summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/ovmf/ovmf
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-core/ovmf/ovmf')
-rw-r--r--meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch46
-rw-r--r--meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch (renamed from meta/recipes-core/ovmf/ovmf/0002-ovmf-update-path-to-native-BaseTools.patch)12
-rw-r--r--meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch69
-rw-r--r--meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch39
-rw-r--r--meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch104
-rw-r--r--meta/recipes-core/ovmf/ovmf/0004-ovmf-enable-long-path-file.patch18
-rw-r--r--meta/recipes-core/ovmf/ovmf/0004-reproducible.patch180
-rw-r--r--meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch1124
-rw-r--r--meta/recipes-core/ovmf/ovmf/VfrCompile-increase-path-length-limit.patch33
-rw-r--r--meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch20
10 files changed, 359 insertions, 1286 deletions
diff --git a/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch b/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch
deleted file mode 100644
index 5bb418b954..0000000000
--- a/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From f65e9cc025278387b494c2383c5d9ff3bed98687 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 11 Jun 2017 00:47:24 -0700
-Subject: [PATCH] ia32: Dont use -pie
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- BaseTools/Conf/tools_def.template | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-Index: git/BaseTools/Conf/tools_def.template
-===================================================================
---- git.orig/BaseTools/Conf/tools_def.template
-+++ git/BaseTools/Conf/tools_def.template
-@@ -4336,7 +4336,7 @@ RELEASE_*_*_OBJCOPY_ADDDEBUGFLAG =
- NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_NAME).debug
-
- DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
--DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe
-+DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe -fno-PIE -no-pie
- DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-address -mno-stack-arg-probe
- DEFINE GCC_IPF_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency
- DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -mfloat-abi=soft -fno-pic -fno-pie
-@@ -4369,9 +4369,9 @@ DEFINE GCC_ARM_RC_FLAGS = -I
- DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii
-
- DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
--DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables
-+DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
- DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
--DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
-+DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie
- DEFINE GCC44_IA32_X64_ASLDLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
- DEFINE GCC44_IA32_X64_DLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
- DEFINE GCC44_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON)
-@@ -4451,7 +4451,7 @@ DEFINE GCC48_AARCH64_ASLDLINK_FLAGS = D
-
- DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
- DEFINE GCC49_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
--DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40
-+DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 -no-pie
- DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
- DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
- DEFINE GCC49_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
diff --git a/meta/recipes-core/ovmf/ovmf/0002-ovmf-update-path-to-native-BaseTools.patch b/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
index 94ae5d4496..490d9e8046 100644
--- a/meta/recipes-core/ovmf/ovmf/0002-ovmf-update-path-to-native-BaseTools.patch
+++ b/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
@@ -1,7 +1,7 @@
-From 9e632e3f9edd09632cc877dff6ea57608f979aab Mon Sep 17 00:00:00 2001
+From d8df6b6433351763e1db791dd84d432983d2b249 Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Thu, 9 Jun 2016 02:23:01 -0700
-Subject: [PATCH] ovmf: update path to native BaseTools
+Subject: [PATCH 1/4] ovmf: update path to native BaseTools
BaseTools is a set of utilities to build EDK-based firmware. These utilities
are used during the build process. Thus, they need to be built natively.
@@ -10,16 +10,16 @@ tools. The BBAKE_EDK_TOOLS_PATH string is used as a pattern to be replaced
with the appropriate location before building.
Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [oe-core cross compile specific]
---
OvmfPkg/build.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/build.sh b/OvmfPkg/build.sh
-index eb5eb73..9058fca 100755
+index b0334fb76e..094f86f096 100755
--- a/OvmfPkg/build.sh
+++ b/OvmfPkg/build.sh
-@@ -30,7 +30,7 @@ then
+@@ -24,7 +24,7 @@ then
# this assumes svn pulls have the same root dir
# export EDK_TOOLS_PATH=`pwd`/../BaseTools
# This version is for the tools source in edk2
@@ -29,5 +29,5 @@ index eb5eb73..9058fca 100755
source edksetup.sh BaseTools
else
--
-2.8.1
+2.30.2
diff --git a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
new file mode 100644
index 0000000000..eeedc9e20f
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
@@ -0,0 +1,69 @@
+From ac9df4fb92965f1f95a5bdbde5f2f86d0c569711 Mon Sep 17 00:00:00 2001
+From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
+Date: Fri, 26 Jul 2019 17:34:26 -0400
+Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake
+
+Prepend the build flags with those of bitbake. This is to build
+using the bitbake native sysroot include and library directories.
+
+Note from Alex: this is not appropriate for upstream submission as
+the recipe already does lots of similar in-place fixups elsewhere, so
+this patch shold be converted to follow that pattern. We're not going
+to fight against how upstream wants to configure the build.
+
+Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com>
+Upstream-Status: Inappropriate [needs to be converted to in-recipe fixups]
+---
+ BaseTools/Source/C/Makefiles/header.makefile | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile
+index d369908a09..22c670f316 100644
+--- a/BaseTools/Source/C/Makefiles/header.makefile
++++ b/BaseTools/Source/C/Makefiles/header.makefile
+@@ -85,35 +85,34 @@ endif
+
+ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
+ INCLUDE += -I $(EDK2_PATH)/MdePkg/Include
+-CPPFLAGS = $(INCLUDE)
++CPPFLAGS += $(INCLUDE)
+
+ # keep EXTRA_OPTFLAGS last
+ BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
+
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
+ -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
+ else
+ ifneq ($(CLANG),)
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+ -fno-delete-null-pointer-checks -Wall -Werror \
+ -Wno-deprecated-declarations -Wno-self-assign \
+ -Wno-unused-result -nostdlib -g
+ else
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+ -fno-delete-null-pointer-checks -Wall -Werror \
+ -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
+ -Wno-unused-result -nostdlib -g
+ endif
+ endif
+ ifneq ($(CLANG),)
+-LDFLAGS =
+-CXXFLAGS = -Wno-deprecated-register -Wno-unused-result -std=c++14
++CXXFLAGS += -Wno-deprecated-register -Wno-unused-result -std=c++14
+ else
+-LDFLAGS =
+-CXXFLAGS = -Wno-unused-result
++CXXFLAGS += -Wno-unused-result
+ endif
++
+ ifeq ($(HOST_ARCH), IA32)
+ #
+ # Snow Leopard is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults
+--
+2.30.2
+
diff --git a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
deleted file mode 100644
index 65b5c16dcb..0000000000
--- a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 2320650c6d381b914fe91b2dedaa5870279a8bcf Mon Sep 17 00:00:00 2001
-From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
-Date: Sun, 27 Nov 2016 18:42:55 -0800
-Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake
-
-Prepend the build flags with those of bitbake. This is to build
-using the bitbake native sysroot include and library directories.
