]>
Commit | Line | Data |
---|---|---|
0c18794e | 1 | /** @file\r |
2 | The variable data structures are related to EDKII-specific \r | |
3 | implementation of UEFI authenticated variables.\r | |
4 | AuthenticatedVariableFormat.h defines variable data headers \r | |
5 | and variable storage region headers.\r | |
6 | \r | |
a555940b | 7 | Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r |
0c18794e | 8 | This program and the accompanying materials \r |
9 | are licensed and made available under the terms and conditions of the BSD License \r | |
10 | which accompanies this distribution. The full text of the license may be found at \r | |
11 | http://opensource.org/licenses/bsd-license.php\r | |
12 | \r | |
13 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r | |
14 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
15 | \r | |
16 | **/\r | |
17 | \r | |
18 | #ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__\r | |
19 | #define __AUTHENTICATED_VARIABLE_FORMAT_H__\r | |
20 | \r | |
21 | #define EFI_AUTHENTICATED_VARIABLE_GUID \\r | |
22 | { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r | |
23 | \r | |
beda2356 | 24 | #define EFI_SECURE_BOOT_ENABLE_DISABLE \\r |
25 | { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r | |
26 | \r | |
27 | \r | |
0c18794e | 28 | extern EFI_GUID gEfiAuthenticatedVariableGuid;\r |
beda2356 | 29 | extern EFI_GUID gEfiSecureBootEnableDisableGuid;\r |
c11d47b8 | 30 | extern EFI_GUID gEfiCertDbGuid;\r |
31 | extern EFI_GUID gEfiCustomModeEnableGuid;\r | |
a555940b | 32 | extern EFI_GUID gEfiVendorKeysNvGuid;\r |
beda2356 | 33 | \r |
34 | ///\r | |
8f8ca22e | 35 | /// "SecureBootEnable" variable for the Secure Boot feature enable/disable.\r |
36 | /// This variable is used for allowing a physically present user to disable\r | |
37 | /// Secure Boot via firmware setup without the possession of PKpriv.\r | |
beda2356 | 38 | ///\r |
39 | #define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable"\r | |
40 | #define SECURE_BOOT_ENABLE 1\r | |
41 | #define SECURE_BOOT_DISABLE 0\r | |
0c18794e | 42 | \r |
ecc722ad | 43 | ///\r |
44 | /// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".\r | |
45 | /// Standard Secure Boot mode is the default mode as UEFI Spec's description.\r | |
46 | /// Custom Secure Boot mode allows for more flexibility as specified in the following:\r | |
47 | /// Can enroll or delete PK without existing PK's private key.\r | |
48 | /// Can enroll or delete KEK without existing PK's private key.\r | |
49 | /// Can enroll or delete signature from DB/DBX without KEK's private key.\r | |
50 | ///\r | |
51 | #define EFI_CUSTOM_MODE_NAME L"CustomMode"\r | |
52 | #define CUSTOM_SECURE_BOOT_MODE 1\r | |
53 | #define STANDARD_SECURE_BOOT_MODE 0\r | |
54 | \r | |
a555940b FS |
55 | ///\r |
56 | /// "VendorKeysNv" variable to record the out of band secure boot keys modification.\r | |
57 | /// This variable is a read-only NV varaible that indicates whether someone other than\r | |
58 | /// the platform vendor has used a mechanism not defined by the UEFI Specification to\r | |
59 | /// transition the system to setup mode or to update secure boot keys.\r | |
60 | ///\r | |
61 | #define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv"\r | |
62 | #define VENDOR_KEYS_VALID 1\r | |
63 | #define VENDOR_KEYS_MODIFIED 0\r | |
64 | \r | |
0c18794e | 65 | ///\r |
66 | /// Alignment of variable name and data, according to the architecture:\r | |
67 | /// * For IA-32 and Intel(R) 64 architectures: 1.\r | |
68 | /// * For IA-64 architecture: 8.\r | |
69 | ///\r | |
70 | #if defined (MDE_CPU_IPF)\r | |
71 | #define ALIGNMENT 8\r | |
72 | #else\r | |
73 | #define ALIGNMENT 1\r | |
74 | #endif\r | |
75 | \r | |
76 | //\r | |
77 | // GET_PAD_SIZE calculates the miminal pad bytes needed to make the current pad size satisfy the alignment requirement.\r | |
78 | //\r | |
79 | #if (ALIGNMENT == 1)\r | |
80 | #define GET_PAD_SIZE(a) (0)\r | |
81 | #else\r | |
82 | #define GET_PAD_SIZE(a) (((~a) + 1) & (ALIGNMENT - 1))\r | |
83 | #endif\r | |
84 | \r | |
85 | ///\r | |
86 | /// Alignment of Variable Data Header in Variable Store region.\r | |
87 | ///\r | |
88 | #define HEADER_ALIGNMENT 4\r | |
89 | #define HEADER_ALIGN(Header) (((UINTN) (Header) + HEADER_ALIGNMENT - 1) & (~(HEADER_ALIGNMENT - 1)))\r | |
90 | \r | |
91 | ///\r | |
92 | /// Status of Variable Store Region.\r | |
93 | ///\r | |
94 | typedef enum {\r | |
95 | EfiRaw,\r | |
96 | EfiValid,\r | |
97 | EfiInvalid,\r | |
98 | EfiUnknown\r | |
99 | } VARIABLE_STORE_STATUS;\r | |
100 | \r | |
101 | #pragma pack(1)\r | |
102 | \r | |
103 | #define VARIABLE_STORE_SIGNATURE EFI_AUTHENTICATED_VARIABLE_GUID\r | |
104 | \r | |
105 | ///\r | |
106 | /// Variable Store Header Format and State.\r | |
107 | ///\r | |
108 | #define VARIABLE_STORE_FORMATTED 0x5a\r | |
