The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=c7b1b95a8ca6cdbb5bf48d32c8c7e25c36f5ba6c
commit c7b1b95a8ca6cdbb5bf48d32c8c7e25c36f5ba6c Author: Warner Losh <[email protected]> AuthorDate: 2026-06-22 21:56:47 +0000 Commit: Warner Losh <[email protected]> CommitDate: 2026-06-22 23:06:14 +0000 edk2: Fixup imported files line endings Since these files were a direct commit, I don't have to fix the vendor branch. Remove the DOS line endings. It doesn't matter one way or another, but we should be consistent within the tree. Sponsored by: Netflix --- sys/contrib/edk2/Include/Guid/Fdt.h | 44 +- .../edk2/Include/Guid/ImageAuthentication.h | 770 ++-- sys/contrib/edk2/Include/IndustryStandard/Tpm12.h | 4330 ++++++++++---------- sys/contrib/edk2/Include/IndustryStandard/Tpm20.h | 3626 ++++++++-------- .../Include/IndustryStandard/UefiTcgPlatform.h | 1444 +++---- sys/contrib/edk2/Include/Pi/PiBootMode.h | 72 +- sys/contrib/edk2/Include/Pi/PiDependency.h | 82 +- sys/contrib/edk2/Include/Pi/PiHob.h | 1024 ++--- sys/contrib/edk2/Include/Pi/PiMultiPhase.h | 436 +- sys/contrib/edk2/Include/Pi/PiS3BootScript.h | 106 +- sys/contrib/edk2/Include/Pi/PiStatusCode.h | 2440 +++++------ sys/contrib/edk2/Include/Protocol/Hash.h | 338 +- sys/contrib/edk2/Include/Protocol/Hash2.h | 392 +- .../edk2/Include/Protocol/RiscVBootProtocol.h | 68 +- sys/contrib/edk2/Include/Protocol/Tcg2Protocol.h | 670 +-- 15 files changed, 7921 insertions(+), 7921 deletions(-) diff --git a/sys/contrib/edk2/Include/Guid/Fdt.h b/sys/contrib/edk2/Include/Guid/Fdt.h index e0091468292a..ecb5cebd2601 100644 --- a/sys/contrib/edk2/Include/Guid/Fdt.h +++ b/sys/contrib/edk2/Include/Guid/Fdt.h @@ -1,22 +1,22 @@ -/** @file -* -* Copyright (c) 2013-2014, ARM Limited. All rights reserved. -* -* SPDX-License-Identifier: BSD-2-Clause-Patent -* -**/ - -#ifndef __FDT_H__ -#define __FDT_H__ - -#define FDT_TABLE_GUID \ - { 0xb1b621d5, 0xf19c, 0x41a5, { 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 } } - -extern EFI_GUID gFdtTableGuid; - -#define FDT_VARIABLE_GUID \ - { 0x25a4fd4a, 0x9703, 0x4ba9, { 0xa1, 0x90, 0xb7, 0xc8, 0x4e, 0xfb, 0x3e, 0x57 } } - -extern EFI_GUID gFdtVariableGuid; - -#endif /* __FDT_H__ */ +/** @file +* +* Copyright (c) 2013-2014, ARM Limited. All rights reserved. +* +* SPDX-License-Identifier: BSD-2-Clause-Patent +* +**/ + +#ifndef __FDT_H__ +#define __FDT_H__ + +#define FDT_TABLE_GUID \ + { 0xb1b621d5, 0xf19c, 0x41a5, { 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 } } + +extern EFI_GUID gFdtTableGuid; + +#define FDT_VARIABLE_GUID \ + { 0x25a4fd4a, 0x9703, 0x4ba9, { 0xa1, 0x90, 0xb7, 0xc8, 0x4e, 0xfb, 0x3e, 0x57 } } + +extern EFI_GUID gFdtVariableGuid; + +#endif /* __FDT_H__ */ diff --git a/sys/contrib/edk2/Include/Guid/ImageAuthentication.h b/sys/contrib/edk2/Include/Guid/ImageAuthentication.h index 9cf77466da09..47489cc82328 100644 --- a/sys/contrib/edk2/Include/Guid/ImageAuthentication.h +++ b/sys/contrib/edk2/Include/Guid/ImageAuthentication.h @@ -1,385 +1,385 @@ -/** @file - Image signature database are defined for the signed image validation. - - Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.<BR> - SPDX-License-Identifier: BSD-2-Clause-Patent - - @par Revision Reference: - GUIDs defined in UEFI 2.5 spec. -**/ - -#ifndef __IMAGE_AUTHTICATION_H__ -#define __IMAGE_AUTHTICATION_H__ - -#include <Guid/GlobalVariable.h> -#include <Protocol/Hash.h> - -#define EFI_IMAGE_SECURITY_DATABASE_GUID \ - { \ - 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \ - } - -/// -/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID -/// for the authorized signature database. -/// -#define EFI_IMAGE_SECURITY_DATABASE L"db" -/// -/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID -/// for the forbidden signature database. -/// -#define EFI_IMAGE_SECURITY_DATABASE1 L"dbx" -/// -/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID -/// for the timestamp signature database. -/// -#define EFI_IMAGE_SECURITY_DATABASE2 L"dbt" - -#define SECURE_BOOT_MODE_ENABLE 1 -#define SECURE_BOOT_MODE_DISABLE 0 - -#define SETUP_MODE 1 -#define USER_MODE 0 - -#define DEVICE_AUTH_BOOT_MODE_ENABLE 1 -#define DEVICE_AUTH_BOOT_MODE_DISABLE 0 - -// *********************************************************************** -// Signature Database -// *********************************************************************** -/// -/// The format of a signature database. -/// -#pragma pack(1) - -typedef struct { - /// - /// An identifier which identifies the agent which added the signature to the list. - /// - EFI_GUID SignatureOwner; - /// - /// The format of the signature is defined by the