]>
Commit | Line | Data |
---|---|---|
30fdf114 | 1 | /** @file\r |
f7496d71 | 2 | This includes some definitions introduced in UEFI that will be used in both PEI\r |
97fa0ee9 | 3 | and DXE phases.\r |
30fdf114 | 4 | \r |
7b6dad32 | 5 | (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r |
a16f7f47 | 6 | Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r |
30fdf114 LG |
7 | \r |
8 | This program and the accompanying materials are licensed and made available\r | |
9 | under the terms and conditions of the BSD License which accompanies this\r | |
97fa0ee9 | 10 | distribution. The full text of the license may be found at\r |
30fdf114 LG |
11 | http://opensource.org/licenses/bsd-license.php\r |
12 | \r | |
13 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
14 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
15 | \r | |
30fdf114 LG |
16 | **/\r |
17 | \r | |
18 | #ifndef __UEFI_MULTIPHASE_H__\r | |
19 | #define __UEFI_MULTIPHASE_H__\r | |
20 | \r | |
21 | //\r | |
22 | // Enumeration of memory types introduced in UEFI.\r | |
f7496d71 | 23 | //\r |
30fdf114 LG |
24 | typedef enum {\r |
25 | EfiReservedMemoryType,\r | |
26 | EfiLoaderCode,\r | |
27 | EfiLoaderData,\r | |
28 | EfiBootServicesCode,\r | |
29 | EfiBootServicesData,\r | |
30 | EfiRuntimeServicesCode,\r | |
31 | EfiRuntimeServicesData,\r | |
32 | EfiConventionalMemory,\r | |
33 | EfiUnusableMemory,\r | |
34 | EfiACPIReclaimMemory,\r | |
35 | EfiACPIMemoryNVS,\r | |
36 | EfiMemoryMappedIO,\r | |
37 | EfiMemoryMappedIOPortSpace,\r | |
38 | EfiPalCode,\r | |
7b6dad32 | 39 | EfiPersistentMemory,\r |
30fdf114 LG |
40 | EfiMaxMemoryType\r |
41 | } EFI_MEMORY_TYPE;\r | |
42 | \r | |
43 | \r | |
44 | //\r | |
45 | // Data structure that precedes all of the standard EFI table types.\r | |
f7496d71 | 46 | //\r |
30fdf114 LG |
47 | typedef struct {\r |
48 | UINT64 Signature;\r | |
49 | UINT32 Revision;\r | |
50 | UINT32 HeaderSize;\r | |
51 | UINT32 CRC32;\r | |
52 | UINT32 Reserved;\r | |
53 | } EFI_TABLE_HEADER;\r | |
54 | \r | |
55 | //\r | |
56 | // Attributes of variable.\r | |
f7496d71 | 57 | //\r |
30fdf114 LG |
58 | #define EFI_VARIABLE_NON_VOLATILE 0x00000001\r |
59 | #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002\r | |
60 | #define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004\r | |
61 | #define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008\r | |
62 | \r | |
63 | //\r | |
f7496d71 | 64 | // This attribute is identified by the mnemonic 'HR'\r |
30fdf114 | 65 | // elsewhere in this specification.\r |
f7496d71 | 66 | //\r |
30fdf114 LG |
67 | #define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010\r |
68 | \r | |
69 | \r | |
70 | \r | |
71 | //\r | |
72 | // _WIN_CERTIFICATE.wCertificateType\r | |
f7496d71 | 73 | //\r |
30fdf114 LG |
74 | #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0\r |
75 | #define WIN_CERT_TYPE_EFI_GUID 0x0EF1\r | |
76 | \r | |
77 | /**\r | |
f7496d71 | 78 | \r |
30fdf114 LG |
79 | The WIN_CERTIFICATE structure is part of the PE/COFF\r |
80 | specification and has the following definition:\r | |
81 | \r | |
82 | @param dwLength The length of the entire certificate,\r | |
83 | including the length of the header, in\r | |
84 | bytes.\r | |
85 | \r | |
86 | @param wRevision The revision level of the WIN_CERTIFICATE\r | |
87 | structure. The current revision level is\r | |
88 | 0x0200.\r | |
89 | \r | |
90 | @param wCertificateType The certificate type. See\r | |
91 | WIN_CERT_TYPE_xxx for the UEFI\r | |
92 | certificate types. The UEFI\r | |
93 | specification reserves the range of\r | |
94 | certificate type values from 0x0EF0\r | |
95 | to 0x0EFF.\r | |
96 | \r | |
97 | @param bCertificate The actual certificate. The format of\r | |
98 | the certificate depends on\r | |
99 | wCertificateType. The format of the UEFI\r | |
100 | certificates is defined below.\r | |
101 | \r | |
102 | \r | |
103 | **/\r | |
104 | typedef struct _WIN_CERTIFICATE {\r | |
105 | UINT32 dwLength;\r | |
106 | UINT16 wRevision;\r | |
107 | UINT16 wCertificateType;\r | |
108 | //UINT8 bCertificate[ANYSIZE_ARRAY];\r | |
109 | } WIN_CERTIFICATE;\r | |
110 | \r | |
111 | //\r | |
112 | // WIN_CERTIFICATE_UEFI_GUID.CertType\r | |
f7496d71 | 113 | //\r |
30fdf114 LG |
114 | #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \\r |
115 | {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }\r | |
116 | \r | |
117 | //\r | |
118 | // WIN_CERTIFICATE_UEFI_GUID.CertData\r | |
f7496d71 | 119 | //\r |
30fdf114 | 120 | typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {\r |
4afd3d04 LG |
121 | EFI_GUID HashType;\r |
122 | UINT8 PublicKey[256];\r | |
123 | UINT8 Signature[256];\r | |
30fdf114 LG |
124 | } EFI_CERT_BLOCK_RSA_2048_SHA256;\r |
125 | \r | |
126 | \r | |
127 | /**\r | |
f7496d71 | 128 | \r |
