diff options
| -rw-r--r-- | MdePkg/Include/Guid/ImageAuthentication.h | 221 | ||||
| -rw-r--r-- | MdePkg/Include/Guid/MemoryOverwriteControl.h | 76 | ||||
| -rw-r--r-- | MdePkg/Include/Guid/WinCertificate.h | 128 | ||||
| -rw-r--r-- | MdePkg/Include/Protocol/AuthenticationInfo.h | 68 | ||||
| -rw-r--r-- | MdePkg/Include/Protocol/Hash.h | 23 | ||||
| -rw-r--r-- | MdePkg/Include/Uefi/UefiMultiPhase.h | 109 | ||||
| -rw-r--r-- | MdePkg/MdePkg.dec | 27 |
7 files changed, 496 insertions, 156 deletions
diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h new file mode 100644 index 0000000000..b965a42549 --- /dev/null +++ b/MdePkg/Include/Guid/ImageAuthentication.h @@ -0,0 +1,221 @@ +/** @file
+ Platform Key, Key Exchange Key, and Image signature database are defined
+ for the signed image validation.
+
+ Copyright (c) 2009, Intel Corporation
+ All rights reserved. This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+ @par Revision Reference:
+ GUIDs defined in UEFI 2.2 spec.
+**/
+
+#ifndef __IMAGE_AUTHTICATION_H__
+#define __IMAGE_AUTHTICATION_H__
+
+#include <Guid/GlobalVariable.h>
+
+#define EFI_IMAGE_SECURITY_DATABASE_GUID \
+ { \
+ 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \
+ }
+
+///
+/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID
+/// for the authorized signature database.
+///
+#define EFI_IMAGE_SECURITY_DATABASE L"db"
+///
+/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID
+/// for the forbidden signature database.
+///
+#define EFI_IMAGE_SECURITY_DATABASE1 L"dbx"
+
+#define SETUP_MODE 1
+#define USER_MODE 0
+///
+/// Globally "SetupMode" variable to specify whether the system is currently operating
+/// in setup mode (1) or not (0). All other values are reserved.
+///
+#define EFI_SETUP_MODE_NAME L"SetupMode"
+///
+/// Globally "PK" variable for the Platform Key Signature Database.
+///
+#define EFI_PLATFORM_KEY_NAME L"PK"
+///
+/// Globally "KEK" variable for the Key Exchange Key Signature Database.
+///
+#define EFI_KEY_EXCHANGE_KEY_NAME L"KEK"
+///
+/// Globally "SignatureSupport" variable returns an array of GUIDs,
+/// with each GUID representing a type of signature which the platform
+/// firmware supports for images and other data.
+///
+#define EFI_SIGNATURE_SUPPORT_NAME L"SignatureSupport"
+
+//***********************************************************************
+// Signature Database
+//***********************************************************************
+///
+/// The format of a signature database.
+///
+#pragma pack(1)
+
+typedef struct {
+ ///
+ /// An identifier which identifies the agent which added the signature to the list.
+ ///
+ EFI_GUID SignatureOwner;
+ ///
+ /// The format of the signature is defined by the SignatureType.
+ ///
+ UINT8 SignatureData[1];
+} EFI_SIGNATURE_DATA;
+
+typedef struct {
+ ///
+ /// Type of the signature. GUID signature types are defined in below.
+ ///
+ EFI_GUID SignatureType;
+ ///
+ /// Total size of the signature list, including this header.
+ ///
+ UINT32 SignatureListSize;
+ ///
+ /// Size of the signature header which precedes the array of signatures.
+ ///
+ UINT32 SignatureHeaderSize;
+ ///
+ /// Size of each signature.
+ ///
+ UINT32 SignatureSize;
+ ///
+ /// Header before the array of signatures. The format of this header is specified
+ /// by the SignatureType.
+ /// UINT8 SignatureHeader[SignatureHeaderSize];
+ ///
+ /// An array of signatures. Each signature is SignatureSize bytes in length.
