[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfigNvData.h

/** @file\r
  Header file for NV data structure definition.\r
\r
Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#ifndef __SECUREBOOT_CONFIG_NV_DATA_H__\r
#define __SECUREBOOT_CONFIG_NV_DATA_H__\r
\r
#include <Guid/HiiPlatformSetupFormset.h>\r
#include <Guid/SecureBootConfigHii.h>\r
\r
//\r
// Used by VFR for form or button identification\r
//\r
#define SECUREBOOT_CONFIGURATION_VARSTORE_ID  0x0001\r
#define SECUREBOOT_CONFIGURATION_FORM_ID      0x01\r
#define FORMID_SECURE_BOOT_OPTION_FORM        0x02\r
#define FORMID_SECURE_BOOT_PK_OPTION_FORM     0x03\r
#define FORMID_SECURE_BOOT_KEK_OPTION_FORM    0x04\r
#define FORMID_SECURE_BOOT_DB_OPTION_FORM     0x05\r
#define FORMID_SECURE_BOOT_DBX_OPTION_FORM    0x06\r
#define FORMID_ENROLL_PK_FORM                 0x07\r
#define SECUREBOOT_ADD_PK_FILE_FORM_ID        0x08\r
#define FORMID_ENROLL_KEK_FORM                0x09\r
#define FORMID_DELETE_KEK_FORM                0x0a\r
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB     0x0b\r
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB   0x0c\r
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX    0x0d\r
#define FORMID_SECURE_BOOT_DBT_OPTION_FORM    0x14\r
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT    0x15\r
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT  0x16\r
#define SECUREBOOT_DELETE_SIGNATURE_LIST_FORM 0x17\r
#define SECUREBOOT_DELETE_SIGNATURE_DATA_FORM 0x18\r
\r
#define SECURE_BOOT_MODE_CUSTOM               0x01\r
#define SECURE_BOOT_MODE_STANDARD             0x00\r
\r
#define KEY_SECURE_BOOT_ENABLE                0x1000\r
#define KEY_SECURE_BOOT_MODE                  0x1001\r
#define KEY_VALUE_SAVE_AND_EXIT_DB            0x1002\r
#define KEY_VALUE_NO_SAVE_AND_EXIT_DB         0x1003\r
#define KEY_VALUE_SAVE_AND_EXIT_PK            0x1004\r
#define KEY_VALUE_NO_SAVE_AND_EXIT_PK         0x1005\r
#define KEY_VALUE_SAVE_AND_EXIT_KEK           0x1008\r
#define KEY_VALUE_NO_SAVE_AND_EXIT_KEK        0x1009\r
#define KEY_VALUE_SAVE_AND_EXIT_DBX           0x100a\r
#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX        0x100b\r
#define KEY_HIDE_SECURE_BOOT                  0x100c\r
#define KEY_VALUE_SAVE_AND_EXIT_DBT           0x100d\r
#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT        0x100e\r
\r
#define KEY_VALUE_FROM_DBX_TO_LIST_FORM       0x100f\r
\r
#define KEY_SECURE_BOOT_RESET_TO_DEFAULT      0x1010\r
\r
#define KEY_SECURE_BOOT_OPTION                0x1100\r
#define KEY_SECURE_BOOT_PK_OPTION             0x1101\r
#define KEY_SECURE_BOOT_KEK_OPTION            0x1102\r
#define KEY_SECURE_BOOT_DB_OPTION             0x1103\r
#define KEY_SECURE_BOOT_DBX_OPTION            0x1104\r
#define KEY_SECURE_BOOT_DELETE_PK             0x1105\r
#define KEY_ENROLL_PK                         0x1106\r
#define KEY_ENROLL_KEK                        0x1107\r
#define KEY_DELETE_KEK                        0x1108\r
#define KEY_SECURE_BOOT_KEK_GUID              0x110a\r
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB     0x110b\r
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX    0x110c\r
#define KEY_SECURE_BOOT_DBT_OPTION            0x110d\r
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT    0x110e\r
#define KEY_SECURE_BOOT_DELETE_ALL_LIST       0x110f\r
#define KEY_SECURE_BOOT_DELETE_ALL_DATA       0x1110\r
#define KEY_SECURE_BOOT_DELETE_CHECK_DATA     0x1111\r
\r
#define LABEL_KEK_DELETE                      0x1200\r
#define LABEL_DB_DELETE                       0x1201\r
#define LABEL_SIGNATURE_LIST_START            0x1202\r
#define LABEL_DBT_DELETE                      0x1203\r
#define LABEL_SIGNATURE_DATA_START            0x1204\r
#define LABEL_DELETE_ALL_LIST_BUTTON          0x1300\r
#define LABEL_END                             0xffff\r
\r
#define SECURE_BOOT_MAX_ATTEMPTS_NUM          255\r
\r
#define CONFIG_OPTION_OFFSET                  0x2000\r
\r
#define OPTION_CONFIG_QUESTION_ID             0x2000\r
#define OPTION_CONFIG_RANGE                   0x1000\r
\r
//\r
// Question ID 0x2000 ~ 0x2FFF is for KEK\r
//\r