-
-Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com>
-Upstream-Status: Pending
----
- BaseTools/Source/C/Makefiles/header.makefile | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-Index: git/BaseTools/Source/C/Makefiles/header.makefile
-===================================================================
---- git.orig/BaseTools/Source/C/Makefiles/header.makefile
-+++ git/BaseTools/Source/C/Makefiles/header.makefile
-@@ -44,15 +44,15 @@ ARCH_INCLUDE = -I $(MAKEROOT)/Include/AA
- endif
-
- INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
--BUILD_CPPFLAGS = $(INCLUDE) -O2
-+BUILD_CPPFLAGS += $(INCLUDE) -O2
- ifeq ($(DARWIN),Darwin)
- # assume clang or clang compatible flags on OS X
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
- else
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
- endif
--BUILD_LFLAGS =
--BUILD_CXXFLAGS = -Wno-unused-result
-+BUILD_LFLAGS = $(LDFLAGS)
-+BUILD_CXXFLAGS += -Wno-unused-result
-
- ifeq ($(ARCH), IA32)
- #
diff --git a/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch b/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
new file mode 100644
index 0000000000..c0c763c1cf
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
@@ -0,0 +1,104 @@
+From 03e536b20d0b72cf078052f6748de8df3836625c Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Mon, 14 Jun 2021 19:56:28 +0200
+Subject: [PATCH 3/4] debug prefix map
+
+We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
+ --debug-prefix-map to nasm (we carry a patch to nasm for this). The
+tools definitions file is built by ovmf-native so we need to pass this in
+at target build time when we know the right values so we use the environment.
+
+By using determininistc file paths during the ovmf build, it removes the
+opportunitity for gcc/ld to change the output binaries due to path lengths
+overflowing section sizes and causing small changes in the binary output.
+Previously we relied on the stripped output being the same which isn't always
+the case if the size of the debug symbols varies.
+
+Upstream-Status: Submitted [https://github.com/tianocore/edk2/pull/2202]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ BaseTools/Conf/tools_def.template | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
+index 503a6687c1..10ac38ef9e 100755
+--- a/BaseTools/Conf/tools_def.template
++++ b/BaseTools/Conf/tools_def.template
+@@ -739,7 +739,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
+ *_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
+ *_*_*_DTC_PATH = DEF(DTC_BIN)
+
+-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
++DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common ENV(GCC_PREFIX_MAP)
+ DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
+ DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -fno-plt -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
+ DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
+@@ -759,8 +759,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
+ DEFINE GCC_AARCH64_ASLDLINK_FLAGS = DEF(GCC_AARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT) DEF(GCC_ARM_AARCH64_ASLDLINK_FLAGS)
+ DEFINE GCC_LOONGARCH64_ASLDLINK_FLAGS = DEF(GCC_LOONGARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT)
+ DEFINE GCC_IA32_X64_DLINK_FLAGS = DEF(GCC_IA32_X64_DLINK_COMMON) --entry _$(IMAGE_ENTRY_POINT) --file-alignment 0x20 --section-alignment 0x20 -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
+-DEFINE GCC_ASM_FLAGS = -c -x assembler -imacros AutoGen.h
+-DEFINE GCC_PP_FLAGS = -E -x assembler-with-cpp -include AutoGen.h
++DEFINE GCC_ASM_FLAGS = -c -x assembler -imacros AutoGen.h ENV(GCC_PREFIX_MAP)
++DEFINE GCC_PP_FLAGS = -E -x assembler-with-cpp -include AutoGen.h ENV(GCC_PREFIX_MAP)
+ DEFINE GCC_VFRPP_FLAGS = -x c -E -P -DVFRCOMPILE --include $(MODULE_NAME)StrDefs.h
+ DEFINE GCC_ASLPP_FLAGS = -x c -E -include AutoGen.h
+ DEFINE GCC_ASLCC_FLAGS = -x c
+@@ -913,7 +913,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF(
+ *_GCC48_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
+ *_GCC48_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
+ *_GCC48_IA32_OBJCOPY_FLAGS =
+-*_GCC48_IA32_NASM_FLAGS = -f elf32
++*_GCC48_IA32_NASM_FLAGS = -f elf32 ENV(NASM_PREFIX_MAP)
+
+ DEBUG_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
+ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set-variable
+@@ -941,7 +941,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
+ *_GCC48_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS)
+ *_GCC48_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
+ *_GCC48_X64_OBJCOPY_FLAGS =
+-*_GCC48_X64_NASM_FLAGS = -f elf64
++*_GCC48_X64_NASM_FLAGS = -f elf64 ENV(NASM_PREFIX_MAP)
+
+ DEBUG_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
+ RELEASE_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) -Wno-unused-but-set-variable
+@@ -1050,7 +1050,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
+ *_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS)
+ *_GCC49_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
+ *_GCC49_IA32_OBJCOPY_FLAGS =
+-*_GCC49_IA32_NASM_FLAGS = -f elf32
++*_GCC49_IA32_NASM_FLAGS = -f elf32 ENV(NASM_PREFIX_MAP)
+
+ DEBUG_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS)
+ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
+@@ -1078,7 +1078,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
+ *_GCC49_X64_DLINK2_FLAGS = DEF(GCC49_X64_DLINK2_FLAGS)
+ *_GCC49_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
+ *_GCC49_X64_OBJCOPY_FLAGS =
+-*_GCC49_X64_NASM_FLAGS = -f elf64
++*_GCC49_X64_NASM_FLAGS = -f elf64 ENV(NASM_PREFIX_MAP)
+
+ DEBUG_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS)
+ RELEASE_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
+@@ -1337,7 +1337,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
+ *_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
+ *_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
+ *_GCC5_IA32_OBJCOPY_FLAGS =
+-*_GCC5_IA32_NASM_FLAGS = -f elf32
++*_GCC5_IA32_NASM_FLAGS = -f elf32 ENV(NASM_PREFIX_MAP)