+ /// EFI_SIGNATURE_DATA Signatures[][SignatureSize];
+ ///
+} EFI_SIGNATURE_LIST;
+
+#pragma pack()
+
+///
+/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size should
+/// always be 0. The SignatureSize should always be 32 bytes.
+///
+#define EFI_CERT_SHA256_GUID \
+ { \
+ 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \
+ }
+
+///
+/// This identifies a signature containing an RSA-2048 key. The SignatureHeader size should
+/// always be 0. The SignatureSize should always be 256 bytes.
+///
+#define EFI_CERT_RSA2048_GUID \
+ { \
+ 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \
+ }
+
+///
+/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The
+/// SignatureHeader size should always be 0. The SignatureSize should always be 256 bytes.
+///
+#define EFI_CERT_RSA2048_SHA256_GUID \
+ { \
+ 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \
+ }
+
+///
+/// This identifies a signature containing a SHA-1 hash. The SignatureHeader size should always
+/// be 0. The SignatureSize should always be 20 bytes
+///
+#define EFI_CERT_SHA1_GUID \
+ { \
+ 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \
+ }
+
+///
+/// This identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The
+/// SignatureHeader size should always be 0. The SignatureSize should always be 256 bytes.
+///
+#define EFI_CERT_RSA2048_SHA1_GUID \
+ { \
+ 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \
+ }
+
+///
+/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 certificate then
+/// verification of the signature of an image should validate the public key certificate in the image using
+/// certificate path verification, up to this X.509 certificate as a trusted root.
+///
+#define EFI_CERT_X509 \
+ { \
+ 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \
+ }
+
+//***********************************************************************
+// Image Execution Information Table Definition
+//***********************************************************************
+typedef UINT32 EFI_IMAGE_EXECUTION_ACTION;
+
+#define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007
+
+//
+// EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table
+// and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID.
+//
+typedef struct {
+ ///
+ /// Describes the action taken by the firmware regarding this image.
+ ///
+ EFI_IMAGE_EXECUTION_ACTION Action;
+ ///
+ /// Size of all of the entire structure.
+ ///
+ UINT32 InfoSize;
+ ///
+ /// If this image was a UEFI device driver (for option ROM, for example) this is the
+ /// null-terminated, user-friendly name for the device. If the image was for an application,
+ /// then this is the name of the application. If this cannot be determined, then a simple
+ /// NULL character should be put in this position.
+ /// CHAR16 Name[];
+ ///
+
+ ///
+ /// For device drivers, this is the device path of the device for which this device driver
+ /// was intended. In some cases, the driver itself may be stored as part of the system
+ /// firmware, but this field should record the device's path, not the firmware path. For
+ /// applications, this is the device path of the application. If this cannot be determined,
+ /// a simple end-of-path device node should be put in this position.
+ /// EFI_DEVICE_PATH_PROTOCOL DevicePath;
+ ///
+
+ ///
+ /// The image digest of the image. The certificate type must be one of the hash types.
+ /// The hash type must match the type used in the Signature field.
+ ///
+ WIN_CERTIFICATE ImageHash;
+ ///
+ /// Zero or more image signatures. If the image contained no signtures,
+ /// then this field is empty.
+ ///
+ WIN_CERTIFICATE Signature;
+} EFI_IMAGE_EXECUTION_INFO;
+
+extern EFI_GUID gEfiImageSecurityDatabaseGuid;
+extern EFI_GUID gEfiCertSha256Guid;
+extern EFI_GUID gEfiCertRsa2048Guid;
+extern EFI_GUID gEfiCertRsa2048Sha256Guid;
+extern EFI_GUID gEfiCertSha1Guid;
+extern EFI_GUID gEfiCertRsa2048Sha1Guid;
+extern EFI_GUID gEfiCertX509Guid;
+
+#endif
diff --git a/MdePkg/Include/Guid/MemoryOverwriteControl.h b/MdePkg/Include/Guid/MemoryOverwriteControl.h new file mode 100644 index 0000000000..ac50ecd603 --- /dev/null +++ b/MdePkg/Include/Guid/MemoryOverwriteControl.h @@ -0,0 +1,76 @@ +/** @file
+ GUID used for MemoryOverwriteRequestControl UEFI variable defined in
+ TCG Platform Reset Attack Mitigation Specification 1.00.
