X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=MdePkg%2FInclude%2FProtocol%2FBis.h;h=f4376570ba10e1ed5e58e3fe0d390b456a4b7c32;hp=03cae05907c2ceab265ad68d30a69e3c16f4fd33;hb=9095d37b8fe5bfc3d02adad6ba7fd7359ebc0107;hpb=d1102dba7210b95e41d06c2338a22ba6af248645
diff --git a/MdePkg/Include/Protocol/Bis.h b/MdePkg/Include/Protocol/Bis.h
index 03cae05907..f4376570ba 100644
--- a/MdePkg/Include/Protocol/Bis.h
+++ b/MdePkg/Include/Protocol/Bis.h
@@ -1,18 +1,18 @@
/** @file
- The EFI_BIS_PROTOCOL is used to check a digital signature of a data block
+ The EFI_BIS_PROTOCOL is used to check a digital signature of a data block
against a digital certificate for the purpose of an integrity and authorization check.
-Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials are licensed and made available under
-the terms and conditions of the BSD License that accompanies this distribution.
+Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php.
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+http://opensource.org/licenses/bsd-license.php.
- @par Revision Reference:
- This Protocol is introduced in EFI Specification 1.10.
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+ @par Revision Reference:
+ This Protocol is introduced in EFI Specification 1.10.
**/
@@ -122,32 +122,32 @@ typedef struct {
#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \
BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID
-/**
+/**
Initializes the BIS service, checking that it is compatible with the version requested by the caller.
- After this call, other BIS functions may be invoked.
-
+ After this call, other BIS functions may be invoked.
+
@param This A pointer to the EFI_BIS_PROTOCOL object.
- @param AppHandle The function writes the new BIS_APPLICATION_HANDLE if
+ @param AppHandle The function writes the new BIS_APPLICATION_HANDLE if
successful, otherwise it writes NULL. The caller must eventually
- destroy this handle by calling Shutdown().
+ destroy this handle by calling Shutdown().
@param InterfaceVersion On input, the caller supplies the major version number of the
- interface version desired.
- On output, both the major and minor
+ interface version desired.
+ On output, both the major and minor
version numbers are updated with the major and minor version
numbers of the interface. This update is done whether or not the
- initialization was successful.
- @param TargetAddress Indicates a network or device address of the BIS platform to connect to.
+ initialization was successful.
+ @param TargetAddress Indicates a network or device address of the BIS platform to connect to.
@retval EFI_SUCCESS The function completed successfully.
- @retval EFI_INCOMPATIBLE_VERSION The InterfaceVersion.Major requested by the
+ @retval EFI_INCOMPATIBLE_VERSION The InterfaceVersion.Major requested by the
caller was not compatible with the interface version of the
implementation. The InterfaceVersion.Major has
been updated with the current interface version.
- @retval EFI_UNSUPPORTED This is a local-platform implementation and
- TargetAddress.Data was not NULL, or
+ @retval EFI_UNSUPPORTED This is a local-platform implementation and
+ TargetAddress.Data was not NULL, or
TargetAddress.Data was any other value that was not
- supported by the implementation.
- @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
+ supported by the implementation.
+ @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
@retval EFI_DEVICE_ERROR One of the following device errors:
* The function encountered an unexpected internal failure while initializing a cryptographic software module
* No cryptographic software module with compatible version was found
@@ -161,51 +161,51 @@ typedef struct {
is NULL or an invalid memory reference. Or,
the TargetAddress parameter supplied by the caller is
NULL or an invalid memory reference.
-
-**/
+
+**/
typedef
EFI_STATUS
(EFIAPI *EFI_BIS_INITIALIZE)(
- IN EFI_BIS_PROTOCOL *This,
- OUT BIS_APPLICATION_HANDLE *AppHandle,
- IN OUT EFI_BIS_VERSION *InterfaceVersion,
- IN EFI_BIS_DATA *TargetAddress
+ IN EFI_BIS_PROTOCOL *This,
+ OUT BIS_APPLICATION_HANDLE *AppHandle,
+ IN OUT EFI_BIS_VERSION *InterfaceVersion,
+ IN EFI_BIS_DATA *TargetAddress
);
-/**
- Frees memory structures allocated and returned by other functions in the EFI_BIS protocol.
-
+/**
+ Frees memory structures allocated and returned by other functions in the EFI_BIS protocol.
+
@param AppHandle An opaque handle that identifies the caller's instance of initialization
- of the BIS service.
- @param ToFree An EFI_BIS_DATA* and associated memory block to be freed.
+ of the BIS service.
+ @param ToFree An EFI_BIS_DATA* and associated memory block to be freed.
This EFI_BIS_DATA* must have been allocated by one of the other BIS functions.
