summaryrefslogtreecommitdiff
path: root/MdePkg/Include/Uefi/UefiMultiPhase.h
blob: 6d54aa222beb22f317a36e715158cae53dfa0789 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
/** @file
  This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.

  Copyright (c) 2006, Intel Corporation                                                         
  All rights reserved. This program and the accompanying materials                          
  are licensed and made available under the terms and conditions of the BSD License         
  which accompanies this distribution.  The full text of the license may be found at        
  http://opensource.org/licenses/bsd-license.php                                            

  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             

**/

#ifndef __UEFI_MULTIPHASE_H__
#define __UEFI_MULTIPHASE_H__

//
// Enumeration of memory types introduced in UEFI.
// 
typedef enum {
  EfiReservedMemoryType,
  EfiLoaderCode,
  EfiLoaderData,
  EfiBootServicesCode,
  EfiBootServicesData,
  EfiRuntimeServicesCode,
  EfiRuntimeServicesData,
  EfiConventionalMemory,
  EfiUnusableMemory,
  EfiACPIReclaimMemory,
  EfiACPIMemoryNVS,
  EfiMemoryMappedIO,
  EfiMemoryMappedIOPortSpace,
  EfiPalCode,
  EfiMaxMemoryType
} EFI_MEMORY_TYPE;


//
// Data structure that precedes all of the standard EFI table types.
// 
typedef struct {
  UINT64  Signature;
  UINT32  Revision;
  UINT32  HeaderSize;
  UINT32  CRC32;
  UINT32  Reserved;
} EFI_TABLE_HEADER;

//
// Attributes of variable.
// 
#define EFI_VARIABLE_NON_VOLATILE                 0x00000001
#define EFI_VARIABLE_BOOTSERVICE_ACCESS           0x00000002
#define EFI_VARIABLE_RUNTIME_ACCESS               0x00000004
#define EFI_VARIABLE_HARDWARE_ERROR_RECORD        0x00000008

//
// This attribute is identified by the mnemonic 'HR' 
// elsewhere in this specification.
// 
#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS   0x00000010



//
// _WIN_CERTIFICATE.wCertificateType
// 
#define WIN_CERT_TYPE_EFI_PKCS115   0x0EF0
#define WIN_CERT_TYPE_EFI_GUID      0x0EF1

/**
   
  The WIN_CERTIFICATE structure is part of the PE/COFF
  specification and has the following definition:

  @param dwLength   The length of the entire certificate,
                    including the length of the header, in
                    bytes.

  @param wRevision  The revision level of the WIN_CERTIFICATE
                    structure. The current revision level is
                    0x0200.

  @param wCertificateType   The certificate type. See
                            WIN_CERT_TYPE_xxx for the UEFI
                            certificate types. The UEFI
                            specification reserves the range of
                            certificate type values from 0x0EF0
                            to 0x0EFF.

  @param bCertificate   The actual certificate. The format of
                        the certificate depends on
                        wCertificateType. The format of the UEFI
                        certificates is defined below.


**/
typedef struct _WIN_CERTIFICATE {
  UINT32  dwLength;
  UINT16  wRevision;
  UINT16  wCertificateType;
  //UINT8 bCertificate[ANYSIZE_ARRAY];
} WIN_CERTIFICATE;

//
// WIN_CERTIFICATE_UEFI_GUID.CertType
// 
#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
  {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }

//
// WIN_CERTIFICATE_UEFI_GUID.CertData
// 
typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {
  UINT32  HashType;
  UINT8   PublicKey[256];
  UINT8   Signature[256];
} EFI_CERT_BLOCK_RSA_2048_SHA256;


/**
   
  @param Hdr  This is the standard WIN_CERTIFICATE header, where
              wCertificateType is set to
              WIN_CERT_TYPE_UEFI_GUID.

  @param CertType   This is the unique id which determines the
                    format of the CertData. In this case, the
                    value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.

  @param CertData   This is the certificate data. The format of
                    the data is determined by the CertType. In
                    this case the value is
                    EFI_CERT_BLOCK_RSA_2048_SHA256.

  @param Information  The WIN_CERTIFICATE_UEFI_GUID certificate
                      type allows new types of certificates to
                      be developed for driver authentication
                      without requiring a new certificate type.
                      The CertType defines the format of the
                      CertData, which length is defined by the
                      size of the certificate less the fixed
                      size of the WIN_CERTIFICATE_UEFI_GUID
                      structure.

**/
typedef struct _WIN_CERTIFICATE_UEFI_GUID {
  WIN_CERTIFICATE   Hdr;
  EFI_GUID          CertType;
  // UINT8            CertData[ANYSIZE_ARRAY];
} WIN_CERTIFICATE_UEFI_GUID;


/**
   
  Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital
  signature.
  
  The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
  WIN_CERTIFICATE and encapsulate the information needed to  
  implement the RSASSA-PKCS1-v1_5 digital signature algorithm as  
  specified in RFC2437.  
  
  @param Hdr  This is the standard WIN_CERTIFICATE header, where
              wCertificateType is set to
              WIN_CERT_TYPE_UEFI_PKCS1_15.
  
  @param HashAlgorithm  This is the hashing algorithm which was
                        performed on the UEFI executable when
                        creating the digital signature. It is
                        one of the enumerated values pre-defined
                        in Section 26.4.1. See
                        EFI_HASH_ALGORITHM_x.
  
  @param Signature  This is the actual digital signature. The
                    size of the signature is the same size as
                    the key (1024-bit key is 128 bytes) and can
                    be determined by subtracting the length of
                    the other parts of this header from the
                    total length of the certificate as found in
                    Hdr.dwLength.

**/
typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 {
  WIN_CERTIFICATE Hdr;
  EFI_GUID        HashAlgorithm;
  // UINT8 Signature[ANYSIZE_ARRAY];
} WIN_CERTIFICATE_EFI_PKCS1_15;


/**
   
  AuthInfo is a WIN_CERTIFICATE using the wCertificateType
  WIN_CERTIFICATE_UEFI_GUID and the CertType
  EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies
  authenticated access, then the Data buffer should begin with an
  authentication descriptor prior to the data payload and DataSize
  should reflect the the data.and descriptor size. The caller
  shall digest the Monotonic Count value and the associated data
  for the variable update using the SHA-256 1-way hash algorithm.
  The ensuing the 32-byte digest will be signed using the private
  key associated w/ the public/private 2048-bit RSA key-pair. The
  WIN_CERTIFICATE shall be used to describe the signature of the
  Variable data *Data. In addition, the signature will also
  include the MonotonicCount value to guard against replay attacks
  
  @param  MonotonicCount  Included in the signature of
                          AuthInfo.Used to ensure freshness/no
                          replay. Incremented during each
                          "Write" access.
  
  @param AuthInfo   Provides the authorization for the variable
                    access. It is a signature across the
                    variable data and the  Monotonic Count
                    value. Caller uses Private key that is
                    associated with a public key that has been
                    provisioned via the key exchange.

**/
typedef struct {
  UINT64                      MonotonicCount;
  WIN_CERTIFICATE_UEFI_GUID   AuthInfo;
} EFI_VARIABLE_AUTHENTICATION;

#endif