+ See http://trustedcomputinggroup.org for the latest specification
+
+ The purpose of the MemoryOverwriteRequestControl UEFI variable is to give users (e.g., OS, loader) the ability to
+ indicate to the platform that secrets are present in memory and that the platform firmware must clear memory upon
+ a restart. The OS loader should not create the variable. Rather, the firmware is required to create it.
+
+ Copyright (c) 2009, Intel Corporation
+ All rights reserved. This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _MEMORY_OVERWRITE_CONTROL_DATA_GUID_H_
+#define _MEMORY_OVERWRITE_CONTROL_DATA_GUID_H_
+
+#define MEMORY_ONLY_RESET_CONTROL_GUID \
+ { \
+ 0xe20939be, 0x32d4, 0x41be, {0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29} \
+ }
+
+///
+/// Variable name is "MemoryOverwriteRequestControl" and it is a 1 byte unsigned value.
+/// The attributes should be:
+/// EFI_VARIABLE_NON_VOLATILE |
+/// EFI_VARIABLE_BOOTSERVICE_ACCESS |
+/// EFI_VARIABLE_RUNTIME_ACCESS
+///
+#define MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME L"MemoryOverwriteRequestControl"
+
+///
+/// 0 = Firmware MUST clear the MOR bi
+/// 1 = Firmware MUST set the MOR bit
+///
+#define MOR_CLEAR_MEMORY_BIT_MASK 0x01
+
+///
+/// 0 = Firmware MAY autodetect a clean shutdown of the Static RTM OS.
+/// 1 = Firmware MUST NOT autodetect a clean shutdown of the Static RTM OS.
+///
+#define MOR_DISABLEAUTODETECT_BIT_MASK 0x10
+
+///
+/// MOR field bit offset
+///
+#define MOR_CLEAR_MEMORY_BIT_OFFSET 0
+#define MOR_DISABLEAUTODETECT_BIT_OFFSET 4
+
+/**
+ Return the ClearMemory bit value 0 or 1.
+
+ @param mor 1 byte value that contains ClearMemory and DisableAutoDetect bit.
+
+ @return ClearMemory bit value
+**/
+#define MOR_CLEAR_MEMORY_VALUE(mor) (((UINT8)(mor) & MOR_CLEAR_MEMORY_BIT_MASK) >> MOR_CLEAR_MEMORY_BIT_OFFSET)
+
+/**
+ Return the DisableAutoDetect bit value 0 or 1.
+
+ @param mor 1 byte value that contains ClearMemory and DisableAutoDetect bit.
+
+ @return DisableAutoDetect bit value
+**/
+#define MOR_DISABLE_AUTO_DETECT_VALUE(mor) (((UINT8)(mor) & MOR_DISABLEAUTODETECT_BIT_MASK) >> MOR_DISABLEAUTODETECT_BIT_OFFSET)
+
+extern EFI_GUID gEfiMemoryOverwriteControlDataGuid;
+
+#endif
diff --git a/MdePkg/Include/Guid/WinCertificate.h b/MdePkg/Include/Guid/WinCertificate.h new file mode 100644 index 0000000000..f7a4190c2e --- /dev/null +++ b/MdePkg/Include/Guid/WinCertificate.h @@ -0,0 +1,128 @@ +/** @file
+ GUID for UEFI WIN_CERTIFICATE structure.
+
+ Copyright (c) 2006 - 2009, Intel Corporation
+ All rights reserved. This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+ @par Revision Reference:
+ GUID defined in UEFI 2.0 spec.
+**/
+
+#ifndef __EFI_WIN_CERTIFICATE_H__
+#define __EFI_WIN_CERTIFICATE_H__
+
+//
+// _WIN_CERTIFICATE.wCertificateType
+//
+#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002
+#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0
+#define WIN_CERT_TYPE_EFI_GUID 0x0EF1
+
+///
+/// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
+///
+typedef struct {
+ ///
+ /// The length of the entire certificate,
+ /// including the length of the header, in bytes.
