]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SecurityPkg: Update DxeImageVerificationLib with following changes:
[mirror_edk2.git] / SecurityPkg / Library / DxeImageVerificationLib / DxeImageVerificationLib.h
1 /** @file
2 The internal header file includes the common header files, defines
3 internal structure and functions used by ImageVerificationLib.
4
5 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #ifndef __IMAGEVERIFICATIONLIB_H__
17 #define __IMAGEVERIFICATIONLIB_H__
18
19 #include <Library/UefiDriverEntryPoint.h>
20 #include <Library/DebugLib.h>
21 #include <Library/BaseMemoryLib.h>
22 #include <Library/UefiBootServicesTableLib.h>
23 #include <Library/UefiRuntimeServicesTableLib.h>
24 #include <Library/UefiLib.h>
25 #include <Library/BaseLib.h>
26 #include <Library/MemoryAllocationLib.h>
27 #include <Library/BaseCryptLib.h>
28 #include <Library/PcdLib.h>
29 #include <Library/DevicePathLib.h>
30 #include <Library/SecurityManagementLib.h>
31 #include <Protocol/FirmwareVolume2.h>
32 #include <Protocol/DevicePath.h>
33 #include <Protocol/BlockIo.h>
34 #include <Protocol/SimpleFileSystem.h>
35 #include <Protocol/VariableWrite.h>
36 #include <Guid/ImageAuthentication.h>
37 #include <Guid/AuthenticatedVariableFormat.h>
38 #include <IndustryStandard/PeImage.h>
39
40 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
41 #define EFI_CERT_TYPE_RSA2048_SIZE 256
42 #define MAX_NOTIFY_STRING_LEN 64
43
44 //
45 // Image type definitions
46 //
47 #define IMAGE_UNKNOWN 0x00000000
48 #define IMAGE_FROM_FV 0x00000001
49 #define IMAGE_FROM_OPTION_ROM 0x00000002
50 #define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003
51 #define IMAGE_FROM_FIXED_MEDIA 0x00000004
52
53 //
54 // Authorization policy bit definition
55 //
56 #define ALWAYS_EXECUTE 0x00000000
57 #define NEVER_EXECUTE 0x00000001
58 #define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002
59 #define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
60 #define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
61 #define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
62
63 //
64 // Support hash types
65 //
66 #define HASHALG_SHA1 0x00000000
67 #define HASHALG_SHA224 0x00000001
68 #define HASHALG_SHA256 0x00000002
69 #define HASHALG_SHA384 0x00000003
70 #define HASHALG_SHA512 0x00000004
71 #define HASHALG_MAX 0x00000005
72
73 //
74 // Set max digest size as SHA256 Output (32 bytes) by far
75 //
76 #define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
77 //
78 //
79 // PKCS7 Certificate definition
80 //
81 typedef struct {
82 WIN_CERTIFICATE Hdr;
83 UINT8 CertData[1];
84 } WIN_CERTIFICATE_EFI_PKCS;
85
86
87 /**
88 Retrieves the size, in bytes, of the context buffer required for hash operations.
89
90 @return The size, in bytes, of the context buffer required for hash operations.
91
92 **/
93 typedef
94 UINTN
95 (EFIAPI *HASH_GET_CONTEXT_SIZE)(
96 VOID
97 );
98
99 /**
100 Initializes user-supplied memory pointed by HashContext as hash context for
101 subsequent use.
102
103 If HashContext is NULL, then ASSERT().
104
105 @param[in, out] HashContext Pointer to Context being initialized.
106
107 @retval TRUE HASH context initialization succeeded.
108 @retval FALSE HASH context initialization failed.
109
110 **/
111 typedef
112 BOOLEAN
113 (EFIAPI *HASH_INIT)(
114 IN OUT VOID *HashContext
115 );
116
117
118 /**
119 Performs digest on a data buffer of the specified length. This function can
120 be called multiple times to compute the digest of long or discontinuous data streams.
121
122 If HashContext is NULL, then ASSERT().
123
124 @param[in, out] HashContext Pointer to the MD5 context.
125 @param[in] Data Pointer to the buffer containing the data to be hashed.
126 @param[in] DataLength Length of Data buffer in bytes.
127
128 @retval TRUE HASH data digest succeeded.
129 @retval FALSE Invalid HASH context. After HashFinal function has been called, the
130 HASH context cannot be reused.
131
132 **/
133 typedef
134 BOOLEAN
135 (EFIAPI *HASH_UPDATE)(
136 IN OUT VOID *HashContext,
137 IN CONST VOID *Data,
138 IN UINTN DataLength
139 );
140
141 /**
142 Completes hash computation and retrieves the digest value into the specified
143 memory. After this function has been called, the context cannot be used again.
144
145 If HashContext is NULL, then ASSERT().
146 If HashValue is NULL, then ASSERT().
147
148 @param[in, out] HashContext Pointer to the MD5 context
149 @param[out] HashValue Pointer to a buffer that receives the HASH digest
150 value.
151
152 @retval TRUE HASH digest computation succeeded.
153 @retval FALSE HASH digest computation failed.
154
155 **/
156 typedef
157 BOOLEAN
158 (EFIAPI *HASH_FINAL)(
159 IN OUT VOID *HashContext,
160 OUT UINT8 *HashValue
161 );
162
163
164 //
165 // Hash Algorithm Table
166 //
167 typedef struct {
168 //
169 // Name for Hash Algorithm
170 //
171 CHAR16 *Name;
172 //
173 // Digest Length
174 //
175 UINTN DigestLength;
176 //
177 // Hash Algorithm OID ASN.1 Value
178 //
179 UINT8 *OidValue;
180 //
181 // Length of Hash OID Value
182 //
183 UINTN OidLength;
184 //
185 // Pointer to Hash GetContentSize function
186 //
187 HASH_GET_CONTEXT_SIZE GetContextSize;
188 //
189 // Pointer to Hash Init function
190 //
191 HASH_INIT HashInit;
192 //
193 // Pointer to Hash Update function
194 //
195 HASH_UPDATE HashUpdate;
196 //
197 // Pointer to Hash Final function
198 //
199 HASH_FINAL HashFinal;
200 } HASH_TABLE;
201
202 #endif
EFI Development Kit II mirror for PVE