]> git.proxmox.com Git - mirror_edk2.git/blame - MdePkg/Include/Protocol/Bis.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
MdePkg: Clean up source files
[mirror_edk2.git] / MdePkg / Include / Protocol / Bis.h
CommitLineData
d1f95000 1/** @file\r
9095d37b 2 The EFI_BIS_PROTOCOL is used to check a digital signature of a data block\r
4ca9b6c4 3 against a digital certificate for the purpose of an integrity and authorization check.\r
d1f95000 4\r
9095d37b
LG		 5Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
6This program and the accompanying materials are licensed and made available under\r
7the terms and conditions of the BSD License that accompanies this distribution.\r
af2dc6a7 8The full text of the license may be found at\r
9095d37b 9http://opensource.org/licenses/bsd-license.php.\r
5899caf0 10\r
9095d37b
LG		 11THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14 @par Revision Reference:\r
15 This Protocol is introduced in EFI Specification 1.10.\r
d1f95000 16\r
d1f95000 17**/\r
18\r
19#ifndef __BIS_H__\r
20#define __BIS_H__\r
21\r
22#define EFI_BIS_PROTOCOL_GUID \\r
23 { \\r
24 0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf } \\r
25 }\r
26\r
fd21d1aa 27//\r
28// X-Intel-BIS-ParameterSet\r
29// Attribute value\r
30// Binary Value of X-Intel-BIS-ParameterSet Attribute.\r
31// (Value is Base-64 encoded in actual signed manifest).\r
32//\r
33#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r
34 { \\r
35 0xedd35e31, 0x7b9, 0x11d2, { 0x83,0xa3,0x0,0xa0,0xc9,0x1f,0xad,0xcf } \\r
36 }\r
37\r
38\r
39\r
d1f95000 40typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL;\r
41\r
42\r
43//\r
44// Basic types\r
45//\r
46typedef VOID *BIS_APPLICATION_HANDLE;\r
47typedef UINT16 BIS_ALG_ID;\r
48typedef UINT32 BIS_CERT_ID;\r
49\r
99e8ed21 50///\r
51/// EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ).\r
52///\r
d1f95000 53typedef struct {\r
af2dc6a7 54 UINT32 Length; ///< The length of Data in 8 bit bytes.\r
107ffdc9 55 UINT8 *Data; ///< 32 Bit Flat Address of data.\r
d1f95000 56} EFI_BIS_DATA;\r
57\r
99e8ed21 58///\r
59/// EFI_BIS_VERSION type.\r
60///\r
d1f95000 61typedef struct {\r
af2dc6a7 62 UINT32 Major; ///< The major BIS version number.\r
63 UINT32 Minor; ///< A minor BIS version number.\r
d1f95000 64} EFI_BIS_VERSION;\r
65\r
66//\r
67// ----------------------------------------------------//\r
68// Use these values to initialize EFI_BIS_VERSION.Major\r
69// and to interpret results of Initialize.\r
70// ----------------------------------------------------//\r
71//\r
72#define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1\r
73#define BIS_VERSION_1 1\r
74\r
99e8ed21 75///\r
76/// EFI_BIS_SIGNATURE_INFO type.\r
77///\r
d1f95000 78typedef struct {\r
107ffdc9 79 BIS_CERT_ID CertificateID; ///< Truncated hash of platform Boot Object\r
80 BIS_ALG_ID AlgorithmID; ///< A signature algorithm number.\r
af2dc6a7 81 UINT16 KeyLength; ///< The length of alg. keys in bits.\r
d1f95000 82} EFI_BIS_SIGNATURE_INFO;\r
83\r
99e8ed21 84///\r
107ffdc9 85/// values for EFI_BIS_SIGNATURE_INFO.AlgorithmID.\r
af2dc6a7 86/// The exact numeric values come from the\r
99e8ed21 87/// "Common Data Security Architecture (CDSA) Specification".\r
88///\r
d1f95000 89#define BIS_ALG_DSA (41) // CSSM_ALGID_DSA\r
90#define BIS_ALG_RSA_MD5 (42) // CSSM_ALGID_MD5_WITH_RSA\r
107ffdc9 91///\r
92/// values for EFI_BIS_SIGNATURE_INFO.CertificateId.\r
99e8ed21 93///\r
d1f95000 94#define BIS_CERT_ID_DSA BIS_ALG_DSA // CSSM_ALGID_DSA\r
95#define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA\r
107ffdc9 96///\r
af2dc6a7 97/// The mask value that gets applied to the truncated hash of a\r
99e8ed21 98/// platform Boot Object Authorization Certificate to create the certificateID.\r
99/// A certificateID must not have any bits set to the value 1 other than bits in\r
100/// this mask.\r
101///\r
d1f95000 102#define BIS_CERT_ID_MASK (0xFF7F7FFF)\r
103\r
99e8ed21 104///\r
105/// Macros for dealing with the EFI_BIS_DATA object obtained\r
af2dc6a7 106/// from BIS_GetSignatureInfo().\r
99e8ed21 107/// BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO\r
108/// elements are contained in a EFI_BIS_DATA struct pointed to\r
109/// by the provided EFI_BIS_DATA*.\r
110///\r
d1f95000 111#define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO))\r
112\r
