xref: /illumos-gate/usr/src/boot/efi/include/Guid/WinCertificate.h (revision f334afcfaebea1b7dc3430015651d8d748fa8a3e)
1 /** @file
2   GUID for UEFI WIN_CERTIFICATE structure.
3 
4   Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
5   SPDX-License-Identifier: BSD-2-Clause-Patent
6 
7   @par Revision Reference:
8   GUID defined in UEFI 2.0 spec.
9 **/
10 
11 #ifndef __EFI_WIN_CERTIFICATE_H__
12 #define __EFI_WIN_CERTIFICATE_H__
13 
14 //
15 // _WIN_CERTIFICATE.wCertificateType
16 //
17 #define WIN_CERT_TYPE_PKCS_SIGNED_DATA  0x0002
18 #define WIN_CERT_TYPE_EFI_PKCS115       0x0EF0
19 #define WIN_CERT_TYPE_EFI_GUID          0x0EF1
20 
21 ///
22 /// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
23 ///
24 typedef struct {
25   ///
26   /// The length of the entire certificate,
27   /// including the length of the header, in bytes.
28   ///
29   UINT32    dwLength;
30   ///
31   /// The revision level of the WIN_CERTIFICATE
32   /// structure. The current revision level is 0x0200.
33   ///
34   UINT16    wRevision;
35   ///
36   /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
37   /// certificate types. The UEFI specification reserves the range of
38   /// certificate type values from 0x0EF0 to 0x0EFF.
39   ///
40   UINT16    wCertificateType;
41   ///
42   /// The following is the actual certificate. The format of
43   /// the certificate depends on wCertificateType.
44   ///
45   /// UINT8 bCertificate[ANYSIZE_ARRAY];
46   ///
47 } WIN_CERTIFICATE;
48 
49 ///
50 /// WIN_CERTIFICATE_UEFI_GUID.CertType
51 ///
52 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
53   {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
54 
55 ///
56 /// WIN_CERTIFICATE_UEFI_GUID.CertData
57 ///
58 typedef struct {
59   EFI_GUID    HashType;
60   UINT8       PublicKey[256];
61   UINT8       Signature[256];
62 } EFI_CERT_BLOCK_RSA_2048_SHA256;
63 
64 ///
65 /// Certificate which encapsulates a GUID-specific digital signature
66 ///
67 typedef struct {
68   ///
69   /// This is the standard WIN_CERTIFICATE header, where
70   /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID.
71   ///
72   WIN_CERTIFICATE    Hdr;
73   ///
74   /// This is the unique id which determines the
75   /// format of the CertData. .
76   ///
77   EFI_GUID           CertType;
78   ///
79   /// The following is the certificate data. The format of
80   /// the data is determined by the CertType.
81   /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID,
82   /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure.
83   ///
84   UINT8              CertData[1];
85 } WIN_CERTIFICATE_UEFI_GUID;
86 
87 ///
88 /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.
89 ///
90 /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
91 /// WIN_CERTIFICATE and encapsulate the information needed to
92 /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
93 /// specified in RFC2437.
94 ///
95 typedef struct {
96   ///
97   /// This is the standard WIN_CERTIFICATE header, where
98   /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.
99   ///
100   WIN_CERTIFICATE    Hdr;
101   ///
102   /// This is the hashing algorithm which was performed on the
103   /// UEFI executable when creating the digital signature.
104   ///
105   EFI_GUID           HashAlgorithm;
106   ///
107   /// The following is the actual digital signature. The
108   /// size of the signature is the same size as the key
109   /// (1024-bit key is 128 bytes) and can be determined by
110   /// subtracting the length of the other parts of this header
111   /// from the total length of the certificate as found in
112   /// Hdr.dwLength.
113   ///
114   /// UINT8 Signature[];
115   ///
116 } WIN_CERTIFICATE_EFI_PKCS1_15;
117 
118 extern EFI_GUID  gEfiCertTypeRsa2048Sha256Guid;
119 
120 #endif
121