]>
Commit | Line | Data |
---|---|---|
1 | /** @file\r | |
2 | Image signature database are defined for the signed image validation.\r | |
3 | \r | |
4 | Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r | |
5 | This program and the accompanying materials\r | |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | @par Revision Reference:\r | |
14 | GUIDs defined in UEFI 2.5 spec.\r | |
15 | **/\r | |
16 | \r | |
17 | #ifndef __IMAGE_AUTHTICATION_H__\r | |
18 | #define __IMAGE_AUTHTICATION_H__\r | |
19 | \r | |
20 | #include <Guid/GlobalVariable.h>\r | |
21 | #include <Protocol/Hash.h>\r | |
22 | \r | |
23 | #define EFI_IMAGE_SECURITY_DATABASE_GUID \\r | |
24 | { \\r | |
25 | 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \\r | |
26 | }\r | |
27 | \r | |
28 | ///\r | |
29 | /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID\r | |
30 | /// for the authorized signature database.\r | |
31 | ///\r | |
32 | #define EFI_IMAGE_SECURITY_DATABASE L"db"\r | |
33 | ///\r | |
34 | /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID\r | |
35 | /// for the forbidden signature database.\r | |
36 | ///\r | |
37 | #define EFI_IMAGE_SECURITY_DATABASE1 L"dbx"\r | |
38 | ///\r | |
39 | /// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID\r | |
40 | /// for the timestamp signature database.\r | |
41 | ///\r | |
42 | #define EFI_IMAGE_SECURITY_DATABASE2 L"dbt"\r | |
43 | \r | |
44 | #define SECURE_BOOT_MODE_ENABLE 1\r | |
45 | #define SECURE_BOOT_MODE_DISABLE 0\r | |
46 | ///\r | |
47 | /// Depricated value definition for SetupMode variable \r | |
48 | ///\r | |
49 | #define SETUP_MODE 1\r | |
50 | #define USER_MODE 0\r | |
51 | ///\r | |
52 | /// Value definition for SetupMode/DeployedMode/AuditMode variable\r | |
53 | ///\r | |
54 | #define SETUP_MODE_ENABLE 1\r | |
55 | #define SETUP_MODE_DISABLE 0\r | |
56 | #define DEPLOYED_MODE_ENABLE 1\r | |
57 | #define DEPLOYED_MODE_DISABLE 0\r | |
58 | #define AUDIT_MODE_ENABLE 1\r | |
59 | #define AUDIT_MODE_DISABLE 0\r | |
60 | \r | |
61 | //***********************************************************************\r | |
62 | // Signature Database\r | |
63 | //***********************************************************************\r | |
64 | ///\r | |
65 | /// The format of a signature database.\r | |
66 | ///\r | |
67 | #pragma pack(1)\r | |
68 | \r | |
69 | typedef struct {\r | |
70 | ///\r | |
71 | /// An identifier which identifies the agent which added the signature to the list.\r | |
72 | ///\r | |
73 | EFI_GUID SignatureOwner;\r | |
74 | ///\r | |
75 | /// The format of the signature is defined by the SignatureType.\r | |
76 | ///\r | |
77 | UINT8 SignatureData[1];\r | |
78 | } EFI_SIGNATURE_DATA;\r | |
79 | \r | |
80 | typedef struct {\r | |
81 | ///\r | |
82 | /// Type of the signature. GUID signature types are defined in below.\r | |
83 | ///\r | |
84 | EFI_GUID SignatureType;\r | |
85 | ///\r | |
86 | /// Total size of the signature list, including this header.\r | |
87 | ///\r | |
88 | UINT32 SignatureListSize;\r | |
89 | ///\r | |
90 | /// Size of the signature header which precedes the array of signatures.\r | |
91 | ///\r | |
92 | UINT32 SignatureHeaderSize;\r | |
93 | ///\r | |
94 | /// Size of each signature.\r | |
95 | ///\r | |
96 | UINT32 SignatureSize;\r | |
97 | ///\r | |
98 | /// Header before the array of signatures. The format of this header is specified\r | |
99 | /// by the SignatureType.\r | |
100 | /// UINT8 SignatureHeader[SignatureHeaderSize];\r | |
101 | ///\r | |
102 | /// An array of signatures. Each signature is SignatureSize bytes in length.\r | |
103 | /// EFI_SIGNATURE_DATA Signatures[][SignatureSize];\r | |
104 | ///\r | |
105 | } EFI_SIGNATURE_LIST;\r | |
106 | \r | |
107 | typedef struct {\r | |
108 | ///\r | |
109 | /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents.\r | |
110 | ///\r | |
111 | EFI_SHA256_HASH ToBeSignedHash;\r | |
112 | ///\r | |
113 | /// The time that the certificate shall be considered to be revoked.\r | |
114 | ///\r | |
115 | EFI_TIME TimeOfRevocation;\r | |
116 | } EFI_CERT_X509_SHA256;\r | |
117 | \r | |
118 | typedef struct {\r | |
119 | ///\r | |
120 | /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents.\r | |
121 | ///\r | |
122 | EFI_SHA384_HASH ToBeSignedHash;\r | |
123 | ///\r | |
124 | /// The time that the certificate shall be considered to be revoked.\r | |
125 | ///\r | |
126 | EFI_TIME TimeOfRevocation;\r | |
127 | } EFI_CERT_X509_SHA384;\r | |
128 | \r | |
129 | typedef struct {\r | |
130 | ///\r | |
131 | /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents.\r | |
132 | ///\r | |
133 | EFI_SHA512_HASH ToBeSignedHash;\r | |
134 | ///\r | |
135 | /// The time that the certificate shall be considered to be revoked.\r | |
136 | ///\r | |
137 | EFI_TIME TimeOfRevocation;\r | |
138 | } EFI_CERT_X509_SHA512;\r | |
139 | \r | |
140 | #pragma pack()\r | |
141 | \r | |
142 | ///\r | |
