]>
Commit | Line | Data |
---|---|---|
d1f95000 | 1 | /** @file\r |
9095d37b | 2 | The EFI_BIS_PROTOCOL is used to check a digital signature of a data block\r |
4ca9b6c4 | 3 | against a digital certificate for the purpose of an integrity and authorization check.\r |
d1f95000 | 4 | \r |
9095d37b | 5 | Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r |
9344f092 | 6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
9095d37b LG |
7 | \r |
8 | @par Revision Reference:\r | |
9 | This Protocol is introduced in EFI Specification 1.10.\r | |
d1f95000 | 10 | \r |
d1f95000 | 11 | **/\r |
12 | \r | |
13 | #ifndef __BIS_H__\r | |
14 | #define __BIS_H__\r | |
15 | \r | |
16 | #define EFI_BIS_PROTOCOL_GUID \\r | |
17 | { \\r | |
18 | 0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf } \\r | |
19 | }\r | |
20 | \r | |
fd21d1aa | 21 | //\r |
22 | // X-Intel-BIS-ParameterSet\r | |
23 | // Attribute value\r | |
24 | // Binary Value of X-Intel-BIS-ParameterSet Attribute.\r | |
25 | // (Value is Base-64 encoded in actual signed manifest).\r | |
26 | //\r | |
27 | #define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r | |
28 | { \\r | |
29 | 0xedd35e31, 0x7b9, 0x11d2, { 0x83,0xa3,0x0,0xa0,0xc9,0x1f,0xad,0xcf } \\r | |
30 | }\r | |
31 | \r | |
2f88bd3a | 32 | typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL;\r |
d1f95000 | 33 | \r |
34 | //\r | |
35 | // Basic types\r | |
36 | //\r | |
2f88bd3a MK |
37 | typedef VOID *BIS_APPLICATION_HANDLE;\r |
38 | typedef UINT16 BIS_ALG_ID;\r | |
39 | typedef UINT32 BIS_CERT_ID;\r | |
d1f95000 | 40 | \r |
99e8ed21 | 41 | ///\r |
42 | /// EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ).\r | |
43 | ///\r | |
d1f95000 | 44 | typedef struct {\r |
2f88bd3a MK |
45 | UINT32 Length; ///< The length of Data in 8 bit bytes.\r |
46 | UINT8 *Data; ///< 32 Bit Flat Address of data.\r | |
d1f95000 | 47 | } EFI_BIS_DATA;\r |
48 | \r | |
99e8ed21 | 49 | ///\r |
50 | /// EFI_BIS_VERSION type.\r | |
51 | ///\r | |
d1f95000 | 52 | typedef struct {\r |
2f88bd3a MK |
53 | UINT32 Major; ///< The major BIS version number.\r |
54 | UINT32 Minor; ///< A minor BIS version number.\r | |
d1f95000 | 55 | } EFI_BIS_VERSION;\r |
56 | \r | |
57 | //\r | |
58 | // ----------------------------------------------------//\r | |
59 | // Use these values to initialize EFI_BIS_VERSION.Major\r | |
60 | // and to interpret results of Initialize.\r | |
61 | // ----------------------------------------------------//\r | |
62 | //\r | |
2f88bd3a MK |
63 | #define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1\r |
64 | #define BIS_VERSION_1 1\r | |
d1f95000 | 65 | \r |
99e8ed21 | 66 | ///\r |
67 | /// EFI_BIS_SIGNATURE_INFO type.\r | |
68 | ///\r | |
d1f95000 | 69 | typedef struct {\r |
2f88bd3a MK |
70 | BIS_CERT_ID CertificateID; ///< Truncated hash of platform Boot Object\r |
71 | BIS_ALG_ID AlgorithmID; ///< A signature algorithm number.\r | |
72 | UINT16 KeyLength; ///< The length of alg. keys in bits.\r | |
d1f95000 | 73 | } EFI_BIS_SIGNATURE_INFO;\r |
74 | \r | |
99e8ed21 | 75 | ///\r |
107ffdc9 | 76 | /// values for EFI_BIS_SIGNATURE_INFO.AlgorithmID.\r |
af2dc6a7 | 77 | /// The exact numeric values come from the\r |
99e8ed21 | 78 | /// "Common Data Security Architecture (CDSA) Specification".\r |
79 | ///\r | |
2f88bd3a MK |
80 | #define BIS_ALG_DSA (41) // CSSM_ALGID_DSA\r |
81 | #define BIS_ALG_RSA_MD5 (42) // CSSM_ALGID_MD5_WITH_RSA\r | |
107ffdc9 | 82 | ///\r |
83 | /// values for EFI_BIS_SIGNATURE_INFO.CertificateId.\r | |
99e8ed21 | 84 | ///\r |
2f88bd3a MK |
85 | #define BIS_CERT_ID_DSA BIS_ALG_DSA // CSSM_ALGID_DSA\r |
86 | #define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA\r | |
107ffdc9 | 87 | ///\r |
af2dc6a7 | 88 | /// The mask value that gets applied to the truncated hash of a\r |
99e8ed21 | 89 | /// platform Boot Object Authorization Certificate to create the certificateID.\r |
90 | /// A certificateID must not have any bits set to the value 1 other than bits in\r | |
91 | /// this mask.\r | |