99e8ed21 113///\r
114/// BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO*\r
115/// from a given EFI_BIS_DATA*.\r
116///\r
d1f95000 117#define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data)\r
118\r
99e8ed21 119///\r
af2dc6a7 120/// Support an old name for backward compatibility.\r
99e8ed21 121///\r
d1f95000 122#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \\r
123 BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID\r
124\r
9095d37b 125/**\r
d1f95000 126 Initializes the BIS service, checking that it is compatible with the version requested by the caller.\r
9095d37b
LG		 127 After this call, other BIS functions may be invoked.\r
128\r
d1f95000 129 @param This A pointer to the EFI_BIS_PROTOCOL object.\r
9095d37b 130 @param AppHandle The function writes the new BIS_APPLICATION_HANDLE if\r
d1f95000 131 successful, otherwise it writes NULL. The caller must eventually\r
9095d37b 132 destroy this handle by calling Shutdown().\r
d1f95000 133 @param InterfaceVersion On input, the caller supplies the major version number of the\r
9095d37b
LG		 134 interface version desired.\r
135 On output, both the major and minor\r
d1f95000 136 version numbers are updated with the major and minor version\r
f1004231 137 numbers of the interface. This update is done whether or not the\r
9095d37b
LG		 138 initialization was successful.\r
139 @param TargetAddress Indicates a network or device address of the BIS platform to connect to.\r
d1f95000 140\r
141 @retval EFI_SUCCESS The function completed successfully.\r
9095d37b 142 @retval EFI_INCOMPATIBLE_VERSION The InterfaceVersion.Major requested by the\r
d1f95000 143 caller was not compatible with the interface version of the\r
f1004231
LG		 144 implementation. The InterfaceVersion.Major has\r
145 been updated with the current interface version.\r
9095d37b
LG		 146 @retval EFI_UNSUPPORTED This is a local-platform implementation and\r
147 TargetAddress.Data was not NULL, or\r
d1f95000 148 TargetAddress.Data was any other value that was not\r
9095d37b
LG		 149 supported by the implementation.\r
150 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
630b4187 151 @retval EFI_DEVICE_ERROR One of the following device errors:\r
152 * The function encountered an unexpected internal failure while initializing a cryptographic software module\r
153 * No cryptographic software module with compatible version was found\r
154 found\r
155 * A resource limitation was encountered while using a cryptographic software module.\r
f1004231 156 @retval EFI_INVALID_PARAMETER The This parameter supplied by the caller is NULL or does not\r
af2dc6a7 157 reference a valid EFI_BIS_PROTOCOL object. Or,\r
158 the AppHandle parameter supplied by the caller is NULL or\r
159 an invalid memory reference. Or,\r
160 the InterfaceVersion parameter supplied by the caller\r
161 is NULL or an invalid memory reference. Or,\r
162 the TargetAddress parameter supplied by the caller is\r
f1004231 163 NULL or an invalid memory reference.\r
9095d37b
LG		 164\r
165**/\r
d1f95000 166typedef\r
167EFI_STATUS\r
8b13229b 168(EFIAPI *EFI_BIS_INITIALIZE)(\r
9095d37b
LG		 169 IN EFI_BIS_PROTOCOL *This,\r
170 OUT BIS_APPLICATION_HANDLE *AppHandle,\r
171 IN OUT EFI_BIS_VERSION *InterfaceVersion,\r
172 IN EFI_BIS_DATA *TargetAddress\r
d1f95000 173 );\r
174\r
9095d37b
LG		 175/**\r
176 Frees memory structures allocated and returned by other functions in the EFI_BIS protocol.\r
177\r
d1f95000 178 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b
LG		 179 of the BIS service.\r
180 @param ToFree An EFI_BIS_DATA* and associated memory block to be freed.\r
f1004231 181 This EFI_BIS_DATA* must have been allocated by one of the other BIS functions.\r
d1f95000 182\r
183 @retval EFI_SUCCESS The function completed successfully.\r
184 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 185 application instance handle associated with the EFI_BIS protocol.\r
186 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 187 @retval EFI_INVALID_PARAMETER The ToFree parameter is not or is no longer a memory resource\r
9095d37b
LG		 188 associated with this AppHandle.\r
189\r
190**/\r
d1f95000 191typedef\r
192EFI_STATUS\r
8b13229b 193(EFIAPI *EFI_BIS_FREE)(\r
9095d37b
LG		 194 IN BIS_APPLICATION_HANDLE AppHandle,\r
195 IN EFI_BIS_DATA *ToFree\r
d1f95000 196 );\r
197\r
