summaryrefslogtreecommitdiff
path: root/BaseTools/Source/Python/Pkcs7Sign
diff options
context:
space:
mode:
Diffstat (limited to 'BaseTools/Source/Python/Pkcs7Sign')
-rw-r--r--BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py284
-rw-r--r--BaseTools/Source/Python/Pkcs7Sign/Readme.md118
-rw-r--r--BaseTools/Source/Python/Pkcs7Sign/TestCert.pem60
-rw-r--r--BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem25
-rw-r--r--BaseTools/Source/Python/Pkcs7Sign/TestRoot.cerbin1008 -> 0 bytes
-rw-r--r--BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem58
-rw-r--r--BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem23
-rw-r--r--BaseTools/Source/Python/Pkcs7Sign/TestSub.pem59
-rw-r--r--BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem23
9 files changed, 0 insertions, 650 deletions
diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
deleted file mode 100644
index de8575676c..0000000000
--- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
+++ /dev/null
@@ -1,284 +0,0 @@
-## @file
-# This tool adds EFI_FIRMWARE_IMAGE_AUTHENTICATION for a binary.
-#
-# This tool only support CertType - EFI_CERT_TYPE_PKCS7_GUID
-# {0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7}}
-#
-# This tool has been tested with OpenSSL.
-#
-# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-#
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-
-'''
-Pkcs7Sign
-'''
-
-import os
-import sys
-import argparse
-import subprocess
-import uuid
-import struct
-import collections
-from Common.BuildVersion import gBUILD_VERSION
-
-#
-# Globals for help information
-#
-__prog__ = 'Pkcs7Sign'
-__version__ = '%s Version %s' % (__prog__, '0.9 ' + gBUILD_VERSION)
-__copyright__ = 'Copyright (c) 2016, Intel Corporation. All rights reserved.'
-__usage__ = '%s -e|-d [options] <input_file>' % (__prog__)
-
-#
-# GUID for PKCS7 from UEFI Specification
-#
-WIN_CERT_REVISION = 0x0200
-WIN_CERT_TYPE_EFI_GUID = 0x0EF1
-EFI_CERT_TYPE_PKCS7_GUID = uuid.UUID('{4aafd29d-68df-49ee-8aa9-347d375665a7}')
-
-#
-# typedef struct _WIN_CERTIFICATE {
-# UINT32 dwLength;
-# UINT16 wRevision;
-# UINT16 wCertificateType;
-# //UINT8 bCertificate[ANYSIZE_ARRAY];
-# } WIN_CERTIFICATE;
-#
-# typedef struct _WIN_CERTIFICATE_UEFI_GUID {
-# WIN_CERTIFICATE Hdr;
-# EFI_GUID CertType;
-# //UINT8 CertData[ANYSIZE_ARRAY];
-# } WIN_CERTIFICATE_UEFI_GUID;
-#
-# typedef struct {
-# UINT64 MonotonicCount;
-# WIN_CERTIFICATE_UEFI_GUID AuthInfo;
-# } EFI_FIRMWARE_IMAGE_AUTHENTICATION;
-#
-
-#
-# Filename of test signing private cert that is stored in same directory as this tool
-#
-TEST_SIGNER_PRIVATE_CERT_FILENAME = 'TestCert.pem'
-TEST_OTHER_PUBLIC_CERT_FILENAME = 'TestSub.pub.pem'
-TEST_TRUSTED_PUBLIC_CERT_FILENAME = 'TestRoot.pub.pem'
-
-if __name__ == '__main__':
- #
- # Create command line argument parser object
- #
- parser = argparse.ArgumentParser(prog=__prog__, version=__version__, usage=__usage__, description=__copyright__, conflict_handler='resolve')
- group = parser.add_mutually_exclusive_group(required=True)
- group.add_argument("-e", action="store_true", dest='Encode', help='encode file')
- group.add_argument("-d", action="store_true", dest='Decode', help='decode file')
- parser.add_argument("-o", "--output", dest='OutputFile', type=str, metavar='filename', help="specify the output filename", required=True)
- parser.add_argument("--signer-private-cert", dest='SignerPrivateCertFile', type=argparse.FileType('rb'), help="specify the signer private cert filename. If not specified, a test signer private cert is used.")
- parser.add_argument("--other-public-cert", dest='OtherPublicCertFile', type=argparse.FileType('rb'), help="specify the other public cert filename. If not specified, a test other public cert is used.")
- parser.add_argument("--trusted-public-cert", dest='TrustedPublicCertFile', type=argparse.FileType('rb'), help="specify the trusted public cert filename. If not specified, a test trusted public cert is used.")
- parser.add_argument("--monotonic-count", dest='MonotonicCountStr', type=str, help="specify the MonotonicCount in FMP capsule. If not specified, 0 is used.")
- parser.add_argument("--signature-size", dest='SignatureSizeStr', type=str, help="specify the signature size for decode process.")
