[mirror_edk2.git] / OldMdePkg / Include / Protocol / Bis.h

/** @file\r
  This file defines the BIS protocol.\r
\r
  Copyright (c) 2006, Intel Corporation                                                         \r
  All rights reserved. This program and the accompanying materials                          \r
  are licensed and made available under the terms and conditions of the BSD License         \r
  which accompanies this distribution.  The full text of the license may be found at        \r
  http://opensource.org/licenses/bsd-license.php                                            \r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     \r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             \r
\r
  Module Name:  Bis.h\r
\r
**/\r
\r
#ifndef __BIS_H__\r
#define __BIS_H__\r
\r
#define EFI_BIS_PROTOCOL_GUID \\r
  { \\r
    0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf } \\r
  }\r
\r
typedef struct _EFI_BIS_PROTOCOL  EFI_BIS_PROTOCOL;\r
\r
\r
//\r
// Basic types\r
//\r
typedef VOID    *BIS_APPLICATION_HANDLE;\r
typedef UINT16  BIS_ALG_ID;\r
typedef UINT32  BIS_CERT_ID;\r
\r
//\r
// EFI_BIS_DATA type.\r
//\r
// EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ).\r
//\r
typedef struct {\r
  UINT32  Length; // Length of Data in 8 bit bytes.\r
  UINT8   *Data;  // 32 Bit Flat Address of data.\r
} EFI_BIS_DATA;\r
\r
//\r
// EFI_BIS_VERSION type.\r
//\r
typedef struct {\r
  UINT32  Major;  // BIS Interface version number.\r
  UINT32  Minor;  // Build number.\r
} EFI_BIS_VERSION;\r
\r
//\r
// ----------------------------------------------------//\r
// Use these values to initialize EFI_BIS_VERSION.Major\r
// and to interpret results of Initialize.\r
// ----------------------------------------------------//\r
//\r
#define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1\r
#define BIS_VERSION_1             1\r
\r
//\r
// EFI_BIS_SIGNATURE_INFO type.\r
//\r
typedef struct {\r
  BIS_CERT_ID CertificateID;  // Truncated hash of platform Boot Object\r
  //  authorization certificate.\r
  //\r
  BIS_ALG_ID  AlgorithmID;  // A signature algorithm number.\r
  UINT16      KeyLength;    // Length of alg. keys in bits.\r
} EFI_BIS_SIGNATURE_INFO;\r
\r
//\r
// Currently defined values for EFI_BIS_SIGNATURE_INFO.AlgorithmID.\r
// The exact numeric values come from\r
//    "Common Data Security Architecture (CDSA) Specification".\r
//\r
#define BIS_ALG_DSA     (41)  // CSSM_ALGID_DSA\r
#define BIS_ALG_RSA_MD5 (42)  // CSSM_ALGID_MD5_WITH_RSA\r
// Currently defined values for EFI_BIS_SIGNATURE_INFO.CertificateId.\r
//\r
#define BIS_CERT_ID_DSA     BIS_ALG_DSA     // CSSM_ALGID_DSA\r
#define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA\r
// The  following  is a mask value that gets applied to the truncated hash of a\r
// platform  Boot Object Authorization Certificate to create the certificateID.\r
// A certificateID must not have any bits set to the value 1 other than bits in\r
// this mask.\r
//\r
#define BIS_CERT_ID_MASK  (0xFF7F7FFF)\r
\r
//\r
// Macros for dealing with the EFI_BIS_DATA object obtained\r
// from BIS_GetSignatureInfo()\r
// BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO\r
//  elements are contained in a EFI_BIS_DATA struct pointed to\r
//  by the provided EFI_BIS_DATA*.\r
//\r
#define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO))\r
\r
//\r
// BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO*\r
//  from a given EFI_BIS_DATA*.\r
//\r
#define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data)\r
\r
//\r
// Binary Value of "X-Intel-BIS-ParameterSet" Attribute.\r
// (Value is Base64 encoded in actual signed manifest).\r
// {EDD35E31-07B9-11d2-83A3-00A0C91FADCF}\r
//\r
#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r
  { \\r
    0xedd35e31, 0x7b9, 0x11d2, \\r
    { \\r
      0x83, 0xa3, 0x0, 0xa0, 0xc9, 0x1f, 0xad, 0xcf \\r
    } \\r
  }\r
\r
//\r
// Support old name for backward compatible\r
//\r
#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \\r
        BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID\r
\r
/**                                                                 \r
  Initializes the BIS service, checking that it is compatible with the version requested by the caller.\r
  After this call, other BIS functions may be invoked.                                                 \r
    \r
  @param  This                     A pointer to the EFI_BIS_PROTOCOL object.\r
  @param  AppHandle                The function writes the new BIS_APPLICATION_HANDLE if           \r
                                   successful, otherwise it writes NULL. The caller must eventually\r
                                   destroy this handle by calling Shutdown().                      \r
  @param  InterfaceVersion         On input, the caller supplies the major version number of the\r
                                   interface version desired.                                   \r
                                   On output, both the major and minor                         \r
                                   version numbers are updated with the major and minor version\r
                                   numbers of the interface                                    \r
  @param  TargetAddress            Indicates a network or device address of the BIS platform to connect to.                                                                 \r
\r
  @retval EFI_SUCCESS              The function completed successfully.\r
  @retval EFI_INCOMPATIBLE_VERSION The InterfaceVersion.Major requested by the                \r
                                   caller was not compatible with the interface version of the\r
  @retval EFI_UNSUPPORTED          This is a local-platform implementation and        \r
                                   TargetAddress.Data was not NULL, or                \r
                                   TargetAddress.Data was any other value that was not\r
                                   supported by the implementation.                   \r
  @retval EFI_OUT_OF_RESOURCES     The function failed due to lack of memory or other resources.                              \r
  @retval EFI_DEVICE_ERROR         The function encountered an unexpected internal failure.\r
  @retval EFI_INVALID_PARAMETER    One or more parameters are invalid.\r
                                          \r
**/                                       \r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_BIS_INITIALIZE) (\r
  IN     EFI_BIS_PROTOCOL        *This,              \r
  OUT    BIS_APPLICATION_HANDLE  *AppHandle,         \r
  IN OUT EFI_BIS_VERSION         *InterfaceVersion,  \r
  IN     EFI_BIS_DATA            *TargetAddress      \r
  );\r
\r
/**                                                                 \r
  Frees memory structures allocated and returned by other functions in the EFI_BIS protocol.  \r
      \r
  @param  AppHandle                An opaque handle that identifies the caller's instance of initialization\r
                                   of the BIS service.                                                                                         \r
  @param  ToFree                   An EFI_BIS_DATA* and associated memory block to be freed.\r
\r
  @retval EFI_SUCCESS              The function completed successfully.\r
  @retval EFI_NO_MAPPING           The AppHandle parameter is not or is no longer a valid\r
                                   application instance handle associated with the EFI_BIS protocol.                                     \r
  @retval EFI_OUT_OF_RESOURCES     The function failed due to lack of memory or other resources.                                \r
  @retval EFI_INVALID_PARAMETER    The ToFree parameter is not or is no longer a memory resource\r
                                   associated with this AppHandle.                              \r
                                           \r
**/     \r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_BIS_FREE) (\r
  IN BIS_APPLICATION_HANDLE  AppHandle,               \r
  IN EFI_BIS_DATA            *ToFree                  \r
  );\r
\r
/**                                                                 \r
  Shuts down an application's instance of the BIS service, invalidating the application handle. After\r
  this call, other BIS functions may no longer be invoked using the application handle value.         \r
      \r
  @param  AppHandle                An opaque handle that identifies the caller's instance of initialization\r
                                   of the BIS service.                                                                                           \r
\r
  @retval EFI_SUCCESS              The function completed successfully.\r
  @retval EFI_NO_MAPPING           The AppHandle parameter is not or is no longer a valid\r
                                   application instance handle associated with the EFI_BIS protocol.                                     \r
  @retval EFI_OUT_OF_RESOURCES     The function failed due to lack of memory or other resources.                                \r
  @retval EFI_DEVICE_ERROR         The function encountered an unexpected internal failure.  \r
                                           \r
**/   \r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_BIS_SHUTDOWN) (\r
  IN BIS_APPLICATION_HANDLE  AppHandle               \r
  );\r
\r
/**                                                                 \r
  Retrieves the certificate that has been configured as the identity of the organization designated as\r
  the source of authorization for signatures of boot objects.\r
      \r
  @param  AppHandle                An opaque handle that identifies the caller's instance of initialization\r
                                   of the BIS service.                                                                                           \r
  @param  Certificate              The function writes an allocated EFI_BIS_DATA* containing the Boot\r
                                   Object Authorization Certificate object.                            \r
\r
  @retval EFI_SUCCESS              The function completed successfully.\r
  @retval EFI_NO_MAPPING           The AppHandle parameter is not or is no longer a valid\r
                                   application instance handle associated with the EFI_BIS protocol.                                     \r
  @retval EFI_NOT_FOUND            There is no Boot Object Authorization Certificate currently installed.                        \r
  @retval EFI_OUT_OF_RESOURCES     The function failed due to lack of memory or other resources.                                \r
  @retval EFI_INVALID_PARAMETER    The Certificate parameter supplied by the caller is NULL or\r
                                   an invalid memory reference.                                       \r