143 | /// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall\r | |
144 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
145 | /// 32 bytes.\r | |
146 | ///\r | |
147 | #define EFI_CERT_SHA256_GUID \\r | |
148 | { \\r | |
149 | 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \\r | |
150 | }\r | |
151 | \r | |
152 | ///\r | |
153 | /// This identifies a signature containing an RSA-2048 key. The key (only the modulus\r | |
154 | /// since the public key exponent is known to be 0x10001) shall be stored in big-endian\r | |
155 | /// order.\r | |
156 | /// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size\r | |
157 | /// of SignatureOwner component) + 256 bytes.\r | |
158 | ///\r | |
159 | #define EFI_CERT_RSA2048_GUID \\r | |
160 | { \\r | |
161 | 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \\r | |
162 | }\r | |
163 | \r | |
164 | ///\r | |
165 | /// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The\r | |
166 | /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of\r | |
167 | /// SignatureOwner component) + 256 bytes.\r | |
168 | ///\r | |
169 | #define EFI_CERT_RSA2048_SHA256_GUID \\r | |
170 | { \\r | |
171 | 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \\r | |
172 | }\r | |
173 | \r | |
174 | ///\r | |
175 | /// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always\r | |
176 | /// be 16 (size of SignatureOwner component) + 20 bytes.\r | |
177 | ///\r | |
178 | #define EFI_CERT_SHA1_GUID \\r | |
179 | { \\r | |
180 | 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \\r | |
181 | }\r | |
182 | \r | |
183 | ///\r | |
184 | /// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The\r | |
185 | /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of\r | |
186 | /// SignatureOwner component) + 256 bytes.\r | |
187 | ///\r | |
188 | #define EFI_CERT_RSA2048_SHA1_GUID \\r | |
189 | { \\r | |
190 | 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \\r | |
191 | }\r | |
192 | \r | |
193 | ///\r | |
194 | /// This identifies a signature based on an X.509 certificate. If the signature is an X.509\r | |
195 | /// certificate then verification of the signature of an image should validate the public\r | |
196 | /// key certificate in the image using certificate path verification, up to this X.509\r | |
197 | /// certificate as a trusted root. The SignatureHeader size shall always be 0. The\r | |
198 | /// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) +\r | |
199 | /// the size of the certificate itself.\r | |
200 | /// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST.\r | |
201 | ///\r | |
202 | #define EFI_CERT_X509_GUID \\r | |
203 | { \\r | |
204 | 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \\r | |
205 | }\r | |
206 | \r | |
207 | ///\r | |
208 | /// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall\r | |
209 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
210 | /// 28 bytes.\r | |
211 | ///\r | |
212 | #define EFI_CERT_SHA224_GUID \\r | |
213 | { \\r | |
214 | 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \\r | |
215 | }\r | |
216 | \r | |
217 | ///\r | |
218 | /// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall\r | |
219 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
220 | /// 48 bytes.\r | |
221 | ///\r | |
222 | #define EFI_CERT_SHA384_GUID \\r | |
223 | { \\r | |
224 | 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \\r | |
225 | }\r | |
226 | \r | |
227 | ///\r | |
228 | /// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall\r | |
229 | /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +\r | |
230 | /// 64 bytes.\r | |
231 | ///\r | |
232 | #define EFI_CERT_SHA512_GUID \\r | |
233 | { \\r | |
234 | 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \\r | |
235 | }\r | |
236 | \r | |
237 | ///\r | |
238 | /// This identifies a signature containing the SHA256 hash of an X.509 certificate's\r | |
239 | /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall\r | |
240 | /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)\r | |
241 | /// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero,\r | |
242 | /// the certificate should be considered to be revoked from that time and onwards, and\r | |
243 | /// otherwise the certificate shall be considered to always be revoked.\r | |
244 | ///\r | |
245 | #define EFI_CERT_X509_SHA256_GUID \\r | |
246 | { \\r | |
247 | 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \\r | |
248 | }\r | |
249 | \r | |
250 | ///\r | |
251 | /// This identifies a signature containing the SHA384 hash of an X.509 certificate's\r | |
252 | /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall\r | |
253 | /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)\r | |
254 | /// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero,\r | |
255 | /// the certificate should be considered to be revoked from that time and onwards, and\r | |
256 | /// otherwise the certificate shall be considered to always be revoked.\r | |