#define OPTION_DEL_KEK_QUESTION_ID            0x2000\r
//\r
// Question ID 0x3000 ~ 0x3FFF is for DB\r
//\r
#define OPTION_DEL_DB_QUESTION_ID             0x3000\r
//\r
// Question ID 0x4000 ~ 0x4FFF is for signature list.\r
//\r
#define OPTION_SIGNATURE_LIST_QUESTION_ID     0X4000\r
//\r
// Question ID 0x6000 ~ 0x6FFF is for signature data.\r
//\r
#define OPTION_SIGNATURE_DATA_QUESTION_ID     0x6000\r
\r
//\r
// Question ID 0x5000 ~ 0x5FFF is for DBT\r
//\r
#define OPTION_DEL_DBT_QUESTION_ID            0x5000\r
\r
#define SECURE_BOOT_GUID_SIZE                 36\r
#define SECURE_BOOT_GUID_STORAGE_SIZE         37\r
\r
#define UNKNOWN_FILE_TYPE                     0\r
#define X509_CERT_FILE_TYPE                   1\r
#define PE_IMAGE_FILE_TYPE                    2\r
#define AUTHENTICATION_2_FILE_TYPE            3\r
\r
//\r
// Nv Data structure referenced by IFR\r
//\r
typedef struct {\r
  BOOLEAN AttemptSecureBoot;   // Attempt to enable/disable Secure Boot\r
  BOOLEAN HideSecureBoot;      // Hidden Attempt Secure Boot\r
  CHAR16  SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];\r
  BOOLEAN PhysicalPresent;     // If a Physical Present User\r
  UINT8   SecureBootMode;      // Secure Boot Mode: Standard Or Custom\r
  BOOLEAN DeletePk;\r
  BOOLEAN HasPk;               // If Pk is existed it is true\r
  BOOLEAN AlwaysRevocation;    // If the certificate is always revoked. Revocation time is hidden\r
  UINT8   CertificateFormat;   // The type of the certificate\r
  EFI_HII_DATE RevocationDate; // The revocation date of the certificate\r
  EFI_HII_TIME RevocationTime; // The revocation time of the certificate\r
  UINT8   FileEnrollType;      // File type of signature enroll\r
  UINT32  ListCount;           // The count of signature list.\r
  UINT32  CheckedDataCount;    // The count of checked signature data.\r
} SECUREBOOT_CONFIGURATION;\r
\r
#endif\r
Commit	Line	Data
beda2356	1	/** @file\r
	2	Header file for NV data structure definition.\r
	3	\r
4de754e1	4	Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
289b714b	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
beda2356	6	\r
	7	**/\r
	8	\r
	9	#ifndef __SECUREBOOT_CONFIG_NV_DATA_H__\r
	10	#define __SECUREBOOT_CONFIG_NV_DATA_H__\r
	11	\r
	12	#include <Guid/HiiPlatformSetupFormset.h>\r
	13	#include <Guid/SecureBootConfigHii.h>\r
	14	\r
ecc722ad	15	//\r
	16	// Used by VFR for form or button identification\r
	17	//\r
beda2356	18	#define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001\r
ecc722ad	19	#define SECUREBOOT_CONFIGURATION_FORM_ID 0x01\r
	20	#define FORMID_SECURE_BOOT_OPTION_FORM 0x02\r
	21	#define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03\r
	22	#define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04\r
	23	#define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05\r
	24	#define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06\r
	25	#define FORMID_ENROLL_PK_FORM 0x07\r
	26	#define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08\r
	27	#define FORMID_ENROLL_KEK_FORM 0x09\r
	28	#define FORMID_DELETE_KEK_FORM 0x0a\r
	29	#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b\r
	30	#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c\r
	31	#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d\r
20333c6d QL	32	#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14\r
	33	#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15\r
	34	#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16\r
85974aef	35	#define SECUREBOOT_DELETE_SIGNATURE_LIST_FORM 0x17\r
85974aef	36	#define SECUREBOOT_DELETE_SIGNATURE_DATA_FORM 0x18\r
ecc722ad	37	\r
	38	#define SECURE_BOOT_MODE_CUSTOM 0x01\r
	39	#define SECURE_BOOT_MODE_STANDARD 0x00\r
	40	\r
	41	#define KEY_SECURE_BOOT_ENABLE 0x1000\r
	42	#define KEY_SECURE_BOOT_MODE 0x1001\r
	43	#define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002\r
	44	#define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003\r
	45	#define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004\r
	46	#define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005\r
	47	#define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008\r
