formatting variable
Gerd Hoffmann b0c3af
+                                 payload.
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  @retval EFI_SUCCESS            Enrollment successful; the variable has been
Gerd Hoffmann b0c3af
+                                 overwritten (or created).
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  @return                        Error codes from gRT->GetTime() and
Gerd Hoffmann b0c3af
+                                 gRT->SetVariable().
Gerd Hoffmann b0c3af
+**/
Gerd Hoffmann b0c3af
+STATIC
Gerd Hoffmann b0c3af
+EFI_STATUS
Gerd Hoffmann b0c3af
+EFIAPI
Gerd Hoffmann b0c3af
+EnrollListOfX509Certs (
Gerd Hoffmann b0c3af
+  IN CHAR16   *VariableName,
Gerd Hoffmann b0c3af
+  IN EFI_GUID *VendorGuid,
Gerd Hoffmann b0c3af
+  ...
Gerd Hoffmann b0c3af
+  )
Gerd Hoffmann b0c3af
+{
Gerd Hoffmann b0c3af
+  UINTN            DataSize;
Gerd Hoffmann b0c3af
+  SINGLE_HEADER    *SingleHeader;
Gerd Hoffmann b0c3af
+  REPEATING_HEADER *RepeatingHeader;
Gerd Hoffmann b0c3af
+  VA_LIST          Marker;
Gerd Hoffmann b0c3af
+  CONST UINT8      *Cert;
Gerd Hoffmann b0c3af
+  EFI_STATUS       Status;
Gerd Hoffmann b0c3af
+  UINT8            *Data;
Gerd Hoffmann b0c3af
+  UINT8            *Position;
Gerd Hoffmann b0c3af
+
ed852e
+  Status = EFI_SUCCESS;
ed852e
+
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  // compute total size first, for UINT32 range check, and allocation
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  DataSize = sizeof *SingleHeader;
Gerd Hoffmann b0c3af
+  VA_START (Marker, VendorGuid);
Gerd Hoffmann b0c3af
+  for (Cert = VA_ARG (Marker, CONST UINT8 *);
Gerd Hoffmann b0c3af
+       Cert != NULL;
Gerd Hoffmann b0c3af
+       Cert = VA_ARG (Marker, CONST UINT8 *)) {
Gerd Hoffmann b0c3af
+    UINTN          CertSize;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+    CertSize = VA_ARG (Marker, UINTN);
Gerd Hoffmann b0c3af
+    (VOID)VA_ARG (Marker, CONST EFI_GUID *);
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+    if (CertSize == 0 ||
Gerd Hoffmann b0c3af
+        CertSize > MAX_UINT32 - sizeof *RepeatingHeader ||
Gerd Hoffmann b0c3af
+        DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) {
Gerd Hoffmann b0c3af
+      Status = EFI_INVALID_PARAMETER;
Gerd Hoffmann b0c3af
+      break;
Gerd Hoffmann b0c3af
+    }
Gerd Hoffmann b0c3af
+    DataSize += sizeof *RepeatingHeader + CertSize;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+  VA_END (Marker);
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  if (DataSize == sizeof *SingleHeader) {
Gerd Hoffmann b0c3af
+    Status = EFI_INVALID_PARAMETER;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    goto Out;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Data = AllocatePool (DataSize);
Gerd Hoffmann b0c3af
+  if (Data == NULL) {
Gerd Hoffmann b0c3af
+    Status = EFI_OUT_OF_RESOURCES;
Gerd Hoffmann b0c3af
+    goto Out;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Position = Data;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  SingleHeader = (SINGLE_HEADER *)Position;
Gerd Hoffmann b0c3af
+  Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    goto FreeData;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+  SingleHeader->TimeStamp.Pad1       = 0;
Gerd Hoffmann b0c3af
+  SingleHeader->TimeStamp.Nanosecond = 0;
Gerd Hoffmann b0c3af
+  SingleHeader->TimeStamp.TimeZone   = 0;
Gerd Hoffmann b0c3af
+  SingleHeader->TimeStamp.Daylight   = 0;
Gerd Hoffmann b0c3af
+  SingleHeader->TimeStamp.Pad2       = 0;
Gerd Hoffmann b0c3af
+#if 0
Gerd Hoffmann b0c3af
+  SingleHeader->dwLength         = DataSize - sizeof SingleHeader->TimeStamp;
Gerd Hoffmann b0c3af
+#else
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  // This looks like a bug in edk2. According to the UEFI specification,
Gerd Hoffmann b0c3af
+  // dwLength is "The length of the entire certificate, including the length of
Gerd Hoffmann b0c3af
+  // the header, in bytes". That shouldn't stop right after CertType -- it
Gerd Hoffmann b0c3af
+  // should include everything below it.
