MdePkg/Include/Protocol/UserManager.h

   1 /** @file
   2   UEFI User Manager Protocol definition.
   3
   4   This protocol manages user profiles.
   5
   6   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
   7   SPDX-License-Identifier: BSD-2-Clause-Patent
   8
   9 **/
  10
  11 #ifndef __USER_MANAGER_H__
  12 #define __USER_MANAGER_H__
  13
  14 ///
  15 /// Global ID for the User Manager Protocol
  16 ///
  17 #define EFI_USER_MANAGER_PROTOCOL_GUID \
  18   { \
  19     0x6fd5b00c, 0xd426, 0x4283, { 0x98, 0x87, 0x6c, 0xf5, 0xcf, 0x1c, 0xb1, 0xfe } \
  20   }
  21
  22 #define EFI_EVENT_GROUP_USER_PROFILE_CHANGED \
  23   { \
  24     0xbaf1e6de, 0x209e, 0x4adb, { 0x8d, 0x96, 0xfd, 0x8b, 0x71, 0xf3, 0xf6, 0x83 } \
  25   }
  26
  27 typedef VOID *EFI_USER_PROFILE_HANDLE;
  28 typedef VOID *EFI_USER_INFO_HANDLE;
  29
  30 ///
  31 /// The attributes of the user profile information.
  32 ///
  33 typedef UINT16 EFI_USER_INFO_ATTRIBS;
  34 #define EFI_USER_INFO_STORAGE                   0x000F
  35 #define EFI_USER_INFO_STORAGE_VOLATILE          0x0000
  36 #define EFI_USER_INFO_STORAGE_CREDENTIAL_NV     0x0001
  37 #define EFI_USER_INFO_STORAGE_PLATFORM_NV       0x0002
  38
  39 #define EFI_USER_INFO_ACCESS                    0x0070
  40 #define EFI_USER_INFO_PUBLIC                    0x0010
  41 #define EFI_USER_INFO_PRIVATE                   0x0020
  42 #define EFI_USER_INFO_PROTECTED                 0x0030
  43 #define EFI_USER_INFO_EXCLUSIVE                 0x0080
  44
  45 ///
  46 /// User information structure
  47 ///
  48 typedef struct {
  49   ///
  50   /// The user credential identifier associated with this user information or else Nil if the
  51   /// information is not associated with any specific credential.
  52   ///
  53   EFI_GUID               Credential;
  54   ///
  55   /// The type of user information.
  56   ///
  57   UINT8                  InfoType;
  58   ///
  59   /// Must be set to 0.
  60   ///
  61   UINT8                  Reserved1;
  62   ///
  63   /// The attributes of the user profile information.
  64   ///
  65   EFI_USER_INFO_ATTRIBS  InfoAttribs;
  66   ///
  67   /// The size of the user information, in bytes, including this header.