                                   \r
**/ \r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE) (\r
  IN  BIS_APPLICATION_HANDLE  AppHandle,              \r
  OUT EFI_BIS_DATA            **Certificate           \r
  );\r
\r
/**                                                                 \r
  Verifies the integrity and authorization of the indicated data object according to the\r
  indicated credentials.                                                                \r
      \r
  @param  AppHandle                An opaque handle that identifies the caller's instance of initialization\r
                                   of the BIS service.                                                                                           \r
  @param  Credentials              A Signed Manifest containing verification information for the indicated\r
                                   data object.                                                            \r
  @param  DataObject               An in-memory copy of the raw data object to be verified.\r
  @param  IsVerified               The function writes TRUE if the verification succeeded, otherwise\r
                                   FALSE.                                                           \r
                                   \r
  @retval EFI_SUCCESS              The function completed successfully.\r
  @retval EFI_NO_MAPPING           The AppHandle parameter is not or is no longer a valid\r
                                   application instance handle associated with the EFI_BIS protocol.                                       \r
  @retval EFI_OUT_OF_RESOURCES     The function failed due to lack of memory or other resources.                                \r
  @retval EFI_INVALID_PARAMETER    One or more parameters are invalid.\r
  @retval EFI_SECURITY_VIOLATION   The signed manifest supplied as the Credentials parameter\r
                                   was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r
  @retval EFI_DEVICE_ERROR         An unexpected internal error occurred.                           \r
                                   \r
**/ \r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT) (\r
  IN  BIS_APPLICATION_HANDLE AppHandle,               \r
  IN  EFI_BIS_DATA           *Credentials,            \r
  IN  EFI_BIS_DATA           *DataObject,             \r
  OUT BOOLEAN                *IsVerified              \r
  );\r
\r
/**                                                                 \r
  Retrieves the current status of the Boot Authorization Check Flag.\r
      \r
  @param  AppHandle                An opaque handle that identifies the caller's instance of initialization\r
                                   of the BIS service.                                                                                           \r
  @param  CheckIsRequired          The function writes the value TRUE if a Boot Authorization Check is\r
                                   currently required on this platform, otherwise the function writes \r
                                   FALSE.                                                             \r
                                   \r
  @retval EFI_SUCCESS              The function completed successfully.\r
  @retval EFI_NO_MAPPING           The AppHandle parameter is not or is no longer a valid\r
                                   application instance handle associated with the EFI_BIS protocol.                                       \r
  @retval EFI_OUT_OF_RESOURCES     The function failed due to lack of memory or other resources.                                \r
  @retval EFI_INVALID_PARAMETER    The CheckIsRequired parameter supplied by the caller is\r
                                   NULL or an invalid memory reference.                   \r
                                   \r
**/ \r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG) (\r
  IN  BIS_APPLICATION_HANDLE  AppHandle,             \r
  OUT BOOLEAN                 *CheckIsRequired       \r
  );\r
\r
/**                                                                 \r
  Retrieves a unique token value to be included in the request credential for the next update of any\r
  parameter in the Boot Object Authorization set                                                    \r
      \r
  @param  AppHandle                An opaque handle that identifies the caller's instance of initialization\r
                                   of the BIS service.                                                                                           \r
  @param  UpdateToken              The function writes an allocated EFI_BIS_DATA* containing the new\r
                                   unique update token value.                                                                          \r
                                   \r
  @retval EFI_SUCCESS              The function completed successfully.\r
  @retval EFI_NO_MAPPING           The AppHandle parameter is not or is no longer a valid\r
                                   application instance handle associated with the EFI_BIS protocol.                                       \r
  @retval EFI_OUT_OF_RESOURCES     The function failed due to lack of memory or other resources.                                \r
  @retval EFI_INVALID_PARAMETER    The UpdateToken parameter supplied by the caller is NULL or\r
                                   an invalid memory reference.        \r