+
+ DEBUG_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto
+ DEBUG_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386
+@@ -1369,7 +1369,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
+ *_GCC5_X64_DLINK2_FLAGS = DEF(GCC5_X64_DLINK2_FLAGS)
+ *_GCC5_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
+ *_GCC5_X64_OBJCOPY_FLAGS =
+-*_GCC5_X64_NASM_FLAGS = -f elf64
++*_GCC5_X64_NASM_FLAGS = -f elf64 ENV(NASM_PREFIX_MAP)
+
+ DEBUG_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO
+ DEBUG_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -flto -Os
+--
+2.30.2
+
diff --git a/meta/recipes-core/ovmf/ovmf/0004-ovmf-enable-long-path-file.patch b/meta/recipes-core/ovmf/ovmf/0004-ovmf-enable-long-path-file.patch
deleted file mode 100644
index d954fbe314..0000000000
--- a/meta/recipes-core/ovmf/ovmf/0004-ovmf-enable-long-path-file.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-From 032fc6b1f7691bd537fd2a6bd13821fcf3c45e64 Mon Sep 17 00:00:00 2001
-From: Dengke Du <dengke.du@windriver.com>
-Date: Mon, 11 Sep 2017 02:21:55 -0400
-Subject: [PATCH] ovmf: enable long path file
-
-Upstream-Status: Pending
-Signed-off-by: Dengke Du <dengke.du@windriver.com>
----
- BaseTools/Source/C/Common/CommonLib.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/BaseTools/Source/C/Common/CommonLib.h b/BaseTools/Source/C/Common/CommonLib.h
-index 2041b89e2d..8116aa2e35 100644
---- a/BaseTools/Source/C/Common/CommonLib.h
-+++ b/BaseTools/Source/C/Common/CommonLib.h
-@@ -22 +22 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
--#define MAX_LONG_FILE_PATH 500
-+#define MAX_LONG_FILE_PATH 1023
diff --git a/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch b/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
new file mode 100644
index 0000000000..c3fdc3d863
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
@@ -0,0 +1,180 @@
+From c59850367a190d70dec43e0a66f399a4d8a5ffed Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Mon, 14 Jun 2021 19:57:30 +0200
+Subject: [PATCH 4/4] reproducible
+
+This patch fixes various things which make the build more reproducible. Some changes
+here only change intermediate artefacts but that means when you have two build trees
+giving differing results, the differences can be isolated more easily. The issues here
+usually become apparent with longer paths.
+
+This was all debugged with:
+TMPDIR = "${TOPDIR}/tmp"
+vs.
+TMPDIR = "${TOPDIR}/tmp-inital-mylongpath-mylongpath-mylongpath-mylongpath-mylongpath-mylongpath-mylongpath-mylongpath-mylongpath"
+
+The patch specifically:
+
+ * Sorts output in GNUmakefile
+ * Always generates indirect flags files used to avoid pathlength issues else the
+ compile commands suddenly change when using longer paths
+ * Sorts the AutoGenTimeStamp file contents
+ * Makes the TargetDescBlock objects from BuildEngine sortable to allow the makefile fix
+ * Fix ElfConvert within GenFw so that only the basename of the binary being converted
+ is used, else the output from "GenFw XXX.bin" differs from "GenFw /long/path/XXX.bin"
+ with sufficiently long paths
+
+Upstream-Status: Submitted [https://github.com/tianocore/edk2/pull/2176]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ BaseTools/Source/C/GenFw/Elf64Convert.c | 8 ++++---
+ .../Source/Python/AutoGen/BuildEngine.py | 3 +++
+ BaseTools/Source/Python/AutoGen/GenMake.py | 24 +++++++++----------
+ .../Source/Python/AutoGen/ModuleAutoGen.py | 5 +++-
+ 4 files changed, 24 insertions(+), 16 deletions(-)
+
+diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
+index 9c17c90b16..fcc7864141 100644
+--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
++++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
+@@ -15,6 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+ #ifndef __GNUC__
+ #include <windows.h>
+ #include <io.h>
++#else
++#define _GNU_SOURCE
+ #endif
+ #include <assert.h>
+ #include <stdio.h>
+@@ -990,7 +992,7 @@ ScanSections64 (
+ }
+ mCoffOffset = mDebugOffset + sizeof(EFI_IMAGE_DEBUG_DIRECTORY_ENTRY) +
+ sizeof(EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY) +
+- strlen(mInImageName) + 1;
++ strlen(basename(mInImageName)) + 1;
+
+ //
+ // Add more space in the .debug data region for the DllCharacteristicsEx
+@@ -2261,7 +2263,7 @@ WriteDebug64 (
+ EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
+ EFI_IMAGE_DEBUG_EX_DLLCHARACTERISTICS_ENTRY *DllEntry;
+
+- Len = strlen(mInImageName) + 1;
++ Len = strlen(basename(mInImageName)) + 1;
+
+ NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
+ DataDir = &NtHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG];
+@@ -2294,7 +2296,7 @@ WriteDebug64 (
+
+ Nb10 = (EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY*)(Dir + 1);
+ Nb10->Signature = CODEVIEW_SIGNATURE_NB10;
+- strcpy ((char *)(Nb10 + 1), mInImageName);
++ strcpy ((char *)(Nb10 + 1), basename(mInImageName));
+ }
+
+ STATIC
+diff --git a/BaseTools/Source/Python/AutoGen/BuildEngine.py b/BaseTools/Source/Python/AutoGen/BuildEngine.py
+index 752a1a1f6a..02054cccf8 100644
+--- a/BaseTools/Source/Python/AutoGen/BuildEngine.py
++++ b/BaseTools/Source/Python/AutoGen/BuildEngine.py
+@@ -70,6 +70,9 @@ class TargetDescBlock(object):
+ else:
+ return str(Other) == self.Target.Path
+
++ def __lt__(self, other):
++ return str(self) < str(other)
++
+ def AddInput(self, Input):
+ if Input not in self.Inputs:
+ self.Inputs.append(Input)
+diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py b/BaseTools/Source/Python/AutoGen/GenMake.py
+index daec9c6d54..0e8cc20efe 100755
+--- a/BaseTools/Source/Python/AutoGen/GenMake.py
++++ b/BaseTools/Source/Python/AutoGen/GenMake.py
+@@ -575,7 +575,7 @@ cleanlib:
+ os.remove(RespFileList)
+
+ # convert source files and binary files to build targets
+- self.ResultFileList = [str(T.Target) for T in MyAgo.CodaTargetList]
++ self.ResultFileList = sorted([str(T.Target) for T in MyAgo.CodaTargetList])
+ if len(self.ResultFileList) == 0 and len(MyAgo.SourceFileList) != 0:
+ EdkLogger.error("build", AUTOGEN_ERROR, "Nothing to build",