  68   ///
  69   UINT32                 InfoSize;
  70 } EFI_USER_INFO;
  71
  72 ///
  73 /// User credential class GUIDs
  74 ///
  75 #define EFI_USER_CREDENTIAL_CLASS_UNKNOWN \
  76   { 0x5cf32e68, 0x7660, 0x449b, { 0x80, 0xe6, 0x7e, 0xa3, 0x6e, 0x3, 0xf6, 0xa8 } }
  77 #define EFI_USER_CREDENTIAL_CLASS_PASSWORD \
  78   { 0xf8e5058c, 0xccb6, 0x4714, { 0xb2, 0x20, 0x3f, 0x7e, 0x3a, 0x64, 0xb, 0xd1 } }
  79 #define EFI_USER_CREDENTIAL_CLASS_SMART_CARD \
  80   { 0x5f03ba33, 0x8c6b, 0x4c24, { 0xaa, 0x2e, 0x14, 0xa2, 0x65, 0x7b, 0xd4, 0x54 } }
  81 #define EFI_USER_CREDENTIAL_CLASS_FINGERPRINT \
  82   { 0x32cba21f, 0xf308, 0x4cbc, { 0x9a, 0xb5, 0xf5, 0xa3, 0x69, 0x9f, 0x4, 0x4a } }
  83 #define EFI_USER_CREDENTIAL_CLASS_HANDPRINT \
  84   { 0x5917ef16, 0xf723, 0x4bb9, { 0xa6, 0x4b, 0xd8, 0xc5, 0x32, 0xf4, 0xd8, 0xb5 } }
  85 #define EFI_USER_CREDENTIAL_CLASS_SECURE_CARD \
  86   { 0x8a6b4a83, 0x42fe, 0x45d2, { 0xa2, 0xef, 0x46, 0xf0, 0x6c, 0x7d, 0x98, 0x52 } }
  87
  88 typedef UINT64   EFI_CREDENTIAL_CAPABILITIES;
  89 #define EFI_CREDENTIAL_CAPABILITIES_ENROLL  0x0000000000000001
  90
  91 ///
  92 /// Credential logon flags
  93 ///
  94 typedef UINT32 EFI_CREDENTIAL_LOGON_FLAGS;
  95 #define EFI_CREDENTIAL_LOGON_FLAG_AUTO                0x00000001
  96 #define EFI_CREDENTIAL_LOGON_FLAG_DEFAULT             0x00000002
  97
  98 ///
  99 /// User information record types
 100 ///
 101
 102 ///
 103 /// No information.
 104 ///
 105 #define EFI_USER_INFO_EMPTY_RECORD                    0x00
 106 ///
 107 /// Provide the user's name for the enrolled user.
 108 ///
 109 #define EFI_USER_INFO_NAME_RECORD                     0x01
 110 typedef CHAR16 *EFI_USER_INFO_NAME;
 111 ///
 112 /// Provides the date and time when the user profile was created.
 113 ///
 114 #define EFI_USER_INFO_CREATE_DATE_RECORD              0x02
 115 typedef EFI_TIME EFI_USER_INFO_CREATE_DATE;
 116 ///
 117 /// Provides the date and time when the user profile was selected.
 118 ///
 119 #define EFI_USER_INFO_USAGE_DATE_RECORD               0x03
 120 typedef EFI_TIME EFI_USER_INFO_USAGE_DATE;
 121 ///
 122 /// Provides the number of times that the user profile has been selected.
 123 ///
 124 #define EFI_USER_INFO_USAGE_COUNT_RECORD              0x04
 125 typedef UINT64 EFI_USER_INFO_USAGE_COUNT;
 126 ///
 127 /// Provides a unique non-volatile user identifier for each enrolled user.
 128 ///
 129 #define EFI_USER_INFO_IDENTIFIER_RECORD               0x05
 130 typedef UINT8 EFI_USER_INFO_IDENTIFIER[16];
 131 ///
 132 /// Specifies the type of a particular credential associated with the user profile.
 133 ///
 134 #define EFI_USER_INFO_CREDENTIAL_TYPE_RECORD          0x06
 135 typedef EFI_GUID EFI_USER_INFO_CREDENTIAL_TYPE;
 136 ///
 137 /// Specifies the user-readable name of a particular credential type.
 138 ///
 139 #define EFI_USER_INFO_CREDENTIAL_TYPE_NAME_RECORD     0x07
 140 typedef CHAR16 *EFI_USER_INFO_CREDENTIAL_TYPE_NAME;
 141 ///
 142 /// Specifies the credential provider.
 143 ///
 144 #define EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD      0x08
 145 typedef EFI_GUID EFI_USER_INFO_CREDENTIAL_PROVIDER;
 146 ///
 147 /// Specifies the user-readable name of a particular credential's provider.
 148 ///
 149 #define EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD 0x09
 150 typedef CHAR16 *EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME;
 151 ///
 152 /// Provides PKCS#11 credential information from a smart card.
