TianoCore EDK2 master
Loading...
Searching...
No Matches
EnrollDefaultKeys.h
Go to the documentation of this file.
1
10#ifndef ENROLL_DEFAULT_KEYS_H_
11#define ENROLL_DEFAULT_KEYS_H_
12
13#include <Uefi/UefiBaseType.h>
14
15//
16// Convenience structure types for constructing "signature lists" for
17// authenticated UEFI variables.
18//
19// The most important thing about the variable payload is that it is a list of
20// lists, where the element size of any given *inner* list is constant.
21//
22// Since X509 certificates vary in size, each of our *inner* lists will contain
23// one element only (one X.509 certificate). This is explicitly mentioned in
24// the UEFI specification, in "28.4.1 Signature Database", in a Note.
25//
26// The list structure looks as follows:
27//
28// struct EFI_VARIABLE_AUTHENTICATION_2 { |
29// struct EFI_TIME { |
30// UINT16 Year; |
31// UINT8 Month; |
32// UINT8 Day; |
33// UINT8 Hour; |
34// UINT8 Minute; |
35// UINT8 Second; |
36// UINT8 Pad1; |
37// UINT32 Nanosecond; |
38// INT16 TimeZone; |
39// UINT8 Daylight; |
40// UINT8 Pad2; |
41// } TimeStamp; |
42// |
43// struct WIN_CERTIFICATE_UEFI_GUID { | |
44// struct WIN_CERTIFICATE { | |
45// UINT32 dwLength; ----------------------------------------+ |
46// UINT16 wRevision; | |
47// UINT16 wCertificateType; | |
48// } Hdr; | +- DataSize
49// | |
50// EFI_GUID CertType; | |
51// UINT8 CertData[1] = { <--- "struct hack" | |
52// struct EFI_SIGNATURE_LIST { | | |
53// EFI_GUID SignatureType; | | |
54// UINT32 SignatureListSize; -------------------------+ | |
55// UINT32 SignatureHeaderSize; | | |
56// UINT32 SignatureSize; ---------------------------+ | | |
57// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
58// v | | |
59// struct EFI_SIGNATURE_DATA { | | | |
60// EFI_GUID SignatureOwner; | | | |
61// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
62// X.509 payload | | | |
63// } | | | |
64// } Signatures[]; | | |
65// } SigLists[]; | |
66// }; | |
67// } AuthInfo; | |
68// }; |
69//
70// Given that the "struct hack" invokes undefined behavior (which is why C99
71// introduced the flexible array member), and because subtracting those pesky
72// sizes of 1 is annoying, and because the format is fully specified in the
73// UEFI specification, we'll introduce two matching convenience structures that
74// are customized for our X.509 purposes.
75//
76#pragma pack (1)
77typedef struct {
78 EFI_TIME TimeStamp;
79
80 //
81 // dwLength covers data below
82 //
83 UINT32 dwLength;
84 UINT16 wRevision;
85 UINT16 wCertificateType;
86 EFI_GUID CertType;
87} SINGLE_HEADER;
88
89typedef struct {
90 //
91 // SignatureListSize covers data below
92 //
93 EFI_GUID SignatureType;
94 UINT32 SignatureListSize;
95 UINT32 SignatureHeaderSize; // constant 0
96 UINT32 SignatureSize;
97
98 //
99 // SignatureSize covers data below
100 //
101 EFI_GUID SignatureOwner;
102
103 //
104 // X.509 certificate follows
105 //
106} REPEATING_HEADER;
107#pragma pack ()
108
109//
110// A structure that collects the values of UEFI variables related to Secure
111// Boot.
112//
113typedef struct {
114 UINT8 SetupMode;
115 UINT8 SecureBoot;
116 UINT8 SecureBootEnable;
117 UINT8 CustomMode;
118 UINT8 VendorKeys;
119} SETTINGS;
120
121//
122// Refer to "AuthData.c" for details on the following objects.
123//
124extern CONST UINT8 mMicrosoftKek[];
125extern CONST UINTN mSizeOfMicrosoftKek;
126
127extern CONST UINT8 mMicrosoftPca[];
128extern CONST UINTN mSizeOfMicrosoftPca;
129
130extern CONST UINT8 mMicrosoftUefiCa[];
131extern CONST UINTN mSizeOfMicrosoftUefiCa;
132
133extern CONST UINT8 mSha256OfDevNull[];
134extern CONST UINTN mSizeOfSha256OfDevNull;
135
136#endif /* ENROLL_DEFAULT_KEYS_H_ */
UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112
CONST
#define CONST
Definition: Base.h:259
EFI_TIME
Definition: UefiBaseType.h:68
GUID
Definition: Base.h:213
REPEATING_HEADER
Definition: EnrollDefaultKeys.h:89
SINGLE_HEADER
Definition: EnrollDefaultKeys.h:77