92 | ///\r | |
d1f95000 | 93 | #define BIS_CERT_ID_MASK (0xFF7F7FFF)\r |
94 | \r | |
99e8ed21 | 95 | ///\r |
96 | /// Macros for dealing with the EFI_BIS_DATA object obtained\r | |
af2dc6a7 | 97 | /// from BIS_GetSignatureInfo().\r |
99e8ed21 | 98 | /// BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO\r |
99 | /// elements are contained in a EFI_BIS_DATA struct pointed to\r | |
100 | /// by the provided EFI_BIS_DATA*.\r | |
101 | ///\r | |
2f88bd3a | 102 | #define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO))\r |
d1f95000 | 103 | \r |
99e8ed21 | 104 | ///\r |
105 | /// BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO*\r | |
106 | /// from a given EFI_BIS_DATA*.\r | |
107 | ///\r | |
2f88bd3a | 108 | #define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data)\r |
d1f95000 | 109 | \r |
99e8ed21 | 110 | ///\r |
af2dc6a7 | 111 | /// Support an old name for backward compatibility.\r |
99e8ed21 | 112 | ///\r |
d1f95000 | 113 | #define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \\r |
114 | BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID\r | |
115 | \r | |
9095d37b | 116 | /**\r |
d1f95000 | 117 | Initializes the BIS service, checking that it is compatible with the version requested by the caller.\r |
9095d37b LG |
118 | After this call, other BIS functions may be invoked.\r |
119 | \r | |
d1f95000 | 120 | @param This A pointer to the EFI_BIS_PROTOCOL object.\r |
9095d37b | 121 | @param AppHandle The function writes the new BIS_APPLICATION_HANDLE if\r |
d1f95000 | 122 | successful, otherwise it writes NULL. The caller must eventually\r |
9095d37b | 123 | destroy this handle by calling Shutdown().\r |
d1f95000 | 124 | @param InterfaceVersion On input, the caller supplies the major version number of the\r |
9095d37b LG |
125 | interface version desired.\r |
126 | On output, both the major and minor\r | |
d1f95000 | 127 | version numbers are updated with the major and minor version\r |
f1004231 | 128 | numbers of the interface. This update is done whether or not the\r |
9095d37b LG |
129 | initialization was successful.\r |
130 | @param TargetAddress Indicates a network or device address of the BIS platform to connect to.\r | |
d1f95000 | 131 | \r |
132 | @retval EFI_SUCCESS The function completed successfully.\r | |
9095d37b | 133 | @retval EFI_INCOMPATIBLE_VERSION The InterfaceVersion.Major requested by the\r |
d1f95000 | 134 | caller was not compatible with the interface version of the\r |
f1004231 LG |
135 | implementation. The InterfaceVersion.Major has\r |
136 | been updated with the current interface version.\r | |
9095d37b LG |
137 | @retval EFI_UNSUPPORTED This is a local-platform implementation and\r |
138 | TargetAddress.Data was not NULL, or\r | |
d1f95000 | 139 | TargetAddress.Data was any other value that was not\r |
9095d37b LG |
140 | supported by the implementation.\r |
141 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r | |
630b4187 | 142 | @retval EFI_DEVICE_ERROR One of the following device errors:\r |
143 | * The function encountered an unexpected internal failure while initializing a cryptographic software module\r | |
144 | * No cryptographic software module with compatible version was found\r | |
145 | found\r | |
146 | * A resource limitation was encountered while using a cryptographic software module.\r | |
f1004231 | 147 | @retval EFI_INVALID_PARAMETER The This parameter supplied by the caller is NULL or does not\r |
af2dc6a7 | 148 | reference a valid EFI_BIS_PROTOCOL object. Or,\r |
149 | the AppHandle parameter supplied by the caller is NULL or\r | |
150 | an invalid memory reference. Or,\r | |
151 | the InterfaceVersion parameter supplied by the caller\r | |
152 | is NULL or an invalid memory reference. Or,\r | |
153 | the TargetAddress parameter supplied by the caller is\r | |
f1004231 | 154 | NULL or an invalid memory reference.\r |
9095d37b LG |
155 | \r |
156 | **/\r | |
d1f95000 | 157 | typedef\r |
158 | EFI_STATUS\r | |
8b13229b | 159 | (EFIAPI *EFI_BIS_INITIALIZE)(\r |
