]> git.proxmox.com Git - mirror_edk2.git/blame - MdePkg/Include/Protocol/Bis.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
MdePkg: Apply uncrustify changes
[mirror_edk2.git] / MdePkg / Include / Protocol / Bis.h
CommitLineData
d1f95000 1/** @file\r
9095d37b 2 The EFI_BIS_PROTOCOL is used to check a digital signature of a data block\r
4ca9b6c4 3 against a digital certificate for the purpose of an integrity and authorization check.\r
d1f95000 4\r
9095d37b 5Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
9344f092 6SPDX-License-Identifier: BSD-2-Clause-Patent\r
9095d37b
LG		 7\r
8 @par Revision Reference:\r
9 This Protocol is introduced in EFI Specification 1.10.\r
d1f95000 10\r
d1f95000 11**/\r
12\r
13#ifndef __BIS_H__\r
14#define __BIS_H__\r
15\r
16#define EFI_BIS_PROTOCOL_GUID \\r
17 { \\r
18 0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf } \\r
19 }\r
20\r
fd21d1aa 21//\r
22// X-Intel-BIS-ParameterSet\r
23// Attribute value\r
24// Binary Value of X-Intel-BIS-ParameterSet Attribute.\r
25// (Value is Base-64 encoded in actual signed manifest).\r
26//\r
27#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r
28 { \\r
29 0xedd35e31, 0x7b9, 0x11d2, { 0x83,0xa3,0x0,0xa0,0xc9,0x1f,0xad,0xcf } \\r
30 }\r
31\r
2f88bd3a 32typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL;\r
d1f95000 33\r
34//\r
35// Basic types\r
36//\r
2f88bd3a
MK		 37typedef VOID *BIS_APPLICATION_HANDLE;\r
38typedef UINT16 BIS_ALG_ID;\r
39typedef UINT32 BIS_CERT_ID;\r
d1f95000 40\r
99e8ed21 41///\r
42/// EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ).\r
43///\r
d1f95000 44typedef struct {\r
2f88bd3a
MK		 45 UINT32 Length; ///< The length of Data in 8 bit bytes.\r
46 UINT8 *Data; ///< 32 Bit Flat Address of data.\r
d1f95000 47} EFI_BIS_DATA;\r
48\r
99e8ed21 49///\r
50/// EFI_BIS_VERSION type.\r
51///\r
d1f95000 52typedef struct {\r
2f88bd3a
MK		 53 UINT32 Major; ///< The major BIS version number.\r
54 UINT32 Minor; ///< A minor BIS version number.\r
d1f95000 55} EFI_BIS_VERSION;\r
56\r
57//\r
58// ----------------------------------------------------//\r
59// Use these values to initialize EFI_BIS_VERSION.Major\r
60// and to interpret results of Initialize.\r
61// ----------------------------------------------------//\r
62//\r
2f88bd3a
MK		 63#define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1\r
64#define BIS_VERSION_1 1\r
d1f95000 65\r
99e8ed21 66///\r
67/// EFI_BIS_SIGNATURE_INFO type.\r
68///\r
d1f95000 69typedef struct {\r
2f88bd3a
MK		 70 BIS_CERT_ID CertificateID; ///< Truncated hash of platform Boot Object\r
71 BIS_ALG_ID AlgorithmID; ///< A signature algorithm number.\r
72 UINT16 KeyLength; ///< The length of alg. keys in bits.\r
d1f95000 73} EFI_BIS_SIGNATURE_INFO;\r
74\r
99e8ed21 75///\r
107ffdc9 76/// values for EFI_BIS_SIGNATURE_INFO.AlgorithmID.\r
af2dc6a7 77/// The exact numeric values come from the\r
99e8ed21 78/// "Common Data Security Architecture (CDSA) Specification".\r
79///\r
2f88bd3a
MK		 80#define BIS_ALG_DSA (41) // CSSM_ALGID_DSA\r
81#define BIS_ALG_RSA_MD5 (42) // CSSM_ALGID_MD5_WITH_RSA\r
107ffdc9 82///\r
83/// values for EFI_BIS_SIGNATURE_INFO.CertificateId.\r
99e8ed21 84///\r
2f88bd3a
MK		 85#define BIS_CERT_ID_DSA BIS_ALG_DSA // CSSM_ALGID_DSA\r
86#define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA\r
107ffdc9 87///\r
af2dc6a7 88/// The mask value that gets applied to the truncated hash of a\r
99e8ed21 89/// platform Boot Object Authorization Certificate to create the certificateID.\r
90/// A certificateID must not have any bits set to the value 1 other than bits in\r
91/// this mask.\r
92///\r
d1f95000 93#define BIS_CERT_ID_MASK (0xFF7F7FFF)\r
94\r
99e8ed21 95///\r
96/// Macros for dealing with the EFI_BIS_DATA object obtained\r
af2dc6a7 97/// from BIS_GetSignatureInfo().\r
99e8ed21 98/// BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO\r
99/// elements are contained in a EFI_BIS_DATA struct pointed to\r
100/// by the provided EFI_BIS_DATA*.\r
101///\r
2f88bd3a 102#define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO))\r
d1f95000 103\r
99e8ed21 104///\r
105/// BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO*\r
106/// from a given EFI_BIS_DATA*.\r
107///\r
2f88bd3a 108#define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data)\r
