1/** @file 2 GUID for UEFI WIN_CERTIFICATE structure. 3 4 Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 http://opensource.org/licenses/bsd-license.php 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 13 @par Revision Reference: 14 GUID defined in UEFI 2.0 spec. 15**/ 16 17#ifndef __EFI_WIN_CERTIFICATE_H__ 18#define __EFI_WIN_CERTIFICATE_H__ 19 20// 21// _WIN_CERTIFICATE.wCertificateType 22// 23#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 24#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0 25#define WIN_CERT_TYPE_EFI_GUID 0x0EF1 26 27/// 28/// The WIN_CERTIFICATE structure is part of the PE/COFF specification. 29/// 30typedef struct { 31 /// 32 /// The length of the entire certificate, 33 /// including the length of the header, in bytes. 34 /// 35 UINT32 dwLength; 36 /// 37 /// The revision level of the WIN_CERTIFICATE 38 /// structure. The current revision level is 0x0200. 39 /// 40 UINT16 wRevision; 41 /// 42 /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI 43 /// certificate types. The UEFI specification reserves the range of 44 /// certificate type values from 0x0EF0 to 0x0EFF. 45 /// 46 UINT16 wCertificateType; 47 /// 48 /// The following is the actual certificate. The format of 49 /// the certificate depends on wCertificateType. 50 /// 51 /// UINT8 bCertificate[ANYSIZE_ARRAY]; 52 /// 53} WIN_CERTIFICATE; 54 55/// 56/// WIN_CERTIFICATE_UEFI_GUID.CertType 57/// 58#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ 59 {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } 60 61/// 62/// WIN_CERTIFICATE_UEFI_GUID.CertData 63/// 64typedef struct { 65 EFI_GUID HashType; 66 UINT8 PublicKey[256]; 67 UINT8 Signature[256]; 68} EFI_CERT_BLOCK_RSA_2048_SHA256; 69 70 71/// 72/// Certificate which encapsulates a GUID-specific digital signature 73/// 74typedef struct { 75 /// 76 /// This is the standard WIN_CERTIFICATE header, where 77 /// wCertificateType is set to WIN_CERT_TYPE_EFI_GUID. 78 /// 79 WIN_CERTIFICATE Hdr; 80 /// 81 /// This is the unique id which determines the 82 /// format of the CertData. . 83 /// 84 EFI_GUID CertType; 85 /// 86 /// The following is the certificate data. The format of 87 /// the data is determined by the CertType. 88 /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID, 89 /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure. 90 /// 91 UINT8 CertData[1]; 92} WIN_CERTIFICATE_UEFI_GUID; 93 94 95/// 96/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature. 97/// 98/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from 99/// WIN_CERTIFICATE and encapsulate the information needed to 100/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as 101/// specified in RFC2437. 102/// 103typedef struct { 104 /// 105 /// This is the standard WIN_CERTIFICATE header, where 106 /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. 107 /// 108 WIN_CERTIFICATE Hdr; 109 /// 110 /// This is the hashing algorithm which was performed on the 111 /// UEFI executable when creating the digital signature. 112 /// 113 EFI_GUID HashAlgorithm; 114 /// 115 /// The following is the actual digital signature. The 116 /// size of the signature is the same size as the key 117 /// (1024-bit key is 128 bytes) and can be determined by 118 /// subtracting the length of the other parts of this header 119 /// from the total length of the certificate as found in 120 /// Hdr.dwLength. 121 /// 122 /// UINT8 Signature[]; 123 /// 124} WIN_CERTIFICATE_EFI_PKCS1_15; 125 126extern EFI_GUID gEfiCertTypeRsa2048Sha256Guid; 127 128#endif 129