]>
Commit | Line | Data |
---|---|---|
bd86cb02 LG |
1 | /** @file\r |
2 | Platform Key, Key Exchange Key, and Image signature database are defined \r | |
3 | for the signed image validation.\r | |
4 | \r | |
f704fc85 | 5 | Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r |
9df063a0 | 6 | This program and the accompanying materials \r |
bd86cb02 LG |
7 | are licensed and made available under the terms and conditions of the BSD License \r |
8 | which accompanies this distribution. The full text of the license may be found at \r | |
9 | http://opensource.org/licenses/bsd-license.php \r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r | |
13 | \r | |
14 | @par Revision Reference:\r | |
05c82e51 | 15 | GUIDs defined in UEFI 2.3.1 spec.\r |
bd86cb02 LG |
16 | **/\r |
17 | \r | |
18 | #ifndef __IMAGE_AUTHTICATION_H__\r | |
19 | #define __IMAGE_AUTHTICATION_H__\r | |
20 | \r | |
21 | #include <Guid/GlobalVariable.h>\r | |
22 | \r | |
23 | #define EFI_IMAGE_SECURITY_DATABASE_GUID \\r | |
24 | { \\r | |
25 | 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \\r | |
26 | }\r | |
27 | \r | |
28 | ///\r | |
29 | /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID \r | |
30 | /// for the authorized signature database.\r | |
31 | ///\r | |
32 | #define EFI_IMAGE_SECURITY_DATABASE L"db"\r | |
33 | ///\r | |
34 | /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID \r | |
35 | /// for the forbidden signature database.\r | |
36 | ///\r | |
37 | #define EFI_IMAGE_SECURITY_DATABASE1 L"dbx"\r | |
ab0eecec | 38 | #define SECURE_BOOT_MODE_ENABLE 1\r |
39 | #define SECURE_BOOT_MODE_DISABLE 0\r | |
bd86cb02 LG |
40 | #define SETUP_MODE 1\r |
41 | #define USER_MODE 0\r | |
42 | ///\r | |
43 | /// Globally "SetupMode" variable to specify whether the system is currently operating \r | |
44 | /// in setup mode (1) or not (0). All other values are reserved.\r | |
45 | ///\r | |
46 | #define EFI_SETUP_MODE_NAME L"SetupMode"\r | |
47 | ///\r | |
48 | /// Globally "PK" variable for the Platform Key Signature Database.\r | |
49 | ///\r | |
50 | #define EFI_PLATFORM_KEY_NAME L"PK"\r | |
51 | ///\r | |
52 | /// Globally "KEK" variable for the Key Exchange Key Signature Database.\r | |
53 | ///\r | |
54 | #define EFI_KEY_EXCHANGE_KEY_NAME L"KEK"\r | |
55 | ///\r | |
56 | /// Globally "SignatureSupport" variable returns an array of GUIDs, \r | |
57 | /// with each GUID representing a type of signature which the platform \r | |
58 | /// firmware supports for images and other data.\r | |
59 | ///\r | |
60 | #define EFI_SIGNATURE_SUPPORT_NAME L"SignatureSupport"\r | |
61 | \r | |
ab0eecec | 62 | ///\r |
63 | /// Globally "SecureBoot" variable to specify whether the platform firmware \r | |
64 | /// is operating in Secure boot mode (1) or not (0). All other values are reserved.\r | |
65 | ///\r | |
66 | #define EFI_SECURE_BOOT_MODE_NAME L"SecureBoot"\r | |
67 | \r | |
bd86cb02 LG |
68 | //***********************************************************************\r |
69 | // Signature Database\r | |
70 | //***********************************************************************\r | |
71 | ///\r | |
72 | /// The format of a signature database. \r | |
73 | ///\r | |
74 | #pragma pack(1)\r | |
75 | \r | |
76 | typedef struct {\r | |
77 | ///\r | |
78 | /// An identifier which identifies the agent which added the signature to the list.\r | |
79 | ///\r | |
60bd4ccd | 80 | EFI_GUID SignatureOwner;\r |
bd86cb02 LG |
81 | ///\r |
82 | /// The format of the signature is defined by the SignatureType.\r | |
83 | ///\r | |
60bd4ccd | 84 | UINT8 SignatureData[1];\r |
bd86cb02 LG |
85 | } EFI_SIGNATURE_DATA;\r |
86 | \r | |
87 | typedef struct {\r | |
88 | ///\r | |
89 | /// Type of the signature. GUID signature types are defined in below.\r | |
90 | ///\r | |
60bd4ccd | 91 | EFI_GUID SignatureType;\r |
bd86cb02 LG |
92 | ///\r |
93 | /// Total size of the signature list, including this header.\r | |
94 | ///\r | |
60bd4ccd | 95 | UINT32 SignatureListSize;\r |
bd86cb02 LG |
96 | ///\r |
97 | /// Size of the signature header which precedes the array of signatures.\r | |
98 | ///\r | |
60bd4ccd | 99 | UINT32 SignatureHeaderSize;\r |
bd86cb02 LG |
100 | ///\r |
101 | /// Size of each signature.\r | |
102 | ///\r | |
103 | UINT32 SignatureSize; \r | |
