]> git.proxmox.com Git - mirror_edk2.git/blame - MdePkg/Include/Protocol/Kms.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
MdePkg: Apply uncrustify changes
[mirror_edk2.git] / MdePkg / Include / Protocol / Kms.h
CommitLineData
76336e4e
SZ		 1/** @file\r
2 The Key Management Service (KMS) protocol as defined in the UEFI 2.3.1 specification is to\r
3 provides services to generate, store, retrieve, and manage cryptographic keys.\r
4 The intention is to specify a simple generic protocol that could be used for many implementations.\r
5\r
6 A driver implementing the protocol may need to provide basic key service that consists of a\r
7 key store and cryptographic key generation capability. It may connect to an external key\r
8 server over the network, or to a Hardware Security Module (HSM) attached to the system it\r
9 runs on, or anything else that is capable of providing the key management service.\r
10\r
9095d37b 11 Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>\r
9344f092 12 SPDX-License-Identifier: BSD-2-Clause-Patent\r
76336e4e
SZ		 13\r
14**/\r
15\r
16#ifndef __KMS_H__\r
17#define __KMS_H__\r
18\r
19#define EFI_KMS_PROTOCOL_GUID \\r
20 { \\r
21 0xEC3A978D, 0x7C4E, 0x48FA, {0x9A, 0xBE, 0x6A, 0xD9, 0x1C, 0xC8, 0xF8, 0x11 } \\r
22 }\r
23\r
24typedef struct _EFI_KMS_PROTOCOL EFI_KMS_PROTOCOL;\r
25\r
26//\r
27// Where appropriate, EFI_KMS_DATA_TYPE values may be combined using a bitwise 'OR'\r
28// operation to indicate support for multiple data types.\r
29//\r
2f88bd3a
MK		 30#define EFI_KMS_DATA_TYPE_NONE 0\r
31#define EFI_KMS_DATA_TYPE_BINARY 1\r
32#define EFI_KMS_DATA_TYPE_ASCII 2\r
33#define EFI_KMS_DATA_TYPE_UNICODE 4\r
34#define EFI_KMS_DATA_TYPE_UTF8 8\r
76336e4e
SZ		 35\r
36//\r
37// The key formats recognized by the KMS protocol are defined by an EFI_GUID which specifies\r
38// a (key-algorithm, key-size) pair. The names of these GUIDs are in the format\r
39// EFI_KMS_KEY_(key-algorithm)_(key-size)_GUID, where the key-size is expressed in bits.\r
40// The key formats recognized fall into three categories, generic (no algorithm), hash algorithms,\r
41// and encrypted algorithms.\r
42//\r
43\r
44///\r
45/// The following GUIDs define formats that contain generic key data of a specific size in bits,\r
46/// but which is not associated with any specific key algorithm(s).\r
47///@{\r
48#define EFI_KMS_FORMAT_GENERIC_128_GUID \\r
49 { \\r
50 0xec8a3d69, 0x6ddf, 0x4108, {0x94, 0x76, 0x73, 0x37, 0xfc, 0x52, 0x21, 0x36 } \\r
51 }\r
52#define EFI_KMS_FORMAT_GENERIC_160_GUID \\r
53 { \\r
54 0xa3b3e6f8, 0xefca, 0x4bc1, {0x88, 0xfb, 0xcb, 0x87, 0x33, 0x9b, 0x25, 0x79 } \\r
55 }\r
56#define EFI_KMS_FORMAT_GENERIC_256_GUID \\r
57 { \\r
58 0x70f64793, 0xc323, 0x4261, {0xac, 0x2c, 0xd8, 0x76, 0xf2, 0x7c, 0x53, 0x45 } \\r
59 }\r
60#define EFI_KMS_FORMAT_GENERIC_512_GUID \\r
61 { \\r
62 0x978fe043, 0xd7af, 0x422e, {0x8a, 0x92, 0x2b, 0x48, 0xe4, 0x63, 0xbd, 0xe6 } \\r
63 }\r
64#define EFI_KMS_FORMAT_GENERIC_1024_GUID \\r
65 { \\r
66 0x43be0b44, 0x874b, 0x4ead, {0xb0, 0x9c, 0x24, 0x1a, 0x4f, 0xbd, 0x7e, 0xb3 } \\r
67 }\r
68#define EFI_KMS_FORMAT_GENERIC_2048_GUID \\r
69 { \\r
70 0x40093f23, 0x630c, 0x4626, {0x9c, 0x48, 0x40, 0x37, 0x3b, 0x19, 0xcb, 0xbe } \\r
71 }\r
72#define EFI_KMS_FORMAT_GENERIC_3072_GUID \\r
73 { \\r
74 0xb9237513, 0x6c44, 0x4411, {0xa9, 0x90, 0x21, 0xe5, 0x56, 0xe0, 0x5a, 0xde } \\r
75 }\r
ac79ee29
FS		 76#define EFI_KMS_FORMAT_GENERIC_DYNAMIC_GUID \\r
77 { \\r
78 0x2156e996, 0x66de, 0x4b27, {0x9c, 0xc9, 0xb0, 0x9f, 0xac, 0x4d, 0x2, 0xbe } \\r
79 }\r
76336e4e
SZ		 80///@}\r
81\r
82///\r
83/// These GUIDS define key data formats that contain data generated by basic hash algorithms\r
84/// with no cryptographic properties.\r
85///@{\r
86#define EFI_KMS_FORMAT_MD2_128_GUID \\r
87 { \\r
88 0x78be11c4, 0xee44, 0x4a22, {0x9f, 0x05, 0x03, 0x85, 0x2e, 0xc5, 0xc9, 0x78 } \\r
89 }\r
90#define EFI_KMS_FORMAT_MDC2_128_GUID \\r
91 { \\r
92 0xf7ad60f8, 0xefa8, 0x44a3, {0x91, 0x13, 0x23, 0x1f, 0x39, 0x9e, 0xb4, 0xc7 } \\r
93 }\r
94#define EFI_KMS_FORMAT_MD4_128_GUID \\r
95 { \\r
96 0xd1c17aa1, 0xcac5, 0x400f, {0xbe, 0x17, 0xe2, 0xa2, 0xae, 0x06, 0x67, 0x7c } \\r
97 }\r
98#define EFI_KMS_FORMAT_MDC4_128_GUID \\r
99 { \\r
100 0x3fa4f847, 0xd8eb, 0x4df4, {0xbd, 0x49, 0x10, 0x3a, 0x0a, 0x84, 0x7b, 0xbc } \\r
101 }\r
102#define EFI_KMS_FORMAT_MD5_128_GUID \\r
103 { \\r
104 0xdcbc3662, 0x9cda, 0x4b52, {0xa0, 0x4c, 0x82, 0xeb, 0x1d, 0x23, 0x48, 0xc7 } \\r
105 }\r
106#define EFI_KMS_FORMAT_MD5SHA_128_GUID \\r
107 { \\r
108 0x1c178237, 0x6897, 0x459e, {0x9d, 0x36, 0x67, 0xce, 0x8e, 0xf9, 0x4f, 0x76 } \\r
109 }\r
110#define EFI_KMS_FORMAT_SHA1_160_GUID \\r
111 { \\r
112 0x453c5e5a, 0x482d, 0x43f0, {0x87, 0xc9, 0x59, 0x41, 0xf3, 0xa3, 0x8a, 0xc2 } \\r
113 }\r
114#define EFI_KMS_FORMAT_SHA256_256_GUID \\r
115 { \\r
116 0x6bb4f5cd, 0x8022, 0x448d, {0xbc, 0x6d, 0x77, 0x1b, 0xae, 0x93, 0x5f, 0xc6 } \\r
117 }\r
118#define EFI_KMS_FORMAT_SHA512_512_GUID \\r
119 { \\r
120 0x2f240e12, 0xe14d, 0x475c, {0x83, 0xb0, 0xef, 0xff, 0x22, 0xd7, 0x7b, 0xe7 } \\r
121 }\r
122///@}\r
123\r
124///\r
125/// These GUIDs define key data formats that contain data generated by cryptographic key algorithms.\r
126/// There may or may not be a separate data hashing algorithm associated with the key algorithm.\r
127///@{\r
128#define EFI_KMS_FORMAT_AESXTS_128_GUID \\r
129 { \\r
130 0x4776e33f, 0xdb47, 0x479a, {0xa2, 0x5f, 0xa1, 0xcd, 0x0a, 0xfa, 0xb3, 0x8b } \\r
131 }\r
132#define EFI_KMS_FORMAT_AESXTS_256_GUID \\r
133 { \\r
134 0xdc7e8613, 0xc4bb, 0x4db0, {0x84, 0x62, 0x13, 0x51, 0x13, 0x57, 0xab, 0xe2 } \\r
135 }\r
136#define EFI_KMS_FORMAT_AESCBC_128_GUID \\r
137 { \\r
138 0xa0e8ee6a, 0x0e92, 0x44d4, {0x86, 0x1b, 0x0e, 0xaa, 0x4a, 0xca, 0x44, 0xa2 } \\r
139 }\r
140#define EFI_KMS_FORMAT_AESCBC_256_GUID \\r
141 { \\r
142 0xd7e69789, 0x1f68, 0x45e8, {0x96, 0xef, 0x3b, 0x64, 0x07, 0xa5, 0xb2, 0xdc } \\r
143 }\r
144#define EFI_KMS_FORMAT_RSASHA1_1024_GUID \\r
145 { \\r
146 0x56417bed, 0x6bbe, 0x4882, {0x86, 0xa0, 0x3a, 0xe8, 0xbb, 0x17, 0xf8, 0xf9 } \\r
147 }\r
148#define EFI_KMS_FORMAT_RSASHA1_2048_GUID \\r
149 { \\r
150 0xf66447d4, 0x75a6, 0x463e, {0xa8, 0x19, 0x07, 0x7f, 0x2d, 0xda, 0x05, 0xe9 } \\r
151 }\r
152#define EFI_KMS_FORMAT_RSASHA256_2048_GUID \\r
153 { \\r
154 0xa477af13, 0x877d, 0x4060, {0xba, 0xa1, 0x25, 0xd1, 0xbe, 0xa0, 0x8a, 0xd3 } \\r
155 }\r
156#define EFI_KMS_FORMAT_RSASHA256_3072_GUID \\r
157 { \\r
158 0x4e1356c2, 0xeed, 0x463f, {0x81, 0x47, 0x99, 0x33, 0xab, 0xdb, 0xc7, 0xd5 } \\r
159 }\r
160///@}\r
161\r
2f88bd3a
MK		 162#define EFI_KMS_ATTRIBUTE_TYPE_NONE 0x00\r
163#define EFI_KMS_ATTRIBUTE_TYPE_INTEGER 0x01\r
164#define EFI_KMS_ATTRIBUTE_TYPE_LONG_INTEGER 0x02\r
165#define EFI_KMS_ATTRIBUTE_TYPE_BIG_INTEGER 0x03\r
166#define EFI_KMS_ATTRIBUTE_TYPE_ENUMERATION 0x04\r
167#define EFI_KMS_ATTRIBUTE_TYPE_BOOLEAN 0x05\r
168#define EFI_KMS_ATTRIBUTE_TYPE_BYTE_STRING 0x06\r
169#define EFI_KMS_ATTRIBUTE_TYPE_TEXT_STRING 0x07\r
170#define EFI_KMS_ATTRIBUTE_TYPE_DATE_TIME 0x08\r
171#define EFI_KMS_ATTRIBUTE_TYPE_INTERVAL 0x09\r
172#define EFI_KMS_ATTRIBUTE_TYPE_STRUCTURE 0x0A\r
173#define EFI_KMS_ATTRIBUTE_TYPE_DYNAMIC 0x0B\r
76336e4e 174\r
ac79ee29
FS		 175typedef struct {\r
176 ///\r
177 /// Length in bytes of the KeyData.\r
178 ///\r
2f88bd3a 179 UINT32 KeySize;\r
ac79ee29
FS		 180 ///\r
181 /// The data of the key.\r
182 ///\r
2f88bd3a 183 UINT8 KeyData[1];\r
ac79ee29
FS		 184} EFI_KMS_FORMAT_GENERIC_DYNAMIC;\r
185\r
76336e4e
SZ		 186typedef struct {\r
187 ///\r
188 /// The size in bytes for the client identifier.\r
189 ///\r
2f88bd3a 190 UINT16 ClientIdSize;\r
76336e4e
SZ		 191 ///\r
192 /// Pointer to a valid client identifier.\r
193 ///\r
2f88bd3a 194 VOID *ClientId;\r
76336e4e
SZ		 195 ///\r
196 /// The client name string type used by this client. The string type set here must be one of\r
197 /// the string types reported in the ClientNameStringTypes field of the KMS protocol. If the\r
198 /// KMS does not support client names, this field should be set to EFI_KMS_DATA_TYPE_NONE.\r
199 ///\r
2f88bd3a 200 UINT8 ClientNameType;\r
76336e4e
SZ		 201 ///\r
202 /// The size in characters for the client name. This field will be ignored if\r
203 /// ClientNameStringType is set to EFI_KMS_DATA_TYPE_NONE. Otherwise, it must contain\r
204 /// number of characters contained in the ClientName field.\r
205 ///\r
2f88bd3a 206 UINT8 ClientNameCount;\r
76336e4e
SZ		 207 ///\r
208 /// Pointer to a client name. This field will be ignored if ClientNameStringType is set to\r
209 /// EFI_KMS_DATA_TYPE_NONE. Otherwise, it must point to a valid string of the specified type.\r
210 ///\r
2f88bd3a 211 VOID *ClientName;\r
76336e4e
SZ		 212} EFI_KMS_CLIENT_INFO;\r
213\r
214typedef struct {\r
215 ///\r
216 /// The size of the KeyIdentifier field in bytes. This field is limited to the range 0 to 255.\r
217 ///\r
2f88bd3a 218 UINT8 KeyIdentifierSize;\r
76336e4e
SZ		 219 ///\r
220 /// Pointer to an array of KeyIdentifierType elements.\r
221 ///\r
2f88bd3a 222 VOID *KeyIdentifier;\r
76336e4e
SZ		 223 ///\r
224 /// An EFI_GUID which specifies the algorithm and key value size for this key.\r
225 ///\r
2f88bd3a 226 EFI_GUID KeyFormat;\r
76336e4e
SZ		 227 ///\r
228 /// Pointer to a key value for a key specified by the KeyFormat field. A NULL value for this\r
229 /// field indicates that no key is available.\r
230 ///\r
2f88bd3a 231 VOID *KeyValue;\r
76336e4e
SZ		 232 ///\r
233 /// Specifies the results of KMS operations performed with this descriptor. This field is used\r
234 /// to indicate the status of individual operations when a KMS function is called with multiple\r
235 /// EFI_KMS_KEY_DESCRIPTOR structures.\r
236 /// KeyStatus codes returned for the individual key requests are:\r
237 /// EFI_SUCCESS Successfully processed this key.\r
238 /// EFI_WARN_STALE_DATA Successfully processed this key, however, the key's parameters\r
239 /// exceed internal policies/limits and should be replaced.\r
240 /// EFI_COMPROMISED_DATA Successfully processed this key, but the key may have been\r
241 /// compromised and must be replaced.\r
242 /// EFI_UNSUPPORTED Key format is not supported by the service.\r
243 /// EFI_OUT_OF_RESOURCES Could not allocate resources for the key processing.\r
244 /// EFI_TIMEOUT Timed out waiting for device or key server.\r
245 /// EFI_DEVICE_ERROR Device or key server error.\r
246 /// EFI_INVALID_PARAMETER KeyFormat is invalid.\r
247 /// EFI_NOT_FOUND The key does not exist on the KMS.\r
248 ///\r
249 EFI_STATUS KeyStatus;\r
250} EFI_KMS_KEY_DESCRIPTOR;\r
251\r
252typedef struct {\r
253 ///\r
254 /// Part of a tag-type-length triplet that identifies the KeyAttributeData formatting. The\r
255 /// definition of the value is outside the scope of this standard and may be defined by the KMS.\r
256 ///\r
2f88bd3a 257 UINT16 Tag;\r
76336e4e
SZ		 258 ///\r
259 /// Part of a tag-type-length triplet that identifies the KeyAttributeData formatting. The\r
260 /// definition of the value is outside the scope of this standard and may be defined by the KMS.\r
261 ///\r
2f88bd3a 262 UINT16 Type;\r
76336e4e
SZ		 263 ///\r
264 /// Length in bytes of the KeyAttributeData.\r
265 ///\r
2f88bd3a 266 UINT32 Length;\r
76336e4e
SZ		 267 ///\r
268 /// An array of bytes to hold the attribute data associated with the KeyAttributeIdentifier.\r
269 ///\r
2f88bd3a 270 UINT8 KeyAttributeData[1];\r
76336e4e
SZ		 271} EFI_KMS_DYNAMIC_FIELD;\r
272\r
273typedef struct {\r
274 ///\r
275 /// The number of members in the EFI_KMS_DYNAMIC_ATTRIBUTE structure.\r
276 ///\r
2f88bd3a 277 UINT32 FieldCount;\r
76336e4e
SZ		 278 ///\r
279 /// An array of EFI_KMS_DYNAMIC_FIELD structures.\r
280 ///\r
2f88bd3a 281 EFI_KMS_DYNAMIC_FIELD Field[1];\r
76336e4e
SZ		 282} EFI_KMS_DYNAMIC_ATTRIBUTE;\r
283\r
284typedef struct {\r
285 ///\r
286 /// The data type used for the KeyAttributeIdentifier field. Values for this field are defined\r
287 /// by the EFI_KMS_DATA_TYPE constants, except that EFI_KMS_DATA_TYPE_BINARY is not\r
288 /// valid for this field.\r
289 ///\r
2f88bd3a 290 UINT8 KeyAttributeIdentifierType;\r
76336e4e
SZ		 291 ///\r
292 /// The length of the KeyAttributeIdentifier field in units defined by KeyAttributeIdentifierType\r
293 /// field. This field is limited to the range 0 to 255.\r
294 ///\r
2f88bd3a 295 UINT8 KeyAttributeIdentifierCount;\r
76336e4e
SZ		 296 ///\r
297 /// Pointer to an array of KeyAttributeIdentifierType elements. For string types, there must\r
298 /// not be a null-termination element at the end of the array.\r
299 ///\r
2f88bd3a 300 VOID *KeyAttributeIdentifier;\r
76336e4e
SZ		 301 ///\r
302 /// The instance number of this attribute. If there is only one instance, the value is set to\r
303 /// one. If this value is set to 0xFFFF (all binary 1's) then this field should be ignored if an\r
304 /// output or treated as a wild card matching any value if it is an input. If the attribute is\r
305 /// stored with this field, it will match any attribute request regardless of the setting of the\r
306 /// field in the request. If set to 0xFFFF in the request, it will match any attribute with the\r
307 /// same KeyAttributeIdentifier.\r
308 ///\r
2f88bd3a 309 UINT16 KeyAttributeInstance;\r
76336e4e
SZ		 310 ///\r
311 /// The data type of the KeyAttributeValue (e.g. struct, bool, etc.). See the list of\r
312 /// KeyAttributeType definitions.\r
313 ///\r
2f88bd3a 314 UINT16 KeyAttributeType;\r
76336e4e
SZ		 315 ///\r
316 /// The size in bytes of the KeyAttribute field. A value of zero for this field indicates that no\r
317 /// key attribute value is available.\r
318 ///\r
2f88bd3a 319 UINT16 KeyAttributeValueSize;\r
76336e4e
SZ		 320 ///\r
321 /// Pointer to a key attribute value for the attribute specified by the KeyAttributeIdentifier\r
322 /// field. If the KeyAttributeValueSize field is zero, then this field must be NULL.\r
323 ///\r
2f88bd3a 324 VOID *KeyAttributeValue;\r
76336e4e
SZ		 325 ///\r
326 /// KeyAttributeStatusSpecifies the results of KMS operations performed with this attribute.\r
327 /// This field is used to indicate the status of individual operations when a KMS function is\r
328 /// called with multiple EFI_KMS_KEY_ATTRIBUTE structures.\r
329 /// KeyAttributeStatus codes returned for the individual key attribute requests are:\r
330 /// EFI_SUCCESS Successfully processed this request.\r
331 /// EFI_WARN_STALE_DATA Successfully processed this request, however, the key's\r
332 /// parameters exceed internal policies/limits and should be replaced.\r
333 /// EFI_COMPROMISED_DATA Successfully processed this request, but the key may have been\r
334 /// compromised and must be replaced.\r
335 /// EFI_UNSUPPORTED Key attribute format is not supported by the service.\r
336 /// EFI_OUT_OF_RESOURCES Could not allocate resources for the request processing.\r
337 /// EFI_TIMEOUT Timed out waiting for device or key server.\r
338 /// EFI_DEVICE_ERROR Device or key server error.\r
339 /// EFI_INVALID_PARAMETER A field in the EFI_KMS_KEY_ATTRIBUTE structure is invalid.\r
340 /// EFI_NOT_FOUND The key attribute does not exist on the KMS.\r
341 ///\r
342 EFI_STATUS KeyAttributeStatus;\r
343} EFI_KMS_KEY_ATTRIBUTE;\r
344\r
345/**\r
346 Get the current status of the key management service.\r
347\r
348 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
349\r
350 @retval EFI_SUCCESS The KMS is ready for use.\r
351 @retval EFI_NOT_READY No connection to the KMS is available.\r
352 @retval EFI_NO_MAPPING No valid connection configuration exists for the KMS.\r
353 @retval EFI_NO_RESPONSE No response was received from the KMS.\r
354 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the KMS.\r
355 @retval EFI_INVALID_PARAMETER This is NULL.\r
356\r
357**/\r
358typedef\r
359EFI_STATUS\r
2f88bd3a 360(EFIAPI *EFI_KMS_GET_SERVICE_STATUS)(\r
76336e4e
SZ		 361 IN EFI_KMS_PROTOCOL *This\r
362 );\r
363\r
364/**\r
365 Register client information with the supported KMS.\r
366\r
367 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
368 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
9095d37b 369 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of\r
76336e4e
SZ		 370 data specified by the ClientData parameter. This\r
371 parameter may be NULL, in which case the ClientData\r
372 parameter will be ignored and no data will be\r
373 transferred to or from the KMS. If the parameter is\r
374 not NULL, then ClientData must be a valid pointer.\r
375 If the value pointed to is 0, no data will be transferred\r
376 to the KMS, but data may be returned by the KMS.\r
377 For all non-zero values *ClientData will be transferred\r
378 to the KMS, which may also return data to the caller.\r
379 In all cases, the value upon return to the caller will\r
380 be the size of the data block returned to the caller,\r
381 which will be zero if no data is returned from the KMS.\r
382 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
383 *ClientDataSize that is to be passed directly to the\r
9095d37b
LG		 384 KMS if it supports the use of client data. This\r
385 parameter may be NULL if and only if the\r
76336e4e 386 ClientDataSize parameter is also NULL. Upon return to\r
9095d37b
LG		 387 the caller, *ClientData points to a block of data of\r
388 *ClientDataSize that was returned from the KMS.\r
76336e4e
SZ		 389 If the returned value for *ClientDataSize is zero,\r
390 then the returned value for *ClientData must be NULL\r
391 and should be ignored by the caller. The KMS protocol\r
392 consumer is responsible for freeing all valid buffers\r
393 used for client data regardless of whether they are\r
394 allocated by the caller for input to the function or by\r
395 the implementation for output back to the caller.\r
396\r
397 @retval EFI_SUCCESS The client information has been accepted by the KMS.\r
398 @retval EFI_NOT_READY No connection to the KMS is available.\r
399 @retval EFI_NO_RESPONSE There was no response from the device or the key server.\r
400 @retval EFI_ACCESS_DENIED Access was denied by the device or the key server.\r
401 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the KMS.\r
402 @retval EFI_OUT_OF_RESOURCES Required resources were not available to perform the function.\r
403 @retval EFI_INVALID_PARAMETER This is NULL.\r
404 @retval EFI_UNSUPPORTED The KMS does not support the use of client identifiers.\r
405\r
406**/\r
407typedef\r
408EFI_STATUS\r
2f88bd3a 409(EFIAPI *EFI_KMS_REGISTER_CLIENT)(\r
76336e4e
SZ		 410 IN EFI_KMS_PROTOCOL *This,\r
411 IN EFI_KMS_CLIENT_INFO *Client,\r
412 IN OUT UINTN *ClientDataSize OPTIONAL,\r
413 IN OUT VOID **ClientData OPTIONAL\r
9095d37b 414 );\r
76336e4e
SZ		 415\r
416/**\r
417 Request that the KMS generate one or more new keys and associate them with key identifiers.\r
418 The key value(s) is returned to the caller.\r
419\r
420 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
421 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
422 @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be\r
423 processed by this operation. On return, this number\r
424 will be updated with the number of key descriptors\r
425 successfully processed.\r
426 @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR\r
427 structures which describe the keys to be generated.\r
428 On input, the KeyIdentifierSize and the KeyIdentifier\r
429 may specify an identifier to be used for the key,\r
430 but this is not required. The KeyFormat field must\r
431 specify a key format GUID reported as supported by\r
432 the KeyFormats field of the EFI_KMS_PROTOCOL.\r
433 The value for this field in the first key descriptor will\r
434 be considered the default value for subsequent key\r
435 descriptors requested in this operation if those key\r
436 descriptors have a NULL GUID in the key format field.\r
437 On output, the KeyIdentifierSize and KeyIdentifier fields\r
438 will specify an identifier for the key which will be either\r
439 the original identifier if one was provided, or an identifier\r
440 generated either by the KMS or the KMS protocol\r
441 implementation. The KeyFormat field will be updated\r
442 with the GUID used to generate the key if it was a\r
443 NULL GUID, and the KeyValue field will contain a pointer\r
444 to memory containing the key value for the generated\r
445 key. Memory for both the KeyIdentifier and the KeyValue\r
446 fields will be allocated with the BOOT_SERVICES_DATA\r
447 type and must be freed by the caller when it is no longer\r
448 needed. Also, the KeyStatus field must reflect the result\r
449 of the request relative to that key.\r
9095d37b 450 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of\r
76336e4e
SZ		 451 data specified by the ClientData parameter. This\r
452 parameter may be NULL, in which case the ClientData\r
453 parameter will be ignored and no data will be\r
454 transferred to or from the KMS. If the parameter is\r
455 not NULL, then ClientData must be a valid pointer.\r
456 If the value pointed to is 0, no data will be transferred\r
457 to the KMS, but data may be returned by the KMS.\r
458 For all non-zero values *ClientData will be transferred\r
459 to the KMS, which may also return data to the caller.\r
460 In all cases, the value upon return to the caller will\r
461 be the size of the data block returned to the caller,\r
462 which will be zero if no data is returned from the KMS.\r
463 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
464 *ClientDataSize that is to be passed directly to the\r
9095d37b
LG		 465 KMS if it supports the use of client data. This\r
466 parameter may be NULL if and only if the\r
76336e4e 467 ClientDataSize parameter is also NULL. Upon return to\r
9095d37b
LG		 468 the caller, *ClientData points to a block of data of\r
469 *ClientDataSize that was returned from the KMS.\r
76336e4e
SZ		 470 If the returned value for *ClientDataSize is zero,\r
471 then the returned value for *ClientData must be NULL\r
472 and should be ignored by the caller. The KMS protocol\r
473 consumer is responsible for freeing all valid buffers\r
474 used for client data regardless of whether they are\r
475 allocated by the caller for input to the function or by\r
476 the implementation for output back to the caller.\r
477\r
478 @retval EFI_SUCCESS Successfully generated and retrieved all requested keys.\r
479 @retval EFI_UNSUPPORTED This function is not supported by the KMS. --OR--\r
480 One (or more) of the key requests submitted is not supported by\r
481 the KMS. Check individual key request(s) to see which ones\r
482 may have been processed.\r
483 @retval EFI_OUT_OF_RESOURCES Required resources were not available to perform the function.\r
484 @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
485 request(s) to see which ones may have been processed.\r
486 @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
487 ClientId is required by the server and either no id was\r
488 provided or an invalid id was provided.\r
489 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the KMS. Check\r
490 individual key request(s) to see which ones may have been\r
491 processed.\r
492 @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
493 KeyDescriptorCount is NULL, or Keys is NULL.\r
494 @retval EFI_NOT_FOUND One or more EFI_KMS_KEY_DESCRIPTOR structures\r
495 could not be processed properly. KeyDescriptorCount\r
496 contains the number of structures which were successfully\r
497 processed. Individual structures will reflect the status of the\r
498 processing for that structure.\r
499\r
500**/\r
501typedef\r
502EFI_STATUS\r
2f88bd3a 503(EFIAPI *EFI_KMS_CREATE_KEY)(\r
76336e4e
SZ		 504 IN EFI_KMS_PROTOCOL *This,\r
505 IN EFI_KMS_CLIENT_INFO *Client,\r
506 IN OUT UINT16 *KeyDescriptorCount,\r
507 IN OUT EFI_KMS_KEY_DESCRIPTOR *KeyDescriptors,\r
508 IN OUT UINTN *ClientDataSize OPTIONAL,\r
509 IN OUT VOID **ClientData OPTIONAL\r
510 );\r
511\r
512/**\r
513 Retrieve an existing key.\r
514\r
515 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
516 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
517 @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be\r
518 processed by this operation. On return, this number\r
519 will be updated with the number of key descriptors\r
520 successfully processed.\r
521 @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR\r
522 structures which describe the keys to be retrieved\r
523 from the KMS.\r
524 On input, the KeyIdentifierSize and the KeyIdentifier\r
525 must specify an identifier to be used to retrieve a\r
526 specific key. All other fields in the descriptor should\r
527 be NULL.\r
528 On output, the KeyIdentifierSize and KeyIdentifier fields\r
529 will be unchanged, while the KeyFormat and KeyValue\r
530 fields will be updated values associated with this key\r
9095d37b 531 identifier. Memory for the KeyValue field will be\r
76336e4e
SZ		 532 allocated with the BOOT_SERVICES_DATA type and\r
533 must be freed by the caller when it is no longer needed.\r
534 Also, the KeyStatus field will reflect the result of the\r
535 request relative to the individual key descriptor.\r
9095d37b 536 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of\r
76336e4e
SZ		 537 data specified by the ClientData parameter. This\r
538 parameter may be NULL, in which case the ClientData\r
539 parameter will be ignored and no data will be\r
540 transferred to or from the KMS. If the parameter is\r
541 not NULL, then ClientData must be a valid pointer.\r
542 If the value pointed to is 0, no data will be transferred\r
543 to the KMS, but data may be returned by the KMS.\r
544 For all non-zero values *ClientData will be transferred\r
545 to the KMS, which may also return data to the caller.\r
546 In all cases, the value upon return to the caller will\r
547 be the size of the data block returned to the caller,\r
548 which will be zero if no data is returned from the KMS.\r
549 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
550 *ClientDataSize that is to be passed directly to the\r
9095d37b
LG		 551 KMS if it supports the use of client data. This\r
552 parameter may be NULL if and only if the\r
76336e4e 553 ClientDataSize parameter is also NULL. Upon return to\r
9095d37b
LG		 554 the caller, *ClientData points to a block of data of\r
555 *ClientDataSize that was returned from the KMS.\r
76336e4e
SZ		 556 If the returned value for *ClientDataSize is zero,\r
557 then the returned value for *ClientData must be NULL\r
558 and should be ignored by the caller. The KMS protocol\r
559 consumer is responsible for freeing all valid buffers\r
560 used for client data regardless of whether they are\r
561 allocated by the caller for input to the function or by\r
562 the implementation for output back to the caller.\r
563\r
564 @retval EFI_SUCCESS Successfully retrieved all requested keys.\r
565 @retval EFI_OUT_OF_RESOURCES Could not allocate resources for the method processing.\r
566 @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
567 request(s) to see which ones may have been processed.\r
568 @retval EFI_BUFFER_TOO_SMALL If multiple keys are associated with a single identifier, and the\r
569 KeyValue buffer does not contain enough structures\r
570 (KeyDescriptorCount) to contain all the key data, then\r
571 the available structures will be filled and\r
572 KeyDescriptorCount will be updated to indicate the\r
573 number of keys which could not be processed.\r
574 @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
575 ClientId is required by the server and either none or an\r
576 invalid id was provided.\r
577 @retval EFI_DEVICE_ERROR Device or key server error. Check individual key request(s) to\r
578 see which ones may have been processed.\r
579 @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
580 KeyDescriptorCount is NULL, or Keys is NULL.\r
581 @retval EFI_NOT_FOUND One or more EFI_KMS_KEY_DESCRIPTOR structures\r
582 could not be processed properly. KeyDescriptorCount\r
583 contains the number of structures which were successfully\r
584 processed. Individual structures will reflect the status of the\r
585 processing for that structure.\r
586 @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
587\r
588**/\r
589typedef\r
590EFI_STATUS\r
2f88bd3a 591(EFIAPI *EFI_KMS_GET_KEY)(\r
76336e4e
SZ		 592 IN EFI_KMS_PROTOCOL *This,\r
593 IN EFI_KMS_CLIENT_INFO *Client,\r
594 IN OUT UINT16 *KeyDescriptorCount,\r
595 IN OUT EFI_KMS_KEY_DESCRIPTOR *KeyDescriptors,\r
596 IN OUT UINTN *ClientDataSize OPTIONAL,\r
597 IN OUT VOID **ClientData OPTIONAL\r
598 );\r
599\r
600/**\r
601 Add a new key.\r
602\r
603 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
604 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
605 @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be\r
606 processed by this operation. On normal return, this\r
607 number will be updated with the number of key\r
608 descriptors successfully processed.\r
609 @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR\r
610 structures which describe the keys to be added.\r
611 On input, the KeyId field for first key must contain\r
612 valid identifier data to be used for adding a key to\r
613 the KMS. The values for these fields in this key\r
614 definition will be considered default values for\r
615 subsequent keys requested in this operation. A value\r
616 of 0 in any subsequent KeyId field will be replaced\r
617 with the current default value. The KeyFormat and\r
618 KeyValue fields for each key to be added must contain\r
619 consistent values to be associated with the given KeyId.\r
620 On return, the KeyStatus field will reflect the result\r
621 of the operation for each key request.\r
9095d37b 622 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of\r
76336e4e
SZ		 623 data specified by the ClientData parameter. This\r
624 parameter may be NULL, in which case the ClientData\r
625 parameter will be ignored and no data will be\r
626 transferred to or from the KMS. If the parameter is\r
627 not NULL, then ClientData must be a valid pointer.\r
628 If the value pointed to is 0, no data will be transferred\r
629 to the KMS, but data may be returned by the KMS.\r
630 For all non-zero values *ClientData will be transferred\r
631 to the KMS, which may also return data to the caller.\r
632 In all cases, the value upon return to the caller will\r
633 be the size of the data block returned to the caller,\r
634 which will be zero if no data is returned from the KMS.\r
635 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
636 *ClientDataSize that is to be passed directly to the\r
9095d37b
LG		 637 KMS if it supports the use of client data. This\r
638 parameter may be NULL if and only if the\r
76336e4e 639 ClientDataSize parameter is also NULL. Upon return to\r
9095d37b
LG		 640 the caller, *ClientData points to a block of data of\r
641 *ClientDataSize that was returned from the KMS.\r
76336e4e
SZ		 642 If the returned value for *ClientDataSize is zero,\r
643 then the returned value for *ClientData must be NULL\r
644 and should be ignored by the caller. The KMS protocol\r
645 consumer is responsible for freeing all valid buffers\r
646 used for client data regardless of whether they are\r
647 allocated by the caller for input to the function or by\r
648 the implementation for output back to the caller.\r
649\r
650 @retval EFI_SUCCESS Successfully added all requested keys.\r
651 @retval EFI_OUT_OF_RESOURCES Could not allocate required resources.\r
652 @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
653 request(s) to see which ones may have been processed.\r
654 @retval EFI_BUFFER_TOO_SMALL If multiple keys are associated with a single identifier, and the\r
655 KeyValue buffer does not contain enough structures\r
656 (KeyDescriptorCount) to contain all the key data, then\r
657 the available structures will be filled and\r
658 KeyDescriptorCount will be updated to indicate the\r
659 number of keys which could not be processed\r
660 @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
661 ClientId is required by the server and either none or an\r
662 invalid id was provided.\r
663 @retval EFI_DEVICE_ERROR Device or key server error. Check individual key request(s) to\r
664 see which ones may have been processed.\r
665 @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
666 KeyDescriptorCount is NULL, or Keys is NULL.\r
667 @retval EFI_NOT_FOUND One or more EFI_KMS_KEY_DESCRIPTOR structures\r
668 could not be processed properly. KeyDescriptorCount\r
669 contains the number of structures which were successfully\r
670 processed. Individual structures will reflect the status of the\r
671 processing for that structure.\r
672 @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
673\r
674**/\r
675typedef\r
676EFI_STATUS\r
2f88bd3a 677(EFIAPI *EFI_KMS_ADD_KEY)(\r
76336e4e
SZ		 678 IN EFI_KMS_PROTOCOL *This,\r
679 IN EFI_KMS_CLIENT_INFO *Client,\r
680 IN OUT UINT16 *KeyDescriptorCount,\r
681 IN OUT EFI_KMS_KEY_DESCRIPTOR *KeyDescriptors,\r
682 IN OUT UINTN *ClientDataSize OPTIONAL,\r
683 IN OUT VOID **ClientData OPTIONAL\r
684 );\r
685\r
686/**\r
687 Delete an existing key from the KMS database.\r
688\r
689 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
690 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
691 @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be\r
692 processed by this operation. On normal return, this\r
693 number will be updated with the number of key\r
694 descriptors successfully processed.\r
695 @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR\r
696 structures which describe the keys to be deleted.\r
697 On input, the KeyId field for first key must contain\r
698 valid identifier data to be used for adding a key to\r
699 the KMS. The values for these fields in this key\r
700 definition will be considered default values for\r
701 subsequent keys requested in this operation. A value\r
702 of 0 in any subsequent KeyId field will be replaced\r
703 with the current default value. The KeyFormat and\r
704 KeyValue fields are ignored, but should be 0.\r
705 On return, the KeyStatus field will reflect the result\r
706 of the operation for each key request.\r
9095d37b 707 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of\r
76336e4e
SZ		 708 data specified by the ClientData parameter. This\r
709 parameter may be NULL, in which case the ClientData\r
710 parameter will be ignored and no data will be\r
711 transferred to or from the KMS. If the parameter is\r
712 not NULL, then ClientData must be a valid pointer.\r
713 If the value pointed to is 0, no data will be transferred\r
714 to the KMS, but data may be returned by the KMS.\r
715 For all non-zero values *ClientData will be transferred\r
716 to the KMS, which may also return data to the caller.\r
717 In all cases, the value upon return to the caller will\r
718 be the size of the data block returned to the caller,\r
719 which will be zero if no data is returned from the KMS.\r
720 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
721 *ClientDataSize that is to be passed directly to the\r
9095d37b
LG		 722 KMS if it supports the use of client data. This\r
723 parameter may be NULL if and only if the\r
76336e4e 724 ClientDataSize parameter is also NULL. Upon return to\r
9095d37b
LG		 725 the caller, *ClientData points to a block of data of\r
726 *ClientDataSize that was returned from the KMS.\r
76336e4e
SZ		 727 If the returned value for *ClientDataSize is zero,\r
728 then the returned value for *ClientData must be NULL\r
729 and should be ignored by the caller. The KMS protocol\r
730 consumer is responsible for freeing all valid buffers\r
731 used for client data regardless of whether they are\r
732 allocated by the caller for input to the function or by\r
733 the implementation for output back to the caller.\r
734\r
735 @retval EFI_SUCCESS Successfully deleted all requested keys.\r
736 @retval EFI_OUT_OF_RESOURCES Could not allocate required resources.\r
737 @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
738 request(s) to see which ones may have been processed.\r
739 @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
740 ClientId is required by the server and either none or an\r
741 invalid id was provided.\r
742 @retval EFI_DEVICE_ERROR Device or key server error. Check individual key request(s) to\r
743 see which ones may have been processed.\r
744 @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
745 KeyDescriptorCount is NULL, or Keys is NULL.\r
746 @retval EFI_NOT_FOUND One or more EFI_KMS_KEY_DESCRIPTOR structures\r
747 could not be processed properly. KeyDescriptorCount\r
748 contains the number of structures which were successfully\r
749 processed. Individual structures will reflect the status of the\r
750 processing for that structure.\r
751 @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
752\r
753**/\r
754typedef\r
755EFI_STATUS\r
2f88bd3a 756(EFIAPI *EFI_KMS_DELETE_KEY)(\r
76336e4e
SZ		 757 IN EFI_KMS_PROTOCOL *This,\r
758 IN EFI_KMS_CLIENT_INFO *Client,\r
759 IN OUT UINT16 *KeyDescriptorCount,\r
760 IN OUT EFI_KMS_KEY_DESCRIPTOR *KeyDescriptors,\r
761 IN OUT UINTN *ClientDataSize OPTIONAL,\r
762 IN OUT VOID **ClientData OPTIONAL\r
763 );\r
764\r
765/**\r
766 Get one or more attributes associated with a specified key identifier.\r
767 If none are found, the returned attributes count contains a value of zero.\r
768\r
769 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
770 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
771 @param[in] KeyIdentifierSize Pointer to the size in bytes of the KeyIdentifier variable.\r
772 @param[in] KeyIdentifier Pointer to the key identifier associated with this key.\r
773 @param[in, out] KeyAttributesCount Pointer to the number of EFI_KMS_KEY_ATTRIBUTE\r
774 structures associated with the Key identifier. If none\r
775 are found, the count value is zero on return.\r
776 On input this value reflects the number of KeyAttributes\r
777 that may be returned.\r
778 On output, the value reflects the number of completed\r
779 KeyAttributes structures found.\r
780 @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE\r
781 structures associated with the Key Identifier.\r
782 On input, the fields in the structure should be NULL.\r
783 On output, the attribute fields will have updated values\r
784 for attributes associated with this key identifier.\r
9095d37b 785 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of\r
76336e4e
SZ		 786 data specified by the ClientData parameter. This\r
787 parameter may be NULL, in which case the ClientData\r
788 parameter will be ignored and no data will be\r
789 transferred to or from the KMS. If the parameter is\r
790 not NULL, then ClientData must be a valid pointer.\r
791 If the value pointed to is 0, no data will be transferred\r
792 to the KMS, but data may be returned by the KMS.\r
793 For all non-zero values *ClientData will be transferred\r
794 to the KMS, which may also return data to the caller.\r
795 In all cases, the value upon return to the caller will\r
796 be the size of the data block returned to the caller,\r
797 which will be zero if no data is returned from the KMS.\r
798 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
799 *ClientDataSize that is to be passed directly to the\r
9095d37b
LG		 800 KMS if it supports the use of client data. This\r
801 parameter may be NULL if and only if the\r
76336e4e 802 ClientDataSize parameter is also NULL. Upon return to\r
9095d37b
LG		 803 the caller, *ClientData points to a block of data of\r
804 *ClientDataSize that was returned from the KMS.\r
76336e4e
SZ		 805 If the returned value for *ClientDataSize is zero,\r
806 then the returned value for *ClientData must be NULL\r
807 and should be ignored by the caller. The KMS protocol\r
808 consumer is responsible for freeing all valid buffers\r
809 used for client data regardless of whether they are\r
810 allocated by the caller for input to the function or by\r
811 the implementation for output back to the caller.\r
812\r
813 @retval EFI_SUCCESS Successfully retrieved all key attributes.\r
814 @retval EFI_OUT_OF_RESOURCES Could not allocate resources for the method processing.\r
815 @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
816 attribute request(s) to see which ones may have been\r
817 processed.\r
818 @retval EFI_BUFFER_TOO_SMALL If multiple key attributes are associated with a single identifier,\r
819 and the KeyAttributes buffer does not contain enough\r
820 structures (KeyAttributesCount) to contain all the key\r
821 attributes data, then the available structures will be filled and\r
822 KeyAttributesCount will be updated to indicate the\r
823 number of key attributes which could not be processed.\r
824 @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
825 ClientId is required by the server and either none or an\r
826 invalid id was provided.\r
827 @retval EFI_DEVICE_ERROR Device or key server error. Check individual key attribute\r
828 request(s) (i.e. key attribute status for each) to see which ones\r
829 may have been processed.\r
830 @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
831 KeyIdentifierSize is NULL , or KeyIdentifier\r
832 is NULL, or KeyAttributes is NULL, or\r
833 KeyAttributesSize is NULL.\r
834 @retval EFI_NOT_FOUND The KeyIdentifier could not be found.\r
835 KeyAttributesCount contains zero. Individual\r
836 structures will reflect the status of the processing for that\r
837 structure.\r
838 @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
839\r
840**/\r
841typedef\r
842EFI_STATUS\r
2f88bd3a 843(EFIAPI *EFI_KMS_GET_KEY_ATTRIBUTES)(\r
76336e4e
SZ		 844 IN EFI_KMS_PROTOCOL *This,\r
845 IN EFI_KMS_CLIENT_INFO *Client,\r
846 IN UINT8 *KeyIdentifierSize,\r
847 IN CONST VOID *KeyIdentifier,\r
848 IN OUT UINT16 *KeyAttributesCount,\r
849 IN OUT EFI_KMS_KEY_ATTRIBUTE *KeyAttributes,\r
850 IN OUT UINTN *ClientDataSize OPTIONAL,\r
851 IN OUT VOID **ClientData OPTIONAL\r
852 );\r
853\r
854/**\r
855 Add one or more attributes to a key specified by a key identifier.\r
856\r
857 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
858 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
859 @param[in] KeyIdentifierSize Pointer to the size in bytes of the KeyIdentifier variable.\r
860 @param[in] KeyIdentifier Pointer to the key identifier associated with this key.\r
861 @param[in, out] KeyAttributesCount Pointer to the number of EFI_KMS_KEY_ATTRIBUTE\r
862 structures to associate with the Key. On normal returns,\r
863 this number will be updated with the number of key\r
864 attributes successfully processed.\r
865 @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE\r
866 structures providing the attribute information to\r
867 associate with the key.\r
868 On input, the values for the fields in the structure\r
869 are completely filled in.\r
870 On return the KeyAttributeStatus field will reflect the\r
871 result of the operation for each key attribute request.\r
9095d37b 872 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of\r
76336e4e
SZ		 873 data specified by the ClientData parameter. This\r
874 parameter may be NULL, in which case the ClientData\r
875 parameter will be ignored and no data will be\r
876 transferred to or from the KMS. If the parameter is\r
877 not NULL, then ClientData must be a valid pointer.\r
878 If the value pointed to is 0, no data will be transferred\r
879 to the KMS, but data may be returned by the KMS.\r
880 For all non-zero values *ClientData will be transferred\r
881 to the KMS, which may also return data to the caller.\r
882 In all cases, the value upon return to the caller will\r
883 be the size of the data block returned to the caller,\r
884 which will be zero if no data is returned from the KMS.\r
885 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
886 *ClientDataSize that is to be passed directly to the\r
9095d37b
LG		 887 KMS if it supports the use of client data. This\r
888 parameter may be NULL if and only if the\r
76336e4e 889 ClientDataSize parameter is also NULL. Upon return to\r
9095d37b
LG		 890 the caller, *ClientData points to a block of data of\r
891 *ClientDataSize that was returned from the KMS.\r
76336e4e
SZ		 892 If the returned value for *ClientDataSize is zero,\r
893 then the returned value for *ClientData must be NULL\r
894 and should be ignored by the caller. The KMS protocol\r
895 consumer is responsible for freeing all valid buffers\r
896 used for client data regardless of whether they are\r
897 allocated by the caller for input to the function or by\r
898 the implementation for output back to the caller.\r
899\r
900 @retval EFI_SUCCESS Successfully added all requested key attributes.\r
901 @retval EFI_OUT_OF_RESOURCES Could not allocate required resources.\r
902 @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
903 attribute request(s) to see which ones may have been\r
904 processed.\r
905 @retval EFI_BUFFER_TOO_SMALL If multiple keys attributes are associated with a single key\r
906 identifier, and the attributes buffer does not contain\r
907 enough structures (KeyAttributesCount) to contain all\r
908 the data, then the available structures will be filled and\r
909 KeyAttributesCount will be updated to indicate the\r
910 number of key attributes which could not be processed. The\r
911 status of each key attribute is also updated indicating success or\r
912 failure for that attribute in case there are other errors for those\r
913 attributes that could be processed.\r
914 @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
915 ClientId is required by the server and either none or an\r
916 invalid id was provided.\r
917 @retval EFI_DEVICE_ERROR Device or key server error. Check individual key attribute\r
918 request(s) (i.e. key attribute status for each) to see which ones\r
919 may have been processed.\r
920 @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
921 KeyAttributesCount is NULL, or KeyAttributes\r
922 is NULL, or KeyIdentifierSize is NULL, or\r
923 KeyIdentifer is NULL.\r
924 @retval EFI_NOT_FOUND The KeyIdentifier could not be found. On return the\r
925 KeyAttributesCount contains the number of attributes\r
926 processed. Individual structures will reflect the status of the\r
927 processing for that structure.\r
928 @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
929\r
930**/\r
931typedef\r
932EFI_STATUS\r
2f88bd3a 933(EFIAPI *EFI_KMS_ADD_KEY_ATTRIBUTES)(\r
76336e4e
SZ		 934 IN EFI_KMS_PROTOCOL *This,\r
935 IN EFI_KMS_CLIENT_INFO *Client,\r
936 IN UINT8 *KeyIdentifierSize,\r
937 IN CONST VOID *KeyIdentifier,\r
938 IN OUT UINT16 *KeyAttributesCount,\r
939 IN OUT EFI_KMS_KEY_ATTRIBUTE *KeyAttributes,\r
940 IN OUT UINTN *ClientDataSize OPTIONAL,\r
941 IN OUT VOID **ClientData OPTIONAL\r
942 );\r
943\r
944/**\r
945 Delete attributes to a key specified by a key identifier.\r
946\r
947 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
948 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
949 @param[in] KeyIdentifierSize Pointer to the size in bytes of the KeyIdentifier variable.\r
950 @param[in] KeyIdentifier Pointer to the key identifier associated with this key.\r
951 @param[in, out] KeyAttributesCount Pointer to the number of EFI_KMS_KEY_ATTRIBUTE\r
952 structures to associate with the Key.\r
953 On input, the count value is one or more.\r
954 On normal returns, this number will be updated with\r
955 the number of key attributes successfully processed.\r
956 @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE\r
957 structures providing the attribute information to\r
958 associate with the key.\r
959 On input, the values for the fields in the structure\r
960 are completely filled in.\r
961 On return the KeyAttributeStatus field will reflect the\r
962 result of the operation for each key attribute request.\r
9095d37b 963 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of\r
76336e4e
SZ		 964 data specified by the ClientData parameter. This\r
965 parameter may be NULL, in which case the ClientData\r
966 parameter will be ignored and no data will be\r
967 transferred to or from the KMS. If the parameter is\r
968 not NULL, then ClientData must be a valid pointer.\r
969 If the value pointed to is 0, no data will be transferred\r
970 to the KMS, but data may be returned by the KMS.\r
971 For all non-zero values *ClientData will be transferred\r
972 to the KMS, which may also return data to the caller.\r
973 In all cases, the value upon return to the caller will\r
974 be the size of the data block returned to the caller,\r
975 which will be zero if no data is returned from the KMS.\r
976 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
977 *ClientDataSize that is to be passed directly to the\r
9095d37b
LG		 978 KMS if it supports the use of client data. This\r
979 parameter may be NULL if and only if the\r
76336e4e 980 ClientDataSize parameter is also NULL. Upon return to\r
9095d37b
LG		 981 the caller, *ClientData points to a block of data of\r
982 *ClientDataSize that was returned from the KMS.\r
76336e4e
SZ		 983 If the returned value for *ClientDataSize is zero,\r
984 then the returned value for *ClientData must be NULL\r
985 and should be ignored by the caller. The KMS protocol\r
986 consumer is responsible for freeing all valid buffers\r
987 used for client data regardless of whether they are\r
988 allocated by the caller for input to the function or by\r
989 the implementation for output back to the caller.\r
990\r
991 @retval EFI_SUCCESS Successfully deleted all requested key attributes.\r
992 @retval EFI_OUT_OF_RESOURCES Could not allocate required resources.\r
993 @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
994 attribute request(s) to see which ones may have been\r
995 processed.\r
996 @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
997 ClientId is required by the server and either none or an\r
998 invalid id was provided.\r
999 @retval EFI_DEVICE_ERROR Device or key server error. Check individual key attribute\r
1000 request(s) (i.e. key attribute status for each) to see which ones\r
1001 may have been processed.\r
1002 @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
1003 KeyAttributesCount is NULL, or\r
1004 KeyAttributes is NULL, or KeyIdentifierSize\r
1005 is NULL, or KeyIdentifer is NULL.\r
1006 @retval EFI_NOT_FOUND The KeyIdentifier could not be found or the attribute\r
1007 could not be found. On return the KeyAttributesCount\r
1008 contains the number of attributes processed. Individual\r
1009 structures will reflect the status of the processing for that\r
1010 structure.\r
1011 @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
1012\r
1013**/\r
1014typedef\r
1015EFI_STATUS\r
2f88bd3a 1016(EFIAPI *EFI_KMS_DELETE_KEY_ATTRIBUTES)(\r
76336e4e
SZ		 1017 IN EFI_KMS_PROTOCOL *This,\r
1018 IN EFI_KMS_CLIENT_INFO *Client,\r
1019 IN UINT8 *KeyIdentifierSize,\r
1020 IN CONST VOID *KeyIdentifier,\r
1021 IN OUT UINT16 *KeyAttributesCount,\r
1022 IN OUT EFI_KMS_KEY_ATTRIBUTE *KeyAttributes,\r
1023 IN OUT UINTN *ClientDataSize OPTIONAL,\r
1024 IN OUT VOID **ClientData OPTIONAL\r
1025 );\r
1026\r
1027/**\r
1028 Retrieve one or more key that has matched all of the specified key attributes.\r
1029\r
1030 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
1031 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
1032 @param[in, out] KeyAttributesCount Pointer to a count of the number of key attribute structures\r
1033 that must be matched for each returned key descriptor.\r
1034 On input the count value is one or more.\r
1035 On normal returns, this number will be updated with\r
1036 the number of key attributes successfully processed.\r
1037 @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE\r
1038 structure to search for.\r
1039 On input, the values for the fields in the structure are\r
1040 completely filled in.\r
1041 On return the KeyAttributeStatus field will reflect the\r
1042 result of the operation for each key attribute request.\r
1043 @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors matched\r
1044 by this operation.\r
1045 On entry, this number will be zero.\r
1046 On return, this number will be updated to the number\r
1047 of key descriptors successfully found.\r
1048 @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR\r
1049 structures which describe the keys from the KMS\r
1050 having the KeyAttribute(s) specified.\r
1051 On input, this pointer will be NULL.\r
1052 On output, the array will contain an\r
1053 EFI_KMS_KEY_DESCRIPTOR structure for each key\r
1054 meeting the search criteria. Memory for the array\r
1055 and all KeyValue fields will be allocated with the\r
1056 EfiBootServicesData type and must be freed by the\r
1057 caller when it is no longer needed. Also, the KeyStatus\r
1058 field of each descriptor will reflect the result of the\r
1059 request relative to that key descriptor.\r
9095d37b 1060 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of\r
76336e4e
SZ		 1061 data specified by the ClientData parameter. This\r
1062 parameter may be NULL, in which case the ClientData\r
1063 parameter will be ignored and no data will be\r
1064 transferred to or from the KMS. If the parameter is\r
1065 not NULL, then ClientData must be a valid pointer.\r
1066 If the value pointed to is 0, no data will be transferred\r
1067 to the KMS, but data may be returned by the KMS.\r
1068 For all non-zero values *ClientData will be transferred\r
1069 to the KMS, which may also return data to the caller.\r
1070 In all cases, the value upon return to the caller will\r
1071 be the size of the data block returned to the caller,\r
1072 which will be zero if no data is returned from the KMS.\r
1073 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
1074 *ClientDataSize that is to be passed directly to the\r
9095d37b
LG		 1075 KMS if it supports the use of client data. This\r
1076 parameter may be NULL if and only if the\r
76336e4e 1077 ClientDataSize parameter is also NULL. Upon return to\r
9095d37b
LG		 1078 the caller, *ClientData points to a block of data of\r
1079 *ClientDataSize that was returned from the KMS.\r
76336e4e
SZ		 1080 If the returned value for *ClientDataSize is zero,\r
1081 then the returned value for *ClientData must be NULL\r
1082 and should be ignored by the caller. The KMS protocol\r
1083 consumer is responsible for freeing all valid buffers\r
1084 used for client data regardless of whether they are\r
1085 allocated by the caller for input to the function or by\r
1086 the implementation for output back to the caller.\r
1087\r
1088 @retval EFI_SUCCESS Successfully retrieved all requested keys.\r
1089 @retval EFI_OUT_OF_RESOURCES Could not allocate required resources.\r
1090 @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
1091 attribute request(s) to see which ones may have been\r
1092 processed.\r
1093 @retval EFI_BUFFER_TOO_SMALL If multiple keys are associated with the attribute(s), and the\r
1094 KeyValue buffer does not contain enough structures\r
1095 (KeyDescriptorCount) to contain all the key data, then\r
1096 the available structures will be filled and\r
1097 KeyDescriptorCount will be updated to indicate the\r
1098 number of keys which could not be processed.\r
1099 @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
1100 ClientId is required by the server and either none or an\r
1101 invalid id was provided.\r
1102 @retval EFI_DEVICE_ERROR Device or key server error. Check individual key attribute\r
1103 request(s) (i.e. key attribute status for each) to see which ones\r
1104 may have been processed.\r
1105 @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
1106 KeyDescriptorCount is NULL, or\r
1107 KeyDescriptors is NULL or KeyAttributes is\r
1108 NULL, or KeyAttributesCount is NULL.\r
1109 @retval EFI_NOT_FOUND One or more EFI_KMS_KEY_ATTRIBUTE structures could\r
1110 not be processed properly. KeyAttributeCount contains\r
1111 the number of structures which were successfully processed.\r
1112 Individual structures will reflect the status of the processing for\r
1113 that structure.\r
1114 @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
1115\r
1116**/\r
1117typedef\r
1118EFI_STATUS\r
2f88bd3a 1119(EFIAPI *EFI_KMS_GET_KEY_BY_ATTRIBUTES)(\r
76336e4e
SZ		 1120 IN EFI_KMS_PROTOCOL *This,\r
1121 IN EFI_KMS_CLIENT_INFO *Client,\r
1122 IN OUT UINTN *KeyAttributeCount,\r
1123 IN OUT EFI_KMS_KEY_ATTRIBUTE *KeyAttributes,\r
1124 IN OUT UINTN *KeyDescriptorCount,\r
1125 IN OUT EFI_KMS_KEY_DESCRIPTOR *KeyDescriptors,\r
1126 IN OUT UINTN *ClientDataSize OPTIONAL,\r
1127 IN OUT VOID **ClientData OPTIONAL\r
1128 );\r
1129\r
1130///\r
1131/// The Key Management Service (KMS) protocol provides services to generate, store, retrieve,\r
1132/// and manage cryptographic keys.\r
1133///\r
1134struct _EFI_KMS_PROTOCOL {\r
1135 ///\r
1136 /// Get the current status of the key management service. If the implementation has not yet\r
1137 /// connected to the KMS, then a call to this function will initiate a connection. This is the\r
1138 /// only function that is valid for use prior to the service being marked available.\r
1139 ///\r
2f88bd3a 1140 EFI_KMS_GET_SERVICE_STATUS GetServiceStatus;\r
76336e4e
SZ		 1141 ///\r
1142 /// Register a specific client with the KMS.\r
1143 ///\r
2f88bd3a 1144 EFI_KMS_REGISTER_CLIENT RegisterClient;\r
76336e4e
SZ		 1145 ///\r
1146 /// Request the generation of a new key and retrieve it.\r
1147 ///\r
2f88bd3a 1148 EFI_KMS_CREATE_KEY CreateKey;\r
76336e4e
SZ		 1149 ///\r
1150 /// Retrieve an existing key.\r
1151 ///\r
2f88bd3a 1152 EFI_KMS_GET_KEY GetKey;\r
76336e4e
SZ		 1153 ///\r
1154 /// Add a local key to KMS database. If there is an existing key with this key identifier in the\r
1155 /// KMS database, it will be replaced with the new key.\r
1156 ///\r
2f88bd3a 1157 EFI_KMS_ADD_KEY AddKey;\r
76336e4e
SZ		 1158 ///\r
1159 /// Delete an existing key from the KMS database.\r
1160 ///\r
2f88bd3a 1161 EFI_KMS_DELETE_KEY DeleteKey;\r
76336e4e
SZ		 1162 ///\r
1163 /// Get attributes for an existing key in the KMS database.\r
1164 ///\r
2f88bd3a 1165 EFI_KMS_GET_KEY_ATTRIBUTES GetKeyAttributes;\r
76336e4e
SZ		 1166 ///\r
1167 /// Add attributes to an existing key in the KMS database.\r
1168 ///\r
2f88bd3a 1169 EFI_KMS_ADD_KEY_ATTRIBUTES AddKeyAttributes;\r
76336e4e
SZ		 1170 ///\r
1171 /// Delete attributes for an existing key in the KMS database.\r
1172 ///\r
2f88bd3a 1173 EFI_KMS_DELETE_KEY_ATTRIBUTES DeleteKeyAttributes;\r
76336e4e
SZ		 1174 ///\r
1175 /// Get existing key(s) with the specified attributes.\r
1176 ///\r
2f88bd3a 1177 EFI_KMS_GET_KEY_BY_ATTRIBUTES GetKeyByAttributes;\r
76336e4e
SZ		 1178 ///\r
1179 /// The version of this EFI_KMS_PROTOCOL structure. This must be set to 0x00020040 for\r
1180 /// the initial version of this protocol.\r
1181 ///\r
2f88bd3a 1182 UINT32 ProtocolVersion;\r
76336e4e
SZ		 1183 ///\r
1184 /// Optional GUID used to identify a specific KMS. This GUID may be supplied by the provider,\r
1185 /// by the implementation, or may be null. If is null, then the ServiceName must not be null.\r
1186 ///\r
2f88bd3a 1187 EFI_GUID ServiceId;\r
76336e4e
SZ		 1188 ///\r
1189 /// Optional pointer to a unicode string which may be used to identify the KMS or provide\r
1190 /// other information about the supplier.\r
1191 ///\r
2f88bd3a 1192 CHAR16 *ServiceName;\r
76336e4e
SZ		 1193 ///\r
1194 /// Optional 32-bit value which may be used to indicate the version of the KMS provided by\r
1195 /// the supplier.\r
1196 ///\r
2f88bd3a 1197 UINT32 ServiceVersion;\r
76336e4e
SZ		 1198 ///\r
1199 /// TRUE if and only if the service is active and available for use. To avoid unnecessary\r
1200 /// delays in POST, this protocol may be installed without connecting to the service. In this\r
1201 /// case, the first call to the GetServiceStatus () function will cause the implementation to\r
1202 /// connect to the supported service and mark it as available. The capabilities of this service\r
1203 /// as defined in the reminder of this protocol are not guaranteed to be valid until the service\r
1204 /// has been marked available.\r
1205 ///\r
2f88bd3a 1206 BOOLEAN ServiceAvailable;\r
76336e4e 1207 ///\r
a750b4ae 1208 /// TRUE if and only if the service supports client identifiers. Client identifiers may be used\r
76336e4e
SZ		 1209 /// for auditing, access control or any other purpose specific to the implementation.\r
1210 ///\r
2f88bd3a 1211 BOOLEAN ClientIdSupported;\r
76336e4e 1212 ///\r
a750b4ae 1213 /// TRUE if and only if the service requires a client identifier in order to process key requests.\r
76336e4e
SZ		 1214 /// FALSE otherwise.\r
1215 ///\r
2f88bd3a 1216 BOOLEAN ClientIdRequired;\r
76336e4e
SZ		 1217 ///\r
1218 /// The maximum size in bytes for the client identifier.\r
1219 ///\r
2f88bd3a 1220 UINT16 ClientIdMaxSize;\r
76336e4e
SZ		 1221 ///\r
1222 /// The client name string type(s) supported by the KMS service. If client names are not\r
1223 /// supported, this field will be set the EFI_KMS_DATA_TYPE_NONE. Otherwise, it will be set\r
1224 /// to the inclusive 'OR' of all client name formats supported. Client names may be used for\r
1225 /// auditing, access control or any other purpose specific to the implementation.\r
1226 ///\r
2f88bd3a 1227 UINT8 ClientNameStringTypes;\r
76336e4e 1228 ///\r
a750b4ae 1229 /// TRUE if only if the KMS requires a client name to be supplied to the service.\r
76336e4e
SZ		 1230 /// FALSE otherwise.\r
1231 ///\r
2f88bd3a 1232 BOOLEAN ClientNameRequired;\r
76336e4e
SZ		 1233 ///\r
1234 /// The maximum number of characters allowed for the client name.\r
1235 ///\r
2f88bd3a 1236 UINT16 ClientNameMaxCount;\r
76336e4e 1237 ///\r
a750b4ae 1238 /// TRUE if and only if the service supports arbitrary client data requests. The use of client\r
76336e4e
SZ		 1239 /// data requires the caller to have specific knowledge of the individual KMS service and\r
1240 /// should be used only if absolutely necessary.\r
1241 /// FALSE otherwise.\r
1242 ///\r
2f88bd3a 1243 BOOLEAN ClientDataSupported;\r
76336e4e
SZ		 1244 ///\r
1245 /// The maximum size in bytes for the client data. If the maximum data size is not specified\r
1246 /// by the KMS or it is not known, then this field must be filled with all ones.\r
1247 ///\r
2f88bd3a 1248 UINTN ClientDataMaxSize;\r
76336e4e 1249 ///\r
a750b4ae 1250 /// TRUE if variable length key identifiers are supported.\r
76336e4e
SZ		 1251 /// FALSE if a fixed length key identifier is supported.\r
1252 ///\r
2f88bd3a 1253 BOOLEAN KeyIdVariableLenSupported;\r
76336e4e
SZ		 1254 ///\r
1255 /// If KeyIdVariableLenSupported is TRUE, this is the maximum supported key identifier length\r
1256 /// in bytes. Otherwise this is the fixed length of key identifier supported. Key ids shorter\r
1257 /// than the fixed length will be padded on the right with blanks.\r
1258 ///\r
2f88bd3a 1259 UINTN KeyIdMaxSize;\r
76336e4e
SZ		 1260 ///\r
1261 /// The number of key format/size GUIDs returned in the KeyFormats field.\r
1262 ///\r
2f88bd3a 1263 UINTN KeyFormatsCount;\r
76336e4e
SZ		 1264 ///\r
1265 /// A pointer to an array of EFI_GUID values which specify key formats/sizes supported by\r
1266 /// this KMS. Each format/size pair will be specified by a separate EFI_GUID. At least one\r
1267 /// key format/size must be supported. All formats/sizes with the same hashing algorithm\r
1268 /// must be contiguous in the array, and for each hashing algorithm, the key sizes must be in\r
1269 /// ascending order. See "Related Definitions" for GUIDs which identify supported key formats/sizes.\r
1270 /// This list of GUIDs supported by the KMS is not required to be exhaustive, and the KMS\r
1271 /// may provide support for additional key formats/sizes. Users may request key information\r
1272 /// using an arbitrary GUID, but any GUID not recognized by the implementation or not\r
1273 /// supported by the KMS will return an error code of EFI_UNSUPPORTED\r
1274 ///\r
2f88bd3a 1275 EFI_GUID *KeyFormats;\r
76336e4e
SZ		 1276 ///\r
1277 /// TRUE if key attributes are supported.\r
1278 /// FALSE if key attributes are not supported.\r
1279 ///\r
2f88bd3a 1280 BOOLEAN KeyAttributesSupported;\r
76336e4e
SZ		 1281 ///\r
1282 /// The key attribute identifier string type(s) supported by the KMS service. If key attributes\r
1283 /// are not supported, this field will be set to EFI_KMS_DATA_TYPE_NONE. Otherwise, it will\r
1284 /// be set to the inclusive 'OR' of all key attribute identifier string types supported.\r
1285 /// EFI_KMS_DATA_TYPE_BINARY is not valid for this field.\r
1286 ///\r
2f88bd3a
MK		 1287 UINT8 KeyAttributeIdStringTypes;\r
1288 UINT16 KeyAttributeIdMaxCount;\r
76336e4e
SZ		 1289 ///\r
1290 /// The number of predefined KeyAttributes structures returned in the KeyAttributes\r
1291 /// parameter. If the KMS does not support predefined key attributes, or if it does not\r
1292 /// provide a method to obtain predefined key attributes data, then this field must be zero.\r
1293 ///\r
2f88bd3a 1294 UINTN KeyAttributesCount;\r
76336e4e
SZ		 1295 ///\r
1296 /// A pointer to an array of KeyAttributes structures which contains the predefined\r
1297 /// attributes supported by this KMS. Each structure must contain a valid key attribute\r
1298 /// identifier and should provide any other information as appropriate for the attribute,\r
1299 /// including a default value if one exists. This variable must be set to NULL if the\r
1300 /// KeyAttributesCount variable is zero. It must point to a valid buffer if the\r
1301 /// KeyAttributesCount variable is non-zero.\r
1302 /// This list of predefined attributes is not required to be exhaustive, and the KMS may\r
1303 /// provide additional predefined attributes not enumerated in this list. The implementation\r
1304 /// does not distinguish between predefined and used defined attributes, and therefore,\r
1305 /// predefined attributes not enumerated will still be processed to the KMS.\r
1306 ///\r
2f88bd3a 1307 EFI_KMS_KEY_ATTRIBUTE *KeyAttributes;\r
76336e4e
SZ		 1308};\r
1309\r
2f88bd3a
MK		 1310extern EFI_GUID gEfiKmsFormatGeneric128Guid;\r
1311extern EFI_GUID gEfiKmsFormatGeneric160Guid;\r
1312extern EFI_GUID gEfiKmsFormatGeneric256Guid;\r
1313extern EFI_GUID gEfiKmsFormatGeneric512Guid;\r
1314extern EFI_GUID gEfiKmsFormatGeneric1024Guid;\r
1315extern EFI_GUID gEfiKmsFormatGeneric2048Guid;\r
1316extern EFI_GUID gEfiKmsFormatGeneric3072Guid;\r
1317extern EFI_GUID gEfiKmsFormatMd2128Guid;\r
1318extern EFI_GUID gEfiKmsFormatMdc2128Guid;\r
1319extern EFI_GUID gEfiKmsFormatMd4128Guid;\r
1320extern EFI_GUID gEfiKmsFormatMdc4128Guid;\r
1321extern EFI_GUID gEfiKmsFormatMd5128Guid;\r
1322extern EFI_GUID gEfiKmsFormatMd5sha128Guid;\r
1323extern EFI_GUID gEfiKmsFormatSha1160Guid;\r
1324extern EFI_GUID gEfiKmsFormatSha256256Guid;\r
1325extern EFI_GUID gEfiKmsFormatSha512512Guid;\r
1326extern EFI_GUID gEfiKmsFormatAesxts128Guid;\r
1327extern EFI_GUID gEfiKmsFormatAesxts256Guid;\r
1328extern EFI_GUID gEfiKmsFormatAescbc128Guid;\r
1329extern EFI_GUID gEfiKmsFormatAescbc256Guid;\r
1330extern EFI_GUID gEfiKmsFormatRsasha11024Guid;\r
1331extern EFI_GUID gEfiKmsFormatRsasha12048Guid;\r
1332extern EFI_GUID gEfiKmsFormatRsasha2562048Guid;\r
1333extern EFI_GUID gEfiKmsFormatRsasha2563072Guid;\r
1334extern EFI_GUID gEfiKmsProtocolGuid;\r
76336e4e
SZ		 1335\r
1336#endif\r
EFI Development Kit II mirror for PVE