 153 ///
 154 #define EFI_USER_INFO_PKCS11_RECORD                   0x0A
 155 ///
 156 /// Provides standard biometric information in the format specified by the ISO 19785 (Common
 157 /// Biometric Exchange Formats Framework) specification.
 158 ///
 159 #define EFI_USER_INFO_CBEFF_RECORD                    0x0B
 160 typedef VOID *EFI_USER_INFO_CBEFF;
 161 ///
 162 /// Indicates how close of a match the fingerprint must be in order to be considered a match.
 163 ///
 164 #define EFI_USER_INFO_FAR_RECORD                      0x0C
 165 typedef UINT8 EFI_USER_INFO_FAR;
 166 ///
 167 /// Indicates how many attempts the user has to with a particular credential before the system prevents
 168 /// further attempts.
 169 ///
 170 #define EFI_USER_INFO_RETRY_RECORD                    0x0D
 171 typedef UINT8 EFI_USER_INFO_RETRY;
 172 ///
 173 /// Provides the user's pre-OS access rights.
 174 ///
 175 #define EFI_USER_INFO_ACCESS_POLICY_RECORD            0x0E
 176
 177 typedef struct {
 178   UINT32  Type;  ///< Specifies the type of user access control.
 179   UINT32  Size;  ///< Specifies the size of the user access control record, in bytes, including this header.
 180 } EFI_USER_INFO_ACCESS_CONTROL;
 181
 182 typedef EFI_USER_INFO_ACCESS_CONTROL EFI_USER_INFO_ACCESS_POLICY;
 183
 184 ///
 185 /// User Information access types
 186 ///
 187
 188 ///
 189 /// Forbids the user from booting or loading executables from the specified device path or any child
 190 /// device paths.
 191 ///
 192 #define EFI_USER_INFO_ACCESS_FORBID_LOAD              0x00000001
 193 ///
 194 /// Permits the user from booting or loading executables from the specified device path or any child
 195 /// device paths.
 196 /// Note: in-consistency between code and the UEFI 2.3 specification here.
 197 /// The definition EFI_USER_INFO_ACCESS_PERMIT_BOOT in the specification should be typo and wait for
 198 /// spec update.
 199 ///
 200 #define EFI_USER_INFO_ACCESS_PERMIT_LOAD              0x00000002
 201 ///
 202 /// Presence of this record indicates that a user can update enrollment information.
 203 ///
 204 #define EFI_USER_INFO_ACCESS_ENROLL_SELF              0x00000003
 205 ///
 206 /// Presence of this record indicates that a user can enroll new users.
 207 ///
 208 #define EFI_USER_INFO_ACCESS_ENROLL_OTHERS            0x00000004
 209 ///
 210 /// Presence of this record indicates that a user can update the user information of any user.
 211 ///
 212 #define EFI_USER_INFO_ACCESS_MANAGE                   0x00000005
 213 ///
 214 /// Describes permissions usable when configuring the platform.
 215 ///
 216 #define EFI_USER_INFO_ACCESS_SETUP                    0x00000006
 217 ///
 218 /// Standard GUIDs for access to configure the platform.
 219 ///
 220 #define EFI_USER_INFO_ACCESS_SETUP_ADMIN_GUID \
 221   { 0x85b75607, 0xf7ce, 0x471e, { 0xb7, 0xe4, 0x2a, 0xea, 0x5f, 0x72, 0x32, 0xee } }
 222 #define EFI_USER_INFO_ACCESS_SETUP_NORMAL_GUID \
 223   { 0x1db29ae0, 0x9dcb, 0x43bc, { 0x8d, 0x87, 0x5d, 0xa1, 0x49, 0x64, 0xdd, 0xe2 } }
 224 #define EFI_USER_INFO_ACCESS_SETUP_RESTRICTED_GUID \
 225   { 0xbdb38125, 0x4d63, 0x49f4, { 0x82, 0x12, 0x61, 0xcf, 0x5a, 0x19, 0xa, 0xf8 } }
 226
 227 ///
 228 /// Forbids UEFI drivers from being started from the specified device path(s) or any child device paths.
 229 ///
 230 #define EFI_USER_INFO_ACCESS_FORBID_CONNECT           0x00000007
 231 ///
 232 /// Permits UEFI drivers to be started on the specified device path(s) or any child device paths.
 233 ///
 234 #define EFI_USER_INFO_ACCESS_PERMIT_CONNECT           0x00000008
 235 ///
 236 /// Modifies the boot order.
 237 ///
 238 #define EFI_USER_INFO_ACCESS_BOOT_ORDER               0x00000009
 239 typedef UINT32 EFI_USER_INFO_ACCESS_BOOT_ORDER_HDR;
 240
 241 #define EFI_USER_INFO_ACCESS_BOOT_ORDER_MASK          0x0000000F
 242 ///
 243 /// Insert new boot options at the beginning of the boot order.
 244 ///
 245 #define EFI_USER_INFO_ACCESS_BOOT_ORDER_INSERT        0x00000000
 246 ///
 247 /// Append new boot options to the end of the boot order.
 248 ///
 249 #define EFI_USER_INFO_ACCESS_BOOT_ORDER_APPEND        0x00000001
 250 ///
 251 /// Replace the entire boot order.
 252 ///
 253 #define EFI_USER_INFO_ACCESS_BOOT_ORDER_REPLACE       0x00000002
 254 ///
 255 /// The Boot Manager will not attempt find a default boot device
 256 /// when the default boot order is does not lead to a bootable device.
 257 ///
 258 #define EFI_USER_INFO_ACCESS_BOOT_ORDER_NODEFAULT     0x00000010
 259
 260 ///
 261 /// Provides the expression which determines which credentials are required to assert user identity.
 262 ///
 263 #define EFI_USER_INFO_IDENTITY_POLICY_RECORD          0x0F
 264
 265 typedef struct {
 266   UINT32  Type;    ///< Specifies either an operator or a data item.
 267   UINT32  Length;  ///< The length of this block, in bytes, including this header.
 268 } EFI_USER_INFO_IDENTITY_POLICY;
 269
 270 ///
 271 /// User identity policy expression operators.
 272 ///
 273 #define EFI_USER_INFO_IDENTITY_FALSE                  0x00
 274 #define EFI_USER_INFO_IDENTITY_TRUE                   0x01
 275 #define EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE        0x02
 276 #define EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER    0x03
 277 #define EFI_USER_INFO_IDENTITY_NOT                    0x10
 278 #define EFI_USER_INFO_IDENTITY_AND                    0x11
 279 #define EFI_USER_INFO_IDENTITY_OR                     0x12
 280
 281 ///
 282 /// Provides placeholder for additional user profile information identified by a GUID.
 283 ///
 284 #define EFI_USER_INFO_GUID_RECORD                     0xFF
 285 typedef EFI_GUID EFI_USER_INFO_GUID;
 286
 287 ///
 288 /// User information table
 289 /// A collection of EFI_USER_INFO records, prefixed with this header.
 290 ///
 291 typedef struct {
 292   UINT64   Size;  ///< Total size of the user information table, in bytes.
 293 } EFI_USER_INFO_TABLE;
 294
 295 typedef struct _EFI_USER_MANAGER_PROTOCOL  EFI_USER_MANAGER_PROTOCOL;
 296
 297 /**
 298   Create a new user profile.
 299
 300   This function creates a new user profile with only a new user identifier attached and returns its
 301   handle. The user profile is non-volatile, but the handle User can change across reboots.
 302
 303   @param[in]  This               Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 304   @param[out] User               On return, points to the new user profile handle.
 305                                  The user profile handle is unique only during this boot.
 306
 307   @retval EFI_SUCCESS            User profile was successfully created.
 308   @retval EFI_ACCESS_DENIED      Current user does not have sufficient permissions to create a user profile.
 309   @retval EFI_UNSUPPORTED        Creation of new user profiles is not supported.
 310   @retval EFI_INVALID_PARAMETER  The User parameter is NULL.
 311 **/
 312 typedef
 313 EFI_STATUS
 314 (EFIAPI *EFI_USER_PROFILE_CREATE)(
 315   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 316   OUT      EFI_USER_PROFILE_HANDLE    *User
 317   );
 318
 319 /**
 320   Delete an existing user profile.
 321
 322   @param[in] This                Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 323   @param[in] User                User profile handle.
 324
 325   @retval EFI_SUCCESS            User profile was successfully deleted.
 326   @retval EFI_ACCESS_DENIED      Current user does not have sufficient permissions to delete a user
 327                                  profile or there is only one user profile.
 328   @retval EFI_UNSUPPORTED        Deletion of new user profiles is not supported.
 329   @retval EFI_INVALID_PARAMETER  User does not refer to a valid user profile.
 330 **/
 331 typedef
 332 EFI_STATUS
 333 (EFIAPI *EFI_USER_PROFILE_DELETE)(
 334   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 335   IN       EFI_USER_PROFILE_HANDLE    User
 336   );
 337
 338 /**
 339   Enumerate all of the enrolled users on the platform.
 340
 341   This function returns the next enrolled user profile. To retrieve the first user profile handle, point
 342   User at a NULL. Each subsequent call will retrieve another user profile handle until there are no
 343   more, at which point User will point to NULL.
 344
 345   @param[in]     This            Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 346   @param[in,out] User            On entry, points to the previous user profile handle or NULL to
 347                                  start enumeration. On exit, points to the next user profile handle
 348                                  or NULL if there are no more user profiles.
 349
 350   @retval EFI_SUCCESS            Next enrolled user profile successfully returned.
 351   @retval EFI_ACCESS_DENIED      Next enrolled user profile was not successfully returned.
 352   @retval EFI_INVALID_PARAMETER  The User parameter is NULL.
 353 **/
 354 typedef
 355 EFI_STATUS
 356 (EFIAPI *EFI_USER_PROFILE_GET_NEXT)(
 357   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 358   IN OUT   EFI_USER_PROFILE_HANDLE    *User
 359   );
 360
 361 /**
 362   Return the current user profile handle.
 363
 364   @param[in]  This               Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 365   @param[out] CurrentUser        On return, points to the current user profile handle.
 366
 367   @retval EFI_SUCCESS            Current user profile handle returned successfully.
 368   @retval EFI_INVALID_PARAMETER  The CurrentUser parameter is NULL.
 369 **/
 370 typedef
 371 EFI_STATUS
 372 (EFIAPI *EFI_USER_PROFILE_CURRENT)(
 373   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 374   OUT      EFI_USER_PROFILE_HANDLE    *CurrentUser
 375   );
 376
 377 /**
 378   Identify a user.
 379
 380   Identify the user and, if authenticated, returns the user handle and changes the current user profile.
 381   All user information marked as private in a previously selected profile is no longer available for
 382   inspection.
 383   Whenever the current user profile is changed then the an event with the GUID
 384   EFI_EVENT_GROUP_USER_PROFILE_CHANGED is signaled.
 385
 386   @param[in]  This               Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 387   @param[out] User               On return, points to the user profile handle for the current user profile.
 388
 389   @retval EFI_SUCCESS            User was successfully identified.
 390   @retval EFI_ACCESS_DENIED      User was not successfully identified.
 391   @retval EFI_INVALID_PARAMETER  The User parameter is NULL.