SignatureType. - /// - UINT8 SignatureData[1]; -} EFI_SIGNATURE_DATA; - -typedef struct { - /// - /// Type of the signature. GUID signature types are defined in below. - /// - EFI_GUID SignatureType; - /// - /// Total size of the signature list, including this header. - /// - UINT32 SignatureListSize; - /// - /// Size of the signature header which precedes the array of signatures. - /// - UINT32 SignatureHeaderSize; - /// - /// Size of each signature. - /// - UINT32 SignatureSize; - /// - /// Header before the array of signatures. The format of this header is specified - /// by the SignatureType. - /// UINT8 SignatureHeader[SignatureHeaderSize]; - /// - /// An array of signatures. Each signature is SignatureSize bytes in length. - /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; - /// -} EFI_SIGNATURE_LIST; - -typedef struct { - /// - /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents. - /// - EFI_SHA256_HASH ToBeSignedHash; - /// - /// The time that the certificate shall be considered to be revoked. - /// - EFI_TIME TimeOfRevocation; -} EFI_CERT_X509_SHA256; - -typedef struct { - /// - /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents. - /// - EFI_SHA384_HASH ToBeSignedHash; - /// - /// The time that the certificate shall be considered to be revoked. - /// - EFI_TIME TimeOfRevocation; -} EFI_CERT_X509_SHA384; - -typedef struct { - /// - /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents. - /// - EFI_SHA512_HASH ToBeSignedHash; - /// - /// The time that the certificate shall be considered to be revoked. - /// - EFI_TIME TimeOfRevocation; -} EFI_CERT_X509_SHA512; - -typedef UINT8 EFI_SM3_HASH[32]; - -typedef struct { - /// - /// The SM3 hash of an X.509 certificate's To-Be-Signed contents. - /// - EFI_SM3_HASH ToBeSignedHash; - /// - /// The time that the certificate shall be considered to be revoked. - /// - EFI_TIME TimeOfRevocation; -} EFI_CERT_X509_SM3; - -#pragma pack() - -/// -/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + -/// 32 bytes. -/// -#define EFI_CERT_SHA256_GUID \ - { \ - 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \ - } - -/// -/// This identifies a signature containing an RSA-2048 key. The key (only the modulus -/// since the public key exponent is known to be 0x10001) shall be stored in big-endian -/// order. -/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size -/// of SignatureOwner component) + 256 bytes. -/// -#define EFI_CERT_RSA2048_GUID \ - { \ - 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \ - } - -/// -/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The -/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of -/// SignatureOwner component) + 256 bytes. -/// -#define EFI_CERT_RSA2048_SHA256_GUID \ - { \ - 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \ - } - -/// -/// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always -/// be 16 (size of SignatureOwner component) + 20 bytes. -/// -#define EFI_CERT_SHA1_GUID \ - { \ - 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \ - } - -/// -/// This identifies a signature containing a SM3 hash. The SignatureSize shall always -/// be 16 (size of SignatureOwner component) + 32 bytes. -/// -#define EFI_CERT_SM3_GUID \ - { \ - 0x57347f87, 0x7a9b, 0x403a, { 0xb9, 0x3c, 0xdc, 0x4a, 0xfb, 0x7a, 0xe, 0xbc } \ - } - -/// -/// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The -/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of -/// SignatureOwner component) + 256 bytes. -/// -#define EFI_CERT_RSA2048_SHA1_GUID \ - { \ - 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \ - } - -/// -/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 -/// certificate then verification of the signature of an image should validate the public -/// key certificate in the image using certificate path verification, up to this X.509 -/// certificate as a trusted root. The SignatureHeader size shall always be 0. The -/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + -/// the size of the certificate itself. -/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. -/// -#define EFI_CERT_X509_GUID \ - { \ - 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \ - } - -/// -/// This identifies a signature containing the SM3 hash of an X.509 certificate's To-Be-Signed -/// contents, and a time of revocation. The SignatureHeader size shall always be 0. The -/// SignatureSize shall always be 16 (size of the SignatureOwner component) + 32 bytes for -/// an EFI_CERT_X509_SM3 structure. If the TimeOfRevocation is non-zero, the certificate should -/// be considered to be revoked from that time and onwards, and otherwise