From 30093ddcbdad3aed4c880f979bb1d72face41693 Mon Sep 17 00:00:00 2001 From: Douglas Flick Date: Fri, 29 Sep 2023 17:33:18 -0700 Subject: [PATCH 1/2] init --- .pytool/CISettings.py | 1 + MsApplicationPkg/Docs/Readme.md | 16 + MsApplicationPkg/MsApplicationPkg.ci.yaml | 108 ++++++ MsApplicationPkg/MsApplicationPkg.dec | 36 ++ MsApplicationPkg/MsApplicationPkg.dsc | 73 ++++ MsApplicationPkg/MsApplicationPkg.uni | 14 + MsApplicationPkg/MsApplicationPkgExtra.uni | 10 + MsApplicationPkg/ReadMe.rst | 14 + .../SecureBootRecovery/Payload/DBUpdate.bin | Bin 0 -> 4832 bytes MsApplicationPkg/SecureBootRecovery/Readme.md | 42 +++ .../SecureBootRecovery/RecoveryPayload.h | 311 ++++++++++++++++++ .../SecureBootRecovery/SecureBootRecovery.c | 164 +++++++++ .../SecureBootRecovery/SecureBootRecovery.inf | 37 +++ MsApplicationPkg/SecureBootRecovery/helper.py | 15 + 14 files changed, 841 insertions(+) create mode 100644 MsApplicationPkg/Docs/Readme.md create mode 100644 MsApplicationPkg/MsApplicationPkg.ci.yaml create mode 100644 MsApplicationPkg/MsApplicationPkg.dec create mode 100644 MsApplicationPkg/MsApplicationPkg.dsc create mode 100644 MsApplicationPkg/MsApplicationPkg.uni create mode 100644 MsApplicationPkg/MsApplicationPkgExtra.uni create mode 100644 MsApplicationPkg/ReadMe.rst create mode 100644 MsApplicationPkg/SecureBootRecovery/Payload/DBUpdate.bin create mode 100644 MsApplicationPkg/SecureBootRecovery/Readme.md create mode 100644 MsApplicationPkg/SecureBootRecovery/RecoveryPayload.h create mode 100644 MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.c create mode 100644 MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf create mode 100644 MsApplicationPkg/SecureBootRecovery/helper.py diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py index 0e106a270f..279d0ed8a8 100644 --- a/.pytool/CISettings.py +++ b/.pytool/CISettings.py @@ -73,6 +73,7 @@ def GetPackagesSupported(self): "AdvLoggerPkg", "MfciPkg", "HidPkg", + "MsApplicationPkg", "MsCorePkg", "MsGraphicsPkg", "MsWheaPkg", diff --git a/MsApplicationPkg/Docs/Readme.md b/MsApplicationPkg/Docs/Readme.md new file mode 100644 index 0000000000..5653ca5aa4 --- /dev/null +++ b/MsApplicationPkg/Docs/Readme.md @@ -0,0 +1,16 @@ +# MsApplicationPkg - Microsoft Application Package + +## About + +This package contains open source production applications that run prior to ExitBootServices(...) and perform some +firmware independent function. + +## Applications + +* Secure Boot Recovery + * EFI application is used to transition a system from the 2011 certificates to the 2023 certificates. + +## Copyright + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent diff --git a/MsApplicationPkg/MsApplicationPkg.ci.yaml b/MsApplicationPkg/MsApplicationPkg.ci.yaml new file mode 100644 index 0000000000..dbbe8b80fd --- /dev/null +++ b/MsApplicationPkg/MsApplicationPkg.ci.yaml @@ -0,0 +1,108 @@ +## +# CI configuration for MsApplicationPkg +# +# Copyright (c) Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## +{ + "PrEval": { + "DscPath": "MsApplicationPkg.dsc", + }, + ## options defined ci/Plugin/CompilerPlugin + "CompilerPlugin": { + "DscPath": "MsApplicationPkg.dsc" + }, + + ## options defined ci/Plugin/CharEncodingCheck + "CharEncodingCheck": { + "IgnoreFiles": [] + }, + + ## options defined ci/Plugin/DependencyCheck + "DependencyCheck": { + "AcceptableDependencies": [ + "MdePkg/MdePkg.dec", + "MdeModulePkg/MdeModulePkg.dec" + ], + "AcceptableDependencies-HOST_APPLICATION":[ # for host based unit tests + "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec" + ], + "AcceptableDependencies-UEFI_APPLICATION": [ + "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec" + ], + "IgnoreInf": [] + }, + + ## options defined ci/Plugin/HostUnitTestCompilerPlugin + "HostUnitTestCompilerPlugin": { + }, + + ## options defined .pytool/Plugin/HostUnitTestDscCompleteCheck + "HostUnitTestDscCompleteCheck": { + "IgnoreInf": [], + }, + + ## options defined ci/Plugin/DscCompleteCheck + "DscCompleteCheck": { + "IgnoreInf": [], + "DscPath": "MsApplicationPkg.dsc" + }, + + ## options defined ci/Plugin/GuidCheck + "GuidCheck": { + "IgnoreGuidName": [], + "IgnoreGuidValue": [], + "IgnoreFoldersAndFiles": [], + "IgnoreDuplicates": [] + }, + + ## options defined ci/Plugin/LibraryClassCheck + "LibraryClassCheck": { + "IgnoreLibraryClass": [], + "IgnoreHeaderFile": [] + }, + + ## options defined ci/Plugin/SpellCheck + "SpellCheck": { + "IgnoreStandardPaths": [ # Standard Plugin defined paths that should be ignore + ], + "IgnoreFiles": [ # use gitignore syntax to ignore errors in matching files + SecureBootRecovery/RecoveryPayload.h + ], + "ExtendWords": [ # words to extend to the dictionary for this package + "checksumed", + "FVDXE", + "CMIIT", + "JASTST", + "mountvol", + "EKU's", + "bootable", + "MSCHANGE", + "UNRECOVERED", + "hibit", + "XIPFLAGS", + "mstrict", + "mgeneral", + "frontpage", + "mitigations", + "AUTHREAD", + "OWNERREAD", + "BREAKASSERT", + "CARDBUS", + "PCIEXP", + "DEADLOOP", + "DEBUGPORT", + "EXTENDMEM", + "FILELOGGING", + "Indexfor", + "PLATFORMCREATE", + "POLICYREAD", + "POLICYWRITE", + "SQRTUNSIGNED", + "VARPOL", + "SNP's", + "UEFI's" + ], + "AdditionalIncludePaths": [] # Additional paths to spell check relative to package root (wildcards supported) + } +} \ No newline at end of file diff --git a/MsApplicationPkg/MsApplicationPkg.dec b/MsApplicationPkg/MsApplicationPkg.dec new file mode 100644 index 0000000000..7f9944d468 --- /dev/null +++ b/MsApplicationPkg/MsApplicationPkg.dec @@ -0,0 +1,36 @@ +## @file MsApplicationPkg.dec +# This package provides production standalone applications for the UEFI +# Firmware. That do not depend on the shell or any other UEFI application. +# This is targetted at promoting to open source and should be aligned with +# Tianocore standards +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + DEC_SPECIFICATION = 0x00010005 + PACKAGE_NAME = MsApplicationPkg + PACKAGE_UNI_FILE = MsApplicationPkg.uni + PACKAGE_GUID = 738E75C6-4EEE-4F63-A30D-8EEB08B1DE04 + PACKAGE_VERSION = .10 + + +[Includes] + +[LibraryClasses] + +[Guids] + # {2714338E-616A-4AC1-8F3E-B58F078D6E35} + gMsApplicationPkgTokenSpaceGuid = { 0x2714338e, 0x616a, 0x4ac1, { 0x8f, 0x3e, 0xb5, 0x8f, 0x7, 0x8d, 0x6e, 0x35 }} + +[Protocols] + +[PcdsFeatureFlag] + +[PcdsFixedAtBuild] + +[PcdsDynamic, PcdsDynamicEx] + +[UserExtensions.TianoCore."ExtraFiles"] + MsApplicationPkgExtra.uni diff --git a/MsApplicationPkg/MsApplicationPkg.dsc b/MsApplicationPkg/MsApplicationPkg.dsc new file mode 100644 index 0000000000..4ce9cc8385 --- /dev/null +++ b/MsApplicationPkg/MsApplicationPkg.dsc @@ -0,0 +1,73 @@ +## @file +# MsApplication Package Localized Strings and Content +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + PLATFORM_NAME = MsApplication + PLATFORM_GUID = BE19B49A-53F6-43CB-AED4-FB86334E665A + PLATFORM_VERSION = .10 + DSC_SPECIFICATION = 0x00010005 + OUTPUT_DIRECTORY = Build/MsApplicationPkg + SUPPORTED_ARCHITECTURES = IA32|X64|AARCH64 + BUILD_TARGETS = DEBUG|RELEASE + SKUID_IDENTIFIER = DEFAULT + +[PcdsFeatureFlag] + +[PcdsFixedAtBuild] + +!include