Documentation ¶
Index ¶
- Constants
- Variables
- func ComputePeImageDigest(alg crypto.Hash, r io.ReaderAt, sz int64) ([]byte, error)
- func ConvertUTF16ToUTF8(in []uint16) string
- func ConvertUTF8ToUCS2(in string) []uint16
- func ConvertUTF8ToUTF16(in string) []uint16
- func DeleteBootNextVariable() error
- func DeleteLoadOptionVariable(class LoadOptionClass, n uint16) error
- func IsDeployedModeSupported() bool
- func ListLoadOptionNumbers(class LoadOptionClass) ([]uint16, error)
- func MockVarsBackend(backend VarsBackend) (restore func())
- func NextAvailableLoadOptionNumber(class LoadOptionClass) (uint16, error)
- func ReadBootCurrentVariable() (uint16, error)
- func ReadBootNextVariable() (uint16, error)
- func ReadLoadOrderVariable(class LoadOptionClass) ([]uint16, error)
- func ReadPlatformKeyCertificate() (*x509.Certificate, error)
- func ReadSecureBootVariable() (bool, error)
- func WriteBootNextVariable(n uint16) error
- func WriteLoadOptionVariable(class LoadOptionClass, n uint16, option *LoadOption) error
- func WriteLoadOrderVariable(class LoadOptionClass, order []uint16) error
- func WriteOSIndicationsVariable(value OSIndications) error
- func WriteVariable(name string, guid GUID, attrs VariableAttributes, data []byte) error
- type ACPIDevicePathNode
- type ACPIExtendedDevicePathNode
- type ATAPIControllerRole
- type ATAPIDevicePathNode
- type ATAPIDriveRole
- type BootOptionSupport
- type CDROMDevicePathNode
- type DeviceLogicalUnitDevicePathNode
- type DevicePath
- type DevicePathMatch
- type DevicePathNode
- type DevicePathSubType
- type DevicePathToStringFlags
- type DevicePathType
- type EISAID
- type FilePathDevicePathNode
- type GUID
- type GUIDHardDriveSignature
- type GenericDevicePathNode
- type HardDriveDevicePathNode
- type HardDriveSignature
- type HardDriveSignatureType
- type InconsistentSecureBootModeError
- type InvalidGPTHeaderError
- type LBA
- type LoadOption
- type LoadOptionAttributes
- type LoadOptionClass
- type MBRHardDriveSignature
- type MBRType
- type MediaFvDevicePathNode
- type MediaFvFileDevicePathNode
- type MediaRelOffsetRangeDevicePathNode
- type NVMENamespaceDevicePathNode
- type OSIndications
- type PCIDevicePathNode
- type PartitionEntry
- type PartitionTable
- type PartitionTableHeader
- type PartitionTableRole
- type PhysicalAddress
- type SATADevicePathNode
- type SCSIDevicePathNode
- type SecureBootMode
- type SignatureData
- type SignatureDatabase
- type SignatureList
- type USBClass
- type USBClassDevicePathNode
- type USBDevicePathNode
- type USBWWIDDevicePathNode
- type VariableAttributes
- type VariableAuthentication
- type VariableAuthentication2
- type VariableAuthentication3
- type VariableAuthentication3CertId
- type VariableAuthentication3CertIdSHA256
- type VariableAuthentication3Descriptor
- type VariableAuthentication3Nonce
- type VariableAuthentication3NonceDescriptor
- type VariableAuthentication3Timestamp
- type VariableAuthentication3TimestampDescriptor
- type VariableAuthentication3Type
- type VariableDescriptor
- type VarsBackend
- type VendorDevicePathNode
- type WinCertificate
- type WinCertificateAuthenticode
- func (c *WinCertificateAuthenticode) CertLikelyTrustAnchor(cert *x509.Certificate) bool
- func (c *WinCertificateAuthenticode) Digest() []byte
- func (c *WinCertificateAuthenticode) DigestAlgorithm() crypto.Hash
- func (c *WinCertificateAuthenticode) GetSigner() *x509.Certificate
- func (c *WinCertificateAuthenticode) Type() WinCertificateType
- type WinCertificateGUID
- type WinCertificateGUIDPKCS1v15
- type WinCertificateGUIDUnknown
- type WinCertificatePKCS1v15
- type WinCertificatePKCS7
- type WinCertificateType
Constants ¶
const ( OSIndicationBootToFWUI = uefi.EFI_OS_INDICATIONS_BOOT_TO_FW_UI OSIndicationTimestampRevocation = uefi.EFI_OS_INDICATIONS_TIMESTAMP_REVOCATION OSIndicationFileCapsuleDeliverySupported = uefi.EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED OSIndicationFMPCapsuleSupported = uefi.EFI_OS_INDICATIONS_FMP_CAPSULE_SUPPORTED OSIndicationCapsuleResultVarSupported = uefi.EFI_OS_INDICATIONS_CAPSULE_RESULT_VAR_SUPPORTED OSIndicationStartOSRecovery = uefi.EFI_OS_INDICATIONS_START_OS_RECOVERY OSIndicationStartPlatformRecovery = uefi.EFI_OS_INDICATIONS_START_PLATFORM_RECOVERY OSIndicationJSONConfigDataRefresh = uefi.EFI_OS_INDICATIONS_JSON_CONFIG_DATA_REFRESH )
const ( BootOptionSupportKey = uefi.EFI_BOOT_OPTION_SUPPORT_KEY BootOptionSupportApp = uefi.EFI_BOOT_OPTION_SUPPORT_APP BootOptionSupportSysPrep = uefi.EFI_BOOT_OPTION_SUPPORT_SYSPREP BootOptionSupportCount = uefi.EFI_BOOT_OPTION_SUPPORT_COUNT )
Variables ¶
var ( ErrCRCCheck = errors.New("CRC check failed") ErrNoProtectiveMBR = errors.New("no protective master boot record found") // ErrInvalidBackupPartitionTableLocation may be returned from // ReadPartitionTable when called with the BackupPartitionTable // role if the partition table isn't located at the end of the // device. Note that the function will still return a valid table // in this case. ErrInvalidBackupPartitionTableLocation = errors.New("backup partition table not located at end of device") // UnusedPartitionType is the type GUID of an unused partition entry. UnusedPartitionType GUID )
var ( ErrVarNotExist = errors.New("variable does not exist") ErrVarPermission = errors.New("permission denied") )
Functions ¶
func ComputePeImageDigest ¶
ComputePeImageDigest computes the digest of the supplied PE image in accordance with the Authenticode specification, using the specified digest algorithm.
func ConvertUTF16ToUTF8 ¶
ConvertUTF16ToUTF8 converts the supplied UTF-16 or UCS2 string to a UTF-8 string. If the supplied string is NULL-terminated, then the NULL termination is removed from the string.
func ConvertUTF8ToUCS2 ¶ added in v0.1.2
ConvertUTF8ToUCS2 converts the supplied UTF-8 string to a UCS2 string. Any code point outside of the Basic Multilingual Plane cannot be represented by UCS2 and is converted to the replacement character.
func ConvertUTF8ToUTF16 ¶
ConvertUTF8ToUTF16 converts the supplied UTF-8 string to a UTF-16 string.
func DeleteBootNextVariable ¶ added in v0.9.6
func DeleteBootNextVariable() error
DeleteBootNextVariable deletes the option number of the boot entry to try next.
func DeleteLoadOptionVariable ¶ added in v0.9.6
func DeleteLoadOptionVariable(class LoadOptionClass, n uint16) error
DeleteLoadOptionVariable deletes the load option variable for the specified class and option number. The variable is written to the global namespace. This will succeed even if the variable doesn't alreeady exist. The class must be one of LoadOptionClassDriver, LoadOptionClassSysprep, or LoadOptionClassBoot.
func IsDeployedModeSupported ¶ added in v0.9.6
func IsDeployedModeSupported() bool
IsDeployedModeSupported indicates whether the firmware is new enough (ie based on at least UEFI 2.5) to support deployed mode.