Gerd Hoffmann b0c3af
+  //
Gerd Hoffmann b0c3af
+  SingleHeader->dwLength         = sizeof *SingleHeader
Gerd Hoffmann b0c3af
+                                     - sizeof SingleHeader->TimeStamp;
Gerd Hoffmann b0c3af
+#endif
Gerd Hoffmann b0c3af
+  SingleHeader->wRevision        = 0x0200;
Gerd Hoffmann b0c3af
+  SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID;
Gerd Hoffmann b0c3af
+  CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid);
Gerd Hoffmann b0c3af
+  Position += sizeof *SingleHeader;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  VA_START (Marker, VendorGuid);
Gerd Hoffmann b0c3af
+  for (Cert = VA_ARG (Marker, CONST UINT8 *);
Gerd Hoffmann b0c3af
+       Cert != NULL;
Gerd Hoffmann b0c3af
+       Cert = VA_ARG (Marker, CONST UINT8 *)) {
Gerd Hoffmann b0c3af
+    UINTN            CertSize;
Gerd Hoffmann b0c3af
+    CONST EFI_GUID   *OwnerGuid;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+    CertSize  = VA_ARG (Marker, UINTN);
Gerd Hoffmann b0c3af
+    OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *);
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+    RepeatingHeader = (REPEATING_HEADER *)Position;
Gerd Hoffmann b0c3af
+    CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid);
ed852e
+    RepeatingHeader->SignatureListSize   =
ed852e
+      (UINT32)(sizeof *RepeatingHeader + CertSize);
Gerd Hoffmann b0c3af
+    RepeatingHeader->SignatureHeaderSize = 0;
Gerd Hoffmann b0c3af
+    RepeatingHeader->SignatureSize       =
ed852e
+      (UINT32)(sizeof RepeatingHeader->SignatureOwner + CertSize);
Gerd Hoffmann b0c3af
+    CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid);
Gerd Hoffmann b0c3af
+    Position += sizeof *RepeatingHeader;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+    CopyMem (Position, Cert, CertSize);
Gerd Hoffmann b0c3af
+    Position += CertSize;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+  VA_END (Marker);
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  ASSERT (Data + DataSize == Position);
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = gRT->SetVariable (VariableName, VendorGuid,
Gerd Hoffmann b0c3af
+                  (EFI_VARIABLE_NON_VOLATILE |
Gerd Hoffmann b0c3af
+                   EFI_VARIABLE_BOOTSERVICE_ACCESS |
Gerd Hoffmann b0c3af
+                   EFI_VARIABLE_RUNTIME_ACCESS |
Gerd Hoffmann b0c3af
+                   EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
Gerd Hoffmann b0c3af
+                  DataSize, Data);
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+FreeData:
Gerd Hoffmann b0c3af
+  FreePool (Data);
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+Out:
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName,
Gerd Hoffmann b0c3af
+      VendorGuid, Status);
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+  return Status;
Gerd Hoffmann b0c3af
+}
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+STATIC
Gerd Hoffmann b0c3af
+EFI_STATUS
Gerd Hoffmann b0c3af
+EFIAPI
Gerd Hoffmann b0c3af
+GetExact (
Gerd Hoffmann b0c3af
+  IN CHAR16   *VariableName,
Gerd Hoffmann b0c3af
+  IN EFI_GUID *VendorGuid,
Gerd Hoffmann b0c3af
+  OUT VOID    *Data,
Gerd Hoffmann b0c3af
+  IN UINTN    DataSize,
Gerd Hoffmann b0c3af
+  IN BOOLEAN  AllowMissing
Gerd Hoffmann b0c3af
+  )
Gerd Hoffmann b0c3af
+{
Gerd Hoffmann b0c3af
+  UINTN      Size;
Gerd Hoffmann b0c3af
+  EFI_STATUS Status;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Size = DataSize;
Gerd Hoffmann b0c3af
+  Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    if (Status == EFI_NOT_FOUND && AllowMissing) {
Gerd Hoffmann b0c3af
+      ZeroMem (Data, DataSize);
Gerd Hoffmann b0c3af
+      return EFI_SUCCESS;
Gerd Hoffmann b0c3af
+    }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+    AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName,
Gerd Hoffmann b0c3af
+      VendorGuid, Status);
Gerd Hoffmann b0c3af
