From nobody Mon Nov 17 06:01:14 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d8xvH2zDbz6GdRv; Mon, 17 Nov 2025 06:01:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4d8xvH0GDqz3QxL; Mon, 17 Nov 2025 06:01:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1763359275; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FPI4igahpMxyOamp6d2YHoxJ7/wZnxsLQSNL244OpPo=; b=LjjWqhRN+qa+1HlrQISK/+FnDEdCyK/LkuQeZyluwyqgYZK1QpfOsMmDdW2hII0axkDKUg gfMDzheUtoT/UJ3Ti/h6/IWzaA76DWWW8GFwEvgqq8njPMsnfvxhCtvtfEEGucuqX/+p3A NPm+ZiC3KVDyjgHNXITZbsncRdycWRdqX7A9E/rQXknvMKtKb8/9Wz3KthXOPSv868cKU3 Sr2m+4cH5DpsTK7jVM5IGUjzSzPgnUPIkD6CCqdYKpHXofKkwPpeffsSWexKMBxZiIiZhF HxpQi8G0cWwuxtH26KB5QAJCv5VTT1CX0eApfZMIYxcwnm7iYsJEZ7c3x593Iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1763359275; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FPI4igahpMxyOamp6d2YHoxJ7/wZnxsLQSNL244OpPo=; b=oG8eZc87v+5vX9s3RVyHcDngN5r1ykF+ZSTrtlH/6NcPq2M0ctfs/oQEaGnMTXFVSqcvLq 5eSggsEr5NaQUllazVZZ2Bkr8EjKcP/0F6LZGwXoDLAO2KoZXUJK/MvmLbJavMDFbANh00 iEPq43XgwiVRQz/hK5JfGiFnxiCuLREEwk2cbu2BWJ9OBGSC1qwMXnZdc3d46fz2vGm8jB PNZkiXInaI7/d6qrKSzMEFLxUlyJy6wwvTU7b1UHj3krnyF2WOix9ATt0K8e3Sw7bQTyaO xdOAFHYLtaasXZZdGC6L/J1Gn1fVAqyFZ+8TDkvN44UN3eO2JUqtjJcGaTOxYA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1763359275; a=rsa-sha256; cv=none; b=B2GKj+dW59asn1xiq2mQjRFO7DZ/pT0q/4fziG3LplKZ5VQ0wTwJkdT15RZnxwD9CJfV6s 7XQywshqNFcKkdnxQKfie/Xl3yhW/JzNbp6aKTLg/A+XQ6xy3hWBW3t+PhE/Zvo3/k3Jxu 14BuA8DZ9A8J05plKVXsr2FT8QA+WMzwoQiPIdiTT7ATEdt1/FRiDLHFaBMRup+1hqzjpL L+hr/PLZH1KTeQzcyZ52cH30Amp6GcPFSn9zCDTyk0YKkPQEPPUoqJZ0CfgAlG9HpFGROT edpAK6akUrdFjIfCD9UEESb+vtnSuiOWEIGEy/LEUDlPD21Xr4LZTF1ptHtdWw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d8xvG6yP1z1B2q; Mon, 17 Nov 2025 06:01:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5AH61EWv018524; Mon, 17 Nov 2025 06:01:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5AH61EkT018521; Mon, 17 Nov 2025 06:01:14 GMT (envelope-from git) Date: Mon, 17 Nov 2025 06:01:14 GMT Message-Id: <202511170601.5AH61EkT018521@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Warner Losh Subject: git: 3c5ca68b9b7c - main - stand: Fix secureboot build List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3c5ca68b9b7ce68a5376b8456edf6af57ed18f91 Auto-Submitted: auto-generated The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=3c5ca68b9b7ce68a5376b8456edf6af57ed18f91 commit 3c5ca68b9b7ce68a5376b8456edf6af57ed18f91 Author: Warner Losh AuthorDate: 2025-11-17 05:49:21 +0000 Commit: Warner Losh CommitDate: 2025-11-17 05:58:36 +0000 stand: Fix secureboot build Make libesecureboot build, enabled when WITH_BEARSSL=y WITH_LOADER_EFI_SECUREBOOT=y. Copy EDK2 files related to secure boot to sys/contrib/edk2 and delete duplicates under libsecreboot/efi/include. Adjust efi_variables.c to build in the new environment. Undefine MIN and MAX before include sys/param.h in libsecureboot.h. I'm not sure that sys/param.h is needed here, but either the param.h or the Base.h definitions are fine. Fix include paths to reflect the new way. Fixes: 43b8edb32051 Sponsored by: Netflix --- lib/libsecureboot/Makefile.libsa.inc | 2 +- lib/libsecureboot/efi/efi_variables.c | 1 + .../efi/include/Guid/GlobalVariable.h | 192 ------ lib/libsecureboot/h/libsecureboot.h | 2 + .../edk2/Include}/Guid/ImageAuthentication.h | 735 +++++++++++---------- .../contrib/edk2/Include}/Protocol/Hash.h | 338 +++++----- sys/contrib/edk2/Include/Protocol/Hash2.h | 196 ++++++ 7 files changed, 754 insertions(+), 712 deletions(-) diff --git a/lib/libsecureboot/Makefile.libsa.inc b/lib/libsecureboot/Makefile.libsa.inc index 7397d0fc1144..b1b5d7dd1e30 100644 --- a/lib/libsecureboot/Makefile.libsa.inc +++ b/lib/libsecureboot/Makefile.libsa.inc @@ -22,8 +22,8 @@ SRCS+= \ # Add includes required by efi part CFLAGS+= \ + -I${SRCTOP}/sys/contrib/edk2/Include \ -I${SRCTOP}/stand/efi/include \ - -I${SRCTOP}/lib/libsecureboot/efi/include \ -I${SRCTOP}/stand/efi/include/${MACHINE} .endif diff --git a/lib/libsecureboot/efi/efi_variables.c b/lib/libsecureboot/efi/efi_variables.c index 3c36bc66f788..4b2b6b5c91ca 100644 --- a/lib/libsecureboot/efi/efi_variables.c +++ b/lib/libsecureboot/efi/efi_variables.c @@ -30,6 +30,7 @@ #include #include +#include #include #define NEED_BRSSL_H diff --git a/lib/libsecureboot/efi/include/Guid/GlobalVariable.h b/lib/libsecureboot/efi/include/Guid/GlobalVariable.h deleted file mode 100644 index 3bd0a815fcf6..000000000000 --- a/lib/libsecureboot/efi/include/Guid/GlobalVariable.h +++ /dev/null @@ -1,192 +0,0 @@ -/** @file - GUID for EFI (NVRAM) Variables. - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at - http://opensource.org/licenses/bsd-license.php - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - @par Revision Reference: - GUID defined in UEFI 2.1 -**/ - -#ifndef __GLOBAL_VARIABLE_GUID_H__ -#define __GLOBAL_VARIABLE_GUID_H__ - -#include -#ifndef EFI_GLOBAL_VARIABLE -#define EFI_GLOBAL_VARIABLE \ - { \ - 0x8BE4DF61, 0x93CA, 0x11d2, {0xAA, 0x0D, 0x00, 0xE0, 0x98, 0x03, 0x2B, 0x8C } \ - } -#endif /* EFI_GLOBAL_VARIABLE */ - -extern EFI_GUID gEfiGlobalVariableGuid; - -// -// Follow UEFI 2.4 spec: -// To prevent name collisions with possible future globally defined variables, -// other internal firmware data variables that are not defined here must be -// saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or -// any other GUID defined by the UEFI Specification. Implementations must -// only permit the creation of variables with a UEFI Specification-defined -// VendorGuid when these variables are documented in the UEFI Specification. -// -// Note: except the globally defined variables defined below, the spec also defines -// L"Boot####" - A boot load option. -// L"Driver####" - A driver load option. -// L"SysPrep####" - A System Prep application load option. -// L"Key####" - Describes hot key relationship with a Boot#### load option. -// The attribute for them is NV+BS+RT, #### is a printed hex value, and no 0x or h -// is included in the hex value. They can not be expressed as a #define like other globally -// defined variables, it is because we can not list the Boot0000, Boot0001, etc one by one. -// - -/// -/// The language codes that the firmware supports. This value is deprecated. -/// Its attribute is BS+RT. -/// -#define EFI_LANG_CODES_VARIABLE_NAME L"LangCodes" -/// -/// The language code that the system is configured for. This value is deprecated. -/// Its attribute is NV+BS+RT. -/// -#define EFI_LANG_VARIABLE_NAME L"Lang" -/// -/// The firmware's boot managers timeout, in seconds, before initiating the default boot selection. -/// Its attribute is NV+BS+RT. -/// -#define EFI_TIME_OUT_VARIABLE_NAME L"Timeout" -/// -/// The language codes that the firmware supports. -/// Its attribute is BS+RT. -/// -#define EFI_PLATFORM_LANG_CODES_VARIABLE_NAME L"PlatformLangCodes" -/// -/// The language code that the system is configured for. -/// Its attribute is NV+BS+RT. -/// -#define EFI_PLATFORM_LANG_VARIABLE_NAME L"PlatformLang" -/// -/// The device path of the default input/output/error output console. -/// Its attribute is NV+BS+RT. -/// -#define EFI_CON_IN_VARIABLE_NAME L"ConIn" -#define EFI_CON_OUT_VARIABLE_NAME L"ConOut" -#define EFI_ERR_OUT_VARIABLE_NAME L"ErrOut" -/// -/// The device path of all possible input/output/error output devices. -/// Its attribute is BS+RT. -/// -#define EFI_CON_IN_DEV_VARIABLE_NAME L"ConInDev" -#define EFI_CON_OUT_DEV_VARIABLE_NAME L"ConOutDev" -#define EFI_ERR_OUT_DEV_VARIABLE_NAME L"ErrOutDev" -/// -/// The ordered boot option load list. -/// Its attribute is NV+BS+RT. -/// -#define EFI_BOOT_ORDER_VARIABLE_NAME L"BootOrder" -/// -/// The boot option for the next boot only. -/// Its attribute is NV+BS+RT. -/// -#define EFI_BOOT_NEXT_VARIABLE_NAME L"BootNext" -/// -/// The boot option that was selected for the current boot. -/// Its attribute is BS+RT. -/// -#define EFI_BOOT_CURRENT_VARIABLE_NAME L"BootCurrent" -/// -/// The types of boot options supported by the boot manager. Should be treated as read-only. -/// Its attribute is BS+RT. -/// -#define EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME L"BootOptionSupport" -/// -/// The ordered driver load option list. -/// Its attribute is NV+BS+RT. -/// -#define EFI_DRIVER_ORDER_VARIABLE_NAME L"DriverOrder" -/// -/// The ordered System Prep Application load option list. -/// Its attribute is NV+BS+RT. -/// -#define EFI_SYS_PREP_ORDER_VARIABLE_NAME L"SysPrepOrder" -/// -/// Identifies the level of hardware error record persistence -/// support implemented by the platform. This variable is -/// only modified by firmware and is read-only to the OS. -/// Its attribute is NV+BS+RT. -/// -#define EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME L"HwErrRecSupport" -/// -/// Whether the system is operating in setup mode (1) or not (0). -/// All other values are reserved. Should be treated as read-only. -/// Its attribute is BS+RT. -/// -#define