f2c60e
From 0451d4e795929a69a0fda6d960aa4b077c5bd179 Mon Sep 17 00:00:00 2001
f2c60e
From: Dave Howells <dhowells@redhat.com>
f2c60e
Date: Fri, 5 May 2017 08:21:58 +0100
f2c60e
Subject: [PATCH 1/4] efi: Add EFI signature data types
f2c60e
f2c60e
Add the data types that are used for containing hashes, keys and
f2c60e
certificates for cryptographic verification along with their corresponding
f2c60e
type GUIDs.
f2c60e
f2c60e
Signed-off-by: David Howells <dhowells@redhat.com>
f2c60e
---
f2c60e
 include/linux/efi.h | 25 +++++++++++++++++++++++++
f2c60e
 1 file changed, 25 insertions(+)
f2c60e
f2c60e
diff --git a/include/linux/efi.h b/include/linux/efi.h
f2c60e
index ec36f42..3259ad6 100644
f2c60e
--- a/include/linux/efi.h
f2c60e
+++ b/include/linux/efi.h
f2c60e
@@ -614,6 +614,10 @@ void efi_native_runtime_setup(void);
f2c60e
 #define EFI_IMAGE_SECURITY_DATABASE_GUID	EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596,  0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f)
f2c60e
 #define EFI_SHIM_LOCK_GUID			EFI_GUID(0x605dab50, 0xe046, 0x4300,  0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
f2c60e
f2c60e
+#define EFI_CERT_SHA256_GUID			EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
f2c60e
+#define EFI_CERT_X509_GUID			EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72)
f2c60e
+#define EFI_CERT_X509_SHA256_GUID		EFI_GUID(0x3bd2a492, 0x96c0, 0x4079, 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed)
f2c60e
+
f2c60e
 /*
f2c60e
  * This GUID is used to pass to the kernel proper the struct screen_info
f2c60e
  * structure that was populated by the stub based on the GOP protocol instance
f2c60e
@@ -873,6 +877,27 @@ typedef struct {
f2c60e
 	efi_memory_desc_t entry[0];
f2c60e
 } efi_memory_attributes_table_t;
f2c60e
f2c60e
+typedef struct  {
f2c60e
+	efi_guid_t signature_owner;
f2c60e
+	u8 signature_data[];
f2c60e
+} efi_signature_data_t;
f2c60e
+
f2c60e
+typedef struct {
f2c60e
+	efi_guid_t signature_type;
f2c60e
+	u32 signature_list_size;
f2c60e
+	u32 signature_header_size;
f2c60e
+	u32 signature_size;
f2c60e
+	u8 signature_header[];
f2c60e
+	/* efi_signature_data_t signatures[][] */
f2c60e
+} efi_signature_list_t;
f2c60e
+
f2c60e
+typedef u8 efi_sha256_hash_t[32];
f2c60e
+
f2c60e
+typedef struct {
f2c60e
+	efi_sha256_hash_t to_be_signed_hash;
f2c60e
+	efi_time_t time_of_revocation;
f2c60e
+} efi_cert_x509_sha256_t;
f2c60e
+
f2c60e
 /*
f2c60e
  * All runtime access to EFI goes through this structure:
f2c60e
  */
f2c60e
-- 
f2c60e
2.9.3
f2c60e