/** @file\r
This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.\r
\r
- Copyright (c) 2006, Intel Corporation \r
- All rights reserved. This program and the accompanying materials \r
- are licensed and made available under the terms and conditions of the BSD License \r
- which accompanies this distribution. The full text of the license may be found at \r
- http://opensource.org/licenses/bsd-license.php \r
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials are licensed and made available under\r
+the terms and conditions of the BSD License that accompanies this distribution.\r
+The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php.\r
\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#ifndef __UEFI_MULTIPHASE_H__\r
#define __UEFI_MULTIPHASE_H__\r
\r
-#include <ProcessorBind.h>\r
+///\r
+/// Attributes of variable.\r
+///\r
+#define EFI_VARIABLE_NON_VOLATILE 0x00000001\r
+#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002\r
+#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004\r
+///\r
+/// This attribute is identified by the mnemonic 'HR'\r
+/// elsewhere in this specification.\r
+///\r
+#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008\r
+///\r
+/// Attributes of Authenticated Variable\r
+///\r
+#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020\r
+#define EFI_VARIABLE_APPEND_WRITE 0x00000040\r
+///\r
+/// NOTE: EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should be considered reserved.\r
+///\r
+#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010\r
\r
+#ifndef VFRCOMPILE\r
+#include <Guid/WinCertificate.h>\r
///\r
/// Enumeration of memory types introduced in UEFI.\r
-/// \r
+///\r
typedef enum {\r
+ ///\r
+ /// Not used.\r
+ ///\r
EfiReservedMemoryType,\r
+ ///\r
+ /// The code portions of a loaded application.\r
+ /// (Note that UEFI OS loaders are UEFI applications.)\r
+ ///\r
EfiLoaderCode,\r
+ ///\r
+ /// The data portions of a loaded application and the default data allocation\r
+ /// type used by an application to allocate pool memory.\r
+ ///\r
EfiLoaderData,\r
+ ///\r
+ /// The code portions of a loaded Boot Services Driver.\r
+ ///\r
EfiBootServicesCode,\r
+ ///\r
+ /// The data portions of a loaded Boot Serves Driver, and the default data\r
+ /// allocation type used by a Boot Services Driver to allocate pool memory.\r
+ ///\r
EfiBootServicesData,\r
+ ///\r
+ /// The code portions of a loaded Runtime Services Driver.\r
+ ///\r
EfiRuntimeServicesCode,\r
+ ///\r
+ /// The data portions of a loaded Runtime Services Driver and the default\r
+ /// data allocation type used by a Runtime Services Driver to allocate pool memory.\r
+ ///\r
EfiRuntimeServicesData,\r
+ ///\r
+ /// Free (unallocated) memory.\r
+ ///\r
EfiConventionalMemory,\r
+ ///\r
+ /// Memory in which errors have been detected.\r
+ ///\r
EfiUnusableMemory,\r
+ ///\r
+ /// Memory that holds the ACPI tables.\r
+ ///\r
EfiACPIReclaimMemory,\r
+ ///\r
+ /// Address space reserved for use by the firmware.\r
+ ///\r
EfiACPIMemoryNVS,\r
+ ///\r
+ /// Used by system firmware to request that a memory-mapped IO region\r
+ /// be mapped by the OS to a virtual address so it can be accessed by EFI runtime services.\r
+ ///\r
EfiMemoryMappedIO,\r
+ ///\r
+ /// System memory-mapped IO region that is used to translate memory\r
+ /// cycles to IO cycles by the processor.\r
+ ///\r
EfiMemoryMappedIOPortSpace,\r
+ ///\r
+ /// Address space reserved by the firmware for code that is part of the processor.\r
+ ///\r
EfiPalCode,\r
+ ///\r
+ /// A memory region that operates as EfiConventionalMemory, \r
+ /// however it happens to also support byte-addressable non-volatility.\r
+ ///\r
+ EfiPersistentMemory,\r
EfiMaxMemoryType\r
} EFI_MEMORY_TYPE;\r
\r
+///\r
+/// Enumeration of reset types.\r
+///\r
+typedef enum {\r
+ ///\r
+ /// Used to induce a system-wide reset. This sets all circuitry within the\r
+ /// system to its initial state. This type of reset is asynchronous to system\r
+ /// operation and operates withgout regard to cycle boundaries. EfiColdReset\r
+ /// is tantamount to a system power cycle.\r
+ ///\r
+ EfiResetCold,\r
+ ///\r
+ /// Used to induce a system-wide initialization. The processors are set to their\r
+ /// initial state, and pending cycles are not corrupted. If the system does\r
+ /// not support this reset type, then an EfiResetCold must be performed.\r
+ ///\r
+ EfiResetWarm,\r
+ ///\r
+ /// Used to induce an entry into a power state equivalent to the ACPI G2/S5 or G3\r
+ /// state. If the system does not support this reset type, then when the system\r
+ /// is rebooted, it should exhibit the EfiResetCold attributes.\r
+ ///\r
+ EfiResetShutdown,\r
+ ///\r
+ /// Used to induce a system-wide reset. The exact type of the reset is defined by\r
+ /// the EFI_GUID that follows the Null-terminated Unicode string passed into\r
+ /// ResetData. If the platform does not recognize the EFI_GUID in ResetData the\r
+ /// platform must pick a supported reset type to perform. The platform may\r
+ /// optionally log the parameters from any non-normal reset that occurs.\r
+ ///\r
+ EfiResetPlatformSpecific\r
+} EFI_RESET_TYPE;\r
\r
///\r
/// Data structure that precedes all of the standard EFI table types.\r
-/// \r
+///\r
typedef struct {\r
+ ///\r
+ /// A 64-bit signature that identifies the type of table that follows.\r
+ /// Unique signatures have been generated for the EFI System Table,\r
+ /// the EFI Boot Services Table, and the EFI Runtime Services Table.\r
+ ///\r
UINT64 Signature;\r
+ ///\r
+ /// The revision of the EFI Specification to which this table\r
+ /// conforms. The upper 16 bits of this field contain the major\r
+ /// revision value, and the lower 16 bits contain the minor revision\r
+ /// value. The minor revision values are limited to the range of 00..99.\r
+ ///\r
UINT32 Revision;\r
+ ///\r
+ /// The size, in bytes, of the entire table including the EFI_TABLE_HEADER.\r
+ ///\r
UINT32 HeaderSize;\r
+ ///\r
+ /// The 32-bit CRC for the entire table. This value is computed by\r
+ /// setting this field to 0, and computing the 32-bit CRC for HeaderSize bytes.\r
+ ///\r
UINT32 CRC32;\r
+ ///\r
+ /// Reserved field that must be set to 0.\r
+ ///\r
UINT32 Reserved;\r
} EFI_TABLE_HEADER;\r
\r
///\r
-/// Attributes of variable.\r
-/// \r
-#define EFI_VARIABLE_NON_VOLATILE 0x00000001\r
-#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002\r
-#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004\r
-#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008\r
-\r
+/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType\r
+/// WIN_CERTIFICATE_UEFI_GUID and the CertType\r
+/// EFI_CERT_TYPE_RSA2048_SHA256_GUID. If the attribute specifies\r
+/// authenticated access, then the Data buffer should begin with an\r
+/// authentication descriptor prior to the data payload and DataSize\r
+/// should reflect the the data.and descriptor size. The caller\r
+/// shall digest the Monotonic Count value and the associated data\r
+/// for the variable update using the SHA-256 1-way hash algorithm.\r
+/// The ensuing the 32-byte digest will be signed using the private\r
+/// key associated w/ the public/private 2048-bit RSA key-pair. The\r
+/// WIN_CERTIFICATE shall be used to describe the signature of the\r
+/// Variable data *Data. In addition, the signature will also\r
+/// include the MonotonicCount value to guard against replay attacks.\r
///\r
-/// This attribute is identified by the mnemonic 'HR' \r
-/// elsewhere in this specification.\r
-/// \r
-#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010\r
-\r
-//\r
-// _WIN_CERTIFICATE.wCertificateType\r
-// \r
-#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0\r
-#define WIN_CERT_TYPE_EFI_GUID 0x0EF1\r
-\r
-/**\r
- \r
- The WIN_CERTIFICATE structure is part of the PE/COFF\r
- specification and has the following definition:\r
-\r
- @param dwLength The length of the entire certificate,\r
- including the length of the header, in\r
- bytes.\r
-\r
- @param wRevision The revision level of the WIN_CERTIFICATE\r
- structure. The current revision level is\r
- 0x0200.\r
-\r
- @param wCertificateType The certificate type. See\r
- WIN_CERT_TYPE_xxx for the UEFI\r
- certificate types. The UEFI\r
- specification reserves the range of\r
- certificate type values from 0x0EF0\r
- to 0x0EFF.\r
-\r
- @param bCertificate The actual certificate. The format of\r
- the certificate depends on\r
- wCertificateType. The format of the UEFI\r
- certificates is defined below.\r
-\r
-\r
-**/\r
-typedef struct _WIN_CERTIFICATE {\r
- UINT32 dwLength;\r
- UINT16 wRevision;\r
- UINT16 wCertificateType;\r
- //UINT8 bCertificate[ANYSIZE_ARRAY];\r
-} WIN_CERTIFICATE;\r
+typedef struct {\r
+ ///\r
+ /// Included in the signature of\r
+ /// AuthInfo.Used to ensure freshness/no\r
+ /// replay. Incremented during each\r
+ /// "Write" access.\r
+ ///\r
+ UINT64 MonotonicCount;\r
+ ///\r
+ /// Provides the authorization for the variable\r
+ /// access. It is a signature across the\r
+ /// variable data and the Monotonic Count\r
+ /// value. Caller uses Private key that is\r
+ /// associated with a public key that has been\r
+ /// provisioned via the key exchange.\r
+ ///\r
+ WIN_CERTIFICATE_UEFI_GUID AuthInfo;\r
+} EFI_VARIABLE_AUTHENTICATION;\r
