Commit | Line | Data |
---|---|---|
bd86cb02 | 1 | /** @file\r |
6675a21f | 2 | Image signature database are defined for the signed image validation.\r |
bd86cb02 | 3 | \r |
686f0c7b | 4 | Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r |
20333c6d QL |
5 | This program and the accompanying materials\r |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
bd86cb02 | 9 | \r |
20333c6d QL |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
bd86cb02 LG |
12 | \r |
13 | @par Revision Reference:\r | |
686f0c7b | 14 | GUIDs defined in UEFI 2.5 spec.\r |
bd86cb02 LG |
15 | **/\r |
16 | \r | |
17 | #ifndef __IMAGE_AUTHTICATION_H__\r | |
18 | #define __IMAGE_AUTHTICATION_H__\r | |
19 | \r | |
20 | #include <Guid/GlobalVariable.h>\r | |
20333c6d | 21 | #include <Protocol/Hash.h>\r |
bd86cb02 LG |
22 | \r |
23 | #define EFI_IMAGE_SECURITY_DATABASE_GUID \\r | |
24 | { \\r | |
25 | 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \\r | |
26 | }\r | |
27 | \r | |
28 | ///\r | |
20333c6d | 29 | /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID\r |
bd86cb02 LG |
30 | /// for the authorized signature database.\r |
31 | ///\r | |
32 | #define EFI_IMAGE_SECURITY_DATABASE L"db"\r | |
33 | ///\r | |
20333c6d | 34 | /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID\r |
bd86cb02 LG |
35 | /// for the forbidden signature database.\r |
36 | ///\r | |
37 | #define EFI_IMAGE_SECURITY_DATABASE1 L"dbx"\r | |
20333c6d QL |
38 | ///\r |
39 | /// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID\r | |
40 | /// for the timestamp signature database.\r | |
41 | ///\r | |
42 | #define EFI_IMAGE_SECURITY_DATABASE2 L"dbt"\r | |
6675a21f | 43 | \r |
ab0eecec | 44 | #define SECURE_BOOT_MODE_ENABLE 1\r |
45 | #define SECURE_BOOT_MODE_DISABLE 0\r | |
79e7b647 CZ |
46 | #define SETUP_MODE_ENABLE 1\r |
47 | #define SETUP_MODE_DISABLE 0\r | |
48 | #define DEPLOYED_MODE_ENABLE 1\r | |
49 | #define DEPLOYED_MODE_DISABLE 0\r | |
50 | #define AUDIT_MODE_ENABLE 1\r | |
51 | #define AUDIT_MODE_DISABLE 0\r | |
ab0eecec | 52 | \r |
bd86cb02 LG |
53 | //***********************************************************************\r |
54 | // Signature Database\r | |
55 | //***********************************************************************\r | |
56 | ///\r | |
20333c6d | 57 | /// The format of a signature database.\r |
bd86cb02 LG |
58 | ///\r |
59 | #pragma pack(1)\r | |
60 | \r | |
61 | typedef struct {\r | |
62 | ///\r | |
63 | /// An identifier which identifies the agent which added the signature to the list.\r | |
64 | ///\r | |
60bd4ccd | 65 | EFI_GUID SignatureOwner;\r |
bd86cb02 LG |
66 | ///\r |
67 | /// The format of the signature is defined by the SignatureType.\r | |
68 | ///\r | |
60bd4ccd | 69 | UINT8 SignatureData[1];\r |
bd86cb02 LG |
70 | } EFI_SIGNATURE_DATA;\r |
71 | \r | |
72 | typedef struct {\r | |
73 | ///\r | |
74 | /// Type of the signature. GUID signature types are defined in below.\r | |
75 | ///\r | |
60bd4ccd | 76 | EFI_GUID SignatureType;\r |
bd86cb02 LG |
77 | ///\r |
78 | /// Total size of the signature list, including this header.\r | |
79 | ///\r | |
60bd4ccd | 80 | UINT32 SignatureListSize;\r |
bd86cb02 LG |
81 | ///\r |
82 | /// Size of the signature header which precedes the array of signatures.\r | |
83 | ///\r | |
60bd4ccd | 84 | UINT32 SignatureHeaderSize;\r |
bd86cb02 LG |
85 | ///\r |
86 | /// Size of each signature.\r | |
87 | ///\r | |
20333c6d | 88 | UINT32 SignatureSize;\r |
bd86cb02 | 89 | ///\r |
20333c6d | 90 | /// Header before the array of signatures. The format of this header is specified\r |
bd86cb02 LG |
91 | /// by the SignatureType.\r |
92 | /// UINT8 SignatureHeader[SignatureHeaderSize];\r | |
93 | ///\r | |
20333c6d | 94 | /// An array of signatures. Each signature is SignatureSize bytes in length.\r |
bd86cb02 LG |
95 | /// EFI_SIGNATURE_DATA Signatures[][SignatureSize];\r |
96 | ///\r | |
97 | } EFI_SIGNATURE_LIST;\r | |