257 | ///\r | |
258 | #define EFI_CERT_X509_SHA384_GUID \\r | |
259 | { \\r | |
260 | 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \\r | |
261 | }\r | |
262 | \r | |
263 | ///\r | |
264 | /// This identifies a signature containing the SHA512 hash of an X.509 certificate's\r | |
265 | /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall\r | |
266 | /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)\r | |
267 | /// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero,\r | |
268 | /// the certificate should be considered to be revoked from that time and onwards, and\r | |
269 | /// otherwise the certificate shall be considered to always be revoked.\r | |
270 | ///\r | |
271 | #define EFI_CERT_X509_SHA512_GUID \\r | |
272 | { \\r | |
273 | 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \\r | |
274 | }\r | |
275 | \r | |
276 | ///\r | |
277 | /// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315]\r | |
278 | /// SignedData value.\r | |
279 | ///\r | |
280 | #define EFI_CERT_TYPE_PKCS7_GUID \\r | |
281 | { \\r | |
282 | 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \\r | |
283 | }\r | |
284 | \r | |
285 | //***********************************************************************\r | |
286 | // Image Execution Information Table Definition\r | |
287 | //***********************************************************************\r | |
288 | typedef UINT32 EFI_IMAGE_EXECUTION_ACTION;\r | |
289 | \r | |
290 | #define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007\r | |
291 | #define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000\r | |
292 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001\r | |
293 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002\r | |
294 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003\r | |
295 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004\r | |
296 | #define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005\r | |
297 | #define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008\r | |
298 | \r | |
299 | //\r | |
300 | // EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table\r | |
301 | // and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID.\r | |
302 | //\r | |
303 | typedef struct {\r | |
304 | ///\r | |
305 | /// Describes the action taken by the firmware regarding this image.\r | |
306 | ///\r | |
307 | EFI_IMAGE_EXECUTION_ACTION Action;\r | |
308 | ///\r | |
309 | /// Size of all of the entire structure.\r | |
310 | ///\r | |
311 | UINT32 InfoSize;\r | |
312 | ///\r | |
313 | /// If this image was a UEFI device driver (for option ROM, for example) this is the\r | |
314 | /// null-terminated, user-friendly name for the device. If the image was for an application,\r | |
315 | /// then this is the name of the application. If this cannot be determined, then a simple\r | |
316 | /// NULL character should be put in this position.\r | |
317 | /// CHAR16 Name[];\r | |
318 | ///\r | |
319 | \r | |
320 | ///\r | |
321 | /// For device drivers, this is the device path of the device for which this device driver\r | |
322 | /// was intended. In some cases, the driver itself may be stored as part of the system\r | |
323 | /// firmware, but this field should record the device's path, not the firmware path. For\r | |
324 | /// applications, this is the device path of the application. If this cannot be determined,\r | |
325 | /// a simple end-of-path device node should be put in this position.\r | |
326 | /// EFI_DEVICE_PATH_PROTOCOL DevicePath;\r | |
327 | ///\r | |
328 | \r | |
329 | ///\r | |
330 | /// Zero or more image signatures. If the image contained no signatures,\r | |
331 | /// then this field is empty.\r | |
332 | /// EFI_SIGNATURE_LIST Signature;\r | |
333 | /// \r | |
334 | } EFI_IMAGE_EXECUTION_INFO;\r | |
335 | \r | |
336 | \r | |
337 | typedef struct {\r | |
338 | ///\r | |
339 | /// Number of EFI_IMAGE_EXECUTION_INFO structures.\r | |
340 | ///\r | |
341 | UINTN NumberOfImages;\r | |
342 | ///\r | |
343 | /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures.\r | |
344 | ///\r | |
345 | // EFI_IMAGE_EXECUTION_INFO InformationInfo[]\r | |
346 | } EFI_IMAGE_EXECUTION_INFO_TABLE;\r | |
347 | \r | |
348 | extern EFI_GUID gEfiImageSecurityDatabaseGuid;\r | |
349 | extern EFI_GUID gEfiCertSha256Guid;\r | |
350 | extern EFI_GUID gEfiCertRsa2048Guid;\r | |
351 | extern EFI_GUID gEfiCertRsa2048Sha256Guid;\r | |
352 | extern EFI_GUID gEfiCertSha1Guid;\r | |
353 | extern EFI_GUID gEfiCertRsa2048Sha1Guid;\r | |
354 | extern EFI_GUID gEfiCertX509Guid;\r | |
355 | extern EFI_GUID gEfiCertSha224Guid;\r | |
356 | extern EFI_GUID gEfiCertSha384Guid;\r | |
357 | extern EFI_GUID gEfiCertSha512Guid;\r | |
358 | extern EFI_GUID gEfiCertX509Sha256Guid;\r | |
359 | extern EFI_GUID gEfiCertX509Sha384Guid;\r | |
360 | extern EFI_GUID gEfiCertX509Sha512Guid;\r | |
361 | extern EFI_GUID gEfiCertPkcs7Guid;\r | |
362 | \r | |
363 | #endif\r |