- parser.add_argument("-v", "--verbose", dest='Verbose', action="store_true", help="increase output messages")
- parser.add_argument("-q", "--quiet", dest='Quiet', action="store_true", help="reduce output messages")
- parser.add_argument("--debug", dest='Debug', type=int, metavar='[0-9]', choices=range(0,10), default=0, help="set debug level")
- parser.add_argument(metavar="input_file", dest='InputFile', type=argparse.FileType('rb'), help="specify the input filename")
-
- #
- # Parse command line arguments
- #
- args = parser.parse_args()
-
- #
- # Generate file path to Open SSL command
- #
- OpenSslCommand = 'openssl'
- try:
- OpenSslPath = os.environ['OPENSSL_PATH']
- OpenSslCommand = os.path.join(OpenSslPath, OpenSslCommand)
- if ' ' in OpenSslCommand:
- OpenSslCommand = '"' + OpenSslCommand + '"'
- except:
- pass
-
- #
- # Verify that Open SSL command is available
- #
- try:
- Process = subprocess.Popen('%s version' % (OpenSslCommand), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
- except:
- print 'ERROR: Open SSL command not available. Please verify PATH or set OPENSSL_PATH'
- sys.exit(1)
-
- Version = Process.communicate()
- if Process.returncode <> 0:
- print 'ERROR: Open SSL command not available. Please verify PATH or set OPENSSL_PATH'
- sys.exit(Process.returncode)
- print Version[0]
-
- #
- # Read input file into a buffer and save input filename
- #
- args.InputFileName = args.InputFile.name
- args.InputFileBuffer = args.InputFile.read()
- args.InputFile.close()
-
- #
- # Save output filename and check if path exists
- #
- OutputDir = os.path.dirname(args.OutputFile)
- if not os.path.exists(OutputDir):
- print 'ERROR: The output path does not exist: %s' % OutputDir
- sys.exit(1)
- args.OutputFileName = args.OutputFile
-
- try:
- if args.MonotonicCountStr.upper().startswith('0X'):
- args.MonotonicCountValue = (long)(args.MonotonicCountStr, 16)
- else:
- args.MonotonicCountValue = (long)(args.MonotonicCountStr)
- except:
- args.MonotonicCountValue = (long)(0)
-
- if args.Encode:
- #
- # Save signer private cert filename and close private cert file
- #
- try:
- args.SignerPrivateCertFileName = args.SignerPrivateCertFile.name
- args.SignerPrivateCertFile.close()
- except:
- try:
- #
- # Get path to currently executing script or executable
- #
- if hasattr(sys, 'frozen'):
- Pkcs7ToolPath = sys.executable
- else:
- Pkcs7ToolPath = sys.argv[0]
- if Pkcs7ToolPath.startswith('"'):
- Pkcs7ToolPath = Pkcs7ToolPath[1:]
- if Pkcs7ToolPath.endswith('"'):
- Pkcs7ToolPath = RsaToolPath[:-1]
- args.SignerPrivateCertFileName = os.path.join(os.path.dirname(os.path.realpath(Pkcs7ToolPath)), TEST_SIGNER_PRIVATE_CERT_FILENAME)
- args.SignerPrivateCertFile = open(args.SignerPrivateCertFileName, 'rb')
- args.SignerPrivateCertFile.close()
- except:
- print 'ERROR: test signer private cert file %s missing' % (args.SignerPrivateCertFileName)
- sys.exit(1)
-
- #
- # Save other public cert filename and close public cert file
- #
- try:
- args.OtherPublicCertFileName = args.OtherPublicCertFile.name
- args.OtherPublicCertFile.close()
- except:
- try:
- #
- # Get path to currently executing script or executable
- #
- if hasattr(sys, 'frozen'):
- Pkcs7ToolPath = sys.executable
- else:
- Pkcs7ToolPath = sys.argv[0]
- if Pkcs7ToolPath.startswith('"'):
- Pkcs7ToolPath = Pkcs7ToolPath[1:]
- if Pkcs7ToolPath.endswith('"'):
- Pkcs7ToolPath = RsaToolPath[:-1]
- args.OtherPublicCertFileName = os.path.join(os.path.dirname(os.path.realpath(Pkcs7ToolPath)), TEST_OTHER_PUBLIC_CERT_FILENAME)
- args.OtherPublicCertFile = open(args.OtherPublicCertFileName, 'rb')
- args.OtherPublicCertFile.close()
- except:
- print 'ERROR: test other public cert file %s missing' % (args.OtherPublicCertFileName)
- sys.exit(1)
-
- format = "%dsQ" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
-
- #
- # Sign the input file using the specified private key and capture signature from STDOUT
- #
- Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
- Signature = Process.communicate(input=FullInputFileBuffer)[0]
- if Process.returncode <> 0:
- sys.exit(Process.returncode)
-
- #
- # Write output file that contains Signature, and Input data
- #
- args.OutputFile = open(args.OutputFileName, 'wb')
- args.OutputFile.write(Signature)
- args.OutputFile.write(args.InputFileBuffer)
- args.OutputFile.close()
-
- if args.Decode:
- #
- # Save trusted public cert filename and close public cert file
- #
- try:
- args.TrustedPublicCertFileName = args.TrustedPublicCertFile.name
- args.TrustedPublicCertFile.close()
- except:
- try:
- #
- # Get path to currently executing script or executable
- #
- if hasattr(sys, 'frozen'):
- Pkcs7ToolPath = sys.executable
- else:
- Pkcs7ToolPath = sys.argv[0]
- if Pkcs7ToolPath.startswith('"'):
- Pkcs7ToolPath = Pkcs7ToolPath[1:]
- if Pkcs7ToolPath.endswith('"'):
- Pkcs7ToolPath = RsaToolPath[:-1]
- args.TrustedPublicCertFileName = os.path.join(os.path.dirname(os.path.realpath(Pkcs7ToolPath)), TEST_TRUSTED_PUBLIC_CERT_FILENAME)
- args.TrustedPublicCertFile = open(args.TrustedPublicCertFileName, 'rb')
- args.TrustedPublicCertFile.close()
- except:
- print 'ERROR: test trusted public cert file %s missing' % (args.TrustedPublicCertFileName)
- sys.exit(1)
-
- if not args.SignatureSizeStr:
- print "ERROR: please use the option --signature-size to specify the size of the signature data!"
