| /** @file |
| GUID for UEFI WIN_CERTIFICATE structure. |
| |
| Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> |
| SPDX-License-Identifier: BSD-2-Clause-Patent |
| |
| @par Revision Reference: |
| GUID defined in UEFI 2.0 spec. |
| **/ |
| |
| #ifndef __EFI_WIN_CERTIFICATE_H__ |
| #define __EFI_WIN_CERTIFICATE_H__ |
| |
| // |
| // _WIN_CERTIFICATE.wCertificateType |
| // |
| #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 |
| #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0 |
| #define WIN_CERT_TYPE_EFI_GUID 0x0EF1 |
| |
| /// |
| /// The WIN_CERTIFICATE structure is part of the PE/COFF specification. |
| /// |
| typedef struct { |
| /// |
| /// The length of the entire certificate, |
| /// including the length of the header, in bytes. |
| /// |
| UINT32 dwLength; |
| /// |
| /// The revision level of the WIN_CERTIFICATE |
| /// structure. The current revision level is 0x0200. |
| /// |
| UINT16 wRevision; |
| /// |
| /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI |
| /// certificate types. The UEFI specification reserves the range of |
| /// certificate type values from 0x0EF0 to 0x0EFF. |
| /// |
| UINT16 wCertificateType; |
| /// |
| /// The following is the actual certificate. The format of |
| /// the certificate depends on wCertificateType. |
| /// |
| /// UINT8 bCertificate[ANYSIZE_ARRAY]; |
| /// |
| } WIN_CERTIFICATE; |
| |
| /// |
| /// WIN_CERTIFICATE_UEFI_GUID.CertType |
| /// |
| #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ |
| {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } |
| |
| /// |
| /// WIN_CERTIFICATE_UEFI_GUID.CertData |
| /// |
| typedef struct { |
| EFI_GUID HashType; |
| UINT8 PublicKey[256]; |
| UINT8 Signature[256]; |
| } EFI_CERT_BLOCK_RSA_2048_SHA256; |
| |
| |
| /// |
| /// Certificate which encapsulates a GUID-specific digital signature |
| /// |
| typedef struct { |
| /// |
| /// This is the standard WIN_CERTIFICATE header, where |
| /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID. |
| /// |
| WIN_CERTIFICATE Hdr; |
| /// |
| /// This is the unique id which determines the |
| /// format of the CertData. . |
| /// |
| EFI_GUID CertType; |
| /// |
| /// The following is the certificate data. The format of |
| /// the data is determined by the CertType. |
| /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID, |
| /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure. |
| /// |
| UINT8 CertData[1]; |
| } WIN_CERTIFICATE_UEFI_GUID; |
| |
| |
| /// |
| /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature. |
| /// |
| /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from |
| /// WIN_CERTIFICATE and encapsulate the information needed to |
| /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as |
| /// specified in RFC2437. |
| /// |
| typedef struct { |
| /// |
| /// This is the standard WIN_CERTIFICATE header, where |
| /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. |
| /// |
| WIN_CERTIFICATE Hdr; |
| /// |
| /// This is the hashing algorithm which was performed on the |
| /// UEFI executable when creating the digital signature. |
| /// |
| EFI_GUID HashAlgorithm; |
| /// |
| /// The following is the actual digital signature. The |
| /// size of the signature is the same size as the key |
| /// (1024-bit key is 128 bytes) and can be determined by |
| /// subtracting the length of the other parts of this header |
| /// from the total length of the certificate as found in |
| /// Hdr.dwLength. |
| /// |
| /// UINT8 Signature[]; |
| /// |
| } WIN_CERTIFICATE_EFI_PKCS1_15; |
| |
| extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid; |
| |
| #endif |