/** @file
This includes some definitions introduced in UEFI that will be used in both PEI
and DXE phases.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef __UEFI_MULTIPHASE_H__
#define __UEFI_MULTIPHASE_H__
//
// Enumeration of memory types introduced in UEFI.
//
typedef enum {
EfiReservedMemoryType,
EfiLoaderCode,
EfiLoaderData,
EfiBootServicesCode,
EfiBootServicesData,
EfiRuntimeServicesCode,
EfiRuntimeServicesData,
EfiConventionalMemory,
EfiUnusableMemory,
EfiACPIReclaimMemory,
EfiACPIMemoryNVS,
EfiMemoryMappedIO,
EfiMemoryMappedIOPortSpace,
EfiPalCode,
EfiPersistentMemory,
EfiMaxMemoryType
} EFI_MEMORY_TYPE;
//
// Data structure that precedes all of the standard EFI table types.
//
typedef struct {
UINT64 Signature;
UINT32 Revision;
UINT32 HeaderSize;
UINT32 CRC32;
UINT32 Reserved;
} EFI_TABLE_HEADER;
//
// Attributes of variable.
//
#define EFI_VARIABLE_NON_VOLATILE 0x00000001
#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002
#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004
#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008
//
// This attribute is identified by the mnemonic 'HR'
// elsewhere in this specification.
//
#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010
//
// _WIN_CERTIFICATE.wCertificateType
//
#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0
#define WIN_CERT_TYPE_EFI_GUID 0x0EF1
/**
The WIN_CERTIFICATE structure is part of the PE/COFF
specification and has the following definition:
@param dwLength The length of the entire certificate,
including the length of the header, in
bytes.
@param wRevision The revision level of the WIN_CERTIFICATE
structure. The current revision level is
0x0200.
@param wCertificateType The certificate type. See
WIN_CERT_TYPE_xxx for the UEFI
certificate types. The UEFI
specification reserves the range of
certificate type values from 0x0EF0
to 0x0EFF.
@param bCertificate The actual certificate. The format of
the certificate depends on
wCertificateType. The format of the UEFI
certificates is defined below.
**/
typedef struct _WIN_CERTIFICATE {
UINT32 dwLength;
UINT16 wRevision;
UINT16 wCertificateType;
//UINT8 bCertificate[ANYSIZE_ARRAY];
} WIN_CERTIFICATE;
//
// WIN_CERTIFICATE_UEFI_GUID.CertType
//
#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
{0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
//
// WIN_CERTIFICATE_UEFI_GUID.CertData
//
typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {
EFI_GUID HashType;
UINT8 PublicKey[256];
UINT8 Signature[256];
} EFI_CERT_BLOCK_RSA_2048_SHA256;
/**
@param Hdr This is the standard WIN_CERTIFICATE header, where
wCertificateType is set to
WIN_CERT_TYPE_EFI_GUID.
@param CertType This is the unique id which determines the
format of the CertData. In this case, the
value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.
@param CertData This is the certificate data. The format of
the data is determined by the CertType. In
this case the value is
EFI_CERT_BLOCK_RSA_2048_SHA256.
@param Information The WIN_CERTIFICATE_UEFI_GUID certificate
type allows new types of certificates to
be developed for driver authentication
without requiring a new certificate type.
The CertType defines the format of the
CertData, which length is defined by the
size of the certificate less the fixed
size of the WIN_CERTIFICATE_UEFI_GUID
structure.
**/
typedef struct _WIN_CERTIFICATE_UEFI_GUID {
WIN_CERTIFICATE Hdr;
EFI_GUID CertType;
UINT8 CertData[1];
} WIN_CERTIFICATE_UEFI_GUID;
/**
Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital
signature.
The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
WIN_CERTIFICATE and encapsulate the information needed to
implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
specified in RFC2437.
@param Hdr This is the standard WIN_CERTIFICATE header, where
wCertificateType is set to
WIN_CERT_TYPE_UEFI_PKCS1_15.
@param HashAlgorithm This is the hashing algorithm which was
performed on the UEFI executable when
creating the digital signature. It is
one of the enumerated values pre-defined
in Section 26.4.1. See
EFI_HASH_ALGORITHM_x.
@param Signature This is the actual digital signature. The
size of the signature is the same size as
the key (1024-bit key is 128 bytes) and can
be determined by subtracting the length of
the other parts of this header from the
total length of the certificate as found in
Hdr.dwLength.
**/
typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 {
WIN_CERTIFICATE Hdr;
EFI_GUID HashAlgorithm;
// UINT8 Signature[ANYSIZE_ARRAY];
} WIN_CERTIFICATE_EFI_PKCS1_15;
/**
AuthInfo is a WIN_CERTIFICATE using the wCertificateType
WIN_CERTIFICATE_UEFI_GUID and the CertType
EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies
authenticated access, then the Data buffer should begin with an
authentication descriptor prior to the data payload and DataSize
should reflect the data.and descriptor size. The caller
shall digest the Monotonic Count value and the associated data
for the variable update using the SHA-256 1-way hash algorithm.
The ensuing the 32-byte digest will be signed using the private
key associated w/ the public/private 2048-bit RSA key-pair. The
WIN_CERTIFICATE shall be used to describe the signature of the
Variable data *Data. In addition, the signature will also
include the MonotonicCount value to guard against replay attacks
@param MonotonicCount Included in the signature of
AuthInfo.Used to ensure freshness/no
replay. Incremented during each
"Write" access.
@param AuthInfo Provides the authorization for the variable
access. It is a signature across the
variable data and the Monotonic Count
value. Caller uses Private key that is
associated with a public key that has been
provisioned via the key exchange.
**/
typedef struct {
UINT64 MonotonicCount;
WIN_CERTIFICATE_UEFI_GUID AuthInfo;
} EFI_VARIABLE_AUTHENTICATION;
#endif