--- /dev/null
+/** @file\r
+ Platform Key, Key Exchange Key, and Image signature database are defined \r
+ for the signed image validation.\r
+\r
+ Copyright (c) 2009, Intel Corporation\r
+ All rights reserved. This program and the accompanying materials \r
+ are licensed and made available under the terms and conditions of the BSD License \r
+ which accompanies this distribution. The full text of the license may be found at \r
+ http://opensource.org/licenses/bsd-license.php \r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+\r
+ @par Revision Reference:\r
+ GUIDs defined in UEFI 2.2 spec.\r
+**/\r
+\r
+#ifndef __IMAGE_AUTHTICATION_H__\r
+#define __IMAGE_AUTHTICATION_H__\r
+\r
+#include <Guid/GlobalVariable.h>\r
+\r
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \\r
+ { \\r
+ 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \\r
+ }\r
+\r
+///\r
+/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID \r
+/// for the authorized signature database.\r
+///\r
+#define EFI_IMAGE_SECURITY_DATABASE L"db"\r
+///\r
+/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID \r
+/// for the forbidden signature database.\r
+///\r
+#define EFI_IMAGE_SECURITY_DATABASE1 L"dbx"\r
+\r
+#define SETUP_MODE 1\r
+#define USER_MODE 0\r
+///\r
+/// Globally "SetupMode" variable to specify whether the system is currently operating \r
+/// in setup mode (1) or not (0). All other values are reserved.\r
+///\r
+#define EFI_SETUP_MODE_NAME L"SetupMode"\r
+///\r
+/// Globally "PK" variable for the Platform Key Signature Database.\r
+///\r
+#define EFI_PLATFORM_KEY_NAME L"PK"\r
+///\r
+/// Globally "KEK" variable for the Key Exchange Key Signature Database.\r
+///\r
+#define EFI_KEY_EXCHANGE_KEY_NAME L"KEK"\r
+///\r
+/// Globally "SignatureSupport" variable returns an array of GUIDs, \r
+/// with each GUID representing a type of signature which the platform \r
+/// firmware supports for images and other data.\r
+///\r
+#define EFI_SIGNATURE_SUPPORT_NAME L"SignatureSupport"\r
+\r
+//***********************************************************************\r
+// Signature Database\r
+//***********************************************************************\r
+///\r
+/// The format of a signature database. \r
+///\r
+#pragma pack(1)\r
+\r
+typedef struct {\r
+ ///\r
+ /// An identifier which identifies the agent which added the signature to the list.\r
+ ///\r
+ EFI_GUID SignatureOwner;\r
+ ///\r
+ /// The format of the signature is defined by the SignatureType.\r
+ ///\r
+ UINT8 SignatureData[1];\r
+} EFI_SIGNATURE_DATA;\r
+\r
+typedef struct {\r
+ ///\r
+ /// Type of the signature. GUID signature types are defined in below.\r
+ ///\r
+ EFI_GUID SignatureType;\r
+ ///\r
+ /// Total size of the signature list, including this header.\r
+ ///\r
+ UINT32 SignatureListSize;\r
+ ///\r
+ /// Size of the signature header which precedes the array of signatures.\r
+ ///\r
+ UINT32 SignatureHeaderSize;\r
+ ///\r
+ /// Size of each signature.\r
+ ///\r
+ UINT32 SignatureSize; \r
+ ///\r
+ /// Header before the array of signatures. The format of this header is specified \r
+ /// by the SignatureType.\r
+ /// UINT8 SignatureHeader[SignatureHeaderSize];\r
+ ///\r
+ /// An array of signatures. Each signature is SignatureSize bytes in length. \r
+ /// EFI_SIGNATURE_DATA Signatures[][SignatureSize];\r
+ ///\r
+} EFI_SIGNATURE_LIST;\r
+\r
+#pragma pack()\r
+\r
+///\r
+/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size should \r
+/// always be 0. The SignatureSize should always be 32 bytes.\r
+///\r
+#define EFI_CERT_SHA256_GUID \\r
+ { \\r
+ 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \\r
+ }\r
