blob: 9bcd87ff4f44520990f323d1ee12b17f2e412f34 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
/** @file
Type definitions for the EnrollDefaultKeys application.
Copyright (C) 2014-2019, Red Hat, Inc.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef ENROLL_DEFAULT_KEYS_H_
#define ENROLL_DEFAULT_KEYS_H_
#include <Uefi/UefiBaseType.h>
//
// Convenience structure types for constructing "signature lists" for
// authenticated UEFI variables.
//
// The most important thing about the variable payload is that it is a list of
// lists, where the element size of any given *inner* list is constant.
//
// Since X509 certificates vary in size, each of our *inner* lists will contain
// one element only (one X.509 certificate). This is explicitly mentioned in
// the UEFI specification, in "28.4.1 Signature Database", in a Note.
//
// The list structure looks as follows:
//
// struct EFI_VARIABLE_AUTHENTICATION_2 { |
// struct EFI_TIME { |
// UINT16 Year; |
// UINT8 Month; |
// UINT8 Day; |
// UINT8 Hour; |
// UINT8 Minute; |
// UINT8 Second; |
// UINT8 Pad1; |
// UINT32 Nanosecond; |
// INT16 TimeZone; |
// UINT8 Daylight; |
// UINT8 Pad2; |
// } TimeStamp; |
// |
// struct WIN_CERTIFICATE_UEFI_GUID { | |
// struct WIN_CERTIFICATE { | |
// UINT32 dwLength; ----------------------------------------+ |
// UINT16 wRevision; | |
// UINT16 wCertificateType; | |
// } Hdr; | +- DataSize
// | |
// EFI_GUID CertType; | |
// UINT8 CertData[1] = { <--- "struct hack" | |
// struct EFI_SIGNATURE_LIST { | | |
// EFI_GUID SignatureType; | | |
// UINT32 SignatureListSize; -------------------------+ | |
// UINT32 SignatureHeaderSize; | | |
// UINT32 SignatureSize; ---------------------------+ | | |
// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
// v | | |
// struct EFI_SIGNATURE_DATA { | | | |
// EFI_GUID SignatureOwner; | | | |
// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
// X.509 payload | | | |
// } | | | |
// } Signatures[]; | | |
// } SigLists[]; | |
// }; | |
// } AuthInfo; | |
// }; |
//
// Given that the "struct hack" invokes undefined behavior (which is why C99
// introduced the flexible array member), and because subtracting those pesky
// sizes of 1 is annoying, and because the format is fully specified in the
// UEFI specification, we'll introduce two matching convenience structures that
// are customized for our X.509 purposes.
//
#pragma pack (1)
typedef struct {
EFI_TIME TimeStamp;
//
// dwLength covers data below
//
UINT32 dwLength;
UINT16 wRevision;
UINT16 wCertificateType;
EFI_GUID CertType;
} SINGLE_HEADER;
typedef struct {
//
// SignatureListSize covers data below
//
EFI_GUID SignatureType;
UINT32 SignatureListSize;
UINT32 SignatureHeaderSize; // constant 0
UINT32 SignatureSize;
//
// SignatureSize covers data below
//
EFI_GUID SignatureOwner;
//
// X.509 certificate follows
//
} REPEATING_HEADER;
#pragma pack ()
//
// A structure that collects the values of UEFI variables related to Secure
// Boot.
//
typedef struct {
UINT8 SetupMode;
UINT8 SecureBoot;
UINT8 SecureBootEnable;
UINT8 CustomMode;
UINT8 VendorKeys;
} SETTINGS;
#endif /* ENROLL_DEFAULT_KEYS_H_ */
|