9095d37b LG |
160 | IN EFI_BIS_PROTOCOL *This,\r |
161 | OUT BIS_APPLICATION_HANDLE *AppHandle,\r | |
162 | IN OUT EFI_BIS_VERSION *InterfaceVersion,\r | |
163 | IN EFI_BIS_DATA *TargetAddress\r | |
d1f95000 | 164 | );\r |
165 | \r | |
9095d37b LG |
166 | /**\r |
167 | Frees memory structures allocated and returned by other functions in the EFI_BIS protocol.\r | |
168 | \r | |
d1f95000 | 169 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r |
9095d37b LG |
170 | of the BIS service.\r |
171 | @param ToFree An EFI_BIS_DATA* and associated memory block to be freed.\r | |
f1004231 | 172 | This EFI_BIS_DATA* must have been allocated by one of the other BIS functions.\r |
d1f95000 | 173 | \r |
174 | @retval EFI_SUCCESS The function completed successfully.\r | |
175 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
9095d37b LG |
176 | application instance handle associated with the EFI_BIS protocol.\r |
177 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r | |
d1f95000 | 178 | @retval EFI_INVALID_PARAMETER The ToFree parameter is not or is no longer a memory resource\r |
9095d37b LG |
179 | associated with this AppHandle.\r |
180 | \r | |
181 | **/\r | |
d1f95000 | 182 | typedef\r |
183 | EFI_STATUS\r | |
8b13229b | 184 | (EFIAPI *EFI_BIS_FREE)(\r |
9095d37b LG |
185 | IN BIS_APPLICATION_HANDLE AppHandle,\r |
186 | IN EFI_BIS_DATA *ToFree\r | |
d1f95000 | 187 | );\r |
188 | \r | |
9095d37b | 189 | /**\r |
d1f95000 | 190 | Shuts down an application's instance of the BIS service, invalidating the application handle. After\r |
9095d37b LG |
191 | this call, other BIS functions may no longer be invoked using the application handle value.\r |
192 | \r | |
d1f95000 | 193 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r |
9095d37b | 194 | of the BIS service.\r |
d1f95000 | 195 | \r |
196 | @retval EFI_SUCCESS The function completed successfully.\r | |
af2dc6a7 | 197 | @retval EFI_NO_MAPPING The AppHandle parameter is not, or is no longer, a valid\r |
9095d37b LG |
198 | application instance handle associated with the EFI_BIS protocol.\r |
199 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r | |
f1004231 LG |
200 | @retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure while\r |
201 | returning resources associated with a cryptographic software module, or\r | |
202 | while trying to shut down a cryptographic software module.\r | |
203 | **/\r | |
d1f95000 | 204 | typedef\r |
205 | EFI_STATUS\r | |
8b13229b | 206 | (EFIAPI *EFI_BIS_SHUTDOWN)(\r |
9095d37b | 207 | IN BIS_APPLICATION_HANDLE AppHandle\r |
d1f95000 | 208 | );\r |
209 | \r | |
9095d37b | 210 | /**\r |
d1f95000 | 211 | Retrieves the certificate that has been configured as the identity of the organization designated as\r |
212 | the source of authorization for signatures of boot objects.\r | |
9095d37b | 213 | \r |
d1f95000 | 214 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r |
9095d37b | 215 | of the BIS service.\r |
d1f95000 | 216 | @param Certificate The function writes an allocated EFI_BIS_DATA* containing the Boot\r |
f1004231 LG |
217 | Object Authorization Certificate object. The caller must\r |
218 | eventually free the memory allocated by this function using the function Free().\r | |
d1f95000 | 219 | \r |
220 | @retval EFI_SUCCESS The function completed successfully.\r | |
221 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
9095d37b LG |
222 | application instance handle associated with the EFI_BIS protocol.\r |
223 | @retval EFI_NOT_FOUND There is no Boot Object Authorization Certificate currently installed.\r | |
224 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r | |
d1f95000 | 225 | @retval EFI_INVALID_PARAMETER The Certificate parameter supplied by the caller is NULL or\r |
9095d37b LG |
226 | an invalid memory reference.\r |
227 | \r | |
228 | **/\r | |
d1f95000 | 229 | typedef\r |
230 | EFI_STATUS\r | |
8b13229b | 231 | (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE)(\r |
9095d37b LG |
232 | IN BIS_APPLICATION_HANDLE AppHandle,\r |
233 | OUT EFI_BIS_DATA **Certificate\r | |
d1f95000 | 234 | );\r |
235 | \r | |
9095d37b | 236 | /**\r |
d1f95000 | 237 | Verifies the integrity and authorization of the indicated data object according to the\r |
9095d37b LG |
238 | indicated credentials.\r |
239 | \r | |
d1f95000 | 240 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r |
9095d37b | 241 | of the BIS service.\r |
d1f95000 | 242 | @param Credentials A Signed Manifest containing verification information for the indicated\r |
9095d37b | 243 | data object.\r |
d1f95000 | 244 | @param DataObject An in-memory copy of the raw data object to be verified.\r |
245 | @param IsVerified The function writes TRUE if the verification succeeded, otherwise\r | |
9095d37b LG |
246 | FALSE.\r |
247 | \r | |
d1f95000 | 248 | @retval EFI_SUCCESS The function completed successfully.\r |
249 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
9095d37b LG |
250 | application instance handle associated with the EFI_BIS protocol.\r |
251 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r | |
d1f95000 | 252 | @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r |
253 | @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the Credentials parameter\r | |
254 | was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r | |
9095d37b LG |
255 | @retval EFI_DEVICE_ERROR An unexpected internal error occurred.\r |
256 | \r | |
257 | **/\r | |
d1f95000 | 258 | typedef\r |
259 | EFI_STATUS\r | |
8b13229b | 260 | (EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT)(\r |
9095d37b LG |
261 | IN BIS_APPLICATION_HANDLE AppHandle,\r |
262 | IN EFI_BIS_DATA *Credentials,\r | |
263 | IN EFI_BIS_DATA *DataObject,\r | |
264 | OUT BOOLEAN *IsVerified\r | |
d1f95000 | 265 | );\r |
266 | \r | |
9095d37b | 267 | /**\r |
d1f95000 | 268 | Retrieves the current status of the Boot Authorization Check Flag.\r |
9095d37b | 269 | \r |
d1f95000 | 270 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r |
9095d37b | 271 | of the BIS service.\r |
d1f95000 | 272 | @param CheckIsRequired The function writes the value TRUE if a Boot Authorization Check is\r |
9095d37b LG |
273 | currently required on this platform, otherwise the function writes\r |
274 | FALSE.\r | |
275 | \r | |
d1f95000 | 276 | @retval EFI_SUCCESS The function completed successfully.\r |
277 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
9095d37b LG |
278 | application instance handle associated with the EFI_BIS protocol.\r |
279 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r | |
d1f95000 | 280 | @retval EFI_INVALID_PARAMETER The CheckIsRequired parameter supplied by the caller is\r |
9095d37b LG |
281 | NULL or an invalid memory reference.\r |
282 | \r | |
283 | **/\r | |
d1f95000 | 284 | typedef\r |
285 | EFI_STATUS\r | |
8b13229b | 286 | (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG)(\r |
9095d37b LG |
287 | IN BIS_APPLICATION_HANDLE AppHandle,\r |
288 | OUT BOOLEAN *CheckIsRequired\r | |
d1f95000 | 289 | );\r |
290 | \r | |
9095d37b | 291 | /**\r |
d1f95000 | 292 | Retrieves a unique token value to be included in the request credential for the next update of any\r |
9095d37b LG |
293 | parameter in the Boot Object Authorization set\r |
294 | \r | |
295 | @param AppHandle An opaque handle that identifies the caller's\r | |
296 | instance of initialization of the BIS service.\r | |
297 | @param UpdateToken The function writes an allocated EFI_BIS_DATA*\r | |
298 | containing the newunique update token value.\r | |
299 | The caller musteventually free the memory allocated\r | |
af2dc6a7 | 300 | by this function using the function Free().\r |
9095d37b | 301 | \r |
d1f95000 | 302 | @retval EFI_SUCCESS The function completed successfully.\r |
303 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
9095d37b LG |
304 | application instance handle associated with the EFI_BIS protocol.\r |
305 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r | |
d1f95000 | 306 | @retval EFI_INVALID_PARAMETER The UpdateToken parameter supplied by the caller is NULL or\r |