d1f95000 109\r
99e8ed21 110///\r
af2dc6a7 111/// Support an old name for backward compatibility.\r
99e8ed21 112///\r
d1f95000 113#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \\r
114 BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID\r
115\r
9095d37b 116/**\r
d1f95000 117 Initializes the BIS service, checking that it is compatible with the version requested by the caller.\r
9095d37b
LG		 118 After this call, other BIS functions may be invoked.\r
119\r
d1f95000 120 @param This A pointer to the EFI_BIS_PROTOCOL object.\r
9095d37b 121 @param AppHandle The function writes the new BIS_APPLICATION_HANDLE if\r
d1f95000 122 successful, otherwise it writes NULL. The caller must eventually\r
9095d37b 123 destroy this handle by calling Shutdown().\r
d1f95000 124 @param InterfaceVersion On input, the caller supplies the major version number of the\r
9095d37b
LG		 125 interface version desired.\r
126 On output, both the major and minor\r
d1f95000 127 version numbers are updated with the major and minor version\r
f1004231 128 numbers of the interface. This update is done whether or not the\r
9095d37b
LG		 129 initialization was successful.\r
130 @param TargetAddress Indicates a network or device address of the BIS platform to connect to.\r
d1f95000 131\r
132 @retval EFI_SUCCESS The function completed successfully.\r
9095d37b 133 @retval EFI_INCOMPATIBLE_VERSION The InterfaceVersion.Major requested by the\r
d1f95000 134 caller was not compatible with the interface version of the\r
f1004231
LG		 135 implementation. The InterfaceVersion.Major has\r
136 been updated with the current interface version.\r
9095d37b
LG		 137 @retval EFI_UNSUPPORTED This is a local-platform implementation and\r
138 TargetAddress.Data was not NULL, or\r
d1f95000 139 TargetAddress.Data was any other value that was not\r
9095d37b
LG		 140 supported by the implementation.\r
141 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
630b4187 142 @retval EFI_DEVICE_ERROR One of the following device errors:\r
143 * The function encountered an unexpected internal failure while initializing a cryptographic software module\r
144 * No cryptographic software module with compatible version was found\r
145 found\r
146 * A resource limitation was encountered while using a cryptographic software module.\r
f1004231 147 @retval EFI_INVALID_PARAMETER The This parameter supplied by the caller is NULL or does not\r
af2dc6a7 148 reference a valid EFI_BIS_PROTOCOL object. Or,\r
149 the AppHandle parameter supplied by the caller is NULL or\r
150 an invalid memory reference. Or,\r
151 the InterfaceVersion parameter supplied by the caller\r
152 is NULL or an invalid memory reference. Or,\r
153 the TargetAddress parameter supplied by the caller is\r
f1004231 154 NULL or an invalid memory reference.\r
9095d37b
LG		 155\r
156**/\r
d1f95000 157typedef\r
158EFI_STATUS\r
8b13229b 159(EFIAPI *EFI_BIS_INITIALIZE)(\r
9095d37b
LG		 160 IN EFI_BIS_PROTOCOL *This,\r
161 OUT BIS_APPLICATION_HANDLE *AppHandle,\r
162 IN OUT EFI_BIS_VERSION *InterfaceVersion,\r
163 IN EFI_BIS_DATA *TargetAddress\r
d1f95000 164 );\r
165\r
9095d37b
LG		 166/**\r
167 Frees memory structures allocated and returned by other functions in the EFI_BIS protocol.\r
168\r
d1f95000 169 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b
LG		 170 of the BIS service.\r
171 @param ToFree An EFI_BIS_DATA* and associated memory block to be freed.\r
f1004231 172 This EFI_BIS_DATA* must have been allocated by one of the other BIS functions.\r
d1f95000 173\r
174 @retval EFI_SUCCESS The function completed successfully.\r
175 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 176 application instance handle associated with the EFI_BIS protocol.\r
177 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 178 @retval EFI_INVALID_PARAMETER The ToFree parameter is not or is no longer a memory resource\r
9095d37b
LG		 179 associated with this AppHandle.\r
180\r
181**/\r
d1f95000 182typedef\r
183EFI_STATUS\r
8b13229b 184(EFIAPI *EFI_BIS_FREE)(\r
9095d37b
LG		 185 IN BIS_APPLICATION_HANDLE AppHandle,\r
186 IN EFI_BIS_DATA *ToFree\r
d1f95000 187 );\r
188\r
9095d37b 189/**\r
d1f95000 190 Shuts down an application's instance of the BIS service, invalidating the application handle. After\r
9095d37b
