SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h

   1 /** @file
   2   The internal header file includes the common header files, defines
   3   internal structure and functions used by ImageVerificationLib.
   4
   5 Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
   6 SPDX-License-Identifier: BSD-2-Clause-Patent
   7
   8 **/
   9
  10 #ifndef __IMAGEVERIFICATIONLIB_H__
  11 #define __IMAGEVERIFICATIONLIB_H__
  12
  13 #include <Library/UefiDriverEntryPoint.h>
  14 #include <Library/DebugLib.h>
  15 #include <Library/BaseMemoryLib.h>
  16 #include <Library/UefiBootServicesTableLib.h>
  17 #include <Library/UefiRuntimeServicesTableLib.h>
  18 #include <Library/UefiLib.h>
  19 #include <Library/BaseLib.h>
  20 #include <Library/MemoryAllocationLib.h>
  21 #include <Library/BaseCryptLib.h>
  22 #include <Library/PcdLib.h>
  23 #include <Library/DevicePathLib.h>
  24 #include <Library/SecurityManagementLib.h>
  25 #include <Library/PeCoffLib.h>
  26 #include <Protocol/FirmwareVolume2.h>
  27 #include <Protocol/DevicePath.h>
  28 #include <Protocol/BlockIo.h>
  29 #include <Protocol/SimpleFileSystem.h>
  30 #include <Protocol/VariableWrite.h>
  31 #include <Guid/ImageAuthentication.h>
  32 #include <Guid/AuthenticatedVariableFormat.h>
  33 #include <IndustryStandard/PeImage.h>
  34
  35 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE  256
  36 #define EFI_CERT_TYPE_RSA2048_SIZE         256
  37 #define MAX_NOTIFY_STRING_LEN              64
  38 #define TWO_BYTE_ENCODE                    0x82
  39
  40 #define ALIGNMENT_SIZE  8
  41 #define ALIGN_SIZE(a)  (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)
  42
  43 //
  44 // Image type definitions
  45 //
  46 #define IMAGE_UNKNOWN               0x00000000
  47 #define IMAGE_FROM_FV               0x00000001
  48 #define IMAGE_FROM_OPTION_ROM       0x00000002
  49 #define IMAGE_FROM_REMOVABLE_MEDIA  0x00000003
  50 #define IMAGE_FROM_FIXED_MEDIA      0x00000004
  51
  52 //
  53 // Authorization policy bit definition
  54 //
  55 #define ALWAYS_EXECUTE                       0x00000000
  56 #define NEVER_EXECUTE                        0x00000001
  57 #define ALLOW_EXECUTE_ON_SECURITY_VIOLATION  0x00000002
  58 #define DEFER_EXECUTE_ON_SECURITY_VIOLATION  0x00000003
  59 #define DENY_EXECUTE_ON_SECURITY_VIOLATION   0x00000004
  60 #define QUERY_USER_ON_SECURITY_VIOLATION     0x00000005
  61
  62 //
  63 // Support hash types
  64 //
  65 #define HASHALG_SHA1    0x00000000
  66 #define HASHALG_SHA224  0x00000001
  67 #define HASHALG_SHA256  0x00000002
  68 #define HASHALG_SHA384  0x00000003
  69 #define HASHALG_SHA512  0x00000004
  70 #define HASHALG_MAX     0x00000005
  71
  72 //
  73 // Set max digest size as SHA512 Output (64 bytes) by far
  74 //
  75 #define MAX_DIGEST_SIZE  SHA512_DIGEST_SIZE
  76 //
  77 //
  78 // PKCS7 Certificate definition
  79 //
  80 typedef struct {
  81   WIN_CERTIFICATE    Hdr;
  82   UINT8              CertData[1];
  83 } WIN_CERTIFICATE_EFI_PKCS;
  84
  85 /**
  86   Retrieves the size, in bytes, of the context buffer required for hash operations.
  87
  88   @return  The size, in bytes, of the context buffer required for hash operations.
  89
  90 **/
  91 typedef
  92 UINTN
  93 (EFIAPI *HASH_GET_CONTEXT_SIZE)(
  94   VOID
  95   );
  96
  97 /**
  98   Initializes user-supplied memory pointed by HashContext as hash context for
  99   subsequent use.
 100
 101   If HashContext is NULL, then ASSERT().
 102
 103   @param[in, out]  HashContext  Pointer to  Context being initialized.
 104
 105   @retval TRUE   HASH context initialization succeeded.
 106   @retval FALSE  HASH context initialization failed.
 107
 108 **/
 109 typedef
 110 BOOLEAN
 111 (EFIAPI *HASH_INIT)(
 112   IN OUT  VOID  *HashContext
 113   );
 114
 115 /**
 116   Performs digest on a data buffer of the specified length. This function can
 117   be called multiple times to compute the digest of long or discontinuous data streams.
 118
 119   If HashContext is NULL, then ASSERT().
 120
 121   @param[in, out]  HashContext  Pointer to the MD5 context.
 122   @param[in]       Data         Pointer to the buffer containing the data to be hashed.
 123   @param[in]       DataLength   Length of Data buffer in bytes.
 124
 125   @retval TRUE     HASH data digest succeeded.
 126   @retval FALSE    Invalid HASH context. After HashFinal function has been called, the
 127                    HASH context cannot be reused.
 128
 129 **/
 130 typedef
 131 BOOLEAN
 132 (EFIAPI *HASH_UPDATE)(
 133   IN OUT  VOID        *HashContext,
 134   IN      CONST VOID  *Data,
 135   IN      UINTN       DataLength
 136   );
 137
 138 /**
 139   Completes hash computation and retrieves the digest value into the specified
 140   memory. After this function has been called, the context cannot be used again.
 141
 142   If HashContext is NULL, then ASSERT().
 143   If HashValue is NULL, then ASSERT().
 144
 145   @param[in, out]  HashContext  Pointer to the MD5 context
 146   @param[out]      HashValue    Pointer to a buffer that receives the HASH digest
 147                                 value.
 148
 149   @retval TRUE   HASH digest computation succeeded.
 150   @retval FALSE  HASH digest computation failed.
 151
 152 **/
 153 typedef
 154 BOOLEAN
 155 (EFIAPI *HASH_FINAL)(
 156   IN OUT  VOID   *HashContext,
 157   OUT     UINT8  *HashValue
 158   );
 159
 160 //
 161 // Hash Algorithm Table
 162 //
 163 typedef struct {
 164   //
 165   // Name for Hash Algorithm
 166   //
 167   CHAR16                   *Name;
 168   //
 169   // Digest Length
 170   //
 171   UINTN                    DigestLength;
 172   //
 173   // Hash Algorithm OID ASN.1 Value
 174   //
 175   UINT8                    *OidValue;
 176   //
 177   // Length of Hash OID Value
 178   //
 179   UINTN                    OidLength;
 180   //
 181   // Pointer to Hash GetContentSize function
 182   //
 183   HASH_GET_CONTEXT_SIZE    GetContextSize;
 184   //
 185   // Pointer to Hash Init function
 186   //
 187   HASH_INIT                HashInit;
 188   //
 189   // Pointer to Hash Update function
 190   //
 191   HASH_UPDATE              HashUpdate;
 192   //
 193   // Pointer to Hash Final function
 194   //
 195   HASH_FINAL               HashFinal;
 196 } HASH_TABLE;
 197
 198 #endif