You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to extract Subject Common Name and tbsCertificate from a mbedtls_pkcs7 object to implement UEFI variable authentication. I need these data from different certificates in the chain, so I also need to be able to iterate through the chain.
For this I need to access the listed fields:
mbedtls_pkcs7.private_signed_data.private_certs.subject
mbedtls_pkcs7.private_signed_data.private_certs.tbs
mbedtls_pkcs7.private_signed_data.private_certs.next
Currently they are only accessible as private variables.
Suggested enhancement
I would like to extract Subject Common Name and tbsCertificate from a mbedtls_pkcs7 object to implement UEFI variable authentication. I need these data from different certificates in the chain, so I also need to be able to iterate through the chain.
For this I need to access the listed fields:
mbedtls_pkcs7.private_signed_data.private_certs.subject
mbedtls_pkcs7.private_signed_data.private_certs.tbs
mbedtls_pkcs7.private_signed_data.private_certs.next
Currently they are only accessible as private variables.
Justification
The authentication is defined by UEFI spec, which says tbsCertificate (of the top-level issuer) and CommonName of the signing certificate's subject are need to be used.
For reference: https://uefi.org/specs/UEFI/2.10/08_Services_Runtime_Services.html?highlight=tbscertificate#using-the-efi-variable-authentication-2-descriptor
The text was updated successfully, but these errors were encountered: