MdePkg/MdeModulePkg/SecurityPkg Variable: Forbid creation of non-spec variables in...

[mirror_edk2.git] / MdePkg / Include / Guid / ImageAuthentication.h

diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h
index ef160e72a30e9348b45fc8c3d38f1af9412d5c8e..8b46e7356b757600ff142871c456df5aa3155fcb 100644 (file)
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -1,8 +1,7 @@
 /** @file\r
-  Platform Key, Key Exchange Key, and Image signature database are defined \r
-  for the signed image validation.\r
+  Image signature database are defined for the signed image validation.\r
 \r
-  Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
   This program and the accompanying materials                          \r
   are licensed and made available under the terms and conditions of the BSD License         \r
   which accompanies this distribution.  The full text of the license may be found at        \r
@@ -35,35 +34,12 @@
 /// for the forbidden signature database.\r
 ///\r
 #define EFI_IMAGE_SECURITY_DATABASE1      L"dbx"\r
+\r
 #define SECURE_BOOT_MODE_ENABLE           1\r
 #define SECURE_BOOT_MODE_DISABLE          0\r
 #define SETUP_MODE                        1\r
 #define USER_MODE                         0\r
-///\r
-/// Globally "SetupMode" variable to specify whether the system is currently operating \r
-/// in setup mode (1) or not (0). All other values are reserved.\r
-///\r
-#define EFI_SETUP_MODE_NAME               L"SetupMode"\r
-///\r
-/// Globally "PK" variable for the Platform Key Signature Database.\r
-///\r
-#define EFI_PLATFORM_KEY_NAME             L"PK"\r
-///\r
-/// Globally "KEK" variable for the Key Exchange Key Signature Database.\r
-///\r
-#define EFI_KEY_EXCHANGE_KEY_NAME         L"KEK"\r
-///\r
-/// Globally "SignatureSupport" variable returns an array of GUIDs, \r
-/// with each GUID representing a type of signature which the platform \r
-/// firmware supports for images and other data.\r
-///\r
-#define EFI_SIGNATURE_SUPPORT_NAME        L"SignatureSupport"\r
 \r
-///\r
-/// Globally "SecureBoot" variable to specify whether the platform firmware \r
-/// is operating in Secure boot mode (1) or not (0). All other values are reserved.\r
-///\r
-#define EFI_SECURE_BOOT_MODE_NAME         L"SecureBoot"\r
 \r
 //***********************************************************************\r
 // Signature Database\r
@@ -128,7 +104,7 @@ typedef struct {
 /// since the public key exponent is known to be 0x10001) shall be stored in big-endian\r
 /// order.\r
 /// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size \r
-/// of SignatureOwner component) + 32 bytes.\r
+/// of SignatureOwner component) + 256 bytes.\r
 ///\r
 #define EFI_CERT_RSA2048_GUID \\r
   { \\r
@@ -138,7 +114,7 @@ typedef struct {
 ///\r
 /// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash.  The \r
 /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of \r
-/// SignatureOwner component) + 32 bytes.\r
+/// SignatureOwner component) + 256 bytes.\r
 ///\r
 #define EFI_CERT_RSA2048_SHA256_GUID \\r
   { \\r
@@ -147,7 +123,7 @@ typedef struct {
 \r
 ///\r
 /// This identifies a signature containing a SHA-1 hash.  The SignatureSize shall always\r
-/// be 16 (size of SignatureOwner component) + 32 bytes.\r
+/// be 16 (size of SignatureOwner component) + 20 bytes.\r
 ///\r
 #define EFI_CERT_SHA1_GUID \\r
   { \\r
@@ -157,7 +133,7 @@ typedef struct {
 ///\r
 /// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash.  The \r
 /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of \r
-/// SignatureOwner component) + 32 bytes.\r
+/// SignatureOwner component) + 256 bytes.\r
 ///\r
 #define EFI_CERT_RSA2048_SHA1_GUID \\r
   { \\r