98 | \r | |
20333c6d QL |
99 | typedef struct {\r |
100 | ///\r | |
101 | /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents.\r | |
102 | ///\r | |
103 | EFI_SHA256_HASH ToBeSignedHash;\r | |
104 | ///\r | |
105 | /// The time that the certificate shall be considered to be revoked.\r | |
106 | ///\r | |
107 | EFI_TIME TimeOfRevocation;\r | |
108 | } EFI_CERT_X509_SHA256;\r | |
109 | \r | |
110 | typedef struct {\r | |
111 | ///\r | |
112 | /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents.\r | |
113 | ///\r | |
114 | EFI_SHA384_HASH ToBeSignedHash;\r | |
115 | ///\r | |
116 | /// The time that the certificate shall be considered to be revoked.\r | |
117 | ///\r | |
118 | EFI_TIME TimeOfRevocation;\r | |
119 | } EFI_CERT_X509_SHA384;\r | |
120 | \r | |
121 | typedef struct {\r | |
122 | ///\r | |
123 | /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents.\r | |
124 | ///\r | |
125 | EFI_SHA512_HASH ToBeSignedHash;\r | |
126 | ///\r | |
127 | /// The time that the certificate shall be considered to be revoked.\r | |
128 | ///\r | |
129 | EFI_TIME TimeOfRevocation;\r | |
130 | } EFI_CERT_X509_SHA512;\r | |
131 | \r | |
bd86cb02 LG |
132 | #pragma pack()\r |
133 | \r | |
134 | ///\r | |
f704fc85 | 135 | /// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall\r |
136 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
137 | /// 32 bytes.\r | |
bd86cb02 LG |
138 | ///\r |
139 | #define EFI_CERT_SHA256_GUID \\r | |
140 | { \\r | |
141 | 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \\r | |
142 | }\r | |
143 | \r | |
144 | ///\r | |
f704fc85 | 145 | /// This identifies a signature containing an RSA-2048 key. The key (only the modulus\r |
146 | /// since the public key exponent is known to be 0x10001) shall be stored in big-endian\r | |
147 | /// order.\r | |
20333c6d | 148 | /// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size\r |
6048a5b0 | 149 | /// of SignatureOwner component) + 256 bytes.\r |
bd86cb02 LG |
150 | ///\r |
151 | #define EFI_CERT_RSA2048_GUID \\r | |
152 | { \\r | |
153 | 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \\r | |
154 | }\r | |
155 | \r | |
156 | ///\r | |
20333c6d QL |
157 | /// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The\r |
158 | /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of\r | |
6048a5b0 | 159 | /// SignatureOwner component) + 256 bytes.\r |
bd86cb02 LG |
160 | ///\r |
161 | #define EFI_CERT_RSA2048_SHA256_GUID \\r | |
162 | { \\r | |
163 | 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \\r | |
164 | }\r | |
165 | \r | |
166 | ///\r | |
f704fc85 | 167 | /// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always\r |
6048a5b0 | 168 | /// be 16 (size of SignatureOwner component) + 20 bytes.\r |
bd86cb02 LG |
169 | ///\r |
170 | #define EFI_CERT_SHA1_GUID \\r | |
171 | { \\r | |
172 | 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \\r | |
173 | }\r | |
174 | \r | |
175 | ///\r | |
20333c6d QL |
176 | /// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The\r |
177 | /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of\r | |
6048a5b0 | 178 | /// SignatureOwner component) + 256 bytes.\r |
bd86cb02 LG |
179 | ///\r |
180 | #define EFI_CERT_RSA2048_SHA1_GUID \\r | |
181 | { \\r | |
182 | 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \\r | |
183 | }\r | |
184 | \r | |
185 | ///\r | |
f704fc85 | 186 | /// This identifies a signature based on an X.509 certificate. If the signature is an X.509\r |
20333c6d QL |
187 | /// certificate then verification of the signature of an image should validate the public\r |
188 | /// key certificate in the image using certificate path verification, up to this X.509\r | |
f704fc85 | 189 | /// certificate as a trusted root. The SignatureHeader size shall always be 0. The\r |
20333c6d QL |
190 | /// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) +\r |
191 | /// the size of the certificate itself.\r | |