- sys.exit(1)
- else:
- if args.SignatureSizeStr.upper().startswith('0X'):
- SignatureSize = (long)(args.SignatureSizeStr, 16)
- else:
- SignatureSize = (long)(args.SignatureSizeStr)
- if SignatureSize < 0:
- print "ERROR: The value of option --signature-size can't be set to negative value!"
- sys.exit(1)
- elif SignatureSize > len(args.InputFileBuffer):
- print "ERROR: The value of option --signature-size is exceed the size of the input file !"
- sys.exit(1)
-
- args.SignatureBuffer = args.InputFileBuffer[0:SignatureSize]
- args.InputFileBuffer = args.InputFileBuffer[SignatureSize:]
-
- format = "%dsQ" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
-
- #
- # Save output file contents from input file
- #
- open(args.OutputFileName, 'wb').write(FullInputFileBuffer)
-
- #
- # Verify signature
- #
- Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
- Process.communicate(input=args.SignatureBuffer)[0]
- if Process.returncode <> 0:
- print 'ERROR: Verification failed'
- os.remove (args.OutputFileName)
- sys.exit(Process.returncode)
-
- open(args.OutputFileName, 'wb').write(args.InputFileBuffer)
diff --git a/BaseTools/Source/Python/Pkcs7Sign/Readme.md b/BaseTools/Source/Python/Pkcs7Sign/Readme.md
deleted file mode 100644
index fee0327876..0000000000
--- a/BaseTools/Source/Python/Pkcs7Sign/Readme.md
+++ /dev/null
@@ -1,118 +0,0 @@
-# Step by step to generate sample self-signed X.509 certificate chain and sign data with PKCS7 structure
-
-This readme demonstrates how to generate 3-layer X.509 certificate chain (RootCA -> IntermediateCA -> SigningCert) with OpenSSL commands, and user MUST set a UNIQUE Subject Name ("Common Name") on these three different certificates.
-
-## How to generate a self-signed X.509 certificate chain via OPENSSL
-* Set OPENSSL environment.
-
-NOTE: Below steps are required for Windows. Linux may already have the OPENSSL environment correctly.
-
- set OPENSSL_HOME=c:\home\openssl\openssl-[version]
- set OPENSSL_CONF=%OPENSSL_HOME%\apps\openssl.cnf
-
-When a user uses OpenSSL (req or ca command) to generate the certificates, OpenSSL will use the openssl.cnf file as the configuration data (can use “-config path/to/openssl.cnf” to describe the specific config file).
-
-The user need check the openssl.cnf file, to find your CA path setting, e.g. check if the path exists in [ CA_default ] section.
-
- [ CA_default ]
- dir = ./demoCA # Where everything is kept
-
-You may need the following steps for initialization:
-
- rd ./demoCA /S/Q
- mkdir ./demoCA
- echo.>./demoCA/index.txt
- echo 01 > ./demoCA/serial
- mkdir ./demoCA/newcerts
-
-OpenSSL will apply the options from the specified sections in openssl.cnf when creating certificates or certificate signing requests. Make sure your configuration in openssl.cnf is correct and rational for certificate constraints.
-The following sample sections were used when generating test certificates in this readme.
- ...
- [ req ]
- default_bits = 2048
- default_keyfile = privkey.pem
- distinguished_name = req_distinguished_name
- attributes = req_attributes
- x509_extensions = v3_ca # The extensions to add to the self signed cert
- ...
- [ v3_ca ]
- # Extensions for a typical Root CA.
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid:always,issuer
- basicConstraints = critical,CA:true
- keyUsage = critical, digitalSignature, cRLSign, keyCertSign
- ...
- [ v3_intermediate_ca ]
- # Extensions for a typical intermediate CA.
- subjectKeyIdentifier = hash
- authorityKeyIdentifier = keyid:always,issuer
- basicConstraints = critical, CA:true
- keyUsage = critical, digitalSignature, cRLSign, keyCertSign
- ...
- [ usr_cert ]
- # Extensions for user end certificates.
- basicConstraints = CA:FALSE
- nsCertType = client, email
- subjectKeyIdentifier = hash
- authorityKeyIdentifier = keyid,issuer
- keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
- extendedKeyUsage = clientAuth, emailProtection
- ...
