]>
Commit | Line | Data |
---|---|---|
1c9418fc | 1 | /** @file\r |
a79b115a LE |
2 | Type definitions and object declarations for the EnrollDefaultKeys\r |
3 | application.\r | |
1c9418fc LE |
4 | \r |
5 | Copyright (C) 2014-2019, Red Hat, Inc.\r | |
6 | \r | |
7 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
8 | **/\r | |
9 | \r | |
10 | #ifndef ENROLL_DEFAULT_KEYS_H_\r | |
11 | #define ENROLL_DEFAULT_KEYS_H_\r | |
12 | \r | |
13 | #include <Uefi/UefiBaseType.h>\r | |
14 | \r | |
15 | //\r | |
16 | // Convenience structure types for constructing "signature lists" for\r | |
17 | // authenticated UEFI variables.\r | |
18 | //\r | |
19 | // The most important thing about the variable payload is that it is a list of\r | |
20 | // lists, where the element size of any given *inner* list is constant.\r | |
21 | //\r | |
22 | // Since X509 certificates vary in size, each of our *inner* lists will contain\r | |
23 | // one element only (one X.509 certificate). This is explicitly mentioned in\r | |
24 | // the UEFI specification, in "28.4.1 Signature Database", in a Note.\r | |
25 | //\r | |
26 | // The list structure looks as follows:\r | |
27 | //\r | |
28 | // struct EFI_VARIABLE_AUTHENTICATION_2 { |\r | |
29 | // struct EFI_TIME { |\r | |
30 | // UINT16 Year; |\r | |
31 | // UINT8 Month; |\r | |
32 | // UINT8 Day; |\r | |
33 | // UINT8 Hour; |\r | |
34 | // UINT8 Minute; |\r | |
35 | // UINT8 Second; |\r | |
36 | // UINT8 Pad1; |\r | |
37 | // UINT32 Nanosecond; |\r | |
38 | // INT16 TimeZone; |\r | |
39 | // UINT8 Daylight; |\r | |
40 | // UINT8 Pad2; |\r | |
41 | // } TimeStamp; |\r | |
42 | // |\r | |
43 | // struct WIN_CERTIFICATE_UEFI_GUID { | |\r | |
44 | // struct WIN_CERTIFICATE { | |\r | |
45 | // UINT32 dwLength; ----------------------------------------+ |\r | |
46 | // UINT16 wRevision; | |\r | |
47 | // UINT16 wCertificateType; | |\r | |
48 | // } Hdr; | +- DataSize\r | |
49 | // | |\r | |
50 | // EFI_GUID CertType; | |\r | |
51 | // UINT8 CertData[1] = { <--- "struct hack" | |\r | |
52 | // struct EFI_SIGNATURE_LIST { | | |\r | |
53 | // EFI_GUID SignatureType; | | |\r | |
54 | // UINT32 SignatureListSize; -------------------------+ | |\r | |
55 | // UINT32 SignatureHeaderSize; | | |\r | |
56 | // UINT32 SignatureSize; ---------------------------+ | | |\r | |
57 | // UINT8 SignatureHeader[SignatureHeaderSize]; | | | |\r | |
58 | // v | | |\r | |
59 | // struct EFI_SIGNATURE_DATA { | | | |\r | |
60 | // EFI_GUID SignatureOwner; | | | |\r | |
61 | // UINT8 SignatureData[1] = { <--- "struct hack" | | | |\r | |
62 | // X.509 payload | | | |\r | |
63 | // } | | | |\r | |
64 | // } Signatures[]; | | |\r | |
65 | // } SigLists[]; | |\r | |
66 | // }; | |\r | |
67 | // } AuthInfo; | |\r | |
68 | // }; |\r | |
69 | //\r | |
70 | // Given that the "struct hack" invokes undefined behavior (which is why C99\r | |
71 | // introduced the flexible array member), and because subtracting those pesky\r | |
72 | // sizes of 1 is annoying, and because the format is fully specified in the\r | |
73 | // UEFI specification, we'll introduce two matching convenience structures that\r | |
74 | // are customized for our X.509 purposes.\r | |
75 | //\r | |
76 | #pragma pack (1)\r | |
77 | typedef struct {\r | |
78 | EFI_TIME TimeStamp;\r | |
79 | \r | |
80 | //\r | |
81 | // dwLength covers data below\r | |
82 | //\r | |
83 | UINT32 dwLength;\r | |
84 | UINT16 wRevision;\r | |
85 | UINT16 wCertificateType;\r | |
86 | EFI_GUID CertType;\r | |
87 | } SINGLE_HEADER;\r | |
88 | \r | |
89 | typedef struct {\r | |
90 | //\r | |
91 | // SignatureListSize covers data below\r | |
92 | //\r | |
93 | EFI_GUID SignatureType;\r | |
94 | UINT32 SignatureListSize;\r | |
95 | UINT32 SignatureHeaderSize; // constant 0\r | |
96 | UINT32 SignatureSize;\r | |
97 | \r | |
98 | //\r | |
99 | // SignatureSize covers data below\r | |
100 | //\r | |
101 | EFI_GUID SignatureOwner;\r | |
102 | \r | |
103 | //\r | |
104 | // X.509 certificate follows\r | |
105 | //\r | |
106 | } REPEATING_HEADER;\r | |
107 | #pragma pack ()\r | |
108 | \r | |
109 | \r | |
110 | //\r | |
111 | // A structure that collects the values of UEFI variables related to Secure\r | |
112 | // Boot.\r | |
113 | //\r | |
114 | typedef struct {\r | |
115 | UINT8 SetupMode;\r | |
116 | UINT8 SecureBoot;\r | |
117 | UINT8 SecureBootEnable;\r | |
118 | UINT8 CustomMode;\r | |
119 | UINT8 VendorKeys;\r | |
120 | } SETTINGS;\r | |
121 | \r | |
a79b115a LE |
122 | \r |
123 | //\r | |
124 | // Refer to "AuthData.c" for details on the following objects.\r | |
125 | //\r | |
a79b115a LE |
126 | extern CONST UINT8 mMicrosoftKek[];\r |
127 | extern CONST UINTN mSizeOfMicrosoftKek;\r | |
128 | \r | |
129 | extern CONST UINT8 mMicrosoftPca[];\r | |
130 | extern CONST UINTN mSizeOfMicrosoftPca;\r | |
131 | \r | |
132 | extern CONST UINT8 mMicrosoftUefiCa[];\r | |
133 | extern CONST UINTN mSizeOfMicrosoftUefiCa;\r | |
134 | \r | |
135 | extern CONST UINT8 mSha256OfDevNull[];\r | |
136 | extern CONST UINTN mSizeOfSha256OfDevNull;\r | |
137 | \r | |
1c9418fc | 138 | #endif /* ENROLL_DEFAULT_KEYS_H_ */\r |