/** @file\r
- This file defines the BIS protocol.\r
+ BIS protocol are defined in the UEFI specification.\r
+ The EFI_BIS_PROTOCOL is used to check a digital signature of a data block \r
+ against a digital certificate for the purpose of an integrity and authorization check.\r
\r
- Copyright (c) 2006, Intel Corporation \r
+ Copyright (c) 2006 - 2008, Intel Corporation \r
All rights reserved. This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
\r
- Module Name: Bis.h\r
-\r
**/\r
\r
#ifndef __BIS_H__\r
0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf } \\r
}\r
\r
+//\r
+// X-Intel-BIS-ParameterSet\r
+// Attribute value\r
+// Binary Value of X-Intel-BIS-ParameterSet Attribute.\r
+// (Value is Base-64 encoded in actual signed manifest).\r
+//\r
+#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r
+ { \\r
+ 0xedd35e31, 0x7b9, 0x11d2, { 0x83,0xa3,0x0,0xa0,0xc9,0x1f,0xad,0xcf } \\r
+ }\r
+\r
+\r
+\r
typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL;\r
\r
\r
//\r
#define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data)\r
\r
-//\r
-// Binary Value of "X-Intel-BIS-ParameterSet" Attribute.\r
-// (Value is Base64 encoded in actual signed manifest).\r
-// {EDD35E31-07B9-11d2-83A3-00A0C91FADCF}\r
-//\r
-#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r
- { \\r
- 0xedd35e31, 0x7b9, 0x11d2, \\r
- { \\r
- 0x83, 0xa3, 0x0, 0xa0, 0xc9, 0x1f, 0xad, 0xcf \\r
- } \\r
- }\r
-\r
//\r
// Support old name for backward compatible\r
//\r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_INITIALIZE) (\r
+(EFIAPI *EFI_BIS_INITIALIZE)(\r
IN EFI_BIS_PROTOCOL *This, \r
OUT BIS_APPLICATION_HANDLE *AppHandle, \r
IN OUT EFI_BIS_VERSION *InterfaceVersion, \r
/** \r
Frees memory structures allocated and returned by other functions in the EFI_BIS protocol. \r
\r
- @param AppHandle An opaque handle that identifies the caller¡¯s instance of initialization\r
+ @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
of the BIS service. \r
@param ToFree An EFI_BIS_DATA* and associated memory block to be freed.\r
\r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_FREE) (\r
+(EFIAPI *EFI_BIS_FREE)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
IN EFI_BIS_DATA *ToFree \r
);\r
\r
/** \r
- Shuts down an application¡¯s instance of the BIS service, invalidating the application handle. After\r
+ Shuts down an application's instance of the BIS service, invalidating the application handle. After\r
this call, other BIS functions may no longer be invoked using the application handle value. \r
\r
- @param AppHandle An opaque handle that identifies the caller¡¯s instance of initialization\r
+ @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
of the BIS service. \r
\r
@retval EFI_SUCCESS The function completed successfully.\r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_SHUTDOWN) (\r
+(EFIAPI *EFI_BIS_SHUTDOWN)(\r
IN BIS_APPLICATION_HANDLE AppHandle \r
);\r
\r
Retrieves the certificate that has been configured as the identity of the organization designated as\r
the source of authorization for signatures of boot objects.\r
\r
- @param AppHandle An opaque handle that identifies the caller¡¯s instance of initialization\r
+ @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
of the BIS service. \r
@param Certificate The function writes an allocated EFI_BIS_DATA* containing the Boot\r
Object Authorization Certificate object. \r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE) (\r
+(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
OUT EFI_BIS_DATA **Certificate \r
);\r
Verifies the integrity and authorization of the indicated data object according to the\r
indicated credentials. \r
\r
- @param AppHandle An opaque handle that identifies the caller¡¯s instance of initialization\r
+ @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
of the BIS service. \r
@param Credentials A Signed Manifest containing verification information for the indicated\r
data object. \r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT) (\r
+(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
IN EFI_BIS_DATA *Credentials, \r
IN EFI_BIS_DATA *DataObject, \r
/** \r
Retrieves the current status of the Boot Authorization Check Flag.\r
\r
- @param AppHandle An opaque handle that identifies the caller¡¯s instance of initialization\r
+ @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
of the BIS service. \r
@param CheckIsRequired The function writes the value TRUE if a Boot Authorization Check is\r
currently required on this platform, otherwise the function writes \r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG) (\r
+(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
OUT BOOLEAN *CheckIsRequired \r
);\r
Retrieves a unique token value to be included in the request credential for the next update of any\r
parameter in the Boot Object Authorization set \r
\r
- @param AppHandle An opaque handle that identifies the caller¡¯s instance of initialization\r
+ @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
of the BIS service. \r
@param UpdateToken The function writes an allocated EFI_BIS_DATA* containing the new\r
