OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h

   1 /** @file
   2   Type definitions for the EnrollDefaultKeys application.
   3
   4   Copyright (C) 2014-2019, Red Hat, Inc.
   5
   6   SPDX-License-Identifier: BSD-2-Clause-Patent
   7 **/
   8
   9 #ifndef ENROLL_DEFAULT_KEYS_H_
  10 #define ENROLL_DEFAULT_KEYS_H_
  11
  12 #include <Uefi/UefiBaseType.h>
  13
  14 //
  15 // Convenience structure types for constructing "signature lists" for
  16 // authenticated UEFI variables.
  17 //
  18 // The most important thing about the variable payload is that it is a list of
  19 // lists, where the element size of any given *inner* list is constant.
  20 //
  21 // Since X509 certificates vary in size, each of our *inner* lists will contain
  22 // one element only (one X.509 certificate). This is explicitly mentioned in
  23 // the UEFI specification, in "28.4.1 Signature Database", in a Note.
  24 //
  25 // The list structure looks as follows:
  26 //
  27 // struct EFI_VARIABLE_AUTHENTICATION_2 {                           |
  28 //   struct EFI_TIME {                                              |
  29 //     UINT16 Year;                                                 |
  30 //     UINT8  Month;                                                |
  31 //     UINT8  Day;                                                  |
  32 //     UINT8  Hour;                                                 |
  33 //     UINT8  Minute;                                               |
  34 //     UINT8  Second;                                               |
  35 //     UINT8  Pad1;                                                 |
  36 //     UINT32 Nanosecond;                                           |
  37 //     INT16  TimeZone;                                             |
  38 //     UINT8  Daylight;                                             |
  39 //     UINT8  Pad2;                                                 |
  40 //   } TimeStamp;                                                   |
  41 //                                                                  |
  42 //   struct WIN_CERTIFICATE_UEFI_GUID {                           | |
  43 //     struct WIN_CERTIFICATE {                                   | |
  44 //       UINT32 dwLength; ----------------------------------------+ |
  45 //       UINT16 wRevision;                                        | |
  46 //       UINT16 wCertificateType;                                 | |
  47 //     } Hdr;                                                     | +- DataSize
  48 //                                                                | |
  49 //     EFI_GUID CertType;                                         | |
  50 //     UINT8    CertData[1] = { <--- "struct hack"                | |
  51 //       struct EFI_SIGNATURE_LIST {                            | | |
  52 //         EFI_GUID SignatureType;                              | | |
  53 //         UINT32   SignatureListSize; -------------------------+ | |
  54 //         UINT32   SignatureHeaderSize;                        | | |
  55 //         UINT32   SignatureSize; ---------------------------+ | | |
  56 //         UINT8    SignatureHeader[SignatureHeaderSize];     | | | |
  57 //                                                            v | | |
  58 //         struct EFI_SIGNATURE_DATA {                        | | | |
  59 //           EFI_GUID SignatureOwner;                         | | | |
  60 //           UINT8    SignatureData[1] = { <--- "struct hack" | | | |
  61 //             X.509 payload                                  | | | |
  62 //           }                                                | | | |
  63 //         } Signatures[];                                      | | |
  64 //       } SigLists[];                                            | |
  65 //     };                                                         | |
  66 //   } AuthInfo;                                                  | |
  67 // };                                                               |
  68 //
  69 // Given that the "struct hack" invokes undefined behavior (which is why C99
  70 // introduced the flexible array member), and because subtracting those pesky
  71 // sizes of 1 is annoying, and because the format is fully specified in the
  72 // UEFI specification, we'll introduce two matching convenience structures that
  73 // are customized for our X.509 purposes.
  74 //
  75 #pragma pack (1)
  76 typedef struct {
  77   EFI_TIME TimeStamp;
  78
  79   //
  80   // dwLength covers data below
  81   //
  82   UINT32   dwLength;
  83   UINT16   wRevision;
  84   UINT16   wCertificateType;
  85   EFI_GUID CertType;
  86 } SINGLE_HEADER;
  87
  88 typedef struct {
  89   //
  90   // SignatureListSize covers data below
  91   //
  92   EFI_GUID SignatureType;
  93   UINT32   SignatureListSize;
  94   UINT32   SignatureHeaderSize; // constant 0
  95   UINT32   SignatureSize;
  96
  97   //
  98   // SignatureSize covers data below
  99   //
 100   EFI_GUID SignatureOwner;
 101
 102   //
 103   // X.509 certificate follows
 104   //
 105 } REPEATING_HEADER;
 106 #pragma pack ()
 107
 108
 109 //
 110 // A structure that collects the values of UEFI variables related to Secure
 111 // Boot.
 112 //
 113 typedef struct {
 114   UINT8 SetupMode;
 115   UINT8 SecureBoot;
 116   UINT8 SecureBootEnable;
 117   UINT8 CustomMode;
 118   UINT8 VendorKeys;
 119 } SETTINGS;
 120
 121 #endif /* ENROLL_DEFAULT_KEYS_H_ */