OvmfPkg/Include/Guid/OvmfPkKek1AppPrefix.h

   1 /** @file
   2   Declare the application prefix string as a GUID, for locating the PK/KEK1
   3   X509 certificate to enroll, in the "OEM Strings" SMBIOS table.
   4
   5   Copyright (C) 2019, Red Hat, Inc.
   6
   7   SPDX-License-Identifier: BSD-2-Clause-Patent
   8
   9   @par Specification Reference:
  10   - https://git.qemu.org/?p=qemu.git;a=commit;h=2d6dcbf93fb0
  11   - https://libvirt.org/formatdomain.html#elementsSysinfo
  12   - https://bugs.launchpad.net/qemu/+bug/1826200
  13   - https://bugzilla.tianocore.org/show_bug.cgi?id=1747
  14 **/
  15
  16 #ifndef OVMF_PK_KEK1_APP_PREFIX_H_
  17 #define OVMF_PK_KEK1_APP_PREFIX_H_
  18
  19 #include <Uefi/UefiBaseType.h>
  20
  21 //
  22 // For the EnrollDefaultKeys application, the hypervisor is expected to add a
  23 // string entry to the "OEM Strings" (Type 11) SMBIOS table, with the following
  24 // format:
  25 //
  26 // 4e32566d-8e9e-4f52-81d3-5bb9715f9727:<Base64 X509 cert for PK and first KEK>
  27 //
  28 // The string representation of the GUID at the front is the "application
  29 // prefix". It is matched by EnrollDefaultKeys case-insensitively.
  30 //
  31 // The base64-encoded blob following the application prefix and the colon (:)
  32 // is an X509 certificate in DER representation; the hypervisor instructs
  33 // EnrollDefaultKeys to enroll this certificate as both Platform Key and first
  34 // Key Exchange Key.
  35 //
  36 #define OVMF_PK_KEK1_APP_PREFIX_GUID                    \
  37   { 0x4e32566d,                                         \
  38     0x8e9e,                                             \
  39     0x4f52,                                             \
  40     { 0x81, 0xd3, 0x5b, 0xb9, 0x71, 0x5f, 0x97, 0x27 }, \
  41   }
  42
  43 extern EFI_GUID  gOvmfPkKek1AppPrefixGuid;
  44
  45 #endif /* OVMF_PK_KEK1_APP_PREFIX_H_ */