unique update token value. \r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN) (\r
+(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
OUT EFI_BIS_DATA **UpdateToken \r
);\r
/** \r
Updates one of the configurable parameters of the Boot Object Authorization set.\r
\r
- @param AppHandle An opaque handle that identifies the caller¡¯s instance of initialization\r
+ @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
of the BIS service. \r
@param RequestCredential This is a Signed Manifest with embedded attributes that carry the details\r
of the requested update. \r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION) (\r
+(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
IN EFI_BIS_DATA *RequestCredential, \r
OUT EFI_BIS_DATA **NewUpdateToken \r
Verifies the integrity and authorization of the indicated data object according to the indicated\r
credentials and authority certificate. \r
\r
- @param AppHandle An opaque handle that identifies the caller¡¯s instance of initialization\r
+ @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
of the BIS service. \r
@param Credentials A Signed Manifest containing verification information for the\r
indicated data object. \r
@param SectionName An ASCII (not Unicode) string giving the section name in the \r
manifest holding the verification information (in other words,\r
hash value) that corresponds to DataObject. \r
- @param AuthorityCertificate A digital certificate whose public key must match the signer¡¯s \r
+ @param AuthorityCertificate A digital certificate whose public key must match the signer's \r
public key which is found in the credentials. \r
@param IsVerified The function writes TRUE if the verification was successful.\r
Otherwise, the function writes FALSE. \r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL) (\r
+(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
IN EFI_BIS_DATA *Credentials, \r
IN EFI_BIS_DATA *DataObject, \r
Retrieves a list of digital certificate identifier, digital signature algorithm, hash algorithm, and keylength\r
combinations that the platform supports. \r
\r
- @param AppHandle An opaque handle that identifies the caller¡¯s instance of initialization\r
+ @param AppHandle An opaque handle that identifies the caller's instance of initialization\r
of the BIS service. \r
@param SignatureInfo The function writes an allocated EFI_BIS_DATA* containing the array\r
of EFI_BIS_SIGNATURE_INFO structures representing the supported \r
**/\r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO) (\r
+(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
OUT EFI_BIS_DATA **SignatureInfo \r
);\r
\r
+/**\r
+ @par Protocol Description:\r
+ The EFI_BIS_PROTOCOL is used to check a digital signature of a data block against a digital\r
+ certificate for the purpose of an integrity and authorization check.\r
+\r
+ @param initialize\r
+ Initializes an application instance of the EFI_BIS protocol,\r
+ returning a handle for the application instance. Other functions in\r
+ the EFI_BIS protocol require a valid application instance\r
+ handle obtained from this function.\r
+ \r
+ @param Shutdown \r
+ Ends the lifetime of an application instance of the EFI_BIS\r
+ protocol, invalidating its application instance handle. The\r
+ application instance handle may no longer be used in other\r
+ functions in the EFI_BIS protocol.\r
+\r
+ @param Free \r
+ Frees memory structures allocated and returned by other\r
+ functions in the EFI_BIS protocol. \r
+\r
+ @param GetBootObjectAuthorizationCertificate\r
+ Retrieves the current digital certificate (if any) used by the\r
+ EFI_BIS protocol as the source of authorization for verifying\r
+ boot objects and altering configuration parameters.\r
+\r
+ @param GetBootObjectAuthorizationCheckFlag\r
+ Retrieves the current setting of the authorization check flag that\r
+ indicates whether or not authorization checks are required for\r
+ boot objects.\r
+\r
+ @param GetBootObjectAuthorizationUpdateToken\r
+ Retrieves an uninterpreted token whose value gets included and\r
+ signed in a subsequent request to alter the configuration\r
+ parameters, to protect against attempts to replay such a request.\r
+\r
+ @param GetSignatureInfo \r
+ Retrieves information about the digital signature algorithms\r
+ supported and the identity of the installed authorization\r
+ certificate, if any.\r
+\r
+ @param UpdateBootObjectAuthorization\r
+ Requests that the configuration parameters be altered by\r
+ installing or removing an authorization certificate or changing the\r
+ setting of the check flag. \r
+\r
+ @param VerifyBootObject\r
+ Verifies a boot object according to the supplied digital signature\r
+ and the current authorization certificate and check flag setting.\r
+\r
+ @param VerifyObjectWithCredential\r
+ Verifies a data object according to a supplied digital signature\r
+ and a supplied digital certificate. \r
+**/\r
struct _EFI_BIS_PROTOCOL {\r
EFI_BIS_INITIALIZE Initialize;\r
EFI_BIS_SHUTDOWN Shutdown;\r
projects / mirror_edk2.git / blobdiff