[mirror_edk2.git] / OvmfPkg / Include / Guid / OvmfPkKek1AppPrefix.h

/** @file\r
  Declare the application prefix string as a GUID, for locating the PK/KEK1\r
  X509 certificate to enroll, in the "OEM Strings" SMBIOS table.\r
\r
  Copyright (C) 2019, Red Hat, Inc.\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
  @par Specification Reference:\r
  - https://git.qemu.org/?p=qemu.git;a=commit;h=2d6dcbf93fb0\r
  - https://libvirt.org/formatdomain.html#elementsSysinfo\r
  - https://bugs.launchpad.net/qemu/+bug/1826200\r
  - https://bugzilla.tianocore.org/show_bug.cgi?id=1747\r
**/\r
\r
#ifndef OVMF_PK_KEK1_APP_PREFIX_H_\r
#define OVMF_PK_KEK1_APP_PREFIX_H_\r
\r
#include <Uefi/UefiBaseType.h>\r
\r
//\r
// For the EnrollDefaultKeys application, the hypervisor is expected to add a\r
// string entry to the "OEM Strings" (Type 11) SMBIOS table, with the following\r
// format:\r
//\r
// 4e32566d-8e9e-4f52-81d3-5bb9715f9727:<Base64 X509 cert for PK and first KEK>\r
//\r
// The string representation of the GUID at the front is the "application\r
// prefix". It is matched by EnrollDefaultKeys case-insensitively.\r
//\r
// The base64-encoded blob following the application prefix and the colon (:)\r
// is an X509 certificate in DER representation; the hypervisor instructs\r
// EnrollDefaultKeys to enroll this certificate as both Platform Key and first\r
// Key Exchange Key.\r
//\r
#define OVMF_PK_KEK1_APP_PREFIX_GUID                    \\r
  { 0x4e32566d,                                         \\r
    0x8e9e,                                             \\r
    0x4f52,                                             \\r
    { 0x81, 0xd3, 0x5b, 0xb9, 0x71, 0x5f, 0x97, 0x27 }, \\r
  }\r
\r
extern EFI_GUID gOvmfPkKek1AppPrefixGuid;\r
\r
#endif /* OVMF_PK_KEK1_APP_PREFIX_H_ */\r
Commit	Line	Data
39240416 LE	1	/** @file\r
	2	Declare the application prefix string as a GUID, for locating the PK/KEK1\r
	3	X509 certificate to enroll, in the "OEM Strings" SMBIOS table.\r
	4	\r
	5	Copyright (C) 2019, Red Hat, Inc.\r
	6	\r
	7	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	8	\r
	9	@par Specification Reference:\r
	10	- https://git.qemu.org/?p=qemu.git;a=commit;h=2d6dcbf93fb0\r
	11	- https://libvirt.org/formatdomain.html#elementsSysinfo\r
	12	- https://bugs.launchpad.net/qemu/+bug/1826200\r
	13	- https://bugzilla.tianocore.org/show_bug.cgi?id=1747\r
	14	**/\r
	15	\r
	16	#ifndef OVMF_PK_KEK1_APP_PREFIX_H_\r
	17	#define OVMF_PK_KEK1_APP_PREFIX_H_\r
	18	\r
	19	#include <Uefi/UefiBaseType.h>\r
	20	\r
	21	//\r
	22	// For the EnrollDefaultKeys application, the hypervisor is expected to add a\r
	23	// string entry to the "OEM Strings" (Type 11) SMBIOS table, with the following\r
	24	// format:\r
	25	//\r
	26	// 4e32566d-8e9e-4f52-81d3-5bb9715f9727:<Base64 X509 cert for PK and first KEK>\r
	27	//\r
	28	// The string representation of the GUID at the front is the "application\r
	29	// prefix". It is matched by EnrollDefaultKeys case-insensitively.\r
	30	//\r
	31	// The base64-encoded blob following the application prefix and the colon (:)\r
	32	// is an X509 certificate in DER representation; the hypervisor instructs\r
	33	// EnrollDefaultKeys to enroll this certificate as both Platform Key and first\r
	34	// Key Exchange Key.\r
	35	//\r
	36	#define OVMF_PK_KEK1_APP_PREFIX_GUID \\r
	37	{ 0x4e32566d, \\r
	38	0x8e9e, \\r
	39	0x4f52, \\r
	40	{ 0x81, 0xd3, 0x5b, 0xb9, 0x71, 0x5f, 0x97, 0x27 }, \\r
	41	}\r
	42	\r
	43	extern EFI_GUID gOvmfPkKek1AppPrefixGuid;\r
	44	\r
	45	#endif /* OVMF_PK_KEK1_APP_PREFIX_H_ */\r