EFI_SETUP_MODE_NAME L"SetupMode" -/// -/// The Key Exchange Key Signature Database. -/// Its attribute is NV+BS+RT+AT. -/// -#define EFI_KEY_EXCHANGE_KEY_NAME L"KEK" -/// -/// The public Platform Key. -/// Its attribute is NV+BS+RT+AT. -/// -#define EFI_PLATFORM_KEY_NAME L"PK" -/// -/// Array of GUIDs representing the type of signatures supported -/// by the platform firmware. Should be treated as read-only. -/// Its attribute is BS+RT. -/// -#define EFI_SIGNATURE_SUPPORT_NAME L"SignatureSupport" -/// -/// Whether the platform firmware is operating in Secure boot mode (1) or not (0). -/// All other values are reserved. Should be treated as read-only. -/// Its attribute is BS+RT. -/// -#define EFI_SECURE_BOOT_MODE_NAME L"SecureBoot" -/// -/// The OEM's default Key Exchange Key Signature Database. Should be treated as read-only. -/// Its attribute is BS+RT. -/// -#define EFI_KEK_DEFAULT_VARIABLE_NAME L"KEKDefault" -/// -/// The OEM's default public Platform Key. Should be treated as read-only. -/// Its attribute is BS+RT. -/// -#define EFI_PK_DEFAULT_VARIABLE_NAME L"PKDefault" -/// -/// The OEM's default secure boot signature store. Should be treated as read-only. -/// Its attribute is BS+RT. -/// -#define EFI_DB_DEFAULT_VARIABLE_NAME L"dbDefault" -/// -/// The OEM's default secure boot blacklist signature store. Should be treated as read-only. -/// Its attribute is BS+RT. -/// -#define EFI_DBX_DEFAULT_VARIABLE_NAME L"dbxDefault" -/// -/// The OEM's default secure boot timestamp signature store. Should be treated as read-only. -/// Its attribute is BS+RT. -/// -#define EFI_DBT_DEFAULT_VARIABLE_NAME L"dbtDefault" -/// -/// Allows the firmware to indicate supported features and actions to the OS. -/// Its attribute is BS+RT. -/// -#define EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME L"OsIndicationsSupported" -/// -/// Allows the OS to request the firmware to enable certain features and to take certain actions. -/// Its attribute is NV+BS+RT. -/// -#define EFI_OS_INDICATIONS_VARIABLE_NAME L"OsIndications" -/// -/// Whether the system is configured to use only vendor provided -/// keys or not. Should be treated as read-only. -/// Its attribute is BS+RT. -/// -#define EFI_VENDOR_KEYS_VARIABLE_NAME L"VendorKeys" - -#endif diff --git a/lib/libsecureboot/h/libsecureboot.h b/lib/libsecureboot/h/libsecureboot.h index d32df9594332..fa8360338cfc 100644 --- a/lib/libsecureboot/h/libsecureboot.h +++ b/lib/libsecureboot/h/libsecureboot.h @@ -27,6 +27,8 @@ #ifndef _LIBSECUREBOOT_H_ #define _LIBSECUREBOOT_H_ +#undef MIN /* Conflicts with EDK2 */ +#undef MAX #include #ifdef _STANDALONE #define _DEBUG_LEVEL_VAR DebugVe diff --git a/lib/libsecureboot/efi/include/Guid/ImageAuthentication.h b/sys/contrib/edk2/Include/Guid/ImageAuthentication.h similarity index 75% rename from lib/libsecureboot/efi/include/Guid/ImageAuthentication.h rename to sys/contrib/edk2/Include/Guid/ImageAuthentication.h index b1fc1f54cce1..9cf77466da09 100644 --- a/lib/libsecureboot/efi/include/Guid/ImageAuthentication.h +++ b/sys/contrib/edk2/Include/Guid/ImageAuthentication.h @@ -1,350 +1,385 @@ -/** @file - Image signature database are defined for the signed image validation. - Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at - http://opensource.org/licenses/bsd-license.php - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - @par Revision Reference: - GUIDs defined in UEFI 2.5 spec. -**/ - -#ifndef __IMAGE_AUTHTICATION_H__ -#define __IMAGE_AUTHTICATION_H__ - -#include -#include -#include - -#define EFI_IMAGE_SECURITY_DATABASE_GUID \ - { \ - 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \ - } - -/// -/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID -/// for the authorized signature database. -/// -#define EFI_IMAGE_SECURITY_DATABASE L"db" -/// -/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID -/// for the forbidden signature database. -/// -#define EFI_IMAGE_SECURITY_DATABASE1 L"dbx" -/// -/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID -/// for the timestamp signature database. -/// -#define EFI_IMAGE_SECURITY_DATABASE2 L"dbt" - -#define SECURE_BOOT_MODE_ENABLE 1 -#define SECURE_BOOT_MODE_DISABLE 0 - -#define SETUP_MODE 1 -#define USER_MODE 0 - -//*********************************************************************** -// Signature Database -//*********************************************************************** -/// -/// The format of a signature database. -/// -#pragma pack(1) - -typedef struct { - /// - /// An identifier which identifies the agent which added the signature to the list. - /// - EFI_GUID SignatureOwner; - /// - /// The format of the signature is defined by the SignatureType. - /// - UINT8 SignatureData[1]; -} EFI_SIGNATURE_DATA; - -typedef struct { - /// - /// Type of the signature. GUID signature types are defined in below. - /// - EFI_GUID SignatureType; - /// - /// Total size of the signature list, including this header. - /// - UINT32 SignatureListSize; - /// - /// Size of the signature header which precedes the array of signatures. - /// - UINT32 SignatureHeaderSize; - /// - /// Size of each signature. - /// - UINT32 SignatureSize; - /// - /// Header before the array of signatures. The format of this header is specified - /// by the SignatureType. - /// UINT8 SignatureHeader[SignatureHeaderSize]; - /// - /// An array of signatures. Each signature is SignatureSize bytes in length. - /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; - /// -} EFI_SIGNATURE_LIST; - -typedef struct { - /// - /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents. - /// - EFI_SHA256_HASH ToBeSignedHash; - /// - /// The time that the certificate shall be considered to be revoked. - /// - EFI_TIME TimeOfRevocation; -} EFI_CERT_X509_SHA256; - -typedef struct { - /// - /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents. - /// - EFI_SHA384_HASH ToBeSignedHash; - /// - /// The time that the certificate shall be considered to be revoked. - /// - EFI_TIME TimeOfRevocation; -} EFI_CERT_X509_SHA384; - -typedef struct { - /// - /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents. - /// - EFI_SHA512_HASH ToBeSignedHash; - /// - /// The time that the certificate shall be considered to be revoked. - /// - EFI_TIME TimeOfRevocation; -} EFI_CERT_X509_SHA512; - -#pragma pack() - -/// -/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + -/// 32 bytes. -/// -#define EFI_CERT_SHA256_GUID \ - { \ - 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \ - } - -/// -/// This identifies a signature containing an RSA-2048 key. The key (only the modulus -/// since the public key exponent is known to be 0x10001) shall be stored in big-endian -/// order. -/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size -/// of SignatureOwner component) + 256 bytes. -/// -#define EFI_CERT_RSA2048_GUID \ - { \ - 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \ - } - -/// -/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The -/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of -/// SignatureOwner component) + 256 bytes. -/// -#define EFI_CERT_RSA2048_SHA256_GUID \ - { \ - 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \ - } - -/// -/// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always -/// be 16 (size of SignatureOwner component) + 20 bytes. -/// -#define EFI_CERT_SHA1_GUID \ - { \ - 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \ - } - -/// -/// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The -/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of -/// SignatureOwner component) + 256 bytes. -/// -#define EFI_CERT_RSA2048_SHA1_GUID \ - { \ - 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \ - } - -/// -/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 -/// certificate then verification of the signature of an image should validate the public -/// key certificate in the image using certificate path verification, up to this X.509 -/// certificate as a trusted root. The SignatureHeader size shall always be 0. The -/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + -/// the size of the certificate itself. -/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. -/// -#define EFI_CERT_X509_GUID \ - { \ - 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \ - } - -/// -/// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + -/// 28 bytes. -/// -#define EFI_CERT_SHA224_GUID \ - { \ - 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \ - } - -/// -/// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + -/// 48 bytes. -/// -#define EFI_CERT_SHA384_GUID \ - { \ - 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \ - } - -/// -/// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + -/// 64 bytes. -/// -#define EFI_CERT_SHA512_GUID \ - { \ - 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \ - } - -/// -/// This identifies a signature containing the SHA256 hash of an X.509 certificate's -/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) -/// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero, -/// the