/** @file\r
- The variable data structures are related to EDKII-specific \r
+ The variable data structures are related to EDKII-specific\r
implementation of UEFI authenticated variables.\r
- AuthenticatedVariableFormat.h defines variable data headers \r
- and variable storage region headers.\r
-\r
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
+ AuthenticatedVariableFormat.h defines variable data headers\r
+ and variable storage region headers that has been moved to\r
+ VariableFormat.h.\r
+\r
+Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__\r
#define __AUTHENTICATED_VARIABLE_FORMAT_H__\r
\r
-#define EFI_AUTHENTICATED_VARIABLE_GUID \\r
- { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r
+#include <Guid/VariableFormat.h>\r
\r
#define EFI_SECURE_BOOT_ENABLE_DISABLE \\r
{ 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }\r
\r
-\r
-extern EFI_GUID gEfiAuthenticatedVariableGuid;\r
extern EFI_GUID gEfiSecureBootEnableDisableGuid;\r
+extern EFI_GUID gEfiCertDbGuid;\r
+extern EFI_GUID gEfiCustomModeEnableGuid;\r
+extern EFI_GUID gEfiVendorKeysNvGuid;\r
\r
///\r
-/// "SecureBootEnable" variable for the Secure boot feature enable/disable.\r
+/// "SecureBootEnable" variable for the Secure Boot feature enable/disable.\r
+/// This variable is used for allowing a physically present user to disable\r
+/// Secure Boot via firmware setup without the possession of PKpriv.\r
+///\r
+/// GUID: gEfiSecureBootEnableDisableGuid\r
+///\r
+/// Format: UINT8\r
///\r
#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable"\r
#define SECURE_BOOT_ENABLE 1\r
#define SECURE_BOOT_DISABLE 0\r
\r
-extern EFI_GUID gEfiCustomModeEnableGuid;\r
-\r
///\r
/// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".\r
/// Standard Secure Boot mode is the default mode as UEFI Spec's description.\r
/// Can enroll or delete KEK without existing PK's private key.\r
/// Can enroll or delete signature from DB/DBX without KEK's private key.\r
///\r
+/// GUID: gEfiCustomModeEnableGuid\r
+///\r
+/// Format: UINT8\r
+///\r
#define EFI_CUSTOM_MODE_NAME L"CustomMode"\r
#define CUSTOM_SECURE_BOOT_MODE 1\r
#define STANDARD_SECURE_BOOT_MODE 0\r
\r
///\r
-/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX\r
-/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
-/// \r
-///\r
-#define EFI_CERT_DB_NAME L"certdb"\r
-\r
-extern EFI_GUID gEfiCertDbGuid;\r
-\r
-///\r
-/// Alignment of variable name and data, according to the architecture:\r
-/// * For IA-32 and Intel(R) 64 architectures: 1.\r
-/// * For IA-64 architecture: 8.\r
-///\r
-#if defined (MDE_CPU_IPF)\r
-#define ALIGNMENT 8\r
-#else\r
-#define ALIGNMENT 1\r
-#endif\r
-\r
-//\r
-// GET_PAD_SIZE calculates the miminal pad bytes needed to make the current pad size satisfy the alignment requirement.\r
-//\r
-#if (ALIGNMENT == 1)\r
-#define GET_PAD_SIZE(a) (0)\r
-#else\r
-#define GET_PAD_SIZE(a) (((~a) + 1) & (ALIGNMENT - 1))\r
-#endif\r
-\r
-///\r
-/// Alignment of Variable Data Header in Variable Store region.\r
-///\r
-#define HEADER_ALIGNMENT 4\r
-#define HEADER_ALIGN(Header) (((UINTN) (Header) + HEADER_ALIGNMENT - 1) & (~(HEADER_ALIGNMENT - 1)))\r
-\r
-///\r
-/// Status of Variable Store Region.\r
-///\r
-typedef enum {\r
- EfiRaw,\r
- EfiValid,\r
- EfiInvalid,\r
- EfiUnknown\r
-} VARIABLE_STORE_STATUS;\r
-\r
-#pragma pack(1)\r
-\r
-#define VARIABLE_STORE_SIGNATURE EFI_AUTHENTICATED_VARIABLE_GUID\r
-\r
-///\r
-/// Variable Store Header Format and State.\r
-///\r
-#define VARIABLE_STORE_FORMATTED 0x5a\r
-#define VARIABLE_STORE_HEALTHY 0xfe\r
