1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
//**********************************************************************
//**********************************************************************
//** **
//** (C)Copyright 1985-2011, American Megatrends, Inc. **
//** **
//** All Rights Reserved. **
//** **
//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
//** **
//** Phone: (770)-246-8600 **
//** **
//**********************************************************************
//**********************************************************************
//**********************************************************************
// $Header: /Alaska/SOURCE/Modules/SecureBoot_WIN8/ImageVerification_efi/DxeImageVerificationLib.h 3 3/15/13 4:59p Alexp $
//
// $Revision: 3 $
//
// $Date: 3/15/13 4:59p $
//**********************************************************************
// Revision History
// ----------------
// $Log: /Alaska/SOURCE/Modules/SecureBoot_WIN8/ImageVerification_efi/DxeImageVerificationLib.h $
//
// 3 3/15/13 4:59p Alexp
// EIP:118243 add support for multi-signed PE Images
//
// 2 4/20/12 5:14p Alexp
// Add new function to install the handle on Efi System Table with the
// location
// within DB variable of the Trusted Certificate that was used to verify
// signature of Efi OS BootLoader image.
//
// 1 6/13/11 5:25p Alexp
//
// 2 5/10/11 5:05p Alexp
// add header & footer
//
//
//
//**********************************************************************
//
// This file contains an 'Intel Peripheral Driver' and is
// licensed for Intel CPUs and chipsets under the terms of your
// license agreement with Intel or your vendor. This file may
// be modified by the user, subject to additional terms of the
// license agreement
//
/** @file
The internal header file includes the common header files, defines
internal structure and functions used by ImageVerificationLib.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved. <BR>
This software and associated documentation (if any) is furnished
under a license and may only be used or copied in accordance
with the terms of the license. Except as permitted by such
license, no part of this software or documentation may be
reproduced, stored in a retrieval system, or transmitted in any
form or by any means without the express written consent of
Intel Corporation.
**/
#ifndef __IMAGEVERIFICATIONLIB_H__
#define __IMAGEVERIFICATIONLIB_H__
#include <Protocol/FirmwareVolume.h>
#include <Protocol/DevicePath.h>
#include <Protocol/BlockIo.h>
#include <Protocol/SimpleFileSystem.h>
#include "WinCertificate.h"
#include <ImageAuthentication.h>
#include <Protocol/Hash.h>
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
#define EFI_CERT_TYPE_RSA2048_SIZE 256
#define EFI_CERT_TYPE_SHA256_SIZE 32
#define MAX_NOTIFY_STRING_LEN 64
//
// Image type definitions
//
#define IMAGE_UNKNOWN 0x00000000
#define IMAGE_FROM_FV 0x00000001
#define IMAGE_FROM_OPTION_ROM 0x00000002
#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003
#define IMAGE_FROM_FIXED_MEDIA 0x00000004
//
// Authorization policy bit definition
//
#define ALWAYS_EXECUTE 0x00000000
#define NEVER_EXECUTE 0x00000001
#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002
#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
//
// Support hash types
//
#define HASHALG_SHA1 0x00000001
#define HASHALG_SHA256 0x00000002
#define MAX_ELEM_NUM 28 // TBD. ~20 max number of PE hdr elements to be hashed in one pass
///
/// SHA-1 digest size in bytes.
///
#define SHA1_DIGEST_SIZE 20
///
/// SHA-256 digest size in bytes
///
#define SHA256_DIGEST_SIZE 32
//
// Set max digest size as SHA256 Output (32 bytes) by far
//
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
#define ALIGNMENT_SIZE 8
#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)
#ifndef OFFSET_OF
#define OFFSET_OF(TYPE, Field) ((UINTN) &(((TYPE *)0)->Field))
#endif
//defined for every CPU architecture
// Maximum legal IA-32 address
#ifndef EFI_MAX_ADDRESS
#define EFI_MAX_ADDRESS 0xFFFFFFFF
#endif
//
//
// PKCS7 Certificate definition
//
typedef struct _WIN_CERTIFICATE_EFI_PKCS {
WIN_CERTIFICATE Hdr;
UINT8 CertData[1];
} WIN_CERTIFICATE_EFI_PKCS;
//
// Definitions for Efi System table entry to store the location within DB variable
// of the Trusted Certificate that was used to verify Efi OS BootLoader image
//
//6683D10C-CF6E-4914-B5B4-AB8ED7370ED7
#define AMI_VALID_BOOT_IMAGE_CERT_TBL_GUID \
{ 0x6683D10C, 0xCF6E, 0x4914, 0xB5, 0xB4, 0xAB, 0x8E, 0xD7, 0x37, 0x0E, 0xD7 }
//
//
// Data Table definition
//
typedef struct _AMI_VALID_CERT_IN_SIG_DB {
UINT32 SigOffset;
UINT32 SigLength;
} AMI_VALID_CERT_IN_SIG_DB;
#endif
//**********************************************************************
//**********************************************************************
//** **
//** (C)Copyright 1985-2011, American Megatrends, Inc. **
//** **
//** All Rights Reserved. **
//** **
//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
//** **
//** Phone: (770)-246-8600 **
//** **
//**********************************************************************
//**********************************************************************
//**********************************************************************
|
