1 /** @file 2 This includes some definitions introduced in UEFI that will be used in both PEI 3 and DXE phases. 4 5 (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> 6 Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> 7 8 This program and the accompanying materials are licensed and made available 9 under the terms and conditions of the BSD License which accompanies this 10 distribution. The full text of the license may be found at 11 http://opensource.org/licenses/bsd-license.php 12 13 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 14 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 15 16 **/ 17 18 #ifndef __UEFI_MULTIPHASE_H__ 19 #define __UEFI_MULTIPHASE_H__ 20 21 // 22 // Enumeration of memory types introduced in UEFI. 23 // 24 typedef enum { 25 EfiReservedMemoryType, 26 EfiLoaderCode, 27 EfiLoaderData, 28 EfiBootServicesCode, 29 EfiBootServicesData, 30 EfiRuntimeServicesCode, 31 EfiRuntimeServicesData, 32 EfiConventionalMemory, 33 EfiUnusableMemory, 34 EfiACPIReclaimMemory, 35 EfiACPIMemoryNVS, 36 EfiMemoryMappedIO, 37 EfiMemoryMappedIOPortSpace, 38 EfiPalCode, 39 EfiPersistentMemory, 40 EfiMaxMemoryType 41 } EFI_MEMORY_TYPE; 42 43 44 // 45 // Data structure that precedes all of the standard EFI table types. 46 // 47 typedef struct { 48 UINT64 Signature; 49 UINT32 Revision; 50 UINT32 HeaderSize; 51 UINT32 CRC32; 52 UINT32 Reserved; 53 } EFI_TABLE_HEADER; 54 55 // 56 // Attributes of variable. 57 // 58 #define EFI_VARIABLE_NON_VOLATILE 0x00000001 59 #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 60 #define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 61 #define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008 62 63 // 64 // This attribute is identified by the mnemonic 'HR' 65 // elsewhere in this specification. 66 // 67 #define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 68 69 70 71 // 72 // _WIN_CERTIFICATE.wCertificateType 73 // 74 #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0 75 #define WIN_CERT_TYPE_EFI_GUID 0x0EF1 76 77 /** 78 79 The WIN_CERTIFICATE structure is part of the PE/COFF 80 specification and has the following definition: 81 82 @param dwLength The length of the entire certificate, 83 including the length of the header, in 84 bytes. 85 86 @param wRevision The revision level of the WIN_CERTIFICATE 87 structure. The current revision level is 88 0x0200. 89 90 @param wCertificateType The certificate type. See 91 WIN_CERT_TYPE_xxx for the UEFI 92 certificate types. The UEFI 93 specification reserves the range of 94 certificate type values from 0x0EF0 95 to 0x0EFF. 96 97 @param bCertificate The actual certificate. The format of 98 the certificate depends on 99 wCertificateType. The format of the UEFI 100 certificates is defined below. 101 102 103 **/ 104 typedef struct _WIN_CERTIFICATE { 105 UINT32 dwLength; 106 UINT16 wRevision; 107 UINT16 wCertificateType; 108 //UINT8 bCertificate[ANYSIZE_ARRAY]; 109 } WIN_CERTIFICATE; 110 111 // 112 // WIN_CERTIFICATE_UEFI_GUID.CertType 113 // 114 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ 115 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } 116 117 // 118 // WIN_CERTIFICATE_UEFI_GUID.CertData 119 // 120 typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 { 121 EFI_GUID HashType; 122 UINT8 PublicKey[256]; 123 UINT8 Signature[256]; 124 } EFI_CERT_BLOCK_RSA_2048_SHA256; 125 126 127 /** 128 129 @param Hdr This is the standard WIN_CERTIFICATE header, where 130 wCertificateType is set to 131 WIN_CERT_TYPE_EFI_GUID. 132 133 @param CertType This is the unique id which determines the 134 format of the CertData. In this case, the 135 value is EFI_CERT_TYPE_RSA2048_SHA256_GUID. 136 137 @param CertData This is the certificate data. The format of 138 the data is determined by the CertType. In 139 this case the value is 140 EFI_CERT_BLOCK_RSA_2048_SHA256. 141 142 @param Information The WIN_CERTIFICATE_UEFI_GUID certificate 143 type allows new types of certificates to 144 be developed for driver authentication 145 without requiring a new certificate type. 146 The CertType defines the format of the 147 CertData, which length is defined by the 148 size of the certificate less the fixed 149 size of the WIN_CERTIFICATE_UEFI_GUID 150 structure. 151 152 **/ 153 typedef struct _WIN_CERTIFICATE_UEFI_GUID { 154 WIN_CERTIFICATE Hdr; 155 EFI_GUID CertType; 156 // UINT8 CertData[ANYSIZE_ARRAY]; 157 } WIN_CERTIFICATE_UEFI_GUID; 158 159 160 /** 161 162 Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital 163 signature. 164 165 The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from 166 WIN_CERTIFICATE and encapsulate the information needed to 167 implement the RSASSA-PKCS1-v1_5 digital signature algorithm as 168 specified in RFC2437. 169 170 @param Hdr This is the standard WIN_CERTIFICATE header, where 171 wCertificateType is set to 172 WIN_CERT_TYPE_UEFI_PKCS1_15. 173 174 @param HashAlgorithm This is the hashing algorithm which was 175 performed on the UEFI executable when 176 creating the digital signature. It is 177 one of the enumerated values pre-defined 178 in Section 26.4.1. See 179 EFI_HASH_ALGORITHM_x. 180 181 @param Signature This is the actual digital signature. The 182 size of the signature is the same size as 183 the key (1024-bit key is 128 bytes) and can 184 be determined by subtracting the length of 185 the other parts of this header from the 186 total length of the certificate as found in 187 Hdr.dwLength. 188 189 **/ 190 typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 { 191 WIN_CERTIFICATE Hdr; 192 EFI_GUID HashAlgorithm; 193 // UINT8 Signature[ANYSIZE_ARRAY]; 194 } WIN_CERTIFICATE_EFI_PKCS1_15; 195 196 197 /** 198 199 AuthInfo is a WIN_CERTIFICATE using the wCertificateType 200 WIN_CERTIFICATE_UEFI_GUID and the CertType 201 EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies 202 authenticated access, then the Data buffer should begin with an 203 authentication descriptor prior to the data payload and DataSize 204 should reflect the the data.and descriptor size. The caller 205 shall digest the Monotonic Count value and the associated data 206 for the variable update using the SHA-256 1-way hash algorithm. 207 The ensuing the 32-byte digest will be signed using the private 208 key associated w/ the public/private 2048-bit RSA key-pair. The 209 WIN_CERTIFICATE shall be used to describe the signature of the 210 Variable data *Data. In addition, the signature will also 211 include the MonotonicCount value to guard against replay attacks 212 213 @param MonotonicCount Included in the signature of 214 AuthInfo.Used to ensure freshness/no 215 replay. Incremented during each 216 "Write" access. 217 218 @param AuthInfo Provides the authorization for the variable 219 access. It is a signature across the 220 variable data and the Monotonic Count 221 value. Caller uses Private key that is 222 associated with a public key that has been 223 provisioned via the key exchange. 224 225 **/ 226 typedef struct { 227 UINT64 MonotonicCount; 228 WIN_CERTIFICATE_UEFI_GUID AuthInfo; 229 } EFI_VARIABLE_AUTHENTICATION; 230 231 #endif 232 233