 392 **/
 393 typedef
 394 EFI_STATUS
 395 (EFIAPI *EFI_USER_PROFILE_IDENTIFY)(
 396   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 397   OUT      EFI_USER_PROFILE_HANDLE    *User
 398   );
 399
 400 /**
 401   Find a user using a user information record.
 402
 403   This function searches all user profiles for the specified user information record. The search starts
 404   with the user information record handle following UserInfo and continues until either the
 405   information is found or there are no more user profiles.
 406   A match occurs when the Info.InfoType field matches the user information record type and the
 407   user information record data matches the portion of Info.
 408
 409   @param[in]     This      Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 410   @param[in,out] User      On entry, points to the previously returned user profile handle or NULL to start
 411                            searching with the first user profile. On return, points to the user profile handle or
 412                            NULL if not found.
 413   @param[in,out] UserInfo  On entry, points to the previously returned user information handle or NULL to start
 414                            searching with the first. On return, points to the user information handle of the user
 415                            information record or NULL if not found. Can be NULL, in which case only one user
 416                            information record per user can be returned.
 417   @param[in]     Info      Points to the buffer containing the user information to be compared to the user
 418                            information record. If the user information record data is empty, then only the user
 419                            information record type is compared.
 420                            If InfoSize is 0, then the user information record must be empty.
 421
 422   @param[in]     InfoSize  The size of Info, in bytes.
 423
 424   @retval EFI_SUCCESS           User information was found. User points to the user profile handle and UserInfo
 425                                 points to the user information handle.
 426   @retval EFI_NOT_FOUND         User information was not found. User points to NULL and UserInfo points to NULL.
 427   @retval EFI_INVALID_PARAMETER User is NULL. Or Info is NULL.
 428 **/
 429 typedef
 430 EFI_STATUS
 431 (EFIAPI *EFI_USER_PROFILE_FIND)(
 432   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 433   IN OUT   EFI_USER_PROFILE_HANDLE    *User,
 434   IN OUT   EFI_USER_INFO_HANDLE       *UserInfo OPTIONAL,
 435   IN CONST EFI_USER_INFO              *Info,
 436   IN       UINTN                      InfoSize
 437   );
 438
 439 /**
 440   Called by credential provider to notify of information change.
 441
 442   This function allows the credential provider to notify the User Identity Manager when user status
 443   has changed.
 444   If the User Identity Manager doesn't support asynchronous changes in credentials, then this function
 445   should return EFI_UNSUPPORTED.
 446   If current user does not exist, and the credential provider can identify a user, then make the user
 447   to be current user and signal the EFI_EVENT_GROUP_USER_PROFILE_CHANGED event.
 448   If current user already exists, and the credential provider can identify another user, then switch
 449   current user to the newly identified user, and signal the EFI_EVENT_GROUP_USER_PROFILE_CHANGED event.
 450   If current user was identified by this credential provider and now the credential provider cannot identify
 451   current user, then logout current user and signal the EFI_EVENT_GROUP_USER_PROFILE_CHANGED event.
 452
 453   @param[in] This          Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 454   @param[in] Changed       Handle on which is installed an instance of the
 455                            EFI_USER_CREDENTIAL_PROTOCOL where the user has changed.
 456
 457   @retval EFI_SUCCESS      The User Identity Manager has handled the notification.
 458   @retval EFI_NOT_READY    The function was called while the specified credential provider was not selected.
 459   @retval EFI_UNSUPPORTED  The User Identity Manager doesn't support asynchronous notifications.
 460 **/
 461 typedef
 462 EFI_STATUS
 463 (EFIAPI *EFI_USER_PROFILE_NOTIFY)(
 464   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 465   IN       EFI_HANDLE                 Changed
 466   );
 467
 468 /**
 469   Return information attached to the user.
 470
 471   This function returns user information. The format of the information is described in User
 472   Information. The function may return EFI_ACCESS_DENIED if the information is marked private
 473   and the handle specified by User is not the current user profile. The function may return
 474   EFI_ACCESS_DENIED if the information is marked protected and the information is associated
 475   with a credential provider for which the user has not been authenticated.