LG		 191 this call, other BIS functions may no longer be invoked using the application handle value.\r
192\r
d1f95000 193 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 194 of the BIS service.\r
d1f95000 195\r
196 @retval EFI_SUCCESS The function completed successfully.\r
af2dc6a7 197 @retval EFI_NO_MAPPING The AppHandle parameter is not, or is no longer, a valid\r
9095d37b
LG		 198 application instance handle associated with the EFI_BIS protocol.\r
199 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
f1004231
LG		 200 @retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure while\r
201 returning resources associated with a cryptographic software module, or\r
202 while trying to shut down a cryptographic software module.\r
203**/\r
d1f95000 204typedef\r
205EFI_STATUS\r
8b13229b 206(EFIAPI *EFI_BIS_SHUTDOWN)(\r
9095d37b 207 IN BIS_APPLICATION_HANDLE AppHandle\r
d1f95000 208 );\r
209\r
9095d37b 210/**\r
d1f95000 211 Retrieves the certificate that has been configured as the identity of the organization designated as\r
212 the source of authorization for signatures of boot objects.\r
9095d37b 213\r
d1f95000 214 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 215 of the BIS service.\r
d1f95000 216 @param Certificate The function writes an allocated EFI_BIS_DATA* containing the Boot\r
f1004231
LG		 217 Object Authorization Certificate object. The caller must\r
218 eventually free the memory allocated by this function using the function Free().\r
d1f95000 219\r
220 @retval EFI_SUCCESS The function completed successfully.\r
221 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 222 application instance handle associated with the EFI_BIS protocol.\r
223 @retval EFI_NOT_FOUND There is no Boot Object Authorization Certificate currently installed.\r
224 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 225 @retval EFI_INVALID_PARAMETER The Certificate parameter supplied by the caller is NULL or\r
9095d37b
LG		 226 an invalid memory reference.\r
227\r
228**/\r
d1f95000 229typedef\r
230EFI_STATUS\r
8b13229b 231(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE)(\r
9095d37b
LG		 232 IN BIS_APPLICATION_HANDLE AppHandle,\r
233 OUT EFI_BIS_DATA **Certificate\r
d1f95000 234 );\r
235\r
9095d37b 236/**\r
d1f95000 237 Verifies the integrity and authorization of the indicated data object according to the\r
9095d37b
LG		 238 indicated credentials.\r
239\r
d1f95000 240 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 241 of the BIS service.\r
d1f95000 242 @param Credentials A Signed Manifest containing verification information for the indicated\r
9095d37b 243 data object.\r
d1f95000 244 @param DataObject An in-memory copy of the raw data object to be verified.\r
245 @param IsVerified The function writes TRUE if the verification succeeded, otherwise\r
9095d37b
LG		 246 FALSE.\r
247\r
d1f95000 248 @retval EFI_SUCCESS The function completed successfully.\r
249 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 250 application instance handle associated with the EFI_BIS protocol.\r
251 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 252 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
253 @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the Credentials parameter\r
254 was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r
9095d37b
LG		 255 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.\r
256\r
257**/\r
d1f95000 258typedef\r
259EFI_STATUS\r
8b13229b 260(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT)(\r
9095d37b
LG		 261 IN BIS_APPLICATION_HANDLE AppHandle,\r
262 IN EFI_BIS_DATA *Credentials,\r
263 IN EFI_BIS_DATA *DataObject,\r
264 OUT BOOLEAN *IsVerified\r
d1f95000 265 );\r
266\r
9095d37b 267/**\r
d1f95000 268 Retrieves the current status of the Boot Authorization Check Flag.\r
9095d37b 269\r
d1f95000 270 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 271 of the BIS service.\r
d1f95000 272 @param CheckIsRequired The function writes the value TRUE if a Boot Authorization Check is\r
9095d37b
LG		 273 currently required on this platform, otherwise the function writes\r
274 FALSE.\r
275\r
d1f95000 276 @retval EFI_SUCCESS The function completed successfully.\r
277 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 278 application instance handle associated with the EFI_BIS protocol.\r