9095d37b LG |
307 | an invalid memory reference.\r |
308 | @retval EFI_DEVICE_ERROR An unexpected internal error occurred.\r | |
309 | \r | |
310 | **/\r | |
d1f95000 | 311 | typedef\r |
312 | EFI_STATUS\r | |
8b13229b | 313 | (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN)(\r |
9095d37b LG |
314 | IN BIS_APPLICATION_HANDLE AppHandle,\r |
315 | OUT EFI_BIS_DATA **UpdateToken\r | |
d1f95000 | 316 | );\r |
317 | \r | |
9095d37b | 318 | /**\r |
d1f95000 | 319 | Updates one of the configurable parameters of the Boot Object Authorization set.\r |
9095d37b LG |
320 | \r |
321 | @param AppHandle An opaque handle that identifies the caller's\r | |
322 | instance of initialization of the BIS service.\r | |
323 | @param RequestCredential This is a Signed Manifest with embedded attributes\r | |
324 | that carry the details of the requested update.\r | |
325 | @param NewUpdateToken The function writes an allocated EFI_BIS_DATA*\r | |
326 | containing the new unique update token value.\r | |
327 | The caller must eventually free the memory allocated\r | |
af2dc6a7 | 328 | by this function using the function Free().\r |
9095d37b LG |
329 | \r |
330 | @retval EFI_SUCCESS The function completed successfully.\r | |
331 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
332 | application instance handle associated with the EFI_BIS protocol.\r | |
333 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r | |
334 | @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r | |
335 | @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the RequestCredential parameter\r | |
336 | was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r | |
f1004231 LG |
337 | @retval EFI_DEVICE_ERROR An unexpected internal error occurred while analyzing the new\r |
338 | certificate's key algorithm, or while attempting to retrieve\r | |
339 | the public key algorithm of the manifest's signer's certificate,\r | |
9095d37b LG |
340 | or An unexpected internal error occurred in a cryptographic software module.\r |
341 | \r | |
342 | **/\r | |
d1f95000 | 343 | typedef\r |
344 | EFI_STATUS\r | |
8b13229b | 345 | (EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION)(\r |
9095d37b LG |
346 | IN BIS_APPLICATION_HANDLE AppHandle,\r |
347 | IN EFI_BIS_DATA *RequestCredential,\r | |
348 | OUT EFI_BIS_DATA **NewUpdateToken\r | |
d1f95000 | 349 | );\r |
350 | \r | |
9095d37b | 351 | /**\r |
d1f95000 | 352 | Verifies the integrity and authorization of the indicated data object according to the indicated\r |
9095d37b LG |
353 | credentials and authority certificate.\r |
354 | \r | |
d1f95000 | 355 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r |
9095d37b | 356 | of the BIS service.\r |
d1f95000 | 357 | @param Credentials A Signed Manifest containing verification information for the\r |
9095d37b | 358 | indicated data object.\r |
d1f95000 | 359 | @param DataObject An in-memory copy of the raw data object to be verified.\r |
9095d37b | 360 | @param SectionName An ASCII string giving the section name in the\r |
d1f95000 | 361 | manifest holding the verification information (in other words,\r |
9095d37b LG |
362 | hash value) that corresponds to DataObject.\r |
363 | @param AuthorityCertificate A digital certificate whose public key must match the signer's\r | |
364 | public key which is found in the credentials.\r | |
d1f95000 | 365 | @param IsVerified The function writes TRUE if the verification was successful.\r |
9095d37b LG |
366 | Otherwise, the function writes FALSE.\r |
367 | \r | |
368 | @retval EFI_SUCCESS The function completed successfully.\r | |
369 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
370 | application instance handle associated with the EFI_BIS protocol.\r | |
371 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r | |
372 | @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r | |
d1f95000 | 373 | @retval EFI_SECURITY_VIOLATION The Credentials.Data supplied by the caller is NULL,\r |