@retval EFI_SUCCESS The function completed successfully.
@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
- application instance handle associated with the EFI_BIS protocol.
- @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
+ application instance handle associated with the EFI_BIS protocol.
+ @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
@retval EFI_INVALID_PARAMETER The ToFree parameter is not or is no longer a memory resource
- associated with this AppHandle.
-
-**/
+ associated with this AppHandle.
+
+**/
typedef
EFI_STATUS
(EFIAPI *EFI_BIS_FREE)(
- IN BIS_APPLICATION_HANDLE AppHandle,
- IN EFI_BIS_DATA *ToFree
+ IN BIS_APPLICATION_HANDLE AppHandle,
+ IN EFI_BIS_DATA *ToFree
);
-/**
+/**
Shuts down an application's instance of the BIS service, invalidating the application handle. After
- this call, other BIS functions may no longer be invoked using the application handle value.
-
+ this call, other BIS functions may no longer be invoked using the application handle value.
+
@param AppHandle An opaque handle that identifies the caller's instance of initialization
- of the BIS service.
+ of the BIS service.
@retval EFI_SUCCESS The function completed successfully.
@retval EFI_NO_MAPPING The AppHandle parameter is not, or is no longer, a valid
- application instance handle associated with the EFI_BIS protocol.
- @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
+ application instance handle associated with the EFI_BIS protocol.
+ @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
@retval EFI_DEVICE_ERROR The function encountered an unexpected internal failure while
returning resources associated with a cryptographic software module, or
while trying to shut down a cryptographic software module.
@@ -213,206 +213,206 @@ EFI_STATUS
typedef
EFI_STATUS
(EFIAPI *EFI_BIS_SHUTDOWN)(
- IN BIS_APPLICATION_HANDLE AppHandle
+ IN BIS_APPLICATION_HANDLE AppHandle
);
-/**
+/**
Retrieves the certificate that has been configured as the identity of the organization designated as
the source of authorization for signatures of boot objects.
-
+
@param AppHandle An opaque handle that identifies the caller's instance of initialization
- of the BIS service.
+ of the BIS service.
@param Certificate The function writes an allocated EFI_BIS_DATA* containing the Boot
Object Authorization Certificate object. The caller must
eventually free the memory allocated by this function using the function Free().
@retval EFI_SUCCESS The function completed successfully.
@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
- application instance handle associated with the EFI_BIS protocol.
- @retval EFI_NOT_FOUND There is no Boot Object Authorization Certificate currently installed.
- @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
+ application instance handle associated with the EFI_BIS protocol.
+ @retval EFI_NOT_FOUND There is no Boot Object Authorization Certificate currently installed.
+ @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
@retval EFI_INVALID_PARAMETER The Certificate parameter supplied by the caller is NULL or
- an invalid memory reference.
-
-**/
+ an invalid memory reference.
+
+**/
typedef
EFI_STATUS
(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE)(
- IN BIS_APPLICATION_HANDLE AppHandle,
- OUT EFI_BIS_DATA **Certificate
+ IN BIS_APPLICATION_HANDLE AppHandle,
+ OUT EFI_BIS_DATA **Certificate
);
-/**
+/**
Verifies the integrity and authorization of the indicated data object according to the
- indicated credentials.
-
+ indicated credentials.
+
@param AppHandle An opaque handle that identifies the caller's instance of initialization
- of the BIS service.
+ of the BIS service.
@param Credentials A Signed Manifest containing verification information for the indicated
- data object.
+ data object.
@param DataObject An in-memory copy of the raw data object to be verified.
@param IsVerified The function writes TRUE if the verification succeeded, otherwise
- FALSE.
-
+ FALSE.
+
@retval EFI_SUCCESS The function completed successfully.
@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
- application instance handle associated with the EFI_BIS protocol.
- @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
+ application instance handle associated with the EFI_BIS protocol.
+ @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
@retval EFI_INVALID_PARAMETER One or more parameters are invalid.
@retval EFI_SECURITY_VIOLATION The signed manifest supplied as the Credentials parameter
was invalid (could not be parsed) or Platform-specific authorization failed, etc.
- @retval EFI_DEVICE_ERROR An unexpected internal error occurred.
-
-**/
+ @retval EFI_DEVICE_ERROR An unexpected internal error occurred.
+
+**/
typedef
EFI_STATUS
(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT)(
- IN BIS_APPLICATION_HANDLE AppHandle,
- IN EFI_BIS_DATA *Credentials,
- IN EFI_BIS_DATA *DataObject,
- OUT BOOLEAN *IsVerified
+ IN BIS_APPLICATION_HANDLE AppHandle,
+ IN EFI_BIS_DATA *Credentials,
+ IN EFI_BIS_DATA *DataObject,
+ OUT BOOLEAN *IsVerified
);
-/**
+/**
Retrieves the current status of the Boot Authorization Check Flag.
