1 /** @file 2 The internal header file includes the common header files, defines 3 internal structure and functions used by ImageVerificationLib. 4 5 Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> 6 SPDX-License-Identifier: BSD-2-Clause-Patent 7 8 **/ 9 10 #ifndef __IMAGEVERIFICATIONLIB_H__ 11 #define __IMAGEVERIFICATIONLIB_H__ 12 13 #include <Library/UefiDriverEntryPoint.h> 14 #include <Library/DebugLib.h> 15 #include <Library/BaseMemoryLib.h> 16 #include <Library/UefiBootServicesTableLib.h> 17 #include <Library/UefiRuntimeServicesTableLib.h> 18 #include <Library/UefiLib.h> 19 #include <Library/BaseLib.h> 20 #include <Library/MemoryAllocationLib.h> 21 #include <Library/BaseCryptLib.h> 22 #include <Library/PcdLib.h> 23 #include <Library/DevicePathLib.h> 24 #include <Library/SecurityManagementLib.h> 25 #include <Library/PeCoffLib.h> 26 #include <Protocol/FirmwareVolume2.h> 27 #include <Protocol/DevicePath.h> 28 #include <Protocol/BlockIo.h> 29 #include <Protocol/SimpleFileSystem.h> 30 #include <Protocol/VariableWrite.h> 31 #include <Guid/ImageAuthentication.h> 32 #include <Guid/AuthenticatedVariableFormat.h> 33 #include <IndustryStandard/PeImage.h> 34 35 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 36 #define EFI_CERT_TYPE_RSA2048_SIZE 256 37 #define MAX_NOTIFY_STRING_LEN 64 38 #define TWO_BYTE_ENCODE 0x82 39 40 #define ALIGNMENT_SIZE 8 41 #define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0) 42 43 // 44 // Image type definitions 45 // 46 #define IMAGE_UNKNOWN 0x00000000 47 #define IMAGE_FROM_FV 0x00000001 48 #define IMAGE_FROM_OPTION_ROM 0x00000002 49 #define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003 50 #define IMAGE_FROM_FIXED_MEDIA 0x00000004 51 52 // 53 // Authorization policy bit definition 54 // 55 #define ALWAYS_EXECUTE 0x00000000 56 #define NEVER_EXECUTE 0x00000001 57 #define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002 58 #define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003 59 #define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004 60 #define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 61 62 // 63 // Support hash types 64 // 65 #define HASHALG_SHA1 0x00000000 66 #define HASHALG_SHA224 0x00000001 67 #define HASHALG_SHA256 0x00000002 68 #define HASHALG_SHA384 0x00000003 69 #define HASHALG_SHA512 0x00000004 70 #define HASHALG_MAX 0x00000005 71 72 // 73 // Set max digest size as SHA512 Output (64 bytes) by far 74 // 75 #define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE 76 // 77 // 78 // PKCS7 Certificate definition 79 // 80 typedef struct { 81 WIN_CERTIFICATE Hdr; 82 UINT8 CertData[1]; 83 } WIN_CERTIFICATE_EFI_PKCS; 84 85 86 /** 87 Retrieves the size, in bytes, of the context buffer required for hash operations. 88 89 @return The size, in bytes, of the context buffer required for hash operations. 90 91 **/ 92 typedef 93 UINTN 94 (EFIAPI *HASH_GET_CONTEXT_SIZE)( 95 VOID 96 ); 97 98 /** 99 Initializes user-supplied memory pointed by HashContext as hash context for 100 subsequent use. 101 102 If HashContext is NULL, then ASSERT(). 103 104 @param[in, out] HashContext Pointer to Context being initialized. 105 106 @retval TRUE HASH context initialization succeeded. 107 @retval FALSE HASH context initialization failed. 108 109 **/ 110 typedef 111 BOOLEAN 112 (EFIAPI *HASH_INIT)( 113 IN OUT VOID *HashContext 114 ); 115 116 117 /** 118 Performs digest on a data buffer of the specified length. This function can 119 be called multiple times to compute the digest of long or discontinuous data streams. 120 121 If HashContext is NULL, then ASSERT(). 122 123 @param[in, out] HashContext Pointer to the MD5 context. 124 @param[in] Data Pointer to the buffer containing the data to be hashed. 125 @param[in] DataLength Length of Data buffer in bytes. 126 127 @retval TRUE HASH data digest succeeded. 128 @retval FALSE Invalid HASH context. After HashFinal function has been called, the 129 HASH context cannot be reused. 130 131 **/ 132 typedef 133 BOOLEAN 134 (EFIAPI *HASH_UPDATE)( 135 IN OUT VOID *HashContext, 136 IN CONST VOID *Data, 137 IN UINTN DataLength 138 ); 139 140 /** 141 Completes hash computation and retrieves the digest value into the specified 142 memory. After this function has been called, the context cannot be used again. 143 144 If HashContext is NULL, then ASSERT(). 145 If HashValue is NULL, then ASSERT(). 146 147 @param[in, out] HashContext Pointer to the MD5 context 148 @param[out] HashValue Pointer to a buffer that receives the HASH digest 149 value. 150 151 @retval TRUE HASH digest computation succeeded. 152 @retval FALSE HASH digest computation failed. 153 154 **/ 155 typedef 156 BOOLEAN 157 (EFIAPI *HASH_FINAL)( 158 IN OUT VOID *HashContext, 159 OUT UINT8 *HashValue 160 ); 161 162 163 // 164 // Hash Algorithm Table 165 // 166 typedef struct { 167 // 168 // Name for Hash Algorithm 169 // 170 CHAR16 *Name; 171 // 172 // Digest Length 173 // 174 UINTN DigestLength; 175 // 176 // Hash Algorithm OID ASN.1 Value 177 // 178 UINT8 *OidValue; 179 // 180 // Length of Hash OID Value 181 // 182 UINTN OidLength; 183 // 184 // Pointer to Hash GetContentSize function 185 // 186 HASH_GET_CONTEXT_SIZE GetContextSize; 187 // 188 // Pointer to Hash Init function 189 // 190 HASH_INIT HashInit; 191 // 192 // Pointer to Hash Update function 193 // 194 HASH_UPDATE HashUpdate; 195 // 196 // Pointer to Hash Final function 197 // 198 HASH_FINAL HashFinal; 199 } HASH_TABLE; 200 201 #endif 202