/** @file\r
Header file for NV data structure definition.\r
\r
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
#include <Guid/HiiPlatformSetupFormset.h>\r
#include <Guid/SecureBootConfigHii.h>\r
\r
+//\r
+// Used by VFR for form or button identification\r
+//\r
#define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001\r
-#define SECUREBOOT_CONFIGURATION_FORM_ID 0x0001\r
+#define SECUREBOOT_CONFIGURATION_FORM_ID 0x01\r
+#define FORMID_SECURE_BOOT_OPTION_FORM 0x02\r
+#define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03\r
+#define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04\r
+#define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05\r
+#define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06\r
+#define FORMID_ENROLL_PK_FORM 0x07\r
+#define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08\r
+#define FORMID_ENROLL_KEK_FORM 0x09\r
+#define FORMID_DELETE_KEK_FORM 0x0a\r
+#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b\r
+#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c\r
+#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d\r
+#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX 0x0e\r
+#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14\r
+#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15\r
+#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16\r
+\r
+#define SECURE_BOOT_MODE_CUSTOM 0x01\r
+#define SECURE_BOOT_MODE_STANDARD 0x00\r
+\r
+#define KEY_SECURE_BOOT_ENABLE 0x1000\r
+#define KEY_SECURE_BOOT_MODE 0x1001\r
+#define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002\r
+#define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003\r
+#define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004\r
+#define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005\r
+#define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008\r
+#define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009\r
+#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a\r
+#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b\r
+#define KEY_HIDE_SECURE_BOOT 0x100c\r
+#define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d\r
+#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e\r
+\r
+#define KEY_SECURE_BOOT_OPTION 0x1100\r
+#define KEY_SECURE_BOOT_PK_OPTION 0x1101\r
+#define KEY_SECURE_BOOT_KEK_OPTION 0x1102\r
+#define KEY_SECURE_BOOT_DB_OPTION 0x1103\r
+#define KEY_SECURE_BOOT_DBX_OPTION 0x1104\r
+#define KEY_SECURE_BOOT_DELETE_PK 0x1105\r
+#define KEY_ENROLL_PK 0x1106\r
+#define KEY_ENROLL_KEK 0x1107\r
+#define KEY_DELETE_KEK 0x1108\r
+#define KEY_SECURE_BOOT_KEK_GUID 0x110a\r
+#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b\r
+#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c\r
+#define KEY_SECURE_BOOT_DBT_OPTION 0x110d\r
+#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e\r
+\r
+#define LABEL_KEK_DELETE 0x1200\r
+#define LABEL_DB_DELETE 0x1201\r
+#define LABEL_DBX_DELETE 0x1202\r
+#define LABEL_DBT_DELETE 0x1203\r
+#define LABEL_END 0xffff\r
+\r
+\r
+#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255\r
+\r
+#define CONFIG_OPTION_OFFSET 0x2000\r
+\r
+#define OPTION_CONFIG_QUESTION_ID 0x2000\r
+#define OPTION_CONFIG_RANGE 0x1000\r
+\r
+//\r
+// Question ID 0x2000 ~ 0x2FFF is for KEK\r
+//\r
+#define OPTION_DEL_KEK_QUESTION_ID 0x2000\r
+//\r
+// Question ID 0x3000 ~ 0x3FFF is for DB\r
+//\r
+#define OPTION_DEL_DB_QUESTION_ID 0x3000\r
+//\r
+// Question ID 0x4000 ~ 0x4FFF is for DBX\r
+//\r
+#define OPTION_DEL_DBX_QUESTION_ID 0x4000\r
+\r
+//\r
+// Question ID 0x5000 ~ 0x5FFF is for DBT\r
+//\r
+#define OPTION_DEL_DBT_QUESTION_ID 0x5000\r
+\r
+#define SECURE_BOOT_GUID_SIZE 36\r
+#define SECURE_BOOT_GUID_STORAGE_SIZE 37\r
+\r
+#define UNKNOWN_FILE_TYPE 0\r
+#define X509_CERT_FILE_TYPE 1\r
+#define PE_IMAGE_FILE_TYPE 2\r
+#define AUTHENTICATION_2_FILE_TYPE 3\r
\r
-#define KEY_SECURE_BOOT_ENABLE 0x5000\r
- \r
//\r
// Nv Data structure referenced by IFR\r
//\r
typedef struct {\r
- BOOLEAN SecureBootState;\r
- BOOLEAN HideSecureBoot;\r
+ BOOLEAN AttemptSecureBoot; // Attempt to enable/disable Secure Boot\r
+ BOOLEAN HideSecureBoot; // Hiden Attempt Secure Boot\r
+ CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];\r
+ BOOLEAN PhysicalPresent; // If a Physical Present User\r
+ UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom\r
+ BOOLEAN DeletePk;\r
+ BOOLEAN HasPk; // If Pk is existed it is true\r
+ BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden\r
+ UINT8 CertificateFormat; // The type of the certificate\r
+ EFI_HII_DATE RevocationDate; // The revocation date of the certificate\r
+ EFI_HII_TIME RevocationTime; // The revocation time of the certificate\r
+ UINT8 FileEnrollType; // File type of sigunature enroll\r
} SECUREBOOT_CONFIGURATION;\r
\r
#endif\r
projects / mirror_edk2.git / blobdiff