certificate should be considered to be revoked from that time and onwards, and -/// otherwise the certificate shall be considered to always be revoked. -/// -#define EFI_CERT_X509_SHA256_GUID \ - { \ - 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \ - } - -/// -/// This identifies a signature containing the SHA384 hash of an X.509 certificate's -/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) -/// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero, -/// the certificate should be considered to be revoked from that time and onwards, and -/// otherwise the certificate shall be considered to always be revoked. -/// -#define EFI_CERT_X509_SHA384_GUID \ - { \ - 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \ - } - -/// -/// This identifies a signature containing the SHA512 hash of an X.509 certificate's -/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) -/// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero, -/// the certificate should be considered to be revoked from that time and onwards, and -/// otherwise the certificate shall be considered to always be revoked. -/// -#define EFI_CERT_X509_SHA512_GUID \ - { \ - 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \ - } - -/// -/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315] -/// SignedData value. -/// -#define EFI_CERT_TYPE_PKCS7_GUID \ - { \ - 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \ - } - -//*********************************************************************** -// Image Execution Information Table Definition -//*********************************************************************** -typedef UINT32 EFI_IMAGE_EXECUTION_ACTION; - -#define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 -#define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000 -#define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001 -#define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002 -#define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003 -#define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004 -#define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005 -#define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008 - -// -// EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table -// and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID. -// -typedef struct { - /// - /// Describes the action taken by the firmware regarding this image. - /// - EFI_IMAGE_EXECUTION_ACTION Action; - /// - /// Size of all of the entire structure. - /// - UINT32 InfoSize; - /// - /// If this image was a UEFI device driver (for option ROM, for example) this is the - /// null-terminated, user-friendly name for the device. If the image was for an application, - /// then this is the name of the application. If this cannot be determined, then a simple - /// NULL character should be put in this position. - /// CHAR16 Name[]; - /// - - /// - /// For device drivers, this is the device path of the device for which this device driver - /// was intended. In some cases, the driver itself may be stored as part of the system - /// firmware, but this field should record the device's path, not the firmware path. For - /// applications, this is the device path of the application. If this cannot be determined, - /// a simple end-of-path device node should be put in this position. - /// EFI_DEVICE_PATH_PROTOCOL DevicePath; - /// - - /// - /// Zero or more image signatures. If the image contained no signatures, - /// then this field is empty. - /// EFI_SIGNATURE_LIST Signature; - /// -} EFI_IMAGE_EXECUTION_INFO; - - -typedef struct { - /// - /// Number of EFI_IMAGE_EXECUTION_INFO structures. - /// - UINTN NumberOfImages; - /// - /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures. - /// - // EFI_IMAGE_EXECUTION_INFO InformationInfo[] -} EFI_IMAGE_EXECUTION_INFO_TABLE; - -extern EFI_GUID gEfiImageSecurityDatabaseGuid; -extern EFI_GUID gEfiCertSha256Guid; -extern EFI_GUID gEfiCertRsa2048Guid; -extern EFI_GUID gEfiCertRsa2048Sha256Guid; -extern EFI_GUID gEfiCertSha1Guid; -extern EFI_GUID gEfiCertRsa2048Sha1Guid; -extern EFI_GUID gEfiCertX509Guid; -extern EFI_GUID gEfiCertSha224Guid; -extern EFI_GUID gEfiCertSha384Guid; -extern EFI_GUID gEfiCertSha512Guid; -extern EFI_GUID gEfiCertX509Sha256Guid; -extern EFI_GUID gEfiCertX509Sha384Guid; -extern EFI_GUID gEfiCertX509Sha512Guid; -extern EFI_GUID gEfiCertPkcs7Guid; - -#endif +/** @file + Image