patterns/uefi: Added UEFI pattern (#8)

Added UEFI structs Signed-off-by: Morten Linderud <morten@linderud.pw> Co-authored-by: Nik <werwolv98@gmail.com>
2026-03-28 07:47:02 -05:00 · 2023-03-23 11:52:50 +01:00
parent f3de35a320
commit a31d290005
2 changed files with 68 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -74,6 +74,7 @@ Hex patterns, include patterns and magic files for the use with the ImHex Hex Ed
 | Lua 5.4 | | [`patterns/lua54.hexpat`](patterns/lua54.hexpat) | Lua 5.4 bytecode |
 | DEX | | [`patterns/dex.hexpat`](patterns/dex.hexpat) | Dalvik EXecutable Format |
 | DS_Store | `application/octet-stream` | [`patterns/dsstore.hexpat`](patterns/dsstore.hexpat) | .DS_Store file format |
+| UEFI | | `patterns/uefi.hexpat` | UEFI structs for parsing efivars |

 ### Scripts

--- a/patterns/uefi.hexpat
+++ b/patterns/uefi.hexpat
@@ -0,0 +1,67 @@
+#pragma MIME data
+
+#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002
+#define WIN_CERT_TYPE_EFI_PKCS115   0x0EF0
+#define WIN_CERT_TYPE_EFI_GUID     0x0EF1 
+
+struct EFI_TIME {
+ u16  Year;             // 1900 – 9999
+ u8   Month;            // 1 – 12
+ u8   Day;              // 1 – 31
+ u8   Hour;             // 0 – 23
+ u8   Minute;           // 0 – 59
+ u8   Second;           // 0 – 59
+ u8   Pad1;
+ u32  Nanosecond;       // 0 – 999,999,999
+ s16  TimeZone;         // -1440 to 1440 or 2047
+ u8   Daylight;
+ u8   Pad2;
+};
+
+struct EFI_GUID {
+	u32 Data1;
+	u16 Data2;
+	u16 Data3;
+	u8 Data4[8];
+};
+
+struct WIN_CERTIFICATE {
+	u32 Length;
+	u16 Revision;
+	u16 CertificateType;
+	//u8 Certificate[];
+};
+
+struct WIN_CERTIFICATE_UEFI_GUID {
+	WIN_CERTIFICATE Hdr;
+	EFI_GUID CertType;
+	u8 CertData[Hdr.Length-SizeofWIN_CERTIFICATE_UEFI_GUID];
+};
+#define SizeofWIN_CERTIFICATE_UEFI_GUID 24
+
+struct EFI_VARIABLE_AUTHENTICATION_2 {
+	EFI_TIME TimeStamp;
+	WIN_CERTIFICATE_UEFI_GUID AuthInfo;
+};
+
+struct EFI_SIGNATURE_DATA {
+	EFI_GUID SignatureOwner;
+	u8 SignatureData[1076];
+};
+
+struct EFI_SIGNATURE_LIST {
+	EFI_GUID SignatureType;
+	u32 SignatureListSize;
+	u32 SignatureHeaderSize;
+	u32 SignatureSize;
+	u8 SignatureHeader[SignatureHeaderSize];
+	EFI_SIGNATURE_DATA Signatures;
+};
+
+
+struct dbx_esl {
+	EFI_VARIABLE_AUTHENTICATION_2 Auth;
+	EFI_SIGNATURE_LIST x509_1;
+};
+
+dbx_esl header @ 0x00;