Intel Extensible Firmware Interface User Manual

Page 704

Advertising
background image

Extensible Firmware Interface Specification

15-98

12/01/02

Version 1.10

The left-hand string must appear exactly as shown. The right-hand string must appear exactly as
shown.

Name: memory:BootObject

This identifies the section in the signer’s information file corresponding to the section with the
same name in the manifest file described earlier. The string “

memory:BootObject

” must

appear exactly as shown.

Digest-Algorithms: SHA-1

This enumerates the digest algorithms for which integrity data is included for the corresponding
manifest section. Strings identifying digest algorithms are the same as in the manifest file. The
digest algorithms specified here must match those specified in the manifest file. For every digest
algorithm

XXX

listed, there must also be a corresponding

XXX-Digest

line.

SHA-1-Digest: (base-64 representation of a SHA-1 digest of the
corresponding manifest section)

Gives the corresponding digest value for the corresponding manifest section. The value is base-64
encoded. Note that for the purpose of computing the hash of the manifest section, the manifest
section starts at the beginning of the opening “

Name:

” keyword and continues up to, but not

including, the next section’s “

Name:

” keyword or the end-of-file. Thus the hash includes the

blank line(s) at the end of a section and any newline(s) preceding the next “

Name:

” keyword or

end-of-file.

//**********************************************************
// Signature Block File Example
//**********************************************************

A signature block file is a raw binary file (not base-64 encoded) that is a PKCS#7 defined format
signature block. The signature block covers exactly the contents of the signer’s information file.
There must be a correspondence between the name of the signer’s information file and the signature
block file. The base name matches, and the three-character extension is modified to reflect the
signature algorithm used according to the following rules:
• DSA signature algorithm (which uses SHA-1 hash): extension is DSA.
• RSA signature algorithm with MD5 hash: extension is RSA.
So for example with a signer’s information file name of “myinfo.SF,” the corresponding DSA
signature block file name would be “myinfo.DSA.”

The format of a signature block file is defined in [PKCS].

Advertising
Popular Brands
Popular manuals