func ListLoadOptionNumbers ¶ added in v0.9.6
func ListLoadOptionNumbers(class LoadOptionClass) ([]uint16, error)
ListLoadOptionNumbers lists the numbers of all of the load option variables for the specified class from the global namespace. The returned numbers will be sorted in ascending order.
func MockVarsBackend ¶ added in v0.9.6
func MockVarsBackend(backend VarsBackend) (restore func())
MockVarsBackend allows the VarsBackend to be mocked for testing or to provide variables from an alternative host in production code. It returns a function that will restore the original backend when called.
func NextAvailableLoadOptionNumber ¶ added in v0.9.6
func NextAvailableLoadOptionNumber(class LoadOptionClass) (uint16, error)
NextAvailableLoadOptionNumber returns the next available load option number for the specified class, which must be one of LoadOptionClassDriver, LoadOptionClassSysprep, or LoadOptionClassBoot.
func ReadBootCurrentVariable ¶ added in v0.9.6
ReadBootCurrentVariable returns the option number used for the current boot.
func ReadBootNextVariable ¶ added in v0.9.6
ReadBootNextVariable returns the option number of the boot entry to try next.
func ReadLoadOrderVariable ¶ added in v0.9.6
func ReadLoadOrderVariable(class LoadOptionClass) ([]uint16, error)
ReadLoadOrderVariable returns the load option order for the specified class, which must be one of LoadOptionClassDriver, LoadOptionClassSysPrep, or LoadOptionClassBoot.
func ReadPlatformKeyCertificate ¶ added in v0.9.7
func ReadPlatformKeyCertificate() (*x509.Certificate, error)
ReadPlatformKeyCertificate reads the PK global variable and returns the corresponding certificate, if a platform key is enrolled. If no platform key is enrolled, this will return nil.
func ReadSecureBootVariable ¶ added in v0.9.6
ReadSecureBootVariable reads the SecureBoot global variable which provides an indication of whether secure boot is enabled. If it returns false, then secure boot is disabled. If it returns true, then it is an indication that secure boot is enabled.
Note that this function cannot prove that secure boot is enabled. If a platform provides a way to disable secure boot and execute arbitrary code, then the platform or kernel may not tell the truth about this. Obtaining proof that secure boot is enabled would involve the use of attestations and a third party verifier.
func WriteBootNextVariable ¶ added in v0.9.6
WriteBootNextVariable writes the option number of the boot entry to try next.
func WriteLoadOptionVariable ¶ added in v0.9.6
func WriteLoadOptionVariable(class LoadOptionClass, n uint16, option *LoadOption) error
WriteLoadOptionVariable writes the supplied LoadOption to a variable for the specified class and option number. The variable is written to the global namespace. This will overwrite any variable that already exists. The class must be one of LoadOptionClassDriver, LoadOptionClassSysprep, or LoadOptionClassBoot.
func WriteLoadOrderVariable ¶ added in v0.9.6
func WriteLoadOrderVariable(class LoadOptionClass, order []uint16) error
WriteLoadOrderVariable writes the load option order for the specified class, which must be one of LoadOptionClassDriver, LoadOptionClassSysprep, or LoadOptionClassBoot.
This will check that each entry corresponds to a valid load option before writing the new order.
func WriteOSIndicationsVariable ¶ added in v0.9.6
func WriteOSIndicationsVariable(value OSIndications) error
WriteOSIndicationsVariable writes the supplied value to the OsIndications global variable in order to send commands to the firmware for the next boot.
func WriteVariable ¶ added in v0.1.2
func WriteVariable(name string, guid GUID, attrs VariableAttributes, data []byte) error
WriteVariable writes the supplied data value with the specified attributes to the EFI variable with the specified name and GUID.
If the variable already exists, the specified attributes must match the existing attributes with the exception of AttributeAppendWrite.
If the variable does not exist, it will be created.
Types ¶
type ACPIDevicePathNode ¶
ACPIDevicePathNode corresponds to an ACPI device path node.
func (*ACPIDevicePathNode) String ¶
func (d *ACPIDevicePathNode) String() string
func (*ACPIDevicePathNode) ToString ¶ added in v0.3.0
func (d *ACPIDevicePathNode) ToString(_ DevicePathToStringFlags) string
type ACPIExtendedDevicePathNode ¶
type ACPIExtendedDevicePathNode struct { HID EISAID UID uint32 CID EISAID HIDStr string UIDStr string CIDStr string }
ACPIExtendedDevicePathNode corresponds to an ACPI device path node and is used where a CID field is required or a string field is required for HID or UID.
func (*ACPIExtendedDevicePathNode) String ¶
func (d *ACPIExtendedDevicePathNode) String() string
func (*ACPIExtendedDevicePathNode) ToString ¶ added in v0.3.0
func (d *ACPIExtendedDevicePathNode) ToString(flags DevicePathToStringFlags) string
type ATAPIControllerRole ¶
type ATAPIControllerRole uint8
ATAPIControllerRole describes the port that an IDE device is connected to.
const ( ATAPIControllerPrimary ATAPIControllerRole = 0 ATAPIControllerSecondary ATAPIControllerRole = 1 )
func (ATAPIControllerRole) String ¶ added in v0.3.0
func (r ATAPIControllerRole) String() string
type ATAPIDevicePathNode ¶
type ATAPIDevicePathNode struct { Controller ATAPIControllerRole Drive ATAPIDriveRole LUN uint16 // Logical unit number }
ATAPIDevicePathNode corresponds to an ATA device path node.
func (*ATAPIDevicePathNode) String ¶
func (d *ATAPIDevicePathNode) String() string
func (*ATAPIDevicePathNode) ToString ¶ added in v0.3.0
func (d *ATAPIDevicePathNode) ToString(flags DevicePathToStringFlags) string
type ATAPIDriveRole ¶
type ATAPIDriveRole uint8
ATAPIDriveRole describes the role of a device on a specific IDE port.
const ( ATAPIDriveMaster ATAPIDriveRole = 0 ATAPIDriveSlave ATAPIDriveRole = 1 )
func (ATAPIDriveRole) String ¶ added in v0.3.0
func (r ATAPIDriveRole) String() string
type BootOptionSupport ¶ added in v0.9.6
type BootOptionSupport uint32
BootOptionSupport provides a way for the firmware to indicate certain boot options that are supported.
func ReadBootOptionSupportVariable ¶ added in v0.9.6
func ReadBootOptionSupportVariable() (BootOptionSupport, error)
ReadBootOptionSupportVariable returns the value of the BootOptionSupport variable in the global namespace.
func (BootOptionSupport) KeyCount ¶ added in v0.9.6
func (s BootOptionSupport) KeyCount() uint8
KeyCount returns the supported number of key presses (up to 3).
type CDROMDevicePathNode ¶
CDROMDevicePathNode corresponds to a CDROM device path node.
func (*CDROMDevicePathNode) String ¶
func (d *CDROMDevicePathNode) String() string
func (*CDROMDevicePathNode) ToString ¶ added in v0.3.0
func (d *CDROMDevicePathNode) ToString(flags DevicePathToStringFlags) string
type DeviceLogicalUnitDevicePathNode ¶
type DeviceLogicalUnitDevicePathNode struct {
LUN uint8
}
func (*DeviceLogicalUnitDevicePathNode) String ¶
func (d *DeviceLogicalUnitDevicePathNode) String() string
func (*DeviceLogicalUnitDevicePathNode) ToString ¶ added in v0.3.0
func (d *DeviceLogicalUnitDevicePathNode) ToString(_ DevicePathToStringFlags) string
type DevicePath ¶
type DevicePath []DevicePathNode
DevicePath represents a complete device path with the first node representing the root.
func ReadDevicePath ¶
func ReadDevicePath(r io.Reader) (out DevicePath, err error)
ReadDevicePath decodes a device path from the supplied io.Reader. It will read until it finds a termination node or an error occurs.
func (DevicePath) Bytes ¶ added in v0.2.0
func (p DevicePath) Bytes() ([]byte, error)
Bytes returns the serialized form of this device path.
func (DevicePath) Matches ¶ added in v0.9.6
func (p DevicePath) Matches(other DevicePath) DevicePathMatch
Matches indicates whether other matches this path in some way, and returns the type of match. If other begins with *HardDriveDevicePathNode and is 2 nodes long, this may return DevicePathShortFormHDMatch. If other begins with FilePathDevicePathNode and is a single node long, this may return DevicePathShortFormFileMatch. This returns DevicePathFullMatch if the supplied path fully matches, and DevicePathNoMatch if there is no match.
func (DevicePath) String ¶
func (p DevicePath) String() string
func (DevicePath) ToString ¶ added in v0.3.0
func (p DevicePath) ToString(flags DevicePathToStringFlags) string
ToString returns a string representation of this device path with the supplied flags.
type DevicePathMatch ¶ added in v0.9.6
type DevicePathMatch int
DevicePathMatch indicates how a device path matched
const ( // DevicePathNoMatch indicates that a pair of device paths did not match. DevicePathNoMatch DevicePathMatch = iota // DevicePathFullMatch indicates that a pair of device paths fully matched. DevicePathFullMatch // DevicePathShortFormHDMatch indicates that one device path begins with a // *[HardDriveDevicePathNode] and matches the end of the longer device path. DevicePathShortFormHDMatch // DevicePathShortFormFileMatch indicates that one device path begins with a // [FilePathDevicePathNode] and matches the end of the longer device path. DevicePathShortFormFileMatch )
type DevicePathNode ¶
type DevicePathNode interface { fmt.Stringer ToString(flags DevicePathToStringFlags) string Write(w io.Writer) error }
DevicePathNode represents a single node in a device path.
type DevicePathSubType ¶
type DevicePathSubType uint8
DevicePathSubType is the sub-type of a device path node. The meaning of this depends on the DevicePathType.
type DevicePathToStringFlags ¶ added in v0.3.0
type DevicePathToStringFlags int
DevicePathToStringFlags defines flags for DevicePath.ToString and DevicePathNode.ToString.
const ( // DevicePathDisplayOnly indicates that each node is converted // to the shorter text representation. DevicePathDisplayOnly DevicePathToStringFlags = 1 << 0 )
func (DevicePathToStringFlags) DisplayOnly ¶ added in v0.3.0
func (f DevicePathToStringFlags) DisplayOnly() bool
type DevicePathType ¶
type DevicePathType uint8
DevicePathType is the type of a device path node.
const ( HardwareDevicePath DevicePathType = uefi.HARDWARE_DEVICE_PATH ACPIDevicePath DevicePathType = uefi.ACPI_DEVICE_PATH MessagingDevicePath DevicePathType = uefi.MESSAGING_DEVICE_PATH MediaDevicePath DevicePathType = uefi.MEDIA_DEVICE_PATH BBSDevicePath DevicePathType = uefi.BBS_DEVICE_PATH )
func (DevicePathType) String ¶
func (t DevicePathType) String() string
type FilePathDevicePathNode ¶
type FilePathDevicePathNode string
FilePathDevicePathNode corresponds to a file path device path node.
func NewFilePathDevicePathNode ¶
func NewFilePathDevicePathNode(path string) (out FilePathDevicePathNode)
NewFilePathDevicePathNode constructs a new FilePathDevicePathNode from the supplied path, converting the OS native separators to EFI separators ("\") and prepending a separator to the start of the path if one doesn't already exist.
func (FilePathDevicePathNode) String ¶
func (d FilePathDevicePathNode) String() string
func (FilePathDevicePathNode) ToString ¶ added in v0.3.0
func (d FilePathDevicePathNode) ToString(_ DevicePathToStringFlags) string
type GUID ¶
type GUID [16]byte
GUID corresponds to the EFI_GUID type.
var ( // HashAlgorithmSHA1Guid corresponds to the SHA1 algorithm. HashAlgorithmSHA1Guid GUID = GUID(uefi.EFI_HASH_ALGORITHM_SHA1_GUID) // HashAlgorithmSHA256Guid corresponds to the SHA256 algorithm. HashAlgorithmSHA256Guid GUID = GUID(uefi.EFI_HASH_ALGORITHM_SHA256_GUID) // HashAlgorithmSHA224Guid corresponds to the SHA224 algorithm. HashAlgorithmSHA224Guid GUID = GUID(uefi.EFI_HASH_ALGORITHM_SHA224_GUID) // HashAlgorithmSHA384Guid corresponds to the SHA384 algorithm. HashAlgorithmSHA384Guid GUID = GUID(uefi.EFI_HASH_ALGORITHM_SHA384_GUID) // HashAlgorithmSHA412Guid corresponds to the SHA512 algorithm. HashAlgorithmSHA512Guid GUID = GUID(uefi.EFI_HASH_ALGORITHM_SHA512_GUID) // CertTypeRSA2048SHA256Guid is used to define the type of a // WinCertificateGUID that corresponds to a PKCS#1-v1.5 encoded RSA2048 // SHA256 signature and is implemented by the *WinCertificateGUIDPKCS1v15 // type. CertTypeRSA2048SHA256Guid GUID = GUID(uefi.EFI_CERT_TYPE_RSA2048_SHA256_GUID) // CertTypePKCS7Guid is used to define the type of a WinCertificateGUID // that corresponds to a detached PKCS#7 signature and is implemented by // the *WinCertificatePKCS7 type. CertTypePKCS7Guid GUID = GUID(uefi.EFI_CERT_TYPE_PKCS7_GUID) // CertSHA1Guid is used to define the type of a signature list that // contains a SHA1 digest. CertSHA1Guid GUID = GUID(uefi.EFI_CERT_SHA1_GUID) // CertSHA256Guid is used to define the type of a signature list that // contains a SHA-256 digest. CertSHA256Guid GUID = GUID(uefi.EFI_CERT_SHA256_GUID) // CertSHA224Guid is used to define the type of a signature list that // contains a SHA-224 digest. CertSHA224Guid GUID = GUID(uefi.EFI_CERT_SHA224_GUID) // CertSHA384Guid is used to define the type of a signature list that // contains a SHA-384 digest. CertSHA384Guid GUID = GUID(uefi.EFI_CERT_SHA384_GUID) // CertSHA512Guid is used to define the type of a signature list that // contains a SHA-512 digest. CertSHA512Guid GUID = GUID(uefi.EFI_CERT_SHA512_GUID) // CertRSA2048Guid is used to define the type of a signature list that // contains RSA2048 public keys. CertRSA2048Guid GUID = GUID(uefi.EFI_CERT_RSA2048_GUID) // CertRSA2048SHA1Guid is used to define the type of a signature list // that contains SHA1 digests of RSA2048 public keys. CertRSA2048SHA1Guid GUID = GUID(uefi.EFI_CERT_RSA2048_SHA1_GUID) // CertRSA2048SHA256Guid is used to define the type of a signature list // that contains SHA-256 digesta of RSA2048 public keya. CertRSA2048SHA256Guid GUID = GUID(uefi.EFI_CERT_RSA2048_SHA256_GUID) // CertX509Guid is used to define the type of a signature list that // contains a DER encoded X.509 certificate. CertX509Guid GUID = GUID(uefi.EFI_CERT_X509_GUID) // CertX509SHA256Guid is used to define the type of a signature list // that contains the SHA-256 digest of the TBS content of a X.509 // certificate, and a revocation time. CertX509SHA256Guid GUID = GUID(uefi.EFI_CERT_X509_SHA256_GUID) // CertX509SHA384Guid is used to define the type of a signature list // that contains the SHA-384 digest of the TBS content of a X.509 // certificate, and a revocation time. CertX509SHA384Guid GUID = GUID(uefi.EFI_CERT_X509_SHA384_GUID) // CertX509SHA512Guid is used to define the type of a signature list // that contains the SHA-512 digest of the TBS content of a X.509 // certificate, and a revocation time. CertX509SHA512Guid GUID = GUID(uefi.EFI_CERT_X509_SHA512_GUID) // GlobalVariable is the namespace for many variables within the UEFI specification. GlobalVariable GUID = GUID(uefi.EFI_GLOBAL_VARIABLE) // ImageSecurityDatabaseGuid is the namespace for signature databases defined // byt the UEFI specification. ImageSecurityDatabaseGuid GUID = GUID(uefi.EFI_IMAGE_SECURITY_DATABASE_GUID) )
func DecodeGUIDString ¶
DecodeGUIDString decodes the supplied GUID string. The string must have the format "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" and may be surrounded by curly braces.
