Re: SubRegionAuthLib RFC

Mackay, Curtis A <curtis.a.mackay@...>

Friendly reminder to review and provide feedback on the RFC. We are looking to target a WW34 deadline with this design.





From: Mackay, Curtis A
Sent: Tuesday, June 16, 2020 10:51 AM
To: '' <>
Cc: Kinney, Michael D <michael.d.kinney@...>; Wang, Jian J <>; Yao, Jiewen <jiewen.yao@...>; Sukerkar, Amol N <amol.n.sukerkar@...>; Agrawal, Sachin <sachin.agrawal@...>
Subject: SubRegionAuthLib RFC




I filed a proposal for a new library to handle UEFI BIOS sub-regions at Attached is a slide deck with design overview of the new library.


A UEFI BIOS sub-region is an independent signed FV that can be updated independent of UEFI BIOS on flash and is part of a pre-allocated region on flash that is visible to UEFI BIOS.

The primary use-cases for such a region would be to store independently updateable firmware and large IP configuration data files to be consumed by BIOS.


To maintain the integrity of the BIOS sub-region, this ticket proposes a mechanism that:

- Leverages UEFI Secure Boot to authenticate the BIOS sub-region

- Supports PKCS#7 standard as signing/authentication mechanism to maintain the integrity of sub-region in PEI, DXE or BDS Phase.


Please provide feedback and comments on the design.


Best regards,

Curtis Mackay

Join to automatically receive all group messages.