[mirror_edk2.git] / SecurityPkg / Include / Guid / AuthenticatedVariableFormat.h

/** @file\r
  The variable data structures are related to EDKII-specific \r
  implementation of UEFI authenticated variables.\r
  AuthenticatedVariableFormat.h defines variable data headers \r
  and variable storage region headers.\r
\r
Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution.  The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__\r
#define __AUTHENTICATED_VARIABLE_FORMAT_H__\r
\r
#define EFI_AUTHENTICATED_VARIABLE_GUID \\r
  { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r
\r
#define EFI_SECURE_BOOT_ENABLE_DISABLE \\r
  { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r
\r
\r
extern EFI_GUID gEfiAuthenticatedVariableGuid;\r
extern EFI_GUID gEfiSecureBootEnableDisableGuid;\r
extern EFI_GUID gEfiCertDbGuid;\r
extern EFI_GUID gEfiCustomModeEnableGuid;\r
extern EFI_GUID gEfiVendorKeysNvGuid;\r
\r
///\r
/// "SecureBootEnable" variable for the Secure Boot feature enable/disable.\r
/// This variable is used for allowing a physically present user to disable\r
/// Secure Boot via firmware setup without the possession of PKpriv.\r
///\r
#define EFI_SECURE_BOOT_ENABLE_NAME      L"SecureBootEnable"\r
#define SECURE_BOOT_ENABLE               1\r
#define SECURE_BOOT_DISABLE              0\r
\r
///\r
///  "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".\r
///  Standard Secure Boot mode is the default mode as UEFI Spec's description.\r
///  Custom Secure Boot mode allows for more flexibility as specified in the following:\r
///    Can enroll or delete PK without existing PK's private key.\r
///    Can enroll or delete KEK without existing PK's private key.\r
///    Can enroll or delete signature from DB/DBX without KEK's private key.\r
///\r
#define EFI_CUSTOM_MODE_NAME          L"CustomMode"\r
#define CUSTOM_SECURE_BOOT_MODE       1\r
#define STANDARD_SECURE_BOOT_MODE     0\r
\r
///\r
///  "VendorKeysNv" variable to record the out of band secure boot keys modification.\r
///  This variable is a read-only NV varaible that indicates whether someone other than\r
///  the platform vendor has used a mechanism not defined by the UEFI Specification to\r
///  transition the system to setup mode or to update secure boot keys.\r
///\r
#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME       L"VendorKeysNv"\r
#define VENDOR_KEYS_VALID             1\r
#define VENDOR_KEYS_MODIFIED          0\r
\r
///\r
/// Alignment of variable name and data, according to the architecture:\r
/// * For IA-32 and Intel(R) 64 architectures: 1.\r
/// * For IA-64 architecture: 8.\r
///\r
#if defined (MDE_CPU_IPF)\r
#define ALIGNMENT         8\r
#else\r
#define ALIGNMENT         1\r
#endif\r
\r
//\r
// GET_PAD_SIZE calculates the miminal pad bytes needed to make the current pad size satisfy the alignment requirement.\r
//\r
#if (ALIGNMENT == 1)\r
#define GET_PAD_SIZE(a) (0)\r
#else\r
#define GET_PAD_SIZE(a) (((~a) + 1) & (ALIGNMENT - 1))\r
#endif\r
\r
///\r
/// Alignment of Variable Data Header in Variable Store region.\r
///\r
#define HEADER_ALIGNMENT  4\r
#define HEADER_ALIGN(Header)  (((UINTN) (Header) + HEADER_ALIGNMENT - 1) & (~(HEADER_ALIGNMENT - 1)))\r
\r
///\r
/// Status of Variable Store Region.\r
///\r
typedef enum {\r
  EfiRaw,\r
  EfiValid,\r
  EfiInvalid,\r
  EfiUnknown\r
} VARIABLE_STORE_STATUS;\r
\r
#pragma pack(1)\r
\r
#define VARIABLE_STORE_SIGNATURE  EFI_AUTHENTICATED_VARIABLE_GUID\r
\r
///\r
/// Variable Store Header Format and State.\r
///\r
#define VARIABLE_STORE_FORMATTED          0x5a\r
#define VARIABLE_STORE_HEALTHY            0xfe\r
\r
///\r
/// Variable Store region header.\r
///\r
typedef struct {\r
  ///\r
  /// Variable store region signature.\r
  ///\r
  EFI_GUID  Signature;\r
  ///\r
  /// Size of entire variable store, \r
  /// including size of variable store header but not including the size of FvHeader.\r
  ///\r
  UINT32  Size;\r
  ///\r
  /// Variable region format state.\r
  ///\r
  UINT8   Format;\r
  ///\r
  /// Variable region healthy state.\r
  ///\r
  UINT8   State;\r
  UINT16  Reserved;\r
  UINT32  Reserved1;\r
} VARIABLE_STORE_HEADER;\r
\r
///\r
/// Variable data start flag.\r
///\r
#define VARIABLE_DATA                     0x55AA\r
\r
///\r
/// Variable State flags.\r
///\r
#define VAR_IN_DELETED_TRANSITION     0xfe  ///< Variable is in obsolete transition.\r
#define VAR_DELETED                   0xfd  ///< Variable is obsolete.\r
#define VAR_HEADER_VALID_ONLY         0x7f  ///< Variable header has been valid.\r
#define VAR_ADDED                     0x3f  ///< Variable has been completely added.\r
\r
///\r
/// Variable Attribute combinations.\r
///\r
#define VARIABLE_ATTRIBUTE_NV_BS        (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)\r
#define VARIABLE_ATTRIBUTE_BS_RT        (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)\r
#define VARIABLE_ATTRIBUTE_AT_AW        (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r
#define VARIABLE_ATTRIBUTE_NV_BS_RT     (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)\r
#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR  (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_HARDWARE_ERROR_RECORD)\r
#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT  (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)\r
#define VARIABLE_ATTRIBUTE_NV_BS_RT_AW  (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r
#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW    (VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT_AW)\r
\r
/// Single Variable Data Header Structure.\r
///\r
typedef struct {\r
  ///\r
  /// Variable Data Start Flag.\r
  ///\r
  UINT16      StartId;\r
  ///\r
  /// Variable State defined above.\r
  ///\r
  UINT8       State;\r
  UINT8       Reserved;\r
  ///\r
  /// Attributes of variable defined in UEFI specification.\r
  ///\r
  UINT32      Attributes;\r
  ///\r
  /// Associated monotonic count value against replay attack.\r
  ///\r
  UINT64      MonotonicCount;\r
  ///\r
  /// Associated TimeStamp value against replay attack. \r
  ///\r
  EFI_TIME    TimeStamp;\r
  ///\r
  /// Index of associated public key in database.\r
  ///\r
  UINT32      PubKeyIndex;\r
  ///\r
  /// Size of variable null-terminated Unicode string name.\r
  ///\r
  UINT32      NameSize;\r
  ///\r
  /// Size of the variable data without this header.\r
  ///\r
  UINT32      DataSize;\r
  ///\r
  /// A unique identifier for the vendor that produces and consumes this varaible.\r
  ///\r
  EFI_GUID    VendorGuid;\r
} VARIABLE_HEADER;\r
\r
typedef struct {\r
  EFI_GUID    *Guid;\r
  CHAR16      *Name;\r
  UINTN       VariableSize;\r
} VARIABLE_ENTRY_CONSISTENCY;\r
\r
#pragma pack()\r
\r
typedef struct _VARIABLE_INFO_ENTRY  VARIABLE_INFO_ENTRY;\r
\r
///\r
/// This structure contains the variable list that is put in EFI system table.\r
/// The variable driver collects all variables that were used at boot service time and produces this list.\r
/// This is an optional feature to dump all used variables in shell environment. \r
///\r
struct _VARIABLE_INFO_ENTRY {\r
  VARIABLE_INFO_ENTRY *Next;       ///< Pointer to next entry.\r
  EFI_GUID            VendorGuid;  ///< Guid of Variable.\r
  CHAR16              *Name;       ///< Name of Variable. \r
  UINT32              Attributes;  ///< Attributes of variable defined in UEFI spec.\r
  UINT32              ReadCount;   ///< Number of times to read this variable.\r
  UINT32              WriteCount;  ///< Number of times to write this variable.\r
  UINT32              DeleteCount; ///< Number of times to delete this variable.\r
  UINT32              CacheCount;  ///< Number of times that cache hits this variable.\r
  BOOLEAN             Volatile;    ///< TRUE if volatile, FALSE if non-volatile.\r
};\r
\r
#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__\r
Commit	Line	Data
0c18794e	1	/** @file\r
	2	The variable data structures are related to EDKII-specific \r
	3	implementation of UEFI authenticated variables.\r
	4	AuthenticatedVariableFormat.h defines variable data headers \r
	5	and variable storage region headers.\r
	6	\r
a555940b	7	Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
0c18794e	8	This program and the accompanying materials \r
	9	are licensed and made available under the terms and conditions of the BSD License \r
