[mirror_edk2.git] / OvmfPkg / EnrollDefaultKeys / EnrollDefaultKeys.h

/** @file\r
  Type definitions and object declarations for the EnrollDefaultKeys\r
  application.\r
\r
  Copyright (C) 2014-2019, Red Hat, Inc.\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
**/\r
\r
#ifndef ENROLL_DEFAULT_KEYS_H_\r
#define ENROLL_DEFAULT_KEYS_H_\r
\r
#include <Uefi/UefiBaseType.h>\r
\r
//\r
// Convenience structure types for constructing "signature lists" for\r
// authenticated UEFI variables.\r
//\r
// The most important thing about the variable payload is that it is a list of\r
// lists, where the element size of any given *inner* list is constant.\r
//\r
// Since X509 certificates vary in size, each of our *inner* lists will contain\r
// one element only (one X.509 certificate). This is explicitly mentioned in\r
// the UEFI specification, in "28.4.1 Signature Database", in a Note.\r
//\r
// The list structure looks as follows:\r
//\r
// struct EFI_VARIABLE_AUTHENTICATION_2 {                           |\r
//   struct EFI_TIME {                                              |\r
//     UINT16 Year;                                                 |\r
//     UINT8  Month;                                                |\r
//     UINT8  Day;                                                  |\r
//     UINT8  Hour;                                                 |\r
//     UINT8  Minute;                                               |\r
//     UINT8  Second;                                               |\r
//     UINT8  Pad1;                                                 |\r
//     UINT32 Nanosecond;                                           |\r
//     INT16  TimeZone;                                             |\r
//     UINT8  Daylight;                                             |\r
//     UINT8  Pad2;                                                 |\r
//   } TimeStamp;                                                   |\r
//                                                                  |\r
//   struct WIN_CERTIFICATE_UEFI_GUID {                           | |\r
//     struct WIN_CERTIFICATE {                                   | |\r
//       UINT32 dwLength; ----------------------------------------+ |\r
//       UINT16 wRevision;                                        | |\r
//       UINT16 wCertificateType;                                 | |\r
//     } Hdr;                                                     | +- DataSize\r
//                                                                | |\r
//     EFI_GUID CertType;                                         | |\r
//     UINT8    CertData[1] = { <--- "struct hack"                | |\r
//       struct EFI_SIGNATURE_LIST {                            | | |\r
//         EFI_GUID SignatureType;                              | | |\r
//         UINT32   SignatureListSize; -------------------------+ | |\r
//         UINT32   SignatureHeaderSize;                        | | |\r
//         UINT32   SignatureSize; ---------------------------+ | | |\r
//         UINT8    SignatureHeader[SignatureHeaderSize];     | | | |\r
//                                                            v | | |\r
//         struct EFI_SIGNATURE_DATA {                        | | | |\r
//           EFI_GUID SignatureOwner;                         | | | |\r