MdePkg/MdeLibs.dsc.inc + +[LibraryClasses.common] + DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf + UefiLib|MdePkg/Library/UefiLib/UefiLib.inf + UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf + +[LibraryClasses.X64] + +!if $(TOOL_CHAIN_TAG) == VS2019 or $(TOOL_CHAIN_TAG) == VS2022 + # Provide StackCookie support lib so that we can link to /GS exports for VS builds + NULL|MdePkg/Library/BaseBinSecurityLibRng/BaseBinSecurityLibRng.inf + BaseBinSecurityLib|MdePkg/Library/BaseBinSecurityLibRng/BaseBinSecurityLibRng.inf +!else + BaseBinSecurityLib|MdePkg/Library/BaseBinSecurityLibNull/BaseBinSecurityLibNull.inf +!endif + +[LibraryClasses.AARCH64] + # Add support for GCC stack protector + NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf + + +################################################################################################### +# +# Components Section - list of the modules and components that will be processed by compilation +# tools and the EDK II tools to generate PE32/PE32+/Coff image files. +# +# Note: The EDK II DSC file is not used to specify how compiled binary images get placed +# into firmware volume images. This section is just a list of modules to compile from +# source into UEFI-compliant binaries. +# It is the FDF file that contains information on combining binary files into firmware +# volume images, whose concept is beyond UEFI and is described in PI specification. +# Binary modules do not need to be listed in this section, as they should be +# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi), +# Logo (Logo.bmp), and etc. +# There may also be modules listed in this section that are not required in the FDF file, +# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be +# generated for it, but the binary will not be put into any firmware volume. +# +################################################################################################### + +[Components] + MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf + +[BuildOptions] +#force deprecated interfaces off + *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES diff --git a/MsApplicationPkg/MsApplicationPkg.uni b/MsApplicationPkg/MsApplicationPkg.uni new file mode 100644 index 0000000000..1a3e46645f --- /dev/null +++ b/MsApplicationPkg/MsApplicationPkg.uni @@ -0,0 +1,14 @@ +// /** @file +// This package provides production independent applications for the UEFI +// Firmware. That do not depend on the shell or any other UEFI application. +// This is targetted at promoting to open source and should be aligned with +// Tianocore standards +// +// Copyright (C) Microsoft Corporation. All rights reserved. +// SPDX-License-Identifier: BSD-2-Clause-Patent +// **/ + + +#string STR_PACKAGE_ABSTRACT #language en-US "This Package provides all applications for MsApplication." + +#string STR_PACKAGE_DESCRIPTION #language en-US "MsApplication is open source independent applications used by Microsoft" \ No newline at end of file diff --git a/MsApplicationPkg/MsApplicationPkgExtra.uni b/MsApplicationPkg/MsApplicationPkgExtra.uni new file mode 100644 index 0000000000..9be8db91af --- /dev/null +++ b/MsApplicationPkg/MsApplicationPkgExtra.uni @@ -0,0 +1,10 @@ +## @file +# MsApplication Package Localized Strings and Content +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +#string STR_PROPERTIES_PACKAGE_NAME +#language en-US +"MsApplication Package" diff --git a/MsApplicationPkg/ReadMe.rst b/MsApplicationPkg/ReadMe.rst new file mode 100644 index 0000000000..58193b46c3 --- /dev/null +++ b/MsApplicationPkg/ReadMe.rst @@ -0,0 +1,14 @@ +============================================================ +Independent applications for UEFI +============================================================ + +Summary +======= +This package provides independent applications for UEFI. +That may be used in production environment to perform +various independent operations. They should be built with +minimal dependencies. + +Documentation +============= +Documentation can be found in the `Docs directory <./Docs>`_ diff --git a/MsApplicationPkg/SecureBootRecovery/Payload/DBUpdate.bin b/MsApplicationPkg/SecureBootRecovery/Payload/DBUpdate.bin new file mode 100644 index 0000000000000000000000000000000000000000..1eff2d01efc3ac1f436c537bb2a75a530306299c GIT binary patch literal 4832 zcmd6q2{hDeAIE328)K{qQ9=m+8DlFd2HD3>mXLLjVGNp3W)f1?N(*HyU9w#ziDb!A z*-5lX3dvH4MB)99ZufTYdvEu==RNnFJ7>u zKfz{sF7^IwJmmY%DB&tDO5M&YAE0wTg+ZYh6o6#qaEmpBdchGeC<_GOV&#yJHH=+E zLfN1UI_ES%N2~yJ_$UJogTi3^D&TaA?>raPOhlmQ^+gn!GyF0H$_36qi^gyP9IS9# z1S>zx)*8bPpqT+XKc~HWh%YhFhe8U(@B%!{MmBynD=*K3q(D#1CP0kY!pSdaM)V+) zLP*{eNj!-hL?XLWh~Nl$U>ma^&cFFj`z1~EO(gL;l2`zP0X7LEu_^!-qlN{r01oE} zhByGDg83x`XtDpu76Cx%>lS5y+oC-&(32D%B5A8{U?gecMU~V)65%Izd)yo}~?kxzBE$?Zo` zW3{-v5S`M8TayBfyn`D=E#)s--P_t0Jk6l(m&)i^_!O1!X<^%}l!R1F2pg&8bmX9i z;D@TKwYzG^XcFUoWgaBF#!i8vK9Sg@Nj)n)f4`!hNDD7f^Mary<+uKn;O+7=;`f}A zGP(L^XyiA`H=Oc}k2$2WhixUOWlS96(poZzcR6d>^n9j{;|mATu76PxUl>}PFlT?= z`V3qnsw3L_Rh47$jkh}5f-8&gZ^-CDoD+*Z7Zz51}Sp|f}- z{@~q-RIS!WpPGw&@7)Q9!{AT|G?xzb22bPwAON1OxHJOE6sZC$6al5H6QF=Nvy}%S zgb?7fuRlcyGpGiN7Y-lenSFUtE)NRmGrQ4+v14!n+dLfHS-G+2vfiqFk~1o z^kQ{=DU_fc%F5y4;YtU;Nm|K+bWl0SpGXP{QT8AQD1$-)MGk5guftTXEAvGWP*cR> zl)!Gljg=kzp)4$HP$)=08?9!s;Bo###7Yl|{2=(B5(Bis)xv~hLE)6OdvCMSBA@|>Vp zbqgIFfq{~KKF@BTr&BdIE&~n7-x4I0fV(TrJv?Gb} zUk(6tmT?e(-CqI7>CV{`zs^1Q9}WwkrT!yO*$HTZe-X$%>~B!{j*F5uzC^O8q=h?~ zLX|XgC;NL*f&$z)m_^MaZ zE2}I^eN6&I=vPuF5`!x9#LcEkM>Cg&?hZ7x^^G?vk6w7U^(1^Maqi?qqw!}vnvd&9 z#on}l=VOQylM5<{NnWUY@aWPpeyufW4rSjkgSBcx?emggd56N!JiS!ykqob$?Q-&2 zU&#A%CQH-ae^ljv->x*6=fRPYgBg=xeKj@km76fLM#CiwtG@Cm5?f8`*)>0kmpiKX_t0|~~bcxY7 zXC$u6b0?atZIk1TSR9DF(i2w2a-TYlN=eJSyE;TV5`c>6YtSFWS*B~EM)%u2-oTPR z&-RmUIU{_9U1ToUu01PODle|>rxk}IeMBF@)FZUHqx_@DlL=aJF_W)5@8CyE6k|>& z`6)O?>MdIp((WsY-F|5`1VMkgsNLXJHmp*S8{gw4!nyHHab#WtJ zs8pkQ^UYY}%aIP*nD=LN-^-m$G0@pb6ZLt#gx}}YhOAkEq!H#rcjjN+`o%(L5A~%Y zfzwYmEYNB?ofz>mYB7$bTmNo}wE#`xGk_>mS95=AOccdE_MPsBbp@Q^e%KYTg<5iL zrUss4;C8i%?e1p!?8@9Y73)^_xcJHz0h88-$0n0eyX{r4j}by|l)1sTSeK?!#rrdK zBm`q^g08={S+l*lS}!)H?lOiBZ33@ZJ(w8-wDbQ0I{szC z{e8;*UH%OwkO(>yB2f`^t0G4!Fm+hM(5`PL{P7z*%?MlwpeTSqs3e+7`*&4pY%ZNw zsY;P;v4rPlU3!Gcny*&kOW!B-s6X{%XRGkGxAxlTDVs<`*4)i8ymyAs^Ug@D zPe6Co%2cD-@Yr)1v3;BD*kG2 z>Dybqe4vHmI=q!?4gN|M0lW{*)4Q|evuCHX1-a;Fo7X%N_$$(In=t#`(WNf!v%F)b z)Cc72xCFYLVi78`o^U#8U#L!OF$XWloTZmV#lq%t8O_APrquH1#hy~E9jdNKU876_ zvNQS^ec$SkiQe#@``R8iyKd+rHJy8PdAZr|QYOWo2i9;FpTFI{yh$tnm{9XG*wZKJ zL;l~a+5kK$-Sq-j9L3D6zdG!Xth@A!>+M<=m*m7k2b&P1Gr~oVR%GA@*8M}be)Q3< zEqOf0`G9Ya_L&r?fzFE?ngF}6ZcPBp02780V{fef|K!%75J4G&>ig=`%nC(i-KQPD zRU}}AVh(`S&$k$?P?J<$S0%f@IEM+KG8TkNO~j_5-0v6dQM$ke;-~Cf zrE_VwYDHHSV)yInqLY(?