  @retval EFI_DEVICE_ERROR         An unexpected internal error occurred.                                                            \r
                                   \r
**/ \r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN) (\r
  IN  BIS_APPLICATION_HANDLE  AppHandle,              \r
  OUT EFI_BIS_DATA            **UpdateToken           \r
  );\r
\r
/**                                                                 \r
  Updates one of the configurable parameters of the Boot Object Authorization set.\r
      \r
  @param  AppHandle                An opaque handle that identifies the caller's instance of initialization\r
                                   of the BIS service.                                                                                           \r
  @param  RequestCredential        This is a Signed Manifest with embedded attributes that carry the details\r
                                   of the requested update.                                                 \r
  @param  NewUpdateToken           The function writes an allocated EFI_BIS_DATA* containing the new                        \r
                                   unique update token value.                                       \r
                                   \r
  @retval EFI_SUCCESS              The function completed successfully.                                                \r
  @retval EFI_NO_MAPPING           The AppHandle parameter is not or is no longer a valid                              \r
                                   application instance handle associated with the EFI_BIS protocol.                   \r
  @retval EFI_OUT_OF_RESOURCES     The function failed due to lack of memory or other resources.                       \r
  @retval EFI_INVALID_PARAMETER    One or more parameters are invalid.                                                 \r
  @retval EFI_SECURITY_VIOLATION   The signed manifest supplied as the RequestCredential parameter                           \r
                                   was invalid (could not be parsed) or Platform-specific authorization failed, etc.   \r
  @retval EFI_DEVICE_ERROR         An unexpected internal error occurred.                                                                                                                                                                   \r
                                   \r
**/ \r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION) (\r
  IN  BIS_APPLICATION_HANDLE AppHandle,               \r
  IN  EFI_BIS_DATA           *RequestCredential,      \r
  OUT EFI_BIS_DATA           **NewUpdateToken         \r
  );\r
\r
/**                                                                 \r
  Verifies the integrity and authorization of the indicated data object according to the indicated\r
  credentials and authority certificate.                                                          \r
      \r
  @param  AppHandle                An opaque handle that identifies the caller's instance of initialization\r
                                   of the BIS service.                                                                                           \r
  @param  Credentials              A Signed Manifest containing verification information for the\r
                                   indicated data object.                                       \r
  @param  DataObject               An in-memory copy of the raw data object to be verified.\r
  @param  SectionName              An ASCII (not Unicode) string giving the section name in the  \r
                                   manifest holding the verification information (in other words,\r
                                   hash value) that corresponds to DataObject.                             \r
  @param  AuthorityCertificate     A digital certificate whose public key must match the signer's                              \r
                                   public key which is found in the credentials.                  \r
  @param  IsVerified               The function writes TRUE if the verification was successful.\r
                                   Otherwise, the function writes FALSE.                       \r
                                   \r
  @retval EFI_SUCCESS              The function completed successfully.                                                \r
  @retval EFI_NO_MAPPING           The AppHandle parameter is not or is no longer a valid                              \r
                                   application instance handle associated with the EFI_BIS protocol.                   \r
  @retval EFI_OUT_OF_RESOURCES     The function failed due to lack of memory or other resources.                       \r
  @retval EFI_INVALID_PARAMETER    One or more parameters are invalid.                                                 \r
  @retval EFI_SECURITY_VIOLATION   The Credentials.Data supplied by the caller is NULL,\r
                                   or the AuthorityCertificate supplied by the caller was \r
                                   invalid (could not be parsed),                      \r
                                   or Platform-specific authorization failed, etc.   \r
  @retval EFI_DEVICE_ERROR         An unexpected internal error occurred.                                                                                                                                                                   \r
