-//\r
-// Attributes of variable.\r
-// \r
-#define EFI_VARIABLE_NON_VOLATILE 0x00000001\r
-#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002\r
-#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004\r
-#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008\r
-\r
-//\r
-// This attribute is identified by the mnemonic 'HR' \r
-// elsewhere in this specification.\r
-// \r
-#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010\r
-\r
-\r
-\r
-//\r
-// _WIN_CERTIFICATE.wCertificateType\r
-// \r
-#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0\r
-#define WIN_CERT_TYPE_EFI_GUID 0x0EF1\r
-\r
-/**\r
- \r
- The WIN_CERTIFICATE structure is part of the PE/COFF\r
- specification and has the following definition:\r
-\r
- @param dwLength The length of the entire certificate,\r
- including the length of the header, in\r
- bytes.\r
-\r
- @param wRevision The revision level of the WIN_CERTIFICATE\r
- structure. The current revision level is\r
- 0x0200.\r
-\r
- @param wCertificateType The certificate type. See\r
- WIN_CERT_TYPE_xxx for the UEFI\r
- certificate types. The UEFI\r
- specification reserves the range of\r
- certificate type values from 0x0EF0\r
- to 0x0EFF.\r
-\r
- @param bCertificate The actual certificate. The format of\r
- the certificate depends on\r
- wCertificateType. The format of the UEFI\r
- certificates is defined below.\r
-\r
-\r
-**/\r
-typedef struct _WIN_CERTIFICATE {\r
- UINT32 dwLength;\r
- UINT16 wRevision;\r
- UINT16 wCertificateType;\r
- //UINT8 bCertificate[ANYSIZE_ARRAY];\r
-} WIN_CERTIFICATE;\r
-\r
-//\r
-// WIN_CERTIFICATE_UEFI_GUID.CertType\r
-// \r
-#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \\r
- {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }\r
-\r
-//\r
-// WIN_CERTIFICATE_UEFI_GUID.CertData\r
-// \r
-typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {\r
- UINT32 HashType;\r
- UINT8 PublicKey[256];\r
- UINT8 Signature[256];\r
-} EFI_CERT_BLOCK_RSA_2048_SHA256;\r
-\r
-\r
-/**\r
- \r
- @param Hdr This is the standard WIN_CERTIFICATE header, where\r
- wCertificateType is set to\r
- WIN_CERT_TYPE_UEFI_GUID.\r
-\r
- @param CertType This is the unique id which determines the\r
- format of the CertData. In this case, the\r
- value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.\r
-\r
- @param CertData This is the certificate data. The format of\r
- the data is determined by the CertType. In\r
- this case the value is\r
- EFI_CERT_BLOCK_RSA_2048_SHA256.\r
-\r
- @param Information The WIN_CERTIFICATE_UEFI_GUID certificate\r
- type allows new types of certificates to\r
- be developed for driver authentication\r
- without requiring a new certificate type.\r
- The CertType defines the format of the\r
- CertData, which length is defined by the\r
- size of the certificate less the fixed\r
- size of the WIN_CERTIFICATE_UEFI_GUID\r
- structure.\r
-\r
-**/\r
-typedef struct _WIN_CERTIFICATE_UEFI_GUID {\r
- WIN_CERTIFICATE Hdr;\r
- EFI_GUID CertType;\r
- // UINT8 CertData[ANYSIZE_ARRAY];\r
-} WIN_CERTIFICATE_UEFI_GUID;\r
-\r
-\r
-\r
-\r
-\r
-\r
-/**\r
- \r
- Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital\r
- signature.\r
- \r
- The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from\r
- WIN_CERTIFICATE and encapsulate the information needed to \r
- implement the RSASSA-PKCS1-v1_5 digital signature algorithm as \r
- specified in RFC2437. \r
- \r
- @param Hdr This is the standard WIN_CERTIFICATE header, where\r
- wCertificateType is set to\r
- WIN_CERT_TYPE_UEFI_PKCS1_15.\r
- \r
- @param HashAlgorithm This is the hashing algorithm which was\r
- performed on the UEFI executable when\r
- creating the digital signature. It is\r
- one of the enumerated values pre-defined\r
- in Section 26.4.1. See\r
- EFI_HASH_ALGORITHM_x.\r
- \r
- @param Signature This is the actual digital signature. The\r
- size of the signature is the same size as\r
- the key (1024-bit key is 128 bytes) and can\r
- be determined by subtracting the length of\r
- the other parts of this header from the\r
- total length of the certificate as found in\r
- Hdr.dwLength.\r
-\r
-**/\r
-typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 {\r
- WIN_CERTIFICATE Hdr;\r
- EFI_GUID HashAlgorithm;\r
- // UINT8 Signature[ANYSIZE_ARRAY];\r
-} WIN_CERTIFICATE_EFI_PKCS1_15;\r
-\r
-\r
-/**\r
- \r
- AuthInfo is a WIN_CERTIFICATE using the wCertificateType\r
- WIN_CERTIFICATE_UEFI_GUID and the CertType\r
- EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies\r
- authenticated access, then the Data buffer should begin with an\r
- authentication descriptor prior to the data payload and DataSize\r
- should reflect the the data.and descriptor size. The caller\r
- shall digest the Monotonic Count value and the associated data\r
- for the variable update using the SHA-256 1-way hash algorithm.\r
- The ensuing the 32-byte digest will be signed using the private\r
- key associated w/ the public/private 2048-bit RSA key-pair. The\r
- WIN_CERTIFICATE shall be used to describe the signature of the\r
- Variable data *Data. In addition, the signature will also\r
- include the MonotonicCount value to guard against replay attacks\r
- \r
- @param MonotonicCount Included in the signature of\r
- AuthInfo.Used to ensure freshness/no\r
- replay. Incremented during each\r
- "Write" access.\r
- \r
- @param AuthInfo Provides the authorization for the variable\r
- access. It is a signature across the\r
- variable data and the Monotonic Count\r
- value. Caller uses Private key that is\r
- associated with a public key that has been\r
- provisioned via the key exchange.\r
-\r
-**/\r
+///\r
+/// Attributes of variable.\r
+/// \r
+#define EFI_VARIABLE_NON_VOLATILE 0x00000001\r
+#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002\r
+#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004\r
+///\r
+/// This attribute is identified by the mnemonic 'HR' \r
+/// elsewhere in this specification.\r
+/// \r
+#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008\r
+///\r
+/// Attributes of Authenticated Variable\r
+///\r
+#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010\r
+#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020\r
+#define EFI_VARIABLE_APPEND_WRITE 0x00000040\r
+\r
+\r
+/// \r
+/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType\r
+/// WIN_CERTIFICATE_UEFI_GUID and the CertType\r
+/// EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies\r
+/// authenticated access, then the Data buffer should begin with an\r
+/// authentication descriptor prior to the data payload and DataSize\r
+/// should reflect the the data.and descriptor size. The caller\r
+/// shall digest the Monotonic Count value and the associated data\r
+/// for the variable update using the SHA-256 1-way hash algorithm.\r
+/// The ensuing the 32-byte digest will be signed using the private\r
+/// key associated w/ the public/private 2048-bit RSA key-pair. The\r
+/// WIN_CERTIFICATE shall be used to describe the signature of the\r
+/// Variable data *Data. In addition, the signature will also\r
+/// include the MonotonicCount value to guard against replay attacks.\r
+/// \r