]>
Commit | Line | Data |
---|---|---|
bd86cb02 | 1 | /** @file\r |
6675a21f | 2 | Image signature database are defined for the signed image validation.\r |
bd86cb02 | 3 | \r |
9095d37b | 4 | Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r |
20333c6d QL |
5 | This program and the accompanying materials\r |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
bd86cb02 | 9 | \r |
20333c6d QL |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
bd86cb02 LG |
12 | \r |
13 | @par Revision Reference:\r | |
686f0c7b | 14 | GUIDs defined in UEFI 2.5 spec.\r |
bd86cb02 LG |
15 | **/\r |
16 | \r | |
17 | #ifndef __IMAGE_AUTHTICATION_H__\r | |
18 | #define __IMAGE_AUTHTICATION_H__\r | |
19 | \r | |
20 | #include <Guid/GlobalVariable.h>\r | |
20333c6d | 21 | #include <Protocol/Hash.h>\r |
bd86cb02 LG |
22 | \r |
23 | #define EFI_IMAGE_SECURITY_DATABASE_GUID \\r | |
24 | { \\r | |
25 | 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \\r | |
26 | }\r | |
27 | \r | |
28 | ///\r | |
20333c6d | 29 | /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID\r |
bd86cb02 LG |
30 | /// for the authorized signature database.\r |
31 | ///\r | |
32 | #define EFI_IMAGE_SECURITY_DATABASE L"db"\r | |
33 | ///\r | |
20333c6d | 34 | /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID\r |
bd86cb02 LG |
35 | /// for the forbidden signature database.\r |
36 | ///\r | |
37 | #define EFI_IMAGE_SECURITY_DATABASE1 L"dbx"\r | |
20333c6d QL |
38 | ///\r |
39 | /// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID\r | |
40 | /// for the timestamp signature database.\r | |
41 | ///\r | |
42 | #define EFI_IMAGE_SECURITY_DATABASE2 L"dbt"\r | |
6675a21f | 43 | \r |
ab0eecec | 44 | #define SECURE_BOOT_MODE_ENABLE 1\r |
45 | #define SECURE_BOOT_MODE_DISABLE 0\r | |
4b11f72e | 46 | \r |
faec4992 CZ |
47 | #define SETUP_MODE 1\r |
48 | #define USER_MODE 0\r | |
ab0eecec | 49 | \r |
bd86cb02 LG |
50 | //***********************************************************************\r |
51 | // Signature Database\r | |
52 | //***********************************************************************\r | |
53 | ///\r | |
20333c6d | 54 | /// The format of a signature database.\r |
bd86cb02 LG |
55 | ///\r |
56 | #pragma pack(1)\r | |
57 | \r | |
58 | typedef struct {\r | |
59 | ///\r | |
60 | /// An identifier which identifies the agent which added the signature to the list.\r | |
61 | ///\r | |
60bd4ccd | 62 | EFI_GUID SignatureOwner;\r |
bd86cb02 LG |
63 | ///\r |
64 | /// The format of the signature is defined by the SignatureType.\r | |
65 | ///\r | |
60bd4ccd | 66 | UINT8 SignatureData[1];\r |
bd86cb02 LG |
67 | } EFI_SIGNATURE_DATA;\r |
68 | \r | |
69 | typedef struct {\r | |
70 | ///\r | |
71 | /// Type of the signature. GUID signature types are defined in below.\r | |
72 | ///\r | |
60bd4ccd | 73 | EFI_GUID SignatureType;\r |
bd86cb02 LG |
74 | ///\r |
75 | /// Total size of the signature list, including this header.\r | |
76 | ///\r | |
60bd4ccd | 77 | UINT32 SignatureListSize;\r |
bd86cb02 LG |
78 | ///\r |
79 | /// Size of the signature header which precedes the array of signatures.\r | |
80 | ///\r | |
60bd4ccd | 81 | UINT32 SignatureHeaderSize;\r |
bd86cb02 LG |
82 | ///\r |
83 | /// Size of each signature.\r | |
84 | ///\r | |
20333c6d | 85 | UINT32 SignatureSize;\r |
bd86cb02 | 86 | ///\r |
20333c6d | 87 | /// Header before the array of signatures. The format of this header is specified\r |
bd86cb02 LG |
88 | /// by the SignatureType.\r |
89 | /// UINT8 SignatureHeader[SignatureHeaderSize];\r | |
90 | ///\r | |
20333c6d | 91 | /// An array of signatures. Each signature is SignatureSize bytes in length.\r |
bd86cb02 LG |
92 | /// EFI_SIGNATURE_DATA Signatures[][SignatureSize];\r |
93 | ///\r | |
94 | } EFI_SIGNATURE_LIST;\r | |
95 | \r | |
20333c6d QL |
96 | typedef struct {\r |
97 | ///\r | |
98 | /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents.\r | |
