Merge branch 'master' into openslxopenslx

author: Simon Rettberg 2026-01-28 12:53:53 +0100
committer: Simon Rettberg 2026-01-28 12:53:53 +0100
commit: 8e82785c584dc13e20f9229decb95bd17bbe9cd1 (patch)
tree: a8b359e59196be5b2e3862bed189107f4bc9975f /src/include/ipxe/efi/Guid/MicrosoftVendor.h
parent: Merge branch 'master' into openslx (diff)
parent: [prefix] Make unlzma.S compatible with 386 class CPUs (diff)
download: ipxe-openslx.tar.gz
ipxe-openslx.tar.xz
ipxe-openslx.zip
1 files changed, 58 insertions, 0 deletions
diff --git a/src/include/ipxe/efi/Guid/MicrosoftVendor.h b/src/include/ipxe/efi/Guid/MicrosoftVendor.h
new file mode 100644
index 000000000..ded1b9019
--- /dev/null
+++ b/src/include/ipxe/efi/Guid/MicrosoftVendor.h
@@ -0,0 +1,58 @@
+/** @file
+  Declare the GUID that is expected:
+
+  - as EFI_SIGNATURE_DATA.SignatureOwner GUID in association with X509 and
+    RSA2048 Secure Boot certificates issued by/for Microsoft,
+
+  - as UEFI variable vendor GUID in association with (unspecified)
+    Microsoft-owned variables.
+
+  Copyright (C) 2014-2019, Red Hat, Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+  @par Specification Reference:
+  - MSDN: System.Fundamentals.Firmware at
+    <https://msdn.microsoft.com/en-us/ie/dn932805(v=vs.94)>.
+**/
+
+#ifndef MICROSOFT_VENDOR_H_
+#define MICROSOFT_VENDOR_H_
+
+FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
+
+#include <ipxe/efi/Uefi/UefiBaseType.h>
+
+//
+// The following test cases of the Secure Boot Logo Test in the Microsoft
+// Hardware Certification Kit:
+//
+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent
+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB
+//
+// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be
+// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the
+// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509
+// certificates:
+//
+// - "Microsoft Corporation KEK CA 2011" (in KEK)
+// - "Microsoft Windows Production PCA 2011" (in db)
+// - "Microsoft Corporation UEFI CA 2011" (in db)
+//
+// This is despite the fact that the UEFI specification requires
+// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS,
+// application or driver) that enrolled and therefore owns
+// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued
+// EFI_SIGNATURE_DATA.SignatureData.
+//
+#define MICROSOFT_VENDOR_GUID                           \
+  { 0x77fa9abd,                                         \
+    0x0359,                                             \
+    0x4d32,                                             \
+    { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b }, \
+  }
+
+extern EFI_GUID  gMicrosoftVendorGuid;
+
+#endif /* MICROSOFT_VENDOR_H_ */
author	Simon Rettberg	2026-01-28 12:53:53 +0100
committer	Simon Rettberg	2026-01-28 12:53:53 +0100
commit	8e82785c584dc13e20f9229decb95bd17bbe9cd1 (patch)
tree	a8b359e59196be5b2e3862bed189107f4bc9975f /src/include/ipxe/efi/Guid/MicrosoftVendor.h
parent	Merge branch 'master' into openslx (diff)
parent	[prefix] Make unlzma.S compatible with 386 class CPUs (diff)
download	ipxe-openslx.tar.gz ipxe-openslx.tar.xz ipxe-openslx.zip