1 /** @file 2 GUID for UEFI WIN_CERTIFICATE structure. 3 4 Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> 5 SPDX-License-Identifier: BSD-2-Clause-Patent 6 7 @par Revision Reference: 8 GUID defined in UEFI 2.0 spec. 9 **/ 10 11 #ifndef __EFI_WIN_CERTIFICATE_H__ 12 #define __EFI_WIN_CERTIFICATE_H__ 13 14 // 15 // _WIN_CERTIFICATE.wCertificateType 16 // 17 #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 18 #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0 19 #define WIN_CERT_TYPE_EFI_GUID 0x0EF1 20 21 /// 22 /// The WIN_CERTIFICATE structure is part of the PE/COFF specification. 23 /// 24 typedef struct { 25 /// 26 /// The length of the entire certificate, 27 /// including the length of the header, in bytes. 28 /// 29 UINT32 dwLength; 30 /// 31 /// The revision level of the WIN_CERTIFICATE 32 /// structure. The current revision level is 0x0200. 33 /// 34 UINT16 wRevision; 35 /// 36 /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI 37 /// certificate types. The UEFI specification reserves the range of 38 /// certificate type values from 0x0EF0 to 0x0EFF. 39 /// 40 UINT16 wCertificateType; 41 /// 42 /// The following is the actual certificate. The format of 43 /// the certificate depends on wCertificateType. 44 /// 45 /// UINT8 bCertificate[ANYSIZE_ARRAY]; 46 /// 47 } WIN_CERTIFICATE; 48 49 /// 50 /// WIN_CERTIFICATE_UEFI_GUID.CertType 51 /// 52 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ 53 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } 54 55 /// 56 /// WIN_CERTIFICATE_UEFI_GUID.CertData 57 /// 58 typedef struct { 59 EFI_GUID HashType; 60 UINT8 PublicKey[256]; 61 UINT8 Signature[256]; 62 } EFI_CERT_BLOCK_RSA_2048_SHA256; 63 64 65 /// 66 /// Certificate which encapsulates a GUID-specific digital signature 67 /// 68 typedef struct { 69 /// 70 /// This is the standard WIN_CERTIFICATE header, where 71 /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID. 72 /// 73 WIN_CERTIFICATE Hdr; 74 /// 75 /// This is the unique id which determines the 76 /// format of the CertData. . 77 /// 78 EFI_GUID CertType; 79 /// 80 /// The following is the certificate data. The format of 81 /// the data is determined by the CertType. 82 /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID, 83 /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure. 84 /// 85 UINT8 CertData[1]; 86 } WIN_CERTIFICATE_UEFI_GUID; 87 88 89 /// 90 /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature. 91 /// 92 /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from 93 /// WIN_CERTIFICATE and encapsulate the information needed to 94 /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as 95 /// specified in RFC2437. 96 /// 97 typedef struct { 98 /// 99 /// This is the standard WIN_CERTIFICATE header, where 100 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. 101 /// 102 WIN_CERTIFICATE Hdr; 103 /// 104 /// This is the hashing algorithm which was performed on the 105 /// UEFI executable when creating the digital signature. 106 /// 107 EFI_GUID HashAlgorithm; 108 /// 109 /// The following is the actual digital signature. The 110 /// size of the signature is the same size as the key 111 /// (1024-bit key is 128 bytes) and can be determined by 112 /// subtracting the length of the other parts of this header 113 /// from the total length of the certificate as found in 114 /// Hdr.dwLength. 115 /// 116 /// UINT8 Signature[]; 117 /// 118 } WIN_CERTIFICATE_EFI_PKCS1_15; 119 120 extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid; 121 122 #endif 123