113ea0450SMarcin Wojtas /** @file 213ea0450SMarcin Wojtas Image signature database are defined for the signed image validation. 313ea0450SMarcin Wojtas Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> 413ea0450SMarcin Wojtas This program and the accompanying materials 513ea0450SMarcin Wojtas are licensed and made available under the terms and conditions of the BSD License 613ea0450SMarcin Wojtas which accompanies this distribution. The full text of the license may be found at 713ea0450SMarcin Wojtas http://opensource.org/licenses/bsd-license.php 813ea0450SMarcin Wojtas THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 913ea0450SMarcin Wojtas WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 1013ea0450SMarcin Wojtas @par Revision Reference: 1113ea0450SMarcin Wojtas GUIDs defined in UEFI 2.5 spec. 1213ea0450SMarcin Wojtas **/ 1313ea0450SMarcin Wojtas 1413ea0450SMarcin Wojtas #ifndef __IMAGE_AUTHTICATION_H__ 1513ea0450SMarcin Wojtas #define __IMAGE_AUTHTICATION_H__ 1613ea0450SMarcin Wojtas 1713ea0450SMarcin Wojtas #include <sys/cdefs.h> 1813ea0450SMarcin Wojtas #include <Guid/GlobalVariable.h> 1913ea0450SMarcin Wojtas #include <Protocol/Hash.h> 2013ea0450SMarcin Wojtas 2113ea0450SMarcin Wojtas #define EFI_IMAGE_SECURITY_DATABASE_GUID \ 2213ea0450SMarcin Wojtas { \ 2313ea0450SMarcin Wojtas 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \ 2413ea0450SMarcin Wojtas } 2513ea0450SMarcin Wojtas 2613ea0450SMarcin Wojtas /// 2713ea0450SMarcin Wojtas /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID 2813ea0450SMarcin Wojtas /// for the authorized signature database. 2913ea0450SMarcin Wojtas /// 3013ea0450SMarcin Wojtas #define EFI_IMAGE_SECURITY_DATABASE L"db" 3113ea0450SMarcin Wojtas /// 3213ea0450SMarcin Wojtas /// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID 3313ea0450SMarcin Wojtas /// for the forbidden signature database. 3413ea0450SMarcin Wojtas /// 3513ea0450SMarcin Wojtas #define EFI_IMAGE_SECURITY_DATABASE1 L"dbx" 3613ea0450SMarcin Wojtas /// 3713ea0450SMarcin Wojtas /// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID 3813ea0450SMarcin Wojtas /// for the timestamp signature database. 3913ea0450SMarcin Wojtas /// 4013ea0450SMarcin Wojtas #define EFI_IMAGE_SECURITY_DATABASE2 L"dbt" 4113ea0450SMarcin Wojtas 4213ea0450SMarcin Wojtas #define SECURE_BOOT_MODE_ENABLE 1 4313ea0450SMarcin Wojtas #define SECURE_BOOT_MODE_DISABLE 0 4413ea0450SMarcin Wojtas 4513ea0450SMarcin Wojtas #define SETUP_MODE 1 4613ea0450SMarcin Wojtas #define USER_MODE 0 4713ea0450SMarcin Wojtas 4813ea0450SMarcin Wojtas //*********************************************************************** 4913ea0450SMarcin Wojtas // Signature Database 5013ea0450SMarcin Wojtas //*********************************************************************** 5113ea0450SMarcin Wojtas /// 5213ea0450SMarcin Wojtas /// The format of a signature database. 5313ea0450SMarcin Wojtas /// 5413ea0450SMarcin Wojtas #pragma pack(1) 5513ea0450SMarcin Wojtas 5613ea0450SMarcin Wojtas typedef struct { 5713ea0450SMarcin Wojtas /// 5813ea0450SMarcin Wojtas /// An identifier which identifies the agent which added the signature to the list. 5913ea0450SMarcin Wojtas /// 6013ea0450SMarcin Wojtas EFI_GUID SignatureOwner; 6113ea0450SMarcin Wojtas /// 6213ea0450SMarcin Wojtas /// The format of the signature is defined by the SignatureType. 6313ea0450SMarcin Wojtas /// 6413ea0450SMarcin Wojtas UINT8 SignatureData[1]; 6513ea0450SMarcin Wojtas } EFI_SIGNATURE_DATA; 6613ea0450SMarcin Wojtas 6713ea0450SMarcin Wojtas typedef struct { 6813ea0450SMarcin Wojtas /// 6913ea0450SMarcin Wojtas /// Type of the signature. GUID signature types are defined in below. 7013ea0450SMarcin Wojtas /// 7113ea0450SMarcin Wojtas EFI_GUID SignatureType; 7213ea0450SMarcin Wojtas /// 7313ea0450SMarcin Wojtas /// Total size of the signature list, including this header. 7413ea0450SMarcin Wojtas /// 7513ea0450SMarcin Wojtas UINT32 SignatureListSize; 7613ea0450SMarcin Wojtas /// 7713ea0450SMarcin Wojtas /// Size of the signature header which precedes the array of signatures. 7813ea0450SMarcin Wojtas /// 7913ea0450SMarcin Wojtas UINT32 SignatureHeaderSize; 8013ea0450SMarcin Wojtas /// 8113ea0450SMarcin Wojtas /// Size of each signature. 8213ea0450SMarcin Wojtas /// 8313ea0450SMarcin Wojtas UINT32 SignatureSize; 8413ea0450SMarcin Wojtas /// 8513ea0450SMarcin Wojtas /// Header before the array of signatures. The format of this header is specified 8613ea0450SMarcin Wojtas /// by the SignatureType. 8713ea0450SMarcin Wojtas /// UINT8 SignatureHeader[SignatureHeaderSize]; 8813ea0450SMarcin Wojtas /// 8913ea0450SMarcin Wojtas /// An array of signatures. Each signature is SignatureSize bytes in length. 9013ea0450SMarcin Wojtas /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; 9113ea0450SMarcin Wojtas /// 9213ea0450SMarcin Wojtas } EFI_SIGNATURE_LIST; 9313ea0450SMarcin Wojtas 9413ea0450SMarcin Wojtas typedef struct { 9513ea0450SMarcin Wojtas /// 9613ea0450SMarcin Wojtas /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents. 9713ea0450SMarcin Wojtas /// 9813ea0450SMarcin Wojtas EFI_SHA256_HASH ToBeSignedHash; 9913ea0450SMarcin Wojtas /// 10013ea0450SMarcin Wojtas /// The time that the certificate shall be considered to be revoked. 10113ea0450SMarcin Wojtas /// 10213ea0450SMarcin Wojtas EFI_TIME TimeOfRevocation; 10313ea0450SMarcin Wojtas } EFI_CERT_X509_SHA256; 10413ea0450SMarcin Wojtas 10513ea0450SMarcin Wojtas typedef struct { 10613ea0450SMarcin Wojtas /// 10713ea0450SMarcin Wojtas /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents. 10813ea0450SMarcin Wojtas /// 10913ea0450SMarcin Wojtas EFI_SHA384_HASH ToBeSignedHash; 11013ea0450SMarcin Wojtas /// 11113ea0450SMarcin Wojtas /// The time that the certificate shall be considered to be revoked. 11213ea0450SMarcin Wojtas /// 11313ea0450SMarcin Wojtas EFI_TIME TimeOfRevocation; 11413ea0450SMarcin Wojtas } EFI_CERT_X509_SHA384; 11513ea0450SMarcin Wojtas 11613ea0450SMarcin Wojtas typedef struct { 11713ea0450SMarcin Wojtas /// 11813ea0450SMarcin Wojtas /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents. 11913ea0450SMarcin Wojtas /// 12013ea0450SMarcin Wojtas EFI_SHA512_HASH ToBeSignedHash; 12113ea0450SMarcin Wojtas /// 12213ea0450SMarcin Wojtas /// The time that the certificate shall be considered to be revoked. 12313ea0450SMarcin Wojtas /// 12413ea0450SMarcin Wojtas EFI_TIME TimeOfRevocation; 12513ea0450SMarcin Wojtas } EFI_CERT_X509_SHA512; 12613ea0450SMarcin Wojtas 12713ea0450SMarcin Wojtas #pragma pack() 12813ea0450SMarcin Wojtas 12913ea0450SMarcin Wojtas /// 13013ea0450SMarcin Wojtas /// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall 13113ea0450SMarcin Wojtas /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + 13213ea0450SMarcin Wojtas /// 32 bytes. 13313ea0450SMarcin Wojtas /// 13413ea0450SMarcin Wojtas #define EFI_CERT_SHA256_GUID \ 13513ea0450SMarcin Wojtas { \ 13613ea0450SMarcin Wojtas 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \ 13713ea0450SMarcin Wojtas } 13813ea0450SMarcin Wojtas 13913ea0450SMarcin Wojtas /// 14013ea0450SMarcin Wojtas /// This identifies a signature containing an RSA-2048 key. The key (only the modulus 14113ea0450SMarcin Wojtas /// since the public key exponent is known to be 0x10001) shall be stored in big-endian 14213ea0450SMarcin Wojtas /// order. 14313ea0450SMarcin Wojtas /// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size 14413ea0450SMarcin Wojtas /// of SignatureOwner component) + 256 bytes. 14513ea0450SMarcin Wojtas /// 14613ea0450SMarcin Wojtas #define EFI_CERT_RSA2048_GUID \ 14713ea0450SMarcin Wojtas { \ 14813ea0450SMarcin Wojtas 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \ 14913ea0450SMarcin Wojtas } 15013ea0450SMarcin Wojtas 15113ea0450SMarcin Wojtas /// 15213ea0450SMarcin Wojtas /// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The 15313ea0450SMarcin Wojtas /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of 15413ea0450SMarcin Wojtas /// SignatureOwner component) + 256 bytes. 15513ea0450SMarcin Wojtas /// 15613ea0450SMarcin Wojtas #define EFI_CERT_RSA2048_SHA256_GUID \ 15713ea0450SMarcin Wojtas { \ 15813ea0450SMarcin Wojtas 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \ 15913ea0450SMarcin Wojtas } 16013ea0450SMarcin Wojtas 16113ea0450SMarcin Wojtas /// 16213ea0450SMarcin Wojtas /// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always 16313ea0450SMarcin Wojtas /// be 16 (size of SignatureOwner component) + 20 bytes. 16413ea0450SMarcin Wojtas /// 16513ea0450SMarcin Wojtas #define EFI_CERT_SHA1_GUID \ 16613ea0450SMarcin Wojtas { \ 16713ea0450SMarcin Wojtas 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \ 16813ea0450SMarcin Wojtas } 16913ea0450SMarcin Wojtas 17013ea0450SMarcin Wojtas /// 17113ea0450SMarcin Wojtas /// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The 17213ea0450SMarcin Wojtas /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of 17313ea0450SMarcin Wojtas /// SignatureOwner component) + 256 bytes. 17413ea0450SMarcin Wojtas /// 17513ea0450SMarcin Wojtas #define EFI_CERT_RSA2048_SHA1_GUID \ 17613ea0450SMarcin Wojtas { \ 17713ea0450SMarcin Wojtas 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \ 17813ea0450SMarcin Wojtas } 17913ea0450SMarcin Wojtas 18013ea0450SMarcin Wojtas /// 18113ea0450SMarcin Wojtas /// This identifies a signature based on an X.509 certificate. If the signature is an X.509 18213ea0450SMarcin Wojtas /// certificate then verification of the signature of an image should validate the public 18313ea0450SMarcin Wojtas /// key certificate in the image using certificate path verification, up to this X.509 18413ea0450SMarcin Wojtas /// certificate as a trusted root. The SignatureHeader size shall always be 0. The 18513ea0450SMarcin Wojtas /// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + 18613ea0450SMarcin Wojtas /// the size of the certificate itself. 18713ea0450SMarcin Wojtas /// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. 18813ea0450SMarcin Wojtas /// 18913ea0450SMarcin Wojtas #define EFI_CERT_X509_GUID \ 19013ea0450SMarcin Wojtas { \ 19113ea0450SMarcin Wojtas 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \ 19213ea0450SMarcin Wojtas } 19313ea0450SMarcin Wojtas 19413ea0450SMarcin Wojtas /// 19513ea0450SMarcin Wojtas /// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall 19613ea0450SMarcin Wojtas /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + 19713ea0450SMarcin Wojtas /// 28 bytes. 19813ea0450SMarcin Wojtas /// 19913ea0450SMarcin Wojtas #define EFI_CERT_SHA224_GUID \ 20013ea0450SMarcin Wojtas { \ 20113ea0450SMarcin Wojtas 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \ 20213ea0450SMarcin Wojtas } 20313ea0450SMarcin Wojtas 20413ea0450SMarcin Wojtas /// 20513ea0450SMarcin Wojtas /// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall 20613ea0450SMarcin Wojtas /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + 20713ea0450SMarcin Wojtas /// 48 bytes. 20813ea0450SMarcin Wojtas /// 20913ea0450SMarcin Wojtas #define EFI_CERT_SHA384_GUID \ 21013ea0450SMarcin Wojtas { \ 21113ea0450SMarcin Wojtas 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \ 21213ea0450SMarcin Wojtas } 21313ea0450SMarcin Wojtas 21413ea0450SMarcin Wojtas /// 21513ea0450SMarcin Wojtas /// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall 21613ea0450SMarcin Wojtas /// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + 21713ea0450SMarcin Wojtas /// 64 bytes. 