Edit

OPM Certificate Revocation

  • Article

An output protection manager (OPM) certificate can be revoked by Microsoft. The list of revoked certificates is stored in a global revocation list (GRL). The GRL has the following format:

Section Description
Header A GRL_HEADER structure.
Core Contains the following revocation lists:
  • Kernel binary revocations
  • User-mode binary revocations
  • Certificate revocations
  • Trusted roots (reserved)
The list of trusted roots is currently not used, and is reserved for future use.
Extensible entries Contains information used by other components. This section is not relevant to OPM.
Renewals: Contains GUIDs that define Windows Update identifiers. This section contains identifiers for the following lists:
  • Kernel binary revocations
  • User-mode binary revocations
  • Certificate revocations
An application can use these identifiers to request a renewed version of a revoked binary, if one is available.
Signature: Core section Signs the header and core sections.
Signature: Extensible section Signs the header and extensible sections.

 

The GRL header is a GRL_HEADER structure. The dwSequenceNumber member of the structure contains the GRL version number. This number is incremented whenever the GRL is updated and a new version placed on the user's computer.

Revoked OPM certificates are listed in the certificate revocations list of the Core section. Each Core entry in the GRL is a 20-byte array that contains the SHA-1 hash of the public key of the revoked certificate.

The Signature sections contains signatures that can be used to verify that the GRL has not been tampered with. Each Signature sections contains am MF_SIGNATURE structure. The first signature signs the header plus the Core section. The second signature signs the header plus the Extensible section; this signature is not relevant to OPM.

To ensure that the GRL itself has not been tampered with, verify the signature as follows:

  1. Find the start of the MF_SIGNATURE structure. The location of the MF_SIGNATURE structure is given in the cbSignatureCoreOffset member of the GRL_HEADER structure. The location is specified as an offset in bytes from the start of the GRL.
  2. Parse the MF_SIGNATURE structure as a PKCS #7 signature with a certificate chain.
  3. Verify the certificate chain up to a trusted root.
  4. Verify that the leaf certificate has the following object identifier in the EKU: "1.3.6.1.4.1.311.10.5.4".
  5. Compute a hash of the bytes that include the header and the core sections of the GRL.
  6. Verify that the hash matches the signature in the leaf certificate.

Output Protection Manager

GRL_HEADER

MF_SIGNATURE