+ ExtraData="[%s]" % str(MyAgo))
+@@ -726,7 +726,7 @@ cleanlib:
+ OutputFile = ''
+ DepsFileList = []
+
+- for Cmd in self.GenFfsList:
++ for Cmd in sorted(self.GenFfsList):
+ if Cmd[2]:
+ for CopyCmd in Cmd[2]:
+ Src, Dst = CopyCmd
+@@ -759,7 +759,7 @@ cleanlib:
+ self.BuildTargetList.append('\t%s' % CmdString)
+
+ self.ParseSecCmd(DepsFileList, Cmd[1])
+- for SecOutputFile, SecDepsFile, SecCmd in self.FfsOutputFileList :
++ for SecOutputFile, SecDepsFile, SecCmd in sorted(self.FfsOutputFileList):
+ self.BuildTargetList.append('%s : %s' % (self.ReplaceMacro(SecOutputFile), self.ReplaceMacro(SecDepsFile)))
+ self.BuildTargetList.append('\t%s' % self.ReplaceMacro(SecCmd))
+ self.FfsOutputFileList = []
+@@ -798,13 +798,13 @@ cleanlib:
+
+ def CommandExceedLimit(self):
+ FlagDict = {
+- 'CC' : { 'Macro' : '$(CC_FLAGS)', 'Value' : False},
+- 'PP' : { 'Macro' : '$(PP_FLAGS)', 'Value' : False},
+- 'APP' : { 'Macro' : '$(APP_FLAGS)', 'Value' : False},
+- 'ASLPP' : { 'Macro' : '$(ASLPP_FLAGS)', 'Value' : False},
+- 'VFRPP' : { 'Macro' : '$(VFRPP_FLAGS)', 'Value' : False},
+- 'ASM' : { 'Macro' : '$(ASM_FLAGS)', 'Value' : False},
+- 'ASLCC' : { 'Macro' : '$(ASLCC_FLAGS)', 'Value' : False},
++ 'CC' : { 'Macro' : '$(CC_FLAGS)', 'Value' : True},
++ 'PP' : { 'Macro' : '$(PP_FLAGS)', 'Value' : True},
++ 'APP' : { 'Macro' : '$(APP_FLAGS)', 'Value' : True},
++ 'ASLPP' : { 'Macro' : '$(ASLPP_FLAGS)', 'Value' : True},
++ 'VFRPP' : { 'Macro' : '$(VFRPP_FLAGS)', 'Value' : True},
++ 'ASM' : { 'Macro' : '$(ASM_FLAGS)', 'Value' : True},
++ 'ASLCC' : { 'Macro' : '$(ASLCC_FLAGS)', 'Value' : True},
+ }
+
+ RespDict = {}
+@@ -1007,9 +1007,9 @@ cleanlib:
+ if not self.ObjTargetDict.get(T.Target.SubDir):
+ self.ObjTargetDict[T.Target.SubDir] = set()
+ self.ObjTargetDict[T.Target.SubDir].add(NewFile)
+- for Type in self._AutoGenObject.Targets:
++ for Type in sorted(self._AutoGenObject.Targets):
+ resp_file_number = 0
+- for T in self._AutoGenObject.Targets[Type]:
++ for T in sorted(self._AutoGenObject.Targets[Type]):
+ # Generate related macros if needed
+ if T.GenFileListMacro and T.FileListMacro not in self.FileListMacros:
+ self.FileListMacros[T.FileListMacro] = []
+diff --git a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
+index d05410b329..99b3f64aba 100755
+--- a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
++++ b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
+@@ -1474,6 +1474,9 @@ class ModuleAutoGen(AutoGen):
+ for File in Files:
+ if File.lower().endswith('.pdb'):
+ AsBuiltInfDict['binary_item'].append('DISPOSABLE|' + File)
++
++ AsBuiltInfDict['binary_item'] = sorted(AsBuiltInfDict['binary_item'])
++
+ HeaderComments = self.Module.HeaderComments
+ StartPos = 0
+ for Index in range(len(HeaderComments)):
+@@ -1749,7 +1752,7 @@ class ModuleAutoGen(AutoGen):
+ if os.path.exists (self.TimeStampPath):
+ os.remove (self.TimeStampPath)
+
+- SaveFileOnChange(self.TimeStampPath, "\n".join(FileSet), False)
++ SaveFileOnChange(self.TimeStampPath, "\n".join(sorted(FileSet)), False)
+
+ # Ignore generating makefile when it is a binary module
+ if self.IsBinaryModule:
+--
+2.30.2
+
diff --git a/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
deleted file mode 100644
index 3aa6cc4acb..0000000000
--- a/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
+++ /dev/null
@@ -1,1124 +0,0 @@
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Mon, 6 Jul 2015 20:22:02 +0200
-Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default
- keys
-
-(A port of the <https://bugzilla.redhat.com/show_bug.cgi?id=1148296> patch
-to Gerd's public RPMs.)
-
-This application is meant to be invoked by the management layer, after
-booting the UEFI shell and getting a shell prompt on the serial console.
-The app enrolls a number of certificates (see below), and then reports
-status to the serial console as well. The expected output is "info:
-success":
-
-> Shell> EnrollDefaultKeys.efi
-> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
-> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
-> info: success
-> Shell>
-
-In case of success, the management layer can force off or reboot the VM
-(for example with the "reset -s" or "reset -c" UEFI shell commands,
-respectively), and start the guest installation with SecureBoot enabled.
-
-PK:
-- A unique, static, ad-hoc certificate whose private half has been
- destroyed (more precisely, never saved) and is therefore unusable for
- signing. (The command for creating this certificate is saved in the
- source code.)
-
-KEK:
-- same ad-hoc certificate as used for the PK,
-- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool
- package is signed (indirectly, through a chain) with this; enrolling
- such a KEK should allow guests to install those updates.
-
-DB:
-- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows
- Server 2012 R2,
-- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI
- oproms.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Upstream-Status: Inappropriate [not author]
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
----
- OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 960 ++++++++++++++++++++++++
- OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 51 ++
- OvmfPkg/OvmfPkgIa32.dsc | 4 +
- OvmfPkg/OvmfPkgIa32X64.dsc | 4 +
- OvmfPkg/OvmfPkgX64.dsc | 4 +
- 5 files changed, 1023 insertions(+)
- create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
- create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-
-diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
-new file mode 100644
-index 0000000..081212b
---- /dev/null
-+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
-@@ -0,0 +1,960 @@
-+/** @file
-+ Enroll default PK, KEK, DB.
-+
-+ Copyright (C) 2014, Red Hat, Inc.
-+
-+ This program and the accompanying materials are licensed and made available
-+ under the terms and conditions of the BSD License which accompanies this
-+ distribution. The full text of the license may be found at
-+ http://opensource.org/licenses/bsd-license.
