]>
Commit | Line | Data |
---|---|---|
0c18794e | 1 | /** @file\r |
7ae77cee | 2 | The variable data structures are related to EDKII-specific\r |
0c18794e | 3 | implementation of UEFI authenticated variables.\r |
7ae77cee SZ |
4 | AuthenticatedVariableFormat.h defines variable data headers\r |
5 | and variable storage region headers that has been moved to\r | |
6 | VariableFormat.h.\r | |
7 | \r | |
8 | Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r | |
9 | This program and the accompanying materials\r | |
10 | are licensed and made available under the terms and conditions of the BSD License\r | |
11 | which accompanies this distribution. The full text of the license may be found at\r | |
0c18794e | 12 | http://opensource.org/licenses/bsd-license.php\r |
13 | \r | |
7ae77cee | 14 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r |
0c18794e | 15 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r |
16 | \r | |
17 | **/\r | |
18 | \r | |
19 | #ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__\r | |
20 | #define __AUTHENTICATED_VARIABLE_FORMAT_H__\r | |
21 | \r | |
7ae77cee | 22 | #include <Guid/VariableFormat.h>\r |
0c18794e | 23 | \r |
beda2356 | 24 | #define EFI_SECURE_BOOT_ENABLE_DISABLE \\r |
25 | { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r | |
26 | \r | |
beda2356 | 27 | extern EFI_GUID gEfiSecureBootEnableDisableGuid;\r |
c11d47b8 | 28 | extern EFI_GUID gEfiCertDbGuid;\r |
29 | extern EFI_GUID gEfiCustomModeEnableGuid;\r | |
a555940b | 30 | extern EFI_GUID gEfiVendorKeysNvGuid;\r |
beda2356 | 31 | \r |
32 | ///\r | |
8f8ca22e | 33 | /// "SecureBootEnable" variable for the Secure Boot feature enable/disable.\r |
34 | /// This variable is used for allowing a physically present user to disable\r | |
35 | /// Secure Boot via firmware setup without the possession of PKpriv.\r | |
beda2356 | 36 | ///\r |
7ae77cee SZ |
37 | /// GUID: gEfiSecureBootEnableDisableGuid\r |
38 | ///\r | |
39 | /// Format: UINT8\r | |
40 | ///\r | |
beda2356 | 41 | #define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable"\r |
42 | #define SECURE_BOOT_ENABLE 1\r | |
43 | #define SECURE_BOOT_DISABLE 0\r | |
0c18794e | 44 | \r |
ecc722ad | 45 | ///\r |
46 | /// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".\r | |
47 | /// Standard Secure Boot mode is the default mode as UEFI Spec's description.\r | |
48 | /// Custom Secure Boot mode allows for more flexibility as specified in the following:\r | |
49 | /// Can enroll or delete PK without existing PK's private key.\r | |
50 | /// Can enroll or delete KEK without existing PK's private key.\r | |
51 | /// Can enroll or delete signature from DB/DBX without KEK's private key.\r | |
52 | ///\r | |
7ae77cee SZ |
53 | /// GUID: gEfiCustomModeEnableGuid\r |
54 | ///\r | |
55 | /// Format: UINT8\r | |
56 | ///\r | |
ecc722ad | 57 | #define EFI_CUSTOM_MODE_NAME L"CustomMode"\r |
58 | #define CUSTOM_SECURE_BOOT_MODE 1\r | |
59 | #define STANDARD_SECURE_BOOT_MODE 0\r | |
60 | \r | |
a555940b FS |
61 | ///\r |
62 | /// "VendorKeysNv" variable to record the out of band secure boot keys modification.\r | |
63 | /// This variable is a read-only NV varaible that indicates whether someone other than\r | |
64 | /// the platform vendor has used a mechanism not defined by the UEFI Specification to\r | |
65 | /// transition the system to setup mode or to update secure boot keys.\r | |
66 | ///\r | |
7ae77cee SZ |
67 | /// GUID: gEfiVendorKeysNvGuid\r |
68 | ///\r | |
69 | /// Format: UINT8\r | |
70 | ///\r | |
a555940b FS |
71 | #define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv"\r |
72 | #define VENDOR_KEYS_VALID 1\r | |
73 | #define VENDOR_KEYS_MODIFIED 0\r | |
74 | \r | |
0c18794e | 75 | #endif // __AUTHENTICATED_VARIABLE_FORMAT_H__\r |