SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h

   1 /** @file
   2   The variable data structures are related to EDKII-specific
   3   implementation of UEFI authenticated variables.
   4   AuthenticatedVariableFormat.h defines variable data headers
   5   and variable storage region headers that has been moved to
   6   VariableFormat.h.
   7
   8 Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
   9 SPDX-License-Identifier: BSD-2-Clause-Patent
  10
  11 **/
  12
  13 #ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__
  14 #define __AUTHENTICATED_VARIABLE_FORMAT_H__
  15
  16 #include <Guid/VariableFormat.h>
  17
  18 #define EFI_SECURE_BOOT_ENABLE_DISABLE \
  19   { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }
  20
  21 extern EFI_GUID gEfiSecureBootEnableDisableGuid;
  22 extern EFI_GUID gEfiCertDbGuid;
  23 extern EFI_GUID gEfiCustomModeEnableGuid;
  24 extern EFI_GUID gEfiVendorKeysNvGuid;
  25
  26 ///
  27 /// "SecureBootEnable" variable for the Secure Boot feature enable/disable.
  28 /// This variable is used for allowing a physically present user to disable
  29 /// Secure Boot via firmware setup without the possession of PKpriv.
  30 ///
  31 /// GUID: gEfiSecureBootEnableDisableGuid
  32 ///
  33 /// Format: UINT8
  34 ///
  35 #define EFI_SECURE_BOOT_ENABLE_NAME      L"SecureBootEnable"
  36 #define SECURE_BOOT_ENABLE               1
  37 #define SECURE_BOOT_DISABLE              0
  38
  39 ///
  40 ///  "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".
  41 ///  Standard Secure Boot mode is the default mode as UEFI Spec's description.
  42 ///  Custom Secure Boot mode allows for more flexibility as specified in the following:
  43 ///    Can enroll or delete PK without existing PK's private key.
  44 ///    Can enroll or delete KEK without existing PK's private key.
  45 ///    Can enroll or delete signature from DB/DBX without KEK's private key.
  46 ///
  47 ///  GUID: gEfiCustomModeEnableGuid
  48 ///
  49 /// Format: UINT8
  50 ///
  51 #define EFI_CUSTOM_MODE_NAME          L"CustomMode"
  52 #define CUSTOM_SECURE_BOOT_MODE       1
  53 #define STANDARD_SECURE_BOOT_MODE     0
  54
  55 ///
  56 ///  "VendorKeysNv" variable to record the out of band secure boot keys modification.
  57 ///  This variable is a read-only NV varaible that indicates whether someone other than
  58 ///  the platform vendor has used a mechanism not defined by the UEFI Specification to
  59 ///  transition the system to setup mode or to update secure boot keys.
  60 ///
  61 ///  GUID: gEfiVendorKeysNvGuid
  62 ///
  63 /// Format: UINT8
  64 ///
  65 #define EFI_VENDOR_KEYS_NV_VARIABLE_NAME       L"VendorKeysNv"
  66 #define VENDOR_KEYS_VALID             1
  67 #define VENDOR_KEYS_MODIFIED          0
  68
  69 #endif // __AUTHENTICATED_VARIABLE_FORMAT_H__