109 | #define VARIABLE_STORE_HEALTHY 0xfe\r | |
110 | \r | |
111 | ///\r | |
112 | /// Variable Store region header.\r | |
113 | ///\r | |
114 | typedef struct {\r | |
115 | ///\r | |
116 | /// Variable store region signature.\r | |
117 | ///\r | |
118 | EFI_GUID Signature;\r | |
119 | ///\r | |
120 | /// Size of entire variable store, \r | |
121 | /// including size of variable store header but not including the size of FvHeader.\r | |
122 | ///\r | |
123 | UINT32 Size;\r | |
124 | ///\r | |
125 | /// Variable region format state.\r | |
126 | ///\r | |
127 | UINT8 Format;\r | |
128 | ///\r | |
129 | /// Variable region healthy state.\r | |
130 | ///\r | |
131 | UINT8 State;\r | |
132 | UINT16 Reserved;\r | |
133 | UINT32 Reserved1;\r | |
134 | } VARIABLE_STORE_HEADER;\r | |
135 | \r | |
136 | ///\r | |
137 | /// Variable data start flag.\r | |
138 | ///\r | |
139 | #define VARIABLE_DATA 0x55AA\r | |
140 | \r | |
141 | ///\r | |
142 | /// Variable State flags.\r | |
143 | ///\r | |
144 | #define VAR_IN_DELETED_TRANSITION 0xfe ///< Variable is in obsolete transition.\r | |
145 | #define VAR_DELETED 0xfd ///< Variable is obsolete.\r | |
146 | #define VAR_HEADER_VALID_ONLY 0x7f ///< Variable header has been valid.\r | |
147 | #define VAR_ADDED 0x3f ///< Variable has been completely added.\r | |
148 | \r | |
149 | ///\r | |
a6811666 SZ |
150 | /// Variable Attribute combinations.\r |
151 | ///\r | |
152 | #define VARIABLE_ATTRIBUTE_NV_BS (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)\r | |
153 | #define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)\r | |
154 | #define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r | |
155 | #define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)\r | |
156 | #define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_HARDWARE_ERROR_RECORD)\r | |
157 | #define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)\r | |
158 | #define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r | |
159 | #define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT_AW)\r | |
160 | \r | |
0c18794e | 161 | /// Single Variable Data Header Structure.\r |
162 | ///\r | |
163 | typedef struct {\r | |
164 | ///\r | |
165 | /// Variable Data Start Flag.\r | |
166 | ///\r | |
167 | UINT16 StartId;\r | |
168 | ///\r | |
169 | /// Variable State defined above.\r | |
170 | ///\r | |
171 | UINT8 State;\r | |
172 | UINT8 Reserved;\r | |
173 | ///\r | |
174 | /// Attributes of variable defined in UEFI specification.\r | |
175 | ///\r | |
176 | UINT32 Attributes;\r | |
177 | ///\r | |
178 | /// Associated monotonic count value against replay attack.\r | |
179 | ///\r | |
180 | UINT64 MonotonicCount;\r | |
181 | ///\r | |
182 | /// Associated TimeStamp value against replay attack. \r | |
183 | ///\r | |
184 | EFI_TIME TimeStamp;\r | |
185 | ///\r | |
186 | /// Index of associated public key in database.\r | |
187 | ///\r | |
188 | UINT32 PubKeyIndex;\r | |
189 | ///\r | |
190 | /// Size of variable null-terminated Unicode string name.\r | |
191 | ///\r | |
192 | UINT32 NameSize;\r | |
193 | ///\r | |
194 | /// Size of the variable data without this header.\r | |
195 | ///\r | |
196 | UINT32 DataSize;\r | |
197 | ///\r | |
198 | /// A unique identifier for the vendor that produces and consumes this varaible.\r | |
199 | ///\r | |
200 | EFI_GUID VendorGuid;\r | |
201 | } VARIABLE_HEADER;\r | |
202 | \r | |
a6811666 SZ |
203 | typedef struct {\r |
204 | EFI_GUID *Guid;\r | |
205 | CHAR16 *Name;\r | |
206 | UINTN VariableSize;\r | |
207 | } VARIABLE_ENTRY_CONSISTENCY;\r | |
208 | \r | |
0c18794e | 209 | #pragma pack()\r |
210 | \r | |
211 | typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY;\r | |
212 | \r | |
213 | ///\r | |
214 | /// This structure contains the variable list that is put in EFI system table.\r | |
215 | /// The variable driver collects all variables that were used at boot service time and produces this list.\r | |
216 | /// This is an optional feature to dump all used variables in shell environment. \r | |
217 | ///\r | |
218 | struct _VARIABLE_INFO_ENTRY {\r | |
219 | VARIABLE_INFO_ENTRY *Next; ///< Pointer to next entry.\r | |
220 | EFI_GUID VendorGuid; ///< Guid of Variable.\r | |
221 | CHAR16 *Name; ///< Name of Variable. \r | |
222 | UINT32 Attributes; ///< Attributes of variable defined in UEFI spec.\r | |
223 | UINT32 ReadCount; ///< Number of times to read this variable.\r | |
224 | UINT32 WriteCount; ///< Number of times to write this variable.\r | |
225 | UINT32 DeleteCount; ///< Number of times to delete this variable.\r | |
226 | UINT32 CacheCount; ///< Number of times that cache hits this variable.\r | |
227 | BOOLEAN Volatile; ///< TRUE if volatile, FALSE if non-volatile.\r | |
228 | };\r | |
229 | \r | |
230 | #endif // __AUTHENTICATED_VARIABLE_FORMAT_H__\r |