MdePkg/Include/Guid/WinCertificate.h

   1 /** @file
   2   GUID for UEFI WIN_CERTIFICATE structure.
   3
   4   Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
   5   SPDX-License-Identifier: BSD-2-Clause-Patent
   6
   7   @par Revision Reference:
   8   GUID defined in UEFI 2.0 spec.
   9 **/
  10
  11 #ifndef __EFI_WIN_CERTIFICATE_H__
  12 #define __EFI_WIN_CERTIFICATE_H__
  13
  14 //
  15 // _WIN_CERTIFICATE.wCertificateType
  16 //
  17 #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002
  18 #define WIN_CERT_TYPE_EFI_PKCS115      0x0EF0
  19 #define WIN_CERT_TYPE_EFI_GUID         0x0EF1
  20
  21 ///
  22 /// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
  23 ///
  24 typedef struct {
  25   ///
  26   /// The length of the entire certificate,
  27   /// including the length of the header, in bytes.
  28   ///
  29   UINT32  dwLength;
  30   ///
  31   /// The revision level of the WIN_CERTIFICATE
  32   /// structure. The current revision level is 0x0200.
  33   ///
  34   UINT16  wRevision;
  35   ///
  36   /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
  37   /// certificate types. The UEFI specification reserves the range of
  38   /// certificate type values from 0x0EF0 to 0x0EFF.
  39   ///
  40   UINT16  wCertificateType;
  41   ///
  42   /// The following is the actual certificate. The format of
  43   /// the certificate depends on wCertificateType.
  44   ///
  45   /// UINT8 bCertificate[ANYSIZE_ARRAY];
  46   ///
  47 } WIN_CERTIFICATE;
  48
  49 ///
  50 /// WIN_CERTIFICATE_UEFI_GUID.CertType
  51 ///
  52 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
  53   {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
  54
  55 ///
  56 /// WIN_CERTIFICATE_UEFI_GUID.CertData
  57 ///
  58 typedef struct {
  59   EFI_GUID  HashType;
  60   UINT8     PublicKey[256];
  61   UINT8     Signature[256];
  62 } EFI_CERT_BLOCK_RSA_2048_SHA256;
  63
  64
  65 ///
  66 /// Certificate which encapsulates a GUID-specific digital signature
  67 ///
  68 typedef struct {
  69   ///
  70   /// This is the standard WIN_CERTIFICATE header, where
  71   /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID.
  72   ///
  73   WIN_CERTIFICATE   Hdr;
  74   ///
  75   /// This is the unique id which determines the
  76   /// format of the CertData. .
  77   ///
  78   EFI_GUID          CertType;
  79   ///
  80   /// The following is the certificate data. The format of
  81   /// the data is determined by the CertType.
  82   /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID,
  83   /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure.
  84   ///
  85   UINT8            CertData[1];
  86 } WIN_CERTIFICATE_UEFI_GUID;
  87
  88
  89 ///
  90 /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.
  91 ///
  92 /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
  93 /// WIN_CERTIFICATE and encapsulate the information needed to
  94 /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
  95 /// specified in RFC2437.
  96 ///
  97 typedef struct {
  98   ///
  99   /// This is the standard WIN_CERTIFICATE header, where
 100   /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.
 101   ///
 102   WIN_CERTIFICATE Hdr;
 103   ///
 104   /// This is the hashing algorithm which was performed on the
 105   /// UEFI executable when creating the digital signature.
 106   ///
 107   EFI_GUID        HashAlgorithm;
 108   ///
 109   /// The following is the actual digital signature. The
 110   /// size of the signature is the same size as the key
 111   /// (1024-bit key is 128 bytes) and can be determined by
 112   /// subtracting the length of the other parts of this header
 113   /// from the total length of the certificate as found in
 114   /// Hdr.dwLength.
 115   ///
 116   /// UINT8 Signature[];
 117   ///
 118 } WIN_CERTIFICATE_EFI_PKCS1_15;
 119
 120 extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid;
 121
 122 #endif