10d1ba665SWarner Losh /** @file 20d1ba665SWarner Losh GUID for UEFI WIN_CERTIFICATE structure. 30d1ba665SWarner Losh 40d1ba665SWarner Losh Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> 5*3245fa21SMitchell Horne SPDX-License-Identifier: BSD-2-Clause-Patent 60d1ba665SWarner Losh 70d1ba665SWarner Losh @par Revision Reference: 80d1ba665SWarner Losh GUID defined in UEFI 2.0 spec. 90d1ba665SWarner Losh **/ 100d1ba665SWarner Losh 110d1ba665SWarner Losh #ifndef __EFI_WIN_CERTIFICATE_H__ 120d1ba665SWarner Losh #define __EFI_WIN_CERTIFICATE_H__ 130d1ba665SWarner Losh 140d1ba665SWarner Losh // 150d1ba665SWarner Losh // _WIN_CERTIFICATE.wCertificateType 160d1ba665SWarner Losh // 170d1ba665SWarner Losh #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 180d1ba665SWarner Losh #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0 190d1ba665SWarner Losh #define WIN_CERT_TYPE_EFI_GUID 0x0EF1 200d1ba665SWarner Losh 210d1ba665SWarner Losh /// 220d1ba665SWarner Losh /// The WIN_CERTIFICATE structure is part of the PE/COFF specification. 230d1ba665SWarner Losh /// 240d1ba665SWarner Losh typedef struct { 250d1ba665SWarner Losh /// 260d1ba665SWarner Losh /// The length of the entire certificate, 270d1ba665SWarner Losh /// including the length of the header, in bytes. 280d1ba665SWarner Losh /// 290d1ba665SWarner Losh UINT32 dwLength; 300d1ba665SWarner Losh /// 310d1ba665SWarner Losh /// The revision level of the WIN_CERTIFICATE 320d1ba665SWarner Losh /// structure. The current revision level is 0x0200. 330d1ba665SWarner Losh /// 340d1ba665SWarner Losh UINT16 wRevision; 350d1ba665SWarner Losh /// 360d1ba665SWarner Losh /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI 370d1ba665SWarner Losh /// certificate types. The UEFI specification reserves the range of 380d1ba665SWarner Losh /// certificate type values from 0x0EF0 to 0x0EFF. 390d1ba665SWarner Losh /// 400d1ba665SWarner Losh UINT16 wCertificateType; 410d1ba665SWarner Losh /// 420d1ba665SWarner Losh /// The following is the actual certificate. The format of 430d1ba665SWarner Losh /// the certificate depends on wCertificateType. 440d1ba665SWarner Losh /// 450d1ba665SWarner Losh /// UINT8 bCertificate[ANYSIZE_ARRAY]; 460d1ba665SWarner Losh /// 470d1ba665SWarner Losh } WIN_CERTIFICATE; 480d1ba665SWarner Losh 490d1ba665SWarner Losh /// 500d1ba665SWarner Losh /// WIN_CERTIFICATE_UEFI_GUID.CertType 510d1ba665SWarner Losh /// 520d1ba665SWarner Losh #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ 530d1ba665SWarner Losh {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } 540d1ba665SWarner Losh 550d1ba665SWarner Losh /// 560d1ba665SWarner Losh /// WIN_CERTIFICATE_UEFI_GUID.CertData 570d1ba665SWarner Losh /// 580d1ba665SWarner Losh typedef struct { 590d1ba665SWarner Losh EFI_GUID HashType; 600d1ba665SWarner Losh UINT8 PublicKey[256]; 610d1ba665SWarner Losh UINT8 Signature[256]; 620d1ba665SWarner Losh } EFI_CERT_BLOCK_RSA_2048_SHA256; 630d1ba665SWarner Losh 640d1ba665SWarner Losh 650d1ba665SWarner Losh /// 660d1ba665SWarner Losh /// Certificate which encapsulates a GUID-specific digital signature 670d1ba665SWarner Losh /// 680d1ba665SWarner Losh typedef struct { 690d1ba665SWarner Losh /// 700d1ba665SWarner Losh /// This is the standard WIN_CERTIFICATE header, where 710d1ba665SWarner Losh /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID. 720d1ba665SWarner Losh /// 730d1ba665SWarner Losh WIN_CERTIFICATE Hdr; 740d1ba665SWarner Losh /// 750d1ba665SWarner Losh /// This is the unique id which determines the 760d1ba665SWarner Losh /// format of the CertData. . 770d1ba665SWarner Losh /// 780d1ba665SWarner Losh EFI_GUID CertType; 790d1ba665SWarner Losh /// 800d1ba665SWarner Losh /// The following is the certificate data. The format of 810d1ba665SWarner Losh /// the data is determined by the CertType. 820d1ba665SWarner Losh /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID, 830d1ba665SWarner Losh /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure. 840d1ba665SWarner Losh /// 850d1ba665SWarner Losh UINT8 CertData[1]; 860d1ba665SWarner Losh } WIN_CERTIFICATE_UEFI_GUID; 870d1ba665SWarner Losh 880d1ba665SWarner Losh 890d1ba665SWarner Losh /// 900d1ba665SWarner Losh /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature. 910d1ba665SWarner Losh /// 920d1ba665SWarner Losh /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from 930d1ba665SWarner Losh /// WIN_CERTIFICATE and encapsulate the information needed to 940d1ba665SWarner Losh /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as 950d1ba665SWarner Losh /// specified in RFC2437. 960d1ba665SWarner Losh /// 970d1ba665SWarner Losh typedef struct { 980d1ba665SWarner Losh /// 990d1ba665SWarner Losh /// This is the standard WIN_CERTIFICATE header, where 1000d1ba665SWarner Losh /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. 1010d1ba665SWarner Losh /// 1020d1ba665SWarner Losh WIN_CERTIFICATE Hdr; 1030d1ba665SWarner Losh /// 1040d1ba665SWarner Losh /// This is the hashing algorithm which was performed on the 1050d1ba665SWarner Losh /// UEFI executable when creating the digital signature. 1060d1ba665SWarner Losh /// 1070d1ba665SWarner Losh EFI_GUID HashAlgorithm; 1080d1ba665SWarner Losh /// 1090d1ba665SWarner Losh /// The following is the actual digital signature. The 1100d1ba665SWarner Losh /// size of the signature is the same size as the key 1110d1ba665SWarner Losh /// (1024-bit key is 128 bytes) and can be determined by 1120d1ba665SWarner Losh /// subtracting the length of the other parts of this header 1130d1ba665SWarner Losh /// from the total length of the certificate as found in 1140d1ba665SWarner Losh /// Hdr.dwLength. 1150d1ba665SWarner Losh /// 1160d1ba665SWarner Losh /// UINT8 Signature[]; 1170d1ba665SWarner Losh /// 1180d1ba665SWarner Losh } WIN_CERTIFICATE_EFI_PKCS1_15; 1190d1ba665SWarner Losh 1200d1ba665SWarner Losh extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid; 1210d1ba665SWarner Losh 1220d1ba665SWarner Losh #endif 123