TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / c64890c202018f76d138d84f5560b4018c20c360 / . / protocols / common / efi / efi_image_authentication.h
blob: 5f28ad9d218008b215c70ac4992bb7631f10d873 [file] [log] [blame]
Julian Hall29620bf2022-06-09 10:26:37 +0100[diff] [blame]1/*
2 * Copyright (c) 2023, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#ifndef __IMAGE_AUTHTICATION_H__
9#define __IMAGE_AUTHTICATION_H__
10
11#include <stdint.h>
12#include <protocols/common/efi/efi_types.h>
13
14#define EFI_IMAGE_SECURITY_DATABASE_GUID \
15 { \
16 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \
17 }
18
19///
20/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID
21/// for the authorized signature database.
22///
23#define EFI_IMAGE_SECURITY_DATABASE u"db"
24///
25/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID
26/// for the forbidden signature database.
27///
28#define EFI_IMAGE_SECURITY_DATABASE1 u"dbx"
29///
30/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID
31/// for the timestamp signature database.
32///
33#define EFI_IMAGE_SECURITY_DATABASE2 u"dbt"
34///
35/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID
36/// for the recovery signature database.
37///
38#define EFI_IMAGE_SECURITY_DATABASE3 u"dbr"
39
40// ***********************************************************************
41// Signature Database
42// ***********************************************************************
43///
44/// The format of a signature database.
45///
46#pragma pack(push, 1)
47
48typedef struct {
49 ///
50 /// An identifier which identifies the agent which added the signature to the list.
51 ///
52 EFI_GUID SignatureOwner;
53 ///
54 /// The format of the signature is defined by the SignatureType.
55 ///
56 uint8_t SignatureData[1];
57} EFI_SIGNATURE_DATA;
58
59typedef struct {
60 ///
61 /// Type of the signature. GUID signature types are defined in below.
62 ///
63 EFI_GUID SignatureType;
64 ///
65 /// Total size of the signature list, including this header.
66 ///
67 uint32_t SignatureListSize;
68 ///
69 /// Size of the signature header which precedes the array of signatures.
70 ///
71 uint32_t SignatureHeaderSize;
72 ///
73 /// Size of each signature.
74 ///
75 uint32_t SignatureSize;
76 ///
77 /// Header before the array of signatures. The format of this header is specified
78 /// by the SignatureType.
79 /// uint8_t SignatureHeader[SignatureHeaderSize];
80 ///
81 /// An array of signatures. Each signature is SignatureSize bytes in length.
82 /// EFI_SIGNATURE_DATA Signatures[][SignatureSize];
83 ///
84} EFI_SIGNATURE_LIST;
85
86/* IMPORTED SECTION BEGIN */
87/* This section was imported from MdePkg/Include/Protocol/Hash.h inside EDK2 repository */
88typedef uint8_t EFI_MD5_HASH[16];
89typedef uint8_t EFI_SHA1_HASH[20];
90typedef uint8_t EFI_SHA224_HASH[28];
91typedef uint8_t EFI_SHA256_HASH[32];
92typedef uint8_t EFI_SHA384_HASH[48];
93typedef uint8_t EFI_SHA512_HASH[64];
94/* IMPORTED SECTION END */
95
96typedef struct {
97 ///
98 /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents.
99 ///
100 EFI_SHA256_HASH ToBeSignedHash;
101 ///
102 /// The time that the certificate shall be considered to be revoked.
103 ///
104 EFI_TIME TimeOfRevocation;
105} EFI_CERT_X509_SHA256;
106
107typedef struct {
108 ///
109 /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents.
110 ///
111 EFI_SHA384_HASH ToBeSignedHash;
112 ///
113 /// The time that the certificate shall be considered to be revoked.
114 ///
115 EFI_TIME TimeOfRevocation;
116} EFI_CERT_X509_SHA384;
117
118typedef struct {
119 ///
120 /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents.
121 ///
122 EFI_SHA512_HASH ToBeSignedHash;
123 ///
124 /// The time that the certificate shall be considered to be revoked.
125 ///
126 EFI_TIME TimeOfRevocation;
127} EFI_CERT_X509_SHA512;
128
129#pragma pack(pop)
130
131///
132/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall
133/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +
134/// 32 bytes.
135///
136#define EFI_CERT_SHA256_GUID \
137 { \
138 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \
139 }
140
141///
142/// This identifies a signature containing an RSA-2048 key. The key (only the modulus
143/// since the public key exponent is known to be 0x10001) shall be stored in big-endian
144/// order.
145/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size
146/// of SignatureOwner component) + 256 bytes.
147///
148#define EFI_CERT_RSA2048_GUID \
149 { \
150 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \
151 }
152
153///
154/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The
155/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of
156/// SignatureOwner component) + 256 bytes.
157///
158#define EFI_CERT_RSA2048_SHA256_GUID \
159 { \
160 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \
161 }
162
163///
164/// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always
165/// be 16 (size of SignatureOwner component) + 20 bytes.
166///
167#define EFI_CERT_SHA1_GUID \
168 { \
169 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \
170 }
171
172///
173/// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The
174/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of
175/// SignatureOwner component) + 256 bytes.
176///
177#define EFI_CERT_RSA2048_SHA1_GUID \
178 { \
179 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \
180 }
181
182///
183/// This identifies a signature based on an X.509 certificate. If the signature is an X.509
184/// certificate then verification of the signature of an image should validate the public
185/// key certificate in the image using certificate path verification, up to this X.509
186/// certificate as a trusted root. The SignatureHeader size shall always be 0. The
187/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) +
188/// the size of the certificate itself.
189/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST.
190///
191#define EFI_CERT_X509_GUID \
192 { \
193 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \
194 }
195
196///
197/// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall
198/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +
199/// 28 bytes.
200///
201#define EFI_CERT_SHA224_GUID \
202 { \
203 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \
204 }
205
206///
207/// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall
208/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +
209/// 48 bytes.
210///
211#define EFI_CERT_SHA384_GUID \
212 { \
213 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \
214 }
215
216///
217/// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall
218/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) +
219/// 64 bytes.
220///
221#define EFI_CERT_SHA512_GUID \
222 { \
223 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \
224 }
225
226///
227/// This identifies a signature containing the SHA256 hash of an X.509 certificate's
228/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall
229/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)
230/// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero,
231/// the certificate should be considered to be revoked from that time and onwards, and
232/// otherwise the certificate shall be considered to always be revoked.
233///
234#define EFI_CERT_X509_SHA256_GUID \
235 { \
236 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \
237 }
238
239///
240/// This identifies a signature containing the SHA384 hash of an X.509 certificate's
241/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall
242/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)
243/// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero,
244/// the certificate should be considered to be revoked from that time and onwards, and
245/// otherwise the certificate shall be considered to always be revoked.
246///
247#define EFI_CERT_X509_SHA384_GUID \
248 { \
249 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \
250 }
251
252///
253/// This identifies a signature containing the SHA512 hash of an X.509 certificate's
254/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall
255/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component)
256/// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero,
257/// the certificate should be considered to be revoked from that time and onwards, and
258/// otherwise the certificate shall be considered to always be revoked.
259///
260#define EFI_CERT_X509_SHA512_GUID \
261 { \
262 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \
263 }
264
265///
266/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315]
267/// SignedData value.
268///
269#define EFI_CERT_TYPE_PKCS7_GUID \
270 { \
271 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \
272 }
273
274#endif /* __IMAGE_AUTHTICATION_H__ */