]> git.proxmox.com Git - mirror_edk2.git/blame - MdePkg/Include/Protocol/Bis.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
MdePkg: Replace BSD License with BSD+Patent License
[mirror_edk2.git] / MdePkg / Include / Protocol / Bis.h
CommitLineData
d1f95000 1/** @file\r
9095d37b 2 The EFI_BIS_PROTOCOL is used to check a digital signature of a data block\r
4ca9b6c4 3 against a digital certificate for the purpose of an integrity and authorization check.\r
d1f95000 4\r
9095d37b 5Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
9344f092 6SPDX-License-Identifier: BSD-2-Clause-Patent\r
9095d37b
LG		 7\r
8 @par Revision Reference:\r
9 This Protocol is introduced in EFI Specification 1.10.\r
d1f95000 10\r
d1f95000 11**/\r
12\r
13#ifndef __BIS_H__\r
14#define __BIS_H__\r
15\r
16#define EFI_BIS_PROTOCOL_GUID \\r
17 { \\r
18 0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf } \\r
19 }\r
20\r
fd21d1aa 21//\r
22// X-Intel-BIS-ParameterSet\r
23// Attribute value\r
24// Binary Value of X-Intel-BIS-ParameterSet Attribute.\r
25// (Value is Base-64 encoded in actual signed manifest).\r
26//\r
27#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r
28 { \\r
29 0xedd35e31, 0x7b9, 0x11d2, { 0x83,0xa3,0x0,0xa0,0xc9,0x1f,0xad,0xcf } \\r
30 }\r
31\r
32\r
33\r
d1f95000 34typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL;\r
35\r
36\r
37//\r
38// Basic types\r
39//\r
40typedef VOID *BIS_APPLICATION_HANDLE;\r
41typedef UINT16 BIS_ALG_ID;\r
42typedef UINT32 BIS_CERT_ID;\r
43\r
99e8ed21 44///\r
45/// EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ).\r
46///\r
d1f95000 47typedef struct {\r
af2dc6a7 48 UINT32 Length; ///< The length of Data in 8 bit bytes.\r
107ffdc9 49 UINT8 *Data; ///< 32 Bit Flat Address of data.\r
d1f95000 50} EFI_BIS_DATA;\r
51\r
99e8ed21 52///\r
53/// EFI_BIS_VERSION type.\r
54///\r
d1f95000 55typedef struct {\r
af2dc6a7 56 UINT32 Major; ///< The major BIS version number.\r
57 UINT32 Minor; ///< A minor BIS version number.\r
d1f95000 58} EFI_BIS_VERSION;\r
59\r
60//\r
61// ----------------------------------------------------//\r
62// Use these values to initialize EFI_BIS_VERSION.Major\r
63// and to interpret results of Initialize.\r
64// ----------------------------------------------------//\r
65//\r
66#define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1\r
67#define BIS_VERSION_1 1\r
68\r
99e8ed21 69///\r
70/// EFI_BIS_SIGNATURE_INFO type.\r
71///\r
d1f95000 72typedef struct {\r
107ffdc9 73 BIS_CERT_ID CertificateID; ///< Truncated hash of platform Boot Object\r
74 BIS_ALG_ID AlgorithmID; ///< A signature algorithm number.\r
af2dc6a7 75 UINT16 KeyLength; ///< The length of alg. keys in bits.\r
d1f95000 76} EFI_BIS_SIGNATURE_INFO;\r
77\r
99e8ed21 78///\r
107ffdc9 79/// values for EFI_BIS_SIGNATURE_INFO.AlgorithmID.\r
af2dc6a7 80/// The exact numeric values come from the\r
99e8ed21 81/// "Common Data Security Architecture (CDSA) Specification".\r
82///\r
d1f95000 83#define BIS_ALG_DSA (41) // CSSM_ALGID_DSA\r
84#define BIS_ALG_RSA_MD5 (42) // CSSM_ALGID_MD5_WITH_RSA\r
107ffdc9 85///\r
86/// values for EFI_BIS_SIGNATURE_INFO.CertificateId.\r
99e8ed21 87///\r
d1f95000 88#define BIS_CERT_ID_DSA BIS_ALG_DSA // CSSM_ALGID_DSA\r
89#define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA\r
107ffdc9 90///\r
af2dc6a7 91/// The mask value that gets applied to the truncated hash of a\r
99e8ed21 92/// platform Boot Object Authorization Certificate to create the certificateID.\r
93/// A certificateID must not have any bits set to the value 1 other than bits in\r
94/// this mask.\r
95///\r
d1f95000 96#define BIS_CERT_ID_MASK (0xFF7F7FFF)\r
97\r
99e8ed21 98///\r
99/// Macros for dealing with the EFI_BIS_DATA object obtained\r
af2dc6a7 100/// from BIS_GetSignatureInfo().\r
99e8ed21 101/// BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO\r
102/// elements are contained in a EFI_BIS_DATA struct pointed to\r
103/// by the provided EFI_BIS_DATA*.\r
104///\r
d1f95000 105#define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO))\r
106\r
99e8ed21 107///\r
108/// BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO*\r
109/// from a given EFI_BIS_DATA*.\r
110///\r
d1f95000 111#define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data)\r
112\r