type GUIDHardDriveSignature ¶ added in v0.3.0
type GUIDHardDriveSignature GUID
GUIDHardDriveSignature is a HardDriveSignature for GPT drives.
func (GUIDHardDriveSignature) Data ¶ added in v0.3.0
func (s GUIDHardDriveSignature) Data() (out [16]uint8)
Data implements [HardDriveSignature.Data].
func (GUIDHardDriveSignature) String ¶ added in v0.3.0
func (s GUIDHardDriveSignature) String() string
func (GUIDHardDriveSignature) Type ¶ added in v0.3.0
func (GUIDHardDriveSignature) Type() HardDriveSignatureType
Type implements [HardDriveSignature.Type].
type GenericDevicePathNode ¶ added in v0.1.2
type GenericDevicePathNode struct { Type DevicePathType SubType DevicePathSubType // the meaning of the sub-type depends on the Type field. Data []byte // An opaque blob of data associated with this node }
GenericDevicePathNode corresponds to a device path nodes with a type that is not handled by this package
func (*GenericDevicePathNode) String ¶ added in v0.1.2
func (d *GenericDevicePathNode) String() string
func (*GenericDevicePathNode) ToString ¶ added in v0.3.0
func (d *GenericDevicePathNode) ToString(_ DevicePathToStringFlags) string
type HardDriveDevicePathNode ¶
type HardDriveDevicePathNode struct { PartitionNumber uint32 // 1-indexed partition number PartitionStart uint64 // Starting LBA PartitionSize uint64 // Size in number of LBAs Signature HardDriveSignature // Signature,the type of which is implementation specific (GPT vs MBR) MBRType MBRType // Legacy MBR or GPT }
HardDriveDevicePathNode corresponds to a hard drive device path node.
func NewHardDriveDevicePathNodeFromDevice ¶
func NewHardDriveDevicePathNodeFromDevice(r io.ReaderAt, totalSz, blockSz int64, part int) (*HardDriveDevicePathNode, error)
NewHardDriveDevicePathNodeFromDevice constructs a HardDriveDevicePathNode for the specified partition on the supplied device reader. The device's total size and logical block size must be supplied.
func (*HardDriveDevicePathNode) String ¶
func (d *HardDriveDevicePathNode) String() string
func (*HardDriveDevicePathNode) ToString ¶ added in v0.3.0
func (d *HardDriveDevicePathNode) ToString(flags DevicePathToStringFlags) string
type HardDriveSignature ¶ added in v0.3.0
type HardDriveSignature interface { fmt.Stringer Data() [16]uint8 // the raw signature data Type() HardDriveSignatureType // Signature type }
HardDriveSignature is an abstraction for a unique hard drive identifier
type HardDriveSignatureType ¶ added in v0.3.0
type HardDriveSignatureType uint8
func (HardDriveSignatureType) String ¶ added in v0.3.0
func (t HardDriveSignatureType) String() string
type InconsistentSecureBootModeError ¶ added in v0.9.6
type InconsistentSecureBootModeError struct {
// contains filtered or unexported fields
}
InconsistentSecureBootModeError is returned from ComputeSecureBootMode if some of the variables are in an inconsistent state.
func (*InconsistentSecureBootModeError) Error ¶ added in v0.9.6
func (e *InconsistentSecureBootModeError) Error() string
func (*InconsistentSecureBootModeError) Unwrap ¶ added in v0.9.6
func (e *InconsistentSecureBootModeError) Unwrap() error
type InvalidGPTHeaderError ¶
type InvalidGPTHeaderError string
func (InvalidGPTHeaderError) Error ¶
func (e InvalidGPTHeaderError) Error() string
type LoadOption ¶
type LoadOption struct { Attributes LoadOptionAttributes Description string FilePath DevicePath OptionalData []byte }
LoadOption corresponds to the EFI_LOAD_OPTION type.
func ReadBootNextLoadOptionVariable ¶ added in v0.9.6
func ReadBootNextLoadOptionVariable() (*LoadOption, error)
ReadBootNextLoadOptionVariable returns the LoadOption for the boot entry to try next.
func ReadLoadOption ¶
func ReadLoadOption(r io.Reader) (out *LoadOption, err error)
ReadLoadOption reads a LoadOption from the supplied io.Reader. Due to the way that EFI_LOAD_OPTION is defined, where there is no size encoded for the OptionalData field, this function will consume all of the bytes available from the supplied reader.
func ReadLoadOptionVariable ¶ added in v0.9.6
func ReadLoadOptionVariable(class LoadOptionClass, n uint16) (*LoadOption, error)
ReadLoadOptionVariable returns the LoadOption for the specified class and option number. The variable is read from the global namespace.
func ReadOrderedLoadOptionVariables ¶ added in v0.9.6
func ReadOrderedLoadOptionVariables(class LoadOptionClass) ([]*LoadOption, error)
ReadOrderedLoadOptionVariables returns a list of LoadOptions in the order in which they will be tried by the boot manager for the specified class. The variables are all read from the global namespace. Where class is LoadOptionClassDriver, LoadOptionClassSysPrep, or LoadOptionClassBoot, this will use the corresponding *Order variable. It will skip entries for which there isn't a corresponding variable. Where class is LoadOptionClassPlatformRecovery, the order is determined by the variable names.
func (*LoadOption) Bytes ¶ added in v0.2.0
func (o *LoadOption) Bytes() ([]byte, error)
Bytes returns the serialized form of this load option.
func (*LoadOption) IsActive ¶ added in v0.9.6
func (o *LoadOption) IsActive() bool
IsActive indicates whether the attributes has the LOAD_OPTION_ACTIVE flag set. These will be tried automaitcally if they are in BootOrder.
func (*LoadOption) IsAppCategory ¶ added in v0.9.6
func (o *LoadOption) IsAppCategory() bool
IsAppCategory indicates whether the attributes has the LOAD_OPTION_CATEGORY_APP flag set.
func (*LoadOption) IsBootCategory ¶ added in v0.9.6
func (o *LoadOption) IsBootCategory() bool
IsBootCategory indicates whether the attributes has the LOAD_OPTION_CATEGORY_BOOT flag set. These applications are typically part of the boot process.
func (*LoadOption) IsVisible ¶ added in v0.9.6
func (o *LoadOption) IsVisible() bool
IsVisible indicates whether the attributes does not have the LOAD_OPTION_HIDDEN flag set.
func (*LoadOption) String ¶
func (o *LoadOption) String() string
type LoadOptionAttributes ¶ added in v0.1.2
type LoadOptionAttributes uint32
LoadOptionAttributes corresponds to the attributes of a load option
const ( LoadOptionActive LoadOptionAttributes = uefi.LOAD_OPTION_ACTIVE LoadOptionForceReconnect LoadOptionAttributes = uefi.LOAD_OPTION_FORCE_RECONNECT LoadOptionHidden LoadOptionAttributes = uefi.LOAD_OPTION_HIDDEN LoadOptionCategory LoadOptionAttributes = uefi.LOAD_OPTION_CATEGORY LoadOptionCategoryBoot LoadOptionAttributes = uefi.LOAD_OPTION_CATEGORY_BOOT LoadOptionCategoryApp LoadOptionAttributes = uefi.LOAD_OPTION_CATEGORY_APP )
func (LoadOptionAttributes) IsAppCategory ¶ added in v0.9.6
func (a LoadOptionAttributes) IsAppCategory() bool
IsAppCategory indicates whether the attributes has the LOAD_OPTION_CATEGORY_APP flag set.
func (LoadOptionAttributes) IsBootCategory ¶ added in v0.9.6
func (a LoadOptionAttributes) IsBootCategory() bool
IsBootCategory indicates whether the attributes has the LOAD_OPTION_CATEGORY_BOOT flag set. These applications are typically part of the boot process.
