]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
1. Add more error handling code to DxeImageVerificationLib and BaseCryptLib.
[mirror_edk2.git] / SecurityPkg / Library / DxeImageVerificationLib / DxeImageVerificationLib.h
1 /** @file
2 The internal header file includes the common header files, defines
3 internal structure and functions used by ImageVerificationLib.
4
5 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #ifndef __IMAGEVERIFICATIONLIB_H__
17 #define __IMAGEVERIFICATIONLIB_H__
18
19 #include <Library/UefiDriverEntryPoint.h>
20 #include <Library/DebugLib.h>
21 #include <Library/BaseMemoryLib.h>
22 #include <Library/UefiBootServicesTableLib.h>
23 #include <Library/UefiRuntimeServicesTableLib.h>
24 #include <Library/UefiLib.h>
25 #include <Library/BaseLib.h>
26 #include <Library/MemoryAllocationLib.h>
27 #include <Library/BaseCryptLib.h>
28 #include <Library/PcdLib.h>
29 #include <Library/DevicePathLib.h>
30 #include <Library/SecurityManagementLib.h>
31 #include <Protocol/FirmwareVolume2.h>
32 #include <Protocol/DevicePath.h>
33 #include <Protocol/BlockIo.h>
34 #include <Protocol/SimpleFileSystem.h>
35 #include <Protocol/VariableWrite.h>
36 #include <Guid/ImageAuthentication.h>
37 #include <Guid/AuthenticatedVariableFormat.h>
38 #include <IndustryStandard/PeImage.h>
39
40 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
41 #define EFI_CERT_TYPE_RSA2048_SIZE 256
42 #define MAX_NOTIFY_STRING_LEN 64
43 #define TWO_BYTE_ENCODE 0x82
44
45 //
46 // Image type definitions
47 //
48 #define IMAGE_UNKNOWN 0x00000000
49 #define IMAGE_FROM_FV 0x00000001
50 #define IMAGE_FROM_OPTION_ROM 0x00000002
51 #define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003
52 #define IMAGE_FROM_FIXED_MEDIA 0x00000004
53
54 //
55 // Authorization policy bit definition
56 //
57 #define ALWAYS_EXECUTE 0x00000000
58 #define NEVER_EXECUTE 0x00000001
59 #define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002
60 #define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
61 #define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
62 #define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
63
64 //
65 // Support hash types
66 //
67 #define HASHALG_SHA1 0x00000000
68 #define HASHALG_SHA224 0x00000001
69 #define HASHALG_SHA256 0x00000002
70 #define HASHALG_SHA384 0x00000003
71 #define HASHALG_SHA512 0x00000004
72 #define HASHALG_MAX 0x00000005
73
74 //
75 // Set max digest size as SHA256 Output (32 bytes) by far
76 //
77 #define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
78 //
79 //
80 // PKCS7 Certificate definition
81 //
82 typedef struct {
83 WIN_CERTIFICATE Hdr;
84 UINT8 CertData[1];
85 } WIN_CERTIFICATE_EFI_PKCS;
86
87
88 /**
89 Retrieves the size, in bytes, of the context buffer required for hash operations.
90
91 @return The size, in bytes, of the context buffer required for hash operations.
92
93 **/
94 typedef
95 UINTN
96 (EFIAPI *HASH_GET_CONTEXT_SIZE)(
97 VOID
98 );
99
100 /**
101 Initializes user-supplied memory pointed by HashContext as hash context for
102 subsequent use.
103
104 If HashContext is NULL, then ASSERT().
105
106 @param[in, out] HashContext Pointer to Context being initialized.
107
108 @retval TRUE HASH context initialization succeeded.
109 @retval FALSE HASH context initialization failed.
110
111 **/
112 typedef
113 BOOLEAN
114 (EFIAPI *HASH_INIT)(
115 IN OUT VOID *HashContext
116 );
117
118
119 /**
120 Performs digest on a data buffer of the specified length. This function can
121 be called multiple times to compute the digest of long or discontinuous data streams.
122
123 If HashContext is NULL, then ASSERT().
124
125 @param[in, out] HashContext Pointer to the MD5 context.
126 @param[in] Data Pointer to the buffer containing the data to be hashed.
127 @param[in] DataLength Length of Data buffer in bytes.
128
129 @retval TRUE HASH data digest succeeded.
130 @retval FALSE Invalid HASH context. After HashFinal function has been called, the
131 HASH context cannot be reused.
132
133 **/
134 typedef
135 BOOLEAN
136 (EFIAPI *HASH_UPDATE)(
137 IN OUT VOID *HashContext,
138 IN CONST VOID *Data,
139 IN UINTN DataLength
140 );
141
142 /**
143 Completes hash computation and retrieves the digest value into the specified
144 memory. After this function has been called, the context cannot be used again.
145
146 If HashContext is NULL, then ASSERT().
147 If HashValue is NULL, then ASSERT().
148
149 @param[in, out] HashContext Pointer to the MD5 context
150 @param[out] HashValue Pointer to a buffer that receives the HASH digest
151 value.
152
153 @retval TRUE HASH digest computation succeeded.
154 @retval FALSE HASH digest computation failed.
155
156 **/
157 typedef
158 BOOLEAN
159 (EFIAPI *HASH_FINAL)(
160 IN OUT VOID *HashContext,
161 OUT UINT8 *HashValue
162 );
163
164
165 //
166 // Hash Algorithm Table
167 //
168 typedef struct {
169 //
170 // Name for Hash Algorithm
171 //
172 CHAR16 *Name;
173 //
174 // Digest Length
175 //
176 UINTN DigestLength;
177 //
178 // Hash Algorithm OID ASN.1 Value
179 //
180 UINT8 *OidValue;
181 //
182 // Length of Hash OID Value
183 //
184 UINTN OidLength;
185 //
186 // Pointer to Hash GetContentSize function
187 //
188 HASH_GET_CONTEXT_SIZE GetContextSize;
189 //
190 // Pointer to Hash Init function
191 //
192 HASH_INIT HashInit;
193 //
194 // Pointer to Hash Update function
195 //
196 HASH_UPDATE HashUpdate;
197 //
198 // Pointer to Hash Final function
199 //
200 HASH_FINAL HashFinal;
201 } HASH_TABLE;
202
203 #endif
EFI Development Kit II mirror for PVE