21813ea0450SMarcin Wojtas /// 21913ea0450SMarcin Wojtas #define EFI_CERT_SHA512_GUID \ 22013ea0450SMarcin Wojtas { \ 22113ea0450SMarcin Wojtas 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \ 22213ea0450SMarcin Wojtas } 22313ea0450SMarcin Wojtas 22413ea0450SMarcin Wojtas /// 22513ea0450SMarcin Wojtas /// This identifies a signature containing the SHA256 hash of an X.509 certificate's 22613ea0450SMarcin Wojtas /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall 22713ea0450SMarcin Wojtas /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) 22813ea0450SMarcin Wojtas /// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero, 22913ea0450SMarcin Wojtas /// the certificate should be considered to be revoked from that time and onwards, and 23013ea0450SMarcin Wojtas /// otherwise the certificate shall be considered to always be revoked. 23113ea0450SMarcin Wojtas /// 23213ea0450SMarcin Wojtas #define EFI_CERT_X509_SHA256_GUID \ 23313ea0450SMarcin Wojtas { \ 23413ea0450SMarcin Wojtas 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \ 23513ea0450SMarcin Wojtas } 23613ea0450SMarcin Wojtas 23713ea0450SMarcin Wojtas /// 23813ea0450SMarcin Wojtas /// This identifies a signature containing the SHA384 hash of an X.509 certificate's 23913ea0450SMarcin Wojtas /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall 24013ea0450SMarcin Wojtas /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) 24113ea0450SMarcin Wojtas /// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero, 24213ea0450SMarcin Wojtas /// the certificate should be considered to be revoked from that time and onwards, and 24313ea0450SMarcin Wojtas /// otherwise the certificate shall be considered to always be revoked. 24413ea0450SMarcin Wojtas /// 24513ea0450SMarcin Wojtas #define EFI_CERT_X509_SHA384_GUID \ 24613ea0450SMarcin Wojtas { \ 24713ea0450SMarcin Wojtas 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \ 24813ea0450SMarcin Wojtas } 24913ea0450SMarcin Wojtas 25013ea0450SMarcin Wojtas /// 25113ea0450SMarcin Wojtas /// This identifies a signature containing the SHA512 hash of an X.509 certificate's 25213ea0450SMarcin Wojtas /// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall 25313ea0450SMarcin Wojtas /// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) 25413ea0450SMarcin Wojtas /// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero, 25513ea0450SMarcin Wojtas /// the certificate should be considered to be revoked from that time and onwards, and 25613ea0450SMarcin Wojtas /// otherwise the certificate shall be considered to always be revoked. 25713ea0450SMarcin Wojtas /// 25813ea0450SMarcin Wojtas #define EFI_CERT_X509_SHA512_GUID \ 25913ea0450SMarcin Wojtas { \ 26013ea0450SMarcin Wojtas 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \ 26113ea0450SMarcin Wojtas } 26213ea0450SMarcin Wojtas 26313ea0450SMarcin Wojtas /// 26413ea0450SMarcin Wojtas /// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315] 26513ea0450SMarcin Wojtas /// SignedData value. 26613ea0450SMarcin Wojtas /// 26713ea0450SMarcin Wojtas #define EFI_CERT_TYPE_PKCS7_GUID \ 26813ea0450SMarcin Wojtas { \ 26913ea0450SMarcin Wojtas 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \ 27013ea0450SMarcin Wojtas } 27113ea0450SMarcin Wojtas 27213ea0450SMarcin Wojtas //*********************************************************************** 27313ea0450SMarcin Wojtas // Image Execution Information Table Definition 27413ea0450SMarcin Wojtas //*********************************************************************** 27513ea0450SMarcin Wojtas typedef UINT32 EFI_IMAGE_EXECUTION_ACTION; 27613ea0450SMarcin Wojtas 27713ea0450SMarcin Wojtas #define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 27813ea0450SMarcin Wojtas #define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000 27913ea0450SMarcin Wojtas #define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001 28013ea0450SMarcin Wojtas #define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002 28113ea0450SMarcin Wojtas #define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003 28213ea0450SMarcin Wojtas #define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004 28313ea0450SMarcin Wojtas #define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005 28413ea0450SMarcin Wojtas #define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008 28513ea0450SMarcin Wojtas 28613ea0450SMarcin Wojtas // 28713ea0450SMarcin Wojtas // EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table 28813ea0450SMarcin Wojtas // and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID. 28913ea0450SMarcin Wojtas // 29013ea0450SMarcin Wojtas typedef struct { 29113ea0450SMarcin Wojtas /// 29213ea0450SMarcin Wojtas /// Describes the action taken by the firmware regarding this image. 