[Feature]: Support firmware security architecture

[jyao1]

Feature Overview

This is a general feature to support firmware security. (I am happy to split to fine granularity)

1. Common Crypto support (foundation)

• asymmetric algorithm (RSA, ECDSA, ML-DSA)
• symmetric algorithm (SHA2)
• X.509 certificate
• PKCS7

2. Secure Boot Support (defined by UEFI)

• depend on Crypto
• UEFI secure boot
• UEFI auth variable
• PE COFF and Authenticode specification

3. Trusted Boot Support (defined by TCG)

• depend on Crypto
• TCG TPM command (TCG TPM2 specification)
• TCG TPM device communication (TCG PTP specification)
• TCG trusted boot (TCG PFP specification)
• TCG API table (TCG ACPI specification)
• TCG UEFI protocol (TCG Protocol specification)

Solution Overview

1. Common Crypto support

• rely on existing rust crate

2. Secure Boot Support

• add patina_secure_boot or merged to patina_dxe_core

3. trusted Boot Support

• add patina_trusted_boot or merged to patina_dxe_core

Alternatives Considered

No response

Urgency

Low

Are you going to implement the feature request?

I will implement the feature

Do you need maintainer feedback?

No maintainer feedback needed

Anything else?

No response

[makubacki]

Hey @jyao1. Thank you for creating this tracking issue, sub issues can be created from it as the work splits out.

Since Secure Boot and Trusted Boot are dependent on crypto, I assume the idea is to prioritize that work? In that case, if you have some crates in mind, feel free to create a RFC when you're ready and the project can discuss it there in more detail.