                                   \r
**/ \r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL) (\r
  IN  BIS_APPLICATION_HANDLE AppHandle,              \r
  IN  EFI_BIS_DATA           *Credentials,           \r
  IN  EFI_BIS_DATA           *DataObject,            \r
  IN  EFI_BIS_DATA           *SectionName,           \r
  IN  EFI_BIS_DATA           *AuthorityCertificate,  \r
  OUT BOOLEAN                *IsVerified             \r
  );\r
\r
/**                                                                 \r
  Retrieves a list of digital certificate identifier, digital signature algorithm, hash algorithm, and keylength\r
  combinations that the platform supports.                                                                      \r
      \r
  @param  AppHandle                An opaque handle that identifies the caller's instance of initialization\r
                                   of the BIS service.                                                                                           \r
  @param  SignatureInfo            The function writes an allocated EFI_BIS_DATA* containing the array\r
                                   of EFI_BIS_SIGNATURE_INFO structures representing the supported    \r
                                   digital certificate identifier, algorithm, and key length combinations.                                   \r
                                   \r
  @retval EFI_SUCCESS              The function completed successfully.                                                \r
  @retval EFI_NO_MAPPING           The AppHandle parameter is not or is no longer a valid                              \r
                                   application instance handle associated with the EFI_BIS protocol.                   \r
  @retval EFI_OUT_OF_RESOURCES     The function failed due to lack of memory or other resources.                       \r
  @retval EFI_INVALID_PARAMETER    The SignatureInfo parameter supplied by the caller is NULL\r
                                   or an invalid memory reference.                           \r
  @retval EFI_DEVICE_ERROR         An unexpected internal error occurred.                                                                                                                                                                   \r
                                   \r
**/\r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO) (\r
  IN  BIS_APPLICATION_HANDLE  AppHandle,           \r
  OUT EFI_BIS_DATA            **SignatureInfo      \r
  );\r
\r
struct _EFI_BIS_PROTOCOL {\r
  EFI_BIS_INITIALIZE                                  Initialize;\r
  EFI_BIS_SHUTDOWN                                    Shutdown;\r
  EFI_BIS_FREE                                        Free;\r
  EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE   GetBootObjectAuthorizationCertificate;\r
  EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG     GetBootObjectAuthorizationCheckFlag;\r
  EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN  GetBootObjectAuthorizationUpdateToken;\r
  EFI_BIS_GET_SIGNATURE_INFO                          GetSignatureInfo;\r
  EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION            UpdateBootObjectAuthorization;\r
  EFI_BIS_VERIFY_BOOT_OBJECT                          VerifyBootObject;\r
  EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL               VerifyObjectWithCredential;\r
};\r
\r
extern EFI_GUID gEfiBisProtocolGuid;\r
extern EFI_GUID gBootObjectAuthorizationParmsetGuid;\r
\r
#endif\r
Commit	Line	Data
878ddf1f	1	/** @file\r
	2	This file defines the BIS protocol.\r
	3	\r
	4	Copyright (c) 2006, Intel Corporation \r
	5	All rights reserved. This program and the accompanying materials \r
	6	are licensed and made available under the terms and conditions of the BSD License \r
	7	which accompanies this distribution. The full text of the license may be found at \r
	8	http://opensource.org/licenses/bsd-license.php \r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
	12	\r
	13	Module Name: Bis.h\r
	14	\r
	15	**/\r
	16	\r
	17	#ifndef __BIS_H__\r
	18	#define __BIS_H__\r
	19	\r
	20	#define EFI_BIS_PROTOCOL_GUID \\r
	21	{ \\r
	22	0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf } \\r
	23	}\r
	24	\r
	25	typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL;\r
	26	\r
	27	\r
	28	//\r
	29	// Basic types\r
	30	//\r
	31	typedef VOID *BIS_APPLICATION_HANDLE;\r
	32	typedef UINT16 BIS_ALG_ID;\r
	33	typedef UINT32 BIS_CERT_ID;\r
	34	\r
	35	//\r
	36	// EFI_BIS_DATA type.\r
	37	//\r
	38	// EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ).\r
	39	//\r
	40	typedef struct {\r
	41	UINT32 Length; // Length of Data in 8 bit bytes.\r
	42	UINT8 *Data; // 32 Bit Flat Address of data.\r
	43	} EFI_BIS_DATA;\r
	44	\r
	45	//\r
	46	// EFI_BIS_VERSION type.\r
	47	//\r
	48	typedef struct {\r
	49	UINT32 Major; // BIS Interface version number.\r
	50	UINT32 Minor; // Build number.\r
	51	} EFI_BIS_VERSION;\r
	52	\r
	53	//\r
	54	// ----------------------------------------------------//\r
	55	// Use these values to initialize EFI_BIS_VERSION.Major\r
	56	// and to interpret results of Initialize.\r
	57	// ----------------------------------------------------//\r
	58	//\r
	59	#define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1\r
	60	#define BIS_VERSION_1 1\r
	61	\r
	62	//\r
	63	// EFI_BIS_SIGNATURE_INFO type.\r
	64	//\r
65	typedef struct {\r
