2011-09-02 09:49:32 +02:00
|
|
|
/** @file
|
|
|
|
The internal header file includes the common header files, defines
|
|
|
|
internal structure and functions used by ImageVerificationLib.
|
|
|
|
|
2012-03-19 06:10:46 +01:00
|
|
|
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
2011-09-02 09:49:32 +02:00
|
|
|
This program and the accompanying materials
|
|
|
|
are licensed and made available under the terms and conditions of the BSD License
|
|
|
|
which accompanies this distribution. The full text of the license may be found at
|
|
|
|
http://opensource.org/licenses/bsd-license.php
|
|
|
|
|
|
|
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#ifndef __IMAGEVERIFICATIONLIB_H__
|
|
|
|
#define __IMAGEVERIFICATIONLIB_H__
|
|
|
|
|
|
|
|
#include <Library/UefiDriverEntryPoint.h>
|
|
|
|
#include <Library/DebugLib.h>
|
|
|
|
#include <Library/BaseMemoryLib.h>
|
|
|
|
#include <Library/UefiBootServicesTableLib.h>
|
|
|
|
#include <Library/UefiRuntimeServicesTableLib.h>
|
|
|
|
#include <Library/UefiLib.h>
|
|
|
|
#include <Library/BaseLib.h>
|
|
|
|
#include <Library/MemoryAllocationLib.h>
|
|
|
|
#include <Library/BaseCryptLib.h>
|
|
|
|
#include <Library/PcdLib.h>
|
|
|
|
#include <Library/DevicePathLib.h>
|
|
|
|
#include <Library/SecurityManagementLib.h>
|
2012-04-24 05:00:32 +02:00
|
|
|
#include <Library/PeCoffLib.h>
|
2011-09-02 09:49:32 +02:00
|
|
|
#include <Protocol/FirmwareVolume2.h>
|
|
|
|
#include <Protocol/DevicePath.h>
|
|
|
|
#include <Protocol/BlockIo.h>
|
|
|
|
#include <Protocol/SimpleFileSystem.h>
|
|
|
|
#include <Protocol/VariableWrite.h>
|
|
|
|
#include <Guid/ImageAuthentication.h>
|
2011-10-28 05:46:20 +02:00
|
|
|
#include <Guid/AuthenticatedVariableFormat.h>
|
2011-09-02 09:49:32 +02:00
|
|
|
#include <IndustryStandard/PeImage.h>
|
|
|
|
|
|
|
|
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
|
|
|
|
#define EFI_CERT_TYPE_RSA2048_SIZE 256
|
|
|
|
#define MAX_NOTIFY_STRING_LEN 64
|
2012-03-19 06:10:46 +01:00
|
|
|
#define TWO_BYTE_ENCODE 0x82
|
2011-09-02 09:49:32 +02:00
|
|
|
|
|
|
|
//
|
|
|
|
// Image type definitions
|
|
|
|
//
|
|
|
|
#define IMAGE_UNKNOWN 0x00000000
|
|
|
|
#define IMAGE_FROM_FV 0x00000001
|
|
|
|
#define IMAGE_FROM_OPTION_ROM 0x00000002
|
|
|
|
#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003
|
|
|
|
#define IMAGE_FROM_FIXED_MEDIA 0x00000004
|
|
|
|
|
|
|
|
//
|
|
|
|
// Authorization policy bit definition
|
|
|
|
//
|
|
|
|
#define ALWAYS_EXECUTE 0x00000000
|
|
|
|
#define NEVER_EXECUTE 0x00000001
|
|
|
|
#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002
|
|
|
|
#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
|
|
|
|
#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
|
|
|
|
#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
|
|
|
|
|
|
|
|
//
|
|
|
|
// Support hash types
|
|
|
|
//
|
|
|
|
#define HASHALG_SHA1 0x00000000
|
|
|
|
#define HASHALG_SHA224 0x00000001
|
|
|
|
#define HASHALG_SHA256 0x00000002
|
|
|
|
#define HASHALG_SHA384 0x00000003
|
|
|
|
#define HASHALG_SHA512 0x00000004
|
|
|
|
#define HASHALG_MAX 0x00000005
|
|
|
|
|
|
|
|
//
|
|
|
|
// Set max digest size as SHA256 Output (32 bytes) by far
|
|
|
|
//
|
|
|
|
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
|
|
|
|
//
|
|
|
|
//
|
|
|
|
// PKCS7 Certificate definition
|
|
|
|
//
|
|
|
|
typedef struct {
|
|
|
|
WIN_CERTIFICATE Hdr;
|
|
|
|
UINT8 CertData[1];
|
|
|
|
} WIN_CERTIFICATE_EFI_PKCS;
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
Retrieves the size, in bytes, of the context buffer required for hash operations.