type LoadOptionClass ¶ added in v0.9.6
type LoadOptionClass string
LoadOptionClass describes a class of load option
const ( // LoadOptionClassDriver corresponds to drivers that are processed before // normal boot options and before the initial ready to boot signal. LoadOptionClassDriver LoadOptionClass = "Driver" // LadOptionClassSysPrep corresponds to system preparation applications that // are processed before normal boot options and before the initial // ready to boot signal. LoadOptionClassSysPrep LoadOptionClass = "SysPrep" // LoadOptionClassBoot corresponds to normal boot applicationds. LoadOptionClassBoot LoadOptionClass = "Boot" // LoadOptionClassPlatformRecovery corresponds to platform supplied recovery // applications. LoadOptionClassPlatformRecovery LoadOptionClass = "PlatformRecovery" )
type MBRHardDriveSignature ¶ added in v0.3.0
type MBRHardDriveSignature uint32
MBRHardDriveSignature is a HardDriveSignature for legacy MBR drives.
func (MBRHardDriveSignature) Data ¶ added in v0.3.0
func (s MBRHardDriveSignature) Data() (out [16]uint8)
Data implements [HardDriveSignature.Data].
func (MBRHardDriveSignature) String ¶ added in v0.3.0
func (s MBRHardDriveSignature) String() string
func (MBRHardDriveSignature) Type ¶ added in v0.3.0
func (s MBRHardDriveSignature) Type() HardDriveSignatureType
Type implements [HardDriveSignature.Type].
type MBRType ¶
type MBRType uint8
MBRType describes a disk header type
const ( LegacyMBR MBRType = 1 GPT = 2 )
type MediaFvDevicePathNode ¶
type MediaFvDevicePathNode GUID
MediaFvDevicePathNode corresponds to a firmware volume device path node.
func (MediaFvDevicePathNode) String ¶
func (d MediaFvDevicePathNode) String() string
func (MediaFvDevicePathNode) ToString ¶ added in v0.3.0
func (d MediaFvDevicePathNode) ToString(_ DevicePathToStringFlags) string
type MediaFvFileDevicePathNode ¶
type MediaFvFileDevicePathNode GUID
MediaFvFileDevicePathNode corresponds to a firmware volume file device path node.
func (MediaFvFileDevicePathNode) String ¶
func (d MediaFvFileDevicePathNode) String() string
func (MediaFvFileDevicePathNode) ToString ¶ added in v0.3.0
func (d MediaFvFileDevicePathNode) ToString(_ DevicePathToStringFlags) string
type MediaRelOffsetRangeDevicePathNode ¶
func (*MediaRelOffsetRangeDevicePathNode) String ¶
func (d *MediaRelOffsetRangeDevicePathNode) String() string
func (*MediaRelOffsetRangeDevicePathNode) ToString ¶ added in v0.3.0
func (d *MediaRelOffsetRangeDevicePathNode) ToString(_ DevicePathToStringFlags) string
type NVMENamespaceDevicePathNode ¶
type NVMENamespaceDevicePathNode struct { NamespaceID uint32 // Namespace identifier NamespaceUUID uint64 // EUI-64 (extended unique identifier). This is set to 0 where not supported }
NVMENamespaceDevicePathNode corresponds to a NVME namespace device path node.
func (*NVMENamespaceDevicePathNode) String ¶
func (d *NVMENamespaceDevicePathNode) String() string
func (*NVMENamespaceDevicePathNode) ToString ¶ added in v0.3.0
func (d *NVMENamespaceDevicePathNode) ToString(_ DevicePathToStringFlags) string
type OSIndications ¶ added in v0.9.6
type OSIndications uint64
OSIndications provides a way for the firmware to advertise features to the OS and a way to request the firmware perform a specific action on the next boot.
func ReadOSIndicationsSupportedVariable ¶ added in v0.9.6
func ReadOSIndicationsSupportedVariable() (OSIndications, error)
ReadOSIndicationsSupportedVariable returns the value of the OSIndicationsSupported variable in the global namespace.
type PCIDevicePathNode ¶
type PCIDevicePathNode struct { Function uint8 // Function of device Device uint8 // Device number of PCI bus }
PCIDevicePathNode corresponds to a PCI device path node.
func (*PCIDevicePathNode) String ¶
func (d *PCIDevicePathNode) String() string
func (*PCIDevicePathNode) ToString ¶ added in v0.3.0
func (d *PCIDevicePathNode) ToString(_ DevicePathToStringFlags) string
type PartitionEntry ¶
type PartitionEntry struct { PartitionTypeGUID GUID UniquePartitionGUID GUID StartingLBA LBA EndingLBA LBA Attributes uint64 PartitionName string }
PartitionEntry corresponds to the EFI_PARTITION_ENTRY type.
func ReadPartitionEntries ¶
func ReadPartitionEntries(r io.Reader, num, sz uint32) ([]*PartitionEntry, error)
ReadPartitionEntries reads the specified number of EFI_PARTITION_ENTRY structures of the specified size from the supplied io.Reader. The number and size are typically defined by the partition table header.
func ReadPartitionEntry ¶
func ReadPartitionEntry(r io.Reader) (*PartitionEntry, error)
ReadPartitionEntry reads a single EFI_PARTITION_ENTRY from r.
func (*PartitionEntry) String ¶
func (e *PartitionEntry) String() string
func (*PartitionEntry) Write ¶
func (e *PartitionEntry) Write(w io.Writer) error
Write serializes this PartitionEntry to w. Note that it doesn't write any bytes beyond the end of the EFI_PARTITION_ENTRY structure, so if the caller is writing several entries and the partition table header defines an entry size of greater than 128 bytes, the caller is responsible for inserting the 0 padding bytes.
type PartitionTable ¶
type PartitionTable struct { Hdr *PartitionTableHeader Entries []*PartitionEntry }
PartitionTable describes a complete GUID partition table.
func ReadPartitionTable ¶
func ReadPartitionTable(r io.ReaderAt, totalSz, blockSz int64, role PartitionTableRole, checkCrc bool) (*PartitionTable, error)
ReadPartitionTable reads a complete GUID partition table from the supplied io.Reader. The total size and logical block size of the device must be supplied - the logical block size is 512 bytes for a file, but must be obtained from the kernel for a block device.
This function expects the device to have a valid protective MBR.
If role is PrimaryPartitionTable, this will read the primary partition table that is located immediately after the protective MBR. If role is BackupPartitionTable, this will read the backup partition table that is located at the end of the device.
If checkCrc is true and either CRC check fails for the requested table, an error will be returned. Setting checkCrc to false disables the CRC checks.
Note that whilst this function checks the integrity of the header and partition table entries, it does not check the contents of the partition table entries.
If role is BackupPartitionTable and the backup table is not located at the end of the device, this will return ErrInvalidBackupPartitionTableLocation along with the valid table.
func (*PartitionTable) String ¶ added in v0.4.0
func (t *PartitionTable) String() string
type PartitionTableHeader ¶
type PartitionTableHeader struct { HeaderSize uint32 MyLBA LBA AlternateLBA LBA FirstUsableLBA LBA LastUsableLBA LBA DiskGUID GUID PartitionEntryLBA LBA NumberOfPartitionEntries uint32 SizeOfPartitionEntry uint32 PartitionEntryArrayCRC32 uint32 }
PartitionTableHeader correponds to the EFI_PARTITION_TABLE_HEADER type.
func ReadPartitionTableHeader ¶
func ReadPartitionTableHeader(r io.Reader, checkCrc bool) (*PartitionTableHeader, error)
ReadPartitionTableHeader reads a EFI_PARTITION_TABLE_HEADER from the supplied io.Reader. If the header signature or revision is incorrect, an error will be returned. If checkCrc is true and the header has an invalid CRC, an error will be returned. If checkCrc is false, then a CRC check is not performed.
func (*PartitionTableHeader) String ¶ added in v0.4.0
func (h *PartitionTableHeader) String() string
type PartitionTableRole ¶
type PartitionTableRole int
PartitionTableRole describes the role of a partition table.
const ( PrimaryPartitionTable PartitionTableRole = iota BackupPartitionTable )
type PhysicalAddress ¶
type PhysicalAddress uint64
type SATADevicePathNode ¶
type SATADevicePathNode struct { HBAPortNumber uint16 // The zero indexed port number on the HBA PortMultiplierPortNumber uint16 // The port multiplier (or 0xFFFF if the device is connected directly to the HBA) LUN uint16 // Logical unit number }
SATADevicePathNode corresponds to a SATA device path node.
func (*SATADevicePathNode) String ¶
func (d *SATADevicePathNode) String() string
func (*SATADevicePathNode) ToString ¶ added in v0.3.0
func (d *SATADevicePathNode) ToString(_ DevicePathToStringFlags) string
type SCSIDevicePathNode ¶
type SCSIDevicePathNode struct { PUN uint16 // Target ID on the SCSI bus LUN uint16 // Logical unit number }
SCSIDevicePathNode corresponds to a SCSI device path node.
func (*SCSIDevicePathNode) String ¶
func (d *SCSIDevicePathNode) String() string
func (*SCSIDevicePathNode) ToString ¶ added in v0.3.0
func (d *SCSIDevicePathNode) ToString(_ DevicePathToStringFlags) string
type SecureBootMode ¶ added in v0.9.6
type SecureBootMode int
SecureBootMode describes the secure boot mode of a platform.
const ( // SetupMode indicates that a platform is in setup mode. In this mode, no platform // key is enrolled and secure boot cannot be enabled. Writes to secure boot // variables other than PK can be performed without authentication. // // SetupMode can transition to UserMode by enrolling a platform key, which can be // done from the OS by performing a self-signed authenticated write to the PK // global variable. // // Since UEFI 2.5, SetupMode can transition to AuditMode by writing 1 to the // AuditMode global variable before ExitBootServices. SetupMode SecureBootMode = iota + 1 // AuditMode indicates that a platform is in audit mode. This mode implies setup // mode - no platform key is enrolled and secure boot cannot be enabled. Writes to // secure boot variables other than PK can be performed without authentication. // // AuditMode provides a way of ensuring that the current signature database // configuration is able to authenticate an OS without preventing it from booting // if authentication fails. // // AuditMode can transition to DeployedMode by enrolling a platform key, which can be // done from the OS by performing a self-signed authenticated write to the PK // global variable. // // AuditMode only exists since UEFI 2.5. AuditMode // UserMode indicates that a platform is in user mode. In this mode, a platform // key is enrolled and secure boot can be enabled (but may be disabled using some // platform specific mechanism). Writes to secure boot variables require authentication. // // UserMode can transition to SetupMode by erasing the platform key, either via // some platform specific mechanism or by an authenticated write of an empty payload // to the PK global variable. // // Since UEFI 2.5, UserMode can transition to AuditMode by writing 1 to the AuditMode // global variable before ExitBootServices. // // Since UEFI 2.5, UserMode can transition to DeployedMode by writing 1 to the // DeployedMode global variable before ExitBootServices. UserMode // DeployedMode indicates that a platform is in deployed mode. In this mode, a // platform key is enrolled and secure boot can be enabled (but may be disabled using // some platform specific mechanism. Writes to secure boot variables require // authentication. This is the most secure mode. // // DeployedMode may transition back to UserMode by some optional platform specific // mechanism which clears the DeployedMode variable. // // DeployedMode exists since UEFI 2.5. DeployedMode )
func ComputeSecureBootMode ¶ added in v0.9.6
func ComputeSecureBootMode() (SecureBootMode, error)
ComputeSecureBootMode determines the secure boot mode of a platform.
type SignatureData ¶
SignatureData corresponds to the EFI_SIGNATURE_DATA type.
func (*SignatureData) Equal ¶
func (d *SignatureData) Equal(other *SignatureData) bool
Equal determines whether other is equal to this SignatureData
type SignatureDatabase ¶
type SignatureDatabase []*SignatureList
SignatureDatabase corresponds to a list of EFI_SIGNATURE_LIST structures.
func ReadSignatureDatabase ¶
func ReadSignatureDatabase(r io.Reader) (SignatureDatabase, error)
ReadSignatureDatabase decodes a list of EFI_SIGNATURE_LIST structures from r.
func ReadSignatureDatabaseVariable ¶ added in v0.9.6
func ReadSignatureDatabaseVariable(desc VariableDescriptor) (SignatureDatabase, error)
ReadSignatureDatabaseVariable reads the signature database from the supplied variable.
func (SignatureDatabase) Bytes ¶ added in v0.2.0
func (db SignatureDatabase) Bytes() ([]byte, error)
Bytes returns the serialized form of this signature database.
func (SignatureDatabase) String ¶
func (db SignatureDatabase) String() string
type SignatureList ¶
type SignatureList struct { Type GUID Header []byte Signatures []*SignatureData }
SignatureList corresponds to the EFI_SIGNATURE_LIST type.
func ReadSignatureList ¶
func ReadSignatureList(r io.Reader) (*SignatureList, error)
ReadSignatureList decodes a single EFI_SIGNATURE_LIST from r.
func (*SignatureList) String ¶
func (l *SignatureList) String() string
type USBClass ¶
type USBClass uint8
const ( USBClassAudio USBClass = 0x01 USBClassCDCControl USBClass = 0x02 USBClassHID USBClass = 0x03 USBClassImage USBClass = 0x06 USBClassPrinter USBClass = 0x07 USBClassMassStorage USBClass = 0x08 USBClassHub USBClass = 0x09 USBClassCDCData USBClass = 0x0a USBClassSmartCard USBClass = 0x0b USBClassVideo USBClass = 0x0e USBClassDiagnostic USBClass = 0xdc USBClassWireless USBClass = 0xe0 )
type USBClassDevicePathNode ¶
type USBClassDevicePathNode struct { VendorId uint16 ProductId uint16 DeviceClass USBClass DeviceSubClass uint8 DeviceProtocol uint8 }
USBClassDevicePathNode corresponds to a USB class device path node.
func (*USBClassDevicePathNode) String ¶
func (d *USBClassDevicePathNode) String() string
func (*USBClassDevicePathNode) ToString ¶ added in v0.3.0
func (d *USBClassDevicePathNode) ToString(_ DevicePathToStringFlags) string
type USBDevicePathNode ¶
USBDevicePathNode corresponds to a USB device path node.
func (*USBDevicePathNode) String ¶
func (d *USBDevicePathNode) String() string
func (*USBDevicePathNode) ToString ¶ added in v0.3.0
func (d *USBDevicePathNode) ToString(_ DevicePathToStringFlags) string
type USBWWIDDevicePathNode ¶
type USBWWIDDevicePathNode struct { InterfaceNumber uint16 VendorId uint16 ProductId uint16 SerialNumber string }
USBWWIDDevicePathNode corresponds to a USB WWID device path node.
func (*USBWWIDDevicePathNode) String ¶
func (d *USBWWIDDevicePathNode) String() string
func (*USBWWIDDevicePathNode) ToString ¶ added in v0.3.0
func (d *USBWWIDDevicePathNode) ToString(_ DevicePathToStringFlags) string
type VariableAttributes ¶
type VariableAttributes uint32
const ( AttributeNonVolatile VariableAttributes = uefi.EFI_VARIABLE_NON_VOLATILE AttributeBootserviceAccess VariableAttributes = uefi.EFI_VARIABLE_BOOTSERVICE_ACCESS AttributeRuntimeAccess VariableAttributes = uefi.EFI_VARIABLE_RUNTIME_ACCESS AttributeHardwareErrorRecord VariableAttributes = uefi.EFI_VARIABLE_HARDWARE_ERROR_RECORD AttributeAuthenticatedWriteAccess VariableAttributes = uefi.EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS AttributeTimeBasedAuthenticatedWriteAccess VariableAttributes = uefi.EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS AttributeAppendWrite VariableAttributes = uefi.EFI_VARIABLE_APPEND_WRITE AttributeEnhancedAuthenticatedAccess VariableAttributes = uefi.EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS )
func ReadVariable ¶ added in v0.1.2
func ReadVariable(name string, guid GUID) ([]byte, VariableAttributes, error)
ReadVariable returns the value and attributes of the EFI variable with the specified name and GUID.