//           UINT8    SignatureData[1] = { <--- "struct hack" | | | |\r
//             X.509 payload                                  | | | |\r
//           }                                                | | | |\r
//         } Signatures[];                                      | | |\r
//       } SigLists[];                                            | |\r
//     };                                                         | |\r
//   } AuthInfo;                                                  | |\r
// };                                                               |\r
//\r
// Given that the "struct hack" invokes undefined behavior (which is why C99\r
// introduced the flexible array member), and because subtracting those pesky\r
// sizes of 1 is annoying, and because the format is fully specified in the\r
// UEFI specification, we'll introduce two matching convenience structures that\r
// are customized for our X.509 purposes.\r
//\r
#pragma pack (1)\r
typedef struct {\r
  EFI_TIME TimeStamp;\r
\r
  //\r
  // dwLength covers data below\r
  //\r
  UINT32   dwLength;\r
  UINT16   wRevision;\r
  UINT16   wCertificateType;\r
  EFI_GUID CertType;\r
} SINGLE_HEADER;\r
\r
typedef struct {\r
  //\r
  // SignatureListSize covers data below\r
  //\r
  EFI_GUID SignatureType;\r
  UINT32   SignatureListSize;\r
  UINT32   SignatureHeaderSize; // constant 0\r
  UINT32   SignatureSize;\r
\r
  //\r
  // SignatureSize covers data below\r
  //\r
  EFI_GUID SignatureOwner;\r
\r
  //\r
  // X.509 certificate follows\r
  //\r
} REPEATING_HEADER;\r
#pragma pack ()\r
\r
\r
//\r
// A structure that collects the values of UEFI variables related to Secure\r
// Boot.\r
//\r
typedef struct {\r
  UINT8 SetupMode;\r
  UINT8 SecureBoot;\r
  UINT8 SecureBootEnable;\r
  UINT8 CustomMode;\r
  UINT8 VendorKeys;\r
} SETTINGS;\r
\r
\r
//\r
// Refer to "AuthData.c" for details on the following objects.\r
//\r
extern CONST UINT8 mMicrosoftKek[];\r
extern CONST UINTN mSizeOfMicrosoftKek;\r
\r
extern CONST UINT8 mMicrosoftPca[];\r
extern CONST UINTN mSizeOfMicrosoftPca;\r
\r
extern CONST UINT8 mMicrosoftUefiCa[];\r
extern CONST UINTN mSizeOfMicrosoftUefiCa;\r
\r
extern CONST UINT8 mSha256OfDevNull[];\r
extern CONST UINTN mSizeOfSha256OfDevNull;\r
\r
#endif /* ENROLL_DEFAULT_KEYS_H_ */\r
Commit	Line	Data
1c9418fc	1	/** @file\r
a79b115a LE	2	Type definitions and object declarations for the EnrollDefaultKeys\r
a79b115a LE	3	application.\r
1c9418fc LE	4	\r
	5	Copyright (C) 2014-2019, Red Hat, Inc.\r
	6	\r
	7	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	8	**/\r
	9	\r
	10	#ifndef ENROLL_DEFAULT_KEYS_H_\r
	11	#define ENROLL_DEFAULT_KEYS_H_\r
	12	\r
	13	#include <Uefi/UefiBaseType.h>\r
	14	\r
	15	//\r
	16	// Convenience structure types for constructing "signature lists" for\r
	17	// authenticated UEFI variables.\r
	18	//\r
	19	// The most important thing about the variable payload is that it is a list of\r
	20	// lists, where the element size of any given inner list is constant.\r
	21	//\r
	22	// Since X509 certificates vary in size, each of our inner lists will contain\r
	23	// one element only (one X.509 certificate). This is explicitly mentioned in\r
	24	// the UEFI specification, in "28.4.1 Signature Database", in a Note.\r
	25	//\r
	26	// The list structure looks as follows:\r
	27	//\r
	28	// struct EFI_VARIABLE_AUTHENTICATION_2 { \|\r
