use SignedData instead of PKCS7 for variable updates
The EFI standard is ambiguous about which one to use for variable
updates (it is definite about using PKCS7 for signed binaries). Until
recently, the reference platform, tianocore, accepted both. However
Author: Zhang Lubo <email@example.com>
Date: Thu Jan 5 14:58:05 2017 +0800
SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable.
The acceptance of PKCS7 got broken. This breakage seems to be
propagating to the UEFI ecosystem, so update the variable signing
tools to emit the SignedData type.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
1 file changed