-
+
@param AppHandle An opaque handle that identifies the caller's instance of initialization
- of the BIS service.
+ of the BIS service.
@param CheckIsRequired The function writes the value TRUE if a Boot Authorization Check is
- currently required on this platform, otherwise the function writes
- FALSE.
-
+ currently required on this platform, otherwise the function writes
+ FALSE.
+
@retval EFI_SUCCESS The function completed successfully.
@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
- application instance handle associated with the EFI_BIS protocol.
- @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
+ application instance handle associated with the EFI_BIS protocol.
+ @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
@retval EFI_INVALID_PARAMETER The CheckIsRequired parameter supplied by the caller is
- NULL or an invalid memory reference.
-
-**/
+ NULL or an invalid memory reference.
+
+**/
typedef
EFI_STATUS
(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG)(
- IN BIS_APPLICATION_HANDLE AppHandle,
- OUT BOOLEAN *CheckIsRequired
+ IN BIS_APPLICATION_HANDLE AppHandle,
+ OUT BOOLEAN *CheckIsRequired
);
-/**
+/**
Retrieves a unique token value to be included in the request credential for the next update of any
- parameter in the Boot Object Authorization set
-
- @param AppHandle An opaque handle that identifies the caller's
- instance of initialization of the BIS service.
- @param UpdateToken The function writes an allocated EFI_BIS_DATA*
- containing the newunique update token value.
- The caller musteventually free the memory allocated
+ parameter in the Boot Object Authorization set
+
+ @param AppHandle An opaque handle that identifies the caller's
+ instance of initialization of the BIS service.
+ @param UpdateToken The function writes an allocated EFI_BIS_DATA*
+ containing the newunique update token value.
+ The caller musteventually free the memory allocated
by this function using the function Free().
-
+
@retval EFI_SUCCESS The function completed successfully.
@retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
- application instance handle associated with the EFI_BIS protocol.
- @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
+ application instance handle associated with the EFI_BIS protocol.
+ @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
@retval EFI_INVALID_PARAMETER The UpdateToken parameter supplied by the caller is NULL or
- an invalid memory reference.
- @retval EFI_DEVICE_ERROR An unexpected internal error occurred.
-
-**/
+ an invalid memory reference.
+ @retval EFI_DEVICE_ERROR An unexpected internal error occurred.
+
+**/
typedef
EFI_STATUS
(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN)(
- IN BIS_APPLICATION_HANDLE AppHandle,
- OUT EFI_BIS_DATA **UpdateToken
+ IN BIS_APPLICATION_HANDLE AppHandle,
+ OUT EFI_BIS_DATA **UpdateToken
);
-/**
+/**
Updates one of the configurable parameters of the Boot Object Authorization set.
-
- @param AppHandle An opaque handle that identifies the caller's
- instance of initialization of the BIS service.
- @param RequestCredential This is a Signed Manifest with embedded attributes
- that carry the details of the requested update.
- @param NewUpdateToken The function writes an allocated EFI_BIS_DATA*
- containing the new unique update token value.
- The caller must eventually free the memory allocated
+
+ @param AppHandle An opaque handle that identifies the caller's
+ instance of initialization of the BIS service.
+ @param RequestCredential This is a Signed Manifest with embedded attributes
+ that carry the details of the requested update.
+ @param NewUpdateToken The function writes an allocated EFI_BIS_DATA*
+ containing the new unique update token value.
+ The caller must eventually free the memory allocated
by this function using the function Free().
-
- @retval EFI_SUCCESS The function completed successfully.
- @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
- application instance handle associated with the EFI_BIS protocol.
- @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
- @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
- @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the RequestCredential parameter
- was invalid (could not be parsed) or Platform-specific authorization failed, etc.
+
+ @retval EFI_SUCCESS The function completed successfully.
+ @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
+ application instance handle associated with the EFI_BIS protocol.
+ @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
+ @retval EFI_SECURITY_VIOLATION The signed manifest supplied as the RequestCredential parameter
+ was invalid (could not be parsed) or Platform-specific authorization failed, etc.
@retval EFI_DEVICE_ERROR An unexpected internal error occurred while analyzing the new
certificate's key algorithm, or while attempting to retrieve
the public key algorithm of the manifest's signer's certificate,
- or An unexpected internal error occurred in a cryptographic software module.
-
-**/
+ or An unexpected internal error occurred in a cryptographic software module.
