1. Add Uefi231 secure boot related definitions

[mirror_edk2.git] / MdePkg / Include / Guid / ImageAuthentication.h

diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h
index bf5295a0463f1a0faf1c54ed6d2ff9569a178915..ef160e72a30e9348b45fc8c3d38f1af9412d5c8e 100644 (file)
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -35,7 +35,8 @@
 /// for the forbidden signature database.\r
 ///\r
 #define EFI_IMAGE_SECURITY_DATABASE1      L"dbx"\r
-\r
+#define SECURE_BOOT_MODE_ENABLE           1\r
+#define SECURE_BOOT_MODE_DISABLE          0\r
 #define SETUP_MODE                        1\r
 #define USER_MODE                         0\r
 ///\r
@@ -58,6 +59,12 @@
 ///\r
 #define EFI_SIGNATURE_SUPPORT_NAME        L"SignatureSupport"\r
 \r
+///\r
+/// Globally "SecureBoot" variable to specify whether the platform firmware \r
+/// is operating in Secure boot mode (1) or not (0). All other values are reserved.\r
+///\r
+#define EFI_SECURE_BOOT_MODE_NAME         L"SecureBoot"\r
+\r
 //***********************************************************************\r
 // Signature Database\r
 //***********************************************************************\r
@@ -200,6 +207,15 @@ typedef struct {
   { \\r
     0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \\r
   }\r
+\r
+///\r
+/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315]\r
+/// SignedData value.\r
+///\r
+#define EFI_CERT_TYPE_PKCS7_GUID \\r
+  { \\r
+    0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \\r
+  }\r
   \r
 //***********************************************************************\r
 // Image Execution Information Table Definition\r
@@ -274,5 +290,6 @@ extern EFI_GUID gEfiCertX509Guid;
 extern EFI_GUID gEfiCertSha224Guid;\r
 extern EFI_GUID gEfiCertSha384Guid;\r
 extern EFI_GUID gEfiCertSha512Guid;\r
+extern EFI_GUID gEfiCertPkcs7Guid;\r
 \r
 #endif\r