%u@1KpdNFcbs4WB*lArxbLzrFvrFWMjpB_d`etL%tanyM z{fM3AN6ax!F(C!xvsdebP0b zkVgO4d&cF7$y<4c45^*#+FIbBAaYNv^noU@tTpmfA4rN;7wJWr|jM2%-4 zBh_<6nXjPcjeqq$(G2QFPw!d$jh;q>%^EbS>GBK)`H;GHnD2`ClfmK~R4{$<^qO0BR+E?C_n@9TUyl(|ajHwhvGmjJ*t0Ww cCEkZsrh`ZH4gdfE literal 0 HcmV?d00001 diff --git a/MsApplicationPkg/SecureBootRecovery/Readme.md b/MsApplicationPkg/SecureBootRecovery/Readme.md new file mode 100644 index 0000000000..e38a4151c0 --- /dev/null +++ b/MsApplicationPkg/SecureBootRecovery/Readme.md @@ -0,0 +1,42 @@ +# Secure Boot Recovery + +The Microsoft 2011 Secure Boot Certificates used to boot Windows OS and Third Party applications, drivers, option roms, +through Secure Boot are expiring on 10/19/2026. New certificates have been created and are available at +[Keys Required for Secure Boot on all PCs | Learn Microsoft.](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance?view=windows-11). + +This EFI application is used to transition a system from the 2011 certificates to the 2023 certificates. + +## Files + +* SecureBootRecovery.c + * Recovery Logic +* SecureBootRecovery.inf + * Setup Information +* Payload/dbUpdate.bin + * Raw Recovery Payload - This file is an authenticated variable with a payload to update the DB + * Attributes: + * NON_VOLATILE | BOOTSERVICE_ACCESS | RUNTIME_ACCESS | TIME_BASED_AUTHENTICATED_WRITE_ACCESS | APPEND_WRITE + * Note: The signer must have it's public certificate found in the L"KEK" variable + * Note: The payload found in this repo is the Microsoft Windows Production PCA 2011 signed Windows UEFI CA 2023 DB payload +* RecoveryPayload.h + * The C representation of the dbUpdate.bin file auto generated by Helper.py +* Helper.py + * Generates RecoveryPayload.h from Payload/dbUpdate.bin + +## Build + +```pwsh +stuart_ci_setup -c .pytool/CISettings.py BUILD_MODULE=MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf -p MsApplicationPkg +stuart_update -c .pytool/CISettings.py BUILD_MODULE=MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf -p MsApplicationPkg +stuart_ci_build -c .pytool/CISettings.py BUILD_MODULE=MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf -p MsApplicationPkg +``` + +## Update the payload + +If the recovery payload needs to be updated, replace the file `Payload/dbUpdate.bin` with a KEK signed payload. + +Then execute: + +```pwsh +python helper.py +``` diff --git a/MsApplicationPkg/SecureBootRecovery/RecoveryPayload.h b/MsApplicationPkg/SecureBootRecovery/RecoveryPayload.h new file mode 100644 index 0000000000..75b6a56341 --- /dev/null +++ b/MsApplicationPkg/SecureBootRecovery/RecoveryPayload.h @@ -0,0 +1,311 @@ +#ifndef _RECOVERY_PAYLOAD_H_ +#define _RECOVERY_PAYLOAD_H_ + +#include + +UINT8 mDbUpdate[4832] = { + 0xda, 0x07, 0x03, 0x06, 0x13, 0x11, 0x15, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ................ + 0xf6, 0x0c, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, // ...........J.h.I + 0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x0c, 0xda, 0x02, 0x01, 0x01, 0x31, // ..4}7Ve.0......1 + 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, // .0...`.H.e...... + 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x0a, // 0...*.H......... + 0xed, 0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13, // .0...0.......... + 0x33, 0x00, 0x00, 0x00, 0x2d, 0xee, 0x64, 0xf7, 0x36, 0x4b, 0x19, 0x01, 0x11, 0x00, 0x00, 0x00, // 3...-.d.6K...... + 0x00, 0x00, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, // ..-0...*.H...... + 0x05, 0x00, 0x30, 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, // ..0..1.0...U.... + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, // US1.0...U....Was + 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, // hington1.0...U.. + 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, // ..Redmond1.0...U + 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, // ....Microsoft Co + 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, // rporation1*0(..U + 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, // ...!Microsoft Co + 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, // rporation KEK CA + 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x32, 0x31, 0x36, 0x32, // 20110...2302162 + 0x30, 0x32, 0x30, 0x34, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x31, 0x33, 0x31, 0x32, 0x30, // 02044Z..24013120 + 0x32, 0x30, 0x34, 0x34, 0x5a, 0x30, 0x81, 0x86, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, // 2044Z0..1.0...U. + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, // ...US1.0...U.... + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, // Washington1.0... + 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, // U....Redmond1.0. + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, // ..U....Microsoft + 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x30, 0x30, 0x2e, // Corporation100. + 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x27, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, // ..U...'Microsoft + 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x4b, 0x65, // Windows UEFI Ke + 0x79, 0x20, 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x20, 0x4b, 0x65, 0x79, 0x30, 0x82, // y Exchange Key0. + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, // ."0...*.H....... + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9c, // ......0......... + 0x7d, 0xbf, 0x2b, 0x25, 0xff, 0x99, 0xd8, 0xc6, 0xc6, 0x84, 0x08, 0xbf, 0x46, 0x56, 0x03, 0xe3, // }.+%........FV.. + 0x9f, 0x9c, 0xfd, 0xbb, 0x8e, 0x5c, 0x43, 0x26, 0x39, 0x85, 0x19, 0xf8, 0xbf, 0xbb, 0x72, 0xcc, // .....\C&9.....r. + 0x7f, 0x0f, 0xe6, 0xbe, 0x34, 0xa4, 0x73, 0x41, 0xae, 0xd3, 0x24, 0x8e, 0x6e, 0x49, 0x66, 0x71, // ....4.sA..$.nIfq + 0xc1, 0x1b, 0x51, 0x2a, 0x9a, 0x52, 0xc7, 0x24, 0xcb, 0x71, 0xed, 0xa0, 0x81, 0x5e, 0x23, 0x9b, // ..Q*.R.$.q...^#. + 0xcd, 0xf5, 0xf8, 0x7d, 0x8a, 0xf8, 0xf5, 0x28, 0xf1, 0x23, 0x1f, 0x23, 0x84, 0x73, 0x07, 0x6f, // ...}...(.#.#.s.o + 0xc6, 0x93, 0x7c, 0xdd, 0x63, 0x15, 0xf3, 0xb9, 0xa9, 0xbe, 0x3e, 0xbe, 0xe6, 0x81, 0x1f, 0xe8, // ..|.c.....>..... + 0x6a, 0xb0, 0x63, 0x6f, 0x43, 0x38, 0x3b, 0x14, 0xab, 0xd4, 0x19, 0x86, 0x8e, 0xeb, 0x44, 0x52, // j.coC8;.......DR + 0x44, 0x6b, 0x6a, 0xab, 0xd1, 0x7c, 0x50, 0x65, 0x1b, 0x4e, 0xa8, 0x70, 0xf9, 0x2f, 0xe9, 0x6b, // Dkj..|Pe.N.p./.k + 0x74, 0x71, 0x2c, 0x2a, 0xf0, 0x1d, 0xc7, 0x5b, 0x8e, 0x9c, 0x0b, 0xd6, 0xf0, 0x81, 0x72, 0xe7, // tq,*...[......r. + 0xfa, 0xb4, 0x5b, 0xa4, 0x4a, 0x83, 0x58, 0x91, 0x08, 0x76, 0x24, 0x4f, 0x36, 0x9b, 0xea, 0x78, // ..[.J.X..v$O6..x + 0x0b, 0x3c, 0xf9, 0x46, 0x88, 0x5d, 0x95, 0x51, 0xc4, 0xdc, 0xf0, 0xbf, 0x09, 0xfc, 0x09, 0x69, // .<.F.].Q.......i + 0x56, 0xd6, 0xf7, 0x2d, 0x43, 0xaa, 0x75, 0xac, 0x8a, 0xf2, 0x57, 0xb2, 0x53, 0x94, 0x03, 0x38, // V..-C.u...W.S..8 + 0x7d, 0xcd, 0x80, 0x66, 0xe2, 0xb9, 0x5a, 0xac, 0xb4, 0xe9, 0x41, 0x3d, 0x15, 0xfd, 0x5a, 0xc4, // }..f..Z...A=..Z. + 0x9e, 0x19, 0xc1, 0x26, 0x60, 0x99, 0xc4, 0xf3, 0x68, 0x6a, 0x52, 0x11, 0x42, 0x27, 0x6c, 0xda, // ...&`...hjR.B'l. + 0x24, 0xc0, 0x5e, 0xb3, 0x55, 0x1d, 0xab, 0x08, 0xba, 0x7a, 0x2f, 0x48, 0x5c, 0x1d, 0x7c, 0x43, // $.^.U....z/H\.|C + 0x6d, 0xc2, 0xea, 0x91, 0x3c, 0xca, 0xd5, 0xf8, 0xc5, 0xab, 0x68, 0xc7, 0xbd, 0x77, 0x03, 0x02, // m...<.....h..w.. + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x66, 0x30, 0x82, 0x01, 0x62, 0x30, 0x14, 0x06, 0x03, // .......f0..b0... + 0x55, 0x1d, 0x25, 0x04, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, // U.%..0...