 476
 477   @param[in]     This           Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 478   @param[in]     User           Handle of the user whose profile will be retrieved.
 479   @param[in]     UserInfo       Handle of the user information data record.
 480   @param[out]    Info           On entry, points to a buffer of at least *InfoSize bytes. On exit, holds the user
 481                                 information. If the buffer is too small to hold the information, then
 482                                 EFI_BUFFER_TOO_SMALL is returned and InfoSize is updated to contain the
 483                                 number of bytes actually required.
 484   @param[in,out] InfoSize       On entry, points to the size of Info. On return, points to the size of the user
 485                                 information.
 486
 487   @retval EFI_SUCCESS           Information returned successfully.
 488   @retval EFI_ACCESS_DENIED     The information about the specified user cannot be accessed by the current user.
 489   @retval EFI_BUFFER_TOO_SMALL  The number of bytes specified by *InfoSize is too small to hold
 490                                 the returned data. The actual size required is returned in *InfoSize.
 491   @retval EFI_NOT_FOUND         User does not refer to a valid user profile or UserInfo does not refer to a valid
 492                                 user info handle.
 493   @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.
 494 **/
 495 typedef
 496 EFI_STATUS
 497 (EFIAPI *EFI_USER_PROFILE_GET_INFO)(
 498   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 499   IN       EFI_USER_PROFILE_HANDLE    User,
 500   IN       EFI_USER_INFO_HANDLE       UserInfo,
 501   OUT      EFI_USER_INFO              *Info,
 502   IN OUT   UINTN                      *InfoSize
 503   );
 504
 505 /**
 506   Add or update user information.
 507
 508   This function changes user information.  If NULL is pointed to by UserInfo, then a new user
 509   information record is created and its handle is returned in UserInfo. Otherwise, the existing one is
 510   replaced.
 511   If EFI_USER_INFO_IDENTITY_POLICY_RECORD is changed, it is the caller's responsibility to keep it to
 512   be synced with the information on credential providers.
 513   If EFI_USER_INFO_EXCLUSIVE is specified in Info and a user information record of the same
 514   type already exists in the user profile, then EFI_ACCESS_DENIED will be returned and
 515   UserInfo will point to the handle of the existing record.
 516
 517   @param[in]     This             Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 518   @param[in]     User             Handle of the user whose profile will be retrieved.
 519   @param[in,out] UserInfo         Handle of the user information data record.
 520   @param[in]     Info             On entry, points to a buffer of at least *InfoSize bytes. On exit, holds the user
 521                                   information. If the buffer is too small to hold the information, then
 522                                   EFI_BUFFER_TOO_SMALL is returned and InfoSize is updated to contain the
 523                                   number of bytes actually required.
 524   @param[in]     InfoSize         On entry, points to the size of Info. On return, points to the size of the user
 525                                   information.
 526
 527   @retval EFI_SUCCESS             Information returned successfully.
 528   @retval EFI_ACCESS_DENIED       The record is exclusive.
 529   @retval EFI_SECURITY_VIOLATION  The current user does not have permission to change the specified
 530                                   user profile or user information record.
 531   @retval EFI_NOT_FOUND           User does not refer to a valid user profile or UserInfo does not refer to a valid
 532                                   user info handle.
 533   @retval EFI_INVALID_PARAMETER   UserInfo is NULL or Info is NULL.
 534 **/
 535 typedef
 536 EFI_STATUS
 537 (EFIAPI *EFI_USER_PROFILE_SET_INFO)(
 538   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 539   IN       EFI_USER_PROFILE_HANDLE    User,
 540   IN OUT   EFI_USER_INFO_HANDLE       *UserInfo,
 541   IN CONST EFI_USER_INFO              *Info,
 542   IN       UINTN                      InfoSize
 543   );
 544
 545 /**
 546   Delete user information.
 547
 548   Delete the user information attached to the user profile specified by the UserInfo.
 549
 550   @param[in] This            Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 551   @param[in] User            Handle of the user whose information will be deleted.
