]> git.proxmox.com Git - mirror_edk2.git/blob - MdePkg/Include/Protocol/Bis.h
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Checked in the Protocols introduced in UEFI/PI.
[mirror_edk2.git] / MdePkg / Include / Protocol / Bis.h
1 /** @file
2 This file defines the BIS protocol.
3
4 Copyright (c) 2006, Intel Corporation
5 All rights reserved. This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 Module Name: Bis.h
14
15 **/
16
17 #ifndef __BIS_H__
18 #define __BIS_H__
19
20 #define EFI_BIS_PROTOCOL_GUID \
21 { \
22 0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf } \
23 }
24
25 typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL;
26
27
28 //
29 // Basic types
30 //
31 typedef VOID *BIS_APPLICATION_HANDLE;
32 typedef UINT16 BIS_ALG_ID;
33 typedef UINT32 BIS_CERT_ID;
34
35 //
36 // EFI_BIS_DATA type.
37 //
38 // EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ).
39 //
40 typedef struct {
41 UINT32 Length; // Length of Data in 8 bit bytes.
42 UINT8 *Data; // 32 Bit Flat Address of data.
43 } EFI_BIS_DATA;
44
45 //
46 // EFI_BIS_VERSION type.
47 //
48 typedef struct {
49 UINT32 Major; // BIS Interface version number.
50 UINT32 Minor; // Build number.
51 } EFI_BIS_VERSION;
52
53 //
54 // ----------------------------------------------------//
55 // Use these values to initialize EFI_BIS_VERSION.Major
56 // and to interpret results of Initialize.
57 // ----------------------------------------------------//
58 //
59 #define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1
60 #define BIS_VERSION_1 1
61
62 //
63 // EFI_BIS_SIGNATURE_INFO type.
64 //
65 typedef struct {
66 BIS_CERT_ID CertificateID; // Truncated hash of platform Boot Object
67 // authorization certificate.
68 //
69 BIS_ALG_ID AlgorithmID; // A signature algorithm number.
70 UINT16 KeyLength; // Length of alg. keys in bits.
71 } EFI_BIS_SIGNATURE_INFO;
72
73 //
74 // Currently defined values for EFI_BIS_SIGNATURE_INFO.AlgorithmID.
75 // The exact numeric values come from
76 // "Common Data Security Architecture (CDSA) Specification".
77 //
78 #define BIS_ALG_DSA (41) // CSSM_ALGID_DSA
79 #define BIS_ALG_RSA_MD5 (42) // CSSM_ALGID_MD5_WITH_RSA
80 // Currently defined values for EFI_BIS_SIGNATURE_INFO.CertificateId.
81 //
82 #define BIS_CERT_ID_DSA BIS_ALG_DSA // CSSM_ALGID_DSA
83 #define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA
84 // The following is a mask value that gets applied to the truncated hash of a
85 // platform Boot Object Authorization Certificate to create the certificateID.
86 // A certificateID must not have any bits set to the value 1 other than bits in
87 // this mask.
88 //
89 #define BIS_CERT_ID_MASK (0xFF7F7FFF)
90
91 //
92 // Macros for dealing with the EFI_BIS_DATA object obtained
93 // from BIS_GetSignatureInfo()
94 // BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO
95 // elements are contained in a EFI_BIS_DATA struct pointed to
96 // by the provided EFI_BIS_DATA*.
97 //
98 #define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO))
99
100 //
101 // BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO*
102 // from a given EFI_BIS_DATA*.
103 //
104 #define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data)
105
106 //
107 // Binary Value of "X-Intel-BIS-ParameterSet" Attribute.
108 // (Value is Base64 encoded in actual signed manifest).
109 // {EDD35E31-07B9-11d2-83A3-00A0C91FADCF}
110 //
111 #define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \
112 { \
113 0xedd35e31, 0x7b9, 0x11d2, \
114 { \
115 0x83, 0xa3, 0x0, 0xa0, 0xc9, 0x1f, 0xad, 0xcf \
116 } \
117 }
118
119 //
120 // Support old name for backward compatible
121 //
122 #define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \
123 BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID
124
125 /**
126 Initializes the BIS service, checking that it is compatible with the version requested by the caller.
127 After this call, other BIS functions may be invoked.
128
129 @param This A pointer to the EFI_BIS_PROTOCOL object.
130 @param AppHandle The function writes the new BIS_APPLICATION_HANDLE if
131 successful, otherwise it writes NULL. The caller must eventually
132 destroy this handle by calling Shutdown().
133 @param InterfaceVersion On input, the caller supplies the major version number of the
134 interface version desired.
135 On output, both the major and minor
136 version numbers are updated with the major and minor version
137 numbers of the interface
138 @param TargetAddress Indicates a network or device address of the BIS platform to connect to.
139
140 @retval EFI_SUCCESS The function completed successfully.
141 @retval EFI_INCOMPATIBLE_VERSION The InterfaceVersion.Major requested by the
142 caller was not compatible with the interface version of the
143 @retval EFI_UNSUPPORTED This is a local-platform implementation and
144 TargetAddress.Data was not NULL, or
145 TargetAddress.Data was any other value that was not
146 supported by the implementation.