+.....7 + 0x4f, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x12, 0x57, 0xc0, // O.0...U.......W. + 0x8c, 0x4f, 0x76, 0x46, 0xba, 0x30, 0xac, 0xf5, 0x7a, 0x83, 0x0e, 0xf1, 0xe0, 0x9a, 0x29, 0xa4, // .OvF.0..z.....). + 0x01, 0x30, 0x45, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x3e, 0x30, 0x3c, 0xa4, 0x3a, 0x30, 0x38, // .0E..U...>0<.:08 + 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, // 1.0...U....Micro + 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, // soft Corporation + 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x05, 0x13, 0x0d, 0x32, 0x32, 0x39, 0x39, 0x36, // 1.0...U....22996 + 0x31, 0x2b, 0x35, 0x30, 0x30, 0x31, 0x38, 0x36, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, // 1+5001860...U.#. + 0x18, 0x30, 0x16, 0x80, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4, 0xcb, 0x67, 0x12, 0xd2, // .0...b.C..>..g.. + 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f, 0x30, 0x53, 0x06, 0x03, 0x55, 0x1d, 0x1f, // [.U.{..._0S..U.. + 0x04, 0x4c, 0x30, 0x4a, 0x30, 0x48, 0xa0, 0x46, 0xa0, 0x44, 0x86, 0x42, 0x68, 0x74, 0x74, 0x70, // .L0J0H.F.D.Bhttp + 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, // ://www.microsoft + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, 0x73, 0x2f, 0x63, 0x72, 0x6c, 0x2f, // .com/pkiops/crl/ + 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x4b, 0x45, 0x4b, 0x43, 0x41, 0x32, 0x30, 0x31, 0x31, 0x5f, // MicCorKEKCA2011_ + 0x32, 0x30, 0x31, 0x31, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x34, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x60, // 2011-06-24.crl0` + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, // ..+........T0R0P + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, // ..+.....0..Dhttp + 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, // ://www.microsoft + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, 0x73, 0x2f, 0x63, 0x65, 0x72, 0x74, // .com/pkiops/cert + 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x4b, 0x45, 0x4b, 0x43, 0x41, 0x32, 0x30, 0x31, // s/MicCorKEKCA201 + 0x31, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x34, 0x2e, 0x63, 0x72, 0x74, // 1_2011-06-24.crt + 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0d, // 0...U.......0.0. + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, // ..*.H........... + 0x01, 0x00, 0x5c, 0x6a, 0x06, 0x1f, 0x2c, 0x1b, 0x92, 0x08, 0xdb, 0x85, 0x3a, 0xc9, 0x3c, 0x80, // ..\j..,.....:.<. + 0xf4, 0xb5, 0xb7, 0x83, 0x2d, 0x15, 0xba, 0x2d, 0x98, 0x5f, 0x4d, 0x81, 0x0b, 0x5f, 0x7b, 0xdf, // ....-..-._M.._{. + 0xd2, 0x2f, 0x9d, 0x13, 0x19, 0x08, 0xb3, 0x66, 0x42, 0xd7, 0x44, 0x85, 0x5d, 0x2c, 0xdb, 0x0f, // ./.....fB.D.],.. + 0x55, 0x01, 0x95, 0xaa, 0x1b, 0x42, 0x7f, 0x45, 0xec, 0xdf, 0x58, 0x73, 0xf5, 0xb0, 0xb3, 0x95, // U....B.E..Xs.... + 0xd9, 0x5d, 0x9c, 0x6a, 0x96, 0x0f, 0xee, 0x80, 0x92, 0x01, 0xed, 0x8f, 0xcd, 0x86, 0xfd, 0x1f, // .].j............ + 0x61, 0x96, 0x1d, 0x73, 0x89, 0xde, 0x01, 0x10, 0x35, 0x37, 0x04, 0xbc, 0x11, 0x3d, 0xd8, 0x78, // a..s....57...=.x + 0xee, 0x91, 0xc6, 0xa2, 0xc8, 0x75, 0xe6, 0xc6, 0x5e, 0xed, 0xae, 0xcf, 0x45, 0x85, 0xa1, 0xe9, // .....u..^...E... + 0x37, 0x3c, 0xe4, 0x8f, 0x37, 0xa4, 0x05, 0xc5, 0x1c, 0x56, 0x64, 0xb6, 0x10, 0xb1, 0xf7, 0x26, // 7<..7....Vd....& + 0x5d, 0x11, 0x95, 0xff, 0x00, 0x7e, 0x0c, 0xc9, 0x50, 0x3d, 0x34, 0xbf, 0x85, 0x92, 0x98, 0x2d, // ]....~..P=4....- + 0xaa, 0x8f, 0x8d, 0x66, 0xae, 0x0e, 0x89, 0x74, 0x52, 0xce, 0xd7, 0xe8, 0xb8, 0x87, 0xb2, 0xcb, // ...f...tR....... + 0xe8, 0x8e, 0x8e, 0x6f, 0xfa, 0x29, 0xf5, 0xd0, 0xe6, 0xb3, 0xc9, 0xcd, 0xf3, 0x00, 0x3d, 0x9c, // ...o.)........=. + 0xbe, 0x1a, 0xdc, 0xdd, 0x02, 0xff, 0xb1, 0x9b, 0x27, 0x9c, 0x43, 0x4c, 0xb6, 0x2f, 0x98, 0x17, // ........'.CL./.. + 0x5c, 0x54, 0xa8, 0x39, 0xc6, 0x27, 0xb1, 0xcc, 0x15, 0x30, 0x84, 0x4f, 0x62, 0xe4, 0xfb, 0xda, // \T.9.'...0.Ob... + 0x1b, 0xe2, 0x68, 0x56, 0x36, 0x38, 0x9c, 0x6f, 0x74, 0x72, 0xf2, 0x4b, 0x22, 0x0d, 0xe1, 0xe1, // ..hV68.otr.K"... + 0x91, 0x21, 0x97, 0xe8, 0x6f, 0x9e, 0x49, 0xcf, 0x84, 0x6a, 0xeb, 0x88, 0xc5, 0xac, 0x0a, 0x04, // .!..o.I..j...... + 0x75, 0xb3, 0x04, 0x93, 0xe9, 0x42, 0xa0, 0x79, 0x2d, 0xca, 0xb8, 0x5d, 0x92, 0x7e, 0x8d, 0x88, // u....B.y-..].~.. + 0xfc, 0x62, 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, // .b0...0......... + 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, // .a.........0...* + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, // .H........0..1.0 + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, // ...U....US1.0... + 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, // U....Washington1 + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, // .0...U....Redmon + 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, // d1.0...U....Micr + 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, // osoft Corporatio + 0x6e, 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, // n1;09..U...2Micr + 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, // osoft Corporatio + 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, 0x74, 0x79, 0x20, 0x4d, 0x61, // n Third Party Ma + 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, // rketplace Root0. + 0x17, 0x0d, 0x31, 0x31, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, // ..110624204129Z. + 0x0d, 0x32, 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30, 0x81, // .260624205129Z0. + 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, // .1.0...U....US1. + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, // 0...U....Washing + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, // ton1.0...U....Re + 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, // dmond1.0...U.... + 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, // Microsoft Corpor + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, // ation1*0(..U...! + 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, // Microsoft Corpor + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, // ation KEK CA 201 + 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, // 10.."0...*.H.... + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, // .........0...... + 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad, 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, // ........W&.&.... + 0x57, 0x7a, 0x44, 0x02, 0x5d, 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, // WzD.]...J.t*.... + 0x6d, 0xeb, 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3, 0x0b, // m.....Zc2|..O... + 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b, 0x2c, 0xe7, 0xf5, 0xb7, // .8..........,... + 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac, 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, // .........0..H..P + 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8, 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, // .d.Q...O. .../.. + 0xff, 0x82, 0xc0, 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2, // ........Sjb:.C.. + 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89, 0x8d, 0x70, 0xb7, // %..........#..p. + 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2, 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, // ..M............. + 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03, 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, // /...