+\r
+///\r
+/// This identifies a signature containing an RSA-2048 key. The SignatureHeader size should \r
+/// always be 0. The SignatureSize should always be 256 bytes.\r
+///\r
+#define EFI_CERT_RSA2048_GUID \\r
+ { \\r
+ 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \\r
+ }\r
+\r
+///\r
+/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The \r
+/// SignatureHeader size should always be 0. The SignatureSize should always be 256 bytes.\r
+///\r
+#define EFI_CERT_RSA2048_SHA256_GUID \\r
+ { \\r
+ 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \\r
+ }\r
+\r
+///\r
+/// This identifies a signature containing a SHA-1 hash. The SignatureHeader size should always\r
+/// be 0. The SignatureSize should always be 20 bytes\r
+///\r
+#define EFI_CERT_SHA1_GUID \\r
+ { \\r
+ 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \\r
+ }\r
+\r
+///\r
+/// This identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The \r
+/// SignatureHeader size should always be 0. The SignatureSize should always be 256 bytes.\r
+///\r
+#define EFI_CERT_RSA2048_SHA1_GUID \\r
+ { \\r
+ 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \\r
+ }\r
+\r
+///\r
+/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 certificate then \r
+/// verification of the signature of an image should validate the public key certificate in the image using \r
+/// certificate path verification, up to this X.509 certificate as a trusted root.\r
+///\r
+#define EFI_CERT_X509 \\r
+ { \\r
+ 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \\r
+ }\r
+\r
+//***********************************************************************\r
+// Image Execution Information Table Definition\r
+//***********************************************************************\r
+typedef UINT32 EFI_IMAGE_EXECUTION_ACTION;\r
+\r
+#define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 \r
+\r
+//\r
+// EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table \r
+// and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID.\r
+//\r
+typedef struct {\r
+ ///\r
+ /// Describes the action taken by the firmware regarding this image.\r
+ ///\r
+ EFI_IMAGE_EXECUTION_ACTION Action;\r
+ ///\r
+ /// Size of all of the entire structure.\r
+ ///\r
+ UINT32 InfoSize;\r
+ ///\r
+ /// If this image was a UEFI device driver (for option ROM, for example) this is the \r
+ /// null-terminated, user-friendly name for the device. If the image was for an application, \r
+ /// then this is the name of the application. If this cannot be determined, then a simple \r
+ /// NULL character should be put in this position.\r
+ /// CHAR16 Name[];\r
+ ///\r
+\r
+ ///\r
+ /// For device drivers, this is the device path of the device for which this device driver \r
+ /// was intended. In some cases, the driver itself may be stored as part of the system \r
+ /// firmware, but this field should record the device's path, not the firmware path. For \r
+ /// applications, this is the device path of the application. If this cannot be determined, \r
+ /// a simple end-of-path device node should be put in this position.\r
+ /// EFI_DEVICE_PATH_PROTOCOL DevicePath;\r
+ ///\r
+\r
+ ///\r
+ /// The image digest of the image. The certificate type must be one of the hash types. \r
+ /// The hash type must match the type used in the Signature field.\r
+ ///\r
+ WIN_CERTIFICATE ImageHash;\r
+ ///\r
+ /// Zero or more image signatures. If the image contained no signtures, \r
+ /// then this field is empty.\r
+ ///\r
+ WIN_CERTIFICATE Signature;\r
+} EFI_IMAGE_EXECUTION_INFO;\r
+\r
+extern EFI_GUID gEfiImageSecurityDatabaseGuid;\r
+extern EFI_GUID gEfiCertSha256Guid;\r