-
-* Generate the certificate chain:
-
-NOTE: User MUST set a UNIQUE "Common Name" on the different certificate
-
-1) Generate the Root Pair:
-
-Generate a root key:
-
- openssl genrsa -aes256 -out TestRoot.key 2048
-
-Generate a self-signed root certificate:
-
- openssl req -extensions v3_ca -new -x509 -days 3650 -key TestRoot.key -out TestRoot.crt
- openssl x509 -in TestRoot.crt -out TestRoot.cer -outform DER
- openssl x509 -inform DER -in TestRoot.cer -outform PEM -out TestRoot.pub.pem
-
-2) Generate the Intermediate Pair:
-
-Generate the intermediate key:
-
- openssl genrsa -aes256 -out TestSub.key 2048
-
-Generate the intermediate certificate:
-
- openssl req -new -days 3650 -key TestSub.key -out TestSub.csr
- openssl ca -extensions v3_intermediate_ca -in TestSub.csr -days 3650 -out TestSub.crt -cert TestRoot.crt -keyfile TestRoot.key
- openssl x509 -in TestSub.crt -out TestSub.cer -outform DER
- openssl x509 -inform DER -in TestSub.cer -outform PEM -out TestSub.pub.pem
-
-3) Generate User Key Pair for Data Signing:
-
-Generate User key:
-
- openssl genrsa -aes256 -out TestCert.key 2048
-
-Generate User certificate:
-
- openssl req -new -days 3650 -key TestCert.key -out TestCert.csr
- openssl ca -extensions usr_cert -in TestCert.csr -days 3650 -out TestCert.crt -cert TestSub.crt -keyfile TestSub.key
- openssl x509 -in TestCert.crt -out TestCert.cer -outform DER
- openssl x509 -inform DER -in TestCert.cer -outform PEM -out TestCert.pub.pem
-
-Convert Key and Certificate for signing. Password is removed with -nodes flag for convenience in this sample.
-
- openssl pkcs12 -export -out TestCert.pfx -inkey TestCert.key -in TestCert.crt
- openssl pkcs12 -in TestCert.pfx -nodes -out TestCert.pem
-
-* Verify Data Signing & Verification with new X.509 Certificate Chain
-
-1) Sign a Binary File to generate a detached PKCS7 signature:
-
- openssl smime -sign -binary -signer TestCert.pem -outform DER -md sha256 -certfile TestSub.pub.pem -out test.bin.p7 -in test.bin
-
-2) Verify PKCS7 Signature of a Binary File:
-
- openssl smime -verify -inform DER -in test.bin.p7 -content test.bin -CAfile TestRoot.pub.pem -out test.org.bin
-
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
deleted file mode 100644
index 6378567523..0000000000
--- a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
+++ /dev/null
@@ -1,60 +0,0 @@
-Bag Attributes
- localKeyID: 32 25 22 FA 81 B3 BF 25 E2 F7 8F 0B 1B C4 50 70 BB B7 85 96
-subject=/C=CN/ST=SH/O=TianoCore/OU=EDKII/CN=TestCert/emailAddress=edkii@tianocore.org
-issuer=/C=CN/ST=SH/O=TianoCore/OU=EDKII/CN=TestSub/emailAddress=edkii@tianocore.org
------BEGIN CERTIFICATE-----
-MIIEKzCCAxOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
-CzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJ
-MRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZIhvcNAQkBFhNlZGtpaUB0aWFub2Nv
-cmUub3JnMB4XDTE3MDQxMDA4MzgwNFoXDTE4MDQxMDA4MzgwNFowdTELMAkGA1UE
-BhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsM
-BUVES0lJMREwDwYDVQQDDAhUZXN0Q2VydDEiMCAGCSqGSIb3DQEJARYTZWRraWlA
-dGlhbm9jb3JlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPe+
-2NX/Tf0iWMJgYMXMoWOiveX9FGx9YcwH+BKn9ZPZHig6CsZ6B17fwBWek8rIOAOR
-W8FL+UyRhsnKF/oKjMN7awiLjackjq8m0bPFHVl4dJooulHmSPCsRMeG/pWs4DVP
-WiIoF1uvXN6MZ3zt0hofgqPnGjJQF0HLECrPqyBv7sit9fIaNZ/clqcR3ZqdXQRU
-fEk7dE8pg+ZjNNa/5WTGwSBB7Ieku4jGbKybvpj6FtEP/8YyAJC3fOD+Y4PIQCnF
