/** @file\r
Header file for NV data structure definition.\r
\r
-Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b\r
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c\r
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d\r
-#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX 0x0e\r
-#define FORM_FILE_EXPLORER_ID 0x0f\r
-#define FORM_FILE_EXPLORER_ID_PK 0x10\r
-#define FORM_FILE_EXPLORER_ID_KEK 0x11\r
-#define FORM_FILE_EXPLORER_ID_DB 0x12\r
-#define FORM_FILE_EXPLORER_ID_DBX 0x13\r
#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14\r
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15\r
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16\r
-#define FORM_FILE_EXPLORER_ID_DBT 0x17\r
+#define SECUREBOOT_DELETE_SIGNATURE_LIST_FORM 0x17\r
+#define SECUREBOOT_DELETE_SIGNATURE_DATA_FORM 0x18\r
\r
#define SECURE_BOOT_MODE_CUSTOM 0x01\r
#define SECURE_BOOT_MODE_STANDARD 0x00\r
#define KEY_HIDE_SECURE_BOOT 0x100c\r
#define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d\r
#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e\r
-#define KEY_TRANS_SECURE_BOOT_MODE 0x100f\r
+\r
+#define KEY_VALUE_FROM_DBX_TO_LIST_FORM 0x100f\r
\r
#define KEY_SECURE_BOOT_OPTION 0x1100\r
#define KEY_SECURE_BOOT_PK_OPTION 0x1101\r
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c\r
#define KEY_SECURE_BOOT_DBT_OPTION 0x110d\r
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e\r
+#define KEY_SECURE_BOOT_DELETE_ALL_LIST 0x110f\r
+#define KEY_SECURE_BOOT_DELETE_ALL_DATA 0x1110\r
+#define KEY_SECURE_BOOT_DELETE_CHECK_DATA 0x1111\r
\r
#define LABEL_KEK_DELETE 0x1200\r
#define LABEL_DB_DELETE 0x1201\r
-#define LABEL_DBX_DELETE 0x1202\r
+#define LABEL_SIGNATURE_LIST_START 0x1202\r
#define LABEL_DBT_DELETE 0x1203\r
+#define LABEL_SIGNATURE_DATA_START 0x1204\r
+#define LABEL_DELETE_ALL_LIST_BUTTON 0x1300\r
#define LABEL_END 0xffff\r
\r
-\r
#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255\r
\r
#define CONFIG_OPTION_OFFSET 0x2000\r
//\r
#define OPTION_DEL_DB_QUESTION_ID 0x3000\r
//\r
-// Question ID 0x4000 ~ 0x4FFF is for DBX\r
+// Question ID 0x4000 ~ 0x4FFF is for signature list.\r
//\r
-#define OPTION_DEL_DBX_QUESTION_ID 0x4000\r
+#define OPTION_SIGNATURE_LIST_QUESTION_ID 0X4000\r
+//\r
+// Question ID 0x6000 ~ 0x6FFF is for signature data.\r
+//\r
+#define OPTION_SIGNATURE_DATA_QUESTION_ID 0x6000\r
\r
//\r
// Question ID 0x5000 ~ 0x5FFF is for DBT\r
//\r
#define OPTION_DEL_DBT_QUESTION_ID 0x5000\r
\r
-#define FILE_OPTION_GOTO_OFFSET 0xC000\r
-#define FILE_OPTION_OFFSET 0x8000\r
-#define FILE_OPTION_MASK 0x3FFF\r
-\r
#define SECURE_BOOT_GUID_SIZE 36\r
#define SECURE_BOOT_GUID_STORAGE_SIZE 37\r
\r
-#define SECURE_BOOT_MODE_USER_MODE 0\r
-#define SECURE_BOOT_MODE_SETUP_MODE 1\r
-#define SECURE_BOOT_MODE_AUDIT_MODE 2\r
-#define SECURE_BOOT_MODE_DEPLOYED_MODE 3\r
+#define UNKNOWN_FILE_TYPE 0\r
+#define X509_CERT_FILE_TYPE 1\r
+#define PE_IMAGE_FILE_TYPE 2\r
+#define AUTHENTICATION_2_FILE_TYPE 3\r
\r
//\r
// Nv Data structure referenced by IFR\r
CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];\r
BOOLEAN PhysicalPresent; // If a Physical Present User\r
UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom\r
- UINT8 CurSecureBootMode; // Current SecureBoot Mode SetupMode/UserMode/AuditMode/DeployedMode\r
- UINT8 TransSecureBootMode; // Trans Next SecureBoot Mode\r
BOOLEAN DeletePk;\r
BOOLEAN HasPk; // If Pk is existed it is true\r
BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden\r
UINT8 CertificateFormat; // The type of the certificate\r
EFI_HII_DATE RevocationDate; // The revocation date of the certificate\r
EFI_HII_TIME RevocationTime; // The revocation time of the certificate\r
+ UINT8 FileEnrollType; // File type of sigunature enroll\r
+ UINT32 ListCount; // The count of signature list.\r
+ UINT32 CheckedDataCount; // The count of checked signature data.\r
} SECUREBOOT_CONFIGURATION;\r
\r
#endif\r
projects / mirror_edk2.git / blobdiff