 552   @param[in] UserInfo        Handle of the user information to remove.
 553
 554   @retval EFI_SUCCESS        User information deleted successfully.
 555   @retval EFI_NOT_FOUND      User information record UserInfo does not exist in the user profile.
 556   @retval EFI_ACCESS_DENIED  The current user does not have permission to delete this user information.
 557 **/
 558 typedef
 559 EFI_STATUS
 560 (EFIAPI *EFI_USER_PROFILE_DELETE_INFO)(
 561   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 562   IN       EFI_USER_PROFILE_HANDLE    User,
 563   IN       EFI_USER_INFO_HANDLE       UserInfo
 564   );
 565
 566 /**
 567   Enumerate user information of all the enrolled users on the platform.
 568
 569   This function returns the next user information record. To retrieve the first user information record
 570   handle, point UserInfo at a NULL. Each subsequent call will retrieve another user information
 571   record handle until there are no more, at which point UserInfo will point to NULL.
 572
 573   @param[in]     This           Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
 574   @param[in]     User           Handle of the user whose information will be deleted.
 575   @param[in,out] UserInfo       Handle of the user information to remove.
 576
 577   @retval EFI_SUCCESS           User information returned.
 578   @retval EFI_NOT_FOUND         No more user information found.
 579   @retval EFI_INVALID_PARAMETER UserInfo is NULL.
 580 **/
 581 typedef
 582 EFI_STATUS
 583 (EFIAPI *EFI_USER_PROFILE_GET_NEXT_INFO)(
 584   IN CONST EFI_USER_MANAGER_PROTOCOL  *This,
 585   IN       EFI_USER_PROFILE_HANDLE    User,
 586   IN OUT   EFI_USER_INFO_HANDLE       *UserInfo
 587   );
 588
 589 ///
 590 /// This protocol provides the services used to manage user profiles.
 591 ///
 592 struct _EFI_USER_MANAGER_PROTOCOL {
 593   EFI_USER_PROFILE_CREATE         Create;
 594   EFI_USER_PROFILE_DELETE         Delete;
 595   EFI_USER_PROFILE_GET_NEXT       GetNext;
 596   EFI_USER_PROFILE_CURRENT        Current;
 597   EFI_USER_PROFILE_IDENTIFY       Identify;
 598   EFI_USER_PROFILE_FIND           Find;
 599   EFI_USER_PROFILE_NOTIFY         Notify;
 600   EFI_USER_PROFILE_GET_INFO       GetInfo;
 601   EFI_USER_PROFILE_SET_INFO       SetInfo;
 602   EFI_USER_PROFILE_DELETE_INFO    DeleteInfo;
 603   EFI_USER_PROFILE_GET_NEXT_INFO  GetNextInfo;
 604 };
 605
 606 extern EFI_GUID gEfiUserManagerProtocolGuid;
 607 extern EFI_GUID gEfiEventUserProfileChangedGuid;
 608 extern EFI_GUID gEfiUserCredentialClassUnknownGuid;
 609 extern EFI_GUID gEfiUserCredentialClassPasswordGuid;
 610 extern EFI_GUID gEfiUserCredentialClassSmartCardGuid;
 611 extern EFI_GUID gEfiUserCredentialClassFingerprintGuid;
 612 extern EFI_GUID gEfiUserCredentialClassHandprintGuid;
 613 extern EFI_GUID gEfiUserCredentialClassSecureCardGuid;
 614 extern EFI_GUID gEfiUserInfoAccessSetupAdminGuid;
 615 extern EFI_GUID gEfiUserInfoAccessSetupNormalGuid;
 616 extern EFI_GUID gEfiUserInfoAccessSetupRestrictedGuid;
 617
 618 #endif