f704fc85 | 192 | /// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST.\r |
bd86cb02 | 193 | ///\r |
f704fc85 | 194 | #define EFI_CERT_X509_GUID \\r |
bd86cb02 LG |
195 | { \\r |
196 | 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \\r | |
197 | }\r | |
198 | \r | |
f704fc85 | 199 | ///\r |
200 | /// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall\r | |
201 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
202 | /// 28 bytes.\r | |
203 | ///\r | |
204 | #define EFI_CERT_SHA224_GUID \\r | |
205 | { \\r | |
206 | 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \\r | |
207 | }\r | |
208 | \r | |
209 | ///\r | |
210 | /// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall\r | |
211 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
212 | /// 48 bytes.\r | |
213 | ///\r | |
214 | #define EFI_CERT_SHA384_GUID \\r | |
215 | { \\r | |
216 | 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \\r | |
20333c6d | 217 | }\r |
f704fc85 | 218 | \r |
219 | ///\r | |
220 | /// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall\r | |
221 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
222 | /// 64 bytes.\r | |
223 | ///\r | |
224 | #define EFI_CERT_SHA512_GUID \\r | |
225 | { \\r | |
226 | 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \\r | |
227 | }\r | |
ab0eecec | 228 | \r |
20333c6d QL |
229 | ///\r |
230 | /// This identifies a signature containing the SHA256 hash of an X.509 certificate's\r | |
231 | /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall\r | |
232 | /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)\r | |
233 | /// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero,\r | |
234 | /// the certificate should be considered to be revoked from that time and onwards, and\r | |
235 | /// otherwise the certificate shall be considered to always be revoked.\r | |
236 | ///\r | |
237 | #define EFI_CERT_X509_SHA256_GUID \\r | |
238 | { \\r | |
239 | 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \\r | |
240 | }\r | |
241 | \r | |
242 | ///\r | |
243 | /// This identifies a signature containing the SHA384 hash of an X.509 certificate's\r | |
244 | /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall\r | |
245 | /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)\r | |
246 | /// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero,\r | |
247 | /// the certificate should be considered to be revoked from that time and onwards, and\r | |
248 | /// otherwise the certificate shall be considered to always be revoked.\r | |
249 | ///\r | |
250 | #define EFI_CERT_X509_SHA384_GUID \\r | |
251 | { \\r | |
252 | 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \\r | |
253 | }\r | |
254 | \r | |
255 | ///\r | |
256 | /// This identifies a signature containing the SHA512 hash of an X.509 certificate's\r | |
257 | /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall\r | |
258 | /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)\r | |
259 | /// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero,\r | |
260 | /// the certificate should be considered to be revoked from that time and onwards, and\r | |
261 | /// otherwise the certificate shall be considered to always be revoked.\r | |
262 | ///\r | |
263 | #define EFI_CERT_X509_SHA512_GUID \\r | |
264 | { \\r | |
265 | 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \\r | |
266 | }\r | |
267 | \r | |
ab0eecec | 268 | ///\r |
269 | /// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315]\r | |
270 | /// SignedData value.\r | |
271 | ///\r | |
272 | #define EFI_CERT_TYPE_PKCS7_GUID \\r | |
273 | { \\r | |
274 | 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \\r | |
275 | }\r | |
20333c6d | 276 | \r |
bd86cb02 LG |
277 | //***********************************************************************\r |
278 | // Image Execution Information Table Definition\r | |
