Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/contrib/edk2/Include/Guid/ImageAuthentication.h
96339 views
1
/** @file

2
  Image signature database are defined for the signed image validation.

3


4
  Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.<BR>

5
  SPDX-License-Identifier: BSD-2-Clause-Patent

6


7
  @par Revision Reference:

8
  GUIDs defined in UEFI 2.5 spec.

9
**/

10


11
#ifndef __IMAGE_AUTHTICATION_H__

12
#define __IMAGE_AUTHTICATION_H__

13


14
#include <Guid/GlobalVariable.h>

15
#include <Protocol/Hash.h>

16


17
#define EFI_IMAGE_SECURITY_DATABASE_GUID \

18
  { \

19
    0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \

20
  }

21


22
///

23
/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID

24
/// for the authorized signature database.

25
///

26
#define EFI_IMAGE_SECURITY_DATABASE  L"db"

27
///

28
/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID

29
/// for the forbidden signature database.

30
///

31
#define EFI_IMAGE_SECURITY_DATABASE1  L"dbx"

32
///

33
/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID

34
/// for the timestamp signature database.

35
///

36
#define EFI_IMAGE_SECURITY_DATABASE2  L"dbt"

37


38
#define SECURE_BOOT_MODE_ENABLE   1

39
#define SECURE_BOOT_MODE_DISABLE  0

40


41
#define SETUP_MODE  1

42
#define USER_MODE   0

43


44
#define DEVICE_AUTH_BOOT_MODE_ENABLE   1

45
#define DEVICE_AUTH_BOOT_MODE_DISABLE  0

46


47
// ***********************************************************************

48
// Signature Database

49
// ***********************************************************************

50
///

51
/// The format of a signature database.

52
///

53
#pragma pack(1)

54


55
typedef struct {

56
  ///

57
  /// An identifier which identifies the agent which added the signature to the list.

58
  ///

59
  EFI_GUID    SignatureOwner;

60
  ///

61
  /// The format of the signature is defined by the SignatureType.

62
  ///

63
  UINT8       SignatureData[1];

64
} EFI_SIGNATURE_DATA;

65


66
typedef struct {

67
  ///

68
  /// Type of the signature. GUID signature types are defined in below.

69
  ///

70
  EFI_GUID    SignatureType;

71
  ///

72
  /// Total size of the signature list, including this header.

73
  ///

74
  UINT32      SignatureListSize;

75
  ///

76
  /// Size of the signature header which precedes the array of signatures.

77
  ///

78
  UINT32      SignatureHeaderSize;

79
  ///

80
  /// Size of each signature.

81
  ///

82
  UINT32      SignatureSize;

83
  ///

84
  /// Header before the array of signatures. The format of this header is specified

85
  /// by the SignatureType.

86
  /// UINT8           SignatureHeader[SignatureHeaderSize];

87
  ///

88
  /// An array of signatures. Each signature is SignatureSize bytes in length.

89
  /// EFI_SIGNATURE_DATA Signatures[][SignatureSize];

90
  ///

91
} EFI_SIGNATURE_LIST;

92


93
typedef struct {

94
  ///

95
  /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents.

96
  ///

97
  EFI_SHA256_HASH    ToBeSignedHash;

98
  ///

99
  /// The time that the certificate shall be considered to be revoked.

100
  ///

101
  EFI_TIME           TimeOfRevocation;

102
} EFI_CERT_X509_SHA256;

103


104
typedef struct {

105
  ///

106
  /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents.

107
  ///

108
  EFI_SHA384_HASH    ToBeSignedHash;

109
  ///

110
  /// The time that the certificate shall be considered to be revoked.

111
  ///

112
  EFI_TIME           TimeOfRevocation;

113
} EFI_CERT_X509_SHA384;

114


115
typedef struct {

116
  ///

117
  /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents.

118
  ///

119
  EFI_SHA512_HASH    ToBeSignedHash;

120
  ///

121
  /// The time that the certificate shall be considered to be revoked.

122
  ///

123
  EFI_TIME           TimeOfRevocation;

124
} EFI_CERT_X509_SHA512;

125


126
typedef UINT8 EFI_SM3_HASH[32];

127


128
typedef struct {

129
  ///

130
  /// The SM3 hash of an X.509 certificate's To-Be-Signed contents.

131
  ///

132
  EFI_SM3_HASH    ToBeSignedHash;

133
  ///

134
  /// The time that the certificate shall be considered to be revoked.

