1/** @file
2  This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.
3
4  Copyright (c) 2006 - 2008, Intel Corporation
5  All rights reserved. This program and the accompanying materials
6  are licensed and made available under the terms and conditions of the BSD License
7  which accompanies this distribution.  The full text of the license may be found at
8  http://opensource.org/licenses/bsd-license.php
9
10  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13**/
14
15#ifndef __UEFI_MULTIPHASE_H__
16#define __UEFI_MULTIPHASE_H__
17
18#include <gpxe/efi/ProcessorBind.h>
19
20///
21/// Enumeration of memory types introduced in UEFI.
22///
23typedef enum {
24  EfiReservedMemoryType,
25  EfiLoaderCode,
26  EfiLoaderData,
27  EfiBootServicesCode,
28  EfiBootServicesData,
29  EfiRuntimeServicesCode,
30  EfiRuntimeServicesData,
31  EfiConventionalMemory,
32  EfiUnusableMemory,
33  EfiACPIReclaimMemory,
34  EfiACPIMemoryNVS,
35  EfiMemoryMappedIO,
36  EfiMemoryMappedIOPortSpace,
37  EfiPalCode,
38  EfiMaxMemoryType
39} EFI_MEMORY_TYPE;
40
41
42///
43/// Data structure that precedes all of the standard EFI table types.
44///
45typedef struct {
46  UINT64  Signature;
47  UINT32  Revision;
48  UINT32  HeaderSize;
49  UINT32  CRC32;
50  UINT32  Reserved;
51} EFI_TABLE_HEADER;
52
53///
54/// Attributes of variable.
55///
56#define EFI_VARIABLE_NON_VOLATILE                 0x00000001
57#define EFI_VARIABLE_BOOTSERVICE_ACCESS           0x00000002
58#define EFI_VARIABLE_RUNTIME_ACCESS               0x00000004
59#define EFI_VARIABLE_HARDWARE_ERROR_RECORD        0x00000008
60
61///
62/// This attribute is identified by the mnemonic 'HR'
63/// elsewhere in this specification.
64///
65#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS   0x00000010
66
67//
68// _WIN_CERTIFICATE.wCertificateType
69//
70#define WIN_CERT_TYPE_EFI_PKCS115   0x0EF0
71#define WIN_CERT_TYPE_EFI_GUID      0x0EF1
72
73///
74/// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
75///
76typedef struct _WIN_CERTIFICATE {
77  ///
78  /// The length of the entire certificate,
79  /// including the length of the header, in bytes.
80  ///
81  UINT32  dwLength;
82  ///
83  /// The revision level of the WIN_CERTIFICATE
84  /// structure. The current revision level is 0x0200.
85  ///
86  UINT16  wRevision;
87  ///
88  /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
89  /// certificate types. The UEFI specification reserves the range of
90  /// certificate type values from 0x0EF0 to 0x0EFF.
91  ///
92  UINT16  wCertificateType;
93  ///
94  /// The following is the actual certificate. The format of
95  /// the certificate depends on wCertificateType.
96  ///
97  /// UINT8 bCertificate[ANYSIZE_ARRAY];
98  ///
99} WIN_CERTIFICATE;
100
101///
102/// WIN_CERTIFICATE_UEFI_GUID.CertType
103///
104#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
105  {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
106
107//
108// WIN_CERTIFICATE_UEFI_GUID.CertData
109//
110typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {
111  UINT32  HashType;
112  UINT8   PublicKey[256];
113  UINT8   Signature[256];
114} EFI_CERT_BLOCK_RSA_2048_SHA256;
115
116
117///
118/// Certificate which encapsulates a GUID-specific digital signature
119///
120typedef struct _WIN_CERTIFICATE_UEFI_GUID {
121  ///
122  /// This is the standard WIN_CERTIFICATE header, where
123  /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID.
124  ///
125  WIN_CERTIFICATE   Hdr;
126  ///
127  /// This is the unique id which determines the
128  /// format of the CertData. In this case, the
129  /// value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.
130  ///
131  EFI_GUID          CertType;
132  ///
133  /// The following is the certificate data. The format of
134  /// the data is determined by the CertType. In this case the value is
135  /// EFI_CERT_BLOCK_RSA_2048_SHA256.
136  ///
137  /// UINT8            CertData[ANYSIZE_ARRAY];
138  ///
139} WIN_CERTIFICATE_UEFI_GUID;
140
141
142///
143/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.
144///
145/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
146/// WIN_CERTIFICATE and encapsulate the information needed to
147/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
148/// specified in RFC2437.
149///
150typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 {
151  ///
152  /// This is the standard WIN_CERTIFICATE header, where
153  /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.
154  ///
155  WIN_CERTIFICATE Hdr;
156  ///
157  /// This is the hashing algorithm which was performed on the
158  /// UEFI executable when creating the digital signature.
159  ///
160  EFI_GUID        HashAlgorithm;
161  ///
162  /// The following is the actual digital signature. The
163  /// size of the signature is the same size as the key
164  /// (1024-bit key is 128 bytes) and can be determined by
165  /// subtracting the length of the other parts of this header
166  /// from the total length of the certificate as found in
167  /// Hdr.dwLength.
168  ///
169  /// UINT8 Signature[ANYSIZE_ARRAY];
170  ///
171} WIN_CERTIFICATE_EFI_PKCS1_15;
172
173
174
175///
176/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType
177/// WIN_CERTIFICATE_UEFI_GUID and the CertType
178/// EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies
179/// authenticated access, then the Data buffer should begin with an
180/// authentication descriptor prior to the data payload and DataSize
181/// should reflect the the data.and descriptor size. The caller
182/// shall digest the Monotonic Count value and the associated data
183/// for the variable update using the SHA-256 1-way hash algorithm.
184/// The ensuing the 32-byte digest will be signed using the private
185/// key associated w/ the public/private 2048-bit RSA key-pair. The
186/// WIN_CERTIFICATE shall be used to describe the signature of the
187/// Variable data *Data. In addition, the signature will also
188/// include the MonotonicCount value to guard against replay attacks
189///
190typedef struct {
191  ///
192  /// Included in the signature of
193  /// AuthInfo.Used to ensure freshness/no
194  /// replay. Incremented during each
195  /// "Write" access.
196  ///
197  UINT64                      MonotonicCount;
198  ///
199  /// Provides the authorization for the variable
200  /// access. It is a signature across the
201  /// variable data and the  Monotonic Count
202  /// value. Caller uses Private key that is
203  /// associated with a public key that has been
204  /// provisioned via the key exchange.
205  ///
206  WIN_CERTIFICATE_UEFI_GUID   AuthInfo;
207} EFI_VARIABLE_AUTHENTICATION;
208
209#endif
210
211