-+
-+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
-+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+**/
-+#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
-+#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
-+#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
-+#include <Library/BaseMemoryLib.h> // CopyGuid()
-+#include <Library/DebugLib.h> // ASSERT()
-+#include <Library/MemoryAllocationLib.h> // FreePool()
-+#include <Library/ShellCEntryLib.h> // ShellAppMain()
-+#include <Library/UefiLib.h> // AsciiPrint()
-+#include <Library/UefiRuntimeServicesTableLib.h> // gRT
-+
-+//
-+// The example self-signed certificate below, which we'll use for both Platform
-+// Key, and first Key Exchange Key, has been generated with the following
-+// non-interactive openssl command. The passphrase is read from /dev/urandom,
-+// and not saved, and the private key is written to /dev/null. In other words,
-+// we can't sign anything else against this certificate, which is our purpose.
-+//
-+/*
-+ openssl req \
-+ -passout file:<(head -c 16 /dev/urandom) \
-+ -x509 \
-+ -newkey rsa:2048 \
-+ -keyout /dev/null \
-+ -outform DER \
-+ -subj $(
-+ printf /C=US
-+ printf /ST=TestStateOrProvince
-+ printf /L=TestLocality
-+ printf /O=TestOrganization
-+ printf /OU=TestOrganizationalUnit
-+ printf /CN=TestCommonName
-+ printf /emailAddress=test@example.com
-+ ) \
-+ 2>/dev/null \
-+ | xxd -i
-+*/
-+STATIC CONST UINT8 ExampleCert[] = {
-+ 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d,
-+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
-+ 0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
-+ 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
-+ 0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50,
-+ 0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
-+ 0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61,
-+ 0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a,
-+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
-+ 0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
-+ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31,
-+ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73,
-+ 0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f,
-+ 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
-+ 0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
-+ 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30,
-+ 0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34,
-+ 0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81,
-+ 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
-+ 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54,
-+ 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f,
-+ 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
-+ 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69,
-+ 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10,
-+ 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
-+ 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
-+ 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
-+ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30,
-+ 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43,
-+ 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d,
-+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10,
-+ 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
-+ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
-+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
-+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce,
-+ 0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21,
-+ 0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc,
-+ 0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae,
-+ 0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16,
-+ 0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b,
-+ 0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77,
-+ 0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce,
-+ 0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31,
-+ 0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35,
-+ 0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d,
-+ 0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a,
-+ 0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24,
-+ 0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2,
-+ 0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d,
-+ 0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b,
-+ 0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3,
-+ 0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1,
-+ 0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4,
-+ 0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68,
-+ 0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50,
-+ 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
-+ 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3,
-+ 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
-+ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e,
-+ 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29,
-+ 0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
-+ 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
-+ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38,
-+ 0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9,
-+ 0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a,
-+ 0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c,
-+ 0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59,
-+ 0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4,
-+ 0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81,
-+ 0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c,
-+ 0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f,
-+ 0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b,
-+ 0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04,
-+ 0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f,
-+ 0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e,
-+ 0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f,
-+ 0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03,
-+ 0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84,
-+ 0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d,
-+ 0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5,
-+ 0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1,
-+ 0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19,
-+ 0x26, 0x5b, 0xc0, 0x3d, 0xc7
-+};
-+
-+//
-+// Second KEK: "Microsoft Corporation KEK CA 2011".
-+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
-+//
-+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK.
-+//
-+STATIC CONST UINT8 MicrosoftKEK[] = {
-+ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
-+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
-+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
-+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
-+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
-+ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32,
-+ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30,
-+ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
-+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
-+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
-+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
-+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
-+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
-+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06,
-+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
-+ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31,
-+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
-+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad,
-+ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d,
-+ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb,
-+ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3,
-+ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b,
-+ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac,
-+ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8,
-+ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0,
-+ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2,
-+ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89,
-+ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2,
-+ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03,
-+ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e,
-+ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb,
-+ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f,
-+ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa,
-+ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f,
-+ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6,
-+ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf,
-+ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07,
-+ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30,
-+ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
-+ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,
-+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4,
-+ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f,
-+ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02,
-+ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00,
-+ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01,
-+ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
-+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
-+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11,
-+ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30,
-+ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0,
-+ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63,
-+ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
-+ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70,
-+ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f,
-+ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f,
-+ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63,
-+ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
-+ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
-+ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
-+ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74,
-+ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61,
-+ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d,
-+ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09,
-+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
-+ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a,
-+ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66,
-+ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a,
-+ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64,
-+ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58,
-+ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0,
-+ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5,
-+ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec,
-+ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7,
-+ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28,
-+ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79,
-+ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b,
-+ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8,
-+ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19,
-+ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58,
-+ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d,
-+ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d,
-+ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8,
-+ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60,
-+ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac,
-+ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87,
-+ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd,
-+ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81,
-+ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92,
-+ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0,
-+ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf,
-+ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb,
-+ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68,
-+ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad,
-+ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82,
-+ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14,
-+ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f,
-+ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b,
-+ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0,
-+ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d,
-+ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38,
-+ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c,
-+ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14,
-+ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5,
-+ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e
-+};
-+
-+//
-+// First DB entry: "Microsoft Windows Production PCA 2011"
-+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
-+//
-+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain
-+// rooted in this certificate.
-+//
-+STATIC CONST UINT8 MicrosoftPCA[] = {
-+ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30,
-+ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72,
-+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
-+ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17,
-+ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32,
-+ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31,
-+ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
-+ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
-+ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
-+ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
-+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
-+ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31,
-+ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63,
-+ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77,
-+ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20,
-+ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
-+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,
-+ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7,
-+ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb,
-+ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b,
-+ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3,
-+ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0,
-+ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74,
-+ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67,
-+ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53,
-+ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23,
-+ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3,
-+ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff,
-+ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2,
-+ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22,
-+ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3,
-+ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b,
-+ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc,
-+ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6,
-+ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8,
-+ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8,
-+ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03,
-+ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10,
-+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03,
-+ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
-+ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9,
-+ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b,
-+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00,
-+ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03,
-+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03,
-+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
-+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
-+ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94,
-+ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d,
-+ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45,
-+ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69,
-+ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70,
-+ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
-+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41,
-+ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33,
-+ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
-+ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06,
-+ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a,
-+ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65,
-+ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72,
-+ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32,
-+ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14,
-+ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc,
-+ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0,
-+ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61,
-+ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda,
-+ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a,
-+ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2,
-+ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea,
-+ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30,
-+ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86,
-+ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8,
-+ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae,
-+ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8,
-+ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac,
-+ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84,
-+ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73,
-+ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73,
-+ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60,
-+ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6,
-+ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a,
-+ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba,
-+ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce,
-+ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f,
-+ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e,
-+ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3,
-+ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45,
-+ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0,
-+ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24,
-+ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c,
-+ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf,
-+ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c,
-+ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2,
-+ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c,
-+ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47,
-+ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a,
-+ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21,
-+ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86,
-+ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6,
-+ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9,
-+ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4,
-+ 0x62, 0x1c, 0x59, 0x7e
-+};
-+
-+//
-+// Second DB entry: "Microsoft Corporation UEFI CA 2011"
-+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
-+//
-+// To verify the "shim" binary and PCI expansion ROMs with.
