} AUTH_CERT_DB_DATA;\r
#pragma pack()\r
\r
+///\r
+/// "SecureBootMode" variable stores current secure boot mode.\r
+/// The value type is SECURE_BOOT_MODE_TYPE.\r
+///\r
+#define EDKII_SECURE_BOOT_MODE_NAME L"SecureBootMode"\r
+\r
+typedef enum { \r
+ SecureBootModeTypeUserMode,\r
+ SecureBootModeTypeSetupMode,\r
+ SecureBootModeTypeAuditMode,\r
+ SecureBootModeTypeDeployedMode,\r
+ SecureBootModeTypeMax\r
+} SECURE_BOOT_MODE_TYPE;\r
+\r
+//\r
+// Record status info of Customized Secure Boot Mode.\r
+//\r
+typedef struct {\r
+ ///\r
+ /// AuditMode variable value\r
+ ///\r
+ UINT8 AuditMode;\r
+ ///\r
+ /// AuditMode variable RW\r
+ ///\r
+ BOOLEAN IsAuditModeRO;\r
+ ///\r
+ /// DeployedMode variable value\r
+ ///\r
+ UINT8 DeployedMode;\r
+ ///\r
+ /// AuditMode variable RW\r
+ ///\r
+ BOOLEAN IsDeployedModeRO;\r
+ ///\r
+ /// SetupMode variable value\r
+ ///\r
+ UINT8 SetupMode;\r
+ /// \r
+ /// SetupMode is always RO. Skip IsSetupModeRO; \r
+ ///\r
+\r
+ ///\r
+ /// SecureBoot variable value\r
+ ///\r
+ UINT8 SecureBoot;\r
+} SECURE_BOOT_MODE;\r
+\r
extern UINT8 *mPubKeyStore;\r
extern UINT32 mPubKeyNumber;\r
extern UINT32 mMaxKeyNumber;\r
\r
extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;\r
\r
+/**\r
+ Initialize Secure Boot variables.\r
+\r
+ @retval EFI_SUCCESS The initialization operation is successful.\r
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r
+\r
+**/\r
+EFI_STATUS \r
+InitSecureBootVariables (\r
+ VOID\r
+ );\r
+\r
/**\r
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
\r
IN OUT UINTN *NewDataSize\r
);\r
\r
+/**\r
+ Process Secure Boot Mode variable.\r
+\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+ This function will check attribute carefully to avoid authentication bypass.\r
+\r
+ @param[in] VariableName Name of Variable to be found.\r
+ @param[in] VendorGuid Variable vendor GUID.\r
+ @param[in] Data Data pointer.\r
+ @param[in] DataSize Size of Data found. If size is less than the\r
+ data, this value contains the required size.\r
+ @param[in] Attributes Attribute value of the variable\r
+\r
+ @return EFI_INVALID_PARAMETER Invalid parameter\r
+ @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r
+ check carried out by the firmware.\r
+ @return EFI_WRITE_PROTECTED Variable is Read-Only.\r
+ @return EFI_SUCCESS Variable passed validation successfully.\r
+\r
+**/\r
+EFI_STATUS\r
+ProcessSecureBootModeVar (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes OPTIONAL\r
+ );\r
+\r
/**\r
Process variable with platform key for verification.\r
\r