the certificate shall -/// be considered to always be revoked. -/// -#define EFI_CERT_X509_SM3_GUID \ - { \ - 0x60d807e5, 0x10b4, 0x49a9, {0x93, 0x31, 0xe4, 0x4, 0x37, 0x88, 0x8d, 0x37 } \ - } - -/// -/// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + -/// 28 bytes. -/// -#define EFI_CERT_SHA224_GUID \ - { \ - 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \ - } - -/// -/// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + -/// 48 bytes. -/// -#define EFI_CERT_SHA384_GUID \ - { \ - 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \ - } - -/// -/// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + -/// 64 bytes. -/// -#define EFI_CERT_SHA512_GUID \ - { \ - 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \ - } - -/// -/// This identifies a signature containing the SHA256 hash of an X.509 certificate's -/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) -/// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero, -/// the certificate should be considered to be revoked from that time and onwards, and -/// otherwise the certificate shall be considered to always be revoked. -/// -#define EFI_CERT_X509_SHA256_GUID \ - { \ - 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \ - } - -/// -/// This identifies a signature containing the SHA384 hash of an X.509 certificate's -/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) -/// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero, -/// the certificate should be considered to be revoked from that time and onwards, and -/// otherwise the certificate shall be considered to always be revoked. -/// -#define EFI_CERT_X509_SHA384_GUID \ - { \ - 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \ - } - -/// -/// This identifies a signature containing the SHA512 hash of an X.509 certificate's -/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall -/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) -/// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero, -/// the certificate should be considered to be revoked from that time and onwards, and -/// otherwise the certificate shall be considered to always be revoked. -/// -#define EFI_CERT_X509_SHA512_GUID \ - { \ - 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \ - } - -/// -/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315] -/// SignedData value. -/// -#define EFI_CERT_TYPE_PKCS7_GUID \ - { \ - 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \ - } - -// *********************************************************************** -// Image Execution Information Table Definition -// *********************************************************************** -typedef UINT32 EFI_IMAGE_EXECUTION_ACTION; - -#define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 -#define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000 -#define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001 -#define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002 -#define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003 -#define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004 -#define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005 -#define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008 - -// -// EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table -// and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID. -// -typedef struct { - /// - /// Describes the action taken by the firmware regarding this image. - /// - EFI_IMAGE_EXECUTION_ACTION Action; - /// - /// Size of all of the entire structure. - /// - UINT32 InfoSize; - /// - /// If this image was a UEFI device driver (for option ROM, for example) this is the - /// null-terminated, user-friendly name for the device. If the image was for an application, - /// then this is the name of the application. If this cannot be determined, then a simple - /// NULL character should be put in this position. - /// CHAR16 Name[]; - /// - - /// - /// For device drivers, this is the device path of the device for which this device driver - /// was intended. In some cases, the driver itself may be stored as part of the system - /// firmware, but this field should record the device's path, not the firmware path. For - /// applications, this is the device path of the application. If this cannot be determined, - /// a simple end-of-path device node should be put in this position. - /// EFI_DEVICE_PATH_PROTOCOL DevicePath; - /// - - /// - /// Zero or more image signatures. If the image contained no signatures, - /// then this field is empty. - /// EFI_SIGNATURE_LIST Signature; - /// -} EFI_IMAGE_EXECUTION_INFO; - -typedef struct { - /// - /// Number of EFI_IMAGE_EXECUTION_INFO structures. - /// - UINTN NumberOfImages; - /// - /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures. - /// - // EFI_IMAGE_EXECUTION_INFO InformationInfo[] -} EFI_IMAGE_EXECUTION_INFO_TABLE; - -extern EFI_GUID gEfiImageSecurityDatabaseGuid; -extern EFI_GUID gEfiCertSha256Guid; -extern EFI_GUID gEfiCertRsa2048Guid; -extern EFI_GUID gEfiCertRsa2048Sha256Guid; -extern EFI_GUID gEfiCertSha1Guid; -extern EFI_GUID gEfiCertRsa2048Sha1Guid; -extern EFI_GUID gEfiCertX509Guid; -extern EFI_GUID gEfiCertSha224Guid; -extern EFI_GUID gEfiCertSha384Guid; -extern EFI_GUID gEfiCertSha512Guid; -extern EFI_GUID gEfiCertX509Sha256Guid; -extern EFI_GUID gEfiCertX509Sha384Guid; -extern EFI_GUID gEfiCertX509Sha512Guid; -extern EFI_GUID gEfiCertPkcs7Guid; -extern EFI_GUID gEfiCertSm3Guid; -extern EFI_GUID gEfiCertX509Sm3Guid; - -#endif +/** @file + Image signature database are defined for the signed image validation. + + Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + GUIDs defined in UEFI 2.5 spec. +**/ + +#ifndef __IMAGE_AUTHTICATION_H__ +#define __IMAGE_AUTHTICATION_H__ + +#include <Guid/GlobalVariable.h> +#include <Protocol/Hash.h> + +#define EFI_IMAGE_SECURITY_DATABASE_GUID \ + { \ + 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \ + } + +/// +/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the authorized signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE L"db" +/// +/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the forbidden signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE1 L"dbx" +/// +/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the timestamp signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE2 L"dbt" + +#define SECURE_BOOT_MODE_ENABLE 1 +#define SECURE_BOOT_MODE_DISABLE 0 + +#define SETUP_MODE 1 +#define USER_MODE 0 + +#define DEVICE_AUTH_BOOT_MODE_ENABLE 1 +#define DEVICE_AUTH_BOOT_MODE_DISABLE 0 + +// *********************************************************************** +// Signature Database +// *********************************************************************** +/// +/// The format of a signature database. +/// +#pragma pack(1) + +typedef struct { + /// + /// An identifier which identifies the agent which added the signature to the list. + /// + EFI_GUID SignatureOwner; + /// + /// The format of the signature is defined by the SignatureType. + /// + UINT8 SignatureData[1]; +} EFI_SIGNATURE_DATA; + +typedef struct { + /// + /// Type of the signature. GUID signature types are defined in below. + /// + EFI_GUID SignatureType; + /// + /// Total size of the signature list, including this header. + /// + UINT32 SignatureListSize; + /// + /// Size of the signature header which precedes the array of signatures. + /// + UINT32 SignatureHeaderSize; + /// + /// Size of each signature. + /// + UINT32 SignatureSize; + /// + /// Header before the array of signatures. The format of this header is specified + /// by the SignatureType. + /// UINT8 SignatureHeader[SignatureHeaderSize]; + /// + /// An array of signatures. Each signature is SignatureSize bytes in length. + /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; + /// +} EFI_SIGNATURE_LIST; + +typedef struct { + /// + /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA256_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA256; + +typedef struct { + /// + /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA384_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA384; + +typedef struct { + /// + /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA512_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA512; + +typedef UINT8 EFI_SM3_HASH[32]; + +typedef struct { + /// + /// The SM3 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SM3_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SM3; + +#pragma pack() + +/// +/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 32 bytes. +/// +#define EFI_CERT_SHA256_GUID \ + { \ + 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \ + } + +/// +/// This identifies a signature containing an RSA-2048 key. The key (only the modulus +/// since the public key exponent is known to be 0x10001) shall be stored in big-endian +/// order. +/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size +/// of SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_GUID \ + { \ + 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \ + } + +/// +/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The +/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of +/// SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_SHA256_GUID \ + { \ + 