135
  ///

136
  EFI_TIME        TimeOfRevocation;

137
} EFI_CERT_X509_SM3;

138


139
#pragma pack()

140


141
///

142
/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall

143
/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +

144
/// 32 bytes.

145
///

146
#define EFI_CERT_SHA256_GUID \

147
  { \

148
    0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \

149
  }

150


151
///

152
/// This identifies a signature containing an RSA-2048 key. The key (only the modulus

153
/// since the public key exponent is known to be 0x10001) shall be stored in big-endian

154
/// order.

155
/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size

156
/// of SignatureOwner component) + 256 bytes.

157
///

158
#define EFI_CERT_RSA2048_GUID \

159
  { \

160
    0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \

161
  }

162


163
///

164
/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash.  The

165
/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of

166
/// SignatureOwner component) + 256 bytes.

167
///

168
#define EFI_CERT_RSA2048_SHA256_GUID \

169
  { \

170
    0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \

171
  }

172


173
///

174
/// This identifies a signature containing a SHA-1 hash.  The SignatureSize shall always

175
/// be 16 (size of SignatureOwner component) + 20 bytes.

176
///

177
#define EFI_CERT_SHA1_GUID \

178
  { \

179
    0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \

180
  }

181


182
///

183
/// This identifies a signature containing a SM3 hash.  The SignatureSize shall always

184
/// be 16 (size of SignatureOwner component) + 32 bytes.

185
///

186
#define EFI_CERT_SM3_GUID \

187
  { \

188
    0x57347f87, 0x7a9b, 0x403a, { 0xb9, 0x3c, 0xdc, 0x4a, 0xfb, 0x7a, 0xe, 0xbc } \

189
  }

190


191
///

192
/// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash.  The

193
/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of

194
/// SignatureOwner component) + 256 bytes.

195
///

196
#define EFI_CERT_RSA2048_SHA1_GUID \

197
  { \

198
    0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \

199
  }

200


201
///

202
/// This identifies a signature based on an X.509 certificate. If the signature is an X.509

203
/// certificate then verification of the signature of an image should validate the public

204
/// key certificate in the image using certificate path verification, up to this X.509

205
/// certificate as a trusted root.  The SignatureHeader size shall always be 0. The

206
/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) +

207
/// the size of the certificate itself.

208
/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST.

209
///

210
#define EFI_CERT_X509_GUID \

211
  { \

212
    0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \

213
  }

214


215
///

216
/// This identifies a signature containing the SM3 hash of an X.509 certificate's To-Be-Signed

217
/// contents, and a time of revocation. The SignatureHeader size shall always be 0. The

218
/// SignatureSize shall always be 16 (size of the SignatureOwner component) + 32 bytes for

219
/// an EFI_CERT_X509_SM3 structure. If the TimeOfRevocation is non-zero, the certificate should

220
/// be considered to be revoked from that time and onwards, and otherwise the certificate shall

221
/// be considered to always be revoked.

222
///

223
#define EFI_CERT_X509_SM3_GUID \

224
  { \

225
    0x60d807e5, 0x10b4, 0x49a9, {0x93, 0x31, 0xe4, 0x4, 0x37, 0x88, 0x8d, 0x37 } \

226
  }

227


228
///

229
/// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall

230
/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +

231
/// 28 bytes.

232
///

233
#define EFI_CERT_SHA224_GUID \

234
  { \

235
    0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \

236
  }

237


238
///

239
/// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall

240
/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +

241
/// 48 bytes.

242
///

243
#define EFI_CERT_SHA384_GUID \

244
  { \

245
    0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \

246
  }

247


248
///

249
/// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall

250
/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +

251
/// 64 bytes.

252
///

253
#define EFI_CERT_SHA512_GUID \

254
  { \

255
    0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \

256
  }

257


258
///

259
/// This identifies a signature containing the SHA256 hash of an X.509 certificate's

260
/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall

261
/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)

262
/// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero,

263
/// the certificate should be considered to be revoked from that time and onwards, and

264
/// otherwise the certificate shall be considered to always be revoked.

265
///

266
#define EFI_CERT_X509_SHA256_GUID \

267
  { \

268
    0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \

269
  }

270


271
///

272
/// This identifies a signature containing the SHA384 hash of an X.509 certificate's

273
/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall

274
/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)

275
/// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero,

276
/// the certificate should be considered to be revoked from that time and onwards, and

277
/// otherwise the certificate shall be considered to always be revoked.