+extern EFI_GUID gEfiCertRsa2048Guid; \r
+extern EFI_GUID gEfiCertRsa2048Sha256Guid;\r
+extern EFI_GUID gEfiCertSha1Guid;\r
+extern EFI_GUID gEfiCertRsa2048Sha1Guid;\r
+extern EFI_GUID gEfiCertX509Guid;\r
+\r
+#endif\r
--- /dev/null
+/** @file\r
+ GUID used for MemoryOverwriteRequestControl UEFI variable defined in \r
+ TCG Platform Reset Attack Mitigation Specification 1.00.\r
+ See http://trustedcomputinggroup.org for the latest specification\r
+\r
+ The purpose of the MemoryOverwriteRequestControl UEFI variable is to give users (e.g., OS, loader) the ability to \r
+ indicate to the platform that secrets are present in memory and that the platform firmware must clear memory upon \r
+ a restart. The OS loader should not create the variable. Rather, the firmware is required to create it. \r
+\r
+ Copyright (c) 2009, Intel Corporation \r
+ All rights reserved. This program and the accompanying materials \r
+ are licensed and made available under the terms and conditions of the BSD License \r
+ which accompanies this distribution. The full text of the license may be found at \r
+ http://opensource.org/licenses/bsd-license.php \r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+\r
+**/\r
+\r
+#ifndef _MEMORY_OVERWRITE_CONTROL_DATA_GUID_H_\r
+#define _MEMORY_OVERWRITE_CONTROL_DATA_GUID_H_\r
+\r
+#define MEMORY_ONLY_RESET_CONTROL_GUID \\r
+ { \\r
+ 0xe20939be, 0x32d4, 0x41be, {0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29} \\r
+ }\r
+\r
+///\r
+/// Variable name is "MemoryOverwriteRequestControl" and it is a 1 byte unsigned value. \r
+/// The attributes should be: \r
+/// EFI_VARIABLE_NON_VOLATILE | \r
+/// EFI_VARIABLE_BOOTSERVICE_ACCESS | \r
+/// EFI_VARIABLE_RUNTIME_ACCESS \r
+///\r
+#define MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME L"MemoryOverwriteRequestControl"\r
+\r
+///\r
+/// 0 = Firmware MUST clear the MOR bi\r
+/// 1 = Firmware MUST set the MOR bit \r
+///\r
+#define MOR_CLEAR_MEMORY_BIT_MASK 0x01\r
+\r
+///\r
+/// 0 = Firmware MAY autodetect a clean shutdown of the Static RTM OS.\r
+/// 1 = Firmware MUST NOT autodetect a clean shutdown of the Static RTM OS.\r
+///\r
+#define MOR_DISABLEAUTODETECT_BIT_MASK 0x10\r
+\r
+///\r
+/// MOR field bit offset\r
+///\r
+#define MOR_CLEAR_MEMORY_BIT_OFFSET 0\r
+#define MOR_DISABLEAUTODETECT_BIT_OFFSET 4\r
+\r
+/**\r
+ Return the ClearMemory bit value 0 or 1.\r
+\r
+ @param mor 1 byte value that contains ClearMemory and DisableAutoDetect bit.\r
+\r
+ @return ClearMemory bit value\r
+**/\r
+#define MOR_CLEAR_MEMORY_VALUE(mor) (((UINT8)(mor) & MOR_CLEAR_MEMORY_BIT_MASK) >> MOR_CLEAR_MEMORY_BIT_OFFSET)\r
+\r
+/**\r
+ Return the DisableAutoDetect bit value 0 or 1.\r
+\r
+ @param mor 1 byte value that contains ClearMemory and DisableAutoDetect bit.\r
+\r
+ @return DisableAutoDetect bit value\r
+**/\r
+#define MOR_DISABLE_AUTO_DETECT_VALUE(mor) (((UINT8)(mor) & MOR_DISABLEAUTODETECT_BIT_MASK) >> MOR_DISABLEAUTODETECT_BIT_OFFSET)\r
+\r
+extern EFI_GUID gEfiMemoryOverwriteControlDataGuid;\r
+\r
+#endif\r
--- /dev/null
+/** @file\r
+ GUID for UEFI WIN_CERTIFICATE structure. \r
+\r
+ Copyright (c) 2006 - 2009, Intel Corporation \r
+ All rights reserved. This program and the accompanying materials \r
+ are licensed and made available under the terms and conditions of the BSD License \r
+ which accompanies this distribution. The full text of the license may be found at \r
+ http://opensource.org/licenses/bsd-license.php \r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+\r
+ @par Revision Reference:\r
+ GUID defined in UEFI 2.0 spec.\r
+**/\r
+\r
+#ifndef __EFI_WIN_CERTIFICATE_H__\r
+#define __EFI_WIN_CERTIFICATE_H__\r
