1 /** @file 2 Image signature database are defined for the signed image validation. 3 Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> 4 This program and the accompanying materials 5 are licensed and made available under the terms and conditions of the BSD License 6 which accompanies this distribution. The full text of the license may be found at 7 http://opensource.org/licenses/bsd-license.php 8 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 9 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 10 @par Revision Reference: 11 GUIDs defined in UEFI 2.5 spec. 12 **/ 13 14 #ifndef __IMAGE_AUTHTICATION_H__ 15 #define __IMAGE_AUTHTICATION_H__ 16 17 #include <sys/cdefs.h> 18 #include <Guid/GlobalVariable.h> 19 #include <Protocol/Hash.h> 20 21 #define EFI_IMAGE_SECURITY_DATABASE_GUID \ 22 { \ 23 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \ 24 } 25 26 /// 27 /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID 28 /// for the authorized signature database. 29 /// 30 #define EFI_IMAGE_SECURITY_DATABASE L"db" 31 /// 32 /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID 33 /// for the forbidden signature database. 34 /// 35 #define EFI_IMAGE_SECURITY_DATABASE1 L"dbx" 36 /// 37 /// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID 38 /// for the timestamp signature database. 39 /// 40 #define EFI_IMAGE_SECURITY_DATABASE2 L"dbt" 41 42 #define SECURE_BOOT_MODE_ENABLE 1 43 #define SECURE_BOOT_MODE_DISABLE 0 44 45 #define SETUP_MODE 1 46 #define USER_MODE 0 47 48 //*********************************************************************** 49 // Signature Database 50 //*********************************************************************** 51 /// 52 /// The format of a signature database. 53 /// 54 #pragma pack(1) 55 56 typedef struct { 57 /// 58 /// An identifier which identifies the agent which added the signature to the list. 59 /// 60 EFI_GUID SignatureOwner; 61 /// 62 /// The format of the signature is defined by the SignatureType. 63 /// 64 UINT8 SignatureData[1]; 65 } EFI_SIGNATURE_DATA; 66 67 typedef struct { 68 /// 69 /// Type of the signature. GUID signature types are defined in below. 70 /// 71 EFI_GUID SignatureType; 72 /// 73 /// Total size of the signature list, including this header. 74 /// 75 UINT32 SignatureListSize; 76 /// 77 /// Size of the signature header which precedes the array of signatures. 78 /// 79 UINT32 SignatureHeaderSize; 80 /// 81 /// Size of each signature. 82 /// 83 UINT32 SignatureSize; 84 /// 85 /// Header before the array of signatures. The format of this header is specified 86 /// by the SignatureType. 87 /// UINT8 SignatureHeader[SignatureHeaderSize]; 88 /// 89 /// An array of signatures. Each signature is SignatureSize bytes in length. 90 /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; 91 /// 92 } EFI_SIGNATURE_LIST; 93 94 typedef struct { 95 /// 96 /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents. 97 /// 98 EFI_SHA256_HASH ToBeSignedHash; 99 /// 100 /// The time that the certificate shall be considered to be revoked. 101 /// 102 EFI_TIME TimeOfRevocation; 103 } EFI_CERT_X509_SHA256; 104 105 typedef struct { 106 /// 107 /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents. 108 /// 109 EFI_SHA384_HASH ToBeSignedHash; 110 /// 111 /// The time that the certificate shall be considered to be revoked. 112 /// 113 EFI_TIME TimeOfRevocation; 114 } EFI_CERT_X509_SHA384; 115 116 typedef struct { 117 /// 118 /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents. 119 /// 120 EFI_SHA512_HASH ToBeSignedHash; 121 /// 122 /// The time that the certificate shall be considered to be revoked. 123 /// 124 EFI_TIME TimeOfRevocation; 125 } EFI_CERT_X509_SHA512; 126 127 #pragma pack() 128 129 /// 130 /// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall 131 /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + 132 /// 32 bytes. 133 /// 134 #define EFI_CERT_SHA256_GUID \ 135 { \ 136 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \ 137 } 138 139 /// 140 /// This identifies a signature containing an RSA-2048 key. The key (only the modulus 141 /// since the public key exponent is known to be 0x10001) shall be stored in big-endian 142 /// order. 143 /// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size 144 /// of SignatureOwner component) + 256 bytes. 145 /// 146 #define EFI_CERT_RSA2048_GUID \ 147 { \ 148 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \ 149 } 150 151 /// 152 /// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The 153 /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of 154 /// SignatureOwner component) + 256 bytes. 155 /// 156 #define EFI_CERT_RSA2048_SHA256_GUID \ 157 { \ 158 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \ 159 } 160 161 /// 162 /// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always 163 /// be 16 (size of SignatureOwner component) + 20 bytes. 164 /// 165 #define EFI_CERT_SHA1_GUID \ 166 { \ 167 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \ 168 } 169 170 /// 171 /// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The 172 /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of 173 /// SignatureOwner component) + 256 bytes. 174 /// 175 #define EFI_CERT_RSA2048_SHA1_GUID \ 176 { \ 177 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \ 178 } 179 180 /// 181 /// This identifies a signature based on an X.509 certificate. If the signature is an X.509 182 /// certificate then verification of the signature of an image should validate the public 183 /// key certificate in the image using certificate path verification, up to this X.509 184 /// certificate as a trusted root. The SignatureHeader size shall always be 0. The 185 /// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + 186 /// the size of the certificate itself. 187 /// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. 