|
|
|
|
|
|
|
|
@return The size, in bytes, of the context buffer required for hash operations.
|
|
|
|
|
|
|
|
**/
|
|
|
|
typedef
|
|
|
|
UINTN
|
|
|
|
(EFIAPI *HASH_GET_CONTEXT_SIZE)(
|
|
|
|
VOID
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Initializes user-supplied memory pointed by HashContext as hash context for
|
|
|
|
subsequent use.
|
|
|
|
|
|
|
|
If HashContext is NULL, then ASSERT().
|
|
|
|
|
|
|
|
@param[in, out] HashContext Pointer to Context being initialized.
|
|
|
|
|
|
|
|
@retval TRUE HASH context initialization succeeded.
|
|
|
|
@retval FALSE HASH context initialization failed.
|
|
|
|
|
|
|
|
**/
|
|
|
|
typedef
|
|
|
|
BOOLEAN
|
|
|
|
(EFIAPI *HASH_INIT)(
|
|
|
|
IN OUT VOID *HashContext
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
Performs digest on a data buffer of the specified length. This function can
|
|
|
|
be called multiple times to compute the digest of long or discontinuous data streams.
|
|
|
|
|
|
|
|
If HashContext is NULL, then ASSERT().
|
|
|
|
|
|
|
|
@param[in, out] HashContext Pointer to the MD5 context.
|
|
|
|
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
|
|
|
@param[in] DataLength Length of Data buffer in bytes.
|
|
|
|
|
|
|
|
@retval TRUE HASH data digest succeeded.
|
|
|
|
@retval FALSE Invalid HASH context. After HashFinal function has been called, the
|
|
|
|
HASH context cannot be reused.
|
|
|
|
|
|
|
|
**/
|
|
|
|
typedef
|
|
|
|
BOOLEAN
|
|
|
|
(EFIAPI *HASH_UPDATE)(
|
|
|
|
IN OUT VOID *HashContext,
|
|
|
|
IN CONST VOID *Data,
|
|
|
|
IN UINTN DataLength
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Completes hash computation and retrieves the digest value into the specified
|
|
|
|
memory. After this function has been called, the context cannot be used again.
|
|
|
|
|
|
|
|
If HashContext is NULL, then ASSERT().
|
|
|
|
If HashValue is NULL, then ASSERT().
|
|
|
|
|
|
|
|
@param[in, out] HashContext Pointer to the MD5 context
|
|
|
|
@param[out] HashValue Pointer to a buffer that receives the HASH digest
|
|
|
|
value.
|
|
|
|
|
|
|
|
@retval TRUE HASH digest computation succeeded.
|
|
|
|
@retval FALSE HASH digest computation failed.
|
|
|
|
|
|
|
|
**/
|
|
|
|
typedef
|
|
|
|
BOOLEAN
|
|
|
|
(EFIAPI *HASH_FINAL)(
|
|
|
|
IN OUT VOID *HashContext,
|
|
|
|
OUT UINT8 *HashValue
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
// Hash Algorithm Table
|
|
|
|
//
|
|
|
|
typedef struct {
|
|
|
|
//
|
|
|
|
// Name for Hash Algorithm
|
|
|
|
//
|
|
|
|
CHAR16 *Name;
|
|
|
|
//
|
|
|
|
// Digest Length
|
|
|
|
//
|
|
|
|
UINTN DigestLength;
|
|
|
|
//
|
|
|
|
// Hash Algorithm OID ASN.1 Value
|
|
|
|
//
|
|
|
|
UINT8 *OidValue;
|
|
|
|
//
|
|
|
|
// Length of Hash OID Value
|
|
|
|
//
|
|
|
|
UINTN OidLength;
|
|
|
|
//
|
|
|
|
// Pointer to Hash GetContentSize function
|
|
|
|
//
|
|
|
|
HASH_GET_CONTEXT_SIZE GetContextSize;
|
|
|
|
//
|
|
|
|
// Pointer to Hash Init function
|
|
|
|
//
|
|
|
|
HASH_INIT HashInit;
|
|
|
|
//
|
|
|
|
// Pointer to Hash Update function
|
|
|
|
//
|
|
|
|
HASH_UPDATE HashUpdate;
|
|
|
|
//
|
|
|
|
// Pointer to Hash Final function
|
|
|
|
//
|
|
|
|
HASH_FINAL HashFinal;
|
|
|
|
} HASH_TABLE;
|
|
|
|
|
|
|
|
#endif
|