signature database are defined for the signed image validation. + + Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + GUIDs defined in UEFI 2.5 spec. +**/ + +#ifndef __IMAGE_AUTHTICATION_H__ +#define __IMAGE_AUTHTICATION_H__ + +#include +#include + +#define EFI_IMAGE_SECURITY_DATABASE_GUID \ + { \ + 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \ + } + +/// +/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the authorized signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE L"db" +/// +/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the forbidden signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE1 L"dbx" +/// +/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the timestamp signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE2 L"dbt" + +#define SECURE_BOOT_MODE_ENABLE 1 +#define SECURE_BOOT_MODE_DISABLE 0 + +#define SETUP_MODE 1 +#define USER_MODE 0 + +#define DEVICE_AUTH_BOOT_MODE_ENABLE 1 +#define DEVICE_AUTH_BOOT_MODE_DISABLE 0 + +// *********************************************************************** +// Signature Database +// *********************************************************************** +/// +/// The format of a signature database. +/// +#pragma pack(1) + +typedef struct { + /// + /// An identifier which identifies the agent which added the signature to the list. + /// + EFI_GUID SignatureOwner; + /// + /// The format of the signature is defined by the SignatureType. + /// + UINT8 SignatureData[1]; +} EFI_SIGNATURE_DATA; + +typedef struct { + /// + /// Type of the signature. GUID signature types are defined in below. + /// + EFI_GUID SignatureType; + /// + /// Total size of the signature list, including this header. + /// + UINT32 SignatureListSize; + /// + /// Size of the signature header which precedes the array of signatures. + /// + UINT32 SignatureHeaderSize; + /// + /// Size of each signature. + /// + UINT32 SignatureSize; + /// + /// Header before the array of signatures. The format of this header is specified + /// by the SignatureType. + /// UINT8 SignatureHeader[SignatureHeaderSize]; + /// + /// An array of signatures. Each signature is SignatureSize bytes in length. + /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; + /// +} EFI_SIGNATURE_LIST; + +typedef struct { + /// + /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA256_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA256; + +typedef struct { + /// + /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA384_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA384; + +typedef struct { + /// + /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA512_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA512; + +typedef UINT8 EFI_SM3_HASH[32]; + +typedef struct { + /// + /// The SM3 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SM3_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SM3; + +#pragma pack() + +/// +/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 32 bytes. +/// +#define EFI_CERT_SHA256_GUID \ + { \ + 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \ + } + +/// +/// This identifies a signature containing an RSA-2048 key. The key (only the modulus +/// since the public key exponent is known to be 0x10001) shall be stored in big-endian +/// order. +/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size +/// of SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_GUID \ + { \ + 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \ + } + +/// +/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The +/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of +/// SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_SHA256_GUID \ + { \ + 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \ + } + +/// +/// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always +/// be 16 (size of SignatureOwner component) + 20 bytes. +/// +#define EFI_CERT_SHA1_GUID \ + { \ + 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \ + } + +/// +/// This identifies a signature containing a SM3 hash. The SignatureSize shall always +/// be 16 (size of SignatureOwner component) + 32 bytes. +/// +#define EFI_CERT_SM3_GUID \ + { \ + 0x57347f87, 0x7a9b, 0x403a, { 0xb9, 0x3c, 0xdc, 0x4a, 0xfb, 0x7a, 0xe, 0xbc } \ + } + +/// +/// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The +/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of +/// SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_SHA1_GUID \ + { \ + 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \ + } + +/// +/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 +/// certificate then verification of the signature of an image should validate the public +/// key certificate in the image using certificate path verification, up to this X.509 +/// certificate as a trusted root. The SignatureHeader size shall always be 0. The +/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + +/// the size of the certificate itself. +/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. +/// +#define EFI_CERT_X509_GUID \ + { \ + 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \ + } + +/// +/// This identifies a signature containing the SM3 hash of an X.509 certificate's To-Be-Signed +/// contents, and a time of revocation. The SignatureHeader size shall always be 0. The +/// SignatureSize shall always be 16 (size of the SignatureOwner component) + 32 bytes for +/// an EFI_CERT_X509_SM3 structure. If the TimeOfRevocation is non-zero, the certificate should +/// be considered to be revoked from that time and onwards, and otherwise the certificate shall +/// be considered to always be revoked. +/// +#define EFI_CERT_X509_SM3_GUID \ + { \ + 0x60d807e5, 0x10b4, 0x49a9, {0x93, 0x31, 0xe4, 0x4, 0x37, 0x88, 0x8d, 0x37 } \ + } + +/// +/// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 28 bytes. +/// +#define EFI_CERT_SHA224_GUID \ + { \ + 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \ + } + +/// +/// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 48 bytes. +/// +#define EFI_CERT_SHA384_GUID \ + { \ + 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \ + } + +/// +/// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 64 bytes. +/// +#define EFI_CERT_SHA512_GUID \ + { \ + 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \ + } + +/// +/// This identifies a signature containing the SHA256 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA256_GUID \ + { \ + 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \ + } + +/// +/// This identifies a signature containing the SHA384 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA384_GUID \ + { \ + 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \ + } + +/// +/// This identifies a signature containing the SHA512 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA512_GUID \ + { \ + 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \ + } + +/// +/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315] +/// SignedData value. +/// +#define EFI_CERT_TYPE_PKCS7_GUID \ + { \ + 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \ + } + +// *********************************************************************** +// Image Execution Information Table Definition +// *********************************************************************** +typedef UINT32 EFI_IMAGE_EXECUTION_ACTION; + +#define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 +#define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004 +#define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005 +#define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008 + +// +// EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table +// and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID. +// +typedef struct { + /// + /// Describes the action taken by the firmware regarding this image. + /// + EFI_IMAGE_EXECUTION_ACTION Action; + /// + /// Size of all of the entire structure. + /// + UINT32 InfoSize; + /// + /// If this image was a UEFI device driver (for option ROM, for example) this is the + /// null-terminated, user-friendly name for the device. If the image was for an application, + /// then this is the name of the application. If this cannot be determined, then a simple + /// NULL character should be put in this position. + /// CHAR16 Name[]; + /// + + /// + /// For device drivers, this is the device path of the device for which this device driver + /// was intended. In some cases, the driver itself may be stored as part of the system + /// firmware, but this field should record the device's path, not the firmware path. For + /// applications, this is the device path of the application. If this cannot be determined, + /// a simple end-of-path device node should be put in this position. + /// EFI_DEVICE_PATH_PROTOCOL DevicePath; + /// + + /// + /// Zero or more image signatures. If the image contained no signatures, + /// then this field is empty. + /// EFI_SIGNATURE_LIST Signature; + /// +} EFI_IMAGE_EXECUTION_INFO; *** 578 LINES SKIPPED ***