X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FInclude%2FGuid%2FAuthenticatedVariableFormat.h;h=55fd92a32208e82d122d6a94a35a55a71377d9df;hp=f18f4aa7eb44eaa76b10e7ac44a16f84aa3c5bf6;hb=8b0280362459f819ec5517af961a9b2407f2e0a5;hpb=ed47ae02744bee893531ef4f9072afd93e4f4efd
diff --git a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
index f18f4aa7eb..55fd92a322 100644
--- a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
+++ b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
@@ -1,16 +1,17 @@
/** @file
- The variable data structures are related to EDKII-specific
+ The variable data structures are related to EDKII-specific
implementation of UEFI authenticated variables.
- AuthenticatedVariableFormat.h defines variable data headers
- and variable storage region headers.
-
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
+ AuthenticatedVariableFormat.h defines variable data headers
+ and variable storage region headers that has been moved to
+ VariableFormat.h.
+
+Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@@ -18,25 +19,29 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__
#define __AUTHENTICATED_VARIABLE_FORMAT_H__
-#define EFI_AUTHENTICATED_VARIABLE_GUID \
- { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+#include
#define EFI_SECURE_BOOT_ENABLE_DISABLE \
{ 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }
-
-extern EFI_GUID gEfiAuthenticatedVariableGuid;
extern EFI_GUID gEfiSecureBootEnableDisableGuid;
+extern EFI_GUID gEfiCertDbGuid;
+extern EFI_GUID gEfiCustomModeEnableGuid;
+extern EFI_GUID gEfiVendorKeysNvGuid;
///
-/// "SecureBootEnable" variable for the Secure boot feature enable/disable.
+/// "SecureBootEnable" variable for the Secure Boot feature enable/disable.
+/// This variable is used for allowing a physically present user to disable
+/// Secure Boot via firmware setup without the possession of PKpriv.
+///
+/// GUID: gEfiSecureBootEnableDisableGuid
+///
+/// Format: UINT8
///
#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable"
#define SECURE_BOOT_ENABLE 1
#define SECURE_BOOT_DISABLE 0
-extern EFI_GUID gEfiCustomModeEnableGuid;
-
///
/// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".
/// Standard Secure Boot mode is the default mode as UEFI Spec's description.
@@ -45,165 +50,26 @@ extern EFI_GUID gEfiCustomModeEnableGuid;
/// Can enroll or delete KEK without existing PK's private key.
/// Can enroll or delete signature from DB/DBX without KEK's private key.
///
+/// GUID: gEfiCustomModeEnableGuid
+///
+/// Format: UINT8
+///
#define EFI_CUSTOM_MODE_NAME L"CustomMode"
#define CUSTOM_SECURE_BOOT_MODE 1
#define STANDARD_SECURE_BOOT_MODE 0
///
-/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX
-/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
-///
-///
-#define EFI_CERT_DB_NAME L"certdb"
-
-extern EFI_GUID gEfiCertDbGuid;
-
-///
-/// Alignment of variable name and data, according to the architecture:
-/// * For IA-32 and Intel(R) 64 architectures: 1.
-/// * For IA-64 architecture: 8.
-///
-#if defined (MDE_CPU_IPF)
-#define ALIGNMENT 8
-#else
-#define ALIGNMENT 1
-#endif
-
-//
-// GET_PAD_SIZE calculates the miminal pad bytes needed to make the current pad size satisfy the alignment requirement.
-//
-#if (ALIGNMENT == 1)
-#define GET_PAD_SIZE(a) (0)
-#else
-#define GET_PAD_SIZE(a) (((~a) + 1) & (ALIGNMENT - 1))
-#endif
-
-///
-/// Alignment of Variable Data Header in Variable Store region.
-///
-#define HEADER_ALIGNMENT 4
-#define HEADER_ALIGN(Header) (((UINTN) (Header) + HEADER_ALIGNMENT - 1) & (~(HEADER_ALIGNMENT - 1)))
-
-///
-/// Status of Variable Store Region.