+\r
+//\r
+// _WIN_CERTIFICATE.wCertificateType\r
+// \r
+#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002\r
+#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0\r
+#define WIN_CERT_TYPE_EFI_GUID 0x0EF1\r
+\r
+///\r
+/// The WIN_CERTIFICATE structure is part of the PE/COFF specification.\r
+///\r
+typedef struct {\r
+ ///\r
+ /// The length of the entire certificate, \r
+ /// including the length of the header, in bytes. \r
+ ///\r
+ UINT32 dwLength;\r
+ ///\r
+ /// The revision level of the WIN_CERTIFICATE \r
+ /// structure. The current revision level is 0x0200. \r
+ ///\r
+ UINT16 wRevision;\r
+ ///\r
+ /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI \r
+ /// certificate types. The UEFI specification reserves the range of \r
+ /// certificate type values from 0x0EF0 to 0x0EFF. \r
+ ///\r
+ UINT16 wCertificateType;\r
+ ///\r
+ /// The following is the actual certificate. The format of \r
+ /// the certificate depends on wCertificateType.\r
+ ///\r
+ /// UINT8 bCertificate[ANYSIZE_ARRAY];\r
+ ///\r
+} WIN_CERTIFICATE;\r
+\r
+///\r
+/// WIN_CERTIFICATE_UEFI_GUID.CertType\r
+/// \r
+#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \\r
+ {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }\r
+\r
+///\r
+/// WIN_CERTIFICATE_UEFI_GUID.CertData\r
+/// \r
+typedef struct {\r
+ UINT32 HashType;\r
+ UINT8 PublicKey[256];\r
+ UINT8 Signature[256];\r
+} EFI_CERT_BLOCK_RSA_2048_SHA256;\r
+\r
+\r
+///\r
+/// Certificate which encapsulates a GUID-specific digital signature\r
+///\r
+typedef struct {\r
+ ///\r
+ /// This is the standard WIN_CERTIFICATE header, where\r
+ /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID. \r
+ /// \r
+ WIN_CERTIFICATE Hdr;\r
+ ///\r
+ /// This is the unique id which determines the \r
+ /// format of the CertData. .\r
+ ///\r
+ EFI_GUID CertType;\r
+ /// \r
+ /// The following is the certificate data. The format of\r
+ /// the data is determined by the CertType. \r
+ /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID,\r
+ /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure.\r
+ ///\r
+ UINT8 CertData[1];\r
+} WIN_CERTIFICATE_UEFI_GUID;\r
+\r
+\r
+/// \r
+/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.\r
+/// \r
+/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from\r
+/// WIN_CERTIFICATE and encapsulate the information needed to \r
+/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as \r
+/// specified in RFC2437. \r
+/// \r
+typedef struct { \r
+ ///\r
+ /// This is the standard WIN_CERTIFICATE header, where \r
+ /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. \r
+ ///\r
+ WIN_CERTIFICATE Hdr;\r
+ ///\r
+ /// This is the hashing algorithm which was performed on the\r
+ /// UEFI executable when creating the digital signature. \r
+ ///\r
+ EFI_GUID HashAlgorithm;\r
+ ///\r
+ /// The following is the actual digital signature. The \r
+ /// size of the signature is the same size as the key \r
+ /// (1024-bit key is 128 bytes) and can be determined by \r
+ /// subtracting the length of the other parts of this header\r
+ /// from the total length of the certificate as found in \r
+ /// Hdr.dwLength. \r
+ ///\r
+ /// UINT8 Signature[];\r
+ ///\r
+} WIN_CERTIFICATE_EFI_PKCS1_15;\r
+\r
+extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid;\r
+\r
+#endif\r
\r
typedef struct _EFI_AUTHENTICATION_INFO_PROTOCOL EFI_AUTHENTICATION_INFO_PROTOCOL;\r
\r
+#pragma pack(1)\r
typedef struct {\r
///\r
/// Authentication Type GUID.\r
///\r
/// RADIUS Server IPv4 or IPv6 Address\r
///\r
- EFI_IPv6_ADDRESS RadiusIpAddr; ///< IPv4 or IPv6 address\r
+ UINT8 RadiusIpAddr[16]; ///< IPv4 or IPv6 address\r