9095d37b 198/**\r
d1f95000 199 Shuts down an application's instance of the BIS service, invalidating the application handle. After\r
9095d37b
LG		 200 this call, other BIS functions may no longer be invoked using the application handle value.\r
201\r
d1f95000 202 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 203 of the BIS service.\r
d1f95000 204\r
205 @retval EFI_SUCCESS The function completed successfully.\r
af2dc6a7 206 @retval EFI_NO_MAPPING The AppHandle parameter is not, or is no longer, a valid\r
9095d37b
LG		 207 application instance handle associated with the EFI_BIS protocol.\r
208 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
f1004231
LG		 209 @retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure while\r
210 returning resources associated with a cryptographic software module, or\r
211 while trying to shut down a cryptographic software module.\r
212**/\r
d1f95000 213typedef\r
214EFI_STATUS\r
8b13229b 215(EFIAPI *EFI_BIS_SHUTDOWN)(\r
9095d37b 216 IN BIS_APPLICATION_HANDLE AppHandle\r
d1f95000 217 );\r
218\r
9095d37b 219/**\r
d1f95000 220 Retrieves the certificate that has been configured as the identity of the organization designated as\r
221 the source of authorization for signatures of boot objects.\r
9095d37b 222\r
d1f95000 223 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 224 of the BIS service.\r
d1f95000 225 @param Certificate The function writes an allocated EFI_BIS_DATA* containing the Boot\r
f1004231
LG		 226 Object Authorization Certificate object. The caller must\r
227 eventually free the memory allocated by this function using the function Free().\r
d1f95000 228\r
229 @retval EFI_SUCCESS The function completed successfully.\r
230 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 231 application instance handle associated with the EFI_BIS protocol.\r
232 @retval EFI_NOT_FOUND There is no Boot Object Authorization Certificate currently installed.\r
233 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 234 @retval EFI_INVALID_PARAMETER The Certificate parameter supplied by the caller is NULL or\r
9095d37b
LG		 235 an invalid memory reference.\r
236\r
237**/\r
d1f95000 238typedef\r
239EFI_STATUS\r
8b13229b 240(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE)(\r
9095d37b
LG		 241 IN BIS_APPLICATION_HANDLE AppHandle,\r
242 OUT EFI_BIS_DATA **Certificate\r
d1f95000 243 );\r
244\r
9095d37b 245/**\r
d1f95000 246 Verifies the integrity and authorization of the indicated data object according to the\r
9095d37b
LG		 247 indicated credentials.\r
248\r
d1f95000 249 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 250 of the BIS service.\r
d1f95000 251 @param Credentials A Signed Manifest containing verification information for the indicated\r
9095d37b 252 data object.\r
d1f95000 253 @param DataObject An in-memory copy of the raw data object to be verified.\r
254 @param IsVerified The function writes TRUE if the verification succeeded, otherwise\r
9095d37b
LG		 255 FALSE.\r
256\r
d1f95000 257 @retval EFI_SUCCESS The function completed successfully.\r
258 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 259 application instance handle associated with the EFI_BIS protocol.\r
260 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 261 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
262 @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the Credentials parameter\r
263 was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r
9095d37b
LG		 264 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.\r
265\r
266**/\r
d1f95000 267typedef\r
268EFI_STATUS\r
8b13229b 269(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT)(\r
9095d37b
LG		 270 IN BIS_APPLICATION_HANDLE AppHandle,\r
271 IN EFI_BIS_DATA *Credentials,\r
272 IN EFI_BIS_DATA *DataObject,\r
273 OUT BOOLEAN *IsVerified\r
d1f95000 274 );\r
275\r
9095d37b 276/**\r
d1f95000 277 Retrieves the current status of the Boot Authorization Check Flag.\r
9095d37b 278\r
d1f95000 279 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 280 of the BIS service.\r
d1f95000 281 @param CheckIsRequired The function writes the value TRUE if a Boot Authorization Check is\r
9095d37b
LG		 282 currently required on this platform, otherwise the function writes\r
283 FALSE.\r
284\r
d1f95000 285 @retval EFI_SUCCESS The function completed successfully.\r
