[Bug 97] New: [FDF Spec] FMPPAYLOAD section add the definition for CERTIFICATE_GUID and MONOTONIC_COUNT


bugzilla-daemon at tianocore.acgmultimedia.com...
 

https://tianocore.acgmultimedia.com/show_bug.cgi?id=97

Bug ID: 97
Summary: [FDF Spec] FMPPAYLOAD section add the definition for
CERTIFICATE_GUID and MONOTONIC_COUNT
Product: EDK2
Version: Current
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Lowest
Component: Documentation
Assignee: michael.d.kinney(a)intel.com
Reporter: yonghong.zhu(a)intel.com
CC: edk2-bugs(a)lists.01.org

FMP capsule cannot generate auth info. Current BaseTools can not support
generating UEFI spec defined EFI_FIRMWARE_IMAGE_AUTHENTICATION.

so we propose FDF Spec [FMPPAYLOAD] section add the definition for
CERTIFICATE_GUID and MONOTONIC_COUNT:

[FMPPAYLOAD.Payload1]
MONOTONIC_COUNT = <NumValUint64>
CERTIFICATE_GUID = <GUID>

a. The BaseTools will find the tool based upon the CERTIFICATE_GUID
b. CERTIFICATE_GUID and MONOTONIC_COUNT must work as a pair
c. If CERTIFICATE_GUID is provided, the FMP payload is processed as UEFI FMP
Authentication format. And MONOTONIC_COUNT MUST be provided.
d. If CERTIFICATE_GUID is not provided, the FMP payload is processed as UEFI
FMP non-Authentication format. And MONOTONIC_COUNT MUST NOT be provided.

--
You are receiving this mail because:
You are on the CC list for the bug.