[mirror_edk2.git] / MdePkg / Include / Uefi / UefiMultiPhase.h

/** @file\r
  This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.\r
\r
  Copyright (c) 2006 - 2008, Intel Corporation                                                         \r
  All rights reserved. This program and the accompanying materials                          \r
  are licensed and made available under the terms and conditions of the BSD License         \r
  which accompanies this distribution.  The full text of the license may be found at        \r
  http://opensource.org/licenses/bsd-license.php                                            \r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     \r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             \r
\r
**/\r
\r
#ifndef __UEFI_MULTIPHASE_H__\r
#define __UEFI_MULTIPHASE_H__\r
\r
#include <ProcessorBind.h>\r
\r
///\r
/// Enumeration of memory types introduced in UEFI.\r
/// \r
typedef enum {\r
  EfiReservedMemoryType,\r
  EfiLoaderCode,\r
  EfiLoaderData,\r
  EfiBootServicesCode,\r
  EfiBootServicesData,\r
  EfiRuntimeServicesCode,\r
  EfiRuntimeServicesData,\r
  EfiConventionalMemory,\r
  EfiUnusableMemory,\r
  EfiACPIReclaimMemory,\r
  EfiACPIMemoryNVS,\r
  EfiMemoryMappedIO,\r
  EfiMemoryMappedIOPortSpace,\r
  EfiPalCode,\r
  EfiMaxMemoryType\r
} EFI_MEMORY_TYPE;\r
\r
\r
///\r
/// Data structure that precedes all of the standard EFI table types.\r
/// \r
typedef struct {\r
  UINT64  Signature;\r
  UINT32  Revision;\r
  UINT32  HeaderSize;\r
  UINT32  CRC32;\r
  UINT32  Reserved;\r
} EFI_TABLE_HEADER;\r
\r
///\r
/// Attributes of variable.\r
/// \r
#define EFI_VARIABLE_NON_VOLATILE                 0x00000001\r
#define EFI_VARIABLE_BOOTSERVICE_ACCESS           0x00000002\r
#define EFI_VARIABLE_RUNTIME_ACCESS               0x00000004\r
#define EFI_VARIABLE_HARDWARE_ERROR_RECORD        0x00000008\r
\r
///\r
/// This attribute is identified by the mnemonic 'HR' \r
/// elsewhere in this specification.\r
/// \r
#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS   0x00000010\r
\r
//\r
// _WIN_CERTIFICATE.wCertificateType\r
// \r
#define WIN_CERT_TYPE_EFI_PKCS115   0x0EF0\r
#define WIN_CERT_TYPE_EFI_GUID      0x0EF1\r
\r
///\r
/// The WIN_CERTIFICATE structure is part of the PE/COFF specification.\r
///\r
typedef struct _WIN_CERTIFICATE {\r
  ///\r
  /// The length of the entire certificate,  \r
  /// including the length of the header, in bytes.                                \r
  ///\r
  UINT32  dwLength;\r
  ///\r
  /// The revision level of the WIN_CERTIFICATE \r
  /// structure. The current revision level is 0x0200.                                   \r
  ///\r
  UINT16  wRevision;\r
  ///\r
  /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI      \r
  /// certificate types. The UEFI specification reserves the range of \r
  /// certificate type values from 0x0EF0 to 0x0EFF.                          \r
  ///\r
  UINT16  wCertificateType;\r
  ///\r
  /// The following is the actual certificate. The format of   \r
  /// the certificate depends on wCertificateType.\r
  ///\r
  /// UINT8 bCertificate[ANYSIZE_ARRAY];\r
  ///\r
} WIN_CERTIFICATE;\r
\r
///\r
/// WIN_CERTIFICATE_UEFI_GUID.CertType\r
/// \r
#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \\r
  {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }\r
\r
//\r
// WIN_CERTIFICATE_UEFI_GUID.CertData\r
// \r
typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {\r
  UINT32  HashType;\r
  UINT8   PublicKey[256];\r
  UINT8   Signature[256];\r
} EFI_CERT_BLOCK_RSA_2048_SHA256;\r
\r
\r
///\r
/// Certificate which encapsulates a GUID-specific digital signature\r
