![]() ![]() The capsule can be an EFI application as long as it is signed with a key chaining back to an entry in the UEFI Allowed Database. More generally, when capsule signing is deemed necessary (for example, to ensure integrity and authenticity of the complete update package), and the capsule may comprise firmware updates for firmware outside of UEFI, the capsule should be signed in such a way that it can be verified using platform-held, non-UEFI keys (for example, signed using a key chaining back to a public key bound to boot ROM or the UEFI PK). This load must still be measured into TPM PCR as for any other image. The capsule application may, however, be loaded using a platform-specific verification against the boot ROM public key or the UEFI PK. On Arm-based systems, with no keys other than the Microsoft Production CA 2011 allowed in the UEFI Allowed Database and Microsoft does not use a signer under this CA to sign third-party UEFI code, load of such a capsule cannot leverage the regular UEFI LoadImage() service. If the capsule is a PE/COFF file, then it must be signed by the OEM before submitting to Microsoft for Windows Firmware Update Package signing. The capsule may just contain a catalog of firmware images to update in whatever format the OEM chooses, or it may be delivered in the form of an EFI Application image (PE/COFF file format). The capsule content itself is determined by the OEM. Review the Microsoft UEFI CA Signing policy updates link below for additional details. The IHV or OEM is responsible for ensuring the integrity and security of the firmware through signature verification, encryption, or other means. The signature on the UEFI firmware or device firmware update is validated by the platform firmware and is not checked by Windows. Windows does not provide the security catalog to the firmware. The signature on the driver package, delivered via security catalog, is used by Windows to verify the integrity of firmware.bin before handing it to UEFI. Signing is via Hardware Dashboard using the file signing services feature. Signing of the driver package is different from signing the UEFI firmware, though both need to be signed. Publishing to Windows Update is done via the Hardware Dashboard using the Driver Distribution feature. Once signed, the driver package is provided to the submitter where the submitter has the option to publish on Windows Update (WU) via the Hardware Dashboard (using the Driver Distribution feature). The driver package can then be submitted to the Partner Center for signing. If there is not a test specifically for the firmware being tested, locate the most reasonable alternative and submit results with the HLK package as needed. When the contents of the driver package are installed on the System Under Test (SUT), the device must pass the required Windows Hardware Lab Kit (HLK) tests. ![]() Because a firmware update is delivered as a driver package, it follows the same verification and signing process as a device driver package. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |