]>
Commit | Line | Data |
---|---|---|
d1f95000 | 1 | /** @file\r |
4ca9b6c4 LG |
2 | BIS protocol are defined in the UEFI specification.\r |
3 | The EFI_BIS_PROTOCOL is used to check a digital signature of a data block \r | |
4 | against a digital certificate for the purpose of an integrity and authorization check.\r | |
d1f95000 | 5 | \r |
4ca9b6c4 | 6 | Copyright (c) 2006 - 2008, Intel Corporation \r |
d1f95000 | 7 | All rights reserved. This program and the accompanying materials \r |
8 | are licensed and made available under the terms and conditions of the BSD License \r | |
9 | which accompanies this distribution. The full text of the license may be found at \r | |
10 | http://opensource.org/licenses/bsd-license.php \r | |
11 | \r | |
12 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r | |
13 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r | |
14 | \r | |
d1f95000 | 15 | **/\r |
16 | \r | |
17 | #ifndef __BIS_H__\r | |
18 | #define __BIS_H__\r | |
19 | \r | |
20 | #define EFI_BIS_PROTOCOL_GUID \\r | |
21 | { \\r | |
22 | 0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf } \\r | |
23 | }\r | |
24 | \r | |
fd21d1aa | 25 | //\r |
26 | // X-Intel-BIS-ParameterSet\r | |
27 | // Attribute value\r | |
28 | // Binary Value of X-Intel-BIS-ParameterSet Attribute.\r | |
29 | // (Value is Base-64 encoded in actual signed manifest).\r | |
30 | //\r | |
31 | #define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r | |
32 | { \\r | |
33 | 0xedd35e31, 0x7b9, 0x11d2, { 0x83,0xa3,0x0,0xa0,0xc9,0x1f,0xad,0xcf } \\r | |
34 | }\r | |
35 | \r | |
36 | \r | |
37 | \r | |
d1f95000 | 38 | typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL;\r |
39 | \r | |
40 | \r | |
41 | //\r | |
42 | // Basic types\r | |
43 | //\r | |
44 | typedef VOID *BIS_APPLICATION_HANDLE;\r | |
45 | typedef UINT16 BIS_ALG_ID;\r | |
46 | typedef UINT32 BIS_CERT_ID;\r | |
47 | \r | |
99e8ed21 | 48 | ///\r |
49 | /// EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ).\r | |
50 | ///\r | |
d1f95000 | 51 | typedef struct {\r |
107ffdc9 | 52 | UINT32 Length; ///< Length of Data in 8 bit bytes.\r |
53 | UINT8 *Data; ///< 32 Bit Flat Address of data.\r | |
d1f95000 | 54 | } EFI_BIS_DATA;\r |
55 | \r | |
99e8ed21 | 56 | ///\r |
57 | /// EFI_BIS_VERSION type.\r | |
58 | ///\r | |
d1f95000 | 59 | typedef struct {\r |
f1004231 LG |
60 | UINT32 Major; ///< the major BIS version number.\r |
61 | UINT32 Minor; ///< a minor BIS version number.\r | |
d1f95000 | 62 | } EFI_BIS_VERSION;\r |
63 | \r | |
64 | //\r | |
65 | // ----------------------------------------------------//\r | |
66 | // Use these values to initialize EFI_BIS_VERSION.Major\r | |
67 | // and to interpret results of Initialize.\r | |
68 | // ----------------------------------------------------//\r | |
69 | //\r | |
70 | #define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1\r | |
71 | #define BIS_VERSION_1 1\r | |
72 | \r | |
99e8ed21 | 73 | ///\r |
74 | /// EFI_BIS_SIGNATURE_INFO type.\r | |
75 | ///\r | |
d1f95000 | 76 | typedef struct {\r |
107ffdc9 | 77 | BIS_CERT_ID CertificateID; ///< Truncated hash of platform Boot Object\r |
78 | BIS_ALG_ID AlgorithmID; ///< A signature algorithm number.\r | |
79 | UINT16 KeyLength; ///< Length of alg. keys in bits.\r | |
d1f95000 | 80 | } EFI_BIS_SIGNATURE_INFO;\r |
81 | \r | |
99e8ed21 | 82 | ///\r |
107ffdc9 | 83 | /// values for EFI_BIS_SIGNATURE_INFO.AlgorithmID.\r |
99e8ed21 | 84 | /// The exact numeric values come from\r |
85 | /// "Common Data Security Architecture (CDSA) Specification".\r | |
86 | ///\r | |
d1f95000 | 87 | #define BIS_ALG_DSA (41) // CSSM_ALGID_DSA\r |
88 | #define BIS_ALG_RSA_MD5 (42) // CSSM_ALGID_MD5_WITH_RSA\r | |
107ffdc9 | 89 | ///\r |
90 | /// values for EFI_BIS_SIGNATURE_INFO.CertificateId.\r | |
99e8ed21 | 91 | ///\r |
d1f95000 | 92 | #define BIS_CERT_ID_DSA BIS_ALG_DSA // CSSM_ALGID_DSA\r |
93 | #define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA\r | |
107ffdc9 | 94 | ///\r |
95 | /// the mask value that gets applied to the truncated hash of a\r | |
99e8ed21 | 96 | /// platform Boot Object Authorization Certificate to create the certificateID.\r |
97 | /// A certificateID must not have any bits set to the value 1 other than bits in\r | |
98 | /// this mask.\r | |
99 | ///\r | |
d1f95000 | 100 | #define BIS_CERT_ID_MASK (0xFF7F7FFF)\r |
101 | \r | |
99e8ed21 | 102 | ///\r |
103 | /// Macros for dealing with the EFI_BIS_DATA object obtained\r | |
104 | /// from BIS_GetSignatureInfo()\r | |
105 | /// BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO\r | |
106 | /// elements are contained in a EFI_BIS_DATA struct pointed to\r | |
107 | /// by the provided EFI_BIS_DATA*.\r | |
108 | ///\r | |
d1f95000 | 109 | #define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO))\r |
110 | \r | |
99e8ed21 | 111 | ///\r |
112 | /// BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO*\r | |
113 | /// from a given EFI_BIS_DATA*.\r | |
114 | ///\r | |
d1f95000 | 115 | #define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data)\r |
116 | \r | |
99e8ed21 | 117 | ///\r |
118 | /// Support old name for backward compatible\r | |
119 | ///\r | |
d1f95000 | 120 | #define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \\r |
121 | BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID\r | |
122 | \r | |
123 | /** \r | |
124 | Initializes the BIS service, checking that it is compatible with the version requested by the caller.\r | |
125 | After this call, other BIS functions may be invoked. \r | |
126 | \r | |
127 | @param This A pointer to the EFI_BIS_PROTOCOL object.\r | |
128 | @param AppHandle The function writes the new BIS_APPLICATION_HANDLE if \r | |
129 | successful, otherwise it writes NULL. The caller must eventually\r | |
130 | destroy this handle by calling Shutdown(). \r | |
131 | @param InterfaceVersion On input, the caller supplies the major version number of the\r | |
132 | interface version desired. \r | |
133 | On output, both the major and minor \r | |
134 | version numbers are updated with the major and minor version\r | |
f1004231 LG |
135 | numbers of the interface. This update is done whether or not the\r |
136 | initialization was successful. \r | |
d1f95000 | 137 | @param TargetAddress Indicates a network or device address of the BIS platform to connect to. \r |
138 | \r | |
139 | @retval EFI_SUCCESS The function completed successfully.\r | |
140 | @retval EFI_INCOMPATIBLE_VERSION The InterfaceVersion.Major requested by the \r | |
141 | caller was not compatible with the interface version of the\r | |
f1004231 LG |
142 | implementation. The InterfaceVersion.Major has\r |
143 | been updated with the current interface version.\r | |
d1f95000 | 144 | @retval EFI_UNSUPPORTED This is a local-platform implementation and \r |
145 | TargetAddress.Data was not NULL, or \r | |
146 | TargetAddress.Data was any other value that was not\r | |
147 | supported by the implementation. \r | |
148 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r | |
f1004231 LG |
149 | @retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure while\r |
150 | initializing a cryptographic software module, or\r | |
151 | No cryptographic software module with compatible version was\r | |
152 | found, or A resource limitation was encountered while using a\r | |
153 | cryptographic software module.\r | |
154 | @retval EFI_INVALID_PARAMETER The This parameter supplied by the caller is NULL or does not\r | |
155 | reference a valid EFI_BIS_PROTOCOL object, or\r | |
156 | The AppHandle parameter supplied by the caller is NULL or\r | |
157 | an invalid memory reference, or\r | |
158 | The InterfaceVersion parameter supplied by the caller\r | |
159 | is NULL or an invalid memory reference, or\r | |
160 | The TargetAddress parameter supplied by the caller is\r | |
161 | NULL or an invalid memory reference.\r | |
d1f95000 | 162 | \r |
163 | **/ \r | |
164 | typedef\r | |
165 | EFI_STATUS\r | |
8b13229b | 166 | (EFIAPI *EFI_BIS_INITIALIZE)(\r |
d1f95000 | 167 | IN EFI_BIS_PROTOCOL *This, \r |
168 | OUT BIS_APPLICATION_HANDLE *AppHandle, \r | |
169 | IN OUT EFI_BIS_VERSION *InterfaceVersion, \r | |
170 | IN EFI_BIS_DATA *TargetAddress \r | |
171 | );\r | |
172 | \r | |
173 | /** \r | |
174 | Frees memory structures allocated and returned by other functions in the EFI_BIS protocol. \r | |
175 | \r | |
176 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r | |
177 | of the BIS service. \r | |
f1004231 LG |
178 | @param ToFree An EFI_BIS_DATA* and associated memory block to be freed. \r |
179 | This EFI_BIS_DATA* must have been allocated by one of the other BIS functions.\r | |
d1f95000 | 180 | \r |
181 | @retval EFI_SUCCESS The function completed successfully.\r | |
182 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
183 | application instance handle associated with the EFI_BIS protocol. \r | |
184 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r | |
185 | @retval EFI_INVALID_PARAMETER The ToFree parameter is not or is no longer a memory resource\r | |
186 | associated with this AppHandle. \r | |
187 | \r | |
188 | **/ \r | |
189 | typedef\r | |
190 | EFI_STATUS\r | |
8b13229b | 191 | (EFIAPI *EFI_BIS_FREE)(\r |
d1f95000 | 192 | IN BIS_APPLICATION_HANDLE AppHandle, \r |
193 | IN EFI_BIS_DATA *ToFree \r | |
194 | );\r | |
195 | \r | |
196 | /** \r | |
197 | Shuts down an application's instance of the BIS service, invalidating the application handle. After\r | |
198 | this call, other BIS functions may no longer be invoked using the application handle value. \r | |
199 | \r | |
200 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r | |
201 | of the BIS service. \r | |
202 | \r | |
203 | @retval EFI_SUCCESS The function completed successfully.\r | |
204 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
205 | application instance handle associated with the EFI_BIS protocol. \r | |
206 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r | |
f1004231 LG |
207 | @retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure while\r |
208 | returning resources associated with a cryptographic software module, or\r | |
209 | while trying to shut down a cryptographic software module.\r | |
210 | **/\r | |
d1f95000 | 211 | typedef\r |
212 | EFI_STATUS\r | |
8b13229b | 213 | (EFIAPI *EFI_BIS_SHUTDOWN)(\r |
d1f95000 | 214 | IN BIS_APPLICATION_HANDLE AppHandle \r |
215 | );\r | |
216 | \r | |
217 | /** \r | |
218 | Retrieves the certificate that has been configured as the identity of the organization designated as\r | |
219 | the source of authorization for signatures of boot objects.\r | |
220 | \r | |
221 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r | |
222 | of the BIS service. \r | |
223 | @param Certificate The function writes an allocated EFI_BIS_DATA* containing the Boot\r | |
f1004231 LG |
224 | Object Authorization Certificate object. The caller must\r |
225 | eventually free the memory allocated by this function using the function Free().\r | |
d1f95000 | 226 | \r |
227 | @retval EFI_SUCCESS The function completed successfully.\r | |
228 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
229 | application instance handle associated with the EFI_BIS protocol. \r | |
230 | @retval EFI_NOT_FOUND There is no Boot Object Authorization Certificate currently installed. \r | |
231 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r | |
232 | @retval EFI_INVALID_PARAMETER The Certificate parameter supplied by the caller is NULL or\r | |
233 | an invalid memory reference. \r | |
234 | \r | |
235 | **/ \r | |
236 | typedef\r | |
237 | EFI_STATUS\r | |
8b13229b | 238 | (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE)(\r |
d1f95000 | 239 | IN BIS_APPLICATION_HANDLE AppHandle, \r |
240 | OUT EFI_BIS_DATA **Certificate \r | |
241 | );\r | |
242 | \r | |
243 | /** \r | |
244 | Verifies the integrity and authorization of the indicated data object according to the\r | |
245 | indicated credentials. \r | |
246 | \r | |
247 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r | |
248 | of the BIS service. \r | |
249 | @param Credentials A Signed Manifest containing verification information for the indicated\r | |
250 | data object. \r | |
251 | @param DataObject An in-memory copy of the raw data object to be verified.\r | |
252 | @param IsVerified The function writes TRUE if the verification succeeded, otherwise\r | |
253 | FALSE. \r | |
254 | \r | |
255 | @retval EFI_SUCCESS The function completed successfully.\r | |
256 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
257 | application instance handle associated with the EFI_BIS protocol. \r | |
258 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r | |
259 | @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r | |
260 | @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the Credentials parameter\r | |
261 | was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r | |
262 | @retval EFI_DEVICE_ERROR An unexpected internal error occurred. \r | |
263 | \r | |
264 | **/ \r | |
265 | typedef\r | |
266 | EFI_STATUS\r | |
8b13229b | 267 | (EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT)(\r |
d1f95000 | 268 | IN BIS_APPLICATION_HANDLE AppHandle, \r |
269 | IN EFI_BIS_DATA *Credentials, \r | |
270 | IN EFI_BIS_DATA *DataObject, \r | |
271 | OUT BOOLEAN *IsVerified \r | |
272 | );\r | |
273 | \r | |
274 | /** \r | |
275 | Retrieves the current status of the Boot Authorization Check Flag.\r | |
276 | \r | |
277 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r | |
278 | of the BIS service. \r | |
279 | @param CheckIsRequired The function writes the value TRUE if a Boot Authorization Check is\r | |
280 | currently required on this platform, otherwise the function writes \r | |
281 | FALSE. \r | |
282 | \r | |
283 | @retval EFI_SUCCESS The function completed successfully.\r | |
284 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
285 | application instance handle associated with the EFI_BIS protocol. \r | |
286 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r | |
287 | @retval EFI_INVALID_PARAMETER The CheckIsRequired parameter supplied by the caller is\r | |
288 | NULL or an invalid memory reference. \r | |
289 | \r | |
290 | **/ \r | |
291 | typedef\r | |
292 | EFI_STATUS\r | |
8b13229b | 293 | (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG)(\r |
d1f95000 | 294 | IN BIS_APPLICATION_HANDLE AppHandle, \r |
295 | OUT BOOLEAN *CheckIsRequired \r | |
296 | );\r | |
297 | \r | |
298 | /** \r | |
299 | Retrieves a unique token value to be included in the request credential for the next update of any\r | |
300 | parameter in the Boot Object Authorization set \r | |
301 | \r | |
302 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r | |
303 | of the BIS service. \r | |
304 | @param UpdateToken The function writes an allocated EFI_BIS_DATA* containing the new\r | |
f1004231 LG |
305 | unique update token value. The caller must\r |
306 | eventually free the memory allocated by this function using the function Free().\r | |
d1f95000 | 307 | \r |
308 | @retval EFI_SUCCESS The function completed successfully.\r | |
309 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
310 | application instance handle associated with the EFI_BIS protocol. \r | |
311 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r | |
312 | @retval EFI_INVALID_PARAMETER The UpdateToken parameter supplied by the caller is NULL or\r | |
313 | an invalid memory reference. \r | |
314 | @retval EFI_DEVICE_ERROR An unexpected internal error occurred. \r | |
315 | \r | |
316 | **/ \r | |
317 | typedef\r | |
318 | EFI_STATUS\r | |
8b13229b | 319 | (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN)(\r |
d1f95000 | 320 | IN BIS_APPLICATION_HANDLE AppHandle, \r |
321 | OUT EFI_BIS_DATA **UpdateToken \r | |
322 | );\r | |
323 | \r | |
324 | /** \r | |
325 | Updates one of the configurable parameters of the Boot Object Authorization set.\r | |
326 | \r | |
327 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r | |
328 | of the BIS service. \r | |
329 | @param RequestCredential This is a Signed Manifest with embedded attributes that carry the details\r | |
330 | of the requested update. \r | |
331 | @param NewUpdateToken The function writes an allocated EFI_BIS_DATA* containing the new \r | |
f1004231 LG |
332 | unique update token value. The caller must\r |
333 | eventually free the memory allocated by this function using the function Free().\r | |
d1f95000 | 334 | \r |
335 | @retval EFI_SUCCESS The function completed successfully. \r | |
336 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid \r | |
337 | application instance handle associated with the EFI_BIS protocol. \r | |
338 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r | |
339 | @retval EFI_INVALID_PARAMETER One or more parameters are invalid. \r | |
340 | @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the RequestCredential parameter \r | |
341 | was invalid (could not be parsed) or Platform-specific authorization failed, etc. \r | |
f1004231 LG |
342 | @retval EFI_DEVICE_ERROR An unexpected internal error occurred while analyzing the new\r |
343 | certificate's key algorithm, or while attempting to retrieve\r | |
344 | the public key algorithm of the manifest's signer's certificate,\r | |
345 | or An unexpected internal error occurred in a cryptographic software module. \r | |
d1f95000 | 346 | \r |
347 | **/ \r | |
348 | typedef\r | |
349 | EFI_STATUS\r | |
8b13229b | 350 | (EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION)(\r |
d1f95000 | 351 | IN BIS_APPLICATION_HANDLE AppHandle, \r |
352 | IN EFI_BIS_DATA *RequestCredential, \r | |
353 | OUT EFI_BIS_DATA **NewUpdateToken \r | |
354 | );\r | |
355 | \r | |
356 | /** \r | |
357 | Verifies the integrity and authorization of the indicated data object according to the indicated\r | |
358 | credentials and authority certificate. \r | |
359 | \r | |
360 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r | |
361 | of the BIS service. \r | |
362 | @param Credentials A Signed Manifest containing verification information for the\r | |
363 | indicated data object. \r | |
364 | @param DataObject An in-memory copy of the raw data object to be verified.\r | |
365 | @param SectionName An ASCII (not Unicode) string giving the section name in the \r | |
366 | manifest holding the verification information (in other words,\r | |
367 | hash value) that corresponds to DataObject. \r | |
368 | @param AuthorityCertificate A digital certificate whose public key must match the signer's \r | |
369 | public key which is found in the credentials. \r | |
370 | @param IsVerified The function writes TRUE if the verification was successful.\r | |
371 | Otherwise, the function writes FALSE. \r | |
372 | \r | |
373 | @retval EFI_SUCCESS The function completed successfully. \r | |
374 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid \r | |
375 | application instance handle associated with the EFI_BIS protocol. \r | |
376 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r | |
377 | @retval EFI_INVALID_PARAMETER One or more parameters are invalid. \r | |
378 | @retval EFI_SECURITY_VIOLATION The Credentials.Data supplied by the caller is NULL,\r | |
379 | or the AuthorityCertificate supplied by the caller was \r | |
380 | invalid (could not be parsed), \r | |
381 | or Platform-specific authorization failed, etc. \r | |
f1004231 | 382 | @retval EFI_DEVICE_ERROR An unexpected internal error occurred while attempting to retrieve\r |
cd2ed84a | 383 | the public key algorithm of the manifest's signer's certificate,\r |
f1004231 | 384 | or An unexpected internal error occurred in a cryptographic software module. \r |
d1f95000 | 385 | **/ \r |
386 | typedef\r | |
387 | EFI_STATUS\r | |
8b13229b | 388 | (EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL)(\r |
d1f95000 | 389 | IN BIS_APPLICATION_HANDLE AppHandle, \r |
390 | IN EFI_BIS_DATA *Credentials, \r | |
391 | IN EFI_BIS_DATA *DataObject, \r | |
392 | IN EFI_BIS_DATA *SectionName, \r | |
393 | IN EFI_BIS_DATA *AuthorityCertificate, \r | |
394 | OUT BOOLEAN *IsVerified \r | |
395 | );\r | |
396 | \r | |
397 | /** \r | |
398 | Retrieves a list of digital certificate identifier, digital signature algorithm, hash algorithm, and keylength\r | |
399 | combinations that the platform supports. \r | |
f1004231 | 400 | \r |
d1f95000 | 401 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r |
402 | of the BIS service. \r | |
403 | @param SignatureInfo The function writes an allocated EFI_BIS_DATA* containing the array\r | |
404 | of EFI_BIS_SIGNATURE_INFO structures representing the supported \r | |
f1004231 LG |
405 | digital certificate identifier, algorithm, and key length combinations.\r |
406 | The caller must eventually free the memory allocated by this function using the function Free().\r | |
407 | \r | |
d1f95000 | 408 | @retval EFI_SUCCESS The function completed successfully. \r |
409 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid \r | |
410 | application instance handle associated with the EFI_BIS protocol. \r | |
411 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r | |
412 | @retval EFI_INVALID_PARAMETER The SignatureInfo parameter supplied by the caller is NULL\r | |
f1004231 LG |
413 | or an invalid memory reference.\r |
414 | @retval EFI_DEVICE_ERROR An unexpected internal error occurred in a\r | |
415 | cryptographic software module, or\r | |
416 | The function encountered an unexpected internal consistency check\r | |
417 | failure (possible corruption of stored Boot Object Authorization Certificate).\r | |
418 | \r | |
d1f95000 | 419 | **/\r |
420 | typedef\r | |
421 | EFI_STATUS\r | |
8b13229b | 422 | (EFIAPI *EFI_BIS_GET_SIGNATURE_INFO)(\r |
d1f95000 | 423 | IN BIS_APPLICATION_HANDLE AppHandle, \r |
424 | OUT EFI_BIS_DATA **SignatureInfo \r | |
425 | );\r | |
426 | \r | |
44717a39 | 427 | ///\r |
428 | /// The EFI_BIS_PROTOCOL is used to check a digital signature of a data block against a digital\r | |
429 | /// certificate for the purpose of an integrity and authorization check.\r | |
430 | ///\r | |
d1f95000 | 431 | struct _EFI_BIS_PROTOCOL {\r |
432 | EFI_BIS_INITIALIZE Initialize;\r | |
433 | EFI_BIS_SHUTDOWN Shutdown;\r | |
434 | EFI_BIS_FREE Free;\r | |
435 | EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE GetBootObjectAuthorizationCertificate;\r | |
436 | EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG GetBootObjectAuthorizationCheckFlag;\r | |
437 | EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN GetBootObjectAuthorizationUpdateToken;\r | |
438 | EFI_BIS_GET_SIGNATURE_INFO GetSignatureInfo;\r | |
439 | EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION UpdateBootObjectAuthorization;\r | |
440 | EFI_BIS_VERIFY_BOOT_OBJECT VerifyBootObject;\r | |
441 | EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL VerifyObjectWithCredential;\r | |
442 | };\r | |
443 | \r | |
444 | extern EFI_GUID gEfiBisProtocolGuid;\r | |
445 | extern EFI_GUID gBootObjectAuthorizationParmsetGuid;\r | |
446 | \r | |
447 | #endif\r |