OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h

   1 /** @file
   2   Type definitions and object declarations for the EnrollDefaultKeys
   3   application.
   4
   5   Copyright (C) 2014-2019, Red Hat, Inc.
   6
   7   SPDX-License-Identifier: BSD-2-Clause-Patent
   8 **/
   9
  10 #ifndef ENROLL_DEFAULT_KEYS_H_
  11 #define ENROLL_DEFAULT_KEYS_H_
  12
  13 #include <Uefi/UefiBaseType.h>
  14
  15 //
  16 // Convenience structure types for constructing "signature lists" for
  17 // authenticated UEFI variables.
  18 //
  19 // The most important thing about the variable payload is that it is a list of
  20 // lists, where the element size of any given *inner* list is constant.
  21 //
  22 // Since X509 certificates vary in size, each of our *inner* lists will contain
  23 // one element only (one X.509 certificate). This is explicitly mentioned in
  24 // the UEFI specification, in "28.4.1 Signature Database", in a Note.
  25 //
  26 // The list structure looks as follows:
  27 //
  28 // struct EFI_VARIABLE_AUTHENTICATION_2 {                           |
  29 //   struct EFI_TIME {                                              |
  30 //     UINT16 Year;                                                 |
  31 //     UINT8  Month;                                                |
  32 //     UINT8  Day;                                                  |
  33 //     UINT8  Hour;                                                 |
  34 //     UINT8  Minute;                                               |
  35 //     UINT8  Second;                                               |
  36 //     UINT8  Pad1;                                                 |
  37 //     UINT32 Nanosecond;                                           |
  38 //     INT16  TimeZone;                                             |
  39 //     UINT8  Daylight;                                             |
  40 //     UINT8  Pad2;                                                 |
  41 //   } TimeStamp;                                                   |
  42 //                                                                  |
  43 //   struct WIN_CERTIFICATE_UEFI_GUID {                           | |
  44 //     struct WIN_CERTIFICATE {                                   | |
  45 //       UINT32 dwLength; ----------------------------------------+ |
  46 //       UINT16 wRevision;                                        | |
  47 //       UINT16 wCertificateType;                                 | |
  48 //     } Hdr;                                                     | +- DataSize
  49 //                                                                | |
  50 //     EFI_GUID CertType;                                         | |
  51 //     UINT8    CertData[1] = { <--- "struct hack"                | |
  52 //       struct EFI_SIGNATURE_LIST {                            | | |
  53 //         EFI_GUID SignatureType;                              | | |
  54 //         UINT32   SignatureListSize; -------------------------+ | |
  55 //         UINT32   SignatureHeaderSize;                        | | |
  56 //         UINT32   SignatureSize; ---------------------------+ | | |
  57 //         UINT8    SignatureHeader[SignatureHeaderSize];     | | | |
  58 //                                                            v | | |
  59 //         struct EFI_SIGNATURE_DATA {                        | | | |
  60 //           EFI_GUID SignatureOwner;                         | | | |
  61 //           UINT8    SignatureData[1] = { <--- "struct hack" | | | |
  62 //             X.509 payload                                  | | | |
  63 //           }                                                | | | |
  64 //         } Signatures[];                                      | | |
  65 //       } SigLists[];                                            | |
  66 //     };                                                         | |
  67 //   } AuthInfo;                                                  | |
  68 // };                                                               |
  69 //
  70 // Given that the "struct hack" invokes undefined behavior (which is why C99
  71 // introduced the flexible array member), and because subtracting those pesky
  72 // sizes of 1 is annoying, and because the format is fully specified in the
  73 // UEFI specification, we'll introduce two matching convenience structures that
  74 // are customized for our X.509 purposes.
  75 //
  76 #pragma pack (1)
  77 typedef struct {
  78   EFI_TIME TimeStamp;
  79
  80   //
  81   // dwLength covers data below
  82   //
  83   UINT32   dwLength;
  84   UINT16   wRevision;
  85   UINT16   wCertificateType;
  86   EFI_GUID CertType;
  87 } SINGLE_HEADER;
  88
  89 typedef struct {
  90   //
  91   // SignatureListSize covers data below
  92   //
  93   EFI_GUID SignatureType;
  94   UINT32   SignatureListSize;
  95   UINT32   SignatureHeaderSize; // constant 0
  96   UINT32   SignatureSize;
  97
  98   //
  99   // SignatureSize covers data below
 100   //
 101   EFI_GUID SignatureOwner;
 102
 103   //
 104   // X.509 certificate follows
 105   //
 106 } REPEATING_HEADER;
 107 #pragma pack ()
 108
 109
 110 //
 111 // A structure that collects the values of UEFI variables related to Secure
 112 // Boot.
 113 //
 114 typedef struct {
 115   UINT8 SetupMode;
 116   UINT8 SecureBoot;
 117   UINT8 SecureBootEnable;
 118   UINT8 CustomMode;
 119   UINT8 VendorKeys;
 120 } SETTINGS;
 121
 122
 123 //
 124 // Refer to "AuthData.c" for details on the following objects.
 125 //
 126 extern CONST UINT8 mRedHatPkKek1[];
 127 extern CONST UINTN mSizeOfRedHatPkKek1;
 128
 129 extern CONST UINT8 mMicrosoftKek[];
 130 extern CONST UINTN mSizeOfMicrosoftKek;
 131
 132 extern CONST UINT8 mMicrosoftPca[];
 133 extern CONST UINTN mSizeOfMicrosoftPca;
 134
 135 extern CONST UINT8 mMicrosoftUefiCa[];
 136 extern CONST UINTN mSizeOfMicrosoftUefiCa;
 137
 138 extern CONST UINT8 mSha256OfDevNull[];
 139 extern CONST UINTN mSizeOfSha256OfDevNull;
 140
 141 extern CONST EFI_GUID mMicrosoftOwnerGuid;
 142
 143 #endif /* ENROLL_DEFAULT_KEYS_H_ */