147 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
148 @retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure.
149 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
150
151 **/
152 typedef
153 EFI_STATUS
154 (EFIAPI *EFI_BIS_INITIALIZE) (
155 IN EFI_BIS_PROTOCOL *This,
156 OUT BIS_APPLICATION_HANDLE *AppHandle,
157 IN OUT EFI_BIS_VERSION *InterfaceVersion,
158 IN EFI_BIS_DATA *TargetAddress
159 );
160
161 /**
162 Frees memory structures allocated and returned by other functions in the EFI_BIS protocol.
163
164 @param AppHandle An opaque handle that identifies the caller's instance of initialization
165 of the BIS service.
166 @param ToFree An EFI_BIS_DATA* and associated memory block to be freed.
167
168 @retval EFI_SUCCESS The function completed successfully.
169 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
170 application instance handle associated with the EFI_BIS protocol.
171 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
172 @retval EFI_INVALID_PARAMETER The ToFree parameter is not or is no longer a memory resource
173 associated with this AppHandle.
174
175 **/
176 typedef
177 EFI_STATUS
178 (EFIAPI *EFI_BIS_FREE) (
179 IN BIS_APPLICATION_HANDLE AppHandle,
180 IN EFI_BIS_DATA *ToFree
181 );
182
183 /**
184 Shuts down an application's instance of the BIS service, invalidating the application handle. After
185 this call, other BIS functions may no longer be invoked using the application handle value.
186
187 @param AppHandle An opaque handle that identifies the caller's instance of initialization
188 of the BIS service.
189
190 @retval EFI_SUCCESS The function completed successfully.
191 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
192 application instance handle associated with the EFI_BIS protocol.
193 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
194 @retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure.
195
196 **/
197 typedef
198 EFI_STATUS
199 (EFIAPI *EFI_BIS_SHUTDOWN) (
200 IN BIS_APPLICATION_HANDLE AppHandle
201 );
202
203 /**
204 Retrieves the certificate that has been configured as the identity of the organization designated as
205 the source of authorization for signatures of boot objects.
206
207 @param AppHandle An opaque handle that identifies the caller's instance of initialization
208 of the BIS service.
209 @param Certificate The function writes an allocated EFI_BIS_DATA* containing the Boot
210 Object Authorization Certificate object.
211
212 @retval EFI_SUCCESS The function completed successfully.
213 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
214 application instance handle associated with the EFI_BIS protocol.
215 @retval EFI_NOT_FOUND There is no Boot Object Authorization Certificate currently installed.
216 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
217 @retval EFI_INVALID_PARAMETER The Certificate parameter supplied by the caller is NULL or
218 an invalid memory reference.
219
220 **/
221 typedef
222 EFI_STATUS
223 (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE) (
224 IN BIS_APPLICATION_HANDLE AppHandle,
225 OUT EFI_BIS_DATA **Certificate
226 );
227
228 /**
229 Verifies the integrity and authorization of the indicated data object according to the
230 indicated credentials.
231
232 @param AppHandle An opaque handle that identifies the caller's instance of initialization
233 of the BIS service.
234 @param Credentials A Signed Manifest containing verification information for the indicated
235 data object.
236 @param DataObject An in-memory copy of the raw data object to be verified.
237 @param IsVerified The function writes TRUE if the verification succeeded, otherwise
238 FALSE.
239
240 @retval EFI_SUCCESS The function completed successfully.
241 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
242 application instance handle associated with the EFI_BIS protocol.
243 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
244 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
245 @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the Credentials parameter
246 was invalid (could not be parsed) or Platform-specific authorization failed, etc.
247 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.
248
249 **/
250 typedef
251 EFI_STATUS
252 (EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT) (
253 IN BIS_APPLICATION_HANDLE AppHandle,
254 IN EFI_BIS_DATA *Credentials,
255 IN EFI_BIS_DATA *DataObject,
256 OUT BOOLEAN *IsVerified
257 );
258
259 /**
260 Retrieves the current status of the Boot Authorization Check Flag.
261
262 @param AppHandle An opaque handle that identifies the caller's instance of initialization
263 of the BIS service.
264 @param CheckIsRequired The function writes the value TRUE if a Boot Authorization Check is
265 currently required on this platform, otherwise the function writes
266 FALSE.
267
268 @retval EFI_SUCCESS The function completed successfully.
269 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
270 application instance handle associated with the EFI_BIS protocol.
271 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
272 @retval EFI_INVALID_PARAMETER The CheckIsRequired parameter supplied by the caller is
273 NULL or an invalid memory reference.
274
275 **/
276 typedef
277 EFI_STATUS
278 (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG) (
279 IN BIS_APPLICATION_HANDLE AppHandle,
280 OUT BOOLEAN *CheckIsRequired
281 );
282
283 /**
284 Retrieves a unique token value to be included in the request credential for the next update of any
285 parameter in the Boot Object Authorization set
286
287 @param AppHandle An opaque handle that identifies the caller's instance of initialization
288 of the BIS service.
289 @param UpdateToken The function writes an allocated EFI_BIS_DATA* containing the new
290 unique update token value.