99e8ed21 113///\r
af2dc6a7 114/// Support an old name for backward compatibility.\r
99e8ed21 115///\r
d1f95000 116#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \\r
117 BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID\r
118\r
9095d37b 119/**\r
d1f95000 120 Initializes the BIS service, checking that it is compatible with the version requested by the caller.\r
9095d37b
LG		 121 After this call, other BIS functions may be invoked.\r
122\r
d1f95000 123 @param This A pointer to the EFI_BIS_PROTOCOL object.\r
9095d37b 124 @param AppHandle The function writes the new BIS_APPLICATION_HANDLE if\r
d1f95000 125 successful, otherwise it writes NULL. The caller must eventually\r
9095d37b 126 destroy this handle by calling Shutdown().\r
d1f95000 127 @param InterfaceVersion On input, the caller supplies the major version number of the\r
9095d37b
LG		 128 interface version desired.\r
129 On output, both the major and minor\r
d1f95000 130 version numbers are updated with the major and minor version\r
f1004231 131 numbers of the interface. This update is done whether or not the\r
9095d37b
LG		 132 initialization was successful.\r
133 @param TargetAddress Indicates a network or device address of the BIS platform to connect to.\r
d1f95000 134\r
135 @retval EFI_SUCCESS The function completed successfully.\r
9095d37b 136 @retval EFI_INCOMPATIBLE_VERSION The InterfaceVersion.Major requested by the\r
d1f95000 137 caller was not compatible with the interface version of the\r
f1004231
LG		 138 implementation. The InterfaceVersion.Major has\r
139 been updated with the current interface version.\r
9095d37b
LG		 140 @retval EFI_UNSUPPORTED This is a local-platform implementation and\r
141 TargetAddress.Data was not NULL, or\r
d1f95000 142 TargetAddress.Data was any other value that was not\r
9095d37b
LG		 143 supported by the implementation.\r
144 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
630b4187 145 @retval EFI_DEVICE_ERROR One of the following device errors:\r
146 * The function encountered an unexpected internal failure while initializing a cryptographic software module\r
147 * No cryptographic software module with compatible version was found\r
148 found\r
149 * A resource limitation was encountered while using a cryptographic software module.\r
f1004231 150 @retval EFI_INVALID_PARAMETER The This parameter supplied by the caller is NULL or does not\r
af2dc6a7 151 reference a valid EFI_BIS_PROTOCOL object. Or,\r
152 the AppHandle parameter supplied by the caller is NULL or\r
153 an invalid memory reference. Or,\r
154 the InterfaceVersion parameter supplied by the caller\r
155 is NULL or an invalid memory reference. Or,\r
156 the TargetAddress parameter supplied by the caller is\r
f1004231 157 NULL or an invalid memory reference.\r
9095d37b
LG		 158\r
159**/\r
d1f95000 160typedef\r
161EFI_STATUS\r
8b13229b 162(EFIAPI *EFI_BIS_INITIALIZE)(\r
9095d37b
LG		 163 IN EFI_BIS_PROTOCOL *This,\r
164 OUT BIS_APPLICATION_HANDLE *AppHandle,\r
165 IN OUT EFI_BIS_VERSION *InterfaceVersion,\r
166 IN EFI_BIS_DATA *TargetAddress\r
d1f95000 167 );\r
168\r
9095d37b
LG		 169/**\r
170 Frees memory structures allocated and returned by other functions in the EFI_BIS protocol.\r
171\r
d1f95000 172 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b
LG		 173 of the BIS service.\r
174 @param ToFree An EFI_BIS_DATA* and associated memory block to be freed.\r
f1004231 175 This EFI_BIS_DATA* must have been allocated by one of the other BIS functions.\r
d1f95000 176\r
177 @retval EFI_SUCCESS The function completed successfully.\r
178 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 179 application instance handle associated with the EFI_BIS protocol.\r
180 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 181 @retval EFI_INVALID_PARAMETER The ToFree parameter is not or is no longer a memory resource\r
9095d37b
LG		 182 associated with this AppHandle.\r
183\r
184**/\r
d1f95000 185typedef\r
186EFI_STATUS\r
8b13229b 187(EFIAPI *EFI_BIS_FREE)(\r
9095d37b
LG		 188 IN BIS_APPLICATION_HANDLE AppHandle,\r
189 IN EFI_BIS_DATA *ToFree\r
d1f95000 190 );\r
191\r
9095d37b 192/**\r
d1f95000 193 Shuts down an application's instance of the BIS service, invalidating the application handle. After\r
9095d37b
LG		 194 this call, other BIS functions may no longer be invoked using the application handle value.\r
195\r
d1f95000 196 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 197 of the BIS service.\r
d1f95000 198\r
199 @retval EFI_SUCCESS The function completed successfully.\r
af2dc6a7 200 @retval EFI_NO_MAPPING The AppHandle parameter is not, or is no longer, a valid\r
9095d37b
LG		 201 application instance handle associated with the EFI_BIS protocol.\r
202 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
f1004231
LG		 203 @retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure while\r
204 returning resources associated with a cryptographic software module, or\r
205 while trying to shut down a cryptographic software module.\r
206**/\r
d1f95000 207typedef\r
208EFI_STATUS\r
8b13229b 209(EFIAPI *EFI_BIS_SHUTDOWN)(\r
9095d37b 210 IN BIS_APPLICATION_HANDLE AppHandle\r
d1f95000 211 );\r
212\r
9095d37b 213/**\r
d1f95000 214 Retrieves the certificate that has been configured as the identity of the organization designated as\r
215 the source of authorization for signatures of boot objects.\r
9095d37b 216\r
d1f95000 217 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 218 of the BIS service.\r
d1f95000 219 @param Certificate The function writes an allocated EFI_BIS_DATA* containing the Boot\r
f1004231
LG		 220 Object Authorization Certificate object. The caller must\r
221 eventually free the memory allocated by this function using the function Free().\r
d1f95000 222\r
223 @retval EFI_SUCCESS The function completed successfully.\r
224 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 225 application instance handle associated with the EFI_BIS protocol.\r
226 @retval EFI_NOT_FOUND There is no Boot Object Authorization Certificate currently installed.\r
227 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 228 @retval EFI_INVALID_PARAMETER The Certificate parameter supplied by the caller is NULL or\r
9095d37b
LG		 229 an invalid memory reference.\r
230\r
231**/\r
d1f95000 232typedef\r
233EFI_STATUS\r
8b13229b 234(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE)(\r
9095d37b
LG		 235 IN BIS_APPLICATION_HANDLE AppHandle,\r
236 OUT EFI_BIS_DATA **Certificate\r
d1f95000 237 );\r
238\r
9095d37b 239/**\r
d1f95000 240 Verifies the integrity and authorization of the indicated data object according to the\r
9095d37b
LG		 241 indicated credentials.\r
242\r
d1f95000 243 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 244 of the BIS service.\r
d1f95000 245 @param Credentials A Signed Manifest containing verification information for the indicated\r
9095d37b 246 data object.\r
d1f95000 247 @param DataObject An in-memory copy of the raw data object to be verified.\r
248 @param IsVerified The function writes TRUE if the verification succeeded, otherwise\r
9095d37b
LG		 249 FALSE.\r
250\r
d1f95000 251 @retval EFI_SUCCESS The function completed successfully.\r
252 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 253 application instance handle associated with the EFI_BIS protocol.\r
254 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 255 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
256 @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the Credentials parameter\r
257 was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r
9095d37b
LG		 258 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.\r
259\r
260**/\r
d1f95000 261typedef\r
262EFI_STATUS\r
8b13229b 263(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT)(\r
9095d37b
LG		 264 IN BIS_APPLICATION_HANDLE AppHandle,\r
265 IN EFI_BIS_DATA *Credentials,\r
266 IN EFI_BIS_DATA *DataObject,\r
267 OUT BOOLEAN *IsVerified\r
d1f95000 268 );\r
269\r
9095d37b 270/**\r
d1f95000 271 Retrieves the current status of the Boot Authorization Check Flag.\r
9095d37b 272\r
d1f95000 273 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 274 of the BIS service.\r
d1f95000 275 @param CheckIsRequired The function writes the value TRUE if a Boot Authorization Check is\r
9095d37b
LG		 276 currently required on this platform, otherwise the function writes\r
277 FALSE.\r
278\r
d1f95000 279 @retval EFI_SUCCESS The function completed successfully.\r
280 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 281 application instance handle associated with the EFI_BIS protocol.\r
282 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 283 @retval EFI_INVALID_PARAMETER The CheckIsRequired parameter supplied by the caller is\r
9095d37b
LG		 284 NULL or an invalid memory reference.\r
285\r
286**/\r
d1f95000 287typedef\r
288EFI_STATUS\r
8b13229b 289(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG)(\r
9095d37b
LG		 290 IN BIS_APPLICATION_HANDLE AppHandle,\r
291 OUT BOOLEAN *CheckIsRequired\r
d1f95000 292 );\r
293\r
9095d37b 294/**\r
d1f95000 295 Retrieves a unique token value to be included in the request credential for the next update of any\r
9095d37b
LG		 296 parameter in the Boot Object Authorization set\r
297\r
298 @param AppHandle An opaque handle that identifies the caller's\r
299 instance of initialization of the BIS service.\r
300 @param UpdateToken The function writes an allocated EFI_BIS_DATA*\r
301 containing the newunique update token value.\r
302 The caller musteventually free the memory allocated\r
af2dc6a7 303 by this function using the function Free().\r
9095d37b 304\r
d1f95000 305 @retval EFI_SUCCESS The function completed successfully.\r
306 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 307 application instance handle associated with the EFI_BIS protocol.\r
308 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 309 @retval EFI_INVALID_PARAMETER The UpdateToken parameter supplied by the caller is NULL or\r
9095d37b
LG		 310 an invalid memory reference.\r
311 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.\r
312\r
313**/\r
d1f95000 314typedef\r
315EFI_STATUS\r
8b13229b 316(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN)(\r
9095d37b
LG		 317 IN BIS_APPLICATION_HANDLE AppHandle,\r
318 OUT EFI_BIS_DATA **UpdateToken\r
d1f95000 319 );\r
320\r
9095d37b 321/**\r
d1f95000 322 Updates one of the configurable parameters of the Boot Object Authorization set.\r
9095d37b
LG		 323\r
324 @param AppHandle An opaque handle that identifies the caller's\r
325 instance of initialization of the BIS service.\r
326 @param RequestCredential This is a Signed Manifest with embedded attributes\r
327 that carry the details of the requested update.\r
328 @param NewUpdateToken The function writes an allocated EFI_BIS_DATA*\r
329 containing the new unique update token value.\r
330 The caller must eventually free the memory allocated\r
af2dc6a7 331 by this function using the function Free().\r
9095d37b
LG		 332\r
333 @retval EFI_SUCCESS The function completed successfully.\r
334 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
335 application instance handle associated with the EFI_BIS protocol.\r
336 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
337 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
338 @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the RequestCredential parameter\r
339 was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r
f1004231
LG		 340 @retval EFI_DEVICE_ERROR An unexpected internal error occurred while analyzing the new\r
341 certificate's key algorithm, or while attempting to retrieve\r
342 the public key algorithm of the manifest's signer's certificate,\r
9095d37b
LG		 343 or An unexpected internal error occurred in a cryptographic software module.\r
344\r
345**/\r
d1f95000 346typedef\r
347EFI_STATUS\r
8b13229b 348(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION)(\r
9095d37b
LG		 349 IN BIS_APPLICATION_HANDLE AppHandle,\r
350 IN EFI_BIS_DATA *RequestCredential,\r
351 OUT EFI_BIS_DATA **NewUpdateToken\r
d1f95000 352 );\r
353\r
9095d37b 354/**\r
d1f95000 355 Verifies the integrity and authorization of the indicated data object according to the indicated\r
9095d37b
LG		 356 credentials and authority certificate.\r
357\r
d1f95000 358 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 359 of the BIS service.\r
d1f95000 360 @param Credentials A Signed Manifest containing verification information for the\r
9095d37b 361 indicated data object.\r
d1f95000 362 @param DataObject An in-memory copy of the raw data object to be verified.\r
9095d37b 363 @param SectionName An ASCII string giving the section name in the\r
d1f95000 364 manifest holding the verification information (in other words,\r
9095d37b
LG		 365 hash value) that corresponds to DataObject.\r
366 @param AuthorityCertificate A digital certificate whose public key must match the signer's\r
367 public key which is found in the credentials.\r
d1f95000 368 @param IsVerified The function writes TRUE if the verification was successful.\r
9095d37b
LG		 369 Otherwise, the function writes FALSE.\r
370\r
371 @retval EFI_SUCCESS The function completed successfully.\r
372 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
373 application instance handle associated with the EFI_BIS protocol.\r
374 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
375 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
d1f95000 376 @retval EFI_SECURITY_VIOLATION The Credentials.Data supplied by the caller is NULL,\r
9095d37b
LG		 377 or the AuthorityCertificate supplied by the caller was\r
378 invalid (could not be parsed),\r
379 or Platform-specific authorization failed, etc.\r
f1004231 380 @retval EFI_DEVICE_ERROR An unexpected internal error occurred while attempting to retrieve\r
cd2ed84a 381 the public key algorithm of the manifest's signer's certificate,\r
9095d37b
LG		 382 or An unexpected internal error occurred in a cryptographic software module.\r
383**/\r
d1f95000 384typedef\r
385EFI_STATUS\r
8b13229b 386(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL)(\r
9095d37b
LG		 387 IN BIS_APPLICATION_HANDLE AppHandle,\r
388 IN EFI_BIS_DATA *Credentials,\r
389 IN EFI_BIS_DATA *DataObject,\r
390 IN EFI_BIS_DATA *SectionName,\r
391 IN EFI_BIS_DATA *AuthorityCertificate,\r
392 OUT BOOLEAN *IsVerified\r
d1f95000 393 );\r
394\r
9095d37b 395/**\r
d1f95000 396 Retrieves a list of digital certificate identifier, digital signature algorithm, hash algorithm, and keylength\r
9095d37b 397 combinations that the platform supports.\r
f1004231 398\r
d1f95000 399 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 400 of the BIS service.\r
d1f95000 401 @param SignatureInfo The function writes an allocated EFI_BIS_DATA* containing the array\r
9095d37b 402 of EFI_BIS_SIGNATURE_INFO structures representing the supported\r
f1004231
LG		 403 digital certificate identifier, algorithm, and key length combinations.\r
404 The caller must eventually free the memory allocated by this function using the function Free().\r
405\r
9095d37b
LG		 406 @retval EFI_SUCCESS The function completed successfully.\r
407 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
408 application instance handle associated with the EFI_BIS protocol.\r
409 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 410 @retval EFI_INVALID_PARAMETER The SignatureInfo parameter supplied by the caller is NULL\r
f1004231
LG		 411 or an invalid memory reference.\r
412 @retval EFI_DEVICE_ERROR An unexpected internal error occurred in a\r
413 cryptographic software module, or\r
414 The function encountered an unexpected internal consistency check\r
415 failure (possible corruption of stored Boot Object Authorization Certificate).\r
416\r
d1f95000 417**/\r
418typedef\r
419EFI_STATUS\r
8b13229b 420(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO)(\r
9095d37b
LG		 421 IN BIS_APPLICATION_HANDLE AppHandle,\r
422 OUT EFI_BIS_DATA **SignatureInfo\r
d1f95000 423 );\r
424\r
44717a39 425///\r
426/// The EFI_BIS_PROTOCOL is used to check a digital signature of a data block against a digital\r
427/// certificate for the purpose of an integrity and authorization check.\r
428///\r
d1f95000 429struct _EFI_BIS_PROTOCOL {\r
430 EFI_BIS_INITIALIZE Initialize;\r
431 EFI_BIS_SHUTDOWN Shutdown;\r
432 EFI_BIS_FREE Free;\r
433 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE GetBootObjectAuthorizationCertificate;\r
434 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG GetBootObjectAuthorizationCheckFlag;\r
435 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN GetBootObjectAuthorizationUpdateToken;\r
436 EFI_BIS_GET_SIGNATURE_INFO GetSignatureInfo;\r
437 EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION UpdateBootObjectAuthorization;\r
438 EFI_BIS_VERIFY_BOOT_OBJECT VerifyBootObject;\r
439 EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL VerifyObjectWithCredential;\r
440};\r
441\r
442extern EFI_GUID gEfiBisProtocolGuid;\r
443extern EFI_GUID gBootObjectAuthorizationParmsetGuid;\r
444\r
445#endif\r
EFI Development Kit II mirror for PVE