104 | ///\r | |
105 | /// Header before the array of signatures. The format of this header is specified \r | |
106 | /// by the SignatureType.\r | |
107 | /// UINT8 SignatureHeader[SignatureHeaderSize];\r | |
108 | ///\r | |
109 | /// An array of signatures. Each signature is SignatureSize bytes in length. \r | |
110 | /// EFI_SIGNATURE_DATA Signatures[][SignatureSize];\r | |
111 | ///\r | |
112 | } EFI_SIGNATURE_LIST;\r | |
113 | \r | |
114 | #pragma pack()\r | |
115 | \r | |
116 | ///\r | |
f704fc85 | 117 | /// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall\r |
118 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
119 | /// 32 bytes.\r | |
bd86cb02 LG |
120 | ///\r |
121 | #define EFI_CERT_SHA256_GUID \\r | |
122 | { \\r | |
123 | 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \\r | |
124 | }\r | |
125 | \r | |
126 | ///\r | |
f704fc85 | 127 | /// This identifies a signature containing an RSA-2048 key. The key (only the modulus\r |
128 | /// since the public key exponent is known to be 0x10001) shall be stored in big-endian\r | |
129 | /// order.\r | |
130 | /// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size \r | |
6048a5b0 | 131 | /// of SignatureOwner component) + 256 bytes.\r |
bd86cb02 LG |
132 | ///\r |
133 | #define EFI_CERT_RSA2048_GUID \\r | |
134 | { \\r | |
135 | 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \\r | |
136 | }\r | |
137 | \r | |
138 | ///\r | |
f704fc85 | 139 | /// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The \r |
140 | /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of \r | |
6048a5b0 | 141 | /// SignatureOwner component) + 256 bytes.\r |
bd86cb02 LG |
142 | ///\r |
143 | #define EFI_CERT_RSA2048_SHA256_GUID \\r | |
144 | { \\r | |
145 | 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \\r | |
146 | }\r | |
147 | \r | |
148 | ///\r | |
f704fc85 | 149 | /// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always\r |
6048a5b0 | 150 | /// be 16 (size of SignatureOwner component) + 20 bytes.\r |
bd86cb02 LG |
151 | ///\r |
152 | #define EFI_CERT_SHA1_GUID \\r | |
153 | { \\r | |
154 | 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \\r | |
155 | }\r | |
156 | \r | |
157 | ///\r | |
f704fc85 | 158 | /// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The \r |
159 | /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of \r | |
6048a5b0 | 160 | /// SignatureOwner component) + 256 bytes.\r |
bd86cb02 LG |
161 | ///\r |
162 | #define EFI_CERT_RSA2048_SHA1_GUID \\r | |
163 | { \\r | |
164 | 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \\r | |
165 | }\r | |
166 | \r | |
167 | ///\r | |
f704fc85 | 168 | /// This identifies a signature based on an X.509 certificate. If the signature is an X.509\r |
169 | /// certificate then verification of the signature of an image should validate the public \r | |
170 | /// key certificate in the image using certificate path verification, up to this X.509 \r | |
171 | /// certificate as a trusted root. The SignatureHeader size shall always be 0. The\r | |
172 | /// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + \r | |
173 | /// the size of the certificate itself. \r | |
174 | /// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST.\r | |
bd86cb02 | 175 | ///\r |
f704fc85 | 176 | #define EFI_CERT_X509_GUID \\r |
bd86cb02 LG |
177 | { \\r |
178 | 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \\r | |
179 | }\r | |
180 | \r | |
f704fc85 | 181 | ///\r |
182 | /// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall\r | |
183 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
184 | /// 28 bytes.\r | |
185 | ///\r | |
186 | #define EFI_CERT_SHA224_GUID \\r | |
187 | { \\r | |
188 | 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \\r | |
189 | }\r | |
190 | \r | |
191 | ///\r | |
192 | /// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall\r | |
193 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
194 | /// 48 bytes.\r | |
195 | ///\r | |
196 | #define EFI_CERT_SHA384_GUID \\r | |
197 | { \\r | |
198 | 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \\r | |
199 | } \r | |
200 | \r | |
201 | ///\r | |
202 | /// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall\r | |
203 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
204 | /// 64 bytes.\r | |
