1 /** @file 2 GUID for UEFI WIN_CERTIFICATE structure. 3 4 Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> 5 SPDX-License-Identifier: BSD-2-Clause-Patent 6 7 @par Revision Reference: 8 GUID defined in UEFI 2.0 spec. 9 **/ 10 11 #ifndef __EFI_WIN_CERTIFICATE_H__ 12 #define __EFI_WIN_CERTIFICATE_H__ 13 14 // 15 // _WIN_CERTIFICATE.wCertificateType 16 // 17 #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 18 #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0 19 #define WIN_CERT_TYPE_EFI_GUID 0x0EF1 20 21 /// 22 /// The WIN_CERTIFICATE structure is part of the PE/COFF specification. 23 /// 24 typedef struct { 25 /// 26 /// The length of the entire certificate, 27 /// including the length of the header, in bytes. 28 /// 29 UINT32 dwLength; 30 /// 31 /// The revision level of the WIN_CERTIFICATE 32 /// structure. The current revision level is 0x0200. 33 /// 34 UINT16 wRevision; 35 /// 36 /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI 37 /// certificate types. The UEFI specification reserves the range of 38 /// certificate type values from 0x0EF0 to 0x0EFF. 39 /// 40 UINT16 wCertificateType; 41 /// 42 /// The following is the actual certificate. The format of 43 /// the certificate depends on wCertificateType. 44 /// 45 /// UINT8 bCertificate[ANYSIZE_ARRAY]; 46 /// 47 } WIN_CERTIFICATE; 48 49 /// 50 /// WIN_CERTIFICATE_UEFI_GUID.CertType 51 /// 52 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ 53 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } 54 55 /// 56 /// WIN_CERTIFICATE_UEFI_GUID.CertData 57 /// 58 typedef struct { 59 EFI_GUID HashType; 60 UINT8 PublicKey[256]; 61 UINT8 Signature[256]; 62 } EFI_CERT_BLOCK_RSA_2048_SHA256; 63 64 /// 65 /// Certificate which encapsulates a GUID-specific digital signature 66 /// 67 typedef struct { 68 /// 69 /// This is the standard WIN_CERTIFICATE header, where 70 /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID. 71 /// 72 WIN_CERTIFICATE Hdr; 73 /// 74 /// This is the unique id which determines the 75 /// format of the CertData. . 76 /// 77 EFI_GUID CertType; 78 /// 79 /// The following is the certificate data. The format of 80 /// the data is determined by the CertType. 81 /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID, 82 /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure. 83 /// 84 UINT8 CertData[1]; 85 } WIN_CERTIFICATE_UEFI_GUID; 86 87 /// 88 /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature. 89 /// 90 /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from 91 /// WIN_CERTIFICATE and encapsulate the information needed to 92 /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as 93 /// specified in RFC2437. 94 /// 95 typedef struct { 96 /// 97 /// This is the standard WIN_CERTIFICATE header, where 98 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. 99 /// 100 WIN_CERTIFICATE Hdr; 101 /// 102 /// This is the hashing algorithm which was performed on the 103 /// UEFI executable when creating the digital signature. 104 /// 105 EFI_GUID HashAlgorithm; 106 /// 107 /// The following is the actual digital signature. The 108 /// size of the signature is the same size as the key 109 /// (1024-bit key is 128 bytes) and can be determined by 110 /// subtracting the length of the other parts of this header 111 /// from the total length of the certificate as found in 112 /// Hdr.dwLength. 113 /// 114 /// UINT8 Signature[]; 115 /// 116 } WIN_CERTIFICATE_EFI_PKCS1_15; 117 118 extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid; 119 120 #endif 121