9095d37b LG |
374 | or the AuthorityCertificate supplied by the caller was\r |
375 | invalid (could not be parsed),\r | |
376 | or Platform-specific authorization failed, etc.\r | |
f1004231 | 377 | @retval EFI_DEVICE_ERROR An unexpected internal error occurred while attempting to retrieve\r |
cd2ed84a | 378 | the public key algorithm of the manifest's signer's certificate,\r |
9095d37b LG |
379 | or An unexpected internal error occurred in a cryptographic software module.\r |
380 | **/\r | |
d1f95000 | 381 | typedef\r |
382 | EFI_STATUS\r | |
8b13229b | 383 | (EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL)(\r |
9095d37b LG |
384 | IN BIS_APPLICATION_HANDLE AppHandle,\r |
385 | IN EFI_BIS_DATA *Credentials,\r | |
386 | IN EFI_BIS_DATA *DataObject,\r | |
387 | IN EFI_BIS_DATA *SectionName,\r | |
388 | IN EFI_BIS_DATA *AuthorityCertificate,\r | |
389 | OUT BOOLEAN *IsVerified\r | |
d1f95000 | 390 | );\r |
391 | \r | |
9095d37b | 392 | /**\r |
d1f95000 | 393 | Retrieves a list of digital certificate identifier, digital signature algorithm, hash algorithm, and keylength\r |
9095d37b | 394 | combinations that the platform supports.\r |
f1004231 | 395 | \r |
d1f95000 | 396 | @param AppHandle An opaque handle that identifies the caller's instance of initialization\r |
9095d37b | 397 | of the BIS service.\r |
d1f95000 | 398 | @param SignatureInfo The function writes an allocated EFI_BIS_DATA* containing the array\r |
9095d37b | 399 | of EFI_BIS_SIGNATURE_INFO structures representing the supported\r |
f1004231 LG |
400 | digital certificate identifier, algorithm, and key length combinations.\r |
401 | The caller must eventually free the memory allocated by this function using the function Free().\r | |
402 | \r | |
9095d37b LG |
403 | @retval EFI_SUCCESS The function completed successfully.\r |
404 | @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r | |
405 | application instance handle associated with the EFI_BIS protocol.\r | |
406 | @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r | |
d1f95000 | 407 | @retval EFI_INVALID_PARAMETER The SignatureInfo parameter supplied by the caller is NULL\r |
f1004231 LG |
408 | or an invalid memory reference.\r |
409 | @retval EFI_DEVICE_ERROR An unexpected internal error occurred in a\r | |
410 | cryptographic software module, or\r | |
411 | The function encountered an unexpected internal consistency check\r | |
412 | failure (possible corruption of stored Boot Object Authorization Certificate).\r | |
413 | \r | |
d1f95000 | 414 | **/\r |
415 | typedef\r | |
416 | EFI_STATUS\r | |
8b13229b | 417 | (EFIAPI *EFI_BIS_GET_SIGNATURE_INFO)(\r |
9095d37b LG |
418 | IN BIS_APPLICATION_HANDLE AppHandle,\r |
419 | OUT EFI_BIS_DATA **SignatureInfo\r | |
d1f95000 | 420 | );\r |
421 | \r | |
44717a39 | 422 | ///\r |
423 | /// The EFI_BIS_PROTOCOL is used to check a digital signature of a data block against a digital\r | |
424 | /// certificate for the purpose of an integrity and authorization check.\r | |
425 | ///\r | |
d1f95000 | 426 | struct _EFI_BIS_PROTOCOL {\r |
2f88bd3a MK |
427 | EFI_BIS_INITIALIZE Initialize;\r |
428 | EFI_BIS_SHUTDOWN Shutdown;\r | |
429 | EFI_BIS_FREE Free;\r | |
430 | EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE GetBootObjectAuthorizationCertificate;\r | |
431 | EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG GetBootObjectAuthorizationCheckFlag;\r | |
432 | EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN GetBootObjectAuthorizationUpdateToken;\r | |
433 | EFI_BIS_GET_SIGNATURE_INFO GetSignatureInfo;\r | |
434 | EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION UpdateBootObjectAuthorization;\r | |
435 | EFI_BIS_VERIFY_BOOT_OBJECT VerifyBootObject;\r | |
436 | EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL VerifyObjectWithCredential;\r | |
d1f95000 | 437 | };\r |
438 | \r | |
2f88bd3a MK |
439 | extern EFI_GUID gEfiBisProtocolGuid;\r |
440 | extern EFI_GUID gBootObjectAuthorizationParmsetGuid;\r | |
d1f95000 | 441 | \r |
442 | #endif\r |