1 /* bootguard.h 2 3 Copyright (c) 2017, LongSoft. All rights reserved. 4 This program and the accompanying materials 5 are licensed and made available under the terms and conditions of the BSD License 6 which accompanies this distribution. The full text of the license may be found at 7 http://opensource.org/licenses/bsd-license.php 8 9 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 11 12 */ 13 14 #ifndef BOOTGUARD_H 15 #define BOOTGUARD_H 16 17 #include "basetypes.h" 18 #include "sha256.h" 19 20 #pragma pack(push, 1) 21 22 const UByteArray BG_VENDOR_HASH_FILE_GUID_PHOENIX // 389CC6F2-1EA8-467B-AB8A-78E769AE2A15 23 ("\xF2\xC6\x9C\x38\xA8\x1E\x7B\x46\xAB\x8A\x78\xE7\x69\xAE\x2A\x15", 16); 24 25 #define BG_VENDOR_HASH_FILE_SIGNATURE_PHOENIX (*(UINT64 *)"$HASHTBL") 26 27 const UByteArray BG_VENDOR_HASH_FILE_GUID_AMI // CBC91F44-A4BC-4A5B-8696-703451D0B053 28 ("\x44\x1F\xC9\xCB\xBC\xA4\x5B\x4A\x86\x96\x70\x34\x51\xD0\xB0\x53", 16); 29 30 typedef struct BG_VENDOR_HASH_FILE_ENTRY 31 { 32 UINT8 Hash[SHA256_DIGEST_SIZE]; 33 UINT32 Offset; 34 UINT32 Size; 35 } BG_VENDOR_HASH_FILE_ENTRY; 36 37 typedef struct BG_VENDOR_HASH_FILE_HEADER_PHOENIX_ 38 { 39 UINT64 Signature; 40 UINT32 NumEntries; 41 //BG_VENDOR_HASH_FILE_ENTRY Entries[]; 42 } BG_VENDOR_HASH_FILE_HEADER_PHOENIX; 43 44 typedef struct BG_VENDOR_HASH_FILE_HEADER_AMI_NEW_ 45 { 46 BG_VENDOR_HASH_FILE_ENTRY Entries[2]; 47 } BG_VENDOR_HASH_FILE_HEADER_AMI_NEW; 48 49 typedef struct BG_VENDOR_HASH_FILE_HEADER_AMI_OLD_ 50 { 51 UINT8 Hash[SHA256_DIGEST_SIZE]; 52 UINT32 Size; 53 // Offset is derived from flash map, will be detected as root volume with DXE core 54 } BG_VENDOR_HASH_FILE_HEADER_AMI_OLD; 55 56 typedef struct BG_MICROSOFT_PMDA_HEADER_ 57 { 58 UINT32 Version; 59 UINT32 NumEntries; 60 } BG_MICROSOFT_PMDA_HEADER; 61 62 #define BG_MICROSOFT_PMDA_VERSION 0x00000001 63 64 typedef struct BG_MICROSOFT_PMDA_ENTRY_ 65 { 66 UINT32 Address; 67 UINT32 Size; 68 UINT8 Hash[SHA256_DIGEST_SIZE]; 69 } BG_MICROSOFT_PMDA_ENTRY; 70 71 // 72 // Intel ACM 73 // 74 75 #define INTEL_ACM_MODULE_TYPE 0x2 76 #define INTEL_ACM_MODULE_SUBTYPE_TXT_ACM 0x0 77 #define INTEL_ACM_MODULE_SUBTYPE_S_ACM 0x1 78 #define INTEL_ACM_MODULE_SUBTYPE_BOOTGUARD 0x3 79 #define INTEL_ACM_MODULE_VENDOR 0x8086 80 81 typedef struct INTEL_ACM_HEADER_ { 82 UINT16 ModuleType; 83 UINT16 ModuleSubtype; 84 UINT32 HeaderType; 85 UINT32 HeaderVersion; 86 UINT16 ChipsetId; 87 UINT16 Flags; 88 UINT32 ModuleVendor; 89 UINT8 DateDay; 90 UINT8 DateMonth; 91 UINT16 DateYear; 92 UINT32 ModuleSize; 93 UINT16 AcmSvn; 94 UINT16 : 16; 95 UINT32 Unknown1; 96 UINT32 Unknown2; 97 UINT32 GdtMax; 98 UINT32 GdtBase; 99 UINT32 SegmentSel; 100 UINT32 EntryPoint; 101 UINT8 Unknown3[64]; 102 UINT32 KeySize; 103 UINT32 Unknown4; 