\r
///\r
-/// WIN_CERTIFICATE_UEFI_GUID.CertType\r
-/// \r
-#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \\r
- {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }\r
-\r
+/// When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is\r
+/// set, then the Data buffer shall begin with an instance of a complete (and serialized)\r
+/// EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall be followed by the new\r
+/// variable value and DataSize shall reflect the combined size of the descriptor and the new\r
+/// variable value. The authentication descriptor is not part of the variable data and is not\r
+/// returned by subsequent calls to GetVariable().\r
///\r
-/// WIN_CERTIFICATE_UEFI_GUID.CertData\r
-/// \r
-typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {\r
- UINT32 HashType;\r
- UINT8 PublicKey[256];\r
- UINT8 Signature[256];\r
-} EFI_CERT_BLOCK_RSA_2048_SHA256;\r
-\r
-\r
-/**\r
- \r
- @param Hdr This is the standard WIN_CERTIFICATE header, where\r
- wCertificateType is set to\r
- WIN_CERT_TYPE_UEFI_GUID.\r
-\r
- @param CertType This is the unique id which determines the\r
- format of the CertData. In this case, the\r
- value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.\r
-\r
- @param CertData This is the certificate data. The format of\r
- the data is determined by the CertType. In\r
- this case the value is\r
- EFI_CERT_BLOCK_RSA_2048_SHA256.\r
-\r
-**/\r
-typedef struct _WIN_CERTIFICATE_UEFI_GUID {\r
- WIN_CERTIFICATE Hdr;\r
- EFI_GUID CertType;\r
- // UINT8 CertData[ANYSIZE_ARRAY];\r
-} WIN_CERTIFICATE_UEFI_GUID;\r
-\r
-\r
-/**\r
- \r
- Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital\r
- signature.\r
- \r
- The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from\r
- WIN_CERTIFICATE and encapsulate the information needed to \r
- implement the RSASSA-PKCS1-v1_5 digital signature algorithm as \r
- specified in RFC2437. \r
- \r
- @param Hdr This is the standard WIN_CERTIFICATE header, where\r
- wCertificateType is set to\r
- WIN_CERT_TYPE_UEFI_PKCS1_15.\r
- \r
- @param HashAlgorithm This is the hashing algorithm which was\r
- performed on the UEFI executable when\r
- creating the digital signature. It is\r
- one of the enumerated values pre-defined\r
- in Section 26.4.1. See\r
- EFI_HASH_ALGORITHM_x.\r
- \r
- @param Signature This is the actual digital signature. The\r
- size of the signature is the same size as\r
- the key (1024-bit key is 128 bytes) and can\r
- be determined by subtracting the length of\r
- the other parts of this header from the\r
- total length of the certificate as found in\r
- Hdr.dwLength.\r
-\r
-**/\r
-typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 {\r
- WIN_CERTIFICATE Hdr;\r
- EFI_GUID HashAlgorithm;\r
- // UINT8 Signature[ANYSIZE_ARRAY];\r
-} WIN_CERTIFICATE_EFI_PKCS1_15;\r
-\r
-\r
-/**\r
- \r
- AuthInfo is a WIN_CERTIFICATE using the wCertificateType\r
- WIN_CERTIFICATE_UEFI_GUID and the CertType\r
- EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies\r
- authenticated access, then the Data buffer should begin with an\r
- authentication descriptor prior to the data payload and DataSize\r
- should reflect the the data.and descriptor size. The caller\r
- shall digest the Monotonic Count value and the associated data\r
- for the variable update using the SHA-256 1-way hash algorithm.\r
- The ensuing the 32-byte digest will be signed using the private\r
- key associated w/ the public/private 2048-bit RSA key-pair. The\r
- WIN_CERTIFICATE shall be used to describe the signature of the\r
- Variable data *Data. In addition, the signature will also\r
- include the MonotonicCount value to guard against replay attacks\r
- \r
- @param MonotonicCount Included in the signature of\r
- AuthInfo.Used to ensure freshness/no\r
- replay. Incremented during each\r
- "Write" access.\r
- \r
- @param AuthInfo Provides the authorization for the variable\r
- access. It is a signature across the\r
- variable data and the Monotonic Count\r
- value. Caller uses Private key that is\r
- associated with a public key that has been\r
- provisioned via the key exchange.\r
-\r
-**/\r
typedef struct {\r
- UINT64 MonotonicCount;\r
+ ///\r
+ /// For the TimeStamp value, components Pad1, Nanosecond, TimeZone, Daylight and\r
+ /// Pad2 shall be set to 0. This means that the time shall always be expressed in GMT.\r
+ ///\r
+ EFI_TIME TimeStamp;\r
+ ///\r
+ /// Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted.\r
+ ///\r
WIN_CERTIFICATE_UEFI_GUID AuthInfo;\r
-} EFI_VARIABLE_AUTHENTICATION;\r
+ } EFI_VARIABLE_AUTHENTICATION_2;\r
+#endif // VFRCOMPILE\r
\r
#endif\r
-\r