-xzWchOGrFcoeqgf/hLhzoiRvalgnvjczbo3W4sgFwFD/WxoDqb1l1moHyOubw5oT
-CdD+J+QwdFl1kCkG+K8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIB
-AQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50
-IENlcnRpZmljYXRlMB0GA1UdDgQWBBTACEuCjiL/cFrP+l8hECWctq+Q+TAfBgNV
-HSMEGDAWgBTWnWbWSXz6II1ddWkqQQp6A1ql6zAOBgNVHQ8BAf8EBAMCBeAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQA7
-vYHdpk9u63dpMKAt5MrKU9dxVn/wuqNaYQMucvQLpcE12fgWMhV2wOHlmk3fJxq7
-CnD8QVaRbL3OQYWQQDA+sGNSJ9r71WFFET++94Rny6BzTz+dkrvIS4WaL/vLZ17c
-/gOsMCZUlhodxDcSSkachab3eE/VTEzOMUm41YYeW7USIoNSSgkWSnwZQVgcIg93
-F9X6lIr0Ik6rxHMq2ManiuSh6cMjJMGYGf2/58TySIefrXTe2A3TKQR27OYjfXJO
-l/H7u+4HS9AVCA7b9NihR5iSho5HrWqNC4Mmuz8D8iFOI2nWcek86StDswtoqDtu
-yekXblzF5lQY0goqDiks
------END CERTIFICATE-----
-Bag Attributes
- localKeyID: 32 25 22 FA 81 B3 BF 25 E2 F7 8F 0B 1B C4 50 70 BB B7 85 96
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQD3vtjV/039IljC
-YGDFzKFjor3l/RRsfWHMB/gSp/WT2R4oOgrGegde38AVnpPKyDgDkVvBS/lMkYbJ
-yhf6CozDe2sIi42nJI6vJtGzxR1ZeHSaKLpR5kjwrETHhv6VrOA1T1oiKBdbr1ze
-jGd87dIaH4Kj5xoyUBdByxAqz6sgb+7IrfXyGjWf3JanEd2anV0EVHxJO3RPKYPm
-YzTWv+VkxsEgQeyHpLuIxmysm76Y+hbRD//GMgCQt3zg/mODyEApxcc1nIThqxXK
-HqoH/4S4c6Ikb2pYJ743M26N1uLIBcBQ/1saA6m9ZdZqB8jrm8OaEwnQ/ifkMHRZ
-dZApBvivAgMBAAECggEBAJ8NtLJ27T/1vBxWuepjfL217sroFyOrv4y5FQgNMvnP
-q6/Ry7cvAupjJjP7EhFfR67qtIi92PjSeUG18HzEJykdZFMhHTlQnBZRCtKqWzRk
-xB9wxGXuPafeQW4D+hBn4632GvzQ1mYziKEMbShkmr3QuxO1PDlO+A9yahfCKbBx
-SPCo+McV+N4c8ft/0UPMxqJLcZSMWscrBMCw1OhGdHry4CEr+NWHBeAAUWXrGSlq
-BPwM6PT00fku1RwQrw0QZw0YKL8VH5iA/uD8hfuaO2YUlt2Z025csNRyIPrizr6v
-Q8Is7jetqPpXulWSBtSYoghTj97DeYQQsQwck+tQN6kCgYEA/beFmdojyc9CoLkd
-0MgwyPBdWma77rj80PAgeRm0hl2KQa8pA6dL/1y5x3vA25gqBr++q+KmSkYT6z/Z
-n3llOk6pRlSWFlxuSLHVjOb/Qp1V/uxEG68Tg8L/I3SlMWiQ+/MnsXNHh+WEtKcZ
-FCVd0ASA4NbsKYKflT2QgraDB00CgYEA+fmRrwRlkh2OxVrxpGFER2uosYGlwQiq
-Xb75eU8BnpO8CCnXtBK4Uv3J6l/zfc+Tr2LzzgPkQiWd4NF1/EFxCNQA5kxGcPf5
-F4f8dPr8CrADO1JNrX2ITHsosaaC1ImdW/r6tl66Ie2ueCImk5Yfu5DQv7JrKh/d
-lrTEUxJL2esCgYEA2VKBla9MSGjH4XOvHk7busJotC6be3fo1e9ZYWGrSAyHiIvI
-zeBXMHz0hPJz16UXGoDTideyKJyuIyul9Pu+wZrvU9bQWIcD0DDDgtW6gAzUxG8M
-R8pHJO26LVyUwyWWSrmUnmLoOndWnIck7CS1nqC849o0n7nLh8IcLlq3EWECgYEA
-1HkeLE4na2f2R6fChv8qAy7uJ1rUodwUuzQtZsAR11EpXSL7tpLG27veGXpPQ9vh
-Yw1PwAesx9Cjfklr6OtTAbb5wMaKhVExB6BNpL0E6KytQon1foaaCLASadXnlHIY
-L+uHmOWxfk9BodkdQwsyk8JGvPoRfq+xMH0b9qQxltsCgYEAtNf8yvoTXUHa2zje
-PvI6OiQjuiON5UIt9KkQNrIrcm4wiQ2eVdkCQcUstuXtmBtvnsrxlay0jbSz2bV6
-1sWlJIvfZJujC901yMs5+twr6jMuXZ6ashWF1f2UbwgtKvh49PPgly4RhWST3Kp1
-J1AmCrzTwtaNmTZd1g5IYreXpKw=
------END PRIVATE KEY-----
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
deleted file mode 100644
index f98462718c..0000000000
--- a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKzCCAxOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
-CzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJ
-MRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZIhvcNAQkBFhNlZGtpaUB0aWFub2Nv
-cmUub3JnMB4XDTE3MDQxMDA4MzgwNFoXDTE4MDQxMDA4MzgwNFowdTELMAkGA1UE
-BhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsM
-BUVES0lJMREwDwYDVQQDDAhUZXN0Q2VydDEiMCAGCSqGSIb3DQEJARYTZWRraWlA
-dGlhbm9jb3JlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPe+
-2NX/Tf0iWMJgYMXMoWOiveX9FGx9YcwH+BKn9ZPZHig6CsZ6B17fwBWek8rIOAOR
-W8FL+UyRhsnKF/oKjMN7awiLjackjq8m0bPFHVl4dJooulHmSPCsRMeG/pWs4DVP
-WiIoF1uvXN6MZ3zt0hofgqPnGjJQF0HLECrPqyBv7sit9fIaNZ/clqcR3ZqdXQRU
-fEk7dE8pg+ZjNNa/5WTGwSBB7Ieku4jGbKybvpj6FtEP/8YyAJC3fOD+Y4PIQCnF
