| /** @file | |
| The internal header file includes the common header files, defines | |
| internal structure and functions used by ImageVerificationLib. | |
| Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> | |
| This program and the accompanying materials | |
| are licensed and made available under the terms and conditions of the BSD License | |
| which accompanies this distribution. The full text of the license may be found at | |
| http://opensource.org/licenses/bsd-license.php | |
| THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, | |
| WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. | |
| **/ | |
| #ifndef __IMAGEVERIFICATIONLIB_H__ | |
| #define __IMAGEVERIFICATIONLIB_H__ | |
| #include <Library/UefiDriverEntryPoint.h> | |
| #include <Library/DebugLib.h> | |
| #include <Library/BaseMemoryLib.h> | |
| #include <Library/UefiBootServicesTableLib.h> | |
| #include <Library/UefiRuntimeServicesTableLib.h> | |
| #include <Library/UefiLib.h> | |
| #include <Library/BaseLib.h> | |
| #include <Library/MemoryAllocationLib.h> | |
| #include <Library/BaseCryptLib.h> | |
| #include <Library/PcdLib.h> | |
| #include <Library/DevicePathLib.h> | |
| #include <Library/SecurityManagementLib.h> | |
| #include <Library/PeCoffLib.h> | |
| #include <Protocol/FirmwareVolume2.h> | |
| #include <Protocol/DevicePath.h> | |
| #include <Protocol/BlockIo.h> | |
| #include <Protocol/SimpleFileSystem.h> | |
| #include <Protocol/VariableWrite.h> | |
| #include <Guid/ImageAuthentication.h> | |
| #include <Guid/AuthenticatedVariableFormat.h> | |
| #include <IndustryStandard/PeImage.h> | |
| #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 | |
| #define EFI_CERT_TYPE_RSA2048_SIZE 256 | |
| #define MAX_NOTIFY_STRING_LEN 64 | |
| #define TWO_BYTE_ENCODE 0x82 | |
| #define ALIGNMENT_SIZE 8 | |
| #define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0) | |
| // | |
| // Image type definitions | |
| // | |
| #define IMAGE_UNKNOWN 0x00000000 | |
| #define IMAGE_FROM_FV 0x00000001 | |
| #define IMAGE_FROM_OPTION_ROM 0x00000002 | |
| #define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003 | |
| #define IMAGE_FROM_FIXED_MEDIA 0x00000004 | |
| // | |
| // Authorization policy bit definition | |
| // | |
| #define ALWAYS_EXECUTE 0x00000000 | |
| #define NEVER_EXECUTE 0x00000001 | |
| #define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002 | |
| #define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003 | |
| #define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004 | |
| #define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 | |
| // | |
| // Support hash types | |
| // | |
| #define HASHALG_SHA1 0x00000000 | |
| #define HASHALG_SHA224 0x00000001 | |
| #define HASHALG_SHA256 0x00000002 | |
| #define HASHALG_SHA384 0x00000003 | |
| #define HASHALG_SHA512 0x00000004 | |
| #define HASHALG_MAX 0x00000005 | |
| // | |
| // Set max digest size as SHA512 Output (64 bytes) by far | |
| // | |
| #define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE | |
| // | |
| // | |
| // PKCS7 Certificate definition | |
| // | |
| typedef struct { | |
| WIN_CERTIFICATE Hdr; | |
| UINT8 CertData[1]; | |
| } WIN_CERTIFICATE_EFI_PKCS; | |
| /** | |
| Retrieves the size, in bytes, of the context buffer required for hash operations. | |
| @return The size, in bytes, of the context buffer required for hash operations. | |
| **/ | |
| typedef | |
| UINTN | |
| (EFIAPI *HASH_GET_CONTEXT_SIZE)( | |
| VOID | |
| ); | |
| /** | |
| Initializes user-supplied memory pointed by HashContext as hash context for | |
| subsequent use. | |
| If HashContext is NULL, then ASSERT(). | |
| @param[in, out] HashContext Pointer to Context being initialized. | |
| @retval TRUE HASH context initialization succeeded. | |
| @retval FALSE HASH context initialization failed. | |
| **/ | |
| typedef | |
| BOOLEAN | |
| (EFIAPI *HASH_INIT)( | |
| IN OUT VOID *HashContext | |
| ); | |
| /** | |
| Performs digest on a data buffer of the specified length. This function can | |
| be called multiple times to compute the digest of long or discontinuous data streams. | |
| If HashContext is NULL, then ASSERT(). | |
| @param[in, out] HashContext Pointer to the MD5 context. | |
| @param[in] Data Pointer to the buffer containing the data to be hashed. | |
| @param[in] DataLength Length of Data buffer in bytes. | |
| @retval TRUE HASH data digest succeeded. | |
| @retval FALSE Invalid HASH context. After HashFinal function has been called, the | |
| HASH context cannot be reused. | |
| **/ | |
| typedef | |
| BOOLEAN | |
| (EFIAPI *HASH_UPDATE)( | |
| IN OUT VOID *HashContext, | |
| IN CONST VOID *Data, | |
| IN UINTN DataLength | |
| ); | |
| /** | |
| Completes hash computation and retrieves the digest value into the specified | |
| memory. After this function has been called, the context cannot be used again. | |
| If HashContext is NULL, then ASSERT(). | |
| If HashValue is NULL, then ASSERT(). | |
| @param[in, out] HashContext Pointer to the MD5 context | |
| @param[out] HashValue Pointer to a buffer that receives the HASH digest | |
| value. | |
| @retval TRUE HASH digest computation succeeded. | |
| @retval FALSE HASH digest computation failed. | |
| **/ | |
| typedef | |
| BOOLEAN | |
| (EFIAPI *HASH_FINAL)( | |
| IN OUT VOID *HashContext, | |
| OUT UINT8 *HashValue | |
| ); | |
| // | |
| // Hash Algorithm Table | |
| // | |
| typedef struct { | |
| // | |
| // Name for Hash Algorithm | |
| // | |
| CHAR16 *Name; | |
| // | |
| // Digest Length | |
| // | |
| UINTN DigestLength; | |
| // | |
| // Hash Algorithm OID ASN.1 Value | |
| // | |
| UINT8 *OidValue; | |
| // | |
| // Length of Hash OID Value | |
| // | |
| UINTN OidLength; | |
| // | |
| // Pointer to Hash GetContentSize function | |
| // | |
| HASH_GET_CONTEXT_SIZE GetContextSize; | |
| // | |
| // Pointer to Hash Init function | |
| // | |
| HASH_INIT HashInit; | |
| // | |
| // Pointer to Hash Update function | |
| // | |
| HASH_UPDATE HashUpdate; | |
| // | |
| // Pointer to Hash Final function | |
| // | |
| HASH_FINAL HashFinal; | |
| } HASH_TABLE; | |
| #endif |