66	BIS_CERT_ID CertificateID; // Truncated hash of platform Boot Object\r
67	// authorization certificate.\r
68	//\r
69	BIS_ALG_ID AlgorithmID; // A signature algorithm number.\r
70	UINT16 KeyLength; // Length of alg. keys in bits.\r
71	} EFI_BIS_SIGNATURE_INFO;\r
72	\r
73	//\r
74	// Currently defined values for EFI_BIS_SIGNATURE_INFO.AlgorithmID.\r
75	// The exact numeric values come from\r
76	// "Common Data Security Architecture (CDSA) Specification".\r
77	//\r
78	#define BIS_ALG_DSA (41) // CSSM_ALGID_DSA\r
79	#define BIS_ALG_RSA_MD5 (42) // CSSM_ALGID_MD5_WITH_RSA\r
80	// Currently defined values for EFI_BIS_SIGNATURE_INFO.CertificateId.\r
81	//\r
82	#define BIS_CERT_ID_DSA BIS_ALG_DSA // CSSM_ALGID_DSA\r
83	#define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA\r
84	// The following is a mask value that gets applied to the truncated hash of a\r
85	// platform Boot Object Authorization Certificate to create the certificateID.\r
86	// A certificateID must not have any bits set to the value 1 other than bits in\r
87	// this mask.\r
88	//\r
89	#define BIS_CERT_ID_MASK (0xFF7F7FFF)\r
90	\r
91	//\r
92	// Macros for dealing with the EFI_BIS_DATA object obtained\r
93	// from BIS_GetSignatureInfo()\r
94	// BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO\r
95	// elements are contained in a EFI_BIS_DATA struct pointed to\r
96	// by the provided EFI_BIS_DATA*.\r
97	//\r
98	#define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO))\r
99	\r
100	//\r
101	// BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO*\r
102	// from a given EFI_BIS_DATA*.\r
103	//\r
104	#define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data)\r
105	\r
106	//\r
107	// Binary Value of "X-Intel-BIS-ParameterSet" Attribute.\r
108	// (Value is Base64 encoded in actual signed manifest).\r
109	// {EDD35E31-07B9-11d2-83A3-00A0C91FADCF}\r
110	//\r
111	#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r
112	{ \\r
113	0xedd35e31, 0x7b9, 0x11d2, \\r
114	{ \\r
115	0x83, 0xa3, 0x0, 0xa0, 0xc9, 0x1f, 0xad, 0xcf \\r
116	} \\r
117	}\r
118	\r
119	//\r
120	// Support old name for backward compatible\r
121	//\r
122	#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \\r
123	BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID\r
124	\r
125	/** \r
126	Initializes the BIS service, checking that it is compatible with the version requested by the caller.\r
127	After this call, other BIS functions may be invoked. \r
128	\r
129	@param This A pointer to the EFI_BIS_PROTOCOL object.\r
130	@param AppHandle The function writes the new BIS_APPLICATION_HANDLE if \r
131	successful, otherwise it writes NULL. The caller must eventually\r
132	destroy this handle by calling Shutdown(). \r
133	@param InterfaceVersion On input, the caller supplies the major version number of the\r
134	interface version desired. \r
135	On output, both the major and minor \r
136	version numbers are updated with the major and minor version\r
137	numbers of the interface \r
138	@param TargetAddress Indicates a network or device address of the BIS platform to connect to. \r
0647c9ad	139	\r
878ddf1f	140	@retval EFI_SUCCESS The function completed successfully.\r
	141	@retval EFI_INCOMPATIBLE_VERSION The InterfaceVersion.Major requested by the \r
	142	caller was not compatible with the interface version of the\r
	143	@retval EFI_UNSUPPORTED This is a local-platform implementation and \r
	144	TargetAddress.Data was not NULL, or \r
	145	TargetAddress.Data was any other value that was not\r
	146	supported by the implementation. \r
	147	@retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r
	148	@retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure.\r
	149	@retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
	150	\r
	151	**/ \r
	152	typedef\r
	153	EFI_STATUS\r
	154	(EFIAPI *EFI_BIS_INITIALIZE) (\r
	155	IN EFI_BIS_PROTOCOL *This, \r
	156	OUT BIS_APPLICATION_HANDLE *AppHandle, \r
	157	IN OUT EFI_BIS_VERSION *InterfaceVersion, \r
	158	IN EFI_BIS_DATA *TargetAddress \r
	159	);\r
	160	\r
	161	/** \r
	162	Frees memory structures allocated and returned by other functions in the EFI_BIS protocol. \r
	163	\r
511710d6	164	@param AppHandle An opaque handle that identifies the caller's instance of initialization\r
878ddf1f	165	of the BIS service. \r
878ddf1f	166	@param ToFree An EFI_BIS_DATA* and associated memory block to be freed.\r
0647c9ad	167	\r
878ddf1f	168	@retval EFI_SUCCESS The function completed successfully.\r
	169	@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
	170	application instance handle associated with the EFI_BIS protocol. \r
	171	@retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r
	172	@retval EFI_INVALID_PARAMETER The ToFree parameter is not or is no longer a memory resource\r
	173	associated with this AppHandle. \r
	174	\r
	175	**/ \r
	176	typedef\r
	177	EFI_STATUS\r
	178	(EFIAPI *EFI_BIS_FREE) (\r
	179	IN BIS_APPLICATION_HANDLE AppHandle, \r
	180	IN EFI_BIS_DATA *ToFree \r
	181	);\r
	182	\r
	183	/** \r
511710d6	184	Shuts down an application's instance of the BIS service, invalidating the application handle. After\r
878ddf1f	185	this call, other BIS functions may no longer be invoked using the application handle value. \r
878ddf1f	186	\r
511710d6	187	@param AppHandle An opaque handle that identifies the caller's instance of initialization\r
878ddf1f	188	of the BIS service. \r
0647c9ad	189	\r
878ddf1f	190	@retval EFI_SUCCESS The function completed successfully.\r