286 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 287 application instance handle associated with the EFI_BIS protocol.\r
288 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 289 @retval EFI_INVALID_PARAMETER The CheckIsRequired parameter supplied by the caller is\r
9095d37b
LG		 290 NULL or an invalid memory reference.\r
291\r
292**/\r
d1f95000 293typedef\r
294EFI_STATUS\r
8b13229b 295(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG)(\r
9095d37b
LG		 296 IN BIS_APPLICATION_HANDLE AppHandle,\r
297 OUT BOOLEAN *CheckIsRequired\r
d1f95000 298 );\r
299\r
9095d37b 300/**\r
d1f95000 301 Retrieves a unique token value to be included in the request credential for the next update of any\r
9095d37b
LG		 302 parameter in the Boot Object Authorization set\r
303\r
304 @param AppHandle An opaque handle that identifies the caller's\r
305 instance of initialization of the BIS service.\r
306 @param UpdateToken The function writes an allocated EFI_BIS_DATA*\r
307 containing the newunique update token value.\r
308 The caller musteventually free the memory allocated\r
af2dc6a7 309 by this function using the function Free().\r
9095d37b 310\r
d1f95000 311 @retval EFI_SUCCESS The function completed successfully.\r
312 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
9095d37b
LG		 313 application instance handle associated with the EFI_BIS protocol.\r
314 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 315 @retval EFI_INVALID_PARAMETER The UpdateToken parameter supplied by the caller is NULL or\r
9095d37b
LG		 316 an invalid memory reference.\r
317 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.\r
318\r
319**/\r
d1f95000 320typedef\r
321EFI_STATUS\r
8b13229b 322(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN)(\r
9095d37b
LG		 323 IN BIS_APPLICATION_HANDLE AppHandle,\r
324 OUT EFI_BIS_DATA **UpdateToken\r
d1f95000 325 );\r
326\r
9095d37b 327/**\r
d1f95000 328 Updates one of the configurable parameters of the Boot Object Authorization set.\r
9095d37b
LG		 329\r
330 @param AppHandle An opaque handle that identifies the caller's\r
331 instance of initialization of the BIS service.\r
332 @param RequestCredential This is a Signed Manifest with embedded attributes\r
333 that carry the details of the requested update.\r
334 @param NewUpdateToken The function writes an allocated EFI_BIS_DATA*\r
335 containing the new unique update token value.\r
336 The caller must eventually free the memory allocated\r
af2dc6a7 337 by this function using the function Free().\r
9095d37b
LG		 338\r
339 @retval EFI_SUCCESS The function completed successfully.\r
340 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
341 application instance handle associated with the EFI_BIS protocol.\r
342 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
343 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
344 @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the RequestCredential parameter\r
345 was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r
f1004231
LG		 346 @retval EFI_DEVICE_ERROR An unexpected internal error occurred while analyzing the new\r
347 certificate's key algorithm, or while attempting to retrieve\r
348 the public key algorithm of the manifest's signer's certificate,\r
9095d37b
LG		 349 or An unexpected internal error occurred in a cryptographic software module.\r
350\r
351**/\r
d1f95000 352typedef\r
353EFI_STATUS\r
8b13229b 354(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION)(\r
9095d37b
LG		 355 IN BIS_APPLICATION_HANDLE AppHandle,\r
356 IN EFI_BIS_DATA *RequestCredential,\r
357 OUT EFI_BIS_DATA **NewUpdateToken\r
d1f95000 358 );\r
359\r
9095d37b 360/**\r
d1f95000 361 Verifies the integrity and authorization of the indicated data object according to the indicated\r
9095d37b
LG		 362 credentials and authority certificate.\r
363\r
d1f95000 364 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 365 of the BIS service.\r
d1f95000 366 @param Credentials A Signed Manifest containing verification information for the\r
9095d37b 367 indicated data object.\r
d1f95000 368 @param DataObject An in-memory copy of the raw data object to be verified.\r
9095d37b 369 @param SectionName An ASCII string giving the section name in the\r
d1f95000 370 manifest holding the verification information (in other words,\r
9095d37b