\r
///\r
/// Reserved for future use\r
///\r
/// Network Access Server IPv4 or IPv6 Address (OPTIONAL)\r
///\r
- EFI_IPv6_ADDRESS NasIpAddr; ///< IPv4 or IPv6 address\r
+ UINT8 NasIpAddr[16]; ///< IPv4 or IPv6 address\r
\r
///\r
/// Network Access Server Secret Length in bytes (OPTIONAL)\r
UINT16 NasSecretLength; \r
\r
///\r
- /// Network Access Server secret (OPTIONAL)\r
+ /// Network Access Server Secret (OPTIONAL)\r
///\r
- UINT8 *NasSecret; \r
+ UINT8 NasSecret[1];\r
\r
+ /// \r
+ /// CHAP Initiator Secret length in bytes on offset NasSecret + NasSecretLength.\r
///\r
- /// CHAP Initiator Secret length in bytes\r
- ///\r
- UINT16 ChapSecretLength;\r
-\r
+ /// UINT16 ChapSecretLength;\r
///\r
/// CHAP Initiator Secret\r
///\r
- UINT8 *ChapSecret;\r
-\r
+ /// UINT8 ChapSecret[];\r
///\r
- /// CHAP Initiator Name Length in bytes\r
+ /// CHAP Initiator Name Length in bytes on offset ChapSecret + ChapSecretLength\r
///\r
- UINT16 ChapNameLength;\r
-\r
+ /// UINT16 ChapNameLength;\r
///\r
/// CHAP Initiator Name\r
///\r
- UINT8 *ChapName;\r
+ /// UINT8 ChapName[];\r
+ ///\r
} CHAP_RADIUS_AUTH_NODE;\r
\r
typedef struct {\r
///\r
/// User Secret\r
///\r
- UINT8 *UserSecret; \r
+ UINT8 UserSecret[1];\r
\r
///\r
- /// User Name Length in bytes\r
+ /// User Name Length in bytes on offset UserSecret + UserSecretLength\r
///\r
- UINT16 UserNameLength;\r
-\r
+ /// UINT16 UserNameLength;\r
///\r
/// User Name\r
///\r
- UINT8 *UserName;\r
-\r
+ /// UINT8 *UserName;\r
///\r
- /// CHAP Initiator Secret length in bytes\r
+ /// CHAP Initiator Secret length in bytes on offset UserName + UserNameLength\r
///\r
- UINT16 ChapSecretLength;\r
-\r
+ /// UINT16 ChapSecretLength;\r
///\r
/// CHAP Initiator Secret\r
///\r
- UINT8 *ChapSecret;\r
-\r
+ /// UINT8 *ChapSecret;\r
///\r
- /// CHAP Initiator Name Length in bytes\r
+ /// CHAP Initiator Name Length in bytes on offset ChapSecret + ChapSecretLength\r
///\r
- UINT16 ChapNameLength;\r
-\r
+ /// UINT16 ChapNameLength;\r
///\r
/// CHAP Initiator Name\r
///\r
- UINT8 *ChapName;\r
+ /// UINT8 *ChapName;\r
+ ///\r
} CHAP_LOCAL_AUTH_NODE;\r
+#pragma pack()\r
\r
/**\r
Retrieves the authentication information associated with a particular controller handle.\r
\r
- @param This Pointer to the EFI_AUTHENTICATION_INFO_PROTOCOL\r
- @param ControllerHandle Handle to the Controller\r
- @param Buffer Pointer to the authentication information.\r
+ @param[in] This Pointer to the EFI_AUTHENTICATION_INFO_PROTOCOL\r
+ @param[in] ControllerHandle Handle to the Controller\r
+ @param[out] Buffer Pointer to the authentication information.\r
\r
@retval EFI_SUCCESS Successfully retrieved authentication information for the given ControllerHandle\r
@retval EFI_INVALID_PARAMETER No matching authentication information found for the given ControllerHandle\r
IN EFI_AUTHENTICATION_INFO_PROTOCOL *This,\r
IN EFI_HANDLE *ControllerHandle,\r
OUT VOID *Buffer\r
- ); \r
+ );\r
\r
/**\r
Set the authentication information for a given controller handle.\r
\r
- @param This Pointer to the EFI_AUTHENTICATION_INFO_PROTOCOL\r
- @param ControllerHandle Handle to the Controller\r
- @param Buffer Pointer to the authentication information.\r
+ @param[in] This Pointer to the EFI_AUTHENTICATION_INFO_PROTOCOL\r
+ @param[in] ControllerHandle Handle to the Controller\r
+ @param[in] Buffer Pointer to the authentication information.\r
\r
@retval EFI_SUCCESS Successfully set authentication information for the given ControllerHandle\r
@retval EFI_UNSUPPORTED If the platform policies do not allow setting of the authentication\r
The EFI Hash Service Binding Protocol is used to locate hashing services support \r