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \ + } + +/// +/// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always +/// be 16 (size of SignatureOwner component) + 20 bytes. +/// +#define EFI_CERT_SHA1_GUID \ + { \ + 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \ + } + +/// +/// This identifies a signature containing a SM3 hash. The SignatureSize shall always +/// be 16 (size of SignatureOwner component) + 32 bytes. +/// +#define EFI_CERT_SM3_GUID \ + { \ + 0x57347f87, 0x7a9b, 0x403a, { 0xb9, 0x3c, 0xdc, 0x4a, 0xfb, 0x7a, 0xe, 0xbc } \ + } + +/// +/// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The +/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of +/// SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_SHA1_GUID \ + { \ + 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \ + } + +/// +/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 +/// certificate then verification of the signature of an image should validate the public +/// key certificate in the image using certificate path verification, up to this X.509 +/// certificate as a trusted root. The SignatureHeader size shall always be 0. The +/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + +/// the size of the certificate itself. +/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. +/// +#define EFI_CERT_X509_GUID \ + { \ + 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \ + } + +/// +/// This identifies a signature containing the SM3 hash of an X.509 certificate's To-Be-Signed +/// contents, and a time of revocation. The SignatureHeader size shall always be 0. The +/// SignatureSize shall always be 16 (size of the SignatureOwner component) + 32 bytes for +/// an EFI_CERT_X509_SM3 structure. If the TimeOfRevocation is non-zero, the certificate should +/// be considered to be revoked from that time and onwards, and otherwise the certificate shall +/// be considered to always be revoked. +/// +#define EFI_CERT_X509_SM3_GUID \ + { \ + 0x60d807e5, 0x10b4, 0x49a9, {0x93, 0x31, 0xe4, 0x4, 0x37, 0x88, 0x8d, 0x37 } \ + } + +/// +/// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 28 bytes. +/// +#define EFI_CERT_SHA224_GUID \ + { \ + 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \ + } + +/// +/// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 48 bytes. +/// +#define EFI_CERT_SHA384_GUID \ + { \ + 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \ + } + +/// +/// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 64 bytes. +/// +#define EFI_CERT_SHA512_GUID \ + { \ + 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \ + } + +/// +/// This identifies a signature containing the SHA256 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA256_GUID \ + { \ + 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \ + } + +/// +/// This identifies a signature containing the SHA384 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA384_GUID \ + { \ + 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \ + } + +/// +/// This identifies a signature containing the SHA512 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA512_GUID \ + { \ + 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \ + } + +/// +/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315] +/// SignedData value. +/// +#define EFI_CERT_TYPE_PKCS7_GUID \ + { \ + 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \ + } + +// *********************************************************************** +// Image Execution Information Table Definition +// *********************************************************************** +typedef UINT32 EFI_IMAGE_EXECUTION_ACTION; + +#define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 +#define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004 +#define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005 +#define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008 + +// +// EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table +// and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID. +// +typedef struct { + /// + /// Describes the action taken by the firmware regarding this image. + /// + EFI_IMAGE_EXECUTION_ACTION Action; + /// + /// Size of all of the entire structure. + /// + UINT32 InfoSize; + /// + /// If this image was a UEFI device driver (for option ROM, for example) this is the + /// null-terminated, user-friendly name for the device. If the image was for an application, + /// then this is the name of the application. If this cannot be determined, then a simple + /// NULL character should be put in this position. + /// CHAR16 Name[]; + /// + + /// + /// For device