$........J.C + 0x11, 0x12, 0x0b, 0x7e, 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, // ...~.G.l......3. + 0xeb, 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f, 0x68, 0x76, // ...*q....<.%./hv + 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa, 0xfb, 0x0e, 0xd2, 0x79, 0x3d, // F..O...q*X....y= + 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f, 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, // ..e;.)*..rY..... + 0xf6, 0x35, 0x13, 0x80, 0xc6, 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, // .5......_..v..c. + 0xc1, 0xaf, 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07, 0x69, // ..y@.y...R...{.i + 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30, 0x82, 0x01, 0x4b, 0x30, // ..........O0..K0 + 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, // ...+.....7...... + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, // .0...U......b.C. + 0xa0, 0x3e, 0xa4, 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f, // .>..g..[.U.{..._ + 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, // 0...+.....7..... + 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, // ..S.u.b.C.A0...U + 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, // ........0...U... + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, // ....0....0...U.# + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11, 0xbf, 0xd6, // ..0...EfRC.~X... + 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, // N.#U.;:"j.0\..U. + 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, // ..U0S0Q.O.M.Khtt + 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, // p://crl.microsof + 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, // t.com/pki/crl/pr + 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, // oducts/MicCorThi + 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, // ParMarRoo_2010-1 + 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, // 0-05.crl0`..+... + 0x05, 0x07, 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, // .....T0R0P..+... + 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, // ..0..Dhttp://www + 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, // .microsoft.com/p + 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, // ki/certs/MicCorT + 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, // hiParMarRoo_2010 + 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, // -10-05.crt0...*. + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0xd4, 0x84, // H............... + 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a, 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, // .......*<.*..... + 0xd1, 0xf1, 0xe8, 0x52, 0x66, 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, // ...Rf....uz...-. + 0x76, 0x5a, 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64, 0xf2, // vZ.y..7jQ{.d..d. + 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58, 0x64, 0x0c, 0xd6, 0x57, // .g....x....Xd..W + 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0, 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, // ..._.....i.HK2.. + 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5, 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, // ].0.....x..+...4 + 0x56, 0x84, 0xec, 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7, // V.....A%p.k..... + 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28, 0x29, 0x10, 0x7b, // .......*..K.().{ + 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79, 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, // ..|..v...y...... + 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b, 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, // ..o~l.{..E.4Q.9. + 0xe5, 0x5e, 0x56, 0xd8, 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, // .^V.......B..w.. + 0x19, 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58, 0x7e, 0xd4, // ..qV...#.....X~. + 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d, 0x8b, 0x8a, 0x3c, 0x87, 0x84, // ig..~........<.. + 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d, 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, // ....C..-...j+Z|D + 0xfa, 0x52, 0xaa, 0x81, 0xc8, 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, // .R...-...R.....= + 0xc1, 0x60, 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac, 0x7c, // .`..3....e.....| + 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87, 0x6f, 0xfd, 0x8d, 0x2e, // ....N8./....o... + 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd, 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, // .9.......'...B.) + 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81, 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, // ..FA;..g..CYe... + 0xfd, 0x00, 0x92, 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0, // ...O.u;..$.PA@y. + 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf, 0x0f, 0xf7, 0x87, // -O.j'vnR..i{.... + 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb, 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, // ..E..S....0..76a + 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68, 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, // .Ji.4.h....l.... + 0x6c, 0x22, 0x79, 0xad, 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, // l"y......F`....! + 0x82, 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14, 0x4b, 0xca, // .....y2`....".K. + 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f, 0x75, 0xb4, 0xb0, 0x60, 0x03, // ..K.}?W5..Ou..`. + 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b, 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, // "S..y...A...Tp.. + 0x0d, 0x35, 0x0f, 0x7c, 0xb0, 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, // .5.|.4r..`;.y... + 0x1c, 0x5d, 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38, 0x9f, // .]..........%o8. + 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c, 0x20, 0x05, 0x97, 0xf8, // ....y..i.... ... + 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14, 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, // ..........uk4... + 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5, 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e, 0x31, 0x82, // .`.\..WN6.2...1. + 0x01, 0xc4, 0x30, 0x82, 0x01, 0xc0, 0x02, 0x01, 0x01, 0x30, 0x81, 0x98, 0x30, 0x81, 0x80, 0x31, // ..0......0..0..1 + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, // .0...U....US1.0. + 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, // ..U....Washingto + 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, // n1.0...U....Redm + 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, // ond1.0...U....Mi + 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, // crosoft Corporat + 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, // ion1*0(..U...!Mi + 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, // crosoft Corporat + 0x69, 0x6f, 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x02, // ion KEK CA 2011. + 0x13, 0x33, 0x00, 0x00, 0x00, 0x2d, 0xee, 0x64, 0xf7, 0x36, 0x4b, 0x19, 0x01, 0x11, 0x00, 0x00, // .3...-.d.6K..... + 0x00, 0x00, 0x00, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, // ...