	10	which accompanies this distribution. The full text of the license may be found at \r
	11	http://opensource.org/licenses/bsd-license.php\r
	12	\r
	13	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	14	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	15	\r
	16	**/\r
	17	\r
	18	#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__\r
	19	#define __AUTHENTICATED_VARIABLE_FORMAT_H__\r
	20	\r
	21	#define EFI_AUTHENTICATED_VARIABLE_GUID \\r
	22	{ 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r
	23	\r
beda2356	24	#define EFI_SECURE_BOOT_ENABLE_DISABLE \\r
	25	{ 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r
	26	\r
	27	\r
0c18794e	28	extern EFI_GUID gEfiAuthenticatedVariableGuid;\r
beda2356	29	extern EFI_GUID gEfiSecureBootEnableDisableGuid;\r
c11d47b8	30	extern EFI_GUID gEfiCertDbGuid;\r
c11d47b8	31	extern EFI_GUID gEfiCustomModeEnableGuid;\r
a555940b	32	extern EFI_GUID gEfiVendorKeysNvGuid;\r
beda2356	33	\r
beda2356	34	///\r
8f8ca22e	35	/// "SecureBootEnable" variable for the Secure Boot feature enable/disable.\r
	36	/// This variable is used for allowing a physically present user to disable\r
	37	/// Secure Boot via firmware setup without the possession of PKpriv.\r
beda2356	38	///\r
	39	#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable"\r
	40	#define SECURE_BOOT_ENABLE 1\r
	41	#define SECURE_BOOT_DISABLE 0\r
0c18794e	42	\r
ecc722ad	43	///\r
	44	/// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".\r
	45	/// Standard Secure Boot mode is the default mode as UEFI Spec's description.\r
	46	/// Custom Secure Boot mode allows for more flexibility as specified in the following:\r
	47	/// Can enroll or delete PK without existing PK's private key.\r
	48	/// Can enroll or delete KEK without existing PK's private key.\r
	49	/// Can enroll or delete signature from DB/DBX without KEK's private key.\r
	50	///\r
	51	#define EFI_CUSTOM_MODE_NAME L"CustomMode"\r
	52	#define CUSTOM_SECURE_BOOT_MODE 1\r
	53	#define STANDARD_SECURE_BOOT_MODE 0\r
	54	\r
a555940b FS	55	///\r
	56	/// "VendorKeysNv" variable to record the out of band secure boot keys modification.\r
	57	/// This variable is a read-only NV varaible that indicates whether someone other than\r
	58	/// the platform vendor has used a mechanism not defined by the UEFI Specification to\r
	59	/// transition the system to setup mode or to update secure boot keys.\r
	60	///\r
	61	#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv"\r
	62	#define VENDOR_KEYS_VALID 1\r
	63	#define VENDOR_KEYS_MODIFIED 0\r
	64	\r
0c18794e	65	///\r
	66	/// Alignment of variable name and data, according to the architecture:\r
	67	/// * For IA-32 and Intel(R) 64 architectures: 1.\r
	68	/// * For IA-64 architecture: 8.\r
	69	///\r
	70	#if defined (MDE_CPU_IPF)\r
	71	#define ALIGNMENT 8\r
	72	#else\r
	73	#define ALIGNMENT 1\r
	74	#endif\r
	75	\r
	76	//\r
	77	// GET_PAD_SIZE calculates the miminal pad bytes needed to make the current pad size satisfy the alignment requirement.\r
	78	//\r
	79	#if (ALIGNMENT == 1)\r
	80	#define GET_PAD_SIZE(a) (0)\r
	81	#else\r
	82	#define GET_PAD_SIZE(a) (((~a) + 1) & (ALIGNMENT - 1))\r
	83	#endif\r
	84	\r
	85	///\r
	86	/// Alignment of Variable Data Header in Variable Store region.\r
	87	///\r
	88	#define HEADER_ALIGNMENT 4\r
	89	#define HEADER_ALIGN(Header) (((UINTN) (Header) + HEADER_ALIGNMENT - 1) & (~(HEADER_ALIGNMENT - 1)))\r
	90	\r
	91	///\r
	92	/// Status of Variable Store Region.\r
	93	///\r
	94	typedef enum {\r
	95	EfiRaw,\r
	96	EfiValid,\r
	97	EfiInvalid,\r
	98	EfiUnknown\r
	99	} VARIABLE_STORE_STATUS;\r
	100	\r
	101	#pragma pack(1)\r
	102	\r
	103	#define VARIABLE_STORE_SIGNATURE EFI_AUTHENTICATED_VARIABLE_GUID\r
	104	\r
	105	///\r
	106	/// Variable Store Header Format and State.\r
	107	///\r
	108	#define VARIABLE_STORE_FORMATTED 0x5a\r
	109	#define VARIABLE_STORE_HEALTHY 0xfe\r
	110	\r
	111	///\r
	112	/// Variable Store region header.\r
	113	///\r
	114	typedef struct {\r
	115	///\r
	116	/// Variable store region signature.\r
	117	///\r
	118	EFI_GUID Signature;\r
	119	///\r
	120	/// Size of entire variable store, \r