drivers, this is the device path of the device for which this device driver + /// was intended. In some cases, the driver itself may be stored as part of the system + /// firmware, but this field should record the device's path, not the firmware path. For + /// applications, this is the device path of the application. If this cannot be determined, + /// a simple end-of-path device node should be put in this position. + /// EFI_DEVICE_PATH_PROTOCOL DevicePath; + /// + + /// + /// Zero or more image signatures. If the image contained no signatures, + /// then this field is empty. + /// EFI_SIGNATURE_LIST Signature; + /// +} EFI_IMAGE_EXECUTION_INFO; + +typedef struct { + /// + /// Number of EFI_IMAGE_EXECUTION_INFO structures. + /// + UINTN NumberOfImages; + /// + /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures. + /// + // EFI_IMAGE_EXECUTION_INFO InformationInfo[] +} EFI_IMAGE_EXECUTION_INFO_TABLE; + +extern EFI_GUID gEfiImageSecurityDatabaseGuid; +extern EFI_GUID gEfiCertSha256Guid; +extern EFI_GUID gEfiCertRsa2048Guid; +extern EFI_GUID gEfiCertRsa2048Sha256Guid; +extern EFI_GUID gEfiCertSha1Guid; +extern EFI_GUID gEfiCertRsa2048Sha1Guid; +extern EFI_GUID gEfiCertX509Guid; +extern EFI_GUID gEfiCertSha224Guid; +extern EFI_GUID gEfiCertSha384Guid; +extern EFI_GUID gEfiCertSha512Guid; +extern EFI_GUID gEfiCertX509Sha256Guid; +extern EFI_GUID gEfiCertX509Sha384Guid; +extern EFI_GUID gEfiCertX509Sha512Guid; +extern EFI_GUID gEfiCertPkcs7Guid; +extern EFI_GUID gEfiCertSm3Guid; +extern EFI_GUID gEfiCertX509Sm3Guid; + +#endif diff --git a/sys/contrib/edk2/Include/IndustryStandard/Tpm12.h b/sys/contrib/edk2/Include/IndustryStandard/Tpm12.h index 0435bebe8e18..13395ed3d599 100644 --- a/sys/contrib/edk2/Include/IndustryStandard/Tpm12.h +++ b/sys/contrib/edk2/Include/IndustryStandard/Tpm12.h @@ -1,2165 +1,2165 @@ -/** @file - TPM Specification data structures (TCG TPM Specification Version 1.2 Revision 103) - See http://trustedcomputinggroup.org for latest specification updates - - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> - SPDX-License-Identifier: BSD-2-Clause-Patent -**/ - -#ifndef _TPM12_H_ -#define _TPM12_H_ - -/// -/// The start of TPM return codes -/// -#define TPM_BASE 0 - -// -// All structures MUST be packed on a byte boundary. -// - -#pragma pack (1) - -// -// Part 2, section 2.2.3: Helper redefinitions -// -/// -/// Indicates the conditions where it is required that authorization be presented -/// -typedef UINT8 TPM_AUTH_DATA_USAGE; -/// -/// The information as to what the payload is in an encrypted structure -/// -typedef UINT8 TPM_PAYLOAD_TYPE; -/// -/// The version info breakdown -/// -typedef UINT8 TPM_VERSION_BYTE; -/// -/// The state of the dictionary attack mitigation logic -/// -typedef UINT8 TPM_DA_STATE; -/// -/// The request or response authorization type -/// -typedef UINT16 TPM_TAG; -/// -/// The protocol in use -/// -typedef UINT16 TPM_PROTOCOL_ID; -/// -/// Indicates the start state -/// -typedef UINT16 TPM_STARTUP_TYPE; -/// -/// The definition of the encryption scheme -/// -typedef UINT16 TPM_ENC_SCHEME; -/// -/// The definition of the signature scheme -/// -typedef UINT16 TPM_SIG_SCHEME; -/// -/// The definition of the migration scheme -/// -typedef UINT16 TPM_MIGRATE_SCHEME; -/// -/// Sets the state of the physical presence mechanism -/// -typedef UINT16 TPM_PHYSICAL_PRESENCE; -/// -/// Indicates the types of entity that are supported by the TPM -/// -typedef UINT16 TPM_ENTITY_TYPE; -/// -/// Indicates the permitted usage of the key -/// -typedef UINT16 TPM_KEY_USAGE; -/// -/// The type of asymmetric encrypted structure in use by the endorsement key -/// -typedef UINT16 TPM_EK_TYPE; -/// -/// The tag for the structure -/// -typedef UINT16 TPM_STRUCTURE_TAG; -/// -/// The platform specific spec to which the information relates to -/// -typedef UINT16 TPM_PLATFORM_SPECIFIC; -/// -/// The command ordinal -/// -typedef UINT32 TPM_COMMAND_CODE; -/// -/// Identifies a TPM capability area -/// -typedef UINT32 TPM_CAPABILITY_AREA; -/// -/// Indicates information regarding a key -/// -typedef UINT32 TPM_KEY_FLAGS; -/// -/// Indicates the type of algorithm -/// -typedef UINT32 TPM_ALGORITHM_ID; -/// -/// The locality modifier -/// -typedef UINT32 TPM_MODIFIER_INDICATOR; -/// -/// The actual number of a counter -/// -typedef UINT32 TPM_ACTUAL_COUNT; -/// -/// Attributes that define what options are in use for a transport session -/// -typedef UINT32 TPM_TRANSPORT_ATTRIBUTES; -/// -/// Handle to an authorization session -/// -typedef UINT32 TPM_AUTHHANDLE; -/// -/// Index to a DIR register *** 14965 LINES SKIPPED ***
