UefiPayloadPkg/SecureBootDefaultKeys: update keys 16/11/2023

Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>
Dasharo · Nov 17, 2023 · b7274c9 · b7274c9
1 parent 03b3fc6
commit b7274c9
Show file tree

Hide file tree

Showing 7 changed files with 7 additions and 1 deletion.
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
@@ -253,6 +253,7 @@ INF  OvmfPkg/PvScsiDxe/PvScsiDxe.inf
   # gDefaultKEKFileGuid
   FILE FREEFORM = 6F64916E-9F7A-4C35-B952-CD041EFB05A3 {
     SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/microsoft_corporation_kek_2k_ca_2023.crt
     SECTION UI = "DefaultKekCert"
   }
 
@@ -266,6 +267,8 @@ INF  OvmfPkg/PvScsiDxe/PvScsiDxe.inf
   FILE FREEFORM = C491D352-7623-4843-ACCC-2791A7574421 {
     SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt
     SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/windows_uefi_ca_2023.crt
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/microsoft_uefi_ca_2023.crt
     SECTION UI = "DefaultDbCert"
   }
 

diff --git a/UefiPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin b/UefiPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin
diff --git a/UefiPayloadPkg/SecureBootDefaultKeys/README b/UefiPayloadPkg/SecureBootDefaultKeys/README
@@ -4,6 +4,6 @@
 * Generate a RSA 2048 x509 certificate
 * Exponent should be 65537
 * Microsoft certificates can be found here: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance
-* Date of downloading Microsoft certificates and DBX: 28-10-2022
+* Date of downloading Microsoft certificates and DBX: 16-11-2023
 
 openssl req -outform DER -newkey rsa:2048 -keyout /dev/null -passout file:<(head -c 40 /dev/urandom) -x509 -days 1825 -out pk.crt -subj "/C=PL/ST=Pomerania/L=Gdansk/O=3mdeb Sp. z o.o./CN=Dasharo PK/emailAddress=contact@dasharo.com"
diff --git a/UefiPayloadPkg/SecureBootDefaultKeys/microsoft_corporation_kek_2k_ca_2023.crt b/UefiPayloadPkg/SecureBootDefaultKeys/microsoft_corporation_kek_2k_ca_2023.crt
diff --git a/UefiPayloadPkg/SecureBootDefaultKeys/microsoft_uefi_ca_2023.crt b/UefiPayloadPkg/SecureBootDefaultKeys/microsoft_uefi_ca_2023.crt
diff --git a/UefiPayloadPkg/SecureBootDefaultKeys/windows_uefi_ca_2023.crt b/UefiPayloadPkg/SecureBootDefaultKeys/windows_uefi_ca_2023.crt
diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayloadPkg.fdf
@@ -304,6 +304,7 @@ INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf
   # gDefaultKEKFileGuid
   FILE FREEFORM = 6F64916E-9F7A-4C35-B952-CD041EFB05A3 {
     SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/microsoft_corporation_kek_2k_ca_2023.crt
     SECTION UI = "DefaultKekCert"
   }
 
@@ -317,6 +318,8 @@ INF SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf
   FILE FREEFORM = C491D352-7623-4843-ACCC-2791A7574421 {
     SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt
     SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/windows_uefi_ca_2023.crt
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/microsoft_uefi_ca_2023.crt
     SECTION UI = "DefaultDbCert"
   }