-0...`.H.e... + 0x01, 0x05, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, // ...0...*.H...... + 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0x1f, 0xb5, 0x70, 0xb8, 0xb5, 0xa2, 0x2e, 0x6e, 0x91, 0xe1, // ........p....n.. + 0x1f, 0x48, 0x56, 0xd4, 0xf0, 0x77, 0xd8, 0xe7, 0x56, 0x39, 0x7b, 0x34, 0x73, 0x30, 0x2d, 0x14, // .HV..w..V9{4s0-. + 0x04, 0x04, 0x33, 0x8d, 0x4c, 0x25, 0x6b, 0xcf, 0xb7, 0x38, 0x21, 0xae, 0xf4, 0x33, 0xb9, 0x90, // ..3.L%k..8!..3.. + 0x27, 0xc6, 0x51, 0x03, 0xa3, 0x9f, 0x9d, 0xd5, 0x31, 0x9f, 0xf4, 0xba, 0x2e, 0x12, 0x96, 0x59, // '.Q.....1......Y + 0x16, 0xd5, 0xd6, 0x91, 0xf6, 0xce, 0xca, 0x17, 0x28, 0xe9, 0x57, 0x3d, 0x11, 0xec, 0x54, 0x7c, // ........(.W=..T| + 0x31, 0x69, 0x50, 0x0e, 0xf3, 0xa3, 0x10, 0xaf, 0xff, 0x24, 0x63, 0xd9, 0xd0, 0xaa, 0x7d, 0x4c, // 1iP......$c...}L + 0xa7, 0x25, 0x42, 0x29, 0x3d, 0x2e, 0x75, 0xd7, 0x1a, 0x5b, 0x2d, 0x9e, 0xb9, 0x06, 0xc3, 0x4e, // .%B)=.u..[-....N + 0x3f, 0x67, 0x11, 0x4e, 0x1f, 0x0a, 0xe6, 0x2e, 0x6b, 0x11, 0x95, 0x37, 0x99, 0xef, 0x67, 0xf1, // ?g.N....k..7..g. + 0x30, 0x0c, 0x26, 0xa7, 0xc4, 0x0d, 0x16, 0xd2, 0x81, 0x1b, 0x9d, 0x6a, 0x8d, 0xbf, 0x7a, 0xac, // 0.&........j..z. + 0x9c, 0xaa, 0xfe, 0xa1, 0x88, 0x00, 0x55, 0x77, 0x64, 0x6f, 0xad, 0x18, 0x29, 0x17, 0x31, 0x80, // ......Uwdo..).1. + 0x17, 0x0b, 0x22, 0x02, 0xd1, 0x21, 0xae, 0x1f, 0x0a, 0xa3, 0xd2, 0x2f, 0x23, 0x65, 0x23, 0x68, // .."..!...../#e#h + 0x32, 0x0a, 0x6b, 0xa1, 0x19, 0xc9, 0x70, 0xf5, 0x76, 0x3c, 0xa1, 0x5f, 0x0c, 0x39, 0x3f, 0x09, // 2.k...p.v<._.9?. + 0xe1, 0x47, 0xf0, 0x4f, 0xd1, 0xee, 0x49, 0x1c, 0xd4, 0x14, 0x42, 0xfe, 0x52, 0x4c, 0x38, 0xc5, // .G.O..I...B.RL8. + 0x48, 0x83, 0xdc, 0x26, 0x1c, 0x59, 0x02, 0x7d, 0xfd, 0x6b, 0xa8, 0x36, 0xea, 0x10, 0xae, 0xb0, // H..&.Y.}.k.6.... + 0x4b, 0x7d, 0x27, 0x80, 0x50, 0x2c, 0x49, 0x63, 0x47, 0xf3, 0x55, 0x9f, 0x54, 0x58, 0x73, 0xb5, // K}'.P,IcG.U.TXs. + 0xa1, 0xbf, 0x58, 0x6b, 0x04, 0x40, 0x8c, 0x7d, 0x2b, 0x04, 0xc6, 0xbc, 0x67, 0x0f, 0xc7, 0x43, // ..Xk.@.}+...g..C + 0x26, 0xd1, 0xa9, 0xec, 0x4c, 0x58, 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, // &...LX.Y.....J.. + 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72, 0xda, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xbe, 0x05, // ..\+.r.......... + 0x00, 0x00, 0xbd, 0x9a, 0xfa, 0x77, 0x59, 0x03, 0x32, 0x4d, 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, // .....wY.2M.`(... + 0x78, 0x4b, 0x30, 0x82, 0x05, 0xaa, 0x30, 0x82, 0x03, 0x92, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, // xK0...0......... + 0x13, 0x33, 0x00, 0x00, 0x00, 0x1a, 0x88, 0x8b, 0x98, 0x00, 0x56, 0x22, 0x84, 0xc1, 0x00, 0x00, // .3........V".... + 0x00, 0x00, 0x00, 0x1a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, // ....0...*.H..... + 0x0b, 0x05, 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, // ...0..1.0...U... + 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, // .US1.0...U....Wa + 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, // shington1.0...U. + 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, // ...Redmond1.0... + 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, // U....Microsoft C + 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, // orporation1200.. + 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, // U...)Microsoft R + 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, // oot Certificate + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, // Authority 20100. + 0x17, 0x0d, 0x32, 0x33, 0x30, 0x36, 0x31, 0x33, 0x31, 0x38, 0x35, 0x38, 0x32, 0x39, 0x5a, 0x17, // ..230613185829Z. + 0x0d, 0x33, 0x35, 0x30, 0x36, 0x31, 0x33, 0x31, 0x39, 0x30, 0x38, 0x32, 0x39, 0x5a, 0x30, 0x4c, // .350613190829Z0L + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1e, 0x30, // 1.0...U....US1.0 + 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, // ...U....Microsof + 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1d, 0x30, // t Corporation1.0 + 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x20, // ...U....Windows + 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x32, 0x33, 0x30, 0x82, 0x01, 0x22, // UEFI CA 20230.." + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, // 0...*.H......... + 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbc, 0xb2, 0x35, // ....0..........5 + 0xd1, 0x54, 0x79, 0xb4, 0x8f, 0xcc, 0x81, 0x2a, 0x6e, 0xb3, 0x12, 0xd6, 0x93, 0x97, 0x30, 0x7c, // .Ty....*n.....0| + 0x38, 0x5c, 0xbf, 0x79, 0x92, 0x19, 0x0a, 0x0f, 0x2d, 0x0a, 0xfe, 0xbf, 0xe0, 0xa8, 0xd8, 0x32, // 8\.y....-......2 + 0x3f, 0xd2, 0xab, 0x6f, 0x6f, 0x81, 0xc1, 0x4d, 0x17, 0x69, 0x45, 0xcf, 0x85, 0x80, 0x27, 0xa3, // ?..oo..M.iE...'. + 0x7c, 0xb3, 0x31, 0xcc, 0xa5, 0xa7, 0x4d, 0xf9, 0x43, 0xd0, 0x5a, 0x2f, 0xd7, 0x18, 0x1b, 0xd2, // |.1...M.C.Z/.... + 0x58, 0x96, 0x05, 0x39, 0xa3, 0x95, 0xb7, 0xbc, 0xdd, 0x79, 0xc1, 0xa0, 0xcf, 0x8f, 0xe2, 0x53, // X..9.....y.....S + 0x1e, 0x2b, 0x26, 0x62, 0xa8, 0x1c, 0xae, 0x36, 0x1e, 0x4f, 0xa1, 0xdf, 0xb9, 0x13, 0xba, 0x0c, // .+&b...6.O...... + 0x25, 0xbb, 0x24, 0x65, 0x67, 0x01, 0xaa, 0x1d, 0x41, 0x10, 0xb7, 0x36, 0xc1, 0x6b, 0x2e, 0xb5, // %.$eg...A..6.k.. + 0x6c, 0x10, 0xd3, 0x4e, 0x96, 0xd0, 0x9f, 0x2a, 0xa1, 0xf1, 0xed, 0xa1, 0x15, 0x0b, 0x82, 0x95, // l..N...*........ + 0xc5, 0xff, 0x63, 0x8a, 0x13, 0xb5, 0x92, 0x34, 0x1e, 0x31, 0x5e, 0x61, 0x11, 0xae, 0x5d, 0xcc, // ..c....4.1^a..]. + 0xf1, 0x10, 0xe6, 0x4c, 0x79, 0xc9, 0x72, 0xb2, 0x34, 0x8a, 0x82, 0x56, 0x2d, 0xab, 0x0f, 0x7c, // ...Ly.r.4..V-..| + 0xc0, 0x4f, 0x93, 0x8e, 0x59, 0x75, 0x41, 0x86, 0xac, 0x09, 0x10, 0x09, 0xf2, 0x51, 0x65, 0x50, // .O..YuA......QeP + 0xb5, 0xf5, 0x21, 0xb3, 0x26, 0x39, 0x8d, 0xaa, 0xc4, 0x91, 0xb3, 0xdc, 0xac, 0x64, 0x23, 0x06, // ..!.&9.......d#. + 0xcd, 0x35, 0x5f, 0x0d, 0x42, 0x49, 0x9c, 0x4f, 0x0d, 0xce, 0x80, 0x83, 0x82, 0x59, 0xfe, 0xdf, // .5_.BI.O.....Y.. + 0x4b, 0x44, 0xe1, 0x40, 0xc8, 0x3d, 0x63, 0xb6, 0xcf, 0xb4, 0x42, 0x0d, 0x39, 0x5c, 0xd2, 0x42, // KD.@.=c...B.9\.B + 0x10, 0x0c, 0x08, 0xc2, 0x74, 0xeb, 0x1c, 0xdc, 0x6e, 0xbc, 0x0a, 0xac, 0x98, 0xbb, 0xcc, 0xfa, // ....t...n....... + 0x1e, 0x3c, 0xa7, 0x83, 0x16, 0xc5, 0xdb, 0x02, 0xda, 0xd9, 0x96, 0xdf, 0x6b, 0x02, 0x03, 0x01, // .<..........k... + 0x00, 0x01, 0xa3, 0x82, 0x01, 0x46, 0x30, 0x82, 0x01, 0x42, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, // .....F0..B0...U. + 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, // ..........0...+. + 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, // ....7.......0... + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xae, 0xfc, 0x5f, 0xbb, 0xbe, 0x05, 0x5d, 0x8f, 0x8d, // U........_...].. + 0xaa, 0x58, 0x54, 0x73, 0x49, 0x94, 0x17, 0xab, 0x5a, 0x52, 0x72, 0x30, 0x19, 0x06, 0x09, 0x2b, // .XTsI...ZRr0...+ + 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, // .....7.......S.u + 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, // .b.C.A0...U..... + 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, // ..0....0...U.#.. + 0x30, 0x16, 0x80, 0x14, 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, // 0.....V....\bh.= + 0x94, 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, // ..