[mirror_edk2.git] / OvmfPkg / EnrollDefaultKeys / EnrollDefaultKeys.h

/** @file\r
  Type definitions for the EnrollDefaultKeys application.\r
\r
  Copyright (C) 2014-2019, Red Hat, Inc.\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
**/\r
\r
#ifndef ENROLL_DEFAULT_KEYS_H_\r
#define ENROLL_DEFAULT_KEYS_H_\r
\r
#include <Uefi/UefiBaseType.h>\r
\r
//\r
// Convenience structure types for constructing "signature lists" for\r
// authenticated UEFI variables.\r
//\r
// The most important thing about the variable payload is that it is a list of\r
// lists, where the element size of any given *inner* list is constant.\r
//\r
// Since X509 certificates vary in size, each of our *inner* lists will contain\r
// one element only (one X.509 certificate). This is explicitly mentioned in\r
// the UEFI specification, in "28.4.1 Signature Database", in a Note.\r
//\r
// The list structure looks as follows:\r
//\r
// struct EFI_VARIABLE_AUTHENTICATION_2 {                           |\r
//   struct EFI_TIME {                                              |\r
//     UINT16 Year;                                                 |\r
//     UINT8  Month;                                                |\r
//     UINT8  Day;                                                  |\r
//     UINT8  Hour;                                                 |\r
//     UINT8  Minute;                                               |\r
//     UINT8  Second;                                               |\r
//     UINT8  Pad1;                                                 |\r
//     UINT32 Nanosecond;                                           |\r
//     INT16  TimeZone;                                             |\r
//     UINT8  Daylight;                                             |\r
//     UINT8  Pad2;                                                 |\r
//   } TimeStamp;                                                   |\r
//                                                                  |\r
//   struct WIN_CERTIFICATE_UEFI_GUID {                           | |\r
//     struct WIN_CERTIFICATE {                                   | |\r
//       UINT32 dwLength; ----------------------------------------+ |\r
//       UINT16 wRevision;                                        | |\r
//       UINT16 wCertificateType;                                 | |\r
//     } Hdr;                                                     | +- DataSize\r
//                                                                | |\r
//     EFI_GUID CertType;                                         | |\r
//     UINT8    CertData[1] = { <--- "struct hack"                | |\r
//       struct EFI_SIGNATURE_LIST {                            | | |\r
//         EFI_GUID SignatureType;                              | | |\r
//         UINT32   SignatureListSize; -------------------------+ | |\r
//         UINT32   SignatureHeaderSize;                        | | |\r
//         UINT32   SignatureSize; ---------------------------+ | | |\r
//         UINT8    SignatureHeader[SignatureHeaderSize];     | | | |\r
//                                                            v | | |\r
//         struct EFI_SIGNATURE_DATA {                        | | | |\r
//           EFI_GUID SignatureOwner;                         | | | |\r
//           UINT8    SignatureData[1] = { <--- "struct hack" | | | |\r
//             X.509 payload                                  | | | |\r
//           }                                                | | | |\r
//         } Signatures[];                                      | | |\r
//       } SigLists[];                                            | |\r
//     };                                                         | |\r
//   } AuthInfo;                                                  | |\r
// };                                                               |\r
//\r
// Given that the "struct hack" invokes undefined behavior (which is why C99\r
// introduced the flexible array member), and because subtracting those pesky\r
// sizes of 1 is annoying, and because the format is fully specified in the\r
// UEFI specification, we'll introduce two matching convenience structures that\r
// are customized for our X.509 purposes.\r
//\r
#pragma pack (1)\r
typedef struct {\r
  EFI_TIME TimeStamp;\r
\r
  //\r
  // dwLength covers data below\r
  //\r
  UINT32   dwLength;\r
  UINT16   wRevision;\r
  UINT16   wCertificateType;\r
  EFI_GUID CertType;\r
} SINGLE_HEADER;\r
\r
typedef struct {\r