+    return Status;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  if (Size != DataSize) {
Gerd Hoffmann b0c3af
+    AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, "
Gerd Hoffmann b0c3af
+      "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size);
Gerd Hoffmann b0c3af
+    return EFI_PROTOCOL_ERROR;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  return EFI_SUCCESS;
Gerd Hoffmann b0c3af
+}
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+typedef struct {
Gerd Hoffmann b0c3af
+  UINT8 SetupMode;
Gerd Hoffmann b0c3af
+  UINT8 SecureBoot;
Gerd Hoffmann b0c3af
+  UINT8 SecureBootEnable;
Gerd Hoffmann b0c3af
+  UINT8 CustomMode;
Gerd Hoffmann b0c3af
+  UINT8 VendorKeys;
Gerd Hoffmann b0c3af
+} SETTINGS;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+STATIC
Gerd Hoffmann b0c3af
+EFI_STATUS
Gerd Hoffmann b0c3af
+EFIAPI
Gerd Hoffmann b0c3af
+GetSettings (
Gerd Hoffmann b0c3af
+  OUT SETTINGS *Settings
Gerd Hoffmann b0c3af
+  )
Gerd Hoffmann b0c3af
+{
Gerd Hoffmann b0c3af
+  EFI_STATUS Status;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid,
Gerd Hoffmann b0c3af
+             &Settings->SetupMode, sizeof Settings->SetupMode, FALSE);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    return Status;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
Gerd Hoffmann b0c3af
+             &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    return Status;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME,
Gerd Hoffmann b0c3af
+             &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable,
Gerd Hoffmann b0c3af
+             sizeof Settings->SecureBootEnable, TRUE);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    return Status;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
Gerd Hoffmann b0c3af
+             &Settings->CustomMode, sizeof Settings->CustomMode, FALSE);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    return Status;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid,
Gerd Hoffmann b0c3af
+             &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE);
Gerd Hoffmann b0c3af
+  return Status;
Gerd Hoffmann b0c3af
+}
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+STATIC
Gerd Hoffmann b0c3af
+VOID
Gerd Hoffmann b0c3af
+EFIAPI
Gerd Hoffmann b0c3af
+PrintSettings (
Gerd Hoffmann b0c3af
+  IN CONST SETTINGS *Settings
Gerd Hoffmann b0c3af
+  )
Gerd Hoffmann b0c3af
+{
Gerd Hoffmann b0c3af
+  AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d "
Gerd Hoffmann b0c3af
+    "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot,
Gerd Hoffmann b0c3af
+    Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys);
Gerd Hoffmann b0c3af
+}
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+INTN
Gerd Hoffmann b0c3af
+EFIAPI
Gerd Hoffmann b0c3af
+ShellAppMain (
Gerd Hoffmann b0c3af
+  IN UINTN  Argc,
Gerd Hoffmann b0c3af
+  IN CHAR16 **Argv
Gerd Hoffmann b0c3af
+  )
Gerd Hoffmann b0c3af
+{
Gerd Hoffmann b0c3af
+  EFI_STATUS Status;
Gerd Hoffmann b0c3af
+  SETTINGS   Settings;
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = GetSettings (&Settings);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    return 1;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+  PrintSettings (&Settings);
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  if (Settings.SetupMode != 1) {
Gerd Hoffmann b0c3af
+    AsciiPrint ("error: already in User Mode\n");
Gerd Hoffmann b0c3af
+    return 1;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) {
Gerd Hoffmann b0c3af
+    Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE;
Gerd Hoffmann b0c3af
+    Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
Gerd Hoffmann b0c3af
+                    (EFI_VARIABLE_NON_VOLATILE |
Gerd Hoffmann b0c3af
+                     EFI_VARIABLE_BOOTSERVICE_ACCESS),
Gerd Hoffmann b0c3af
+                    sizeof Settings.CustomMode, &Settings.CustomMode);
Gerd Hoffmann b0c3af