29313ea0450SMarcin Wojtas /// 29413ea0450SMarcin Wojtas EFI_IMAGE_EXECUTION_ACTION Action; 29513ea0450SMarcin Wojtas /// 29613ea0450SMarcin Wojtas /// Size of all of the entire structure. 29713ea0450SMarcin Wojtas /// 29813ea0450SMarcin Wojtas UINT32 InfoSize; 29913ea0450SMarcin Wojtas /// 30013ea0450SMarcin Wojtas /// If this image was a UEFI device driver (for option ROM, for example) this is the 30113ea0450SMarcin Wojtas /// null-terminated, user-friendly name for the device. If the image was for an application, 30213ea0450SMarcin Wojtas /// then this is the name of the application. If this cannot be determined, then a simple 30313ea0450SMarcin Wojtas /// NULL character should be put in this position. 30413ea0450SMarcin Wojtas /// CHAR16 Name[]; 30513ea0450SMarcin Wojtas /// 30613ea0450SMarcin Wojtas 30713ea0450SMarcin Wojtas /// 30813ea0450SMarcin Wojtas /// For device drivers, this is the device path of the device for which this device driver 30913ea0450SMarcin Wojtas /// was intended. In some cases, the driver itself may be stored as part of the system 31013ea0450SMarcin Wojtas /// firmware, but this field should record the device's path, not the firmware path. For 31113ea0450SMarcin Wojtas /// applications, this is the device path of the application. If this cannot be determined, 31213ea0450SMarcin Wojtas /// a simple end-of-path device node should be put in this position. 31313ea0450SMarcin Wojtas /// EFI_DEVICE_PATH_PROTOCOL DevicePath; 31413ea0450SMarcin Wojtas /// 31513ea0450SMarcin Wojtas 31613ea0450SMarcin Wojtas /// 31713ea0450SMarcin Wojtas /// Zero or more image signatures. If the image contained no signatures, 31813ea0450SMarcin Wojtas /// then this field is empty. 31913ea0450SMarcin Wojtas /// EFI_SIGNATURE_LIST Signature; 32013ea0450SMarcin Wojtas /// 32113ea0450SMarcin Wojtas } EFI_IMAGE_EXECUTION_INFO; 32213ea0450SMarcin Wojtas 32313ea0450SMarcin Wojtas 32413ea0450SMarcin Wojtas typedef struct { 32513ea0450SMarcin Wojtas /// 32613ea0450SMarcin Wojtas /// Number of EFI_IMAGE_EXECUTION_INFO structures. 32713ea0450SMarcin Wojtas /// 32813ea0450SMarcin Wojtas UINTN NumberOfImages; 32913ea0450SMarcin Wojtas /// 33013ea0450SMarcin Wojtas /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures. 33113ea0450SMarcin Wojtas /// 33213ea0450SMarcin Wojtas // EFI_IMAGE_EXECUTION_INFO InformationInfo[] 33313ea0450SMarcin Wojtas } EFI_IMAGE_EXECUTION_INFO_TABLE; 33413ea0450SMarcin Wojtas 33513ea0450SMarcin Wojtas extern EFI_GUID gEfiImageSecurityDatabaseGuid; 33613ea0450SMarcin Wojtas extern EFI_GUID gEfiCertSha256Guid; 33713ea0450SMarcin Wojtas extern EFI_GUID gEfiCertRsa2048Guid; 33813ea0450SMarcin Wojtas extern EFI_GUID gEfiCertRsa2048Sha256Guid; 33913ea0450SMarcin Wojtas extern EFI_GUID gEfiCertSha1Guid; 34013ea0450SMarcin Wojtas extern EFI_GUID gEfiCertRsa2048Sha1Guid; 34113ea0450SMarcin Wojtas extern EFI_GUID gEfiCertX509Guid; 34213ea0450SMarcin Wojtas extern EFI_GUID gEfiCertSha224Guid; 34313ea0450SMarcin Wojtas extern EFI_GUID gEfiCertSha384Guid; 34413ea0450SMarcin Wojtas extern EFI_GUID gEfiCertSha512Guid; 34513ea0450SMarcin Wojtas extern EFI_GUID gEfiCertX509Sha256Guid; 34613ea0450SMarcin Wojtas extern EFI_GUID gEfiCertX509Sha384Guid; 34713ea0450SMarcin Wojtas extern EFI_GUID gEfiCertX509Sha512Guid; 34813ea0450SMarcin Wojtas extern EFI_GUID gEfiCertPkcs7Guid; 34913ea0450SMarcin Wojtas 35013ea0450SMarcin Wojtas #endif 351