LG		 371 hash value) that corresponds to DataObject.\r
372 @param AuthorityCertificate A digital certificate whose public key must match the signer's\r
373 public key which is found in the credentials.\r
d1f95000 374 @param IsVerified The function writes TRUE if the verification was successful.\r
9095d37b
LG		 375 Otherwise, the function writes FALSE.\r
376\r
377 @retval EFI_SUCCESS The function completed successfully.\r
378 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
379 application instance handle associated with the EFI_BIS protocol.\r
380 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
381 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
d1f95000 382 @retval EFI_SECURITY_VIOLATION The Credentials.Data supplied by the caller is NULL,\r
9095d37b
LG		 383 or the AuthorityCertificate supplied by the caller was\r
384 invalid (could not be parsed),\r
385 or Platform-specific authorization failed, etc.\r
f1004231 386 @retval EFI_DEVICE_ERROR An unexpected internal error occurred while attempting to retrieve\r
cd2ed84a 387 the public key algorithm of the manifest's signer's certificate,\r
9095d37b
LG		 388 or An unexpected internal error occurred in a cryptographic software module.\r
389**/\r
d1f95000 390typedef\r
391EFI_STATUS\r
8b13229b 392(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL)(\r
9095d37b
LG		 393 IN BIS_APPLICATION_HANDLE AppHandle,\r
394 IN EFI_BIS_DATA *Credentials,\r
395 IN EFI_BIS_DATA *DataObject,\r
396 IN EFI_BIS_DATA *SectionName,\r
397 IN EFI_BIS_DATA *AuthorityCertificate,\r
398 OUT BOOLEAN *IsVerified\r
d1f95000 399 );\r
400\r
9095d37b 401/**\r
d1f95000 402 Retrieves a list of digital certificate identifier, digital signature algorithm, hash algorithm, and keylength\r
9095d37b 403 combinations that the platform supports.\r
f1004231 404\r
d1f95000 405 @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
9095d37b 406 of the BIS service.\r
d1f95000 407 @param SignatureInfo The function writes an allocated EFI_BIS_DATA* containing the array\r
9095d37b 408 of EFI_BIS_SIGNATURE_INFO structures representing the supported\r
f1004231
LG		 409 digital certificate identifier, algorithm, and key length combinations.\r
410 The caller must eventually free the memory allocated by this function using the function Free().\r
411\r
9095d37b
LG		 412 @retval EFI_SUCCESS The function completed successfully.\r
413 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
414 application instance handle associated with the EFI_BIS protocol.\r
415 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.\r
d1f95000 416 @retval EFI_INVALID_PARAMETER The SignatureInfo parameter supplied by the caller is NULL\r
f1004231
LG		 417 or an invalid memory reference.\r
418 @retval EFI_DEVICE_ERROR An unexpected internal error occurred in a\r
419 cryptographic software module, or\r
420 The function encountered an unexpected internal consistency check\r
421 failure (possible corruption of stored Boot Object Authorization Certificate).\r
422\r
d1f95000 423**/\r
424typedef\r
425EFI_STATUS\r
8b13229b 426(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO)(\r
9095d37b
LG		 427 IN BIS_APPLICATION_HANDLE AppHandle,\r
428 OUT EFI_BIS_DATA **SignatureInfo\r
d1f95000 429 );\r
430\r
44717a39 431///\r
432/// The EFI_BIS_PROTOCOL is used to check a digital signature of a data block against a digital\r
433/// certificate for the purpose of an integrity and authorization check.\r
434///\r
d1f95000 435struct _EFI_BIS_PROTOCOL {\r
436 EFI_BIS_INITIALIZE Initialize;\r
437 EFI_BIS_SHUTDOWN Shutdown;\r
438 EFI_BIS_FREE Free;\r
439 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE GetBootObjectAuthorizationCertificate;\r
440 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG GetBootObjectAuthorizationCheckFlag;\r
441 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN GetBootObjectAuthorizationUpdateToken;\r
442 EFI_BIS_GET_SIGNATURE_INFO GetSignatureInfo;\r
443 EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION UpdateBootObjectAuthorization;\r
444 EFI_BIS_VERIFY_BOOT_OBJECT VerifyBootObject;\r
445 EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL VerifyObjectWithCredential;\r
446};\r
447\r
448extern EFI_GUID gEfiBisProtocolGuid;\r
449extern EFI_GUID gBootObjectAuthorizationParmsetGuid;\r
450\r
451#endif\r
EFI Development Kit II mirror for PVE