1/** @file 2 This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases. 3 4 Copyright (c) 2006 - 2008, Intel Corporation 5 All rights reserved. This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 http://opensource.org/licenses/bsd-license.php 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 13**/ 14 15#ifndef __UEFI_MULTIPHASE_H__ 16#define __UEFI_MULTIPHASE_H__ 17 18#include <gpxe/efi/ProcessorBind.h> 19 20/// 21/// Enumeration of memory types introduced in UEFI. 22/// 23typedef enum { 24 EfiReservedMemoryType, 25 EfiLoaderCode, 26 EfiLoaderData, 27 EfiBootServicesCode, 28 EfiBootServicesData, 29 EfiRuntimeServicesCode, 30 EfiRuntimeServicesData, 31 EfiConventionalMemory, 32 EfiUnusableMemory, 33 EfiACPIReclaimMemory, 34 EfiACPIMemoryNVS, 35 EfiMemoryMappedIO, 36 EfiMemoryMappedIOPortSpace, 37 EfiPalCode, 38 EfiMaxMemoryType 39} EFI_MEMORY_TYPE; 40 41 42/// 43/// Data structure that precedes all of the standard EFI table types. 44/// 45typedef struct { 46 UINT64 Signature; 47 UINT32 Revision; 48 UINT32 HeaderSize; 49 UINT32 CRC32; 50 UINT32 Reserved; 51} EFI_TABLE_HEADER; 52 53/// 54/// Attributes of variable. 55/// 56#define EFI_VARIABLE_NON_VOLATILE 0x00000001 57#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 58#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 59#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008 60 61/// 62/// This attribute is identified by the mnemonic 'HR' 63/// elsewhere in this specification. 64/// 65#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 66 67// 68// _WIN_CERTIFICATE.wCertificateType 69// 70#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0 71#define WIN_CERT_TYPE_EFI_GUID 0x0EF1 72 73/// 74/// The WIN_CERTIFICATE structure is part of the PE/COFF specification. 75/// 76typedef struct _WIN_CERTIFICATE { 77 /// 78 /// The length of the entire certificate, 79 /// including the length of the header, in bytes. 80 /// 81 UINT32 dwLength; 82 /// 83 /// The revision level of the WIN_CERTIFICATE 84 /// structure. The current revision level is 0x0200. 85 /// 86 UINT16 wRevision; 87 /// 88 /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI 89 /// certificate types. The UEFI specification reserves the range of 90 /// certificate type values from 0x0EF0 to 0x0EFF. 91 /// 92 UINT16 wCertificateType; 93 /// 94 /// The following is the actual certificate. The format of 95 /// the certificate depends on wCertificateType. 96 /// 97 /// UINT8 bCertificate[ANYSIZE_ARRAY]; 98 /// 99} WIN_CERTIFICATE; 100 101/// 102/// WIN_CERTIFICATE_UEFI_GUID.CertType 103/// 104#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ 105 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } 106 107// 108// WIN_CERTIFICATE_UEFI_GUID.CertData 109// 110typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 { 111 UINT32 HashType; 112 UINT8 PublicKey[256]; 113 UINT8 Signature[256]; 114} EFI_CERT_BLOCK_RSA_2048_SHA256; 115 116 117/// 118/// Certificate which encapsulates a GUID-specific digital signature 119/// 120typedef struct _WIN_CERTIFICATE_UEFI_GUID { 121 /// 122 /// This is the standard WIN_CERTIFICATE header, where 123 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID. 124 /// 125 WIN_CERTIFICATE Hdr; 126 /// 127 /// This is the unique id which determines the 128 /// format of the CertData. In this case, the 129 /// value is EFI_CERT_TYPE_RSA2048_SHA256_GUID. 130 /// 131 EFI_GUID CertType; 132 /// 133 /// The following is the certificate data. The format of 134 /// the data is determined by the CertType. In this case the value is 135 /// EFI_CERT_BLOCK_RSA_2048_SHA256. 136 /// 137 /// UINT8 CertData[ANYSIZE_ARRAY]; 138 /// 139} WIN_CERTIFICATE_UEFI_GUID; 140 141 142/// 143/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature. 144/// 145/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from 146/// WIN_CERTIFICATE and encapsulate the information needed to 147/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as 148/// specified in RFC2437. 149/// 150typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 { 151 /// 152 /// This is the standard WIN_CERTIFICATE header, where 153 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. 154 /// 155 WIN_CERTIFICATE Hdr; 156 /// 157 /// This is the hashing algorithm which was performed on the 158 /// UEFI executable when creating the digital signature. 159 /// 160 EFI_GUID HashAlgorithm; 161 /// 162 /// The following is the actual digital signature. The 163 /// size of the signature is the same size as the key 164 /// (1024-bit key is 128 bytes) and can be determined by 165 /// subtracting the length of the other parts of this header 166 /// from the total length of the certificate as found in 167 /// Hdr.dwLength. 168 /// 169 /// UINT8 Signature[ANYSIZE_ARRAY]; 170 /// 171} WIN_CERTIFICATE_EFI_PKCS1_15; 172 173 174 175/// 176/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType 177/// WIN_CERTIFICATE_UEFI_GUID and the CertType 178/// EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies 179/// authenticated access, then the Data buffer should begin with an 180/// authentication descriptor prior to the data payload and DataSize 181/// should reflect the the data.and descriptor size. The caller 182/// shall digest the Monotonic Count value and the associated data 183/// for the variable update using the SHA-256 1-way hash algorithm. 184/// The ensuing the 32-byte digest will be signed using the private 185/// key associated w/ the public/private 2048-bit RSA key-pair. The 186/// WIN_CERTIFICATE shall be used to describe the signature of the 187/// Variable data *Data. In addition, the signature will also 188/// include the MonotonicCount value to guard against replay attacks 189/// 190typedef struct { 191 /// 192 /// Included in the signature of 193 /// AuthInfo.Used to ensure freshness/no 194 /// replay. Incremented during each 195 /// "Write" access. 196 /// 197 UINT64 MonotonicCount; 198 /// 199 /// Provides the authorization for the variable 200 /// access. It is a signature across the 201 /// variable data and the Monotonic Count 202 /// value. Caller uses Private key that is 203 /// associated with a public key that has been 204 /// provisioned via the key exchange. 205 /// 206 WIN_CERTIFICATE_UEFI_GUID AuthInfo; 207} EFI_VARIABLE_AUTHENTICATION; 208 209#endif 210 211