SubRegionAuthLib RFC

Mackay, Curtis A <curtis.a.mackay@...>



I filed a proposal for a new library to handle UEFI BIOS sub-regions at Attached is a slide deck with design overview of the new library.


A UEFI BIOS sub-region is an independent signed FV that can be updated independent of UEFI BIOS on flash and is part of a pre-allocated region on flash that is visible to UEFI BIOS.

The primary use-cases for such a region would be to store independently updateable firmware and large IP configuration data files to be consumed by BIOS.


To maintain the integrity of the BIOS sub-region, this ticket proposes a mechanism that:

- Leverages UEFI Secure Boot to authenticate the BIOS sub-region

- Supports PKCS#7 standard as signing/authentication mechanism to maintain the integrity of sub-region in PEI, DXE or BDS Phase.


Please provide feedback and comments on the design.


Best regards,

Curtis Mackay

Join to automatically receive all group messages.