	29	// struct EFI_TIME { \|\r
	30	// UINT16 Year; \|\r
	31	// UINT8 Month; \|\r
	32	// UINT8 Day; \|\r
	33	// UINT8 Hour; \|\r
	34	// UINT8 Minute; \|\r
	35	// UINT8 Second; \|\r
	36	// UINT8 Pad1; \|\r
	37	// UINT32 Nanosecond; \|\r
	38	// INT16 TimeZone; \|\r
	39	// UINT8 Daylight; \|\r
	40	// UINT8 Pad2; \|\r
	41	// } TimeStamp; \|\r
	42	// \|\r
	43	// struct WIN_CERTIFICATE_UEFI_GUID { \| \|\r
	44	// struct WIN_CERTIFICATE { \| \|\r
	45	// UINT32 dwLength; ----------------------------------------+ \|\r
	46	// UINT16 wRevision; \| \|\r
	47	// UINT16 wCertificateType; \| \|\r
	48	// } Hdr; \| +- DataSize\r
	49	// \| \|\r
	50	// EFI_GUID CertType; \| \|\r
	51	// UINT8 CertData[1] = { <--- "struct hack" \| \|\r
	52	// struct EFI_SIGNATURE_LIST { \| \| \|\r
	53	// EFI_GUID SignatureType; \| \| \|\r
	54	// UINT32 SignatureListSize; -------------------------+ \| \|\r
	55	// UINT32 SignatureHeaderSize; \| \| \|\r
	56	// UINT32 SignatureSize; ---------------------------+ \| \| \|\r
	57	// UINT8 SignatureHeader[SignatureHeaderSize]; \| \| \| \|\r
	58	// v \| \| \|\r
	59	// struct EFI_SIGNATURE_DATA { \| \| \| \|\r
	60	// EFI_GUID SignatureOwner; \| \| \| \|\r
	61	// UINT8 SignatureData[1] = { <--- "struct hack" \| \| \| \|\r
	62	// X.509 payload \| \| \| \|\r
	63	// } \| \| \| \|\r
	64	// } Signatures[]; \| \| \|\r
	65	// } SigLists[]; \| \|\r
	66	// }; \| \|\r
	67	// } AuthInfo; \| \|\r
68	// }; \|\r
69	//\r
70	// Given that the "struct hack" invokes undefined behavior (which is why C99\r
71	// introduced the flexible array member), and because subtracting those pesky\r
72	// sizes of 1 is annoying, and because the format is fully specified in the\r
73	// UEFI specification, we'll introduce two matching convenience structures that\r
74	// are customized for our X.509 purposes.\r
75	//\r
76	#pragma pack (1)\r
77	typedef struct {\r
78	EFI_TIME TimeStamp;\r
79	\r
80	//\r
81	// dwLength covers data below\r
82	//\r
83	UINT32 dwLength;\r
84	UINT16 wRevision;\r
85	UINT16 wCertificateType;\r
86	EFI_GUID CertType;\r
87	} SINGLE_HEADER;\r
88	\r
89	typedef struct {\r
90	//\r
91	// SignatureListSize covers data below\r
92	//\r
93	EFI_GUID SignatureType;\r
94	UINT32 SignatureListSize;\r
95	UINT32 SignatureHeaderSize; // constant 0\r
96	UINT32 SignatureSize;\r
97	\r
98	//\r
99	// SignatureSize covers data below\r
100	//\r
101	EFI_GUID SignatureOwner;\r
102	\r
103	//\r
104	// X.509 certificate follows\r
105	//\r
106	} REPEATING_HEADER;\r
107	#pragma pack ()\r
108	\r
109	\r
110	//\r
111	// A structure that collects the values of UEFI variables related to Secure\r
112	// Boot.\r
113	//\r
114	typedef struct {\r
115	UINT8 SetupMode;\r
116	UINT8 SecureBoot;\r
117	UINT8 SecureBootEnable;\r
118	UINT8 CustomMode;\r
119	UINT8 VendorKeys;\r
120	} SETTINGS;\r
121	\r
a79b115a LE	122	\r
	123	//\r
	124	// Refer to "AuthData.c" for details on the following objects.\r
	125	//\r
a79b115a LE	126	extern CONST UINT8 mMicrosoftKek[];\r
	127	extern CONST UINTN mSizeOfMicrosoftKek;\r
	128	\r
	129	extern CONST UINT8 mMicrosoftPca[];\r
	130	extern CONST UINTN mSizeOfMicrosoftPca;\r
	131	\r
	132	extern CONST UINT8 mMicrosoftUefiCa[];\r
	133	extern CONST UINTN mSizeOfMicrosoftUefiCa;\r
	134	\r
	135	extern CONST UINT8 mSha256OfDevNull[];\r
	136	extern CONST UINTN mSizeOfSha256OfDevNull;\r
	137	\r
1c9418fc	138	#endif /* ENROLL_DEFAULT_KEYS_H_ */\r