[.....0V..U... + 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45, 0x68, 0x74, 0x74, 0x70, 0x3a, // O0M0K.I.G.Ehttp: + 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, // //crl.microsoft. + 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, // com/pki/crl/prod + 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41, 0x75, // ucts/MicRooCerAu + 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, 0x2e, 0x63, 0x72, 0x6c, // t_2010-06-23.crl + 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, // 0Z..+........N0L + 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, // 0J..+.....0..>ht + 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, // tp://www.microso + 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, // ft.com/pki/certs + 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, // /MicRooCerAut_20 + 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, // 10-06-23.crt0... + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, // *.H............. + 0x9f, 0xc9, 0xb6, 0xff, 0x6e, 0xe1, 0x9c, 0x3b, 0x55, 0xf6, 0xfe, 0x8b, 0x39, 0xdd, 0x61, 0x04, // ....n..;U...9.a. + 0x6f, 0xd0, 0xad, 0x63, 0xcd, 0x17, 0x76, 0x4a, 0xa8, 0x43, 0x89, 0x8d, 0xf8, 0xc6, 0xf2, 0x8c, // o..c..vJ.C...... + 0x5e, 0x90, 0xe1, 0xe4, 0x68, 0xa5, 0x15, 0xec, 0xb8, 0xd3, 0x60, 0x0c, 0x40, 0x57, 0x1f, 0xfb, // ^...h.....`.@W.. + 0x5e, 0x35, 0x72, 0x61, 0xde, 0x97, 0x31, 0x6c, 0x79, 0xa0, 0xf5, 0x16, 0xae, 0x4b, 0x1c, 0xed, // ^5ra..1ly....K.. + 0x01, 0x0c, 0xef, 0xf7, 0x57, 0x0f, 0x42, 0x30, 0x18, 0x69, 0xf8, 0xa1, 0xa3, 0x2e, 0x97, 0x92, // ....W.B0.i...... + 0xb8, 0xbe, 0x1b, 0xfe, 0x2b, 0x86, 0x5e, 0x42, 0x42, 0x11, 0x8f, 0x8e, 0x70, 0x4d, 0x90, 0xa7, // ....+.^BB...pM.. + 0xfd, 0x01, 0x63, 0xf2, 0x64, 0xbf, 0x9b, 0xe2, 0x7b, 0x08, 0x81, 0xcf, 0x49, 0xf2, 0x37, 0x17, // ..c.d...{...I.7. + 0xdf, 0xf1, 0xf9, 0x72, 0xd3, 0xc3, 0x1d, 0xc3, 0x90, 0x45, 0x4d, 0xe6, 0x80, 0x06, 0xbd, 0xfd, // ...r.....EM..... + 0xe5, 0x6a, 0x69, 0xce, 0xb3, 0x7e, 0x4e, 0x31, 0x5b, 0x84, 0x73, 0xa8, 0xe8, 0x72, 0x3f, 0x27, // .ji..~N1[.s..r?' + 0x35, 0xc9, 0x7c, 0x20, 0xce, 0x00, 0x9b, 0x4f, 0xe0, 0x4c, 0xb4, 0x36, 0x69, 0xcb, 0xf7, 0x34, // 5.| ...O.L.6i..4 + 0x11, 0x11, 0x74, 0x12, 0x7a, 0xa8, 0x8c, 0x2e, 0x81, 0x6c, 0xa6, 0x50, 0xad, 0x19, 0xfa, 0xa8, // ..t.z....l.P.... + 0x46, 0x45, 0x6f, 0xb1, 0x67, 0x73, 0xc3, 0x6b, 0xe3, 0x40, 0xe8, 0x2a, 0x69, 0x8f, 0x24, 0x10, // FEo.gs.k.@.*i.$. + 0xe1, 0x29, 0x6e, 0x8d, 0x16, 0x88, 0xee, 0x8e, 0x7f, 0x66, 0x93, 0x02, 0x6f, 0x5b, 0x9e, 0x04, // .)n......f..o[.. + 0x8c, 0xcc, 0x81, 0x1c, 0xad, 0x97, 0x54, 0xf1, 0x18, 0x2e, 0x7e, 0x52, 0x90, 0xbc, 0x51, 0xde, // ......T...~R..Q. + 0x2a, 0x0e, 0xae, 0x66, 0xea, 0xbc, 0x64, 0x6e, 0xa0, 0x91, 0x64, 0xe4, 0x2f, 0x12, 0xa8, 0xbc, // *..f..dn..d./... + 0xe7, 0x6b, 0xba, 0xc7, 0x1b, 0x9b, 0x79, 0x1a, 0x64, 0x66, 0xf1, 0x43, 0xb4, 0xd1, 0xc3, 0x46, // .k....y.df.C...F + 0x21, 0x38, 0x81, 0x79, 0x4c, 0xfa, 0xf0, 0x31, 0x0d, 0xd3, 0x79, 0xff, 0x7a, 0x12, 0xa5, 0x1d, // !8.yL..1..y.z... + 0xd9, 0xdd, 0xac, 0xa2, 0x0f, 0x71, 0x82, 0xf7, 0x93, 0xff, 0x5c, 0xa1, 0x61, 0xae, 0x65, 0xf2, // .....q....\.a.e. + 0x14, 0x81, 0xed, 0x79, 0x5a, 0x9a, 0x87, 0xea, 0x60, 0x7b, 0xcb, 0xb3, 0x4f, 0x75, 0x34, 0xca, // ...yZ...`{..Ou4. + 0xba, 0xa1, 0xef, 0xa2, 0xf6, 0xa2, 0x80, 0x45, 0xa1, 0x8b, 0x27, 0x81, 0xcd, 0xd5, 0x77, 0x38, // .......E..'...w8 + 0x3e, 0xca, 0x4e, 0xdd, 0x28, 0xea, 0x58, 0xba, 0xc5, 0xa0, 0x29, 0xde, 0x86, 0x8c, 0x88, 0xfc, // >.N.(.X...)..... + 0x95, 0x27, 0x51, 0xdd, 0xab, 0xd3, 0xd0, 0x5b, 0x0d, 0x77, 0xc7, 0x6c, 0x8f, 0x55, 0xd7, 0xd4, // .'Q....[.w.l.U.. + 0xa2, 0x0e, 0x5b, 0xe4, 0x34, 0x46, 0x14, 0x16, 0x1d, 0xe3, 0x1c, 0xd6, 0x6d, 0x99, 0xad, 0x4c, // ..[.4F......m..L + 0xec, 0x71, 0x73, 0x2f, 0xab, 0xce, 0xb2, 0xb4, 0x29, 0xde, 0x55, 0x30, 0x53, 0x39, 0x3a, 0x32, // .qs/....).U0S9:2 + 0x8b, 0xf0, 0xea, 0x9c, 0x88, 0x12, 0x3b, 0x05, 0x68, 0x19, 0xbf, 0xcf, 0x87, 0x52, 0x10, 0xfb, // ......;.h....R.. + 0xd6, 0x13, 0x60, 0xf3, 0x41, 0x64, 0xf4, 0x08, 0x57, 0x81, 0xcb, 0x9d, 0x11, 0xa5, 0x8e, 0xf4, // ..`.Ad..W....... + 0xe5, 0x27, 0xf5, 0xa3, 0x3a, 0xec, 0xe4, 0x3d, 0x4a, 0xb7, 0xce, 0xf9, 0x88, 0x0d, 0x9f, 0xbd, // .'..:..=J....... + 0xca, 0x6d, 0xd2, 0x4a, 0xbc, 0x58, 0x76, 0x8e, 0x32, 0x04, 0x94, 0x6e, 0xdd, 0xf4, 0xcf, 0x6d, // .m.J.Xv.2..n...m + 0x47, 0x6d, 0xc2, 0xd7, 0x6a, 0xdc, 0x87, 0x71, 0xea, 0xa4, 0xbf, 0xef, 0x67, 0x97, 0x9c, 0xb8, // Gm..j..q....g... + 0xc7, 0x80, 0x36, 0x2a, 0x2a, 0x59, 0xc9, 0xc0, 0x0c, 0xa7, 0x44, 0xa0, 0x73, 0xb5, 0x8c, 0xcf, // ..6**Y....D.s... + 0x38, 0x5a, 0xae, 0xf8, 0xbb, 0x86, 0x95, 0xf0, 0x44, 0xad, 0x66, 0x7a, 0x33, 0xed, 0x71, 0xe4, // 8Z......D.fz3.q. + 0x45, 0x87, 0x83, 0xe5, 0xa7, 0xce, 0xa2, 0x40, 0xd0, 0x72, 0xd2, 0x48, 0x00, 0xfa, 0xf9, 0x1a // E......@.r.H.... +}; + +#endif // _RECOVERY_PAYLOAD_H_ diff --git a/MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.c b/MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.c new file mode 100644 index 0000000000..5b3b344154 --- /dev/null +++ b/MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.c @@ -0,0 +1,164 @@ +/** @file + This application will attempt to append the 'Windows UEFI CA 2023' and then reboot the system. + On success, this application will allow the system to boot into 2023 signed Windows + + Copyright (C) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include +#include +#include +#include + +#include "RecoveryPayload.h" + +// 10 seconds in microseconds +#define STALL_10_SECONDS 10000000 + +#define STATUS_SIZE (sizeof(EFI_STATUS) * 2) +#define STATUS_STRING_SIZE (STATUS_SIZE + sizeof(L"\0")) + +/** + * Converts an EFI_STATUS to a hex string + * @param[in] Status The EFI_STATUS to convert + * + * @return A pointer to a static buffer containing the hex string + * @note The caller must not free the returned pointer + * @note The returned pointer is only valid until the next call to this function +*/ +CHAR16 * +StatusToHexString ( + EFI_STATUS Status + ) +{ + STATIC CHAR16 StatusString[STATUS_STRING_SIZE] = { 0 }; + CONST CHAR16 HexChars[] = L"0123456789ABCDEF"; + UINT32 Shift; + UINT32 Index; + UINT32 i; + + for (i = 0; i < STATUS_SIZE; i++) { + Shift = ((STATUS_SIZE - 1) - i) * 4; + Index = (Status >> Shift) & 0xF; + StatusString[i] = HexChars[Index]; + } + + return StatusString; +} + +/** + The user Entry Point for Application. The user code starts with this function + as the real entry point for the application. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval EFI_INVALID_PARAMETER SystemTable provided was not valid. + @retval other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +UefiMain ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + UINT32 Attributes; + + Attributes = VARIABLE_ATTRIBUTE_NV_BS_RT_AT | EFI_VARIABLE_APPEND_WRITE; + + // + // Start checking that the system is in a state we can safely use + // + if (SystemTable == NULL) { + return EFI_INVALID_PARAMETER; + } + + if ((SystemTable->ConOut == NULL) || (SystemTable->ConOut->OutputString == NULL) || (SystemTable->ConOut->ClearScreen == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if ((SystemTable->BootServices == NULL) || (SystemTable->BootServices->Stall == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // After this point, we should be able to print and stall but nothing else has been verified + // + if ((SystemTable->RuntimeServices == NULL) || (SystemTable->RuntimeServices->ResetSystem == NULL)) { + Status = EFI_INVALID_PARAMETER; + goto Exit; + } + + // + // Start informing the user of what is happening + // + SystemTable->ConOut->ClearScreen (SystemTable->ConOut); + SystemTable->ConOut->OutputString (SystemTable->ConOut, L"\r\nAttempting to update the system's secureboot certificates\r\n"); + SystemTable->ConOut->OutputString (SystemTable->ConOut, L"Learn more about this tool at https://aka.ms/securebootrecovery\r\n"); + + // + // Perform the append operation + // + Status = SystemTable->RuntimeServices->SetVariable ( + L"db", + &gEfiImageSecurityDatabaseGuid, + Attributes, + sizeof (mDbUpdate), + mDbUpdate + ); + if (EFI_ERROR (Status)) { + // + // On failure, inform the user and reboot + // Likely this will continue to fail on reboot, the user will hopefully go to https://aka.ms/securebootrecovery to learn more + // + SystemTable->ConOut->OutputString (SystemTable->ConOut, L"\r\nFailed to update the system's secureboot keys\r\n"); + SystemTable->ConOut->OutputString (SystemTable->ConOut, L"Error: 0x"); + SystemTable->ConOut->OutputString (SystemTable->ConOut, StatusToHexString (Status)); + SystemTable->ConOut->OutputString (SystemTable->ConOut, L"\r\n"); + + goto Reboot; + } + + // + // Otherwise the system took the update, so let's inform the user + // + SystemTable->ConOut->OutputString (SystemTable->ConOut, L"\r\nSuccessfully updated the system's secureboot keys\r\n"); + +Reboot: + + // + // Stall for 10 seconds to give the user a chance to read the message + // + SystemTable->BootServices->Stall (STALL_10_SECONDS); + + // + // Reset the system + // + SystemTable->RuntimeServices->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); + +Exit: + // + // If we get here, something really bad happened and we don't have a means to recover + // + + // + // let's atleast try to print an error to the console + // + SystemTable->ConOut->OutputString (SystemTable->ConOut, L"Exiting unexpectedly!\r\n"); + SystemTable->ConOut->OutputString (SystemTable->ConOut, L"Error: 0x"); + SystemTable->ConOut->OutputString (SystemTable->ConOut, StatusToHexString (Status)); + SystemTable->ConOut->OutputString (SystemTable->ConOut, L"\r\n"); + + // + // Stall for 10 seconds to give the user a chance to read the error message + // + SystemTable->BootServices->Stall (STALL_10_SECONDS); + + return Status; +} diff --git a/MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf b/MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf new file mode 100644 index 0000000000..ddeb4b525c --- /dev/null +++ b/MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf @@ -0,0 +1,37 @@ +## @file +# Secure Boot Recovery Application +# +# This application will attempt to append the 'Windows UEFI CA 2023' and then reboot the system. +# On success, this application will allow the system to boot into 2023 signed Windows +# +# Copyright (C) Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SecureBootRecovery + FILE_GUID = A794734A-B6C6-4461-8E37-7A0422E31FDB + MODULE_TYPE = UEFI_APPLICATION + VERSION_STRING = 1.0 + ENTRY_POINT = UefiMain + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 +# + +[Sources] + SecureBootRecovery.c + +[LibraryClasses] + UefiApplicationEntryPoint + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[Guids] + gEfiImageSecurityDatabaseGuid ## CONSUMES diff --git a/MsApplicationPkg/SecureBootRecovery/helper.py b/MsApplicationPkg/SecureBootRecovery/helper.py new file mode 100644 index 0000000000..5bb0d8d256 --- /dev/null +++ b/MsApplicationPkg/SecureBootRecovery/helper.py @@ -0,0 +1,15 @@ +# Take the contents of the Payload folder and convert it into a C Header file + +from edk2toollib.utility_functions import export_c_type_array + +with open("Payload/dbUpdate.bin", "rb") as payload_fs, open("./RecoveryPayload.h", "w", newline='\r\n') as output_fs: + # By setting newline to '\r\n' we ensure that the output file is in Windows format when write converts the '\n' to '\r\n' + + output_fs.write("#ifndef _RECOVERY_PAYLOAD_H_\n") + output_fs.write("#define _RECOVERY_PAYLOAD_H_\n\n") + output_fs.write("#include \n\n") + + + export_c_type_array(payload_fs, "mDbUpdate", output_fs, indent=' ') + + output_fs.write("#endif // _RECOVERY_PAYLOAD_H_\n") From 42ef9e6e6b598802be0f6ddb00523b39a086f862 Mon Sep 17 00:00:00 2001 From: Douglas Flick Date: Mon, 2 Oct 2023 09:58:28 -0700 Subject: [PATCH 2/2] adding newlines and updating documentation --- MsApplicationPkg/MsApplicationPkg.ci.yaml | 2 +- MsApplicationPkg/MsApplicationPkg.uni | 2 +- MsApplicationPkg/SecureBootRecovery/Readme.md | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/MsApplicationPkg/MsApplicationPkg.ci.yaml b/MsApplicationPkg/MsApplicationPkg.ci.yaml index dbbe8b80fd..52d82bad92 100644 --- a/MsApplicationPkg/MsApplicationPkg.ci.yaml +++ b/MsApplicationPkg/MsApplicationPkg.ci.yaml @@ -105,4 +105,4 @@ ], "AdditionalIncludePaths": [] # Additional paths to spell check relative to package root (wildcards supported) } -} \ No newline at end of file +} diff --git a/MsApplicationPkg/MsApplicationPkg.uni b/MsApplicationPkg/MsApplicationPkg.uni index 1a3e46645f..770fb9f652 100644 --- a/MsApplicationPkg/MsApplicationPkg.uni +++ b/MsApplicationPkg/MsApplicationPkg.uni @@ -11,4 +11,4 @@ #string STR_PACKAGE_ABSTRACT #language en-US "This Package provides all applications for MsApplication." -#string STR_PACKAGE_DESCRIPTION #language en-US "MsApplication is open source independent applications used by Microsoft" \ No newline at end of file +#string STR_PACKAGE_DESCRIPTION #language en-US "MsApplication is open source independent applications used by Microsoft" diff --git a/MsApplicationPkg/SecureBootRecovery/Readme.md b/MsApplicationPkg/SecureBootRecovery/Readme.md index e38a4151c0..792f81b6b4 100644 --- a/MsApplicationPkg/SecureBootRecovery/Readme.md +++ b/MsApplicationPkg/SecureBootRecovery/Readme.md @@ -26,9 +26,9 @@ This EFI application is used to transition a system from the 2011 certificates t ## Build ```pwsh -stuart_ci_setup -c .pytool/CISettings.py BUILD_MODULE=MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf -p MsApplicationPkg -stuart_update -c .pytool/CISettings.py BUILD_MODULE=MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf -p MsApplicationPkg -stuart_ci_build -c .pytool/CISettings.py BUILD_MODULE=MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf -p MsApplicationPkg +stuart_ci_setup -c .pytool/CISettings.py BUILDMODULE=MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf -p MsApplicationPkg +stuart_update -c .pytool/CISettings.py BUILDMODULE=MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf -p MsApplicationPkg +stuart_ci_build -c .pytool/CISettings.py BUILDMODULE=MsApplicationPkg/SecureBootRecovery/SecureBootRecovery.inf -p MsApplicationPkg ``` ## Update the payload