-+//
-+STATIC CONST UINT8 MicrosoftUefiCA[] = {
-+ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30,
-+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
-+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
-+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
-+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
-+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
-+ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32,
-+ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30,
-+ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
-+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
-+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
-+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
-+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
-+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
-+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06,
-+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
-+ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31,
-+ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
-+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7,
-+ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43,
-+ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73,
-+ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3,
-+ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54,
-+ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c,
-+ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f,
-+ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae,
-+ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d,
-+ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa,
-+ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff,
-+ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b,
-+ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6,
-+ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62,
-+ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08,
-+ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7,
-+ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2,
-+ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f,
-+ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b,
-+ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a,
-+ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76,
-+ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01,
-+ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23,
-+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16,
-+ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37,
-+ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03,
-+ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd,
-+ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b,
-+ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14,
-+ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43,
-+ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
-+ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
-+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
-+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58,
-+ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8,
-+ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51,
-+ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
-+ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f,
-+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43,
-+ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f,
-+ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e,
-+ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
-+ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01,
-+ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
-+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
-+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72,
-+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50,
-+ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30,
-+ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06,
-+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
-+ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76,
-+ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef,
-+ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13,
-+ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82,
-+ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a,
-+ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20,
-+ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90,
-+ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52,
-+ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d,
-+ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf,
-+ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49,
-+ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34,
-+ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75,
-+ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9,
-+ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f,
-+ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c,
-+ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56,
-+ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae,
-+ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a,
-+ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c,
-+ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59,
-+ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d,
-+ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53,
-+ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b,
-+ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98,
-+ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85,
-+ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2,
-+ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2,
-+ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c,
-+ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b,
-+ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27,
-+ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6,
-+ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f,
-+ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55,
-+ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e,
-+ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62,
-+ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8,
-+ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6,
-+ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75,
-+ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58
-+};
-+
-+//
-+// The most important thing about the variable payload is that it is a list of
-+// lists, where the element size of any given *inner* list is constant.
-+//
-+// Since X509 certificates vary in size, each of our *inner* lists will contain
-+// one element only (one X.509 certificate). This is explicitly mentioned in
-+// the UEFI specification, in "28.4.1 Signature Database", in a Note.
-+//
-+// The list structure looks as follows:
-+//
-+// struct EFI_VARIABLE_AUTHENTICATION_2 { |
-+// struct EFI_TIME { |
-+// UINT16 Year; |
-+// UINT8 Month; |
-+// UINT8 Day; |
-+// UINT8 Hour; |
-+// UINT8 Minute; |
-+// UINT8 Second; |
-+// UINT8 Pad1; |
-+// UINT32 Nanosecond; |
-+// INT16 TimeZone; |
-+// UINT8 Daylight; |
-+// UINT8 Pad2; |
-+// } TimeStamp; |
-+// |
-+// struct WIN_CERTIFICATE_UEFI_GUID { | |
-+// struct WIN_CERTIFICATE { | |
-+// UINT32 dwLength; ----------------------------------------+ |
-+// UINT16 wRevision; | |
-+// UINT16 wCertificateType; | |
-+// } Hdr; | +- DataSize
-+// | |
-+// EFI_GUID CertType; | |
-+// UINT8 CertData[1] = { <--- "struct hack" | |
-+// struct EFI_SIGNATURE_LIST { | | |
-+// EFI_GUID SignatureType; | | |
-+// UINT32 SignatureListSize; -------------------------+ | |
-+// UINT32 SignatureHeaderSize; | | |
-+// UINT32 SignatureSize; ---------------------------+ | | |
-+// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
-+// v | | |
-+// struct EFI_SIGNATURE_DATA { | | | |
-+// EFI_GUID SignatureOwner; | | | |
-+// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
-+// X.509 payload | | | |
-+// } | | | |
-+// } Signatures[]; | | |
-+// } SigLists[]; | |
-+// }; | |
-+// } AuthInfo; | |
-+// }; |
-+//
-+// Given that the "struct hack" invokes undefined behavior (which is why C99
-+// introduced the flexible array member), and because subtracting those pesky
-+// sizes of 1 is annoying, and because the format is fully specified in the
-+// UEFI specification, we'll introduce two matching convenience structures that
-+// are customized for our X.509 purposes.
-+//
-+#pragma pack(1)
-+typedef struct {
-+ EFI_TIME TimeStamp;
-+
-+ //
-+ // dwLength covers data below
-+ //
-+ UINT32 dwLength;
-+ UINT16 wRevision;
-+ UINT16 wCertificateType;
-+ EFI_GUID CertType;
-+} SINGLE_HEADER;
-+
-+typedef struct {
-+ //
-+ // SignatureListSize covers data below
-+ //
-+ EFI_GUID SignatureType;
-+ UINT32 SignatureListSize;
-+ UINT32 SignatureHeaderSize; // constant 0
-+ UINT32 SignatureSize;
-+
-+ //
-+ // SignatureSize covers data below
-+ //
-+ EFI_GUID SignatureOwner;
-+
-+ //
-+ // X.509 certificate follows
-+ //
-+} REPEATING_HEADER;
-+#pragma pack()
-+
-+/**
-+ Enroll a set of DER-formatted X.509 certificates in a global variable,
-+ overwriting it.
-+
-+ The variable will be rewritten with NV+BS+RT+AT attributes.
-+
-+ @param[in] VariableName The name of the variable to overwrite.
-+
-+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to
-+ overwrite.
-+
-+ @param[in] ... A list of
-+
-+ IN CONST UINT8 *Cert,
-+ IN UINTN CertSize,
-+ IN CONST EFI_GUID *OwnerGuid
-+
-+ triplets. If the first component of a triplet is
-+ NULL, then the other two components are not
-+ accessed, and processing is terminated. The list of
-+ X.509 certificates is enrolled in the variable
-+ specified, overwriting it. The OwnerGuid component
-+ identifies the agent installing the certificate.
-+
-+ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert
-+ value is NULL), or one of the CertSize values
-+ is 0, or one of the CertSize values would
-+ overflow the accumulated UINT32 data size.
-+
-+ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable
-+ payload.
-+
-+ @retval EFI_SUCCESS Enrollment successful; the variable has been
-+ overwritten (or created).
-+
-+ @return Error codes from gRT->GetTime() and
-+ gRT->SetVariable().
-+**/
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+EnrollListOfX509Certs (
-+ IN CHAR16 *VariableName,
-+ IN EFI_GUID *VendorGuid,
-+ ...