///\r
typedef struct _WIN_CERTIFICATE_UEFI_GUID {\r
  ///\r
  /// This is the standard WIN_CERTIFICATE header, where\r
  /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID. \r
  ///                         \r
  WIN_CERTIFICATE   Hdr;\r
  ///\r
  /// This is the unique id which determines the \r
  /// format of the CertData. In this case, the  \r
  /// value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.\r
  ///\r
  EFI_GUID          CertType;\r
  /// \r
  /// The following is the certificate data. The format of\r
  /// the data is determined by the CertType. In this case the value is                     \r
  /// EFI_CERT_BLOCK_RSA_2048_SHA256.            \r
  ///\r
  /// UINT8            CertData[ANYSIZE_ARRAY];\r
  ///\r
} WIN_CERTIFICATE_UEFI_GUID;\r
\r
\r
///   \r
/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.\r
///  \r
/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from\r
/// WIN_CERTIFICATE and encapsulate the information needed to  \r
/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as  \r
/// specified in RFC2437.  \r
///  \r
typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 {     \r
  ///\r
  /// This is the standard WIN_CERTIFICATE header, where \r
  /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.                       \r
  ///\r
  WIN_CERTIFICATE Hdr;\r
  ///\r
  /// This is the hashing algorithm which was performed on the\r
  /// UEFI executable when creating the digital signature. \r
  ///\r
  EFI_GUID        HashAlgorithm;\r
  ///\r
  /// The following is the actual digital signature. The   \r
  /// size of the signature is the same size as the key \r
  /// (1024-bit key is 128 bytes) and can be determined by \r
  /// subtracting the length of the other parts of this header\r
  /// from the total length of the certificate as found in \r
  /// Hdr.dwLength.                               \r
  ///\r
  /// UINT8 Signature[ANYSIZE_ARRAY];\r
  ///\r
} WIN_CERTIFICATE_EFI_PKCS1_15;\r
\r
\r
\r
///   \r
/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType\r
/// WIN_CERTIFICATE_UEFI_GUID and the CertType\r
/// EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies\r
/// authenticated access, then the Data buffer should begin with an\r
/// authentication descriptor prior to the data payload and DataSize\r
/// should reflect the the data.and descriptor size. The caller\r
/// shall digest the Monotonic Count value and the associated data\r
/// for the variable update using the SHA-256 1-way hash algorithm.\r
/// The ensuing the 32-byte digest will be signed using the private\r
/// key associated w/ the public/private 2048-bit RSA key-pair. The\r
/// WIN_CERTIFICATE shall be used to describe the signature of the\r
/// Variable data *Data. In addition, the signature will also\r
/// include the MonotonicCount value to guard against replay attacks\r
///  \r
typedef struct {\r
  ///\r
  /// Included in the signature of        \r
  /// AuthInfo.Used to ensure freshness/no\r
  /// replay. Incremented during each     \r
  /// "Write" access.   \r
  ///                  \r
  UINT64                      MonotonicCount;\r
  ///\r
  /// Provides the authorization for the variable \r
  /// access. It is a signature across the        \r
  /// variable data and the  Monotonic Count      \r
  /// value. Caller uses Private key that is      \r
  /// associated with a public key that has been  \r
  /// provisioned via the key exchange.           \r
  ///\r
  WIN_CERTIFICATE_UEFI_GUID   AuthInfo;\r
} EFI_VARIABLE_AUTHENTICATION;\r
\r
#endif\r
\r
Commit	Line	Data
	1	/** @file\r
