2 GUID for UEFI WIN_CERTIFICATE structure.
4 Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
7 @par Revision Reference:
8 GUID defined in UEFI 2.0 spec.
11 #ifndef __EFI_WIN_CERTIFICATE_H__
12 #define __EFI_WIN_CERTIFICATE_H__
15 // _WIN_CERTIFICATE.wCertificateType
17 #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002
18 #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0
19 #define WIN_CERT_TYPE_EFI_GUID 0x0EF1
22 /// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
26 /// The length of the entire certificate,
27 /// including the length of the header, in bytes.
31 /// The revision level of the WIN_CERTIFICATE
32 /// structure. The current revision level is 0x0200.
36 /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
37 /// certificate types. The UEFI specification reserves the range of
38 /// certificate type values from 0x0EF0 to 0x0EFF.
40 UINT16 wCertificateType
;
42 /// The following is the actual certificate. The format of
43 /// the certificate depends on wCertificateType.
45 /// UINT8 bCertificate[ANYSIZE_ARRAY];
50 /// WIN_CERTIFICATE_UEFI_GUID.CertType
52 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
53 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
56 /// WIN_CERTIFICATE_UEFI_GUID.CertData
62 } EFI_CERT_BLOCK_RSA_2048_SHA256
;
66 /// Certificate which encapsulates a GUID-specific digital signature
70 /// This is the standard WIN_CERTIFICATE header, where
71 /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID.
75 /// This is the unique id which determines the
76 /// format of the CertData. .
80 /// The following is the certificate data. The format of
81 /// the data is determined by the CertType.
82 /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID,
83 /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure.
86 } WIN_CERTIFICATE_UEFI_GUID
;
90 /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.
92 /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
93 /// WIN_CERTIFICATE and encapsulate the information needed to
94 /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
95 /// specified in RFC2437.
99 /// This is the standard WIN_CERTIFICATE header, where
100 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.
104 /// This is the hashing algorithm which was performed on the
105 /// UEFI executable when creating the digital signature.
107 EFI_GUID HashAlgorithm
;
109 /// The following is the actual digital signature. The
110 /// size of the signature is the same size as the key
111 /// (1024-bit key is 128 bytes) and can be determined by
112 /// subtracting the length of the other parts of this header
113 /// from the total length of the certificate as found in
116 /// UINT8 Signature[];
118 } WIN_CERTIFICATE_EFI_PKCS1_15
;
120 extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid
;