2 This includes some definitions introduced in UEFI that will be used in both PEI
5 (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
6 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
8 SPDX-License-Identifier: BSD-2-Clause-Patent
12 #ifndef __UEFI_MULTIPHASE_H__
13 #define __UEFI_MULTIPHASE_H__
16 // Enumeration of memory types introduced in UEFI.
19 EfiReservedMemoryType
,
24 EfiRuntimeServicesCode
,
25 EfiRuntimeServicesData
,
26 EfiConventionalMemory
,
31 EfiMemoryMappedIOPortSpace
,
39 // Data structure that precedes all of the standard EFI table types.
50 // Attributes of variable.
52 #define EFI_VARIABLE_NON_VOLATILE 0x00000001
53 #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002
54 #define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004
55 #define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008
58 // This attribute is identified by the mnemonic 'HR'
59 // elsewhere in this specification.
61 #define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010
66 // _WIN_CERTIFICATE.wCertificateType
68 #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0
69 #define WIN_CERT_TYPE_EFI_GUID 0x0EF1
73 The WIN_CERTIFICATE structure is part of the PE/COFF
74 specification and has the following definition:
76 @param dwLength The length of the entire certificate,
77 including the length of the header, in
80 @param wRevision The revision level of the WIN_CERTIFICATE
81 structure. The current revision level is
84 @param wCertificateType The certificate type. See
85 WIN_CERT_TYPE_xxx for the UEFI
86 certificate types. The UEFI
87 specification reserves the range of
88 certificate type values from 0x0EF0
91 @param bCertificate The actual certificate. The format of
92 the certificate depends on
93 wCertificateType. The format of the UEFI
94 certificates is defined below.
98 typedef struct _WIN_CERTIFICATE
{
101 UINT16 wCertificateType
;
102 //UINT8 bCertificate[ANYSIZE_ARRAY];
106 // WIN_CERTIFICATE_UEFI_GUID.CertType
108 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
109 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
112 // WIN_CERTIFICATE_UEFI_GUID.CertData
114 typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256
{
116 UINT8 PublicKey
[256];
117 UINT8 Signature
[256];
118 } EFI_CERT_BLOCK_RSA_2048_SHA256
;
123 @param Hdr This is the standard WIN_CERTIFICATE header, where
124 wCertificateType is set to
125 WIN_CERT_TYPE_EFI_GUID.
127 @param CertType This is the unique id which determines the
128 format of the CertData. In this case, the
129 value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.
131 @param CertData This is the certificate data. The format of
132 the data is determined by the CertType. In
133 this case the value is
134 EFI_CERT_BLOCK_RSA_2048_SHA256.
136 @param Information The WIN_CERTIFICATE_UEFI_GUID certificate
137 type allows new types of certificates to
138 be developed for driver authentication
139 without requiring a new certificate type.
140 The CertType defines the format of the
141 CertData, which length is defined by the
142 size of the certificate less the fixed
143 size of the WIN_CERTIFICATE_UEFI_GUID
147 typedef struct _WIN_CERTIFICATE_UEFI_GUID
{
151 } WIN_CERTIFICATE_UEFI_GUID
;
156 Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital
159 The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
160 WIN_CERTIFICATE and encapsulate the information needed to
161 implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
162 specified in RFC2437.
164 @param Hdr This is the standard WIN_CERTIFICATE header, where
165 wCertificateType is set to
166 WIN_CERT_TYPE_UEFI_PKCS1_15.
168 @param HashAlgorithm This is the hashing algorithm which was
169 performed on the UEFI executable when
170 creating the digital signature. It is
171 one of the enumerated values pre-defined
172 in Section 26.4.1. See
173 EFI_HASH_ALGORITHM_x.
175 @param Signature This is the actual digital signature. The
176 size of the signature is the same size as
177 the key (1024-bit key is 128 bytes) and can
178 be determined by subtracting the length of
179 the other parts of this header from the
180 total length of the certificate as found in
184 typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15
{
186 EFI_GUID HashAlgorithm
;
187 // UINT8 Signature[ANYSIZE_ARRAY];
188 } WIN_CERTIFICATE_EFI_PKCS1_15
;
193 AuthInfo is a WIN_CERTIFICATE using the wCertificateType
194 WIN_CERTIFICATE_UEFI_GUID and the CertType
195 EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies
196 authenticated access, then the Data buffer should begin with an
197 authentication descriptor prior to the data payload and DataSize
198 should reflect the data.and descriptor size. The caller
199 shall digest the Monotonic Count value and the associated data
200 for the variable update using the SHA-256 1-way hash algorithm.
201 The ensuing the 32-byte digest will be signed using the private
202 key associated w/ the public/private 2048-bit RSA key-pair. The
203 WIN_CERTIFICATE shall be used to describe the signature of the
204 Variable data *Data. In addition, the signature will also
205 include the MonotonicCount value to guard against replay attacks
207 @param MonotonicCount Included in the signature of
208 AuthInfo.Used to ensure freshness/no
209 replay. Incremented during each
212 @param AuthInfo Provides the authorization for the variable
213 access. It is a signature across the
214 variable data and the Monotonic Count
215 value. Caller uses Private key that is
216 associated with a public key that has been
217 provisioned via the key exchange.
221 UINT64 MonotonicCount
;
222 WIN_CERTIFICATE_UEFI_GUID AuthInfo
;
223 } EFI_VARIABLE_AUTHENTICATION
;