	2	This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.\r
	3	\r
	4	Copyright (c) 2006 - 2008, Intel Corporation \r
	5	All rights reserved. This program and the accompanying materials \r
	6	are licensed and made available under the terms and conditions of the BSD License \r
	7	which accompanies this distribution. The full text of the license may be found at \r
	8	http://opensource.org/licenses/bsd-license.php \r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
	12	\r
	13	**/\r
	14	\r
	15	#ifndef __UEFI_MULTIPHASE_H__\r
	16	#define __UEFI_MULTIPHASE_H__\r
	17	\r
	18	#include <ProcessorBind.h>\r
	19	\r
	20	///\r
	21	/// Enumeration of memory types introduced in UEFI.\r
	22	/// \r
	23	typedef enum {\r
	24	EfiReservedMemoryType,\r
	25	EfiLoaderCode,\r
	26	EfiLoaderData,\r
	27	EfiBootServicesCode,\r
	28	EfiBootServicesData,\r
	29	EfiRuntimeServicesCode,\r
	30	EfiRuntimeServicesData,\r
	31	EfiConventionalMemory,\r
	32	EfiUnusableMemory,\r
	33	EfiACPIReclaimMemory,\r
	34	EfiACPIMemoryNVS,\r
	35	EfiMemoryMappedIO,\r
	36	EfiMemoryMappedIOPortSpace,\r
	37	EfiPalCode,\r
	38	EfiMaxMemoryType\r
	39	} EFI_MEMORY_TYPE;\r
	40	\r
	41	\r
	42	///\r
	43	/// Data structure that precedes all of the standard EFI table types.\r
	44	/// \r
	45	typedef struct {\r
	46	UINT64 Signature;\r
	47	UINT32 Revision;\r
	48	UINT32 HeaderSize;\r
	49	UINT32 CRC32;\r
	50	UINT32 Reserved;\r
	51	} EFI_TABLE_HEADER;\r
	52	\r
	53	///\r
	54	/// Attributes of variable.\r
	55	/// \r
	56	#define EFI_VARIABLE_NON_VOLATILE 0x00000001\r
	57	#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002\r
	58	#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004\r
	59	#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008\r
	60	\r
	61	///\r
	62	/// This attribute is identified by the mnemonic 'HR' \r
	63	/// elsewhere in this specification.\r
	64	/// \r
	65	#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010\r
	66	\r
	67	//\r
	68	// _WIN_CERTIFICATE.wCertificateType\r
	69	// \r
	70	#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0\r
	71	#define WIN_CERT_TYPE_EFI_GUID 0x0EF1\r
	72	\r
	73	///\r
	74	/// The WIN_CERTIFICATE structure is part of the PE/COFF specification.\r
	75	///\r
	76	typedef struct _WIN_CERTIFICATE {\r
	77	///\r
	78	/// The length of the entire certificate, \r
	79	/// including the length of the header, in bytes. \r
	80	///\r
	81	UINT32 dwLength;\r
	82	///\r
	83	/// The revision level of the WIN_CERTIFICATE \r
	84	/// structure. The current revision level is 0x0200. \r
	85	///\r
	86	UINT16 wRevision;\r
	87	///\r
	88	/// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI \r
	89	/// certificate types. The UEFI specification reserves the range of \r
	90	/// certificate type values from 0x0EF0 to 0x0EFF. \r
	91	///\r
	92	UINT16 wCertificateType;\r
	93	///\r
	94	/// The following is the actual certificate. The format of \r
	95	/// the certificate depends on wCertificateType.\r
	96	///\r
	97	/// UINT8 bCertificate[ANYSIZE_ARRAY];\r
	98	///\r
	99	} WIN_CERTIFICATE;\r
	100	\r
	101	///\r
	102	/// WIN_CERTIFICATE_UEFI_GUID.CertType\r
	103	/// \r
	104	#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \\r
	105	{0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }\r
	106	\r
	107	//\r
	108	// WIN_CERTIFICATE_UEFI_GUID.CertData\r
	109	// \r
	110	typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {\r
	111	UINT32 HashType;\r
	112	UINT8 PublicKey[256];\r
	113	UINT8 Signature[256];\r
	114	} EFI_CERT_BLOCK_RSA_2048_SHA256;\r
	115	\r
	116	\r
	117	///\r
	118	/// Certificate which encapsulates a GUID-specific digital signature\r
	119	///\r
	120	typedef struct _WIN_CERTIFICATE_UEFI_GUID {\r
