00001 /** @file 00002 This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases. 00003 00004 Copyright (c) 2006 - 2008, Intel Corporation 00005 All rights reserved. This program and the accompanying materials 00006 are licensed and made available under the terms and conditions of the BSD License 00007 which accompanies this distribution. The full text of the license may be found at 00008 http://opensource.org/licenses/bsd-license.php 00009 00010 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 00011 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 00012 00013 **/ 00014 00015 #ifndef __UEFI_MULTIPHASE_H__ 00016 #define __UEFI_MULTIPHASE_H__ 00017 00018 #include <gpxe/efi/ProcessorBind.h> 00019 00020 /// 00021 /// Enumeration of memory types introduced in UEFI. 00022 /// 00023 typedef enum { 00024 EfiReservedMemoryType, 00025 EfiLoaderCode, 00026 EfiLoaderData, 00027 EfiBootServicesCode, 00028 EfiBootServicesData, 00029 EfiRuntimeServicesCode, 00030 EfiRuntimeServicesData, 00031 EfiConventionalMemory, 00032 EfiUnusableMemory, 00033 EfiACPIReclaimMemory, 00034 EfiACPIMemoryNVS, 00035 EfiMemoryMappedIO, 00036 EfiMemoryMappedIOPortSpace, 00037 EfiPalCode, 00038 EfiMaxMemoryType 00039 } EFI_MEMORY_TYPE; 00040 00041 00042 /// 00043 /// Data structure that precedes all of the standard EFI table types. 00044 /// 00045 typedef struct { 00046 UINT64 Signature; 00047 UINT32 Revision; 00048 UINT32 HeaderSize; 00049 UINT32 CRC32; 00050 UINT32 Reserved; 00051 } EFI_TABLE_HEADER; 00052 00053 /// 00054 /// Attributes of variable. 00055 /// 00056 #define EFI_VARIABLE_NON_VOLATILE 0x00000001 00057 #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 00058 #define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 00059 #define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008 00060 00061 /// 00062 /// This attribute is identified by the mnemonic 'HR' 00063 /// elsewhere in this specification. 00064 /// 00065 #define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 00066 00067 // 00068 // _WIN_CERTIFICATE.wCertificateType 00069 // 00070 #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0 00071 #define WIN_CERT_TYPE_EFI_GUID 0x0EF1 00072 00073 /// 00074 /// The WIN_CERTIFICATE structure is part of the PE/COFF specification. 00075 /// 00076 typedef struct _WIN_CERTIFICATE { 00077 /// 00078 /// The length of the entire certificate, 00079 /// including the length of the header, in bytes. 00080 /// 00081 UINT32 dwLength; 00082 /// 00083 /// The revision level of the WIN_CERTIFICATE 00084 /// structure. The current revision level is 0x0200. 00085 /// 00086 UINT16 wRevision; 00087 /// 00088 /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI 00089 /// certificate types. The UEFI specification reserves the range of 00090 /// certificate type values from 0x0EF0 to 0x0EFF. 00091 /// 00092 UINT16 wCertificateType; 00093 /// 00094 /// The following is the actual certificate. The format of 00095 /// the certificate depends on wCertificateType. 00096 /// 00097 /// UINT8 bCertificate[ANYSIZE_ARRAY]; 00098 /// 00099 } WIN_CERTIFICATE; 00100 00101 /// 00102 /// WIN_CERTIFICATE_UEFI_GUID.CertType 00103 /// 00104 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ 00105 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } 00106 00107 // 00108 // WIN_CERTIFICATE_UEFI_GUID.CertData 00109 // 00110 typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 { 00111 UINT32 HashType; 00112 UINT8 PublicKey[256]; 00113 UINT8 Signature[256]; 00114 } EFI_CERT_BLOCK_RSA_2048_SHA256; 00115 00116 00117 /// 00118 /// Certificate which encapsulates a GUID-specific digital signature 00119 /// 00120 typedef struct _WIN_CERTIFICATE_UEFI_GUID { 00121 /// 00122 /// This is the standard WIN_CERTIFICATE header, where 00123 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID. 00124 /// 00125 WIN_CERTIFICATE Hdr; 00126 /// 00127 /// This is the unique id which determines the 00128 /// format of the CertData. In this case, the 00129 /// value is EFI_CERT_TYPE_RSA2048_SHA256_GUID. 00130 /// 00131 EFI_GUID CertType; 00132 /// 00133 /// The following is the certificate data. The format of 00134 /// the data is determined by the CertType. In this case the value is 00135 /// EFI_CERT_BLOCK_RSA_2048_SHA256. 00136 /// 00137 /// UINT8 CertData[ANYSIZE_ARRAY]; 00138 /// 00139 } WIN_CERTIFICATE_UEFI_GUID; 00140 00141 00142 /// 00143 /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature. 00144 /// 00145 /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from 00146 /// WIN_CERTIFICATE and encapsulate the information needed to 00147 /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as 00148 /// specified in RFC2437. 00149 /// 00150 typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 { 00151 /// 00152 /// This is the standard WIN_CERTIFICATE header, where 00153 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. 00154 /// 00155 WIN_CERTIFICATE Hdr; 00156 /// 00157 /// This is the hashing algorithm which was performed on the 00158 /// UEFI executable when creating the digital signature. 00159 /// 00160 EFI_GUID HashAlgorithm; 00161 /// 00162 /// The following is the actual digital signature. The 00163 /// size of the signature is the same size as the key 00164 /// (1024-bit key is 128 bytes) and can be determined by 00165 /// subtracting the length of the other parts of this header 00166 /// from the total length of the certificate as found in 00167 /// Hdr.dwLength. 00168 /// 00169 /// UINT8 Signature[ANYSIZE_ARRAY]; 00170 /// 00171 } WIN_CERTIFICATE_EFI_PKCS1_15; 00172 00173 00174 00175 /// 00176 /// AuthInfo is a WIN_CERTIFICATE using the wCertificateType 00177 /// WIN_CERTIFICATE_UEFI_GUID and the CertType 00178 /// EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies 00179 /// authenticated access, then the Data buffer should begin with an 00180 /// authentication descriptor prior to the data payload and DataSize 00181 /// should reflect the the data.and descriptor size. The caller 00182 /// shall digest the Monotonic Count value and the associated data 00183 /// for the variable update using the SHA-256 1-way hash algorithm. 00184 /// The ensuing the 32-byte digest will be signed using the private 00185 /// key associated w/ the public/private 2048-bit RSA key-pair. The 00186 /// WIN_CERTIFICATE shall be used to describe the signature of the 00187 /// Variable data *Data. In addition, the signature will also 00188 /// include the MonotonicCount value to guard against replay attacks 00189 /// 00190 typedef struct { 00191 /// 00192 /// Included in the signature of 00193 /// AuthInfo.Used to ensure freshness/no 00194 /// replay. Incremented during each 00195 /// "Write" access. 00196 /// 00197 UINT64 MonotonicCount; 00198 /// 00199 /// Provides the authorization for the variable 00200 /// access. It is a signature across the 00201 /// variable data and the Monotonic Count 00202 /// value. Caller uses Private key that is 00203 /// associated with a public key that has been 00204 /// provisioned via the key exchange. 00205 /// 00206 WIN_CERTIFICATE_UEFI_GUID AuthInfo; 00207 } EFI_VARIABLE_AUTHENTICATION; 00208 00209 #endif 00210
1.5.7.1