188 /// 189 #define EFI_CERT_X509_GUID \ 190 { \ 191 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \ 192 } 193 194 /// 195 /// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall 196 /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + 197 /// 28 bytes. 198 /// 199 #define EFI_CERT_SHA224_GUID \ 200 { \ 201 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \ 202 } 203 204 /// 205 /// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall 206 /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + 207 /// 48 bytes. 208 /// 209 #define EFI_CERT_SHA384_GUID \ 210 { \ 211 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \ 212 } 213 214 /// 215 /// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall 216 /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + 217 /// 64 bytes. 218 /// 219 #define EFI_CERT_SHA512_GUID \ 220 { \ 221 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \ 222 } 223 224 /// 225 /// This identifies a signature containing the SHA256 hash of an X.509 certificate's 226 /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall 227 /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) 228 /// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero, 229 /// the certificate should be considered to be revoked from that time and onwards, and 230 /// otherwise the certificate shall be considered to always be revoked. 231 /// 232 #define EFI_CERT_X509_SHA256_GUID \ 233 { \ 234 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \ 235 } 236 237 /// 238 /// This identifies a signature containing the SHA384 hash of an X.509 certificate's 239 /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall 240 /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) 241 /// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero, 242 /// the certificate should be considered to be revoked from that time and onwards, and 243 /// otherwise the certificate shall be considered to always be revoked. 244 /// 245 #define EFI_CERT_X509_SHA384_GUID \ 246 { \ 247 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \ 248 } 249 250 /// 251 /// This identifies a signature containing the SHA512 hash of an X.509 certificate's 252 /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall 253 /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) 254 /// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero, 255 /// the certificate should be considered to be revoked from that time and onwards, and 256 /// otherwise the certificate shall be considered to always be revoked. 257 /// 258 #define EFI_CERT_X509_SHA512_GUID \ 259 { \ 260 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \ 261 } 262 263 /// 264 /// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315] 265 /// SignedData value. 266 /// 267 #define EFI_CERT_TYPE_PKCS7_GUID \ 268 { \ 269 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \ 270 } 271 272 //*********************************************************************** 273 // Image Execution Information Table Definition 274 //*********************************************************************** 275 typedef UINT32 EFI_IMAGE_EXECUTION_ACTION; 276 277 #define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 278 #define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000 279 #define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001 280 #define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002 281 #define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003 282 #define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004 283 #define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005 284 #define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008 285 286 // 287 // EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table 288 // and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID. 289 // 290 typedef struct { 291 /// 292 /// Describes the action taken by the firmware regarding this image. 293 /// 294 EFI_IMAGE_EXECUTION_ACTION Action; 295 /// 296 /// Size of all of the entire structure. 297 /// 298 UINT32 InfoSize; 299 /// 300 /// If this image was a UEFI device driver (for option ROM, for example) this is the 301 /// null-terminated, user-friendly name for the device. If the image was for an application, 302 /// then this is the name of the application. If this cannot be determined, then a simple 303 /// NULL character should be put in this position. 304 /// CHAR16 Name[]; 305 /// 306 307 /// 308 /// For device drivers, this is the device path of the device for which this device driver 309 /// was intended. In some cases, the driver itself may be stored as part of the system 310 /// firmware, but this field should record the device's path, not the firmware path. For 311 /// applications, this is the device path of the application. If this cannot be determined, 312 /// a simple end-of-path device node should be put in this position. 313 /// EFI_DEVICE_PATH_PROTOCOL DevicePath; 314 /// 315 316 /// 317 /// Zero or more image signatures. If the image contained no signatures, 318 /// then this field is empty. 319 /// EFI_SIGNATURE_LIST Signature; 320 /// 321 } EFI_IMAGE_EXECUTION_INFO; 322 323 324 typedef struct { 325 /// 326 /// Number of EFI_IMAGE_EXECUTION_INFO structures. 327 /// 328 UINTN NumberOfImages; 329 /// 330 /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures. 331 /// 332 // EFI_IMAGE_EXECUTION_INFO InformationInfo[] 333 } EFI_IMAGE_EXECUTION_INFO_TABLE; 334 335 extern EFI_GUID gEfiImageSecurityDatabaseGuid; 336 extern EFI_GUID gEfiCertSha256Guid; 337 extern EFI_GUID gEfiCertRsa2048Guid; 338 extern EFI_GUID gEfiCertRsa2048Sha256Guid; 339 extern EFI_GUID gEfiCertSha1Guid; 340 extern EFI_GUID gEfiCertRsa2048Sha1Guid; 341 extern EFI_GUID gEfiCertX509Guid; 342 extern EFI_GUID gEfiCertSha224Guid; 343 extern EFI_GUID gEfiCertSha384Guid; 344 extern EFI_GUID gEfiCertSha512Guid; 345 extern EFI_GUID gEfiCertX509Sha256Guid; 346 extern EFI_GUID gEfiCertX509Sha384Guid; 347 extern EFI_GUID gEfiCertX509Sha512Guid; 348 extern EFI_GUID gEfiCertPkcs7Guid; 349 350 #endif 351