2 Type definitions for the EnrollDefaultKeys application.
4 Copyright (C) 2014-2019, Red Hat, Inc.
6 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #ifndef ENROLL_DEFAULT_KEYS_H_
10 #define ENROLL_DEFAULT_KEYS_H_
12 #include <Uefi/UefiBaseType.h>
15 // Convenience structure types for constructing "signature lists" for
16 // authenticated UEFI variables.
18 // The most important thing about the variable payload is that it is a list of
19 // lists, where the element size of any given *inner* list is constant.
21 // Since X509 certificates vary in size, each of our *inner* lists will contain
22 // one element only (one X.509 certificate). This is explicitly mentioned in
23 // the UEFI specification, in "28.4.1 Signature Database", in a Note.
25 // The list structure looks as follows:
27 // struct EFI_VARIABLE_AUTHENTICATION_2 { |
28 // struct EFI_TIME { |
36 // UINT32 Nanosecond; |
42 // struct WIN_CERTIFICATE_UEFI_GUID { | |
43 // struct WIN_CERTIFICATE { | |
44 // UINT32 dwLength; ----------------------------------------+ |
45 // UINT16 wRevision; | |
46 // UINT16 wCertificateType; | |
47 // } Hdr; | +- DataSize
49 // EFI_GUID CertType; | |
50 // UINT8 CertData[1] = { <--- "struct hack" | |
51 // struct EFI_SIGNATURE_LIST { | | |
52 // EFI_GUID SignatureType; | | |
53 // UINT32 SignatureListSize; -------------------------+ | |
54 // UINT32 SignatureHeaderSize; | | |
55 // UINT32 SignatureSize; ---------------------------+ | | |
56 // UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
58 // struct EFI_SIGNATURE_DATA { | | | |
59 // EFI_GUID SignatureOwner; | | | |
60 // UINT8 SignatureData[1] = { <--- "struct hack" | | | |
61 // X.509 payload | | | |
63 // } Signatures[]; | | |
69 // Given that the "struct hack" invokes undefined behavior (which is why C99
70 // introduced the flexible array member), and because subtracting those pesky
71 // sizes of 1 is annoying, and because the format is fully specified in the
72 // UEFI specification, we'll introduce two matching convenience structures that
73 // are customized for our X.509 purposes.
80 // dwLength covers data below
84 UINT16 wCertificateType
;
90 // SignatureListSize covers data below
92 EFI_GUID SignatureType
;
93 UINT32 SignatureListSize
;
94 UINT32 SignatureHeaderSize
; // constant 0
98 // SignatureSize covers data below
100 EFI_GUID SignatureOwner
;
103 // X.509 certificate follows
110 // A structure that collects the values of UEFI variables related to Secure
116 UINT8 SecureBootEnable
;
121 #endif /* ENROLL_DEFAULT_KEYS_H_ */