+ ///
+ UINT32 dwLength;
+ ///
+ /// The revision level of the WIN_CERTIFICATE
+ /// structure. The current revision level is 0x0200.
+ ///
+ UINT16 wRevision;
+ ///
+ /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
+ /// certificate types. The UEFI specification reserves the range of
+ /// certificate type values from 0x0EF0 to 0x0EFF.
+ ///
+ UINT16 wCertificateType;
+ ///
+ /// The following is the actual certificate. The format of
+ /// the certificate depends on wCertificateType.
+ ///
+ /// UINT8 bCertificate[ANYSIZE_ARRAY];
+ ///
+} WIN_CERTIFICATE;
+
+///
+/// WIN_CERTIFICATE_UEFI_GUID.CertType
+///
+#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
+ {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
+
+///
+/// WIN_CERTIFICATE_UEFI_GUID.CertData
+///
+typedef struct {
+ UINT32 HashType;
+ UINT8 PublicKey[256];
+ UINT8 Signature[256];
+} EFI_CERT_BLOCK_RSA_2048_SHA256;
+
+
+///
+/// Certificate which encapsulates a GUID-specific digital signature
+///
+typedef struct {
+ ///
+ /// This is the standard WIN_CERTIFICATE header, where
+ /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID.
+ ///
+ WIN_CERTIFICATE Hdr;
+ ///
+ /// This is the unique id which determines the
+ /// format of the CertData. .
+ ///
+ EFI_GUID CertType;
+ ///
+ /// The following is the certificate data. The format of
+ /// the data is determined by the CertType.
+ /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID,
+ /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure.
+ ///
+ UINT8 CertData[1];
+} WIN_CERTIFICATE_UEFI_GUID;
+
+
+///
+/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.
+///
+/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
+/// WIN_CERTIFICATE and encapsulate the information needed to
+/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
+/// specified in RFC2437.
+///
+typedef struct {
+ ///
+ /// This is the standard WIN_CERTIFICATE header, where
+ /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.
+ ///
+ WIN_CERTIFICATE Hdr;
+ ///
+ /// This is the hashing algorithm which was performed on the
+ /// UEFI executable when creating the digital signature.
+ ///
+ EFI_GUID HashAlgorithm;
+ ///
+ /// The following is the actual digital signature. The
+ /// size of the signature is the same size as the key
+ /// (1024-bit key is 128 bytes) and can be determined by
+ /// subtracting the length of the other parts of this header
+ /// from the total length of the certificate as found in
+ /// Hdr.dwLength.
+ ///
+ /// UINT8 Signature[];
+ ///
+} WIN_CERTIFICATE_EFI_PKCS1_15;
+
+extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid;
+
+#endif
diff --git a/MdePkg/Include/Protocol/AuthenticationInfo.h b/MdePkg/Include/Protocol/AuthenticationInfo.h index b520327834..a3c9b97377 100644 --- a/MdePkg/Include/Protocol/AuthenticationInfo.h +++ b/MdePkg/Include/Protocol/AuthenticationInfo.h @@ -34,6 +34,7 @@ typedef struct _EFI_AUTHENTICATION_INFO_PROTOCOL EFI_AUTHENTICATION_INFO_PROTOCOL;
+#pragma pack(1)
typedef struct {
///
/// Authentication Type GUID.
