iPXE
WinCertificate.h
Go to the documentation of this file.
00001 /** @file
00002   GUID for UEFI WIN_CERTIFICATE structure.
00003 
00004   Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
00005   This program and the accompanying materials
00006   are licensed and made available under the terms and conditions of the BSD License
00007   which accompanies this distribution.  The full text of the license may be found at
00008   http://opensource.org/licenses/bsd-license.php
00009 
00010   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
00011   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
00012 
00013   @par Revision Reference:
00014   GUID defined in UEFI 2.0 spec.
00015 **/
00016 
00017 #ifndef __EFI_WIN_CERTIFICATE_H__
00018 #define __EFI_WIN_CERTIFICATE_H__
00019 
00020 FILE_LICENCE ( BSD3 );
00021 
00022 //
00023 // _WIN_CERTIFICATE.wCertificateType
00024 //
00025 #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002
00026 #define WIN_CERT_TYPE_EFI_PKCS115      0x0EF0
00027 #define WIN_CERT_TYPE_EFI_GUID         0x0EF1
00028 
00029 ///
00030 /// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
00031 ///
00032 typedef struct {
00033   ///
00034   /// The length of the entire certificate,
00035   /// including the length of the header, in bytes.
00036   ///
00037   UINT32  dwLength;
00038   ///
00039   /// The revision level of the WIN_CERTIFICATE
00040   /// structure. The current revision level is 0x0200.
00041   ///
00042   UINT16  wRevision;
00043   ///
00044   /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
00045   /// certificate types. The UEFI specification reserves the range of
00046   /// certificate type values from 0x0EF0 to 0x0EFF.
00047   ///
00048   UINT16  wCertificateType;
00049   ///
00050   /// The following is the actual certificate. The format of
00051   /// the certificate depends on wCertificateType.
00052   ///
00053   /// UINT8 bCertificate[ANYSIZE_ARRAY];
00054   ///
00055 } WIN_CERTIFICATE;
00056 
00057 ///
00058 /// WIN_CERTIFICATE_UEFI_GUID.CertType
00059 ///
00060 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
00061   {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
00062 
00063 ///
00064 /// WIN_CERTIFICATE_UEFI_GUID.CertData
00065 ///
00066 typedef struct {
00067   EFI_GUID  HashType;
00068   UINT8     PublicKey[256];
00069   UINT8     Signature[256];
00070 } EFI_CERT_BLOCK_RSA_2048_SHA256;
00071 
00072 
00073 ///
00074 /// Certificate which encapsulates a GUID-specific digital signature
00075 ///
00076 typedef struct {
00077   ///
00078   /// This is the standard WIN_CERTIFICATE header, where
00079   /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID.
00080   ///
00081   WIN_CERTIFICATE   Hdr;
00082   ///
00083   /// This is the unique id which determines the
00084   /// format of the CertData. .
00085   ///
00086   EFI_GUID          CertType;
00087   ///
00088   /// The following is the certificate data. The format of
00089   /// the data is determined by the CertType.
00090   /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID,
00091   /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure.
00092   ///
00093   UINT8            CertData[1];
00094 } WIN_CERTIFICATE_UEFI_GUID;
00095 
00096 
00097 ///
00098 /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature.
00099 ///
00100 /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from
00101 /// WIN_CERTIFICATE and encapsulate the information needed to
00102 /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as
00103 /// specified in RFC2437.
00104 ///
00105 typedef struct {
00106   ///
00107   /// This is the standard WIN_CERTIFICATE header, where
00108   /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15.
00109   ///
00110   WIN_CERTIFICATE Hdr;
00111   ///
00112   /// This is the hashing algorithm which was performed on the
00113   /// UEFI executable when creating the digital signature.
00114   ///
00115   EFI_GUID        HashAlgorithm;
00116   ///
00117   /// The following is the actual digital signature. The
00118   /// size of the signature is the same size as the key
00119   /// (1024-bit key is 128 bytes) and can be determined by
00120   /// subtracting the length of the other parts of this header
00121   /// from the total length of the certificate as found in
00122   /// Hdr.dwLength.
00123   ///
00124   /// UINT8 Signature[];
00125   ///
00126 } WIN_CERTIFICATE_EFI_PKCS1_15;
00127 
00128 extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid;
00129 
00130 #endif