-xzWchOGrFcoeqgf/hLhzoiRvalgnvjczbo3W4sgFwFD/WxoDqb1l1moHyOubw5oT
-CdD+J+QwdFl1kCkG+K8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIB
-AQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50
-IENlcnRpZmljYXRlMB0GA1UdDgQWBBTACEuCjiL/cFrP+l8hECWctq+Q+TAfBgNV
-HSMEGDAWgBTWnWbWSXz6II1ddWkqQQp6A1ql6zAOBgNVHQ8BAf8EBAMCBeAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQA7
-vYHdpk9u63dpMKAt5MrKU9dxVn/wuqNaYQMucvQLpcE12fgWMhV2wOHlmk3fJxq7
-CnD8QVaRbL3OQYWQQDA+sGNSJ9r71WFFET++94Rny6BzTz+dkrvIS4WaL/vLZ17c
-/gOsMCZUlhodxDcSSkachab3eE/VTEzOMUm41YYeW7USIoNSSgkWSnwZQVgcIg93
-F9X6lIr0Ik6rxHMq2ManiuSh6cMjJMGYGf2/58TySIefrXTe2A3TKQR27OYjfXJO
-l/H7u+4HS9AVCA7b9NihR5iSho5HrWqNC4Mmuz8D8iFOI2nWcek86StDswtoqDtu
-yekXblzF5lQY0goqDiks
------END CERTIFICATE-----
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer
deleted file mode 100644
index 4c9bf0be5a..0000000000
--- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer
+++ /dev/null
Binary files differ
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
deleted file mode 100644
index 1331933c3d..0000000000
--- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
+++ /dev/null
@@ -1,58 +0,0 @@
-Bag Attributes
- localKeyID: F4 2E C8 1D 29 A0 02 47 B7 93 2B 69 8D 8D D1 33 7A E3 09 30
-subject=/C=CN/ST=SH/L=SH/O=TianoCore/OU=EDKII/CN=TestRoot/emailAddress=edkii@tianocore.org
-issuer=/C=CN/ST=SH/L=SH/O=TianoCore/OU=EDKII/CN=TestRoot/emailAddress=edkii@tianocore.org
------BEGIN CERTIFICATE-----
-MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
-VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQKDAlUaWFu
-b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdDEiMCAGCSqG
-SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDBaFw0x
-NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNV
-BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYD
-VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9y
-ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3u8GL/
-2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9eqW9fk
-GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTDhGULw7x
-phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM/Z3qS
-HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
-Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZWOtC010
-+lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8GA1Ud
-IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSIngavTGdHtcv
-ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD9hrI3aYI
-WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5jFC
-14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
-oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIrM
-QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunORmgIwd
------END CERTIFICATE-----
-Bag Attributes
- localKeyID: F4 2E C8 1D 29 A0 02 47 B7 93 2B 69 8D 8D D1 33 7A E3 09 30
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5KSlsYAzXI/Z9
-7vBi/9nJqlWMgZVWP7dWU7DCghLFO3UjuU3WxFVz86qVqBvzk36eQOQdIpyTBwvX
-qlvX5BohhNdjWQNQH/UUVZORm/VSsL8OXGg7WVKYllbhq8RDuwVXeEUBn1gVUw4R
-lC8O8aYZom6GOSszjcfF6+4eM9MylMFZxAyXCxJIXzP2YHR9V8ITLX2ph6M16pGD
-P2d6kh8BU59iX5kS/XMbLZ4rbDRJr08Hj8Dpa55feTXaKlyI7vZIYdqW40hGoJQc
-nfZchw7vdAmRDT1a58VMinqsoYW2Z0QXVVI66BFNWKKTAGLqe4Dtz73fdYBLuWVj
-rQtNdPpZAgMBAAECggEAci5d6wT4Jht5P4N/Ha2kweWWR8UJMFyuVD/bura3mITn
-4ZW92HjOMWjLgupeAkCsTi65/PWBFHG97cqSRHnXW2At6ofTsS9j1JxJGfvQtqNj
-zhlR9XdJperfvN5Nc277BkuWUj/O86d5/4Ef29lMknZGLeNHLs15qiWpe1p+HKvt