@@ -52,7 +53,7 @@ typedef struct { ///
/// RADIUS Server IPv4 or IPv6 Address
///
- EFI_IPv6_ADDRESS RadiusIpAddr; ///< IPv4 or IPv6 address
+ UINT8 RadiusIpAddr[16]; ///< IPv4 or IPv6 address
///
/// Reserved for future use
@@ -62,7 +63,7 @@ typedef struct { ///
/// Network Access Server IPv4 or IPv6 Address (OPTIONAL)
///
- EFI_IPv6_ADDRESS NasIpAddr; ///< IPv4 or IPv6 address
+ UINT8 NasIpAddr[16]; ///< IPv4 or IPv6 address
///
/// Network Access Server Secret Length in bytes (OPTIONAL)
@@ -70,29 +71,27 @@ typedef struct { UINT16 NasSecretLength;
///
- /// Network Access Server secret (OPTIONAL)
+ /// Network Access Server Secret (OPTIONAL)
///
- UINT8 *NasSecret;
+ UINT8 NasSecret[1];
+ ///
+ /// CHAP Initiator Secret length in bytes on offset NasSecret + NasSecretLength.
///
- /// CHAP Initiator Secret length in bytes
- ///
- UINT16 ChapSecretLength;
-
+ /// UINT16 ChapSecretLength;
///
/// CHAP Initiator Secret
///
- UINT8 *ChapSecret;
-
+ /// UINT8 ChapSecret[];
///
- /// CHAP Initiator Name Length in bytes
+ /// CHAP Initiator Name Length in bytes on offset ChapSecret + ChapSecretLength
///
- UINT16 ChapNameLength;
-
+ /// UINT16 ChapNameLength;
///
/// CHAP Initiator Name
///
- UINT8 *ChapName;
+ /// UINT8 ChapName[];
+ ///
} CHAP_RADIUS_AUTH_NODE;
typedef struct {
@@ -111,45 +110,42 @@ typedef struct { ///
/// User Secret
///
- UINT8 *UserSecret;
+ UINT8 UserSecret[1];
///
- /// User Name Length in bytes
+ /// User Name Length in bytes on offset UserSecret + UserSecretLength
///
- UINT16 UserNameLength;
-
+ /// UINT16 UserNameLength;
///
/// User Name
///
- UINT8 *UserName;
-
+ /// UINT8 *UserName;
///
- /// CHAP Initiator Secret length in bytes
+ /// CHAP Initiator Secret length in bytes on offset UserName + UserNameLength
///
- UINT16 ChapSecretLength;
-
+ /// UINT16 ChapSecretLength;
///
/// CHAP Initiator Secret
///
- UINT8 *ChapSecret;
-
+ /// UINT8 *ChapSecret;
///
- /// CHAP Initiator Name Length in bytes
+ /// CHAP Initiator Name Length in bytes on offset ChapSecret + ChapSecretLength
///
- UINT16 ChapNameLength;
-
+ /// UINT16 ChapNameLength;
///
/// CHAP Initiator Name
///
- UINT8 *ChapName;
+ /// UINT8 *ChapName;
+ ///
} CHAP_LOCAL_AUTH_NODE;
+#pragma pack()
/**
Retrieves the authentication information associated with a particular controller handle.
- @param This Pointer to the EFI_AUTHENTICATION_INFO_PROTOCOL
- @param ControllerHandle Handle to the Controller
- @param Buffer Pointer to the authentication information.
+ @param[in] This Pointer to the EFI_AUTHENTICATION_INFO_PROTOCOL
+ @param[in] ControllerHandle Handle to the Controller
+ @param[out] Buffer Pointer to the authentication information.
@retval EFI_SUCCESS Successfully retrieved authentication information for the given ControllerHandle
@retval EFI_INVALID_PARAMETER No matching authentication information found for the given ControllerHandle
@@ -163,14 +159,14 @@ EFI_STATUS IN EFI_AUTHENTICATION_INFO_PROTOCOL *This,
IN EFI_HANDLE *ControllerHandle,
OUT VOID *Buffer
- );
+ );
/**
Set the authentication information for a given controller handle.
- @param This Pointer to the EFI_AUTHENTICATION_INFO_PROTOCOL
- @param ControllerHandle Handle to the Controller
- @param Buffer Pointer to the authentication information.
+ @param[in] This Pointer to the EFI_AUTHENTICATION_INFO_PROTOCOL
+ @param[in] ControllerHandle Handle to the Controller
+ @param[in] Buffer Pointer to the authentication information.
