]>
Commit | Line | Data |
---|---|---|
beda2356 | 1 | /** @file\r |
2 | Header file for NV data structure definition.\r | |
3 | \r | |
4de754e1 | 4 | Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r |
289b714b | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
beda2356 | 6 | \r |
7 | **/\r | |
8 | \r | |
9 | #ifndef __SECUREBOOT_CONFIG_NV_DATA_H__\r | |
10 | #define __SECUREBOOT_CONFIG_NV_DATA_H__\r | |
11 | \r | |
12 | #include <Guid/HiiPlatformSetupFormset.h>\r | |
13 | #include <Guid/SecureBootConfigHii.h>\r | |
14 | \r | |
ecc722ad | 15 | //\r |
16 | // Used by VFR for form or button identification\r | |
17 | //\r | |
beda2356 | 18 | #define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001\r |
ecc722ad | 19 | #define SECUREBOOT_CONFIGURATION_FORM_ID 0x01\r |
20 | #define FORMID_SECURE_BOOT_OPTION_FORM 0x02\r | |
21 | #define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03\r | |
22 | #define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04\r | |
23 | #define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05\r | |
24 | #define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06\r | |
25 | #define FORMID_ENROLL_PK_FORM 0x07\r | |
26 | #define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08\r | |
27 | #define FORMID_ENROLL_KEK_FORM 0x09\r | |
28 | #define FORMID_DELETE_KEK_FORM 0x0a\r | |
29 | #define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b\r | |
30 | #define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c\r | |
31 | #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d\r | |
20333c6d QL |
32 | #define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14\r |
33 | #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15\r | |
34 | #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16\r | |
85974aef | 35 | #define SECUREBOOT_DELETE_SIGNATURE_LIST_FORM 0x17\r |
36 | #define SECUREBOOT_DELETE_SIGNATURE_DATA_FORM 0x18\r | |
ecc722ad | 37 | \r |
38 | #define SECURE_BOOT_MODE_CUSTOM 0x01\r | |
39 | #define SECURE_BOOT_MODE_STANDARD 0x00\r | |
40 | \r | |
41 | #define KEY_SECURE_BOOT_ENABLE 0x1000\r | |
42 | #define KEY_SECURE_BOOT_MODE 0x1001\r | |
43 | #define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002\r | |
44 | #define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003\r | |
45 | #define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004\r | |
46 | #define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005\r | |
47 | #define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008\r | |
48 | #define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009\r | |
49 | #define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a\r | |
50 | #define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b\r | |
a2f2c258 | 51 | #define KEY_HIDE_SECURE_BOOT 0x100c\r |
20333c6d QL |
52 | #define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d\r |
53 | #define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e\r | |
ecc722ad | 54 | \r |
85974aef | 55 | #define KEY_VALUE_FROM_DBX_TO_LIST_FORM 0x100f\r |
56 | \r | |
55266a9b GB |
57 | #define KEY_SECURE_BOOT_RESET_TO_DEFAULT 0x1010\r |
58 | \r | |
ecc722ad | 59 | #define KEY_SECURE_BOOT_OPTION 0x1100\r |
60 | #define KEY_SECURE_BOOT_PK_OPTION 0x1101\r | |
61 | #define KEY_SECURE_BOOT_KEK_OPTION 0x1102\r | |
62 | #define KEY_SECURE_BOOT_DB_OPTION 0x1103\r | |
63 | #define KEY_SECURE_BOOT_DBX_OPTION 0x1104\r | |
64 | #define KEY_SECURE_BOOT_DELETE_PK 0x1105\r | |
65 | #define KEY_ENROLL_PK 0x1106\r | |
66 | #define KEY_ENROLL_KEK 0x1107\r | |
