• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /** @file
2   This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.
3 
4   Copyright (c) 2006 - 2008, Intel Corporation
5   All rights reserved. This program and the accompanying materials
6   are licensed and made available under the terms and conditions of the BSD License
7   which accompanies this distribution.  The full text of the license may be found at
8   http://opensource.org/licenses/bsd-license.php
9 
10   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12 
13 **/
14 
15 #ifndef __UEFI_MULTIPHASE_H__
16 #define __UEFI_MULTIPHASE_H__
17 
18 #include <gpxe/efi/ProcessorBind.h>
19 
20 ///
21 /// Enumeration of memory types introduced in UEFI.
22 ///
23 typedef enum {
24   EfiReservedMemoryType,
25   EfiLoaderCode,
26   EfiLoaderData,
27   EfiBootServicesCode,
28   EfiBootServicesData,
29   EfiRuntimeServicesCode,
30   EfiRuntimeServicesData,
31   EfiConventionalMemory,
32   EfiUnusableMemory,
33   EfiACPIReclaimMemory,
34   EfiACPIMemoryNVS,
35   EfiMemoryMappedIO,
36   EfiMemoryMappedIOPortSpace,
37   EfiPalCode,
38   EfiMaxMemoryType
39 } EFI_MEMORY_TYPE;
40 
41 
42 ///
43 /// Data structure that precedes all of the standard EFI table types.
44 ///
45 typedef struct {
46   UINT64  Signature;
47   UINT32  Revision;
48   UINT32  HeaderSize;
49   UINT32  CRC32;
50   UINT32  Reserved;
51 } EFI_TABLE_HEADER;
52 
53 ///
54 /// Attributes of variable.
55 ///
56 #define EFI_VARIABLE_NON_VOLATILE                 0x00000001
57 #define EFI_VARIABLE_BOOTSERVICE_ACCESS           0x00000002
58 #define EFI_VARIABLE_RUNTIME_ACCESS               0x00000004
59 #define EFI_VARIABLE_HARDWARE_ERROR_RECORD        0x00000008
60 
61 ///
62 /// This attribute is identified by the mnemonic 'HR'
63 /// elsewhere in this specification.
64 ///
65 #define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS   0x00000010
66 
67 //
68 // _WIN_CERTIFICATE.wCertificateType
69 //
70 #define WIN_CERT_TYPE_EFI_PKCS115   0x0EF0
71 #define WIN_CERT_TYPE_EFI_GUID      0x0EF1
72 
73 ///
74 /// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
75 ///
76 typedef struct _WIN_CERTIFICATE {
77   ///
78   /// The length of the entire certificate,
79   /// including the length of the header, in bytes.
80   ///
81   UINT32  dwLength;
82   ///
83   /// The revision level of the WIN_CERTIFICATE
84   /// structure. The current revision level is 0x0200.
85   ///
86   UINT16  wRevision;
87   ///
88   /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
89   /// certificate types. The UEFI specification reserves the range of
90   /// certificate type values from 0x0EF0 to 0x0EFF.
91   ///
92   UINT16  wCertificateType;
93   ///
94   /// The following is the actual certificate. The format of
95   /// the certificate depends on wCertificateType.
96   ///
97   /// UINT8 bCertificate[ANYSIZE_ARRAY];
98   ///
99 } WIN_CERTIFICATE;
100 
101 ///
102 /// WIN_CERTIFICATE_UEFI_GUID.CertType
103 ///
104 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
105   {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
106 
107 //
108 // WIN_CERTIFICATE_UEFI_GUID.CertData
109 //
110 typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {
111   UINT32  HashType;
112   UINT8   PublicKey[256];
113   UINT8   Signature[256];
114 } EFI_CERT_BLOCK_RSA_2048_SHA256;
115 
116 
117 ///
118 /// Certificate which encapsulates a GUID-specific digital signature
119 ///
120 typedef struct _WIN_CERTIFICATE_UEFI_GUID {
121   ///
122   /// This is the standard WIN_CERTIFICATE header, where
123   /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID.
124   ///
125   WIN_CERTIFICATE   Hdr;
126   ///
127   /// This is the unique id which determines the
128   /// format of the CertData. In this case, the
129   /// value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.
130   ///
131   EFI_GUID          CertType;
132   ///
133   /// The following is the certificate data. The format of
134   /// the data is determined by the CertType. In this case the value is
135   /// EFI_CERT_BLOCK_RSA_2048_SHA256.
136   ///
137   /// UINT8            CertData[ANYSIZE_ARRAY];
138   ///
139 } WIN_CERTIFICATE_UEFI_GUID;
140 
141 
142 ///
143 /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.
144 ///
145 /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
146 /// WIN_CERTIFICATE and encapsulate the information needed to
147 /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
148 /// specified in RFC2437.
149 ///
150 typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 {
151   ///
152   /// This is the standard WIN_CERTIFICATE header, where
153   /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.
154   ///
155   WIN_CERTIFICATE Hdr;
156   ///
157   /// This is the hashing algorithm which was performed on the
158   /// UEFI executable when creating the digital signature.
159   ///
160   EFI_GUID        HashAlgorithm;
161   ///
162   /// The following is the actual digital signature. The
163   /// size of the signature is the same size as the key
164   /// (1024-bit key is 128 bytes) and can be determined by
165   /// subtracting the length of the other parts of this header
166   /// from the total length of the certificate as found in
167   /// Hdr.dwLength.
168   ///
169   /// UINT8 Signature[ANYSIZE_ARRAY];
170   ///
171 } WIN_CERTIFICATE_EFI_PKCS1_15;
172 
173 
174 
175 ///
176 /// AuthInfo is a WIN_CERTIFICATE using the wCertificateType
177 /// WIN_CERTIFICATE_UEFI_GUID and the CertType
178 /// EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies
179 /// authenticated access, then the Data buffer should begin with an
180 /// authentication descriptor prior to the data payload and DataSize
181 /// should reflect the the data.and descriptor size. The caller
182 /// shall digest the Monotonic Count value and the associated data
183 /// for the variable update using the SHA-256 1-way hash algorithm.
184 /// The ensuing the 32-byte digest will be signed using the private
185 /// key associated w/ the public/private 2048-bit RSA key-pair. The
186 /// WIN_CERTIFICATE shall be used to describe the signature of the
187 /// Variable data *Data. In addition, the signature will also
188 /// include the MonotonicCount value to guard against replay attacks
189 ///
190 typedef struct {
191   ///
192   /// Included in the signature of
193   /// AuthInfo.Used to ensure freshness/no
194   /// replay. Incremented during each
195   /// "Write" access.
196   ///
197   UINT64                      MonotonicCount;
198   ///
199   /// Provides the authorization for the variable
200   /// access. It is a signature across the
201   /// variable data and the  Monotonic Count
202   /// value. Caller uses Private key that is
203   /// associated with a public key that has been
204   /// provisioned via the key exchange.
205   ///
206   WIN_CERTIFICATE_UEFI_GUID   AuthInfo;
207 } EFI_VARIABLE_AUTHENTICATION;
208 
209 #endif
210 
211