30fdf114 LG |
129 | @param Hdr This is the standard WIN_CERTIFICATE header, where\r |
130 | wCertificateType is set to\r | |
4afd3d04 | 131 | WIN_CERT_TYPE_EFI_GUID.\r |
30fdf114 LG |
132 | \r |
133 | @param CertType This is the unique id which determines the\r | |
134 | format of the CertData. In this case, the\r | |
135 | value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.\r | |
136 | \r | |
137 | @param CertData This is the certificate data. The format of\r | |
138 | the data is determined by the CertType. In\r | |
139 | this case the value is\r | |
140 | EFI_CERT_BLOCK_RSA_2048_SHA256.\r | |
141 | \r | |
142 | @param Information The WIN_CERTIFICATE_UEFI_GUID certificate\r | |
143 | type allows new types of certificates to\r | |
144 | be developed for driver authentication\r | |
145 | without requiring a new certificate type.\r | |
146 | The CertType defines the format of the\r | |
147 | CertData, which length is defined by the\r | |
148 | size of the certificate less the fixed\r | |
149 | size of the WIN_CERTIFICATE_UEFI_GUID\r | |
150 | structure.\r | |
151 | \r | |
152 | **/\r | |
153 | typedef struct _WIN_CERTIFICATE_UEFI_GUID {\r | |
154 | WIN_CERTIFICATE Hdr;\r | |
155 | EFI_GUID CertType;\r | |
a16f7f47 | 156 | UINT8 CertData[1];\r |
30fdf114 LG |
157 | } WIN_CERTIFICATE_UEFI_GUID;\r |
158 | \r | |
159 | \r | |
160 | /**\r | |
f7496d71 | 161 | \r |
30fdf114 LG |
162 | Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital\r |
163 | signature.\r | |
f7496d71 | 164 | \r |
30fdf114 | 165 | The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from\r |
f7496d71 LG |
166 | WIN_CERTIFICATE and encapsulate the information needed to\r |
167 | implement the RSASSA-PKCS1-v1_5 digital signature algorithm as\r | |
168 | specified in RFC2437.\r | |
169 | \r | |
30fdf114 LG |
170 | @param Hdr This is the standard WIN_CERTIFICATE header, where\r |
171 | wCertificateType is set to\r | |
172 | WIN_CERT_TYPE_UEFI_PKCS1_15.\r | |
f7496d71 | 173 | \r |
30fdf114 LG |
174 | @param HashAlgorithm This is the hashing algorithm which was\r |
175 | performed on the UEFI executable when\r | |
176 | creating the digital signature. It is\r | |
177 | one of the enumerated values pre-defined\r | |
178 | in Section 26.4.1. See\r | |
179 | EFI_HASH_ALGORITHM_x.\r | |
f7496d71 | 180 | \r |
30fdf114 LG |
181 | @param Signature This is the actual digital signature. The\r |
182 | size of the signature is the same size as\r | |
183 | the key (1024-bit key is 128 bytes) and can\r | |
184 | be determined by subtracting the length of\r | |
185 | the other parts of this header from the\r | |
186 | total length of the certificate as found in\r | |
187 | Hdr.dwLength.\r | |
188 | \r | |
189 | **/\r | |
190 | typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 {\r | |
191 | WIN_CERTIFICATE Hdr;\r | |
192 | EFI_GUID HashAlgorithm;\r | |
193 | // UINT8 Signature[ANYSIZE_ARRAY];\r | |
194 | } WIN_CERTIFICATE_EFI_PKCS1_15;\r | |
195 | \r | |
196 | \r | |
197 | /**\r | |
f7496d71 | 198 | \r |
30fdf114 LG |
199 | AuthInfo is a WIN_CERTIFICATE using the wCertificateType\r |
200 | WIN_CERTIFICATE_UEFI_GUID and the CertType\r | |
201 | EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies\r | |
202 | authenticated access, then the Data buffer should begin with an\r | |
203 | authentication descriptor prior to the data payload and DataSize\r | |
fb0b35e0 | 204 | should reflect the data.and descriptor size. The caller\r |
30fdf114 LG |
205 | shall digest the Monotonic Count value and the associated data\r |
206 | for the variable update using the SHA-256 1-way hash algorithm.\r | |
207 | The ensuing the 32-byte digest will be signed using the private\r | |
208 | key associated w/ the public/private 2048-bit RSA key-pair. The\r | |
209 | WIN_CERTIFICATE shall be used to describe the signature of the\r | |
210 | Variable data *Data. In addition, the signature will also\r | |
211 | include the MonotonicCount value to guard against replay attacks\r | |
f7496d71 | 212 | \r |
30fdf114 LG |
213 | @param MonotonicCount Included in the signature of\r |
214 | AuthInfo.Used to ensure freshness/no\r | |
215 | replay. Incremented during each\r | |
216 | "Write" access.\r | |
f7496d71 | 217 | \r |
30fdf114 LG |
218 | @param AuthInfo Provides the authorization for the variable\r |
219 | access. It is a signature across the\r | |
220 | variable data and the Monotonic Count\r | |
221 | value. Caller uses Private key that is\r | |
222 | associated with a public key that has been\r | |
223 | provisioned via the key exchange.\r | |
224 | \r | |
225 | **/\r | |
226 | typedef struct {\r | |
227 | UINT64 MonotonicCount;\r | |
228 | WIN_CERTIFICATE_UEFI_GUID AuthInfo;\r | |
229 | } EFI_VARIABLE_AUTHENTICATION;\r | |
230 | \r | |
231 | #endif\r | |
232 | \r |