[U-Boot,v2,01/16] include: pe.h: add signature-related definitions
diff mbox series

Message ID 20191126005120.31156-2-takahiro.akashi@linaro.org
State Superseded
Delegated to: Heinrich Schuchardt
Headers show
Series
  • efi_loader: add secure boot support
Related show

Commit Message

AKASHI Takahiro Nov. 26, 2019, 12:51 a.m. UTC
The index (IMAGE_DIRECTORY_ENTRY_SECURITY) in a table points to
a region containing authentication information (image's signature)
in PE format.

WIN_CERTIFICATE structure defines an embedded signature format.

Those definitions will be used in my UEFI secure boot patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
 include/pe.h | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

Comments

Heinrich Schuchardt Nov. 26, 2019, 2:55 a.m. UTC | #1
On 11/26/19 1:51 AM, AKASHI Takahiro wrote:
> The index (IMAGE_DIRECTORY_ENTRY_SECURITY) in a table points to
> a region containing authentication information (image's signature)
> in PE format.
>
> WIN_CERTIFICATE structure defines an embedded signature format.
>
> Those definitions will be used in my UEFI secure boot patch.
>
> Signed-off-by: AKASHI Takahiro<takahiro.akashi@linaro.org>

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

> ---
>   include/pe.h | 18 ++++++++++++++++++
>   1 file changed, 18 insertions(+)

Patch
diff mbox series

diff --git a/include/pe.h b/include/pe.h
index bff3b0aa7a6c..086f2b860e99 100644
--- a/include/pe.h
+++ b/include/pe.h
@@ -155,6 +155,8 @@  typedef struct _IMAGE_SECTION_HEADER {
 	uint32_t Characteristics;
 } IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
 
+/* Indices for Optional Header Data Directories */
+#define IMAGE_DIRECTORY_ENTRY_SECURITY		4
 #define IMAGE_DIRECTORY_ENTRY_BASERELOC         5
 
 typedef struct _IMAGE_BASE_RELOCATION
@@ -252,4 +254,20 @@  typedef struct _IMAGE_RELOCATION
 #define IMAGE_REL_AMD64_PAIR            0x000F
 #define IMAGE_REL_AMD64_SSPAN32         0x0010
 
+/* certificate appended to PE image */
+typedef struct _WIN_CERTIFICATE {
+	uint32_t dwLength;
+	uint16_t wRevision;
+	uint16_t wCertificateType;
+	uint8_t bCertificate[];
+} WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
+
+/* Definitions for the contents of the certs data block */
+#define WIN_CERT_TYPE_PKCS_SIGNED_DATA	0x0002
+#define WIN_CERT_TYPE_EFI_OKCS115	0x0EF0
+#define WIN_CERT_TYPE_EFI_GUID		0x0EF1
+
+#define WIN_CERT_REVISION_1_0		0x0100
+#define WIN_CERT_REVISION_2_0		0x0200
+
 #endif /* _PE_H */