-+DfL7Prl5qWA5G90QmXgRQJbThl1TYLCYkETB+9m3MIRm8Z01XKH+fm4ahgclEkG
-XaQl04DhMEo7A/sC8NUnozOMEf81Ixkt3wEpoEDtZ+WhRTrgLF23Q4sXAIBMlEfz
-Pz2UaX/9KBT1dRbZseStIjJKMc8qd+pC7Ww2tuHEOQKBgQDmLdFSgHc2URQW/Otj
-fr9S/Z7EPSOA/tmh4dFhQGwzKF4Us838deRz2cRTbgq5BHuBCrMEPRBiX8h4WLEB
-NVZ73JjgOfyshcDXWNg5noc9f24HYHMZnjcFmHNokpyIgxLl2qgN8f03doJEmKkj
-pm/VnfZmkGDd65IXRp8MYMTQOwKBgQDN7ofqKWK5SA+vt+tDOkCYq6eHKb9+ImPh
-PreikT5xc9SMtb0tGlIjKydsiqA9Jv1WRnpUG0fVfMyagBSOrKt9wC143VEvOtkR
-QJehmLLYG97HP7CXtniAWeKuc2pfCd+nGdHLFmduuTEEDcxab5LQc5dvYQ/RfznF
-YVunt73qewKBgQCg11VUpCYpU2CJa7SEMtY4hLbDg8FiazLiVqx7m4u/964+IyKG
-Dk9T0NDKR7PAc2xl0HclOBJR24J27erJ4F6NcKl2za5NU61cDV4SbT8tbvUQvInR
-Veg2xb+nTAOLtKOo8DDMhdMeRXZjvpU6LxwolhfOtYaqq+jK0PNkr933bwKBgA0G
-RiBgR7cyQJO7jSyuVYGSccERuePPZwPLBLBKgWmJiurvX6ynmoRQ6WhrCCF2AtXf
-FUOWih+Nih9HdIVllF8atYWMceML1MjLjguRbdZPRPLTK2cdClgL11NzR0oFhNi7
-wFIY86fEHL6F5OPfZKi8dtp7iBWW919tfe+IpoFbAoGBAMzNKKBHG5eMuKQI/Dww
-50PDHu25TGUiTc1bHx18v7mGlcvhEPkDYAKd3y7FN5VRoooarGYlLDHXez0FvDTa
-ABFUUad70bULTqRTSmld0I9CWWnYs0vaFKgIemddQ7W2eXr7N+N+ED+OK/PvWjMq
-LMKhChf252RfOYdB+WN6alVG
------END PRIVATE KEY-----
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
deleted file mode 100644
index ae67e9c1b5..0000000000
--- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
-VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQKDAlUaWFu
-b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdDEiMCAGCSqG
-SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDBaFw0x
-NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNV
-BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYD
-VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9y
-ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3u8GL/
-2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9eqW9fk
-GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTDhGULw7x
-phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM/Z3qS
-HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
-Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZWOtC010
-+lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8GA1Ud
-IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSIngavTGdHtcv
-ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD9hrI3aYI
-WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5jFC
-14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
-oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIrM
-QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunORmgIwd
------END CERTIFICATE-----
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
deleted file mode 100644
index de988856e5..0000000000
--- a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
+++ /dev/null
@@ -1,59 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 4098 (0x1002)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C = CN, ST = SH, L = SH, O = TianoCore, OU = EDKII, CN = TestRoot, emailAddress = edkii@tianocore.org
- Validity
- Not Before: Apr 10 08:33:45 2017 GMT
- Not After : Apr 10 08:33:45 2018 GMT
- Subject: C = CN, ST = SH, O = TianoCore, OU = EDKII, CN = TestSub, emailAddress = edkii@tianocore.org
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:c5:3a:af:16:34:9a:14:61:74:8c:39:1a:04:1f:
- 7b:95:d3:40:b7:ea:26:a7:7b:8d:76:d3:86:1b:7c:
- 07:17:d2:56:72:36:13:b4:6c:75:b7:bf:d1:35:d1:
- 31:d5:9a:07:c1:62:4e:aa:3d:bd:d8:40:8b:48:9a:
- c5:46:c4:c3:10:2c:d4:82:d9:6d:f4:c3:de:85:fa:
- 34:1d:d1:74:7a:5f:16:34:59:2b:2b:03:61:46:62:
- d7:88:62:59:4d:d8:55:00:52:54:e1:15:5e:a9:ec:
- d6:e8:51:fd:ef:8e:68:5f:d2:40:d2:61:ef:2c:1d:
- 5b:a7:6e:14:4c:12:bc:60:81:8e:66:c9:84:51:c2:
- 89:51:fc:e5:7f:86:9a:78:a4:c1:f7:0f:a9:a5:97:
- 60:dd:6f:c8:a0:fd:ea:07:2f:01:36:0a:e8:bd:0e:
- dc:48:2e:85:22:7b:bb:db:68:78:eb:cd:6a:54:07:
- f7:81:a5:52:8f:f3:5c:09:1e:76:a3:d1:91:8f:ee:
- 86:2c:85:49:99:96:4f:5f:5b:0d:08:ae:d8:20:e8:
- e3:67:70:c6:ec:0e:0e:bd:bf:3c:f6:db:e4:45:d5:
- 7a:bb:9f:d1:3b:18:89:fc:63:ac:c2:30:b8:fa:bb:
- 8a:24:63:4e:79:58:78:72:ab:27:36:3d:bb:4f:47:
- d6:ef
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- D6:9D:66:D6:49:7C:FA:20:8D:5D:75:69:2A:41:0A:7A:03:5A:A5:EB
- X509v3 Authority Key Identifier:
- keyid:16:AA:D6:8E:1B:2D:43:F3:2D:B0:24:AD:36:65:3F:B2:FA:B1:2C:ED
-
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Key Usage: critical
- Digital Signature, Certificate Sign, CRL Sign
- Signature Algorithm: sha256WithRSAEncryption
- 83:3c:ae:b2:fc:99:3d:33:b3:da:ca:26:83:8c:a9:ae:f8:bb:
- ad:05:37:97:a5:f8:0d:2b:4e:3e:e5:b7:12:68:f8:64:d4:bd:
- ff:65:7d:57:98:61:cd:47:10:a5:6a:bd:66:89:74:ce:5e:28:
- 29:39:67:c9:1f:54:ec:78:76:b1:dd:04:91:63:b6:8c:2f:86:
- 59:1f:c4:2b:a1:4a:8c:a8:5b:f6:8a:92:f0:83:bb:92:92:5c:
- b1:1c:18:95:3d:d6:be:6d:79:9d:4f:7b:92:1f:68:f5:1f:cd:
- f4:37:2d:1e:e3:f6:eb:f2:8a:a4:8d:a1:c5:db:0c:3a:59:01:
- dc:be:a9:c1:0b:04:ba:e8:02:a9:85:cd:d7:48:0d:f6:60:30:
- 2b:05:ba:e0:c7:d8:9f:23:14:37:04:0a:a7:bc:b6:c8:25:31:
- e4:9a:41:a5:83:c2:ee:89:d3:fa:a5:7c:ae:a6:14:22:a4:5f:
- 73:03:f2:7b:3c:51:f7:76:2a:0a:cf:ee:71:35:1c:bc:ff:3f:
- 9b:d5:b1:33:e0:b6:fc:2a:c8:ab:84:89:cd:fa:1c:ee:12:8c:
- 07:ba:93:46:50:b3:3f:73:05:be:67:58:60:90:05:2c:d3:b6:
- 19:7c:a4:f0:6e:ee:d4:f2:0e:f5:02:79:5f:2c:28:83:1e:83:
- c6:92:ba:7c
diff --git a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
deleted file mode 100644
index 04402ea983..0000000000
--- a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID1jCCAr6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAkNO
-MQswCQYDVQQIDAJTSDELMAkGA1UEBwwCU0gxEjAQBgNVBAoMCVRpYW5vQ29yZTEO
-MAwGA1UECwwFRURLSUkxETAPBgNVBAMMCFRlc3RSb290MSIwIAYJKoZIhvcNAQkB
-FhNlZGtpaUB0aWFub2NvcmUub3JnMB4XDTE3MDQxMDA4MzM0NVoXDTE4MDQxMDA4
-MzM0NVowdDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFu
-b0NvcmUxDjAMBgNVBAsMBUVES0lJMRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZI
-hvcNAQkBFhNlZGtpaUB0aWFub2NvcmUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAxTqvFjSaFGF0jDkaBB97ldNAt+omp3uNdtOGG3wHF9JWcjYT
-tGx1t7/RNdEx1ZoHwWJOqj292ECLSJrFRsTDECzUgtlt9MPehfo0HdF0el8WNFkr
-KwNhRmLXiGJZTdhVAFJU4RVeqezW6FH9745oX9JA0mHvLB1bp24UTBK8YIGOZsmE
-UcKJUfzlf4aaeKTB9w+ppZdg3W/IoP3qBy8BNgrovQ7cSC6FInu722h4681qVAf3
-gaVSj/NcCR52o9GRj+6GLIVJmZZPX1sNCK7YIOjjZ3DG7A4Ovb889tvkRdV6u5/R
-OxiJ/GOswjC4+ruKJGNOeVh4cqsnNj27T0fW7wIDAQABo2MwYTAdBgNVHQ4EFgQU
-1p1m1kl8+iCNXXVpKkEKegNapeswHwYDVR0jBBgwFoAUFqrWjhstQ/MtsCStNmU/
-svqxLO0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN
-AQELBQADggEBAIM8rrL8mT0zs9rKJoOMqa74u60FN5el+A0rTj7ltxJo+GTUvf9l
-fVeYYc1HEKVqvWaJdM5eKCk5Z8kfVOx4drHdBJFjtowvhlkfxCuhSoyoW/aKkvCD
-u5KSXLEcGJU91r5teZ1Pe5IfaPUfzfQ3LR7j9uvyiqSNocXbDDpZAdy+qcELBLro
-AqmFzddIDfZgMCsFuuDH2J8jFDcECqe8tsglMeSaQaWDwu6J0/qlfK6mFCKkX3MD
-8ns8Ufd2KgrP7nE1HLz/P5vVsTPgtvwqyKuEic36HO4SjAe6k0ZQsz9zBb5nWGCQ
-BSzTthl8pPBu7tTyDvUCeV8sKIMeg8aSunw=
------END CERTIFICATE-----
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 14:02:10 +0000