2 This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.
4 Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials are licensed and made available
7 under the terms and conditions of the BSD License which accompanies this
8 distribution. The full text of the license may be found at:
9 http://opensource.org/licenses/bsd-license.php
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
14 File Name: UefiMultiPhase.h
18 #ifndef __UEFI_MULTIPHASE_H__
19 #define __UEFI_MULTIPHASE_H__
22 // Enumeration of memory types introduced in UEFI.
25 EfiReservedMemoryType
,
30 EfiRuntimeServicesCode
,
31 EfiRuntimeServicesData
,
32 EfiConventionalMemory
,
37 EfiMemoryMappedIOPortSpace
,
44 // Data structure that precedes all of the standard EFI table types.
55 // Attributes of variable.
57 #define EFI_VARIABLE_NON_VOLATILE 0x00000001
58 #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002
59 #define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004
60 #define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008
63 // This attribute is identified by the mnemonic 'HR'
64 // elsewhere in this specification.
66 #define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010
71 // _WIN_CERTIFICATE.wCertificateType
73 #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0
74 #define WIN_CERT_TYPE_EFI_GUID 0x0EF1
78 The WIN_CERTIFICATE structure is part of the PE/COFF
79 specification and has the following definition:
81 @param dwLength The length of the entire certificate,
82 including the length of the header, in
85 @param wRevision The revision level of the WIN_CERTIFICATE
86 structure. The current revision level is
89 @param wCertificateType The certificate type. See
90 WIN_CERT_TYPE_xxx for the UEFI
91 certificate types. The UEFI
92 specification reserves the range of
93 certificate type values from 0x0EF0
96 @param bCertificate The actual certificate. The format of
97 the certificate depends on
98 wCertificateType. The format of the UEFI
99 certificates is defined below.
103 typedef struct _WIN_CERTIFICATE
{
106 UINT16 wCertificateType
;
107 //UINT8 bCertificate[ANYSIZE_ARRAY];
111 // WIN_CERTIFICATE_UEFI_GUID.CertType
113 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
114 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
117 // WIN_CERTIFICATE_UEFI_GUID.CertData
119 typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256
{
121 UINT8 PublicKey
[256];
122 UINT8 Signature
[256];
123 } EFI_CERT_BLOCK_RSA_2048_SHA256
;
128 @param Hdr This is the standard WIN_CERTIFICATE header, where
129 wCertificateType is set to
130 WIN_CERT_TYPE_EFI_GUID.
132 @param CertType This is the unique id which determines the
133 format of the CertData. In this case, the
134 value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.
136 @param CertData This is the certificate data. The format of
137 the data is determined by the CertType. In
138 this case the value is
139 EFI_CERT_BLOCK_RSA_2048_SHA256.
141 @param Information The WIN_CERTIFICATE_UEFI_GUID certificate
142 type allows new types of certificates to
143 be developed for driver authentication
144 without requiring a new certificate type.
145 The CertType defines the format of the
146 CertData, which length is defined by the
147 size of the certificate less the fixed
148 size of the WIN_CERTIFICATE_UEFI_GUID
152 typedef struct _WIN_CERTIFICATE_UEFI_GUID
{
155 // UINT8 CertData[ANYSIZE_ARRAY];
156 } WIN_CERTIFICATE_UEFI_GUID
;
161 Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital
164 The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
165 WIN_CERTIFICATE and encapsulate the information needed to
166 implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
167 specified in RFC2437.
169 @param Hdr This is the standard WIN_CERTIFICATE header, where
170 wCertificateType is set to
171 WIN_CERT_TYPE_UEFI_PKCS1_15.
173 @param HashAlgorithm This is the hashing algorithm which was
174 performed on the UEFI executable when
175 creating the digital signature. It is
176 one of the enumerated values pre-defined
177 in Section 26.4.1. See
178 EFI_HASH_ALGORITHM_x.
180 @param Signature This is the actual digital signature. The
181 size of the signature is the same size as
182 the key (1024-bit key is 128 bytes) and can
183 be determined by subtracting the length of
184 the other parts of this header from the
185 total length of the certificate as found in
189 typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15
{
191 EFI_GUID HashAlgorithm
;
192 // UINT8 Signature[ANYSIZE_ARRAY];
193 } WIN_CERTIFICATE_EFI_PKCS1_15
;
198 AuthInfo is a WIN_CERTIFICATE using the wCertificateType
199 WIN_CERTIFICATE_UEFI_GUID and the CertType
200 EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies
201 authenticated access, then the Data buffer should begin with an
202 authentication descriptor prior to the data payload and DataSize
203 should reflect the the data.and descriptor size. The caller
204 shall digest the Monotonic Count value and the associated data
205 for the variable update using the SHA-256 1-way hash algorithm.
206 The ensuing the 32-byte digest will be signed using the private
207 key associated w/ the public/private 2048-bit RSA key-pair. The
208 WIN_CERTIFICATE shall be used to describe the signature of the
209 Variable data *Data. In addition, the signature will also
210 include the MonotonicCount value to guard against replay attacks
212 @param MonotonicCount Included in the signature of
213 AuthInfo.Used to ensure freshness/no
214 replay. Incremented during each
217 @param AuthInfo Provides the authorization for the variable
218 access. It is a signature across the
219 variable data and the Monotonic Count
220 value. Caller uses Private key that is
221 associated with a public key that has been
222 provisioned via the key exchange.
226 UINT64 MonotonicCount
;
227 WIN_CERTIFICATE_UEFI_GUID AuthInfo
;
228 } EFI_VARIABLE_AUTHENTICATION
;