provided by a driver and to create and destroy instances of the EFI Hash Protocol \r
so that a multiple drivers can use the underlying hashing services.\r
- The EFI Service Binding Protocol defines the generic Service Binding Protocol functions.\r
\r
Copyright (c) 2006 - 2009, Intel Corporation \r
All rights reserved. This program and the accompanying materials \r
/**\r
Returns the size of the hash which results from a specific algorithm.\r
\r
- @param This Points to this instance of EFI_HASH_PROTOCOL.\r
- @param HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.\r
- @param HashSize Holds the returned size of the algorithm's hash.\r
+ @param[in] This Points to this instance of EFI_HASH_PROTOCOL.\r
+ @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.\r
+ @param[out] HashSize Holds the returned size of the algorithm's hash.\r
\r
@retval EFI_SUCCESS Hash size returned successfully.\r
@retval EFI_INVALID_PARAMETER HashSize is NULL\r
/**\r
Returns the size of the hash which results from a specific algorithm.\r
\r
- @param This Points to this instance of EFI_HASH_PROTOCOL.\r
- @param HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.\r
- @param Extend Specifies whether to create a new hash (FALSE) or extend the specified\r
- existing hash (TRUE).\r
- @param Message Points to the start of the message.\r
- @param MessageSize The size of Message, in bytes.\r
- @param Hash On input, if Extend is TRUE, then this holds the hash to extend. On\r
- output, holds the resulting hash computed from the message.\r
+ @param[in] This Points to this instance of EFI_HASH_PROTOCOL.\r
+ @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.\r
+ @param[in] Extend Specifies whether to create a new hash (FALSE) or extend the specified\r
+ existing hash (TRUE).\r
+ @param[in] Message Points to the start of the message.\r
+ @param[in] MessageSize The size of Message, in bytes.\r
+ @param[in,out] Hash On input, if Extend is TRUE, then this holds the hash to extend. On\r
+ output, holds the resulting hash computed from the message.\r
\r
@retval EFI_SUCCESS Hash returned successfully.\r
@retval EFI_INVALID_PARAMETER Message or Hash is NULL\r
#ifndef __UEFI_MULTIPHASE_H__\r
#define __UEFI_MULTIPHASE_H__\r
\r
+#include <Guid/WinCertificate.h>\r
///\r
/// Enumeration of memory types introduced in UEFI.\r
/// \r
/// \r
#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010\r
\r
-//\r
-// _WIN_CERTIFICATE.wCertificateType\r
-// \r
-#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0\r
-#define WIN_CERT_TYPE_EFI_GUID 0x0EF1\r
-\r
-///\r
-/// The WIN_CERTIFICATE structure is part of the PE/COFF specification.\r
-///\r
-typedef struct _WIN_CERTIFICATE {\r
- ///\r
- /// The length of the entire certificate, \r
- /// including the length of the header, in bytes. \r
- ///\r
- UINT32 dwLength;\r
- ///\r
- /// The revision level of the WIN_CERTIFICATE \r
- /// structure. The current revision level is 0x0200. \r
- ///\r
- UINT16 wRevision;\r
- ///\r
- /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI \r
- /// certificate types. The UEFI specification reserves the range of \r
- /// certificate type values from 0x0EF0 to 0x0EFF. \r
- ///\r
- UINT16 wCertificateType;\r
- ///\r
- /// The following is the actual certificate. The format of \r
- /// the certificate depends on wCertificateType.\r
- ///\r
- /// UINT8 bCertificate[ANYSIZE_ARRAY];\r
- ///\r
-} WIN_CERTIFICATE;\r
-\r
-///\r
-/// WIN_CERTIFICATE_UEFI_GUID.CertType\r
-/// \r
-#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \\r
- {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }\r
-\r
-///\r
