2 The variable data structures are related to EDKII-specific
3 implementation of UEFI authenticated variables.
4 AuthenticatedVariableFormat.h defines variable data headers
5 and variable storage region headers that has been moved to
8 Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
9 SPDX-License-Identifier: BSD-2-Clause-Patent
13 #ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__
14 #define __AUTHENTICATED_VARIABLE_FORMAT_H__
16 #include <Guid/VariableFormat.h>
18 #define EFI_SECURE_BOOT_ENABLE_DISABLE \
19 { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }
21 extern EFI_GUID gEfiSecureBootEnableDisableGuid
;
22 extern EFI_GUID gEfiCertDbGuid
;
23 extern EFI_GUID gEfiCustomModeEnableGuid
;
24 extern EFI_GUID gEfiVendorKeysNvGuid
;
27 /// "SecureBootEnable" variable for the Secure Boot feature enable/disable.
28 /// This variable is used for allowing a physically present user to disable
29 /// Secure Boot via firmware setup without the possession of PKpriv.
31 /// GUID: gEfiSecureBootEnableDisableGuid
35 #define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable"
36 #define SECURE_BOOT_ENABLE 1
37 #define SECURE_BOOT_DISABLE 0
40 /// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".
41 /// Standard Secure Boot mode is the default mode as UEFI Spec's description.
42 /// Custom Secure Boot mode allows for more flexibility as specified in the following:
43 /// Can enroll or delete PK without existing PK's private key.
44 /// Can enroll or delete KEK without existing PK's private key.
45 /// Can enroll or delete signature from DB/DBX without KEK's private key.
47 /// GUID: gEfiCustomModeEnableGuid
51 #define EFI_CUSTOM_MODE_NAME L"CustomMode"
52 #define CUSTOM_SECURE_BOOT_MODE 1
53 #define STANDARD_SECURE_BOOT_MODE 0
56 /// "VendorKeysNv" variable to record the out of band secure boot keys modification.
57 /// This variable is a read-only NV variable that indicates whether someone other than
58 /// the platform vendor has used a mechanism not defined by the UEFI Specification to
59 /// transition the system to setup mode or to update secure boot keys.
61 /// GUID: gEfiVendorKeysNvGuid
65 #define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv"
66 #define VENDOR_KEYS_VALID 1
67 #define VENDOR_KEYS_MODIFIED 0
69 #endif // __AUTHENTICATED_VARIABLE_FORMAT_H__