+
+**/
typedef
EFI_STATUS
(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION)(
- IN BIS_APPLICATION_HANDLE AppHandle,
- IN EFI_BIS_DATA *RequestCredential,
- OUT EFI_BIS_DATA **NewUpdateToken
+ IN BIS_APPLICATION_HANDLE AppHandle,
+ IN EFI_BIS_DATA *RequestCredential,
+ OUT EFI_BIS_DATA **NewUpdateToken
);
-/**
+/**
Verifies the integrity and authorization of the indicated data object according to the indicated
- credentials and authority certificate.
-
+ credentials and authority certificate.
+
@param AppHandle An opaque handle that identifies the caller's instance of initialization
- of the BIS service.
+ of the BIS service.
@param Credentials A Signed Manifest containing verification information for the
- indicated data object.
+ indicated data object.
@param DataObject An in-memory copy of the raw data object to be verified.
- @param SectionName An ASCII string giving the section name in the
+ @param SectionName An ASCII string giving the section name in the
manifest holding the verification information (in other words,
- hash value) that corresponds to DataObject.
- @param AuthorityCertificate A digital certificate whose public key must match the signer's
- public key which is found in the credentials.
+ hash value) that corresponds to DataObject.
+ @param AuthorityCertificate A digital certificate whose public key must match the signer's
+ public key which is found in the credentials.
@param IsVerified The function writes TRUE if the verification was successful.
- Otherwise, the function writes FALSE.
-
- @retval EFI_SUCCESS The function completed successfully.
- @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
- application instance handle associated with the EFI_BIS protocol.
- @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
- @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
+ Otherwise, the function writes FALSE.
+
+ @retval EFI_SUCCESS The function completed successfully.
+ @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
+ application instance handle associated with the EFI_BIS protocol.
+ @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
@retval EFI_SECURITY_VIOLATION The Credentials.Data supplied by the caller is NULL,
- or the AuthorityCertificate supplied by the caller was
- invalid (could not be parsed),
- or Platform-specific authorization failed, etc.
+ or the AuthorityCertificate supplied by the caller was
+ invalid (could not be parsed),
+ or Platform-specific authorization failed, etc.
@retval EFI_DEVICE_ERROR An unexpected internal error occurred while attempting to retrieve
the public key algorithm of the manifest's signer's certificate,
- or An unexpected internal error occurred in a cryptographic software module.
-**/
+ or An unexpected internal error occurred in a cryptographic software module.
+**/
typedef
EFI_STATUS
(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL)(
- IN BIS_APPLICATION_HANDLE AppHandle,
- IN EFI_BIS_DATA *Credentials,
- IN EFI_BIS_DATA *DataObject,
- IN EFI_BIS_DATA *SectionName,
- IN EFI_BIS_DATA *AuthorityCertificate,
- OUT BOOLEAN *IsVerified
+ IN BIS_APPLICATION_HANDLE AppHandle,
+ IN EFI_BIS_DATA *Credentials,
+ IN EFI_BIS_DATA *DataObject,
+ IN EFI_BIS_DATA *SectionName,
+ IN EFI_BIS_DATA *AuthorityCertificate,
+ OUT BOOLEAN *IsVerified
);
-/**
+/**
Retrieves a list of digital certificate identifier, digital signature algorithm, hash algorithm, and keylength
- combinations that the platform supports.
+ combinations that the platform supports.
@param AppHandle An opaque handle that identifies the caller's instance of initialization
- of the BIS service.
+ of the BIS service.
@param SignatureInfo The function writes an allocated EFI_BIS_DATA* containing the array
- of EFI_BIS_SIGNATURE_INFO structures representing the supported
+ of EFI_BIS_SIGNATURE_INFO structures representing the supported
digital certificate identifier, algorithm, and key length combinations.
The caller must eventually free the memory allocated by this function using the function Free().
- @retval EFI_SUCCESS The function completed successfully.
- @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
- application instance handle associated with the EFI_BIS protocol.
- @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
+ @retval EFI_SUCCESS The function completed successfully.
+ @retval EFI_NO_MAPPING The AppHandle parameter is not or is no longer a valid
+ application instance handle associated with the EFI_BIS protocol.
+ @retval EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.
@retval EFI_INVALID_PARAMETER The SignatureInfo parameter supplied by the caller is NULL
or an invalid memory reference.
@retval EFI_DEVICE_ERROR An unexpected internal error occurred in a
@@ -424,8 +424,8 @@ EFI_STATUS
typedef
EFI_STATUS
(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO)(
- IN BIS_APPLICATION_HANDLE AppHandle,
- OUT EFI_BIS_DATA **SignatureInfo
+ IN BIS_APPLICATION_HANDLE AppHandle,
+ OUT EFI_BIS_DATA **SignatureInfo
);
///