SecurityPkg: Add constraints on PK strength

[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfigImpl.h

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
index 1fafae07ac2a61912a76743ef22ebff83e78b472..268f015e8e7dabe71031c79fc22a665b9a202ed2 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
@@ -93,6 +93,27 @@ extern  EFI_IFR_GUID_LABEL         *mEndLabel;
 #define HASHALG_RAW                            0x00000004\r
 #define HASHALG_MAX                            0x00000004\r
 \r
+//\r
+// Certificate public key minimum size (bytes)\r
+//\r
+#define CER_PUBKEY_MIN_SIZE     256\r
+\r
+//\r
+// Types of errors may occur during certificate enrollment.\r
+//\r
+typedef enum {\r
+  None_Error = 0,\r
+  //\r
+  // Unsupported_type indicates the certificate type is not supported.\r
+  //\r
+  Unsupported_Type,\r
+  //\r
+  // Unqualified_key indicates the key strength of certificate is not\r
+  // strong enough.\r
+  //\r
+  Unqualified_Key,\r
+  Enroll_Error_Max\r
+}ENROLL_KEY_ERROR;\r
 \r
 typedef struct {\r
   UINTN             Signature;\r