+    if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+      AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
Gerd Hoffmann b0c3af
+        &gEfiCustomModeEnableGuid, Status);
Gerd Hoffmann b0c3af
+      return 1;
Gerd Hoffmann b0c3af
+    }
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = EnrollListOfX509Certs (
Gerd Hoffmann b0c3af
+             EFI_IMAGE_SECURITY_DATABASE,
Gerd Hoffmann b0c3af
+             &gEfiImageSecurityDatabaseGuid,
Gerd Hoffmann b0c3af
+             MicrosoftPCA,    sizeof MicrosoftPCA,    &gEfiCallerIdGuid,
Gerd Hoffmann b0c3af
+             MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid,
Gerd Hoffmann b0c3af
+             NULL);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    return 1;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = EnrollListOfX509Certs (
Gerd Hoffmann b0c3af
+             EFI_KEY_EXCHANGE_KEY_NAME,
Gerd Hoffmann b0c3af
+             &gEfiGlobalVariableGuid,
Gerd Hoffmann b0c3af
+             ExampleCert,  sizeof ExampleCert,  &gEfiCallerIdGuid,
Gerd Hoffmann b0c3af
+             MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid,
Gerd Hoffmann b0c3af
+             NULL);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    return 1;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = EnrollListOfX509Certs (
Gerd Hoffmann b0c3af
+             EFI_PLATFORM_KEY_NAME,
Gerd Hoffmann b0c3af
+             &gEfiGlobalVariableGuid,
Gerd Hoffmann b0c3af
+             ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid,
Gerd Hoffmann b0c3af
+             NULL);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    return 1;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Settings.CustomMode = STANDARD_SECURE_BOOT_MODE;
Gerd Hoffmann b0c3af
+  Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
Gerd Hoffmann b0c3af
+                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
Gerd Hoffmann b0c3af
+                  sizeof Settings.CustomMode, &Settings.CustomMode);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
Gerd Hoffmann b0c3af
+      &gEfiCustomModeEnableGuid, Status);
Gerd Hoffmann b0c3af
+    return 1;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  Status = GetSettings (&Settings);
Gerd Hoffmann b0c3af
+  if (EFI_ERROR (Status)) {
Gerd Hoffmann b0c3af
+    return 1;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+  PrintSettings (&Settings);
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 ||
Gerd Hoffmann b0c3af
+      Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 ||
Gerd Hoffmann b0c3af
+      Settings.VendorKeys != 0) {
Gerd Hoffmann b0c3af
+    AsciiPrint ("error: unexpected\n");
Gerd Hoffmann b0c3af
+    return 1;
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+  AsciiPrint ("info: success\n");
Gerd Hoffmann b0c3af
+  return 0;
Gerd Hoffmann b0c3af
+}
Gerd Hoffmann b0c3af
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
Gerd Hoffmann b0c3af
new file mode 100644
6ac749
index 0000000..ac919bb
Gerd Hoffmann b0c3af
--- /dev/null
Gerd Hoffmann b0c3af
+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
Gerd Hoffmann b0c3af
@@ -0,0 +1,51 @@
Gerd Hoffmann b0c3af
+## @file
Gerd Hoffmann b0c3af
+#  Enroll default PK, KEK, DB.
Gerd Hoffmann b0c3af
+#
Gerd Hoffmann b0c3af
+#  Copyright (C) 2014, Red Hat, Inc.
Gerd Hoffmann b0c3af
+#
Gerd Hoffmann b0c3af
+#  This program and the accompanying materials are licensed and made available
Gerd Hoffmann b0c3af
+#  under the terms and conditions of the BSD License which accompanies this
Gerd Hoffmann b0c3af
+#  distribution. The full text of the license may be found at
Gerd Hoffmann b0c3af
+#  http://opensource.org/licenses/bsd-license.
Gerd Hoffmann b0c3af
+#
Gerd Hoffmann b0c3af
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
Gerd Hoffmann b0c3af
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
Gerd Hoffmann b0c3af
+#  IMPLIED.