279 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 280 @retval EFI_INVALID_PARAMETER The CheckIsRequired parameter supplied by the caller is\r
9095d37b
LG		 281 NULL or an invalid memory reference.\r
282\r
283**/\r
d1f95000 284typedef\r
285EFI_STATUS\r
8b13229b 286(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG)(\r
9095d37b
LG		 287 IN BIS_APPLICATION_HANDLE AppHandle,\r
288 OUT BOOLEAN *CheckIsRequired\r
d1f95000 289 );\r
290\r
9095d37b 291/**\r
d1f95000 292 Retrieves a unique token value to be included in the request credential for the next update of any\r
9095d37b
LG		 293 parameter in the Boot Object Authorization set\r
294\r
295 @param AppHandle An opaque handle that identifies the caller's\r
296 instance of initialization of the BIS service.\r
297 @param UpdateToken The function writes an allocated EFI_BIS_DATA*\r
298 containing the newunique update token value.\r
299 The caller musteventually free the memory allocated\r
af2dc6a7 300 by this function using the function Free().\r
9095d37b 301\r
d1f95000 302 @retval EFI_SUCCESS The function completed successfully.\r
303 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 304 application instance handle associated with the EFI_BIS protocol.\r
305 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 306 @retval EFI_INVALID_PARAMETER The UpdateToken parameter supplied by the caller is NULL or\r
9095d37b
LG		 307 an invalid memory reference.\r
308 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.\r
309\r
310**/\r
d1f95000 311typedef\r
312EFI_STATUS\r
8b13229b 313(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN)(\r
9095d37b
LG		 314 IN BIS_APPLICATION_HANDLE AppHandle,\r
315 OUT EFI_BIS_DATA **UpdateToken\r
d1f95000 316 );\r
317\r
9095d37b 318/**\r
d1f95000 319 Updates one of the configurable parameters of the Boot Object Authorization set.\r
9095d37b
LG		 320\r
321 @param AppHandle An opaque handle that identifies the caller's\r
322 instance of initialization of the BIS service.\r
323 @param RequestCredential This is a Signed Manifest with embedded attributes\r
324 that carry the details of the requested update.\r
325 @param NewUpdateToken The function writes an allocated EFI_BIS_DATA*\r
326 containing the new unique update token value.\r
327 The caller must eventually free the memory allocated\r
af2dc6a7 328 by this function using the function Free().\r
9095d37b
LG		 329\r
330 @retval EFI_SUCCESS The function completed successfully.\r
331 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
332 application instance handle associated with the EFI_BIS protocol.\r
333 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
334 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
335 @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the RequestCredential parameter\r
336 was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r
f1004231
LG		 337 @retval EFI_DEVICE_ERROR An unexpected internal error occurred while analyzing the new\r
338 certificate's key algorithm, or while attempting to retrieve\r
339 the public key algorithm of the manifest's signer's certificate,\r
9095d37b
LG		 340 or An unexpected internal error occurred in a cryptographic software module.\r
341\r
342**/\r
d1f95000 343typedef\r
344EFI_STATUS\r
8b13229b 345(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION)(\r
9095d37b
LG		 346 IN BIS_APPLICATION_HANDLE AppHandle,\r
347 IN EFI_BIS_DATA *RequestCredential,\r
348 OUT EFI_BIS_DATA **NewUpdateToken\r
d1f95000 349 );\r
350\r
9095d37b 351/**\r
d1f95000 352 Verifies the integrity and authorization of the indicated data object according to the indicated\r
9095d37b
LG		 353 credentials and authority certificate.\r
354\r
d1f95000 355 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 356 of the BIS service.\r
d1f95000 357 @param Credentials A Signed Manifest containing verification information for the\r
9095d37b 358 indicated data object.\r
d1f95000 359 @param DataObject An in-memory copy of the raw data object to be verified.\r
9095d37b 360 @param SectionName An ASCII string giving the section name in the\r
d1f95000 361 manifest holding the verification information (in other words,\r
9095d37b
LG		 362 hash value) that corresponds to DataObject.\r