	121	/// including size of variable store header but not including the size of FvHeader.\r
	122	///\r
	123	UINT32 Size;\r
	124	///\r
	125	/// Variable region format state.\r
	126	///\r
	127	UINT8 Format;\r
	128	///\r
129	/// Variable region healthy state.\r
130	///\r
131	UINT8 State;\r
132	UINT16 Reserved;\r
133	UINT32 Reserved1;\r
134	} VARIABLE_STORE_HEADER;\r
135	\r
136	///\r
137	/// Variable data start flag.\r
138	///\r
139	#define VARIABLE_DATA 0x55AA\r
140	\r
141	///\r
142	/// Variable State flags.\r
143	///\r
144	#define VAR_IN_DELETED_TRANSITION 0xfe ///< Variable is in obsolete transition.\r
145	#define VAR_DELETED 0xfd ///< Variable is obsolete.\r
146	#define VAR_HEADER_VALID_ONLY 0x7f ///< Variable header has been valid.\r
147	#define VAR_ADDED 0x3f ///< Variable has been completely added.\r
148	\r
149	///\r
a6811666 SZ	150	/// Variable Attribute combinations.\r
	151	///\r
	152	#define VARIABLE_ATTRIBUTE_NV_BS (EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS)\r
	153	#define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_RUNTIME_ACCESS)\r
	154	#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS \| EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r
	155	#define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT \| EFI_VARIABLE_NON_VOLATILE)\r
	156	#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT \| EFI_VARIABLE_HARDWARE_ERROR_RECORD)\r
	157	#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT \| EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)\r
	158	#define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT \| EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r
	159	#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT_HR \| VARIABLE_ATTRIBUTE_AT_AW)\r
	160	\r
0c18794e	161	/// Single Variable Data Header Structure.\r
	162	///\r
	163	typedef struct {\r
	164	///\r
	165	/// Variable Data Start Flag.\r
	166	///\r
	167	UINT16 StartId;\r
	168	///\r
	169	/// Variable State defined above.\r
	170	///\r
	171	UINT8 State;\r
	172	UINT8 Reserved;\r
	173	///\r
	174	/// Attributes of variable defined in UEFI specification.\r
	175	///\r
	176	UINT32 Attributes;\r
	177	///\r
	178	/// Associated monotonic count value against replay attack.\r
	179	///\r
	180	UINT64 MonotonicCount;\r
	181	///\r
	182	/// Associated TimeStamp value against replay attack. \r
	183	///\r
	184	EFI_TIME TimeStamp;\r
	185	///\r
	186	/// Index of associated public key in database.\r
	187	///\r
	188	UINT32 PubKeyIndex;\r
	189	///\r
	190	/// Size of variable null-terminated Unicode string name.\r
	191	///\r
	192	UINT32 NameSize;\r
	193	///\r
	194	/// Size of the variable data without this header.\r
	195	///\r
	196	UINT32 DataSize;\r
	197	///\r
	198	/// A unique identifier for the vendor that produces and consumes this varaible.\r
	199	///\r
	200	EFI_GUID VendorGuid;\r
	201	} VARIABLE_HEADER;\r
	202	\r
a6811666 SZ	203	typedef struct {\r
	204	EFI_GUID *Guid;\r
	205	CHAR16 *Name;\r
	206	UINTN VariableSize;\r
	207	} VARIABLE_ENTRY_CONSISTENCY;\r
	208	\r
0c18794e	209	#pragma pack()\r
	210	\r
	211	typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY;\r
	212	\r
	213	///\r
	214	/// This structure contains the variable list that is put in EFI system table.\r
	215	/// The variable driver collects all variables that were used at boot service time and produces this list.\r
	216	/// This is an optional feature to dump all used variables in shell environment. \r
	217	///\r
	218	struct _VARIABLE_INFO_ENTRY {\r
	219	VARIABLE_INFO_ENTRY *Next; ///< Pointer to next entry.\r
	220	EFI_GUID VendorGuid; ///< Guid of Variable.\r
	221	CHAR16 *Name; ///< Name of Variable. \r
	222	UINT32 Attributes; ///< Attributes of variable defined in UEFI spec.\r
	223	UINT32 ReadCount; ///< Number of times to read this variable.\r
	224	UINT32 WriteCount; ///< Number of times to write this variable.\r
	225	UINT32 DeleteCount; ///< Number of times to delete this variable.\r
	226	UINT32 CacheCount; ///< Number of times that cache hits this variable.\r
	227	BOOLEAN Volatile; ///< TRUE if volatile, FALSE if non-volatile.\r
	228	};\r
	229	\r
	230	#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__\r