	121	///\r
	122	/// This is the standard WIN_CERTIFICATE header, where\r
	123	/// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID. \r
	124	/// \r
	125	WIN_CERTIFICATE Hdr;\r
	126	///\r
	127	/// This is the unique id which determines the \r
	128	/// format of the CertData. In this case, the \r
	129	/// value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.\r
	130	///\r
	131	EFI_GUID CertType;\r
	132	/// \r
	133	/// The following is the certificate data. The format of\r
	134	/// the data is determined by the CertType. In this case the value is \r
	135	/// EFI_CERT_BLOCK_RSA_2048_SHA256. \r
	136	///\r
	137	/// UINT8 CertData[ANYSIZE_ARRAY];\r
	138	///\r
	139	} WIN_CERTIFICATE_UEFI_GUID;\r
	140	\r
	141	\r
	142	/// \r
	143	/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.\r
	144	/// \r
	145	/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from\r
	146	/// WIN_CERTIFICATE and encapsulate the information needed to \r
	147	/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as \r
	148	/// specified in RFC2437. \r
	149	/// \r
	150	typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 { \r
	151	///\r
	152	/// This is the standard WIN_CERTIFICATE header, where \r
	153	/// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. \r
	154	///\r
	155	WIN_CERTIFICATE Hdr;\r
	156	///\r
	157	/// This is the hashing algorithm which was performed on the\r
	158	/// UEFI executable when creating the digital signature. \r
	159	///\r
	160	EFI_GUID HashAlgorithm;\r
	161	///\r
	162	/// The following is the actual digital signature. The \r
	163	/// size of the signature is the same size as the key \r
	164	/// (1024-bit key is 128 bytes) and can be determined by \r
	165	/// subtracting the length of the other parts of this header\r
	166	/// from the total length of the certificate as found in \r
	167	/// Hdr.dwLength. \r
	168	///\r
	169	/// UINT8 Signature[ANYSIZE_ARRAY];\r
	170	///\r
	171	} WIN_CERTIFICATE_EFI_PKCS1_15;\r
	172	\r
	173	\r
	174	\r
	175	/// \r
	176	/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType\r
	177	/// WIN_CERTIFICATE_UEFI_GUID and the CertType\r
	178	/// EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies\r
	179	/// authenticated access, then the Data buffer should begin with an\r
	180	/// authentication descriptor prior to the data payload and DataSize\r
	181	/// should reflect the the data.and descriptor size. The caller\r
	182	/// shall digest the Monotonic Count value and the associated data\r
	183	/// for the variable update using the SHA-256 1-way hash algorithm.\r
	184	/// The ensuing the 32-byte digest will be signed using the private\r
	185	/// key associated w/ the public/private 2048-bit RSA key-pair. The\r
	186	/// WIN_CERTIFICATE shall be used to describe the signature of the\r
	187	/// Variable data *Data. In addition, the signature will also\r
	188	/// include the MonotonicCount value to guard against replay attacks\r
	189	/// \r
	190	typedef struct {\r
	191	///\r
	192	/// Included in the signature of \r
	193	/// AuthInfo.Used to ensure freshness/no\r
	194	/// replay. Incremented during each \r
	195	/// "Write" access. \r
	196	/// \r
	197	UINT64 MonotonicCount;\r
	198	///\r
	199	/// Provides the authorization for the variable \r
	200	/// access. It is a signature across the \r
	201	/// variable data and the Monotonic Count \r
	202	/// value. Caller uses Private key that is \r
	203	/// associated with a public key that has been \r
	204	/// provisioned via the key exchange. \r
	205	///\r
	206	WIN_CERTIFICATE_UEFI_GUID AuthInfo;\r
	207	} EFI_VARIABLE_AUTHENTICATION;\r
	208	\r
	209	#endif\r
	210	\r