[mirror_edk2.git] / SecurityPkg / Include / Guid / AuthenticatedVariableFormat.h

/** @file\r
  The variable data structures are related to EDKII-specific\r
  implementation of UEFI authenticated variables.\r
  AuthenticatedVariableFormat.h defines variable data headers\r
  and variable storage region headers that has been moved to\r
  VariableFormat.h.\r
\r
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__\r
#define __AUTHENTICATED_VARIABLE_FORMAT_H__\r
\r
#include <Guid/VariableFormat.h>\r
\r
#define EFI_SECURE_BOOT_ENABLE_DISABLE \\r
  { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r
\r
extern EFI_GUID gEfiSecureBootEnableDisableGuid;\r
extern EFI_GUID gEfiCertDbGuid;\r
extern EFI_GUID gEfiCustomModeEnableGuid;\r
extern EFI_GUID gEfiVendorKeysNvGuid;\r
\r
///\r
/// "SecureBootEnable" variable for the Secure Boot feature enable/disable.\r
/// This variable is used for allowing a physically present user to disable\r
/// Secure Boot via firmware setup without the possession of PKpriv.\r
///\r
/// GUID: gEfiSecureBootEnableDisableGuid\r
///\r
/// Format: UINT8\r
///\r
#define EFI_SECURE_BOOT_ENABLE_NAME      L"SecureBootEnable"\r
#define SECURE_BOOT_ENABLE               1\r
#define SECURE_BOOT_DISABLE              0\r
\r
///\r
///  "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".\r
///  Standard Secure Boot mode is the default mode as UEFI Spec's description.\r
///  Custom Secure Boot mode allows for more flexibility as specified in the following:\r
///    Can enroll or delete PK without existing PK's private key.\r
///    Can enroll or delete KEK without existing PK's private key.\r
///    Can enroll or delete signature from DB/DBX without KEK's private key.\r
///\r
///  GUID: gEfiCustomModeEnableGuid\r
///\r
/// Format: UINT8\r
///\r
#define EFI_CUSTOM_MODE_NAME          L"CustomMode"\r
#define CUSTOM_SECURE_BOOT_MODE       1\r
#define STANDARD_SECURE_BOOT_MODE     0\r
\r
///\r
///  "VendorKeysNv" variable to record the out of band secure boot keys modification.\r
///  This variable is a read-only NV varaible that indicates whether someone other than\r
///  the platform vendor has used a mechanism not defined by the UEFI Specification to\r
///  transition the system to setup mode or to update secure boot keys.\r
///\r
///  GUID: gEfiVendorKeysNvGuid\r
///\r
/// Format: UINT8\r
///\r
#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME       L"VendorKeysNv"\r
#define VENDOR_KEYS_VALID             1\r
#define VENDOR_KEYS_MODIFIED          0\r
\r
#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__\r
Commit	Line	Data
0c18794e	1	/** @file\r
7ae77cee	2	The variable data structures are related to EDKII-specific\r
0c18794e	3	implementation of UEFI authenticated variables.\r
7ae77cee SZ	4	AuthenticatedVariableFormat.h defines variable data headers\r
	5	and variable storage region headers that has been moved to\r
	6	VariableFormat.h.\r
	7	\r
8b028036	8	Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
289b714b	9	SPDX-License-Identifier: BSD-2-Clause-Patent\r
0c18794e	10	\r
	11	**/\r
	12	\r
	13	#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__\r
	14	#define __AUTHENTICATED_VARIABLE_FORMAT_H__\r
	15	\r
7ae77cee	16	#include <Guid/VariableFormat.h>\r
0c18794e	17	\r
beda2356	18	#define EFI_SECURE_BOOT_ENABLE_DISABLE \\r
	19	{ 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r
	20	\r
beda2356	21	extern EFI_GUID gEfiSecureBootEnableDisableGuid;\r
c11d47b8	22	extern EFI_GUID gEfiCertDbGuid;\r
c11d47b8	23	extern EFI_GUID gEfiCustomModeEnableGuid;\r
a555940b	24	extern EFI_GUID gEfiVendorKeysNvGuid;\r
beda2356	25	\r
beda2356	26	///\r
8f8ca22e	27	/// "SecureBootEnable" variable for the Secure Boot feature enable/disable.\r
	28	/// This variable is used for allowing a physically present user to disable\r
	29	/// Secure Boot via firmware setup without the possession of PKpriv.\r
beda2356	30	///\r
7ae77cee SZ	31	/// GUID: gEfiSecureBootEnableDisableGuid\r
	32	///\r
	33	/// Format: UINT8\r
	34	///\r
beda2356	35	#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable"\r
	36	#define SECURE_BOOT_ENABLE 1\r
	37	#define SECURE_BOOT_DISABLE 0\r
0c18794e	38	\r
ecc722ad	39	///\r
	40	/// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".\r
	41	/// Standard Secure Boot mode is the default mode as UEFI Spec's description.\r
	42	/// Custom Secure Boot mode allows for more flexibility as specified in the following:\r
	43	/// Can enroll or delete PK without existing PK's private key.\r
	44	/// Can enroll or delete KEK without existing PK's private key.\r
	45	/// Can enroll or delete signature from DB/DBX without KEK's private key.\r
	46	///\r
7ae77cee SZ	47	/// GUID: gEfiCustomModeEnableGuid\r
	48	///\r
	49	/// Format: UINT8\r
	50	///\r
ecc722ad	51	#define EFI_CUSTOM_MODE_NAME L"CustomMode"\r
	52	#define CUSTOM_SECURE_BOOT_MODE 1\r
	53	#define STANDARD_SECURE_BOOT_MODE 0\r
	54	\r
a555940b FS	55	///\r
	56	/// "VendorKeysNv" variable to record the out of band secure boot keys modification.\r
	57	/// This variable is a read-only NV varaible that indicates whether someone other than\r
	58	/// the platform vendor has used a mechanism not defined by the UEFI Specification to\r
	59	/// transition the system to setup mode or to update secure boot keys.\r
	60	///\r
7ae77cee SZ	61	/// GUID: gEfiVendorKeysNvGuid\r
	62	///\r
	63	/// Format: UINT8\r
	64	///\r
a555940b FS	65	#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv"\r
	66	#define VENDOR_KEYS_VALID 1\r
	67	#define VENDOR_KEYS_MODIFIED 0\r
	68	\r
0c18794e	69	#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__\r