/** @file\r
- This file defines the BIS protocol.\r
+ BIS protocol are defined in the UEFI specification.\r
+ The EFI_BIS_PROTOCOL is used to check a digital signature of a data block \r
+ against a digital certificate for the purpose of an integrity and authorization check.\r
\r
- Copyright (c) 2006, Intel Corporation \r
+ Copyright (c) 2006 - 2008, Intel Corporation \r
All rights reserved. This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
\r
- Module Name: Bis.h\r
-\r
**/\r
\r
#ifndef __BIS_H__\r
0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf } \\r
}\r
\r
+//\r
+// X-Intel-BIS-ParameterSet\r
+// Attribute value\r
+// Binary Value of X-Intel-BIS-ParameterSet Attribute.\r
+// (Value is Base-64 encoded in actual signed manifest).\r
+//\r
+#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r
+ { \\r
+ 0xedd35e31, 0x7b9, 0x11d2, { 0x83,0xa3,0x0,0xa0,0xc9,0x1f,0xad,0xcf } \\r
+ }\r
+\r
+\r
+\r
typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL;\r
\r
\r
typedef UINT16 BIS_ALG_ID;\r
typedef UINT32 BIS_CERT_ID;\r
\r
-//\r
-// EFI_BIS_DATA type.\r
-//\r
-// EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ).\r
-//\r
+///\r
+/// EFI_BIS_DATA type.\r
+///\r
+/// EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ).\r
+///\r
typedef struct {\r
UINT32 Length; // Length of Data in 8 bit bytes.\r
UINT8 *Data; // 32 Bit Flat Address of data.\r
} EFI_BIS_DATA;\r
\r
-//\r
-// EFI_BIS_VERSION type.\r
-//\r
+///\r
+/// EFI_BIS_VERSION type.\r
+///\r
typedef struct {\r
UINT32 Major; // BIS Interface version number.\r
UINT32 Minor; // Build number.\r
#define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1\r
#define BIS_VERSION_1 1\r
\r
-//\r
-// EFI_BIS_SIGNATURE_INFO type.\r
-//\r
+///\r
+/// EFI_BIS_SIGNATURE_INFO type.\r
+///\r
typedef struct {\r
BIS_CERT_ID CertificateID; // Truncated hash of platform Boot Object\r
- // authorization certificate.\r
- //\r
+ /// authorization certificate.\r
+ ///\r
BIS_ALG_ID AlgorithmID; // A signature algorithm number.\r
UINT16 KeyLength; // Length of alg. keys in bits.\r
} EFI_BIS_SIGNATURE_INFO;\r
\r
-//\r
-// Currently defined values for EFI_BIS_SIGNATURE_INFO.AlgorithmID.\r
-// The exact numeric values come from\r
-// "Common Data Security Architecture (CDSA) Specification".\r
-//\r
+///\r
+/// Currently defined values for EFI_BIS_SIGNATURE_INFO.AlgorithmID.\r
+/// The exact numeric values come from\r
+/// "Common Data Security Architecture (CDSA) Specification".\r
+///\r
#define BIS_ALG_DSA (41) // CSSM_ALGID_DSA\r
#define BIS_ALG_RSA_MD5 (42) // CSSM_ALGID_MD5_WITH_RSA\r
-// Currently defined values for EFI_BIS_SIGNATURE_INFO.CertificateId.\r
-//\r
+/// Currently defined values for EFI_BIS_SIGNATURE_INFO.CertificateId.\r
+///\r
#define BIS_CERT_ID_DSA BIS_ALG_DSA // CSSM_ALGID_DSA\r
#define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA\r
-// The following is a mask value that gets applied to the truncated hash of a\r
-// platform Boot Object Authorization Certificate to create the certificateID.\r
-// A certificateID must not have any bits set to the value 1 other than bits in\r
-// this mask.\r
-//\r
+/// The following is a mask value that gets applied to the truncated hash of a\r
+/// platform Boot Object Authorization Certificate to create the certificateID.\r
+/// A certificateID must not have any bits set to the value 1 other than bits in\r
+/// this mask.\r
+///\r
#define BIS_CERT_ID_MASK (0xFF7F7FFF)\r
\r
-//\r
-// Macros for dealing with the EFI_BIS_DATA object obtained\r
-// from BIS_GetSignatureInfo()\r
-// BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO\r
-// elements are contained in a EFI_BIS_DATA struct pointed to\r
-// by the provided EFI_BIS_DATA*.\r
-//\r
+///\r
+/// Macros for dealing with the EFI_BIS_DATA object obtained\r
+/// from BIS_GetSignatureInfo()\r
+/// BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO\r
+/// elements are contained in a EFI_BIS_DATA struct pointed to\r
+/// by the provided EFI_BIS_DATA*.\r
+///\r
#define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO))\r
\r
-//\r
-// BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO*\r
-// from a given EFI_BIS_DATA*.\r
-//\r
+///\r
+/// BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO*\r
+/// from a given EFI_BIS_DATA*.\r
+///\r
#define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data)\r
\r
-//\r
-// Binary Value of "X-Intel-BIS-ParameterSet" Attribute.\r
-// (Value is Base64 encoded in actual signed manifest).\r
-// {EDD35E31-07B9-11d2-83A3-00A0C91FADCF}\r
-//\r
