Support User Manuals

Intel Extensible Firmware Interface Network Router User Manual

Open as PDF

of 1084

Extensible Firmware Interface Specification

15-98 12/01/02 Version 1.10

The left-hand string must appear exactly as shown. The right-hand string must appear exactly as

shown.

Name: memory:BootObject

This identifies the section in the signer’s information file corresponding to the section with the

same name in the manifest file described earlier. The string “memory:BootObject” must

appear exactly as shown.

Digest-Algorithms: SHA-1

This enumerates the digest algorithms for which integrity data is included for the corresponding

manifest section. Strings identifying digest algorithms are the same as in the manifest file. The

digest algorithms specified here must match those specified in the manifest file. For every digest

algorithm XXX listed, there must also be a corresponding XXX-Digest line.

SHA-1-Digest: (base-64 representation of a SHA-1 digest of the

corresponding manifest section)

Gives the corresponding digest value for the corresponding manifest section. The value is base-64

encoded. Note that for the purpose of computing the hash of the manifest section, the manifest

section starts at the beginning of the opening “Name:” keyword and continues up to, but not

including, the next section’s “Name:” keyword or the end-of-file. Thus the hash includes the

blank line(s) at the end of a section and any newline(s) preceding the next “Name:” keyword or

end-of-file.

//**********************************************************

// Signature Block File Example

//**********************************************************

A signature block file is a raw binary file (not base-64 encoded) that is a PKCS#7 defined format

signature block. The signature block covers exactly the contents of the signer’s information file.

There must be a correspondence between the name of the signer’s information file and the signature

block file. The base name matches, and the three-character extension is modified to reflect the

signature algorithm used according to the following rules:

• DSA signature algorithm (which uses SHA-1 hash): extension is DSA.

• RSA signature algorithm with MD5 hash: extension is RSA.

So for example with a signer’s information file name of “myinfo.SF,” the corresponding DSA

signature block file name would be “myinfo.DSA.”

The format of a signature block file is defined in [PKCS].

previous next