-+ )
-+{
-+ UINTN DataSize;
-+ SINGLE_HEADER *SingleHeader;
-+ REPEATING_HEADER *RepeatingHeader;
-+ VA_LIST Marker;
-+ CONST UINT8 *Cert;
-+ EFI_STATUS Status = EFI_SUCCESS;
-+ UINT8 *Data;
-+ UINT8 *Position;
-+
-+ //
-+ // compute total size first, for UINT32 range check, and allocation
-+ //
-+ DataSize = sizeof *SingleHeader;
-+ VA_START (Marker, VendorGuid);
-+ for (Cert = VA_ARG (Marker, CONST UINT8 *);
-+ Cert != NULL;
-+ Cert = VA_ARG (Marker, CONST UINT8 *)) {
-+ UINTN CertSize;
-+
-+ CertSize = VA_ARG (Marker, UINTN);
-+ (VOID)VA_ARG (Marker, CONST EFI_GUID *);
-+
-+ if (CertSize == 0 ||
-+ CertSize > MAX_UINT32 - sizeof *RepeatingHeader ||
-+ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) {
-+ Status = EFI_INVALID_PARAMETER;
-+ break;
-+ }
-+ DataSize += sizeof *RepeatingHeader + CertSize;
-+ }
-+ VA_END (Marker);
-+
-+ if (DataSize == sizeof *SingleHeader) {
-+ Status = EFI_INVALID_PARAMETER;
-+ }
-+ if (EFI_ERROR (Status)) {
-+ goto Out;
-+ }
-+
-+ Data = AllocatePool (DataSize);
-+ if (Data == NULL) {
-+ Status = EFI_OUT_OF_RESOURCES;
-+ goto Out;
-+ }
-+
-+ Position = Data;
-+
-+ SingleHeader = (SINGLE_HEADER *)Position;
-+ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL);
-+ if (EFI_ERROR (Status)) {
-+ goto FreeData;
-+ }
-+ SingleHeader->TimeStamp.Pad1 = 0;
-+ SingleHeader->TimeStamp.Nanosecond = 0;
-+ SingleHeader->TimeStamp.TimeZone = 0;
-+ SingleHeader->TimeStamp.Daylight = 0;
-+ SingleHeader->TimeStamp.Pad2 = 0;
-+#if 0
-+ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp;
-+#else
-+ //
-+ // This looks like a bug in edk2. According to the UEFI specification,
-+ // dwLength is "The length of the entire certificate, including the length of
-+ // the header, in bytes". That shouldn't stop right after CertType -- it
-+ // should include everything below it.
-+ //
-+ SingleHeader->dwLength = sizeof *SingleHeader
-+ - sizeof SingleHeader->TimeStamp;
-+#endif
-+ SingleHeader->wRevision = 0x0200;
-+ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID;
-+ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid);
-+ Position += sizeof *SingleHeader;
-+
-+ VA_START (Marker, VendorGuid);
-+ for (Cert = VA_ARG (Marker, CONST UINT8 *);
-+ Cert != NULL;
-+ Cert = VA_ARG (Marker, CONST UINT8 *)) {
-+ UINTN CertSize;
-+ CONST EFI_GUID *OwnerGuid;
-+
-+ CertSize = VA_ARG (Marker, UINTN);
-+ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *);
-+
-+ RepeatingHeader = (REPEATING_HEADER *)Position;
-+ CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid);
-+ RepeatingHeader->SignatureListSize = sizeof *RepeatingHeader + CertSize;
-+ RepeatingHeader->SignatureHeaderSize = 0;
-+ RepeatingHeader->SignatureSize =
-+ sizeof RepeatingHeader->SignatureOwner + CertSize;
-+ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid);
-+ Position += sizeof *RepeatingHeader;
-+
-+ CopyMem (Position, Cert, CertSize);
-+ Position += CertSize;
-+ }
-+ VA_END (Marker);
-+
-+ ASSERT (Data + DataSize == Position);
-+
-+ Status = gRT->SetVariable (VariableName, VendorGuid,
-+ (EFI_VARIABLE_NON_VOLATILE |
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
-+ EFI_VARIABLE_RUNTIME_ACCESS |
-+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
-+ DataSize, Data);
-+
-+FreeData:
-+ FreePool (Data);
-+
-+Out:
-+ if (EFI_ERROR (Status)) {
-+ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName,
-+ VendorGuid, Status);
-+ }
-+ return Status;
-+}
-+
-+
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+GetExact (
-+ IN CHAR16 *VariableName,
-+ IN EFI_GUID *VendorGuid,
-+ OUT VOID *Data,
-+ IN UINTN DataSize,
-+ IN BOOLEAN AllowMissing
-+ )
-+{
-+ UINTN Size;
-+ EFI_STATUS Status;
-+
-+ Size = DataSize;
-+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data);
-+ if (EFI_ERROR (Status)) {
-+ if (Status == EFI_NOT_FOUND && AllowMissing) {
-+ ZeroMem (Data, DataSize);
-+ return EFI_SUCCESS;
-+ }
-+
-+ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName,
-+ VendorGuid, Status);
-+ return Status;
-+ }
-+
-+ if (Size != DataSize) {
-+ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, "
-+ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size);
-+ return EFI_PROTOCOL_ERROR;
-+ }
-+
-+ return EFI_SUCCESS;
-+}
-+
-+typedef struct {
-+ UINT8 SetupMode;
-+ UINT8 SecureBoot;
-+ UINT8 SecureBootEnable;
-+ UINT8 CustomMode;
-+ UINT8 VendorKeys;
-+} SETTINGS;
-+
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+GetSettings (
-+ OUT SETTINGS *Settings
-+ )
-+{
-+ EFI_STATUS Status;
-+
-+ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid,
-+ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
-+ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME,
-+ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable,
-+ sizeof Settings->SecureBootEnable, TRUE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE);
-+ if (EFI_ERROR (Status)) {
-+ return Status;
-+ }
-+
-+ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid,
-+ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE);
-+ return Status;
-+}
-+
-+STATIC
-+VOID
-+EFIAPI
-+PrintSettings (
-+ IN CONST SETTINGS *Settings
-+ )
-+{
-+ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d "
-+ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot,
-+ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys);
-+}
-+
-+
-+INTN
-+EFIAPI
-+ShellAppMain (
-+ IN UINTN Argc,
-+ IN CHAR16 **Argv
-+ )
-+{
-+ EFI_STATUS Status;
-+ SETTINGS Settings;
-+
-+ Status = GetSettings (&Settings);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+ PrintSettings (&Settings);
-+
-+ if (Settings.SetupMode != 1) {
-+ AsciiPrint ("error: already in User Mode\n");
-+ return 1;
-+ }
-+
-+ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) {
-+ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE;
-+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+ (EFI_VARIABLE_NON_VOLATILE |
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS),
-+ sizeof Settings.CustomMode, &Settings.CustomMode);
-+ if (EFI_ERROR (Status)) {
-+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
-+ &gEfiCustomModeEnableGuid, Status);
-+ return 1;
-+ }
-+ }
-+
-+ Status = EnrollListOfX509Certs (
-+ EFI_IMAGE_SECURITY_DATABASE,
-+ &gEfiImageSecurityDatabaseGuid,
-+ MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid,