	48	#define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009\r
	49	#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a\r
	50	#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b\r
a2f2c258	51	#define KEY_HIDE_SECURE_BOOT 0x100c\r
20333c6d QL	52	#define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d\r
20333c6d QL	53	#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e\r
ecc722ad	54	\r
85974aef	55	#define KEY_VALUE_FROM_DBX_TO_LIST_FORM 0x100f\r
85974aef	56	\r
55266a9b GB	57	#define KEY_SECURE_BOOT_RESET_TO_DEFAULT 0x1010\r
55266a9b GB	58	\r
ecc722ad	59	#define KEY_SECURE_BOOT_OPTION 0x1100\r
	60	#define KEY_SECURE_BOOT_PK_OPTION 0x1101\r
	61	#define KEY_SECURE_BOOT_KEK_OPTION 0x1102\r
	62	#define KEY_SECURE_BOOT_DB_OPTION 0x1103\r
	63	#define KEY_SECURE_BOOT_DBX_OPTION 0x1104\r
	64	#define KEY_SECURE_BOOT_DELETE_PK 0x1105\r
	65	#define KEY_ENROLL_PK 0x1106\r
	66	#define KEY_ENROLL_KEK 0x1107\r
	67	#define KEY_DELETE_KEK 0x1108\r
	68	#define KEY_SECURE_BOOT_KEK_GUID 0x110a\r
	69	#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b\r
	70	#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c\r
20333c6d QL	71	#define KEY_SECURE_BOOT_DBT_OPTION 0x110d\r
20333c6d QL	72	#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e\r
85974aef	73	#define KEY_SECURE_BOOT_DELETE_ALL_LIST 0x110f\r
	74	#define KEY_SECURE_BOOT_DELETE_ALL_DATA 0x1110\r
	75	#define KEY_SECURE_BOOT_DELETE_CHECK_DATA 0x1111\r
ecc722ad	76	\r
	77	#define LABEL_KEK_DELETE 0x1200\r
	78	#define LABEL_DB_DELETE 0x1201\r
85974aef	79	#define LABEL_SIGNATURE_LIST_START 0x1202\r
20333c6d	80	#define LABEL_DBT_DELETE 0x1203\r
85974aef	81	#define LABEL_SIGNATURE_DATA_START 0x1204\r
85974aef	82	#define LABEL_DELETE_ALL_LIST_BUTTON 0x1300\r
ecc722ad	83	#define LABEL_END 0xffff\r
	84	\r
	85	#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255\r
	86	\r
	87	#define CONFIG_OPTION_OFFSET 0x2000\r
	88	\r
	89	#define OPTION_CONFIG_QUESTION_ID 0x2000\r
	90	#define OPTION_CONFIG_RANGE 0x1000\r
	91	\r
	92	//\r
	93	// Question ID 0x2000 ~ 0x2FFF is for KEK\r
	94	//\r
	95	#define OPTION_DEL_KEK_QUESTION_ID 0x2000\r
	96	//\r
	97	// Question ID 0x3000 ~ 0x3FFF is for DB\r
	98	//\r
	99	#define OPTION_DEL_DB_QUESTION_ID 0x3000\r
	100	//\r
85974aef	101	// Question ID 0x4000 ~ 0x4FFF is for signature list.\r
	102	//\r
	103	#define OPTION_SIGNATURE_LIST_QUESTION_ID 0X4000\r
	104	//\r
	105	// Question ID 0x6000 ~ 0x6FFF is for signature data.\r
ecc722ad	106	//\r
85974aef	107	#define OPTION_SIGNATURE_DATA_QUESTION_ID 0x6000\r
20333c6d QL	108	\r
	109	//\r
	110	// Question ID 0x5000 ~ 0x5FFF is for DBT\r
	111	//\r
	112	#define OPTION_DEL_DBT_QUESTION_ID 0x5000\r
ecc722ad	113	\r
ecc722ad	114	#define SECURE_BOOT_GUID_SIZE 36\r
	115	#define SECURE_BOOT_GUID_STORAGE_SIZE 37\r
	116	\r
4de754e1 ZC	117	#define UNKNOWN_FILE_TYPE 0\r
	118	#define X509_CERT_FILE_TYPE 1\r
	119	#define PE_IMAGE_FILE_TYPE 2\r
	120	#define AUTHENTICATION_2_FILE_TYPE 3\r
96832eef	121	\r
beda2356	122	//\r
	123	// Nv Data structure referenced by IFR\r
	124	//\r
	125	typedef struct {\r
20333c6d	126	BOOLEAN AttemptSecureBoot; // Attempt to enable/disable Secure Boot\r
d6b926e7	127	BOOLEAN HideSecureBoot; // Hidden Attempt Secure Boot\r
ecc722ad	128	CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];\r
20333c6d QL	129	BOOLEAN PhysicalPresent; // If a Physical Present User\r
	130	UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom\r
	131	BOOLEAN DeletePk;\r
	132	BOOLEAN HasPk; // If Pk is existed it is true\r
	133	BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden\r
	134	UINT8 CertificateFormat; // The type of the certificate\r
	135	EFI_HII_DATE RevocationDate; // The revocation date of the certificate\r
	136	EFI_HII_TIME RevocationTime; // The revocation time of the certificate\r
d6b926e7	137	UINT8 FileEnrollType; // File type of signature enroll\r
85974aef	138	UINT32 ListCount; // The count of signature list.\r
85974aef	139	UINT32 CheckedDataCount; // The count of checked signature data.\r
beda2356	140	} SECUREBOOT_CONFIGURATION;\r
beda2356	141	\r
2e728930	142	#endif\r