type VariableAuthentication ¶
type VariableAuthentication struct { MonotonicCount uint64 AuthInfo WinCertificateGUID }
VariableAuthentication corresponds to the EFI_VARIABLE_AUTHENTICATION type and is used to authenticate updates to variables with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute set.
func ReadVariableAuthentication ¶
func ReadVariableAuthentication(r io.Reader) (*VariableAuthentication, error)
ReadVariableAuthentication decodes an authentication header for updating a variable with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute set.
type VariableAuthentication2 ¶
type VariableAuthentication2 struct { TimeStamp time.Time AuthInfo WinCertificateGUID }
VariableAuthentication2 corresponds to the EFI_VARIABLE_AUTHENTICATION_2 type and is used to authenticate updates to variables with the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute set.
func ReadTimeBasedVariableAuthentication ¶
func ReadTimeBasedVariableAuthentication(r io.Reader) (*VariableAuthentication2, error)
ReadTimeBasedVariableAuthentication decodes an authentication header for updating a variable with the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute set.
type VariableAuthentication3 ¶
type VariableAuthentication3 interface { Type() VariableAuthentication3Type NewCert() WinCertificateGUID SigningCert() WinCertificateGUID }
VariableAuthentication3 is used to authenticate updates to variables with the EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute set.
func ReadEnhancedVariableAuthentication ¶
func ReadEnhancedVariableAuthentication(r io.Reader) (VariableAuthentication3, error)
ReadEnhancedVariableAuthentication decodes the authentication header for updating variables with the EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute set.
type VariableAuthentication3CertId ¶
type VariableAuthentication3CertId interface { // Matches determines whether the specified certificate matches this ID Matches(cert *x509.Certificate) bool }
VariableAuthentication3CertId corresponds to the EFI_VARIABLE_AUTHENTICATION_3_CERT_ID type and represents the identification of an authority certificate associated with a variable that has the EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute set.
type VariableAuthentication3CertIdSHA256 ¶ added in v0.9.0
type VariableAuthentication3CertIdSHA256 [32]byte
VariableAuthentication3CertIdSHA256 corresponds to a EFI_VARIABLE_AUTHENTICATION_3_CERT_ID with a type of EFI_VARIABLE_AUTHENTICATION_3_CERT_ID_SHA256 and is the SHA-256 digest of the TBS content of a X.509 certificate.
func (VariableAuthentication3CertIdSHA256) Matches ¶ added in v0.9.0
func (i VariableAuthentication3CertIdSHA256) Matches(cert *x509.Certificate) bool
type VariableAuthentication3Descriptor ¶
type VariableAuthentication3Descriptor interface { Type() VariableAuthentication3Type Id() VariableAuthentication3CertId // The ID of the authority associated with the variable }
VariableAuthentication3Descriptor corresponds to the authentication descriptor provided when reading the payload of a variable with the EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute set.
func ReadEnhancedAuthenticationDescriptor ¶
func ReadEnhancedAuthenticationDescriptor(r io.Reader) (VariableAuthentication3Descriptor, error)
ReadEnhancedAuthenticationDescriptor decodes the enhanced authentication descriptor from the supplied reader. The supplied reader will typically read from the payload area of a variable with the EFI_VARIABLE_ENHANCED_AUTHENTICATION_ACCESS attribute set.
type VariableAuthentication3Nonce ¶
type VariableAuthentication3Nonce struct { Nonce []byte // contains filtered or unexported fields }
VariableAuthentication3Nonce is used to authenticate updates to variables with the EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute set, and a type of EFI_VARIABLE_AUTHENTICATION_3_NONCE_TYPE.
func (*VariableAuthentication3Nonce) NewCert ¶
func (a *VariableAuthentication3Nonce) NewCert() WinCertificateGUID
func (*VariableAuthentication3Nonce) SigningCert ¶
func (a *VariableAuthentication3Nonce) SigningCert() WinCertificateGUID
func (*VariableAuthentication3Nonce) Type ¶ added in v0.9.0
func (a *VariableAuthentication3Nonce) Type() VariableAuthentication3Type
type VariableAuthentication3NonceDescriptor ¶
type VariableAuthentication3NonceDescriptor struct { Nonce []byte // contains filtered or unexported fields }
VariableAuthentication3NonceDescriptor corresponds to the authentication descriptor provided when reading the payload of a variable with the EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute set, and a type of EFI_VARIABLE_AUTHENTICATION_3_NONCE_TYPE.
func (*VariableAuthentication3NonceDescriptor) Type ¶ added in v0.9.0
func (d *VariableAuthentication3NonceDescriptor) Type() VariableAuthentication3Type
type VariableAuthentication3Timestamp ¶
type VariableAuthentication3Timestamp struct { Timestamp time.Time // contains filtered or unexported fields }
VariableAuthentication3Timestamp is used to authenticate updates to variables with the EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute set, and a type of EFI_VARIABLE_AUTHENTICATION_3_TIMESTAMP_TYPE.
func (*VariableAuthentication3Timestamp) NewCert ¶
func (a *VariableAuthentication3Timestamp) NewCert() WinCertificateGUID
func (*VariableAuthentication3Timestamp) SigningCert ¶
func (a *VariableAuthentication3Timestamp) SigningCert() WinCertificateGUID
func (*VariableAuthentication3Timestamp) Type ¶ added in v0.9.0
func (a *VariableAuthentication3Timestamp) Type() VariableAuthentication3Type
type VariableAuthentication3TimestampDescriptor ¶
type VariableAuthentication3TimestampDescriptor struct { TimeStamp time.Time // contains filtered or unexported fields }
VariableAuthentication3TimestampDescriptor corresponds to the authentication descriptor provided when reading the payload of a variable with the EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute set, and a type of EFI_VARIABLE_AUTHENTICATION_3_TIMESTAMP_TYPE.
func (*VariableAuthentication3TimestampDescriptor) Type ¶ added in v0.9.0
func (d *VariableAuthentication3TimestampDescriptor) Type() VariableAuthentication3Type
type VariableAuthentication3Type ¶ added in v0.9.0
type VariableAuthentication3Type int
VariableAuthentication3Type describes the type of VariableAuthentication3.
const ( // VariableAuthentication3TimestampType indicates that a // VariableAuthentication3 is a timestamp based enhanced authentication // and is implemented by the *VariableAuthentication3Timestamp type. VariableAuthentication3TimestampType VariableAuthentication3Type = uefi.EFI_VARIABLE_AUTHENTICATION_3_TIMESTAMP_TYPE // VariableAuthentication3iNonceType indicates that a // VariableAuthentication3 is a nonce based enhanced authentication // and is implemented by the *VariableAuthentication3Nonce type. VariableAuthentication3NonceType VariableAuthentication3Type = uefi.EFI_VARIABLE_AUTHENTICATION_3_NONCE_TYPE )
type VariableDescriptor ¶ added in v0.1.2
VariableDescriptor represents the identity of a variable.
var ( // PKVariable corresponds to the PK global variable PKVariable VariableDescriptor = VariableDescriptor{Name: "PK", GUID: GlobalVariable} // KEKVariable corresponds to the KEK global variable KEKVariable VariableDescriptor = VariableDescriptor{Name: "KEK", GUID: GlobalVariable} // DbVariable corresponds to the authorized signature database variable DbVariable VariableDescriptor = VariableDescriptor{Name: "db", GUID: ImageSecurityDatabaseGuid} // DbxVariable corresponds to the forbidden signature database variable DbxVariable VariableDescriptor = VariableDescriptor{Name: "dbx", GUID: ImageSecurityDatabaseGuid} )
func ListVariables ¶ added in v0.1.2
func ListVariables() ([]VariableDescriptor, error)
ListVariables returns a list of variables that can be accessed.
