1 /** @file 2 GUID for UEFI WIN_CERTIFICATE structure. 3 4 Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 http://opensource.org/licenses/bsd-license.php 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 13 @par Revision Reference: 14 GUID defined in UEFI 2.0 spec. 15 **/ 16 17 #ifndef __EFI_WIN_CERTIFICATE_H__ 18 #define __EFI_WIN_CERTIFICATE_H__ 19 20 // 21 // _WIN_CERTIFICATE.wCertificateType 22 // 23 #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 24 #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0 25 #define WIN_CERT_TYPE_EFI_GUID 0x0EF1 26 27 /// 28 /// The WIN_CERTIFICATE structure is part of the PE/COFF specification. 29 /// 30 typedef struct { 31 /// 32 /// The length of the entire certificate, 33 /// including the length of the header, in bytes. 34 /// 35 UINT32 dwLength; 36 /// 37 /// The revision level of the WIN_CERTIFICATE 38 /// structure. The current revision level is 0x0200. 39 /// 40 UINT16 wRevision; 41 /// 42 /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI 43 /// certificate types. The UEFI specification reserves the range of 44 /// certificate type values from 0x0EF0 to 0x0EFF. 45 /// 46 UINT16 wCertificateType; 47 /// 48 /// The following is the actual certificate. The format of 49 /// the certificate depends on wCertificateType. 50 /// 51 /// UINT8 bCertificate[ANYSIZE_ARRAY]; 52 /// 53 } WIN_CERTIFICATE; 54 55 /// 56 /// WIN_CERTIFICATE_UEFI_GUID.CertType 57 /// 58 #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ 59 {0xa7717414, 0xc616, 0x4977, { 0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } 60 61 /// 62 /// WIN_CERTIFICATE_UEFI_GUID.CertData 63 /// 64 typedef struct { 65 EFI_GUID HashType; 66 UINT8 PublicKey[256]; 67 UINT8 Signature[256]; 68 } EFI_CERT_BLOCK_RSA_2048_SHA256; 69 70 71 /// 72 /// Certificate which encapsulates a GUID-specific digital signature 73 /// 74 typedef struct { 75 /// 76 /// This is the standard WIN_CERTIFICATE header, where 77 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID. 78 /// 79 WIN_CERTIFICATE Hdr; 80 /// 81 /// This is the unique id which determines the 82 /// format of the CertData. . 83 /// 84 EFI_GUID CertType; 85 /// 86 /// The following is the certificate data. The format of 87 /// the data is determined by the CertType. 88 /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID, 89 /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure. 90 /// 91 UINT8 CertData[1]; 92 } WIN_CERTIFICATE_UEFI_GUID; 93 94 95 /// 96 /// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature. 97 /// 98 /// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from 99 /// WIN_CERTIFICATE and encapsulate the information needed to 100 /// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as 101 /// specified in RFC2437. 102 /// 103 typedef struct { 104 /// 105 /// This is the standard WIN_CERTIFICATE header, where 106 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. 107 /// 108 WIN_CERTIFICATE Hdr; 109 /// 110 /// This is the hashing algorithm which was performed on the 111 /// UEFI executable when creating the digital signature. 112 /// 113 EFI_GUID HashAlgorithm; 114 /// 115 /// The following is the actual digital signature. The 116 /// size of the signature is the same size as the key 117 /// (1024-bit key is 128 bytes) and can be determined by 118 /// subtracting the length of the other parts of this header 119 /// from the total length of the certificate as found in 120 /// Hdr.dwLength. 121 /// 122 /// UINT8 Signature[]; 123 /// 124 } WIN_CERTIFICATE_EFI_PKCS1_15; 125 126 extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid; 127 128 #endif 129