279 | //***********************************************************************\r | |
280 | typedef UINT32 EFI_IMAGE_EXECUTION_ACTION;\r | |
281 | \r | |
20333c6d | 282 | #define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007\r |
3f275826 LG |
283 | #define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000\r |
284 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001\r | |
285 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002\r | |
286 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003\r | |
287 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004\r | |
288 | #define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005\r | |
289 | #define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008\r | |
bd86cb02 LG |
290 | \r |
291 | //\r | |
20333c6d | 292 | // EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table\r |
bd86cb02 LG |
293 | // and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID.\r |
294 | //\r | |
295 | typedef struct {\r | |
296 | ///\r | |
297 | /// Describes the action taken by the firmware regarding this image.\r | |
298 | ///\r | |
60bd4ccd | 299 | EFI_IMAGE_EXECUTION_ACTION Action;\r |
bd86cb02 LG |
300 | ///\r |
301 | /// Size of all of the entire structure.\r | |
302 | ///\r | |
303 | UINT32 InfoSize;\r | |
304 | ///\r | |
20333c6d QL |
305 | /// If this image was a UEFI device driver (for option ROM, for example) this is the\r |
306 | /// null-terminated, user-friendly name for the device. If the image was for an application,\r | |
307 | /// then this is the name of the application. If this cannot be determined, then a simple\r | |
bd86cb02 LG |
308 | /// NULL character should be put in this position.\r |
309 | /// CHAR16 Name[];\r | |
310 | ///\r | |
311 | \r | |
312 | ///\r | |
20333c6d QL |
313 | /// For device drivers, this is the device path of the device for which this device driver\r |
314 | /// was intended. In some cases, the driver itself may be stored as part of the system\r | |
315 | /// firmware, but this field should record the device's path, not the firmware path. For\r | |
316 | /// applications, this is the device path of the application. If this cannot be determined,\r | |
bd86cb02 LG |
317 | /// a simple end-of-path device node should be put in this position.\r |
318 | /// EFI_DEVICE_PATH_PROTOCOL DevicePath;\r | |
319 | ///\r | |
320 | \r | |
bd86cb02 | 321 | ///\r |
20333c6d | 322 | /// Zero or more image signatures. If the image contained no signatures,\r |
bd86cb02 | 323 | /// then this field is empty.\r |
686f0c7b LG |
324 | /// EFI_SIGNATURE_LIST Signature;\r |
325 | /// \r | |
bd86cb02 LG |
326 | } EFI_IMAGE_EXECUTION_INFO;\r |
327 | \r | |
a1e98f78 LG |
328 | \r |
329 | typedef struct {\r | |
330 | ///\r | |
331 | /// Number of EFI_IMAGE_EXECUTION_INFO structures.\r | |
332 | ///\r | |
20333c6d | 333 | UINTN NumberOfImages;\r |
a1e98f78 LG |
334 | ///\r |
335 | /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures.\r | |
336 | ///\r | |
20333c6d | 337 | // EFI_IMAGE_EXECUTION_INFO InformationInfo[]\r |
a1e98f78 LG |
338 | } EFI_IMAGE_EXECUTION_INFO_TABLE;\r |
339 | \r | |
bd86cb02 LG |
340 | extern EFI_GUID gEfiImageSecurityDatabaseGuid;\r |
341 | extern EFI_GUID gEfiCertSha256Guid;\r | |
20333c6d | 342 | extern EFI_GUID gEfiCertRsa2048Guid;\r |
bd86cb02 LG |
343 | extern EFI_GUID gEfiCertRsa2048Sha256Guid;\r |
344 | extern EFI_GUID gEfiCertSha1Guid;\r | |
345 | extern EFI_GUID gEfiCertRsa2048Sha1Guid;\r | |
346 | extern EFI_GUID gEfiCertX509Guid;\r | |
05c82e51 SZ |
347 | extern EFI_GUID gEfiCertSha224Guid;\r |
348 | extern EFI_GUID gEfiCertSha384Guid;\r | |
349 | extern EFI_GUID gEfiCertSha512Guid;\r | |
20333c6d QL |
350 | extern EFI_GUID gEfiCertX509Sha256Guid;\r |
351 | extern EFI_GUID gEfiCertX509Sha384Guid;\r | |
352 | extern EFI_GUID gEfiCertX509Sha512Guid;\r | |
ab0eecec | 353 | extern EFI_GUID gEfiCertPkcs7Guid;\r |
bd86cb02 | 354 | \r |
543cc44e | 355 | #endif\r |