-\r
-///\r
-/// Variable Store region header.\r
-///\r
-typedef struct {\r
- ///\r
- /// Variable store region signature.\r
- ///\r
- EFI_GUID Signature;\r
- ///\r
- /// Size of entire variable store, \r
- /// including size of variable store header but not including the size of FvHeader.\r
- ///\r
- UINT32 Size;\r
- ///\r
- /// Variable region format state.\r
- ///\r
- UINT8 Format;\r
- ///\r
- /// Variable region healthy state.\r
- ///\r
- UINT8 State;\r
- UINT16 Reserved;\r
- UINT32 Reserved1;\r
-} VARIABLE_STORE_HEADER;\r
-\r
+/// "VendorKeysNv" variable to record the out of band secure boot keys modification.\r
+/// This variable is a read-only NV varaible that indicates whether someone other than\r
+/// the platform vendor has used a mechanism not defined by the UEFI Specification to\r
+/// transition the system to setup mode or to update secure boot keys.\r
///\r
-/// Variable data start flag.\r
-///\r
-#define VARIABLE_DATA 0x55AA\r
-\r
-///\r
-/// Variable State flags.\r
-///\r
-#define VAR_IN_DELETED_TRANSITION 0xfe ///< Variable is in obsolete transition.\r
-#define VAR_DELETED 0xfd ///< Variable is obsolete.\r
-#define VAR_HEADER_VALID_ONLY 0x7f ///< Variable header has been valid.\r
-#define VAR_ADDED 0x3f ///< Variable has been completely added.\r
-\r
-///\r
-/// Single Variable Data Header Structure.\r
-///\r
-typedef struct {\r
- ///\r
- /// Variable Data Start Flag.\r
- ///\r
- UINT16 StartId;\r
- ///\r
- /// Variable State defined above.\r
- ///\r
- UINT8 State;\r
- UINT8 Reserved;\r
- ///\r
- /// Attributes of variable defined in UEFI specification.\r
- ///\r
- UINT32 Attributes;\r
- ///\r
- /// Associated monotonic count value against replay attack.\r
- ///\r
- UINT64 MonotonicCount;\r
- ///\r
- /// Associated TimeStamp value against replay attack. \r
- ///\r
- EFI_TIME TimeStamp;\r
- ///\r
- /// Index of associated public key in database.\r
- ///\r
- UINT32 PubKeyIndex;\r
- ///\r
- /// Size of variable null-terminated Unicode string name.\r
- ///\r
- UINT32 NameSize;\r
- ///\r
- /// Size of the variable data without this header.\r
- ///\r
- UINT32 DataSize;\r
- ///\r
- /// A unique identifier for the vendor that produces and consumes this varaible.\r
- ///\r
- EFI_GUID VendorGuid;\r
-} VARIABLE_HEADER;\r
-\r
-#pragma pack()\r
-\r
-typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY;\r
-\r
+/// GUID: gEfiVendorKeysNvGuid\r
///\r
-/// This structure contains the variable list that is put in EFI system table.\r
-/// The variable driver collects all variables that were used at boot service time and produces this list.\r
-/// This is an optional feature to dump all used variables in shell environment. \r
+/// Format: UINT8\r
///\r
-struct _VARIABLE_INFO_ENTRY {\r
- VARIABLE_INFO_ENTRY *Next; ///< Pointer to next entry.\r
- EFI_GUID VendorGuid; ///< Guid of Variable.\r
- CHAR16 *Name; ///< Name of Variable. \r
- UINT32 Attributes; ///< Attributes of variable defined in UEFI spec.\r
- UINT32 ReadCount; ///< Number of times to read this variable.\r
- UINT32 WriteCount; ///< Number of times to write this variable.\r
- UINT32 DeleteCount; ///< Number of times to delete this variable.\r
- UINT32 CacheCount; ///< Number of times that cache hits this variable.\r
- BOOLEAN Volatile; ///< TRUE if volatile, FALSE if non-volatile.\r
-};\r
+#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv"\r
+#define VENDOR_KEYS_VALID 1\r
+#define VENDOR_KEYS_MODIFIED 0\r
\r
#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__\r
projects / mirror_edk2.git / blobdiff