2 Type definitions and object declarations for the EnrollDefaultKeys
5 Copyright (C) 2014-2019, Red Hat, Inc.
7 SPDX-License-Identifier: BSD-2-Clause-Patent
10 #ifndef ENROLL_DEFAULT_KEYS_H_
11 #define ENROLL_DEFAULT_KEYS_H_
13 #include <Uefi/UefiBaseType.h>
16 // Convenience structure types for constructing "signature lists" for
17 // authenticated UEFI variables.
19 // The most important thing about the variable payload is that it is a list of
20 // lists, where the element size of any given *inner* list is constant.
22 // Since X509 certificates vary in size, each of our *inner* lists will contain
23 // one element only (one X.509 certificate). This is explicitly mentioned in
24 // the UEFI specification, in "28.4.1 Signature Database", in a Note.
26 // The list structure looks as follows:
28 // struct EFI_VARIABLE_AUTHENTICATION_2 { |
29 // struct EFI_TIME { |
37 // UINT32 Nanosecond; |
43 // struct WIN_CERTIFICATE_UEFI_GUID { | |
44 // struct WIN_CERTIFICATE { | |
45 // UINT32 dwLength; ----------------------------------------+ |
46 // UINT16 wRevision; | |
47 // UINT16 wCertificateType; | |
48 // } Hdr; | +- DataSize
50 // EFI_GUID CertType; | |
51 // UINT8 CertData[1] = { <--- "struct hack" | |
52 // struct EFI_SIGNATURE_LIST { | | |
53 // EFI_GUID SignatureType; | | |
54 // UINT32 SignatureListSize; -------------------------+ | |
55 // UINT32 SignatureHeaderSize; | | |
56 // UINT32 SignatureSize; ---------------------------+ | | |
57 // UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
59 // struct EFI_SIGNATURE_DATA { | | | |
60 // EFI_GUID SignatureOwner; | | | |
61 // UINT8 SignatureData[1] = { <--- "struct hack" | | | |
62 // X.509 payload | | | |
64 // } Signatures[]; | | |
70 // Given that the "struct hack" invokes undefined behavior (which is why C99
71 // introduced the flexible array member), and because subtracting those pesky
72 // sizes of 1 is annoying, and because the format is fully specified in the
73 // UEFI specification, we'll introduce two matching convenience structures that
74 // are customized for our X.509 purposes.
81 // dwLength covers data below
85 UINT16 wCertificateType
;
91 // SignatureListSize covers data below
93 EFI_GUID SignatureType
;
94 UINT32 SignatureListSize
;
95 UINT32 SignatureHeaderSize
; // constant 0
99 // SignatureSize covers data below
101 EFI_GUID SignatureOwner
;
104 // X.509 certificate follows
111 // A structure that collects the values of UEFI variables related to Secure
117 UINT8 SecureBootEnable
;
124 // Refer to "AuthData.c" for details on the following objects.
126 extern CONST UINT8 mMicrosoftKek
[];
127 extern CONST UINTN mSizeOfMicrosoftKek
;
129 extern CONST UINT8 mMicrosoftPca
[];
130 extern CONST UINTN mSizeOfMicrosoftPca
;
132 extern CONST UINT8 mMicrosoftUefiCa
[];
133 extern CONST UINTN mSizeOfMicrosoftUefiCa
;
135 extern CONST UINT8 mSha256OfDevNull
[];
136 extern CONST UINTN mSizeOfSha256OfDevNull
;
138 #endif /* ENROLL_DEFAULT_KEYS_H_ */