type VarsBackend ¶ added in v0.9.6
type VarsBackend interface { Get(name string, guid GUID) (VariableAttributes, []byte, error) Set(name string, guid GUID, attrs VariableAttributes, data []byte) error List() ([]VariableDescriptor, error) }
VarsBackend is used by the ReadVariable, WriteVariable and ListVariables functions, and indirectly by other functions in this package to abstract access to a specific backend. A default backend is initialized at process initialization.
type VendorDevicePathNode ¶
type VendorDevicePathNode struct { Type DevicePathType // The type of this node GUID GUID // The vendor specific GUID Data []byte // Vendor specific data }
VendorDevicePathNode corresponds to a vendor specific node.
func (*VendorDevicePathNode) String ¶
func (d *VendorDevicePathNode) String() string
func (*VendorDevicePathNode) ToString ¶ added in v0.3.0
func (d *VendorDevicePathNode) ToString(_ DevicePathToStringFlags) string
type WinCertificate ¶
type WinCertificate interface {
Type() WinCertificateType // Type of this certificate
}
WinCertificate is an interface type corresponding to implementations of WIN_CERTIFICATE.
func ReadWinCertificate ¶
func ReadWinCertificate(r io.Reader) (WinCertificate, error)
ReadWinCertificate decodes a signature (something that is confusingly represented by types with "certificate" in the name in both the UEFI and PE/COFF specifications) from the supplied reader and returns a WinCertificate of the appropriate type. The type returned is dependent on the data, and will be one of *WinCertificateAuthenticode, *WinCertificatePKCS1v15, *WinCertificatePKCS7 or *WinCertificateGUIDPKCS1v15.
type WinCertificateAuthenticode ¶
type WinCertificateAuthenticode struct {
// contains filtered or unexported fields
}
WinCertificateAuthenticode corresponds to a WIN_CERTIFICATE_EFI_PKCS and represents an Authenticode signature.
func (*WinCertificateAuthenticode) CertLikelyTrustAnchor ¶ added in v0.9.2
func (c *WinCertificateAuthenticode) CertLikelyTrustAnchor(cert *x509.Certificate) bool
CertLikelyTrustAnchor determines if the specified certificate is likely to be a trust anchor for this signature. This is "likely" because it only checks if there are candidate certificate chains rooted to the specified certificate. When attempting to build candidate certificate chains, it considers a certificate to be likely issued by another certificate if:
- The certificate's issuer matches the issuer's subject.
- The certificate's Authority Key Identifier keyIdentifier field matches the issuer's Subject Key Identifier.
- The certificate's signature algorithm is compatible with the issuer's public key algorithm.
It performs no verification of any candidate certificate chains and no verification of the signature.
func (*WinCertificateAuthenticode) Digest ¶ added in v0.9.0
func (c *WinCertificateAuthenticode) Digest() []byte
Digest returns the PE image digest of the image associated with this signature.
func (*WinCertificateAuthenticode) DigestAlgorithm ¶ added in v0.9.0
func (c *WinCertificateAuthenticode) DigestAlgorithm() crypto.Hash
func (*WinCertificateAuthenticode) GetSigner ¶ added in v0.9.0
func (c *WinCertificateAuthenticode) GetSigner() *x509.Certificate
GetSigner returns the signing certificate.
func (*WinCertificateAuthenticode) Type ¶ added in v0.9.0
func (c *WinCertificateAuthenticode) Type() WinCertificateType
type WinCertificateGUID ¶
type WinCertificateGUID interface { WinCertificate GUIDType() GUID }
WinCertificateGUID corresponds to implementations of WIN_CERTIFICATE_UEFI_GUID.
type WinCertificateGUIDPKCS1v15 ¶ added in v0.9.0
WinCertificateGUIDPKCS1v15 corresponds to a WIN_CERTIFICATE_UEFI_GUID with the EFI_CERT_TYPE_RSA2048_SHA256_GUID type, and represents a RSA2048 SHA256 signature with PKCS#1 v1.5 padding
func (*WinCertificateGUIDPKCS1v15) GUIDType ¶ added in v0.9.0
func (c *WinCertificateGUIDPKCS1v15) GUIDType() GUID
func (*WinCertificateGUIDPKCS1v15) Type ¶ added in v0.9.0
func (c *WinCertificateGUIDPKCS1v15) Type() WinCertificateType
type WinCertificateGUIDUnknown ¶ added in v0.9.0
type WinCertificateGUIDUnknown struct { Data []byte // contains filtered or unexported fields }
WinCertificateGUIDUnknown corresponds to a WIN_CERTIFICATE_UEFI_GUID with an unknown type.
func (*WinCertificateGUIDUnknown) GUIDType ¶ added in v0.9.0
func (c *WinCertificateGUIDUnknown) GUIDType() GUID
func (*WinCertificateGUIDUnknown) Type ¶ added in v0.9.0
func (c *WinCertificateGUIDUnknown) Type() WinCertificateType
type WinCertificatePKCS1v15 ¶ added in v0.1.2
WinCertificatePKCS1v15 corresponds to the WIN_CERTIFICATE_EFI_PKCS1_15 type and represents a RSA2048 signature with PKCS#1 v1.5 padding.
func (*WinCertificatePKCS1v15) Type ¶ added in v0.9.0
func (c *WinCertificatePKCS1v15) Type() WinCertificateType
type WinCertificatePKCS7 ¶ added in v0.9.0
type WinCertificatePKCS7 struct {
// contains filtered or unexported fields
}
WinCertificatePKCS7 corresponds to a WIN_CERTIFICATE_UEFI_GUID with the EFI_CERT_TYPE_PKCS7_GUID type, and represents a detached PKCS7 signature.
func (*WinCertificatePKCS7) CertLikelyTrustAnchor ¶ added in v0.9.2
func (c *WinCertificatePKCS7) CertLikelyTrustAnchor(cert *x509.Certificate) bool
CertLikelyTrustAnchor determines if the specified certificate is likely to be a trust anchor for this signature. This is "likely" because it only checks if there are candidate certificate chains rooted to the specified certificate. When attempting to build candidate certificate chains, it considers a certificate to be likely issued by another certificate if:
- The certificate's issuer matches the issuer's subject.
- The certificate's Authority Key Identifier keyIdentifier field matches the issuer's Subject Key Identifier.
- The certificate's signature algorithm is compatible with the issuer's public key algorithm.
It performs no verification of any candidate certificate chains and no verification of the signature.
func (*WinCertificatePKCS7) GUIDType ¶ added in v0.9.0
func (c *WinCertificatePKCS7) GUIDType() GUID
func (*WinCertificatePKCS7) GetSigners ¶ added in v0.9.0
func (c *WinCertificatePKCS7) GetSigners() []*x509.Certificate
GetSigners returns the signing certificates.
func (*WinCertificatePKCS7) Type ¶ added in v0.9.0
func (c *WinCertificatePKCS7) Type() WinCertificateType
type WinCertificateType ¶ added in v0.9.0
type WinCertificateType uint16
const ( // WinCertificateTypeAuthenticode indicates that a WinCertificate // is an authenticode signature and is implemented by the // *WinCertificateAuthenticode type. WinCertificateTypeAuthenticode WinCertificateType = uefi.WIN_CERT_TYPE_PKCS_SIGNED_DATA // WinCertificatePKCS1v15 indicates that a WinCertificate is a // PKCS#1-v1.5 encoded RSA2048 signature and is implemented by // the *WinCertificatePKCS1v15 type. WinCertificateTypePKCS1v15 WinCertificateType = uefi.WIN_CERT_TYPE_EFI_PKCS115 // WinCertificateTypeGUID indicates that a WinCertificate is a // signature of a type indicated by a separate GUID and is implemented // by a type that implements the WinCertificateGUID interface. WinCertificateTypeGUID WinCertificateType = uefi.WIN_CERT_TYPE_EFI_GUID )
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
cmd
|
|
Package guids provides a way to map well known firmware volume file GUIDs to readable names.
|
Package guids provides a way to map well known firmware volume file GUIDs to readable names. |
internal
|
|
pe1.14
Package pe implements access to PE (Microsoft Windows Portable Executable) files.
|
Package pe implements access to PE (Microsoft Windows Portable Executable) files. |