291
292 @retval EFI_SUCCESS The function completed successfully.
293 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
294 application instance handle associated with the EFI_BIS protocol.
295 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
296 @retval EFI_INVALID_PARAMETER The UpdateToken parameter supplied by the caller is NULL or
297 an invalid memory reference.
298 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.
299
300 **/
301 typedef
302 EFI_STATUS
303 (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN) (
304 IN BIS_APPLICATION_HANDLE AppHandle,
305 OUT EFI_BIS_DATA **UpdateToken
306 );
307
308 /**
309 Updates one of the configurable parameters of the Boot Object Authorization set.
310
311 @param AppHandle An opaque handle that identifies the caller's instance of initialization
312 of the BIS service.
313 @param RequestCredential This is a Signed Manifest with embedded attributes that carry the details
314 of the requested update.
315 @param NewUpdateToken The function writes an allocated EFI_BIS_DATA* containing the new
316 unique update token value.
317
318 @retval EFI_SUCCESS The function completed successfully.
319 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
320 application instance handle associated with the EFI_BIS protocol.
321 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
322 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
323 @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the RequestCredential parameter
324 was invalid (could not be parsed) or Platform-specific authorization failed, etc.
325 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.
326
327 **/
328 typedef
329 EFI_STATUS
330 (EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION) (
331 IN BIS_APPLICATION_HANDLE AppHandle,
332 IN EFI_BIS_DATA *RequestCredential,
333 OUT EFI_BIS_DATA **NewUpdateToken
334 );
335
336 /**
337 Verifies the integrity and authorization of the indicated data object according to the indicated
338 credentials and authority certificate.
339
340 @param AppHandle An opaque handle that identifies the caller's instance of initialization
341 of the BIS service.
342 @param Credentials A Signed Manifest containing verification information for the
343 indicated data object.
344 @param DataObject An in-memory copy of the raw data object to be verified.
345 @param SectionName An ASCII (not Unicode) string giving the section name in the
346 manifest holding the verification information (in other words,
347 hash value) that corresponds to DataObject.
348 @param AuthorityCertificate A digital certificate whose public key must match the signer's
349 public key which is found in the credentials.
350 @param IsVerified The function writes TRUE if the verification was successful.
351 Otherwise, the function writes FALSE.
352
353 @retval EFI_SUCCESS The function completed successfully.
354 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
355 application instance handle associated with the EFI_BIS protocol.
356 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
357 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
358 @retval EFI_SECURITY_VIOLATION The Credentials.Data supplied by the caller is NULL,
359 or the AuthorityCertificate supplied by the caller was
360 invalid (could not be parsed),
361 or Platform-specific authorization failed, etc.
362 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.
363
364 **/
365 typedef
366 EFI_STATUS
367 (EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL) (
368 IN BIS_APPLICATION_HANDLE AppHandle,
369 IN EFI_BIS_DATA *Credentials,
370 IN EFI_BIS_DATA *DataObject,
371 IN EFI_BIS_DATA *SectionName,
372 IN EFI_BIS_DATA *AuthorityCertificate,
373 OUT BOOLEAN *IsVerified
374 );
375
376 /**
377 Retrieves a list of digital certificate identifier, digital signature algorithm, hash algorithm, and keylength
378 combinations that the platform supports.
379
380 @param AppHandle An opaque handle that identifies the caller's instance of initialization
381 of the BIS service.
382 @param SignatureInfo The function writes an allocated EFI_BIS_DATA* containing the array
383 of EFI_BIS_SIGNATURE_INFO structures representing the supported
384 digital certificate identifier, algorithm, and key length combinations.
385
386 @retval EFI_SUCCESS The function completed successfully.
387 @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
388 application instance handle associated with the EFI_BIS protocol.
389 @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
390 @retval EFI_INVALID_PARAMETER The SignatureInfo parameter supplied by the caller is NULL
391 or an invalid memory reference.
392 @retval EFI_DEVICE_ERROR An unexpected internal error occurred.
393
394 **/
395 typedef
396 EFI_STATUS
397 (EFIAPI *EFI_BIS_GET_SIGNATURE_INFO) (
398 IN BIS_APPLICATION_HANDLE AppHandle,
399 OUT EFI_BIS_DATA **SignatureInfo
400 );
401
402 struct _EFI_BIS_PROTOCOL {
403 EFI_BIS_INITIALIZE Initialize;
404 EFI_BIS_SHUTDOWN Shutdown;
405 EFI_BIS_FREE Free;
406 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE GetBootObjectAuthorizationCertificate;
407 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG GetBootObjectAuthorizationCheckFlag;
408 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN GetBootObjectAuthorizationUpdateToken;
409 EFI_BIS_GET_SIGNATURE_INFO GetSignatureInfo;
410 EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION UpdateBootObjectAuthorization;
411 EFI_BIS_VERIFY_BOOT_OBJECT VerifyBootObject;
412 EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL VerifyObjectWithCredential;
413 };
414
415 extern EFI_GUID gEfiBisProtocolGuid;
416 extern EFI_GUID gBootObjectAuthorizationParmsetGuid;
417
418 #endif
EFI Development Kit II mirror for PVE