67 | #define KEY_DELETE_KEK 0x1108\r | |
68 | #define KEY_SECURE_BOOT_KEK_GUID 0x110a\r | |
69 | #define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b\r | |
70 | #define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c\r | |
20333c6d QL |
71 | #define KEY_SECURE_BOOT_DBT_OPTION 0x110d\r |
72 | #define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e\r | |
85974aef | 73 | #define KEY_SECURE_BOOT_DELETE_ALL_LIST 0x110f\r |
74 | #define KEY_SECURE_BOOT_DELETE_ALL_DATA 0x1110\r | |
75 | #define KEY_SECURE_BOOT_DELETE_CHECK_DATA 0x1111\r | |
ecc722ad | 76 | \r |
77 | #define LABEL_KEK_DELETE 0x1200\r | |
78 | #define LABEL_DB_DELETE 0x1201\r | |
85974aef | 79 | #define LABEL_SIGNATURE_LIST_START 0x1202\r |
20333c6d | 80 | #define LABEL_DBT_DELETE 0x1203\r |
85974aef | 81 | #define LABEL_SIGNATURE_DATA_START 0x1204\r |
82 | #define LABEL_DELETE_ALL_LIST_BUTTON 0x1300\r | |
ecc722ad | 83 | #define LABEL_END 0xffff\r |
84 | \r | |
85 | #define SECURE_BOOT_MAX_ATTEMPTS_NUM 255\r | |
86 | \r | |
87 | #define CONFIG_OPTION_OFFSET 0x2000\r | |
88 | \r | |
89 | #define OPTION_CONFIG_QUESTION_ID 0x2000\r | |
90 | #define OPTION_CONFIG_RANGE 0x1000\r | |
91 | \r | |
92 | //\r | |
93 | // Question ID 0x2000 ~ 0x2FFF is for KEK\r | |
94 | //\r | |
95 | #define OPTION_DEL_KEK_QUESTION_ID 0x2000\r | |
96 | //\r | |
97 | // Question ID 0x3000 ~ 0x3FFF is for DB\r | |
98 | //\r | |
99 | #define OPTION_DEL_DB_QUESTION_ID 0x3000\r | |
100 | //\r | |
85974aef | 101 | // Question ID 0x4000 ~ 0x4FFF is for signature list.\r |
102 | //\r | |
103 | #define OPTION_SIGNATURE_LIST_QUESTION_ID 0X4000\r | |
104 | //\r | |
105 | // Question ID 0x6000 ~ 0x6FFF is for signature data.\r | |
ecc722ad | 106 | //\r |
85974aef | 107 | #define OPTION_SIGNATURE_DATA_QUESTION_ID 0x6000\r |
20333c6d QL |
108 | \r |
109 | //\r | |
110 | // Question ID 0x5000 ~ 0x5FFF is for DBT\r | |
111 | //\r | |
112 | #define OPTION_DEL_DBT_QUESTION_ID 0x5000\r | |
ecc722ad | 113 | \r |
ecc722ad | 114 | #define SECURE_BOOT_GUID_SIZE 36\r |
115 | #define SECURE_BOOT_GUID_STORAGE_SIZE 37\r | |
116 | \r | |
4de754e1 ZC |
117 | #define UNKNOWN_FILE_TYPE 0\r |
118 | #define X509_CERT_FILE_TYPE 1\r | |
119 | #define PE_IMAGE_FILE_TYPE 2\r | |
120 | #define AUTHENTICATION_2_FILE_TYPE 3\r | |
96832eef | 121 | \r |
beda2356 | 122 | //\r |
123 | // Nv Data structure referenced by IFR\r | |
124 | //\r | |
125 | typedef struct {\r | |
20333c6d | 126 | BOOLEAN AttemptSecureBoot; // Attempt to enable/disable Secure Boot\r |
d6b926e7 | 127 | BOOLEAN HideSecureBoot; // Hidden Attempt Secure Boot\r |
ecc722ad | 128 | CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];\r |
20333c6d QL |
129 | BOOLEAN PhysicalPresent; // If a Physical Present User\r |
130 | UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom\r | |
131 | BOOLEAN DeletePk;\r | |
132 | BOOLEAN HasPk; // If Pk is existed it is true\r | |
133 | BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden\r | |
134 | UINT8 CertificateFormat; // The type of the certificate\r | |
135 | EFI_HII_DATE RevocationDate; // The revocation date of the certificate\r | |
136 | EFI_HII_TIME RevocationTime; // The revocation time of the certificate\r | |
d6b926e7 | 137 | UINT8 FileEnrollType; // File type of signature enroll\r |
85974aef | 138 | UINT32 ListCount; // The count of signature list.\r |
139 | UINT32 CheckedDataCount; // The count of checked signature data.\r | |
beda2356 | 140 | } SECUREBOOT_CONFIGURATION;\r |
141 | \r | |
2e728930 | 142 | #endif\r |