Gerd Hoffmann b0c3af
+##
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+[Defines]
Gerd Hoffmann b0c3af
+  INF_VERSION                    = 0x00010006
Gerd Hoffmann b0c3af
+  BASE_NAME                      = EnrollDefaultKeys
Gerd Hoffmann b0c3af
+  FILE_GUID                      = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A
Gerd Hoffmann b0c3af
+  MODULE_TYPE                    = UEFI_APPLICATION
Gerd Hoffmann b0c3af
+  VERSION_STRING                 = 0.1
Gerd Hoffmann b0c3af
+  ENTRY_POINT                    = ShellCEntryLib
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+#
Gerd Hoffmann b0c3af
+#  VALID_ARCHITECTURES           = IA32 X64
Gerd Hoffmann b0c3af
+#
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+[Sources]
Gerd Hoffmann b0c3af
+  EnrollDefaultKeys.c
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+[Packages]
Gerd Hoffmann b0c3af
+  MdePkg/MdePkg.dec
Gerd Hoffmann b0c3af
+  MdeModulePkg/MdeModulePkg.dec
Gerd Hoffmann b0c3af
+  SecurityPkg/SecurityPkg.dec
Gerd Hoffmann b0c3af
+  ShellPkg/ShellPkg.dec
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+[Guids]
Gerd Hoffmann b0c3af
+  gEfiCertPkcs7Guid
Gerd Hoffmann b0c3af
+  gEfiCertX509Guid
Gerd Hoffmann b0c3af
+  gEfiCustomModeEnableGuid
Gerd Hoffmann b0c3af
+  gEfiGlobalVariableGuid
Gerd Hoffmann b0c3af
+  gEfiImageSecurityDatabaseGuid
Gerd Hoffmann b0c3af
+  gEfiSecureBootEnableDisableGuid
Gerd Hoffmann b0c3af
+
Gerd Hoffmann b0c3af
+[LibraryClasses]
Gerd Hoffmann b0c3af
+  BaseMemoryLib
Gerd Hoffmann b0c3af
+  DebugLib
Gerd Hoffmann b0c3af
+  MemoryAllocationLib
Gerd Hoffmann b0c3af
+  ShellCEntryLib
Gerd Hoffmann b0c3af
+  UefiLib
Gerd Hoffmann b0c3af
+  UefiRuntimeServicesTableLib
Gerd Hoffmann b0c3af
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
ed852e
index 8af3267..6fb5c9c 100644
Gerd Hoffmann b0c3af
--- a/OvmfPkg/OvmfPkgIa32.dsc
Gerd Hoffmann b0c3af
+++ b/OvmfPkg/OvmfPkgIa32.dsc
ed852e
@@ -749,6 +749,10 @@
Gerd Hoffmann b0c3af
 
Gerd Hoffmann b0c3af
 !if $(SECURE_BOOT_ENABLE) == TRUE
Gerd Hoffmann b0c3af
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
Gerd Hoffmann b0c3af
+  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
Gerd Hoffmann b0c3af
+    <LibraryClasses>
Gerd Hoffmann b0c3af
+      ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
 !endif
Gerd Hoffmann b0c3af
 
Gerd Hoffmann b0c3af
   OvmfPkg/PlatformDxe/Platform.inf
Gerd Hoffmann b0c3af
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
ed852e
index 4bb38d0..e5abaff 100644
Gerd Hoffmann b0c3af
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
Gerd Hoffmann b0c3af
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
ed852e
@@ -758,6 +758,10 @@
Gerd Hoffmann b0c3af
 
Gerd Hoffmann b0c3af
 !if $(SECURE_BOOT_ENABLE) == TRUE
Gerd Hoffmann b0c3af
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
Gerd Hoffmann b0c3af
+  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
Gerd Hoffmann b0c3af
+    <LibraryClasses>
Gerd Hoffmann b0c3af
+      ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
 !endif
Gerd Hoffmann b0c3af
 
Gerd Hoffmann b0c3af
   OvmfPkg/PlatformDxe/Platform.inf
Gerd Hoffmann b0c3af
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
ed852e
index be3aa1f..4c36a7d 100644
Gerd Hoffmann b0c3af
--- a/OvmfPkg/OvmfPkgX64.dsc
Gerd Hoffmann b0c3af
+++ b/OvmfPkg/OvmfPkgX64.dsc
ed852e
@@ -756,6 +756,10 @@
Gerd Hoffmann b0c3af
 
Gerd Hoffmann b0c3af
 !if $(SECURE_BOOT_ENABLE) == TRUE
Gerd Hoffmann b0c3af
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
Gerd Hoffmann b0c3af
+  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
Gerd Hoffmann b0c3af
+    <LibraryClasses>
Gerd Hoffmann b0c3af
+      ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
Gerd Hoffmann b0c3af
+  }
Gerd Hoffmann b0c3af
 !endif
Gerd Hoffmann b0c3af
 
Gerd Hoffmann b0c3af
   OvmfPkg/PlatformDxe/Platform.inf
ed852e
-- 
ed852e
1.8.3.1
ed852e