@retval EFI_SUCCESS Successfully set authentication information for the given ControllerHandle
@retval EFI_UNSUPPORTED If the platform policies do not allow setting of the authentication
diff --git a/MdePkg/Include/Protocol/Hash.h b/MdePkg/Include/Protocol/Hash.h index fda852fd90..b9ed6daa6d 100644 --- a/MdePkg/Include/Protocol/Hash.h +++ b/MdePkg/Include/Protocol/Hash.h @@ -4,7 +4,6 @@ The EFI Hash Service Binding Protocol is used to locate hashing services support
provided by a driver and to create and destroy instances of the EFI Hash Protocol
so that a multiple drivers can use the underlying hashing services.
- The EFI Service Binding Protocol defines the generic Service Binding Protocol functions.
Copyright (c) 2006 - 2009, Intel Corporation
All rights reserved. This program and the accompanying materials
@@ -81,9 +80,9 @@ typedef union { /**
Returns the size of the hash which results from a specific algorithm.
- @param This Points to this instance of EFI_HASH_PROTOCOL.
- @param HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.
- @param HashSize Holds the returned size of the algorithm's hash.
+ @param[in] This Points to this instance of EFI_HASH_PROTOCOL.
+ @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.
+ @param[out] HashSize Holds the returned size of the algorithm's hash.
@retval EFI_SUCCESS Hash size returned successfully.
@retval EFI_INVALID_PARAMETER HashSize is NULL
@@ -102,14 +101,14 @@ EFI_STATUS /**
Returns the size of the hash which results from a specific algorithm.
- @param This Points to this instance of EFI_HASH_PROTOCOL.
- @param HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.
- @param Extend Specifies whether to create a new hash (FALSE) or extend the specified
- existing hash (TRUE).
- @param Message Points to the start of the message.
- @param MessageSize The size of Message, in bytes.
- @param Hash On input, if Extend is TRUE, then this holds the hash to extend. On
- output, holds the resulting hash computed from the message.
+ @param[in] This Points to this instance of EFI_HASH_PROTOCOL.
+ @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.
+ @param[in] Extend Specifies whether to create a new hash (FALSE) or extend the specified
+ existing hash (TRUE).
+ @param[in] Message Points to the start of the message.
+ @param[in] MessageSize The size of Message, in bytes.
+ @param[in,out] Hash On input, if Extend is TRUE, then this holds the hash to extend. On
+ output, holds the resulting hash computed from the message.
@retval EFI_SUCCESS Hash returned successfully.
@retval EFI_INVALID_PARAMETER Message or Hash is NULL
diff --git a/MdePkg/Include/Uefi/UefiMultiPhase.h b/MdePkg/Include/Uefi/UefiMultiPhase.h index f82a8ae792..7c4cec1103 100644 --- a/MdePkg/Include/Uefi/UefiMultiPhase.h +++ b/MdePkg/Include/Uefi/UefiMultiPhase.h @@ -15,6 +15,7 @@ #ifndef __UEFI_MULTIPHASE_H__
#define __UEFI_MULTIPHASE_H__
+#include <Guid/WinCertificate.h>
///
/// Enumeration of memory types introduced in UEFI.
///
@@ -130,114 +131,6 @@ typedef struct { ///
#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010
-//
-// _WIN_CERTIFICATE.wCertificateType
-//
-#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0
-#define WIN_CERT_TYPE_EFI_GUID 0x0EF1
-
-///
-/// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
-///
-typedef struct _WIN_CERTIFICATE {
- ///
- /// The length of the entire certificate,
- /// including the length of the header, in bytes.
- ///
- UINT32 dwLength;
- ///
- /// The revision level of the WIN_CERTIFICATE
- /// structure. The current revision level is 0x0200.
- ///
- UINT16 wRevision;
- ///
- /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
- /// certificate types. The UEFI specification reserves the range of
- /// certificate type values from 0x0EF0 to 0x0EFF.
- ///
- UINT16 wCertificateType;
- ///
- /// The following is the actual certificate. The format of
- /// the certificate depends on wCertificateType.
