The Secure Boot Framework does not support the RSA-PSS


任云青
 

The secure boot framework finally invokes PKCS7_verify() of OpenSSL. It has been verified that PKCS7_verify() does not support verifying the contents of an RSA-PSS signature. The CMS_verify() interface supports RSA-PSS.

Bug 3314 seems to introduce an interface for RAS-PSS(RsaPssVerify). However, this interface is not applicable to secure boot frameworks. It's just an underlying interface.

I want to know if the EDK2 Secure Boot Framework has any plans to support RSA-PSS?

Join discuss@edk2.groups.io to automatically receive all group messages.