2 This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.
4 Copyright (c) 2006 - 2008, Intel Corporation
5 All rights reserved. This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #ifndef __UEFI_MULTIPHASE_H__
16 #define __UEFI_MULTIPHASE_H__
18 #include <ProcessorBind.h>
21 /// Enumeration of memory types introduced in UEFI.
24 EfiReservedMemoryType
,
29 EfiRuntimeServicesCode
,
30 EfiRuntimeServicesData
,
31 EfiConventionalMemory
,
36 EfiMemoryMappedIOPortSpace
,
43 /// Data structure that precedes all of the standard EFI table types.
54 /// Attributes of variable.
56 #define EFI_VARIABLE_NON_VOLATILE 0x00000001
57 #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002
58 #define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004
59 #define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008
62 /// This attribute is identified by the mnemonic 'HR'
63 /// elsewhere in this specification.
65 #define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010
68 // _WIN_CERTIFICATE.wCertificateType
70 #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0
71 #define WIN_CERT_TYPE_EFI_GUID 0x0EF1
74 /// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
76 typedef struct _WIN_CERTIFICATE
{
78 /// The length of the entire certificate,
79 /// including the length of the header, in bytes.
83 /// The revision level of the WIN_CERTIFICATE
84 /// structure. The current revision level is 0x0200.
88 /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
89 /// certificate types. The UEFI specification reserves the range of
90 /// certificate type values from 0x0EF0 to 0x0EFF.
92 UINT16 wCertificateType
;
94 /// The following is the actual certificate. The format of
95 /// the certificate depends on wCertificateType.
97 /// UINT8 bCertificate[ANYSIZE_ARRAY];
102 /// WIN_CERTIFICATE_UEFI_GUID.CertType
104 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
105 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
108 // WIN_CERTIFICATE_UEFI_GUID.CertData
110 typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256
{
112 UINT8 PublicKey
[256];
113 UINT8 Signature
[256];
114 } EFI_CERT_BLOCK_RSA_2048_SHA256
;
118 /// Certificate which encapsulates a GUID-specific digital signature
120 typedef struct _WIN_CERTIFICATE_UEFI_GUID
{
122 /// This is the standard WIN_CERTIFICATE header, where
123 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID.
127 /// This is the unique id which determines the
128 /// format of the CertData. In this case, the
129 /// value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.
133 /// The following is the certificate data. The format of
134 /// the data is determined by the CertType. In this case the value is
135 /// EFI_CERT_BLOCK_RSA_2048_SHA256.
137 /// UINT8 CertData[ANYSIZE_ARRAY];
139 } WIN_CERTIFICATE_UEFI_GUID
;
143 /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.
145 /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
146 /// WIN_CERTIFICATE and encapsulate the information needed to
147 /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
148 /// specified in RFC2437.
150 typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15
{
152 /// This is the standard WIN_CERTIFICATE header, where
153 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.
157 /// This is the hashing algorithm which was performed on the
158 /// UEFI executable when creating the digital signature.
160 EFI_GUID HashAlgorithm
;
162 /// The following is the actual digital signature. The
163 /// size of the signature is the same size as the key
164 /// (1024-bit key is 128 bytes) and can be determined by
165 /// subtracting the length of the other parts of this header
166 /// from the total length of the certificate as found in
169 /// UINT8 Signature[ANYSIZE_ARRAY];
171 } WIN_CERTIFICATE_EFI_PKCS1_15
;
176 /// AuthInfo is a WIN_CERTIFICATE using the wCertificateType
177 /// WIN_CERTIFICATE_UEFI_GUID and the CertType
178 /// EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies
179 /// authenticated access, then the Data buffer should begin with an
180 /// authentication descriptor prior to the data payload and DataSize
181 /// should reflect the the data.and descriptor size. The caller
182 /// shall digest the Monotonic Count value and the associated data
183 /// for the variable update using the SHA-256 1-way hash algorithm.
184 /// The ensuing the 32-byte digest will be signed using the private
185 /// key associated w/ the public/private 2048-bit RSA key-pair. The
186 /// WIN_CERTIFICATE shall be used to describe the signature of the
187 /// Variable data *Data. In addition, the signature will also
188 /// include the MonotonicCount value to guard against replay attacks
192 /// Included in the signature of
193 /// AuthInfo.Used to ensure freshness/no
194 /// replay. Incremented during each
197 UINT64 MonotonicCount
;
199 /// Provides the authorization for the variable
200 /// access. It is a signature across the
201 /// variable data and the Monotonic Count
202 /// value. Caller uses Private key that is
203 /// associated with a public key that has been
204 /// provisioned via the key exchange.
206 WIN_CERTIFICATE_UEFI_GUID AuthInfo
;
207 } EFI_VARIABLE_AUTHENTICATION
;