99 | ///\r | |
100 | EFI_SHA256_HASH ToBeSignedHash;\r | |
101 | ///\r | |
102 | /// The time that the certificate shall be considered to be revoked.\r | |
103 | ///\r | |
104 | EFI_TIME TimeOfRevocation;\r | |
105 | } EFI_CERT_X509_SHA256;\r | |
106 | \r | |
107 | typedef struct {\r | |
108 | ///\r | |
109 | /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents.\r | |
110 | ///\r | |
111 | EFI_SHA384_HASH ToBeSignedHash;\r | |
112 | ///\r | |
113 | /// The time that the certificate shall be considered to be revoked.\r | |
114 | ///\r | |
115 | EFI_TIME TimeOfRevocation;\r | |
116 | } EFI_CERT_X509_SHA384;\r | |
117 | \r | |
118 | typedef struct {\r | |
119 | ///\r | |
120 | /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents.\r | |
121 | ///\r | |
122 | EFI_SHA512_HASH ToBeSignedHash;\r | |
123 | ///\r | |
124 | /// The time that the certificate shall be considered to be revoked.\r | |
125 | ///\r | |
126 | EFI_TIME TimeOfRevocation;\r | |
127 | } EFI_CERT_X509_SHA512;\r | |
128 | \r | |
bd86cb02 LG |
129 | #pragma pack()\r |
130 | \r | |
131 | ///\r | |
f704fc85 | 132 | /// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall\r |
133 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
134 | /// 32 bytes.\r | |
bd86cb02 LG |
135 | ///\r |
136 | #define EFI_CERT_SHA256_GUID \\r | |
137 | { \\r | |
138 | 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \\r | |
139 | }\r | |
140 | \r | |
141 | ///\r | |
f704fc85 | 142 | /// This identifies a signature containing an RSA-2048 key. The key (only the modulus\r |
143 | /// since the public key exponent is known to be 0x10001) shall be stored in big-endian\r | |
144 | /// order.\r | |
20333c6d | 145 | /// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size\r |
6048a5b0 | 146 | /// of SignatureOwner component) + 256 bytes.\r |
bd86cb02 LG |
147 | ///\r |
148 | #define EFI_CERT_RSA2048_GUID \\r | |
149 | { \\r | |
150 | 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \\r | |
151 | }\r | |
152 | \r | |
153 | ///\r | |
20333c6d QL |
154 | /// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The\r |
155 | /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of\r | |
6048a5b0 | 156 | /// SignatureOwner component) + 256 bytes.\r |
bd86cb02 LG |
157 | ///\r |
158 | #define EFI_CERT_RSA2048_SHA256_GUID \\r | |
159 | { \\r | |
160 | 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \\r | |
161 | }\r | |
162 | \r | |
163 | ///\r | |
f704fc85 | 164 | /// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always\r |
6048a5b0 | 165 | /// be 16 (size of SignatureOwner component) + 20 bytes.\r |
bd86cb02 LG |
166 | ///\r |
167 | #define EFI_CERT_SHA1_GUID \\r | |
168 | { \\r | |
169 | 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \\r | |
170 | }\r | |
171 | \r | |
172 | ///\r | |
20333c6d QL |
173 | /// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The\r |
174 | /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of\r | |
6048a5b0 | 175 | /// SignatureOwner component) + 256 bytes.\r |
bd86cb02 LG |
176 | ///\r |
177 | #define EFI_CERT_RSA2048_SHA1_GUID \\r | |
178 | { \\r | |
179 | 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \\r | |
180 | }\r | |
181 | \r | |
182 | ///\r | |
f704fc85 | 183 | /// This identifies a signature based on an X.509 certificate. If the signature is an X.509\r |
20333c6d QL |
184 | /// certificate then verification of the signature of an image should validate the public\r |
185 | /// key certificate in the image using certificate path verification, up to this X.509\r | |
f704fc85 | 186 | /// certificate as a trusted root. The SignatureHeader size shall always be 0. The\r |
20333c6d QL |
187 | /// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) +\r |
188 | /// the size of the certificate itself.\r | |
f704fc85 | 189 | /// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST.\r |