104 UINT8 RsaPubKey[256]; 105 UINT32 RsaPubExp; 106 UINT8 RsaSig[256]; 107 } INTEL_ACM_HEADER; 108 109 // 110 // Intel BootGuard Key Manifest 111 // 112 #define BG_BOOT_POLICY_MANIFEST_HEADER_TAG (*(UINT64 *)"__ACBP__") 113 typedef struct BG_BOOT_POLICY_MANIFEST_HEADER_ { 114 UINT64 Tag; 115 UINT8 Version; 116 UINT8 HeaderVersion; 117 UINT8 PMBPMVersion; 118 UINT8 BPSVN; 119 UINT8 ACMSVN; 120 UINT8 : 8; 121 UINT16 NEMDataSize; 122 } BG_BOOT_POLICY_MANIFEST_HEADER; 123 124 typedef struct SHA256_HASH_ { 125 UINT16 HashAlgorithmId; 126 UINT16 Size; 127 UINT8 HashBuffer[32]; 128 } SHA256_HASH; 129 130 typedef struct RSA_PUBLIC_KEY_ { 131 UINT8 Version; 132 UINT16 KeySize; 133 UINT32 Exponent; 134 UINT8 Modulus[256]; 135 } RSA_PUBLIC_KEY; 136 137 typedef struct RSA_SIGNATURE_ { 138 UINT8 Version; 139 UINT16 KeySize; 140 UINT16 HashId; 141 UINT8 Signature[256]; 142 } RSA_SIGNATURE; 143 144 typedef struct KEY_SIGNATURE_ { 145 UINT8 Version; 146 UINT16 KeyId; 147 RSA_PUBLIC_KEY PubKey; 148 UINT16 SigScheme; 149 RSA_SIGNATURE Signature; 150 } BG_KEY_SIGNATURE; 151 152 #define BG_IBB_SEGMENT_FLAG_IBB 0x0 153 #define BG_IBB_SEGMENT_FLAG_NON_IBB 0x1 154 typedef struct BG_IBB_SEGMENT_ELEMENT_ { 155 UINT16: 16; 156 UINT16 Flags; 157 UINT32 Base; 158 UINT32 Size; 159 } BG_IBB_SEGMENT_ELEMENT; 160 161 #define BG_BOOT_POLICY_MANIFEST_IBB_ELEMENT_TAG (*(UINT64 *)"__IBBS__") 162 #define BG_IBB_FLAG_AUTHORITY_MEASURE 0x4 163 164 typedef struct BG_IBB_ELEMENT_ { 165 UINT64 Tag; 166 UINT8 Version; 167 UINT16 : 16; 168 UINT8 Unknown; 169 UINT32 Flags; 170 UINT64 IbbMchBar; 171 UINT64 VtdBar; 172 UINT32 PmrlBase; 173 UINT32 PmrlLimit; 174 UINT64 Unknown3; 175 UINT64 Unknown4; 176 SHA256_HASH IbbHash; 177 UINT32 EntryPoint; 178 SHA256_HASH Digest; 179 UINT8 IbbSegCount; 180 // BG_IBB_SEGMENT_ELEMENT IbbSegment[]; 181 } BG_IBB_ELEMENT; 182 183 #define BG_BOOT_POLICY_MANIFEST_PLATFORM_MANUFACTURER_ELEMENT_TAG (*(UINT64 *)"__PMDA__") 184 typedef struct BG_PLATFORM_MANUFACTURER_ELEMENT_ { 185 UINT64 Tag; 186 UINT8 Version; 187 UINT16 DataSize; 188 } BG_PLATFORM_MANUFACTURER_ELEMENT; 189 190 #define BG_BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT_TAG (*(UINT64 *)"__PMSG__") 191 typedef struct BG_BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT_ { 192 UINT64 Tag; 193 UINT8 Version; 194 BG_KEY_SIGNATURE KeySignature; 195 } BG_BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT; 196 197 #define BG_KEY_MANIFEST_TAG (*(UINT64 *)"__KEYM__") 198 typedef struct BG_KEY_MANIFEST_ { 199 UINT64 Tag; 200 UINT8 Version; 201 UINT8 KmVersion; 202 UINT8 KmSvn; 203 UINT8 KmId; 204 SHA256_HASH BpKeyHash; 205 BG_KEY_SIGNATURE KeyManifestSignature; 206 } BG_KEY_MANIFEST; 207 208 #pragma pack(pop) 209 210 #endif // BOOTGUARD_H