1 /** @file 2 The internal header file includes the common header files, defines 3 internal structure and functions used by ImageVerificationLib. 4 5 Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 http://opensource.org/licenses/bsd-license.php 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 14 **/ 15 16 #ifndef __IMAGEVERIFICATIONLIB_H__ 17 #define __IMAGEVERIFICATIONLIB_H__ 18 19 #include <Library/UefiDriverEntryPoint.h> 20 #include <Library/DebugLib.h> 21 #include <Library/BaseMemoryLib.h> 22 #include <Library/UefiBootServicesTableLib.h> 23 #include <Library/UefiRuntimeServicesTableLib.h> 24 #include <Library/UefiLib.h> 25 #include <Library/BaseLib.h> 26 #include <Library/MemoryAllocationLib.h> 27 #include <Library/BaseCryptLib.h> 28 #include <Library/PcdLib.h> 29 #include <Library/DevicePathLib.h> 30 #include <Library/SecurityManagementLib.h> 31 #include <Library/PeCoffLib.h> 32 #include <Protocol/FirmwareVolume2.h> 33 #include <Protocol/DevicePath.h> 34 #include <Protocol/BlockIo.h> 35 #include <Protocol/SimpleFileSystem.h> 36 #include <Protocol/VariableWrite.h> 37 #include <Guid/ImageAuthentication.h> 38 #include <Guid/AuthenticatedVariableFormat.h> 39 #include <IndustryStandard/PeImage.h> 40 41 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 42 #define EFI_CERT_TYPE_RSA2048_SIZE 256 43 #define MAX_NOTIFY_STRING_LEN 64 44 #define TWO_BYTE_ENCODE 0x82 45 46 #define ALIGNMENT_SIZE 8 47 #define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0) 48 49 // 50 // Image type definitions 51 // 52 #define IMAGE_UNKNOWN 0x00000000 53 #define IMAGE_FROM_FV 0x00000001 54 #define IMAGE_FROM_OPTION_ROM 0x00000002 55 #define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003 56 #define IMAGE_FROM_FIXED_MEDIA 0x00000004 57 58 // 59 // Authorization policy bit definition 60 // 61 #define ALWAYS_EXECUTE 0x00000000 62 #define NEVER_EXECUTE 0x00000001 63 #define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002 64 #define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003 65 #define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004 66 #define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 67 68 // 69 // Support hash types 70 // 71 #define HASHALG_SHA1 0x00000000 72 #define HASHALG_SHA224 0x00000001 73 #define HASHALG_SHA256 0x00000002 74 #define HASHALG_SHA384 0x00000003 75 #define HASHALG_SHA512 0x00000004 76 #define HASHALG_MAX 0x00000005 77 78 // 79 // Set max digest size as SHA512 Output (64 bytes) by far 80 // 81 #define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE 82 // 83 // 84 // PKCS7 Certificate definition 85 // 86 typedef struct { 87 WIN_CERTIFICATE Hdr; 88 UINT8 CertData[1]; 89 } WIN_CERTIFICATE_EFI_PKCS; 90 91 92 /** 93 Retrieves the size, in bytes, of the context buffer required for hash operations. 94 95 @return The size, in bytes, of the context buffer required for hash operations. 96 97 **/ 98 typedef 99 UINTN 100 (EFIAPI *HASH_GET_CONTEXT_SIZE)( 101 VOID 102 ); 103 104 /** 105 Initializes user-supplied memory pointed by HashContext as hash context for 106 subsequent use. 107 108 If HashContext is NULL, then ASSERT(). 109 110 @param[in, out] HashContext Pointer to Context being initialized. 111 112 @retval TRUE HASH context initialization succeeded. 113 @retval FALSE HASH context initialization failed. 114 115 **/ 116 typedef 117 BOOLEAN 118 (EFIAPI *HASH_INIT)( 119 IN OUT VOID *HashContext 120 ); 121 122 123 /** 124 Performs digest on a data buffer of the specified length. This function can 125 be called multiple times to compute the digest of long or discontinuous data streams. 126 127 If HashContext is NULL, then ASSERT(). 128 129 @param[in, out] HashContext Pointer to the MD5 context. 130 @param[in] Data Pointer to the buffer containing the data to be hashed. 131 @param[in] DataLength Length of Data buffer in bytes. 132 133 @retval TRUE HASH data digest succeeded. 134 @retval FALSE Invalid HASH context. After HashFinal function has been called, the 135 HASH context cannot be reused. 136 137 **/ 138 typedef 139 BOOLEAN 140 (EFIAPI *HASH_UPDATE)( 141 IN OUT VOID *HashContext, 142 IN CONST VOID *Data, 143 IN UINTN DataLength 144 ); 145 146 /** 147 Completes hash computation and retrieves the digest value into the specified 148 memory. After this function has been called, the context cannot be used again. 149 150 If HashContext is NULL, then ASSERT(). 151 If HashValue is NULL, then ASSERT(). 152 153 @param[in, out] HashContext Pointer to the MD5 context 154 @param[out] HashValue Pointer to a buffer that receives the HASH digest 155 value. 156 157 @retval TRUE HASH digest computation succeeded. 158 @retval FALSE HASH digest computation failed. 159 160 **/ 161 typedef 162 BOOLEAN 163 (EFIAPI *HASH_FINAL)( 164 IN OUT VOID *HashContext, 165 OUT UINT8 *HashValue 166 ); 167 168 169 // 170 // Hash Algorithm Table 171 // 172 typedef struct { 173 // 174 // Name for Hash Algorithm 175 // 176 CHAR16 *Name; 177 // 178 // Digest Length 179 // 180 UINTN DigestLength; 181 // 182 // Hash Algorithm OID ASN.1 Value 183 // 184 UINT8 *OidValue; 185 // 186 // Length of Hash OID Value 187 // 188 UINTN OidLength; 189 // 190 // Pointer to Hash GetContentSize function 191 // 192 HASH_GET_CONTEXT_SIZE GetContextSize; 193 // 194 // Pointer to Hash Init function 195 // 196 HASH_INIT HashInit; 197 // 198 // Pointer to Hash Update function 199 // 200 HASH_UPDATE HashUpdate; 201 // 202 // Pointer to Hash Final function 203 // 204 HASH_FINAL HashFinal; 205 } HASH_TABLE; 206 207 #endif 208