- ///
- /// UINT8 bCertificate[ANYSIZE_ARRAY];
- ///
-} WIN_CERTIFICATE;
-
-///
-/// WIN_CERTIFICATE_UEFI_GUID.CertType
-///
-#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
- {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
-
-///
-/// WIN_CERTIFICATE_UEFI_GUID.CertData
-///
-typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 {
- UINT32 HashType;
- UINT8 PublicKey[256];
- UINT8 Signature[256];
-} EFI_CERT_BLOCK_RSA_2048_SHA256;
-
-
-///
-/// Certificate which encapsulates a GUID-specific digital signature
-///
-typedef struct _WIN_CERTIFICATE_UEFI_GUID {
- ///
- /// This is the standard WIN_CERTIFICATE header, where
- /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID.
- ///
- WIN_CERTIFICATE Hdr;
- ///
- /// This is the unique id which determines the
- /// format of the CertData. In this case, the
- /// value is EFI_CERT_TYPE_RSA2048_SHA256_GUID.
- ///
- EFI_GUID CertType;
- ///
- /// The following is the certificate data. The format of
- /// the data is determined by the CertType. In this case the value is
- /// EFI_CERT_BLOCK_RSA_2048_SHA256.
- ///
- /// UINT8 CertData[ANYSIZE_ARRAY];
- ///
-} WIN_CERTIFICATE_UEFI_GUID;
-
-
-///
-/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.
-///
-/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
-/// WIN_CERTIFICATE and encapsulate the information needed to
-/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
-/// specified in RFC2437.
-///
-typedef struct _WIN_CERTIFICATE_EFI_PKCS1_15 {
- ///
- /// This is the standard WIN_CERTIFICATE header, where
- /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.
- ///
- WIN_CERTIFICATE Hdr;
- ///
- /// This is the hashing algorithm which was performed on the
- /// UEFI executable when creating the digital signature.
- ///
- EFI_GUID HashAlgorithm;
- ///
- /// The following is the actual digital signature. The
- /// size of the signature is the same size as the key
- /// (1024-bit key is 128 bytes) and can be determined by
- /// subtracting the length of the other parts of this header
- /// from the total length of the certificate as found in
- /// Hdr.dwLength.
- ///
- /// UINT8 Signature[ANYSIZE_ARRAY];
- ///
-} WIN_CERTIFICATE_EFI_PKCS1_15;
-
-
-
///
/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType
/// WIN_CERTIFICATE_UEFI_GUID and the CertType
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index acbd6a69c8..72baed191e 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -317,6 +317,33 @@ ## Include/Guid/HiiPlatformSetupFormset.h
gEfiHiiPlatformSetupFormsetGuid = { 0x93039971, 0x8545, 0x4b04, { 0xb4, 0x5e, 0x32, 0xeb, 0x83, 0x26, 0x04, 0x0e }}
+ ## Include/Guid/MemoryOverwriteControl.h
+ gEfiMemoryOverwriteControlDataGuid = { 0xe20939be, 0x32d4, 0x41be, {0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29 }}
+
+ ## Include/Guid/WinCertificate.h
+ gEfiCertTypeRsa2048Sha256Guid = { 0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf }}
+
+ ## Include/Guid/ImageAuthentication.h
+ gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }}
+
+ ## Include/Guid/ImageAuthentication.h
+ gEfiCertSha256Guid = { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }}
+
+ ## Include/Guid/ImageAuthentication.h
+ gEfiCertRsa2048Guid = { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}
+
+ ## Include/Guid/ImageAuthentication.h
+ gEfiCertRsa2048Sha256Guid = { 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
+
+ ## Include/Guid/ImageAuthentication.h
+ gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }}
+
+ ## Include/Guid/ImageAuthentication.h
+ gEfiCertRsa2048Sha1Guid = {0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}
+
+ ## Include/Guid/ImageAuthentication.h
+ gEfiCertX509Guid = { 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 }}
+
#
# GUID defined in PI1.0
#
|