-+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid,
-+ NULL);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+
-+ Status = EnrollListOfX509Certs (
-+ EFI_KEY_EXCHANGE_KEY_NAME,
-+ &gEfiGlobalVariableGuid,
-+ ExampleCert, sizeof ExampleCert, &gEfiCallerIdGuid,
-+ MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid,
-+ NULL);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+
-+ Status = EnrollListOfX509Certs (
-+ EFI_PLATFORM_KEY_NAME,
-+ &gEfiGlobalVariableGuid,
-+ ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid,
-+ NULL);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+
-+ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE;
-+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
-+ sizeof Settings.CustomMode, &Settings.CustomMode);
-+ if (EFI_ERROR (Status)) {
-+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
-+ &gEfiCustomModeEnableGuid, Status);
-+ return 1;
-+ }
-+
-+ Status = GetSettings (&Settings);
-+ if (EFI_ERROR (Status)) {
-+ return 1;
-+ }
-+ PrintSettings (&Settings);
-+
-+ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 ||
-+ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 ||
-+ Settings.VendorKeys != 0) {
-+ AsciiPrint ("error: unexpected\n");
-+ return 1;
-+ }
-+
-+ AsciiPrint ("info: success\n");
-+ return 0;
-+}
-diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-new file mode 100644
-index 0000000..ac919bb
---- /dev/null
-+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-@@ -0,0 +1,51 @@
-+## @file
-+# Enroll default PK, KEK, DB.
-+#
-+# Copyright (C) 2014, Red Hat, Inc.
-+#
-+# This program and the accompanying materials are licensed and made available
-+# under the terms and conditions of the BSD License which accompanies this
-+# distribution. The full text of the license may be found at
-+# http://opensource.org/licenses/bsd-license.
-+#
-+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
-+# IMPLIED.
-+##
-+
-+[Defines]
-+ INF_VERSION = 0x00010006
-+ BASE_NAME = EnrollDefaultKeys
-+ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A
-+ MODULE_TYPE = UEFI_APPLICATION
-+ VERSION_STRING = 0.1
-+ ENTRY_POINT = ShellCEntryLib
-+
-+#
-+# VALID_ARCHITECTURES = IA32 X64
-+#
-+
-+[Sources]
-+ EnrollDefaultKeys.c
-+
-+[Packages]
-+ MdePkg/MdePkg.dec
-+ MdeModulePkg/MdeModulePkg.dec
-+ SecurityPkg/SecurityPkg.dec
-+ ShellPkg/ShellPkg.dec
-+
-+[Guids]
-+ gEfiCertPkcs7Guid
-+ gEfiCertX509Guid
-+ gEfiCustomModeEnableGuid
-+ gEfiGlobalVariableGuid
-+ gEfiImageSecurityDatabaseGuid
-+ gEfiSecureBootEnableDisableGuid
-+
-+[LibraryClasses]
-+ BaseMemoryLib
-+ DebugLib
-+ MemoryAllocationLib
-+ ShellCEntryLib
-+ UefiLib
-+ UefiRuntimeServicesTableLib
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index fa9661c..e2e6ba3 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -764,6 +764,10 @@
-
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+ <LibraryClasses>
-+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+ }
- !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 667584a..a0ae1aa 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -773,6 +773,10 @@
-
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+ <LibraryClasses>
-+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+ }
- !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 5ae8469..87cee52 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -771,6 +771,10 @@
-
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+ <LibraryClasses>
-+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+ }
- !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
diff --git a/meta/recipes-core/ovmf/ovmf/VfrCompile-increase-path-length-limit.patch b/meta/recipes-core/ovmf/ovmf/VfrCompile-increase-path-length-limit.patch
deleted file mode 100644
index bb12d8beba..0000000000
--- a/meta/recipes-core/ovmf/ovmf/VfrCompile-increase-path-length-limit.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From c7722d10c7bcf6be0adcf54abb1d406599dd7914 Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Fri, 24 Feb 2017 01:40:02 +0100
-Subject: [PATCH] VfrCompile: increase path length limit
-
-The VfrCompile tool has a hard-coded maximum length for path names
-which turned out to be too small by around 20 characters in the Yocto
-autobuilder setup. Increasing the maximum by a factor of 4 is
-relatively easy and makes the problem less likely.
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
----
- BaseTools/Source/C/VfrCompile/EfiVfr.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/BaseTools/Source/C/VfrCompile/EfiVfr.h b/BaseTools/Source/C/VfrCompile/EfiVfr.h
-index d187902..9ad4a7b 100644
---- a/BaseTools/Source/C/VfrCompile/EfiVfr.h
-+++ b/BaseTools/Source/C/VfrCompile/EfiVfr.h
-@@ -19,7 +19,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
- #include "Common/UefiInternalFormRepresentation.h"
- #include "Common/MdeModuleHii.h"
-
--#define MAX_PATH 255
-+#define MAX_PATH 1023
- #define MAX_VFR_LINE_LEN 4096
-
- #define EFI_IFR_MAX_LENGTH 0xFF
---
-2.1.4
-
diff --git a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch
deleted file mode 100644
index 959b1c649c..0000000000
--- a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Author: Steve Langasek <steve.langasek@ubuntu.com>
-Description: pass -fno-stack-protector to all GCC toolchains
- The upstream build rules inexplicably pass -fno-stack-protector only
- when building for i386 and amd64. Add this essential argument to the
- generic rules for gcc 4.4 and later.
-Last-Updated: 2016-04-12
-Upstream-Status: Pending
-Index: git/BaseTools/Conf/tools_def.template
-===================================================================
---- git.orig/BaseTools/Conf/tools_def.template
-+++ git/BaseTools/Conf/tools_def.template
-@@ -4368,7 +4368,7 @@ DEFINE GCC_IPF_RC_FLAGS = -I
- DEFINE GCC_ARM_RC_FLAGS = -I binary -O elf32-littlearm -B arm --rename-section .data=.hii
- DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii
-
--DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
-+DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
- DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
- DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
- DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-27 20:34:32 +0000