Support authentication of uefi priv. variables
To authenticate private uefi variables a fingerprint has to be
calculated based on the common name of the signing certificate's
Subject field and the tbsCertificate of the top-level issuer
certificate.
These variables have a public key certificate attached so the
verify_pkcs7_signature_handler is also reorganized to be able
to verify its own signature with its internal public key.
This commit implements the changes needed for the described
functionality.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Change-Id: Ida22977f3ef1a730ea95834ca5c9f9e4ed78d927
diff --git a/deployments/smm-gateway/smm-gateway.cmake b/deployments/smm-gateway/smm-gateway.cmake
index e5ee03b..562d9d1 100644
--- a/deployments/smm-gateway/smm-gateway.cmake
+++ b/deployments/smm-gateway/smm-gateway.cmake
@@ -17,6 +17,12 @@
target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedcrypto)
target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedx509)
+# Pass the mbedtls config file to C preprocessor so the uefi
+# direct backend will access the mbedtls headers
+target_compile_definitions(smm-gateway PRIVATE
+ MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+)
+
target_compile_definitions(smm-gateway PRIVATE
-DUEFI_INTERNAL_CRYPTO
)
@@ -24,6 +30,7 @@
add_components(TARGET "smm-gateway"
BASE_DIR ${TS_ROOT}
COMPONENTS
+ "components/common/mbedtls"
"components/service/uefi/smm_variable/backend/direct"
)