Gitiles
Code Review Sign In
review.coreboot.org / coreboot / f6ae1a908034ad4320efba9742fbc505b993c347 / . / src / vendorcode / intel / edk2 / edk2-stable202111 / MdePkg / Include / Guid / WinCertificate.h
blob: c44bb388cccc59b6b09a142ab6688684f9d7c2c0 [file] [log] [blame]
Subrata Banik20fe24b2021-12-09 02:46:38 +0530[diff] [blame]1/** @file
2 GUID for UEFI WIN_CERTIFICATE structure.
3
4 Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
6
7 @par Revision Reference:
8 GUID defined in UEFI 2.0 spec.
9**/
10
11#ifndef __EFI_WIN_CERTIFICATE_H__
12#define __EFI_WIN_CERTIFICATE_H__
13
14//
15// _WIN_CERTIFICATE.wCertificateType
16//
17#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002
18#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0
19#define WIN_CERT_TYPE_EFI_GUID 0x0EF1
20
21///
22/// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
23///
24typedef struct {
25 ///
26 /// The length of the entire certificate,
27 /// including the length of the header, in bytes.
28 ///
29 UINT32 dwLength;
30 ///
31 /// The revision level of the WIN_CERTIFICATE
32 /// structure. The current revision level is 0x0200.
33 ///
34 UINT16 wRevision;
35 ///
36 /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
37 /// certificate types. The UEFI specification reserves the range of
38 /// certificate type values from 0x0EF0 to 0x0EFF.
39 ///
40 UINT16 wCertificateType;
41 ///
42 /// The following is the actual certificate. The format of
43 /// the certificate depends on wCertificateType.
44 ///
45 /// UINT8 bCertificate[ANYSIZE_ARRAY];
46 ///
47} WIN_CERTIFICATE;
48
49///
50/// WIN_CERTIFICATE_UEFI_GUID.CertType
51///
52#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
53 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
54
55///
56/// WIN_CERTIFICATE_UEFI_GUID.CertData
57///
58typedef struct {
59 EFI_GUID HashType;
60 UINT8 PublicKey[256];
61 UINT8 Signature[256];
62} EFI_CERT_BLOCK_RSA_2048_SHA256;
63
64
65///
66/// Certificate which encapsulates a GUID-specific digital signature
67///
68typedef struct {
69 ///
70 /// This is the standard WIN_CERTIFICATE header, where
71 /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID.
72 ///
73 WIN_CERTIFICATE Hdr;
74 ///
75 /// This is the unique id which determines the
76 /// format of the CertData. .
77 ///
78 EFI_GUID CertType;
79 ///
80 /// The following is the certificate data. The format of
81 /// the data is determined by the CertType.
82 /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID,
83 /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure.
84 ///
85 UINT8 CertData[1];
86} WIN_CERTIFICATE_UEFI_GUID;
87
88
89///
90/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.
91///
92/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
93/// WIN_CERTIFICATE and encapsulate the information needed to
94/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
95/// specified in RFC2437.
96///
97typedef struct {
98 ///
99 /// This is the standard WIN_CERTIFICATE header, where
100 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.
101 ///
102 WIN_CERTIFICATE Hdr;
103 ///
104 /// This is the hashing algorithm which was performed on the
105 /// UEFI executable when creating the digital signature.
106 ///
107 EFI_GUID HashAlgorithm;
108 ///
109 /// The following is the actual digital signature. The
110 /// size of the signature is the same size as the key
111 /// (1024-bit key is 128 bytes) and can be determined by
112 /// subtracting the length of the other parts of this header
113 /// from the total length of the certificate as found in
114 /// Hdr.dwLength.
115 ///
116 /// UINT8 Signature[];
117 ///
118} WIN_CERTIFICATE_EFI_PKCS1_15;
119
120extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid;
121
122#endif