-///
-typedef enum {
- EfiRaw,
- EfiValid,
- EfiInvalid,
- EfiUnknown
-} VARIABLE_STORE_STATUS;
-
-#pragma pack(1)
-
-#define VARIABLE_STORE_SIGNATURE EFI_AUTHENTICATED_VARIABLE_GUID
-
-///
-/// Variable Store Header Format and State.
-///
-#define VARIABLE_STORE_FORMATTED 0x5a
-#define VARIABLE_STORE_HEALTHY 0xfe
-
-///
-/// Variable Store region header.
-///
-typedef struct {
- ///
- /// Variable store region signature.
- ///
- EFI_GUID Signature;
- ///
- /// Size of entire variable store,
- /// including size of variable store header but not including the size of FvHeader.
- ///
- UINT32 Size;
- ///
- /// Variable region format state.
- ///
- UINT8 Format;
- ///
- /// Variable region healthy state.
- ///
- UINT8 State;
- UINT16 Reserved;
- UINT32 Reserved1;
-} VARIABLE_STORE_HEADER;
-
+/// "VendorKeysNv" variable to record the out of band secure boot keys modification.
+/// This variable is a read-only NV varaible that indicates whether someone other than
+/// the platform vendor has used a mechanism not defined by the UEFI Specification to
+/// transition the system to setup mode or to update secure boot keys.
///
-/// Variable data start flag.
-///
-#define VARIABLE_DATA 0x55AA
-
-///
-/// Variable State flags.
-///
-#define VAR_IN_DELETED_TRANSITION 0xfe ///< Variable is in obsolete transition.
-#define VAR_DELETED 0xfd ///< Variable is obsolete.
-#define VAR_HEADER_VALID_ONLY 0x7f ///< Variable header has been valid.
-#define VAR_ADDED 0x3f ///< Variable has been completely added.
-
-///
-/// Single Variable Data Header Structure.
-///
-typedef struct {
- ///
- /// Variable Data Start Flag.
- ///
- UINT16 StartId;
- ///
- /// Variable State defined above.
- ///
- UINT8 State;
- UINT8 Reserved;
- ///
- /// Attributes of variable defined in UEFI specification.
- ///
- UINT32 Attributes;
- ///
- /// Associated monotonic count value against replay attack.
- ///
- UINT64 MonotonicCount;
- ///
- /// Associated TimeStamp value against replay attack.
- ///
- EFI_TIME TimeStamp;
- ///
- /// Index of associated public key in database.
- ///
- UINT32 PubKeyIndex;
- ///
- /// Size of variable null-terminated Unicode string name.
- ///
- UINT32 NameSize;
- ///
- /// Size of the variable data without this header.
- ///
- UINT32 DataSize;
- ///
- /// A unique identifier for the vendor that produces and consumes this varaible.
- ///
- EFI_GUID VendorGuid;
-} VARIABLE_HEADER;
-
-#pragma pack()
-
-typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY;
-
+/// GUID: gEfiVendorKeysNvGuid
///
-/// This structure contains the variable list that is put in EFI system table.
-/// The variable driver collects all variables that were used at boot service time and produces this list.
-/// This is an optional feature to dump all used variables in shell environment.
+/// Format: UINT8
///
-struct _VARIABLE_INFO_ENTRY {
- VARIABLE_INFO_ENTRY *Next; ///< Pointer to next entry.
- EFI_GUID VendorGuid; ///< Guid of Variable.
- CHAR16 *Name; ///< Name of Variable.
- UINT32 Attributes; ///< Attributes of variable defined in UEFI spec.
- UINT32 ReadCount; ///< Number of times to read this variable.
- UINT32 WriteCount; ///< Number of times to write this variable.
- UINT32 DeleteCount; ///< Number of times to delete this variable.
- UINT32 CacheCount; ///< Number of times that cache hits this variable.
- BOOLEAN Volatile; ///< TRUE if volatile, FALSE if non-volatile.
-};
+#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv"
+#define VENDOR_KEYS_VALID 1
+#define VENDOR_KEYS_MODIFIED 0
#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__