	191	@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
	192	application instance handle associated with the EFI_BIS protocol. \r
	193	@retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r
	194	@retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure. \r
	195	\r
	196	**/ \r
	197	typedef\r
	198	EFI_STATUS\r
	199	(EFIAPI *EFI_BIS_SHUTDOWN) (\r
	200	IN BIS_APPLICATION_HANDLE AppHandle \r
	201	);\r
	202	\r
	203	/** \r
	204	Retrieves the certificate that has been configured as the identity of the organization designated as\r
	205	the source of authorization for signatures of boot objects.\r
	206	\r
511710d6	207	@param AppHandle An opaque handle that identifies the caller's instance of initialization\r
878ddf1f	208	of the BIS service. \r
	209	@param Certificate The function writes an allocated EFI_BIS_DATA* containing the Boot\r
	210	Object Authorization Certificate object. \r
0647c9ad	211	\r
878ddf1f	212	@retval EFI_SUCCESS The function completed successfully.\r
	213	@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
	214	application instance handle associated with the EFI_BIS protocol. \r
	215	@retval EFI_NOT_FOUND There is no Boot Object Authorization Certificate currently installed. \r
	216	@retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r
	217	@retval EFI_INVALID_PARAMETER The Certificate parameter supplied by the caller is NULL or\r
	218	an invalid memory reference. \r
	219	\r
	220	**/ \r
	221	typedef\r
	222	EFI_STATUS\r
	223	(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE) (\r
	224	IN BIS_APPLICATION_HANDLE AppHandle, \r
	225	OUT EFI_BIS_DATA **Certificate \r
	226	);\r
	227	\r
	228	/** \r
	229	Verifies the integrity and authorization of the indicated data object according to the\r
	230	indicated credentials. \r
	231	\r
511710d6	232	@param AppHandle An opaque handle that identifies the caller's instance of initialization\r
878ddf1f	233	of the BIS service. \r
	234	@param Credentials A Signed Manifest containing verification information for the indicated\r
	235	data object. \r
	236	@param DataObject An in-memory copy of the raw data object to be verified.\r
	237	@param IsVerified The function writes TRUE if the verification succeeded, otherwise\r
	238	FALSE. \r
	239	\r
	240	@retval EFI_SUCCESS The function completed successfully.\r
	241	@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
	242	application instance handle associated with the EFI_BIS protocol. \r
	243	@retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r
	244	@retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
	245	@retval EFI_SECURITY_VIOLATION The signed manifest supplied as the Credentials parameter\r
	246	was invalid (could not be parsed) or Platform-specific authorization failed, etc.\r
	247	@retval EFI_DEVICE_ERROR An unexpected internal error occurred. \r
	248	\r
	249	**/ \r
	250	typedef\r
	251	EFI_STATUS\r
	252	(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT) (\r
	253	IN BIS_APPLICATION_HANDLE AppHandle, \r
	254	IN EFI_BIS_DATA *Credentials, \r
	255	IN EFI_BIS_DATA *DataObject, \r
	256	OUT BOOLEAN *IsVerified \r
	257	);\r
	258	\r
	259	/** \r
	260	Retrieves the current status of the Boot Authorization Check Flag.\r
	261	\r
511710d6	262	@param AppHandle An opaque handle that identifies the caller's instance of initialization\r
878ddf1f	263	of the BIS service. \r
	264	@param CheckIsRequired The function writes the value TRUE if a Boot Authorization Check is\r
	265	currently required on this platform, otherwise the function writes \r
	266	FALSE. \r
	267	\r
	268	@retval EFI_SUCCESS The function completed successfully.\r
	269	@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
	270	application instance handle associated with the EFI_BIS protocol. \r
	271	@retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r
	272	@retval EFI_INVALID_PARAMETER The CheckIsRequired parameter supplied by the caller is\r
	273	NULL or an invalid memory reference. \r
	274	\r
	275	**/ \r
	276	typedef\r
	277	EFI_STATUS\r
	278	(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG) (\r
	279	IN BIS_APPLICATION_HANDLE AppHandle, \r
	280	OUT BOOLEAN *CheckIsRequired \r
	281	);\r
	282	\r
	283	/** \r
	284	Retrieves a unique token value to be included in the request credential for the next update of any\r
	285	parameter in the Boot Object Authorization set \r
	286	\r
511710d6	287	@param AppHandle An opaque handle that identifies the caller's instance of initialization\r
878ddf1f	288	of the BIS service. \r
	289	@param UpdateToken The function writes an allocated EFI_BIS_DATA* containing the new\r
	290	unique update token value. \r
	291	\r
	292	@retval EFI_SUCCESS The function completed successfully.\r
	293	@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid\r
	294	application instance handle associated with the EFI_BIS protocol. \r
	295	@retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r
	296	@retval EFI_INVALID_PARAMETER The UpdateToken parameter supplied by the caller is NULL or\r
	297	an invalid memory reference. \r
	298	@retval EFI_DEVICE_ERROR An unexpected internal error occurred. \r
	299	\r
	300	**/ \r
	301	typedef\r
	302	EFI_STATUS\r
	303	(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN) (\r
	304	IN BIS_APPLICATION_HANDLE AppHandle, \r
	305	OUT EFI_BIS_DATA **UpdateToken \r
	306	);\r
	307	\r
	308	/** \r
	309	Updates one of the configurable parameters of the Boot Object Authorization set.\r
	310	\r
511710d6	311	@param AppHandle An opaque handle that identifies the caller's instance of initialization\r