bd86cb02 | 190 | ///\r |
f704fc85 | 191 | #define EFI_CERT_X509_GUID \\r |
bd86cb02 LG |
192 | { \\r |
193 | 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \\r | |
194 | }\r | |
195 | \r | |
f704fc85 | 196 | ///\r |
197 | /// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall\r | |
198 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
199 | /// 28 bytes.\r | |
200 | ///\r | |
201 | #define EFI_CERT_SHA224_GUID \\r | |
202 | { \\r | |
203 | 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \\r | |
204 | }\r | |
205 | \r | |
206 | ///\r | |
207 | /// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall\r | |
208 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
209 | /// 48 bytes.\r | |
210 | ///\r | |
211 | #define EFI_CERT_SHA384_GUID \\r | |
212 | { \\r | |
213 | 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \\r | |
20333c6d | 214 | }\r |
f704fc85 | 215 | \r |
216 | ///\r | |
217 | /// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall\r | |
218 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
219 | /// 64 bytes.\r | |
220 | ///\r | |
221 | #define EFI_CERT_SHA512_GUID \\r | |
222 | { \\r | |
223 | 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \\r | |
224 | }\r | |
ab0eecec | 225 | \r |
20333c6d QL |
226 | ///\r |
227 | /// This identifies a signature containing the SHA256 hash of an X.509 certificate's\r | |
228 | /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall\r | |
229 | /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)\r | |
230 | /// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero,\r | |
231 | /// the certificate should be considered to be revoked from that time and onwards, and\r | |
232 | /// otherwise the certificate shall be considered to always be revoked.\r | |
233 | ///\r | |
234 | #define EFI_CERT_X509_SHA256_GUID \\r | |
235 | { \\r | |
236 | 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \\r | |
237 | }\r | |
238 | \r | |
239 | ///\r | |
240 | /// This identifies a signature containing the SHA384 hash of an X.509 certificate's\r | |
241 | /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall\r | |
242 | /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)\r | |
243 | /// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero,\r | |
244 | /// the certificate should be considered to be revoked from that time and onwards, and\r | |
245 | /// otherwise the certificate shall be considered to always be revoked.\r | |
246 | ///\r | |
247 | #define EFI_CERT_X509_SHA384_GUID \\r | |
248 | { \\r | |
249 | 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \\r | |
250 | }\r | |
251 | \r | |
252 | ///\r | |
253 | /// This identifies a signature containing the SHA512 hash of an X.509 certificate's\r | |
254 | /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall\r | |
255 | /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)\r | |
256 | /// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero,\r | |
257 | /// the certificate should be considered to be revoked from that time and onwards, and\r | |
258 | /// otherwise the certificate shall be considered to always be revoked.\r | |
259 | ///\r | |
260 | #define EFI_CERT_X509_SHA512_GUID \\r | |
261 | { \\r | |
262 | 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \\r | |
263 | }\r | |
264 | \r | |
ab0eecec | 265 | ///\r |
266 | /// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315]\r | |
267 | /// SignedData value.\r | |
268 | ///\r | |
269 | #define EFI_CERT_TYPE_PKCS7_GUID \\r | |
270 | { \\r | |
271 | 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \\r | |
272 | }\r | |
20333c6d | 273 | \r |
bd86cb02 LG |
274 | //***********************************************************************\r |
275 | // Image Execution Information Table Definition\r | |
276 | //***********************************************************************\r | |
