2 files changed, 24 insertions, 0 deletions

diff --git a/include/efi_api.h b/include/efi_api.h
index e82d4ca9ff..ecb43a0607 100644
--- a/include/efi_api.h
+++ b/include/efi_api.h
@@ -1813,6 +1813,24 @@ struct efi_variable_authentication_2 {
 } __attribute__((__packed__));
 
 /**
+ * efi_firmware_image_authentication - Capsule authentication method
+ * descriptor
+ *
+ * This structure describes an authentication information for
+ * a capsule with IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED set
+ * and should be included as part of the capsule.
+ * Only EFI_CERT_TYPE_PKCS7_GUID is accepted.
+ *
+ * @monotonic_count: Count to prevent replay
+ * @auth_info: Authentication info
+ */
+struct efi_firmware_image_authentication {
+	uint64_t monotonic_count;
+	struct win_certificate_uefi_guid auth_info;
+} __attribute__((__packed__));
+
+
+/**
  * efi_signature_data - A format of signature
  *
  * This structure describes a single signature in signature database.
diff --git a/include/efi_loader.h b/include/efi_loader.h
index 7fd65eeb8d..4719fa93f0 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -819,6 +819,8 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name);
 
 bool efi_secure_boot_enabled(void);
 
+bool efi_capsule_auth_enabled(void);
+
 bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
 		     WIN_CERTIFICATE **auth, size_t *auth_len);
 
@@ -847,6 +849,10 @@ efi_status_t EFIAPI efi_query_capsule_caps(
 		u64 *maximum_capsule_size,
 		u32 *reset_type);
 
+efi_status_t efi_capsule_authenticate(const void *capsule,
+				      efi_uintn_t capsule_size,
+				      void **image, efi_uintn_t *image_size);
+
 #define EFI_CAPSULE_DIR L"\\EFI\\UpdateCapsule\\"
 
 /* Hook at initialization */