-#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \\r
- { \\r
- 0xedd35e31, 0x7b9, 0x11d2, \\r
- { \\r
- 0x83, 0xa3, 0x0, 0xa0, 0xc9, 0x1f, 0xad, 0xcf \\r
- } \\r
- }\r
-\r
-//\r
-// Support old name for backward compatible\r
-//\r
+///\r
+/// Support old name for backward compatible\r
+///\r
#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \\r
BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID\r
\r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_INITIALIZE) (\r
+(EFIAPI *EFI_BIS_INITIALIZE)(\r
IN EFI_BIS_PROTOCOL *This, \r
OUT BIS_APPLICATION_HANDLE *AppHandle, \r
IN OUT EFI_BIS_VERSION *InterfaceVersion, \r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_FREE) (\r
+(EFIAPI *EFI_BIS_FREE)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
IN EFI_BIS_DATA *ToFree \r
);\r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_SHUTDOWN) (\r
+(EFIAPI *EFI_BIS_SHUTDOWN)(\r
IN BIS_APPLICATION_HANDLE AppHandle \r
);\r
\r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE) (\r
+(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
OUT EFI_BIS_DATA **Certificate \r
);\r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT) (\r
+(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
IN EFI_BIS_DATA *Credentials, \r
IN EFI_BIS_DATA *DataObject, \r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG) (\r
+(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
OUT BOOLEAN *CheckIsRequired \r
);\r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN) (\r
+(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
OUT EFI_BIS_DATA **UpdateToken \r
);\r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION) (\r
+(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
IN EFI_BIS_DATA *RequestCredential, \r
OUT EFI_BIS_DATA **NewUpdateToken \r
**/ \r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL) (\r
+(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
IN EFI_BIS_DATA *Credentials, \r
IN EFI_BIS_DATA *DataObject, \r
**/\r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO) (\r
+(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO)(\r
IN BIS_APPLICATION_HANDLE AppHandle, \r
OUT EFI_BIS_DATA **SignatureInfo \r
);\r
\r
+/**\r
+ @par Protocol Description:\r
+ The EFI_BIS_PROTOCOL is used to check a digital signature of a data block against a digital\r
+ certificate for the purpose of an integrity and authorization check.\r
+\r
+ @param initialize\r
+ Initializes an application instance of the EFI_BIS protocol,\r
+ returning a handle for the application instance. Other functions in\r
+ the EFI_BIS protocol require a valid application instance\r
+ handle obtained from this function.\r
+ \r
+ @param Shutdown \r
+ Ends the lifetime of an application instance of the EFI_BIS\r
+ protocol, invalidating its application instance handle. The\r
+ application instance handle may no longer be used in other\r
+ functions in the EFI_BIS protocol.\r
+\r
+ @param Free \r
+ Frees memory structures allocated and returned by other\r
+ functions in the EFI_BIS protocol. \r
+\r
+ @param GetBootObjectAuthorizationCertificate\r
+ Retrieves the current digital certificate (if any) used by the\r
+ EFI_BIS protocol as the source of authorization for verifying\r
+ boot objects and altering configuration parameters.\r
+\r
+ @param GetBootObjectAuthorizationCheckFlag\r
+ Retrieves the current setting of the authorization check flag that\r
+ indicates whether or not authorization checks are required for\r
+ boot objects.\r
+\r
+ @param GetBootObjectAuthorizationUpdateToken\r
+ Retrieves an uninterpreted token whose value gets included and\r
+ signed in a subsequent request to alter the configuration\r
+ parameters, to protect against attempts to replay such a request.\r
+\r
+ @param GetSignatureInfo \r
+ Retrieves information about the digital signature algorithms\r
+ supported and the identity of the installed authorization\r
+ certificate, if any.\r
+\r
+ @param UpdateBootObjectAuthorization\r
+ Requests that the configuration parameters be altered by\r
+ installing or removing an authorization certificate or changing the\r
+ setting of the check flag. \r
+\r
+ @param VerifyBootObject\r
+ Verifies a boot object according to the supplied digital signature\r
+ and the current authorization certificate and check flag setting.\r
+\r
+ @param VerifyObjectWithCredential\r
+ Verifies a data object according to a supplied digital signature\r
+ and a supplied digital certificate. \r
+**/\r
struct _EFI_BIS_PROTOCOL {\r
EFI_BIS_INITIALIZE Initialize;\r
EFI_BIS_SHUTDOWN Shutdown;\r
projects / mirror_edk2.git / blobdiff