277 | typedef UINT32 EFI_IMAGE_EXECUTION_ACTION;\r | |
278 | \r | |
20333c6d | 279 | #define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007\r |
3f275826 LG |
280 | #define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000\r |
281 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001\r | |
282 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002\r | |
283 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003\r | |
284 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004\r | |
285 | #define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005\r | |
286 | #define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008\r | |
bd86cb02 LG |
287 | \r |
288 | //\r | |
20333c6d | 289 | // EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table\r |
bd86cb02 LG |
290 | // and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID.\r |
291 | //\r | |
292 | typedef struct {\r | |
293 | ///\r | |
294 | /// Describes the action taken by the firmware regarding this image.\r | |
295 | ///\r | |
60bd4ccd | 296 | EFI_IMAGE_EXECUTION_ACTION Action;\r |
bd86cb02 LG |
297 | ///\r |
298 | /// Size of all of the entire structure.\r | |
299 | ///\r | |
300 | UINT32 InfoSize;\r | |
301 | ///\r | |
20333c6d QL |
302 | /// If this image was a UEFI device driver (for option ROM, for example) this is the\r |
303 | /// null-terminated, user-friendly name for the device. If the image was for an application,\r | |
304 | /// then this is the name of the application. If this cannot be determined, then a simple\r | |
bd86cb02 LG |
305 | /// NULL character should be put in this position.\r |
306 | /// CHAR16 Name[];\r | |
307 | ///\r | |
308 | \r | |
309 | ///\r | |
20333c6d QL |
310 | /// For device drivers, this is the device path of the device for which this device driver\r |
311 | /// was intended. In some cases, the driver itself may be stored as part of the system\r | |
312 | /// firmware, but this field should record the device's path, not the firmware path. For\r | |
313 | /// applications, this is the device path of the application. If this cannot be determined,\r | |
bd86cb02 LG |
314 | /// a simple end-of-path device node should be put in this position.\r |
315 | /// EFI_DEVICE_PATH_PROTOCOL DevicePath;\r | |
316 | ///\r | |
317 | \r | |
bd86cb02 | 318 | ///\r |
20333c6d | 319 | /// Zero or more image signatures. If the image contained no signatures,\r |
bd86cb02 | 320 | /// then this field is empty.\r |
686f0c7b | 321 | /// EFI_SIGNATURE_LIST Signature;\r |
9095d37b | 322 | ///\r |
bd86cb02 LG |
323 | } EFI_IMAGE_EXECUTION_INFO;\r |
324 | \r | |
a1e98f78 LG |
325 | \r |
326 | typedef struct {\r | |
327 | ///\r | |
328 | /// Number of EFI_IMAGE_EXECUTION_INFO structures.\r | |
329 | ///\r | |
20333c6d | 330 | UINTN NumberOfImages;\r |
a1e98f78 LG |
331 | ///\r |
332 | /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures.\r | |
333 | ///\r | |
20333c6d | 334 | // EFI_IMAGE_EXECUTION_INFO InformationInfo[]\r |
a1e98f78 LG |
335 | } EFI_IMAGE_EXECUTION_INFO_TABLE;\r |
336 | \r | |
bd86cb02 LG |
337 | extern EFI_GUID gEfiImageSecurityDatabaseGuid;\r |
338 | extern EFI_GUID gEfiCertSha256Guid;\r | |
20333c6d | 339 | extern EFI_GUID gEfiCertRsa2048Guid;\r |
bd86cb02 LG |
340 | extern EFI_GUID gEfiCertRsa2048Sha256Guid;\r |
341 | extern EFI_GUID gEfiCertSha1Guid;\r | |
342 | extern EFI_GUID gEfiCertRsa2048Sha1Guid;\r | |
343 | extern EFI_GUID gEfiCertX509Guid;\r | |
05c82e51 SZ |
344 | extern EFI_GUID gEfiCertSha224Guid;\r |
345 | extern EFI_GUID gEfiCertSha384Guid;\r | |
346 | extern EFI_GUID gEfiCertSha512Guid;\r | |
20333c6d QL |
347 | extern EFI_GUID gEfiCertX509Sha256Guid;\r |
348 | extern EFI_GUID gEfiCertX509Sha384Guid;\r | |
349 | extern EFI_GUID gEfiCertX509Sha512Guid;\r | |
ab0eecec | 350 | extern EFI_GUID gEfiCertPkcs7Guid;\r |
bd86cb02 | 351 | \r |
543cc44e | 352 | #endif\r |