-/// WIN_CERTIFICATE_UEFI_GUID.CertData\r
-/// \r
-typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {\r
- UINT32 HashType;\r
- UINT8 PublicKey[256];\r
- UINT8 Signature[256];\r
-} EFI_CERT_BLOCK_RSA_2048_SHA256;\r
-\r
-\r
-///\r
-/// Certificate which encapsulates a GUID-specific digital signature\r
-///\r
-typedef struct _WIN_CERTIFICATE_UEFI_GUID {\r
- ///\r
- /// This is the standard WIN_CERTIFICATE header, where\r
- /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID. \r
- /// \r
- WIN_CERTIFICATE Hdr;\r
- ///\r
- /// This is the unique id which determines the \r
- /// format of the CertData. In this case, the \r
- /// value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.\r
- ///\r
- EFI_GUID CertType;\r
- /// \r
- /// The following is the certificate data. The format of\r
- /// the data is determined by the CertType. In this case the value is \r
- /// EFI_CERT_BLOCK_RSA_2048_SHA256. \r
- ///\r
- /// UINT8 CertData[ANYSIZE_ARRAY];\r
- ///\r
-} WIN_CERTIFICATE_UEFI_GUID;\r
-\r
-\r
-/// \r
-/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.\r
-/// \r
-/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from\r
-/// WIN_CERTIFICATE and encapsulate the information needed to \r
-/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as \r
-/// specified in RFC2437. \r
-/// \r
-typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 { \r
- ///\r
- /// This is the standard WIN_CERTIFICATE header, where \r
- /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. \r
- ///\r
- WIN_CERTIFICATE Hdr;\r
- ///\r
- /// This is the hashing algorithm which was performed on the\r
- /// UEFI executable when creating the digital signature. \r
- ///\r
- EFI_GUID HashAlgorithm;\r
- ///\r
- /// The following is the actual digital signature. The \r
- /// size of the signature is the same size as the key \r
- /// (1024-bit key is 128 bytes) and can be determined by \r
- /// subtracting the length of the other parts of this header\r
- /// from the total length of the certificate as found in \r
- /// Hdr.dwLength. \r
- ///\r
- /// UINT8 Signature[ANYSIZE_ARRAY];\r
- ///\r
-} WIN_CERTIFICATE_EFI_PKCS1_15;\r
-\r
-\r
-\r
/// \r
/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType\r
/// WIN_CERTIFICATE_UEFI_GUID and the CertType\r
## Include/Guid/HiiPlatformSetupFormset.h\r
gEfiHiiPlatformSetupFormsetGuid = { 0x93039971, 0x8545, 0x4b04, { 0xb4, 0x5e, 0x32, 0xeb, 0x83, 0x26, 0x04, 0x0e }}\r
\r
+ ## Include/Guid/MemoryOverwriteControl.h\r
+ gEfiMemoryOverwriteControlDataGuid = { 0xe20939be, 0x32d4, 0x41be, {0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29 }}\r
+\r
+ ## Include/Guid/WinCertificate.h\r
+ gEfiCertTypeRsa2048Sha256Guid = { 0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf }}\r
+\r
+ ## Include/Guid/ImageAuthentication.h\r
+ gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }}\r
+\r
+ ## Include/Guid/ImageAuthentication.h\r
+ gEfiCertSha256Guid = { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }}\r
+\r
+ ## Include/Guid/ImageAuthentication.h\r
+ gEfiCertRsa2048Guid = { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}\r
+\r
+ ## Include/Guid/ImageAuthentication.h\r
+ gEfiCertRsa2048Sha256Guid = { 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}\r
+\r
+ ## Include/Guid/ImageAuthentication.h\r
+ gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }}\r
+\r
+ ## Include/Guid/ImageAuthentication.h\r
+ gEfiCertRsa2048Sha1Guid = {0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}\r
+\r
+ ## Include/Guid/ImageAuthentication.h\r
+ gEfiCertX509Guid = { 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 }}\r
+\r
#\r
# GUID defined in PI1.0\r
#\r