878ddf1f	312	of the BIS service. \r
	313	@param RequestCredential This is a Signed Manifest with embedded attributes that carry the details\r
	314	of the requested update. \r
	315	@param NewUpdateToken The function writes an allocated EFI_BIS_DATA* containing the new \r
	316	unique update token value. \r
	317	\r
	318	@retval EFI_SUCCESS The function completed successfully. \r
	319	@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid \r
	320	application instance handle associated with the EFI_BIS protocol. \r
	321	@retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r
	322	@retval EFI_INVALID_PARAMETER One or more parameters are invalid. \r
	323	@retval EFI_SECURITY_VIOLATION The signed manifest supplied as the RequestCredential parameter \r
	324	was invalid (could not be parsed) or Platform-specific authorization failed, etc. \r
	325	@retval EFI_DEVICE_ERROR An unexpected internal error occurred. \r
	326	\r
	327	**/ \r
	328	typedef\r
	329	EFI_STATUS\r
	330	(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION) (\r
	331	IN BIS_APPLICATION_HANDLE AppHandle, \r
	332	IN EFI_BIS_DATA *RequestCredential, \r
	333	OUT EFI_BIS_DATA **NewUpdateToken \r
	334	);\r
	335	\r
	336	/** \r
	337	Verifies the integrity and authorization of the indicated data object according to the indicated\r
	338	credentials and authority certificate. \r
	339	\r
511710d6	340	@param AppHandle An opaque handle that identifies the caller's instance of initialization\r
878ddf1f	341	of the BIS service. \r
	342	@param Credentials A Signed Manifest containing verification information for the\r
	343	indicated data object. \r
	344	@param DataObject An in-memory copy of the raw data object to be verified.\r
	345	@param SectionName An ASCII (not Unicode) string giving the section name in the \r
	346	manifest holding the verification information (in other words,\r
	347	hash value) that corresponds to DataObject. \r
511710d6	348	@param AuthorityCertificate A digital certificate whose public key must match the signer's \r
878ddf1f	349	public key which is found in the credentials. \r
	350	@param IsVerified The function writes TRUE if the verification was successful.\r
	351	Otherwise, the function writes FALSE. \r
	352	\r
	353	@retval EFI_SUCCESS The function completed successfully. \r
	354	@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid \r
	355	application instance handle associated with the EFI_BIS protocol. \r
	356	@retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r
	357	@retval EFI_INVALID_PARAMETER One or more parameters are invalid. \r
	358	@retval EFI_SECURITY_VIOLATION The Credentials.Data supplied by the caller is NULL,\r
	359	or the AuthorityCertificate supplied by the caller was \r
	360	invalid (could not be parsed), \r
	361	or Platform-specific authorization failed, etc. \r
	362	@retval EFI_DEVICE_ERROR An unexpected internal error occurred. \r
	363	\r
	364	**/ \r
	365	typedef\r
	366	EFI_STATUS\r
	367	(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL) (\r
	368	IN BIS_APPLICATION_HANDLE AppHandle, \r
	369	IN EFI_BIS_DATA *Credentials, \r
	370	IN EFI_BIS_DATA *DataObject, \r
	371	IN EFI_BIS_DATA *SectionName, \r
	372	IN EFI_BIS_DATA *AuthorityCertificate, \r
	373	OUT BOOLEAN *IsVerified \r
	374	);\r
	375	\r
	376	/** \r
	377	Retrieves a list of digital certificate identifier, digital signature algorithm, hash algorithm, and keylength\r
	378	combinations that the platform supports. \r
	379	\r
511710d6	380	@param AppHandle An opaque handle that identifies the caller's instance of initialization\r
878ddf1f	381	of the BIS service. \r
	382	@param SignatureInfo The function writes an allocated EFI_BIS_DATA* containing the array\r
	383	of EFI_BIS_SIGNATURE_INFO structures representing the supported \r
	384	digital certificate identifier, algorithm, and key length combinations. \r
	385	\r
	386	@retval EFI_SUCCESS The function completed successfully. \r
	387	@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid \r
	388	application instance handle associated with the EFI_BIS protocol. \r
	389	@retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources. \r
	390	@retval EFI_INVALID_PARAMETER The SignatureInfo parameter supplied by the caller is NULL\r
	391	or an invalid memory reference. \r
	392	@retval EFI_DEVICE_ERROR An unexpected internal error occurred. \r
	393	\r
	394	**/\r
	395	typedef\r
	396	EFI_STATUS\r
	397	(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO) (\r
	398	IN BIS_APPLICATION_HANDLE AppHandle, \r
	399	OUT EFI_BIS_DATA **SignatureInfo \r
	400	);\r
	401	\r
	402	struct _EFI_BIS_PROTOCOL {\r
	403	EFI_BIS_INITIALIZE Initialize;\r
	404	EFI_BIS_SHUTDOWN Shutdown;\r
	405	EFI_BIS_FREE Free;\r
	406	EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE GetBootObjectAuthorizationCertificate;\r
	407	EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG GetBootObjectAuthorizationCheckFlag;\r
	408	EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN GetBootObjectAuthorizationUpdateToken;\r
	409	EFI_BIS_GET_SIGNATURE_INFO GetSignatureInfo;\r
	410	EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION UpdateBootObjectAuthorization;\r
	411	EFI_BIS_VERIFY_BOOT_OBJECT VerifyBootObject;\r
	412	EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL VerifyObjectWithCredential;\r
	413	};\r
	414	\r
	415	extern EFI_GUID gEfiBisProtocolGuid;\r
	416	extern EFI_GUID gBootObjectAuthorizationParmsetGuid;\r
	417	\r
	418	#endif\r