363 @param AuthorityCertificate A digital certificate whose public key must match the signer's\r
364 public key which is found in the credentials.\r
d1f95000 365 @param IsVerified The function writes TRUE if the verification was successful.\r
9095d37b
LG		 366 Otherwise, the function writes FALSE.\r
367\r
368 @retval EFI_SUCCESS The function completed successfully.\r
369 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
370 application instance handle associated with the EFI_BIS protocol.\r
371 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
372 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
d1f95000 373 @retval EFI_SECURITY_VIOLATION The Credentials.Data supplied by the caller is NULL,\r
9095d37b
LG		 374 or the AuthorityCertificate supplied by the caller was\r
375 invalid (could not be parsed),\r
376 or Platform-specific authorization failed, etc.\r
f1004231 377 @retval EFI_DEVICE_ERROR An unexpected internal error occurred while attempting to retrieve\r
cd2ed84a 378 the public key algorithm of the manifest's signer's certificate,\r
9095d37b
LG		 379 or An unexpected internal error occurred in a cryptographic software module.\r
380**/\r
d1f95000 381typedef\r
382EFI_STATUS\r
8b13229b 383(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL)(\r
9095d37b
LG		 384 IN BIS_APPLICATION_HANDLE AppHandle,\r
385 IN EFI_BIS_DATA *Credentials,\r
386 IN EFI_BIS_DATA *DataObject,\r
387 IN EFI_BIS_DATA *SectionName,\r
388 IN EFI_BIS_DATA *AuthorityCertificate,\r
389 OUT BOOLEAN *IsVerified\r
d1f95000 390 );\r
391\r
9095d37b 392/**\r
d1f95000 393 Retrieves a list of digital certificate identifier, digital signature algorithm, hash algorithm, and keylength\r
9095d37b 394 combinations that the platform supports.\r
f1004231 395\r
d1f95000 396 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 397 of the BIS service.\r
d1f95000 398 @param SignatureInfo The function writes an allocated EFI_BIS_DATA* containing the array\r
9095d37b 399 of EFI_BIS_SIGNATURE_INFO structures representing the supported\r
f1004231
LG		 400 digital certificate identifier, algorithm, and key length combinations.\r
401 The caller must eventually free the memory allocated by this function using the function Free().\r
402\r
9095d37b
LG		 403 @retval EFI_SUCCESS The function completed successfully.\r
404 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
405 application instance handle associated with the EFI_BIS protocol.\r
406 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 407 @retval EFI_INVALID_PARAMETER The SignatureInfo parameter supplied by the caller is NULL\r
f1004231
LG		 408 or an invalid memory reference.\r
409 @retval EFI_DEVICE_ERROR An unexpected internal error occurred in a\r
410 cryptographic software module, or\r
411 The function encountered an unexpected internal consistency check\r
412 failure (possible corruption of stored Boot Object Authorization Certificate).\r
413\r
d1f95000 414**/\r
415typedef\r
416EFI_STATUS\r
8b13229b 417(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO)(\r
9095d37b
LG		 418 IN BIS_APPLICATION_HANDLE AppHandle,\r
419 OUT EFI_BIS_DATA **SignatureInfo\r
d1f95000 420 );\r
421\r
44717a39 422///\r
423/// The EFI_BIS_PROTOCOL is used to check a digital signature of a data block against a digital\r
424/// certificate for the purpose of an integrity and authorization check.\r
425///\r
d1f95000 426struct _EFI_BIS_PROTOCOL {\r
2f88bd3a
MK		 427 EFI_BIS_INITIALIZE Initialize;\r
428 EFI_BIS_SHUTDOWN Shutdown;\r
429 EFI_BIS_FREE Free;\r
430 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE GetBootObjectAuthorizationCertificate;\r
431 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG GetBootObjectAuthorizationCheckFlag;\r
432 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN GetBootObjectAuthorizationUpdateToken;\r
433 EFI_BIS_GET_SIGNATURE_INFO GetSignatureInfo;\r
434 EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION UpdateBootObjectAuthorization;\r
435 EFI_BIS_VERIFY_BOOT_OBJECT VerifyBootObject;\r
436 EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL VerifyObjectWithCredential;\r
d1f95000 437};\r
438\r
2f88bd3a
MK		 439extern EFI_GUID gEfiBisProtocolGuid;\r
440extern EFI_GUID gBootObjectAuthorizationParmsetGuid;\r
d1f95000 441\r
442#endif\r
EFI Development Kit II mirror for PVE