205 | ///\r | |
206 | #define EFI_CERT_SHA512_GUID \\r | |
207 | { \\r | |
208 | 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \\r | |
209 | }\r | |
ab0eecec | 210 | \r |
211 | ///\r | |
212 | /// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315]\r | |
213 | /// SignedData value.\r | |
214 | ///\r | |
215 | #define EFI_CERT_TYPE_PKCS7_GUID \\r | |
216 | { \\r | |
217 | 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \\r | |
218 | }\r | |
f704fc85 | 219 | \r |
bd86cb02 LG |
220 | //***********************************************************************\r |
221 | // Image Execution Information Table Definition\r | |
222 | //***********************************************************************\r | |
223 | typedef UINT32 EFI_IMAGE_EXECUTION_ACTION;\r | |
224 | \r | |
3f275826 LG |
225 | #define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 \r |
226 | #define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000\r | |
227 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001\r | |
228 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002\r | |
229 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003\r | |
230 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004\r | |
231 | #define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005\r | |
232 | #define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008\r | |
bd86cb02 LG |
233 | \r |
234 | //\r | |
235 | // EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table \r | |
236 | // and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID.\r | |
237 | //\r | |
238 | typedef struct {\r | |
239 | ///\r | |
240 | /// Describes the action taken by the firmware regarding this image.\r | |
241 | ///\r | |
60bd4ccd | 242 | EFI_IMAGE_EXECUTION_ACTION Action;\r |
bd86cb02 LG |
243 | ///\r |
244 | /// Size of all of the entire structure.\r | |
245 | ///\r | |
246 | UINT32 InfoSize;\r | |
247 | ///\r | |
248 | /// If this image was a UEFI device driver (for option ROM, for example) this is the \r | |
249 | /// null-terminated, user-friendly name for the device. If the image was for an application, \r | |
250 | /// then this is the name of the application. If this cannot be determined, then a simple \r | |
251 | /// NULL character should be put in this position.\r | |
252 | /// CHAR16 Name[];\r | |
253 | ///\r | |
254 | \r | |
255 | ///\r | |
256 | /// For device drivers, this is the device path of the device for which this device driver \r | |
257 | /// was intended. In some cases, the driver itself may be stored as part of the system \r | |
258 | /// firmware, but this field should record the device's path, not the firmware path. For \r | |
259 | /// applications, this is the device path of the application. If this cannot be determined, \r | |
260 | /// a simple end-of-path device node should be put in this position.\r | |
261 | /// EFI_DEVICE_PATH_PROTOCOL DevicePath;\r | |
262 | ///\r | |
263 | \r | |
bd86cb02 | 264 | ///\r |
60bd4ccd | 265 | /// Zero or more image signatures. If the image contained no signatures, \r |
bd86cb02 LG |
266 | /// then this field is empty.\r |
267 | ///\r | |
a1e98f78 | 268 | EFI_SIGNATURE_LIST Signature;\r |
bd86cb02 LG |
269 | } EFI_IMAGE_EXECUTION_INFO;\r |
270 | \r | |
a1e98f78 LG |
271 | \r |
272 | typedef struct {\r | |
273 | ///\r | |
274 | /// Number of EFI_IMAGE_EXECUTION_INFO structures.\r | |
275 | ///\r | |
276 | UINTN NumberOfImages; \r | |
277 | ///\r | |
278 | /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures.\r | |
279 | ///\r | |
280 | // EFI_IMAGE_EXECUTION_INFO InformationInfo[] \r | |
281 | } EFI_IMAGE_EXECUTION_INFO_TABLE;\r | |
282 | \r | |
bd86cb02 LG |
283 | extern EFI_GUID gEfiImageSecurityDatabaseGuid;\r |
284 | extern EFI_GUID gEfiCertSha256Guid;\r | |
285 | extern EFI_GUID gEfiCertRsa2048Guid; \r | |
286 | extern EFI_GUID gEfiCertRsa2048Sha256Guid;\r | |
287 | extern EFI_GUID gEfiCertSha1Guid;\r | |
288 | extern EFI_GUID gEfiCertRsa2048Sha1Guid;\r | |
289 | extern EFI_GUID gEfiCertX509Guid;\r | |
05c82e51 SZ |
290 | extern EFI_GUID gEfiCertSha224Guid;\r |
291 | extern EFI_GUID gEfiCertSha384Guid;\r | |
292 | extern EFI_GUID gEfiCertSha512Guid;\r | |
ab0eecec | 293 | extern EFI_GUID gEfiCertPkcs7Guid;\r |
bd86cb02 LG |
294 | \r |
295 | #endif\r |