278
///

279
#define EFI_CERT_X509_SHA384_GUID \

280
  { \

281
    0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \

282
  }

283


284
///

285
/// This identifies a signature containing the SHA512 hash of an X.509 certificate's

286
/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall

287
/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)

288
/// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero,

289
/// the certificate should be considered to be revoked from that time and onwards, and

290
/// otherwise the certificate shall be considered to always be revoked.

291
///

292
#define EFI_CERT_X509_SHA512_GUID \

293
  { \

294
    0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \

295
  }

296


297
///

298
/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315]

299
/// SignedData value.

300
///

301
#define EFI_CERT_TYPE_PKCS7_GUID \

302
  { \

303
    0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \

304
  }

305


306
// ***********************************************************************

307
// Image Execution Information Table Definition

308
// ***********************************************************************

309
typedef UINT32 EFI_IMAGE_EXECUTION_ACTION;

310


311
#define EFI_IMAGE_EXECUTION_AUTHENTICATION      0x00000007

312
#define EFI_IMAGE_EXECUTION_AUTH_UNTESTED       0x00000000

313
#define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED     0x00000001

314
#define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED     0x00000002

315
#define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND  0x00000003

316
#define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND      0x00000004

317
#define EFI_IMAGE_EXECUTION_POLICY_FAILED       0x00000005

318
#define EFI_IMAGE_EXECUTION_INITIALIZED         0x00000008

319


320
//

321
// EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table

322
// and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID.

323
//

324
typedef struct {

325
  ///

326
  /// Describes the action taken by the firmware regarding this image.

327
  ///

328
  EFI_IMAGE_EXECUTION_ACTION    Action;

329
  ///

330
  /// Size of all of the entire structure.

331
  ///

332
  UINT32                        InfoSize;

333
  ///

334
  /// If this image was a UEFI device driver (for option ROM, for example) this is the

335
  /// null-terminated, user-friendly name for the device. If the image was for an application,

336
  /// then this is the name of the application. If this cannot be determined, then a simple

337
  /// NULL character should be put in this position.

338
  /// CHAR16                    Name[];

339
  ///

340


341
  ///

342
  /// For device drivers, this is the device path of the device for which this device driver

343
  /// was intended. In some cases, the driver itself may be stored as part of the system

344
  /// firmware, but this field should record the device's path, not the firmware path. For

345
  /// applications, this is the device path of the application. If this cannot be determined,

346
  /// a simple end-of-path device node should be put in this position.

347
  /// EFI_DEVICE_PATH_PROTOCOL  DevicePath;

348
  ///

349


350
  ///

351
  /// Zero or more image signatures. If the image contained no signatures,

352
  /// then this field is empty.

353
  /// EFI_SIGNATURE_LIST            Signature;

354
  ///

355
} EFI_IMAGE_EXECUTION_INFO;

356


357
typedef struct {

358
  ///

359
  /// Number of EFI_IMAGE_EXECUTION_INFO structures.

360
  ///

361
  UINTN    NumberOfImages;

362
  ///

363
  /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures.

364
  ///

365
  // EFI_IMAGE_EXECUTION_INFO  InformationInfo[]

366
} EFI_IMAGE_EXECUTION_INFO_TABLE;

367


368
extern EFI_GUID  gEfiImageSecurityDatabaseGuid;

369
extern EFI_GUID  gEfiCertSha256Guid;

370
extern EFI_GUID  gEfiCertRsa2048Guid;

371
extern EFI_GUID  gEfiCertRsa2048Sha256Guid;

372
extern EFI_GUID  gEfiCertSha1Guid;

373
extern EFI_GUID  gEfiCertRsa2048Sha1Guid;

374
extern EFI_GUID  gEfiCertX509Guid;

375
extern EFI_GUID  gEfiCertSha224Guid;

376
extern EFI_GUID  gEfiCertSha384Guid;

377
extern EFI_GUID  gEfiCertSha512Guid;

378
extern EFI_GUID  gEfiCertX509Sha256Guid;

379
extern EFI_GUID  gEfiCertX509Sha384Guid;

380
extern EFI_GUID  gEfiCertX509Sha512Guid;

381
extern EFI_GUID  gEfiCertPkcs7Guid;

382
extern EFI_GUID  gEfiCertSm3Guid;

383
extern EFI_GUID  gEfiCertX509Sm3Guid;

384


385
#endif

386


387