  //\r
  // SignatureListSize covers data below\r
  //\r
  EFI_GUID SignatureType;\r
  UINT32   SignatureListSize;\r
  UINT32   SignatureHeaderSize; // constant 0\r
  UINT32   SignatureSize;\r
\r
  //\r
  // SignatureSize covers data below\r
  //\r
  EFI_GUID SignatureOwner;\r
\r
  //\r
  // X.509 certificate follows\r
  //\r
} REPEATING_HEADER;\r
#pragma pack ()\r
\r
\r
//\r
// A structure that collects the values of UEFI variables related to Secure\r
// Boot.\r
//\r
typedef struct {\r
  UINT8 SetupMode;\r
  UINT8 SecureBoot;\r
  UINT8 SecureBootEnable;\r
  UINT8 CustomMode;\r
  UINT8 VendorKeys;\r
} SETTINGS;\r
\r
#endif /* ENROLL_DEFAULT_KEYS_H_ */\r
Commit	Line	Data
1c9418fc LE	1	/** @file\r
	2	Type definitions for the EnrollDefaultKeys application.\r
	3	\r
	4	Copyright (C) 2014-2019, Red Hat, Inc.\r
	5	\r
	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	7	**/\r
	8	\r
	9	#ifndef ENROLL_DEFAULT_KEYS_H_\r
	10	#define ENROLL_DEFAULT_KEYS_H_\r
	11	\r
	12	#include <Uefi/UefiBaseType.h>\r
	13	\r
	14	//\r
	15	// Convenience structure types for constructing "signature lists" for\r
	16	// authenticated UEFI variables.\r
	17	//\r
	18	// The most important thing about the variable payload is that it is a list of\r
	19	// lists, where the element size of any given inner list is constant.\r
	20	//\r
	21	// Since X509 certificates vary in size, each of our inner lists will contain\r
	22	// one element only (one X.509 certificate). This is explicitly mentioned in\r
	23	// the UEFI specification, in "28.4.1 Signature Database", in a Note.\r
	24	//\r
	25	// The list structure looks as follows:\r
	26	//\r
	27	// struct EFI_VARIABLE_AUTHENTICATION_2 { \|\r
	28	// struct EFI_TIME { \|\r
	29	// UINT16 Year; \|\r
	30	// UINT8 Month; \|\r
	31	// UINT8 Day; \|\r
	32	// UINT8 Hour; \|\r
	33	// UINT8 Minute; \|\r
	34	// UINT8 Second; \|\r
	35	// UINT8 Pad1; \|\r
	36	// UINT32 Nanosecond; \|\r
	37	// INT16 TimeZone; \|\r
	38	// UINT8 Daylight; \|\r
	39	// UINT8 Pad2; \|\r
	40	// } TimeStamp; \|\r
	41	// \|\r
	42	// struct WIN_CERTIFICATE_UEFI_GUID { \| \|\r
	43	// struct WIN_CERTIFICATE { \| \|\r
	44	// UINT32 dwLength; ----------------------------------------+ \|\r
	45	// UINT16 wRevision; \| \|\r
	46	// UINT16 wCertificateType; \| \|\r
	47	// } Hdr; \| +- DataSize\r
	48	// \| \|\r
	49	// EFI_GUID CertType; \| \|\r
	50	// UINT8 CertData[1] = { <--- "struct hack" \| \|\r
	51	// struct EFI_SIGNATURE_LIST { \| \| \|\r
	52	// EFI_GUID SignatureType; \| \| \|\r
	53	// UINT32 SignatureListSize; -------------------------+ \| \|\r
	54	// UINT32 SignatureHeaderSize; \| \| \|\r
	55	// UINT32 SignatureSize; ---------------------------+ \| \| \|\r
	56	// UINT8 SignatureHeader[SignatureHeaderSize]; \| \| \| \|\r
	57	// v \| \| \|\r
	58	// struct EFI_SIGNATURE_DATA { \| \| \| \|\r
	59	// EFI_GUID SignatureOwner; \| \| \| \|\r
	60	// UINT8 SignatureData[1] = { <--- "struct hack" \| \| \| \|\r
	61	// X.509 payload \| \| \| \|\r
	62	// } \| \| \| \|\r
	63	// } Signatures[]; \| \| \|\r
	64	// } SigLists[]; \| \|\r
65	// }; \| \|\r
66	// } AuthInfo; \| \|\r
67	// }; \|\r
68	//\r
69	// Given that the "struct hack" invokes undefined behavior (which is why C99\r
70	// introduced the flexible array member), and because subtracting those pesky\r
71	// sizes of 1 is annoying, and because the format is fully specified in the\r
72	// UEFI specification, we'll introduce two matching convenience structures that\r
73	// are customized for our X.509 purposes.\r
74	//\r
75	#pragma pack (1)\r
76	typedef struct {\r
77	EFI_TIME TimeStamp;\r
78	\r
79	//\r
80	// dwLength covers data below\r
81	//\r
82	UINT32 dwLength;\r
83	UINT16 wRevision;\r
84	UINT16 wCertificateType;\r
85	EFI_GUID CertType;\r
86	} SINGLE_HEADER;\r
87	\r
88	typedef struct {\r
89	//\r
90	// SignatureListSize covers data below\r
91	//\r
92	EFI_GUID SignatureType;\r
93	UINT32 SignatureListSize;\r
94	UINT32 SignatureHeaderSize; // constant 0\r
95	UINT32 SignatureSize;\r
96	\r
97	//\r
98	// SignatureSize covers data below\r
99	//\r
100	EFI_GUID SignatureOwner;\r
101	\r
102	//\r
103	// X.509 certificate follows\r
104	//\r
105	} REPEATING_HEADER;\r
106	#pragma pack ()\r
107	\r
108	\r
109	//\r
110	// A structure that collects the values of UEFI variables related to Secure\r
111	// Boot.\r
112	//\r
113	typedef struct {\r
114	UINT8 SetupMode;\r
115	UINT8 SecureBoot;\r
116	UINT8 SecureBootEnable;\r
117	UINT8 CustomMode;\r
118	UINT8 VendorKeys;\r
119	} SETTINGS;\r
120	\r
121	#endif /* ENROLL_DEFAULT_KEYS_H_ */\r