efi: Add EFI signature data types · tjh.dev/kernel@5c126ba

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

efi: Add EFI signature data types

Add the data types that are used for containing hashes, keys and
certificates for cryptographic verification along with their corresponding
type GUIDs.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Nayna Jain <nayna@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

authored by

Dave Howells and committed by

Mimi Zohar 7 years ago 5c126ba2 60740acc

+25

1 changed file

expand all

include

linux

efi.h

+25

include/linux/efi.h

··· 663 663 #define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) 664 664 #define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23) 665 665 666 + #define EFI_CERT_SHA256_GUID EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28) 667 + #define EFI_CERT_X509_GUID EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72) 668 + #define EFI_CERT_X509_SHA256_GUID EFI_GUID(0x3bd2a492, 0x96c0, 0x4079, 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed) 669 + 666 670 /* 667 671 * This GUID is used to pass to the kernel proper the struct screen_info 668 672 * structure that was populated by the stub based on the GOP protocol instance ··· 937 933 u32 reserved; 938 934 efi_memory_desc_t entry[0]; 939 935 } efi_memory_attributes_table_t; 936 + 937 + typedef struct { 938 + efi_guid_t signature_owner; 939 + u8 signature_data[]; 940 + } efi_signature_data_t; 941 + 942 + typedef struct { 943 + efi_guid_t signature_type; 944 + u32 signature_list_size; 945 + u32 signature_header_size; 946 + u32 signature_size; 947 + u8 signature_header[]; 948 + /* efi_signature_data_t signatures[][] */ 949 + } efi_signature_list_t; 950 + 951 + typedef u8 efi_sha256_hash_t[32]; 952 + 953 + typedef struct { 954 + efi_sha256_hash_t to_be_signed_hash; 955 + efi_time_t time_of_revocation; 956 + } efi_cert_x509_sha256_t; 940 957 941 958 /* 942 959 * All runtime access to EFI goes through this structure: