--- /dev/null
+/** @file\r
+ The Key Management Service (KMS) protocol as defined in the UEFI 2.3.1 specification is to\r
+ provides services to generate, store, retrieve, and manage cryptographic keys.\r
+ The intention is to specify a simple generic protocol that could be used for many implementations.\r
+\r
+ A driver implementing the protocol may need to provide basic key service that consists of a\r
+ key store and cryptographic key generation capability. It may connect to an external key\r
+ server over the network, or to a Hardware Security Module (HSM) attached to the system it\r
+ runs on, or anything else that is capable of providing the key management service.\r
+\r
+ Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+ This program and the accompanying materials are licensed and made available under\r
+ the terms and conditions of the BSD License that accompanies this distribution.\r
+ The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php.\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __KMS_H__\r
+#define __KMS_H__\r
+\r
+#define EFI_KMS_PROTOCOL_GUID \\r
+ { \\r
+ 0xEC3A978D, 0x7C4E, 0x48FA, {0x9A, 0xBE, 0x6A, 0xD9, 0x1C, 0xC8, 0xF8, 0x11 } \\r
+ }\r
+\r
+typedef struct _EFI_KMS_PROTOCOL EFI_KMS_PROTOCOL;\r
+\r
+//\r
+// Where appropriate, EFI_KMS_DATA_TYPE values may be combined using a bitwise 'OR'\r
+// operation to indicate support for multiple data types.\r
+//\r
+#define EFI_KMS_DATA_TYPE_NONE 0\r
+#define EFI_KMS_DATA_TYPE_BINARY 1\r
+#define EFI_KMS_DATA_TYPE_ASCII 2\r
+#define EFI_KMS_DATA_TYPE_UNICODE 4\r
+#define EFI_KMS_DATA_TYPE_UTF8 8\r
+\r
+\r
+//\r
+// The key formats recognized by the KMS protocol are defined by an EFI_GUID which specifies\r
+// a (key-algorithm, key-size) pair. The names of these GUIDs are in the format\r
+// EFI_KMS_KEY_(key-algorithm)_(key-size)_GUID, where the key-size is expressed in bits.\r
+// The key formats recognized fall into three categories, generic (no algorithm), hash algorithms,\r
+// and encrypted algorithms.\r
+//\r
+\r
+///\r
+/// The following GUIDs define formats that contain generic key data of a specific size in bits,\r
+/// but which is not associated with any specific key algorithm(s).\r
+///@{\r
+#define EFI_KMS_FORMAT_GENERIC_128_GUID \\r
+ { \\r
+ 0xec8a3d69, 0x6ddf, 0x4108, {0x94, 0x76, 0x73, 0x37, 0xfc, 0x52, 0x21, 0x36 } \\r
+ }\r
+#define EFI_KMS_FORMAT_GENERIC_160_GUID \\r
+ { \\r
+ 0xa3b3e6f8, 0xefca, 0x4bc1, {0x88, 0xfb, 0xcb, 0x87, 0x33, 0x9b, 0x25, 0x79 } \\r
+ }\r
+#define EFI_KMS_FORMAT_GENERIC_256_GUID \\r
+ { \\r
+ 0x70f64793, 0xc323, 0x4261, {0xac, 0x2c, 0xd8, 0x76, 0xf2, 0x7c, 0x53, 0x45 } \\r
+ }\r
+#define EFI_KMS_FORMAT_GENERIC_512_GUID \\r
+ { \\r
+ 0x978fe043, 0xd7af, 0x422e, {0x8a, 0x92, 0x2b, 0x48, 0xe4, 0x63, 0xbd, 0xe6 } \\r
+ }\r
+#define EFI_KMS_FORMAT_GENERIC_1024_GUID \\r
+ { \\r
+ 0x43be0b44, 0x874b, 0x4ead, {0xb0, 0x9c, 0x24, 0x1a, 0x4f, 0xbd, 0x7e, 0xb3 } \\r
+ }\r
+#define EFI_KMS_FORMAT_GENERIC_2048_GUID \\r
+ { \\r
+ 0x40093f23, 0x630c, 0x4626, {0x9c, 0x48, 0x40, 0x37, 0x3b, 0x19, 0xcb, 0xbe } \\r
+ }\r
+#define EFI_KMS_FORMAT_GENERIC_3072_GUID \\r
+ { \\r
+ 0xb9237513, 0x6c44, 0x4411, {0xa9, 0x90, 0x21, 0xe5, 0x56, 0xe0, 0x5a, 0xde } \\r
+ }\r
+///@}\r
+\r
+///\r
+/// These GUIDS define key data formats that contain data generated by basic hash algorithms\r
+/// with no cryptographic properties.\r
+///@{\r
+#define EFI_KMS_FORMAT_MD2_128_GUID \\r
+ { \\r
+ 0x78be11c4, 0xee44, 0x4a22, {0x9f, 0x05, 0x03, 0x85, 0x2e, 0xc5, 0xc9, 0x78 } \\r
+ }\r
+#define EFI_KMS_FORMAT_MDC2_128_GUID \\r
+ { \\r
+ 0xf7ad60f8, 0xefa8, 0x44a3, {0x91, 0x13, 0x23, 0x1f, 0x39, 0x9e, 0xb4, 0xc7 } \\r
+ }\r
+#define EFI_KMS_FORMAT_MD4_128_GUID \\r
+ { \\r
+ 0xd1c17aa1, 0xcac5, 0x400f, {0xbe, 0x17, 0xe2, 0xa2, 0xae, 0x06, 0x67, 0x7c } \\r
+ }\r
+#define EFI_KMS_FORMAT_MDC4_128_GUID \\r
+ { \\r
+ 0x3fa4f847, 0xd8eb, 0x4df4, {0xbd, 0x49, 0x10, 0x3a, 0x0a, 0x84, 0x7b, 0xbc } \\r
+ }\r
+#define EFI_KMS_FORMAT_MD5_128_GUID \\r
+ { \\r
+ 0xdcbc3662, 0x9cda, 0x4b52, {0xa0, 0x4c, 0x82, 0xeb, 0x1d, 0x23, 0x48, 0xc7 } \\r
+ }\r
+#define EFI_KMS_FORMAT_MD5SHA_128_GUID \\r
+ { \\r
+ 0x1c178237, 0x6897, 0x459e, {0x9d, 0x36, 0x67, 0xce, 0x8e, 0xf9, 0x4f, 0x76 } \\r
+ }\r
+#define EFI_KMS_FORMAT_SHA1_160_GUID \\r
+ { \\r
+ 0x453c5e5a, 0x482d, 0x43f0, {0x87, 0xc9, 0x59, 0x41, 0xf3, 0xa3, 0x8a, 0xc2 } \\r
+ }\r
+#define EFI_KMS_FORMAT_SHA256_256_GUID \\r
+ { \\r
+ 0x6bb4f5cd, 0x8022, 0x448d, {0xbc, 0x6d, 0x77, 0x1b, 0xae, 0x93, 0x5f, 0xc6 } \\r
+ }\r
+#define EFI_KMS_FORMAT_SHA512_512_GUID \\r
+ { \\r
+ 0x2f240e12, 0xe14d, 0x475c, {0x83, 0xb0, 0xef, 0xff, 0x22, 0xd7, 0x7b, 0xe7 } \\r
+ }\r
+///@}\r
+\r
+///\r
+/// These GUIDs define key data formats that contain data generated by cryptographic key algorithms.\r
+/// There may or may not be a separate data hashing algorithm associated with the key algorithm.\r
+///@{\r
+#define EFI_KMS_FORMAT_AESXTS_128_GUID \\r
+ { \\r
+ 0x4776e33f, 0xdb47, 0x479a, {0xa2, 0x5f, 0xa1, 0xcd, 0x0a, 0xfa, 0xb3, 0x8b } \\r
+ }\r
+#define EFI_KMS_FORMAT_AESXTS_256_GUID \\r
+ { \\r
+ 0xdc7e8613, 0xc4bb, 0x4db0, {0x84, 0x62, 0x13, 0x51, 0x13, 0x57, 0xab, 0xe2 } \\r
+ }\r
+#define EFI_KMS_FORMAT_AESCBC_128_GUID \\r
+ { \\r
+ 0xa0e8ee6a, 0x0e92, 0x44d4, {0x86, 0x1b, 0x0e, 0xaa, 0x4a, 0xca, 0x44, 0xa2 } \\r
+ }\r
+#define EFI_KMS_FORMAT_AESCBC_256_GUID \\r
+ { \\r
+ 0xd7e69789, 0x1f68, 0x45e8, {0x96, 0xef, 0x3b, 0x64, 0x07, 0xa5, 0xb2, 0xdc } \\r
+ }\r
+#define EFI_KMS_FORMAT_RSASHA1_1024_GUID \\r
+ { \\r
+ 0x56417bed, 0x6bbe, 0x4882, {0x86, 0xa0, 0x3a, 0xe8, 0xbb, 0x17, 0xf8, 0xf9 } \\r
+ }\r
+#define EFI_KMS_FORMAT_RSASHA1_2048_GUID \\r
+ { \\r
+ 0xf66447d4, 0x75a6, 0x463e, {0xa8, 0x19, 0x07, 0x7f, 0x2d, 0xda, 0x05, 0xe9 } \\r
+ }\r
+#define EFI_KMS_FORMAT_RSASHA256_2048_GUID \\r
+ { \\r
+ 0xa477af13, 0x877d, 0x4060, {0xba, 0xa1, 0x25, 0xd1, 0xbe, 0xa0, 0x8a, 0xd3 } \\r
+ }\r
+#define EFI_KMS_FORMAT_RSASHA256_3072_GUID \\r
+ { \\r
+ 0x4e1356c2, 0xeed, 0x463f, {0x81, 0x47, 0x99, 0x33, 0xab, 0xdb, 0xc7, 0xd5 } \\r
+ }\r
+///@}\r
+\r
+#define EFI_KMS_ATTRIBUTE_TYPE_NONE 0x00\r
+#define EFI_KMS_ATTRIBUTE_TYPE_INTEGER 0x01\r
+#define EFI_KMS_ATTRIBUTE_TYPE_LONG_INTEGER 0x02\r
+#define EFI_KMS_ATTRIBUTE_TYPE_BIG_INTEGER 0x03\r
+#define EFI_KMS_ATTRIBUTE_TYPE_ENUMERATION 0x04\r
+#define EFI_KMS_ATTRIBUTE_TYPE_BOOLEAN 0x05\r
+#define EFI_KMS_ATTRIBUTE_TYPE_BYTE_STRING 0x06\r
+#define EFI_KMS_ATTRIBUTE_TYPE_TEXT_STRING 0x07\r
+#define EFI_KMS_ATTRIBUTE_TYPE_DATE_TIME 0x08\r
+#define EFI_KMS_ATTRIBUTE_TYPE_INTERVAL 0x09\r
+#define EFI_KMS_ATTRIBUTE_TYPE_STRUCTURE 0x0A\r
+#define EFI_KMS_ATTRIBUTE_TYPE_DYNAMIC 0x0B\r
+\r
+typedef struct {\r
+ ///\r
+ /// The size in bytes for the client identifier.\r
+ ///\r
+ UINT16 ClientIdSize;\r
+ ///\r
+ /// Pointer to a valid client identifier.\r
+ ///\r
+ VOID *ClientId;\r
+ ///\r
+ /// The client name string type used by this client. The string type set here must be one of\r
+ /// the string types reported in the ClientNameStringTypes field of the KMS protocol. If the\r
+ /// KMS does not support client names, this field should be set to EFI_KMS_DATA_TYPE_NONE.\r
+ ///\r
+ UINT8 ClientNameType;\r
+ ///\r
+ /// The size in characters for the client name. This field will be ignored if\r
+ /// ClientNameStringType is set to EFI_KMS_DATA_TYPE_NONE. Otherwise, it must contain\r
+ /// number of characters contained in the ClientName field.\r
+ ///\r
+ UINT8 ClientNameCount;\r
+ ///\r
+ /// Pointer to a client name. This field will be ignored if ClientNameStringType is set to\r
+ /// EFI_KMS_DATA_TYPE_NONE. Otherwise, it must point to a valid string of the specified type.\r
+ ///\r
+ VOID *ClientName;\r
+} EFI_KMS_CLIENT_INFO;\r
+\r
+typedef struct {\r
+ ///\r
+ /// The size of the KeyIdentifier field in bytes. This field is limited to the range 0 to 255.\r
+ ///\r
+ UINT8 KeyIdentifierSize;\r
+ ///\r
+ /// Pointer to an array of KeyIdentifierType elements.\r
+ ///\r
+ VOID *KeyIdentifier;\r
+ ///\r
+ /// An EFI_GUID which specifies the algorithm and key value size for this key.\r
+ ///\r
+ EFI_GUID KeyFormat;\r
+ ///\r
+ /// Pointer to a key value for a key specified by the KeyFormat field. A NULL value for this\r
+ /// field indicates that no key is available.\r
+ ///\r
+ VOID *KeyValue;\r
+ ///\r
+ /// Specifies the results of KMS operations performed with this descriptor. This field is used\r
+ /// to indicate the status of individual operations when a KMS function is called with multiple\r
+ /// EFI_KMS_KEY_DESCRIPTOR structures.\r
+ /// KeyStatus codes returned for the individual key requests are:\r
+ /// EFI_SUCCESS Successfully processed this key.\r
+ /// EFI_WARN_STALE_DATA Successfully processed this key, however, the key's parameters\r
+ /// exceed internal policies/limits and should be replaced.\r
+ /// EFI_COMPROMISED_DATA Successfully processed this key, but the key may have been\r
+ /// compromised and must be replaced.\r
+ /// EFI_UNSUPPORTED Key format is not supported by the service.\r
+ /// EFI_OUT_OF_RESOURCES Could not allocate resources for the key processing.\r
+ /// EFI_TIMEOUT Timed out waiting for device or key server.\r
+ /// EFI_DEVICE_ERROR Device or key server error.\r
+ /// EFI_INVALID_PARAMETER KeyFormat is invalid.\r
+ /// EFI_NOT_FOUND The key does not exist on the KMS.\r
+ ///\r
+ EFI_STATUS KeyStatus;\r
+} EFI_KMS_KEY_DESCRIPTOR;\r
+\r
+typedef struct {\r
+ ///\r
+ /// Part of a tag-type-length triplet that identifies the KeyAttributeData formatting. The\r
+ /// definition of the value is outside the scope of this standard and may be defined by the KMS.\r
+ ///\r
+ UINT16 Tag;\r
+ ///\r
+ /// Part of a tag-type-length triplet that identifies the KeyAttributeData formatting. The\r
+ /// definition of the value is outside the scope of this standard and may be defined by the KMS.\r
+ ///\r
+ UINT16 Type;\r
+ ///\r
+ /// Length in bytes of the KeyAttributeData.\r
+ ///\r
+ UINT32 Length;\r
+ ///\r
+ /// An array of bytes to hold the attribute data associated with the KeyAttributeIdentifier.\r
+ ///\r
+ UINT8 KeyAttributeData[1];\r
+} EFI_KMS_DYNAMIC_FIELD;\r
+\r
+typedef struct {\r
+ ///\r
+ /// The number of members in the EFI_KMS_DYNAMIC_ATTRIBUTE structure.\r
+ ///\r
+ UINT32 FieldCount;\r
+ ///\r
+ /// An array of EFI_KMS_DYNAMIC_FIELD structures.\r
+ ///\r
+ EFI_KMS_DYNAMIC_FIELD Field[1];\r
+} EFI_KMS_DYNAMIC_ATTRIBUTE;\r
+\r
+typedef struct {\r
+ ///\r
+ /// The data type used for the KeyAttributeIdentifier field. Values for this field are defined\r
+ /// by the EFI_KMS_DATA_TYPE constants, except that EFI_KMS_DATA_TYPE_BINARY is not\r
+ /// valid for this field.\r
+ ///\r
+ UINT8 KeyAttributeIdentifierType;\r
+ ///\r
+ /// The length of the KeyAttributeIdentifier field in units defined by KeyAttributeIdentifierType\r
+ /// field. This field is limited to the range 0 to 255.\r
+ ///\r
+ UINT8 KeyAttributeIdentifierCount;\r
+ ///\r
+ /// Pointer to an array of KeyAttributeIdentifierType elements. For string types, there must\r
+ /// not be a null-termination element at the end of the array.\r
+ ///\r
+ VOID *KeyAttributeIdentifier;\r
+ ///\r
+ /// The instance number of this attribute. If there is only one instance, the value is set to\r
+ /// one. If this value is set to 0xFFFF (all binary 1's) then this field should be ignored if an\r
+ /// output or treated as a wild card matching any value if it is an input. If the attribute is\r
+ /// stored with this field, it will match any attribute request regardless of the setting of the\r
+ /// field in the request. If set to 0xFFFF in the request, it will match any attribute with the\r
+ /// same KeyAttributeIdentifier.\r
+ ///\r
+ UINT16 KeyAttributeInstance;\r
+ ///\r
+ /// The data type of the KeyAttributeValue (e.g. struct, bool, etc.). See the list of\r
+ /// KeyAttributeType definitions.\r
+ ///\r
+ UINT16 KeyAttributeType;\r
+ ///\r
+ /// The size in bytes of the KeyAttribute field. A value of zero for this field indicates that no\r
+ /// key attribute value is available.\r
+ ///\r
+ UINT16 KeyAttributeValueSize;\r
+ ///\r
+ /// Pointer to a key attribute value for the attribute specified by the KeyAttributeIdentifier\r
+ /// field. If the KeyAttributeValueSize field is zero, then this field must be NULL.\r
+ ///\r
+ VOID *KeyAttributeValue;\r
+ ///\r
+ /// KeyAttributeStatusSpecifies the results of KMS operations performed with this attribute.\r
+ /// This field is used to indicate the status of individual operations when a KMS function is\r
+ /// called with multiple EFI_KMS_KEY_ATTRIBUTE structures.\r
+ /// KeyAttributeStatus codes returned for the individual key attribute requests are:\r
+ /// EFI_SUCCESS Successfully processed this request.\r
+ /// EFI_WARN_STALE_DATA Successfully processed this request, however, the key's\r
+ /// parameters exceed internal policies/limits and should be replaced.\r
+ /// EFI_COMPROMISED_DATA Successfully processed this request, but the key may have been\r
+ /// compromised and must be replaced.\r
+ /// EFI_UNSUPPORTED Key attribute format is not supported by the service.\r
+ /// EFI_OUT_OF_RESOURCES Could not allocate resources for the request processing.\r
+ /// EFI_TIMEOUT Timed out waiting for device or key server.\r
+ /// EFI_DEVICE_ERROR Device or key server error.\r
+ /// EFI_INVALID_PARAMETER A field in the EFI_KMS_KEY_ATTRIBUTE structure is invalid.\r
+ /// EFI_NOT_FOUND The key attribute does not exist on the KMS.\r
+ ///\r
+ EFI_STATUS KeyAttributeStatus;\r
+} EFI_KMS_KEY_ATTRIBUTE;\r
+\r
+/**\r
+ Get the current status of the key management service.\r
+\r
+ @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
+\r
+ @retval EFI_SUCCESS The KMS is ready for use.\r
+ @retval EFI_NOT_READY No connection to the KMS is available.\r
+ @retval EFI_NO_MAPPING No valid connection configuration exists for the KMS.\r
+ @retval EFI_NO_RESPONSE No response was received from the KMS.\r
+ @retval EFI_DEVICE_ERROR An error occurred when attempting to access the KMS.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_KMS_GET_SERVICE_STATUS) (\r
+ IN EFI_KMS_PROTOCOL *This\r
+ );\r
+\r
+/**\r
+ Register client information with the supported KMS.\r
+\r
+ @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
+ @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
+ @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of \r
+ data specified by the ClientData parameter. This\r
+ parameter may be NULL, in which case the ClientData\r
+ parameter will be ignored and no data will be\r
+ transferred to or from the KMS. If the parameter is\r
+ not NULL, then ClientData must be a valid pointer.\r
+ If the value pointed to is 0, no data will be transferred\r
+ to the KMS, but data may be returned by the KMS.\r
+ For all non-zero values *ClientData will be transferred\r
+ to the KMS, which may also return data to the caller.\r
+ In all cases, the value upon return to the caller will\r
+ be the size of the data block returned to the caller,\r
+ which will be zero if no data is returned from the KMS.\r
+ @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
+ *ClientDataSize that is to be passed directly to the\r
+ KMS if it supports the use of client data. This \r
+ parameter may be NULL if and only if the \r
+ ClientDataSize parameter is also NULL. Upon return to\r
+ the caller, *ClientData points to a block of data of \r
+ *ClientDataSize that was returned from the KMS. \r
+ If the returned value for *ClientDataSize is zero,\r
+ then the returned value for *ClientData must be NULL\r
+ and should be ignored by the caller. The KMS protocol\r
+ consumer is responsible for freeing all valid buffers\r
+ used for client data regardless of whether they are\r
+ allocated by the caller for input to the function or by\r
+ the implementation for output back to the caller.\r
+\r
+ @retval EFI_SUCCESS The client information has been accepted by the KMS.\r
+ @retval EFI_NOT_READY No connection to the KMS is available.\r
+ @retval EFI_NO_RESPONSE There was no response from the device or the key server.\r
+ @retval EFI_ACCESS_DENIED Access was denied by the device or the key server.\r
+ @retval EFI_DEVICE_ERROR An error occurred when attempting to access the KMS.\r
+ @retval EFI_OUT_OF_RESOURCES Required resources were not available to perform the function.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_UNSUPPORTED The KMS does not support the use of client identifiers.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_KMS_REGISTER_CLIENT) (\r
+ IN EFI_KMS_PROTOCOL *This,\r
+ IN EFI_KMS_CLIENT_INFO *Client,\r
+ IN OUT UINTN *ClientDataSize OPTIONAL,\r
+ IN OUT VOID **ClientData OPTIONAL\r
+ ); \r
+\r
+/**\r
+ Request that the KMS generate one or more new keys and associate them with key identifiers.\r
+ The key value(s) is returned to the caller.\r
+\r
+ @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
+ @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
+ @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be\r
+ processed by this operation. On return, this number\r
+ will be updated with the number of key descriptors\r
+ successfully processed.\r
+ @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR\r
+ structures which describe the keys to be generated.\r
+ On input, the KeyIdentifierSize and the KeyIdentifier\r
+ may specify an identifier to be used for the key,\r
+ but this is not required. The KeyFormat field must\r
+ specify a key format GUID reported as supported by\r
+ the KeyFormats field of the EFI_KMS_PROTOCOL.\r
+ The value for this field in the first key descriptor will\r
+ be considered the default value for subsequent key\r
+ descriptors requested in this operation if those key\r
+ descriptors have a NULL GUID in the key format field.\r
+ On output, the KeyIdentifierSize and KeyIdentifier fields\r
+ will specify an identifier for the key which will be either\r
+ the original identifier if one was provided, or an identifier\r
+ generated either by the KMS or the KMS protocol\r
+ implementation. The KeyFormat field will be updated\r
+ with the GUID used to generate the key if it was a\r
+ NULL GUID, and the KeyValue field will contain a pointer\r
+ to memory containing the key value for the generated\r
+ key. Memory for both the KeyIdentifier and the KeyValue\r
+ fields will be allocated with the BOOT_SERVICES_DATA\r
+ type and must be freed by the caller when it is no longer\r
+ needed. Also, the KeyStatus field must reflect the result\r
+ of the request relative to that key.\r
+ @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of \r
+ data specified by the ClientData parameter. This\r
+ parameter may be NULL, in which case the ClientData\r
+ parameter will be ignored and no data will be\r
+ transferred to or from the KMS. If the parameter is\r
+ not NULL, then ClientData must be a valid pointer.\r
+ If the value pointed to is 0, no data will be transferred\r
+ to the KMS, but data may be returned by the KMS.\r
+ For all non-zero values *ClientData will be transferred\r
+ to the KMS, which may also return data to the caller.\r
+ In all cases, the value upon return to the caller will\r
+ be the size of the data block returned to the caller,\r
+ which will be zero if no data is returned from the KMS.\r
+ @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
+ *ClientDataSize that is to be passed directly to the\r
+ KMS if it supports the use of client data. This \r
+ parameter may be NULL if and only if the \r
+ ClientDataSize parameter is also NULL. Upon return to\r
+ the caller, *ClientData points to a block of data of \r
+ *ClientDataSize that was returned from the KMS. \r
+ If the returned value for *ClientDataSize is zero,\r
+ then the returned value for *ClientData must be NULL\r
+ and should be ignored by the caller. The KMS protocol\r
+ consumer is responsible for freeing all valid buffers\r
+ used for client data regardless of whether they are\r
+ allocated by the caller for input to the function or by\r
+ the implementation for output back to the caller.\r
+\r
+ @retval EFI_SUCCESS Successfully generated and retrieved all requested keys.\r
+ @retval EFI_UNSUPPORTED This function is not supported by the KMS. --OR--\r
+ One (or more) of the key requests submitted is not supported by\r
+ the KMS. Check individual key request(s) to see which ones\r
+ may have been processed.\r
+ @retval EFI_OUT_OF_RESOURCES Required resources were not available to perform the function.\r
+ @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
+ request(s) to see which ones may have been processed.\r
+ @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
+ ClientId is required by the server and either no id was\r
+ provided or an invalid id was provided.\r
+ @retval EFI_DEVICE_ERROR An error occurred when attempting to access the KMS. Check\r
+ individual key request(s) to see which ones may have been\r
+ processed.\r
+ @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
+ KeyDescriptorCount is NULL, or Keys is NULL.\r
+ @retval EFI_NOT_FOUND One or more EFI_KMS_KEY_DESCRIPTOR structures\r
+ could not be processed properly. KeyDescriptorCount\r
+ contains the number of structures which were successfully\r
+ processed. Individual structures will reflect the status of the\r
+ processing for that structure.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_KMS_CREATE_KEY) (\r
+ IN EFI_KMS_PROTOCOL *This,\r
+ IN EFI_KMS_CLIENT_INFO *Client,\r
+ IN OUT UINT16 *KeyDescriptorCount,\r
+ IN OUT EFI_KMS_KEY_DESCRIPTOR *KeyDescriptors,\r
+ IN OUT UINTN *ClientDataSize OPTIONAL,\r
+ IN OUT VOID **ClientData OPTIONAL\r
+ );\r
+\r
+/**\r
+ Retrieve an existing key.\r
+\r
+ @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
+ @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
+ @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be\r
+ processed by this operation. On return, this number\r
+ will be updated with the number of key descriptors\r
+ successfully processed.\r
+ @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR\r
+ structures which describe the keys to be retrieved\r
+ from the KMS.\r
+ On input, the KeyIdentifierSize and the KeyIdentifier\r
+ must specify an identifier to be used to retrieve a\r
+ specific key. All other fields in the descriptor should\r
+ be NULL.\r
+ On output, the KeyIdentifierSize and KeyIdentifier fields\r
+ will be unchanged, while the KeyFormat and KeyValue\r
+ fields will be updated values associated with this key\r
+ identifier. Memory for the KeyValue field will be \r
+ allocated with the BOOT_SERVICES_DATA type and\r
+ must be freed by the caller when it is no longer needed.\r
+ Also, the KeyStatus field will reflect the result of the\r
+ request relative to the individual key descriptor.\r
+ @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of \r
+ data specified by the ClientData parameter. This\r
+ parameter may be NULL, in which case the ClientData\r
+ parameter will be ignored and no data will be\r
+ transferred to or from the KMS. If the parameter is\r
+ not NULL, then ClientData must be a valid pointer.\r
+ If the value pointed to is 0, no data will be transferred\r
+ to the KMS, but data may be returned by the KMS.\r
+ For all non-zero values *ClientData will be transferred\r
+ to the KMS, which may also return data to the caller.\r
+ In all cases, the value upon return to the caller will\r
+ be the size of the data block returned to the caller,\r
+ which will be zero if no data is returned from the KMS.\r
+ @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
+ *ClientDataSize that is to be passed directly to the\r
+ KMS if it supports the use of client data. This \r
+ parameter may be NULL if and only if the \r
+ ClientDataSize parameter is also NULL. Upon return to\r
+ the caller, *ClientData points to a block of data of \r
+ *ClientDataSize that was returned from the KMS. \r
+ If the returned value for *ClientDataSize is zero,\r
+ then the returned value for *ClientData must be NULL\r
+ and should be ignored by the caller. The KMS protocol\r
+ consumer is responsible for freeing all valid buffers\r
+ used for client data regardless of whether they are\r
+ allocated by the caller for input to the function or by\r
+ the implementation for output back to the caller.\r
+\r
+ @retval EFI_SUCCESS Successfully retrieved all requested keys.\r
+ @retval EFI_OUT_OF_RESOURCES Could not allocate resources for the method processing.\r
+ @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
+ request(s) to see which ones may have been processed.\r
+ @retval EFI_BUFFER_TOO_SMALL If multiple keys are associated with a single identifier, and the\r
+ KeyValue buffer does not contain enough structures\r
+ (KeyDescriptorCount) to contain all the key data, then\r
+ the available structures will be filled and\r
+ KeyDescriptorCount will be updated to indicate the\r
+ number of keys which could not be processed.\r
+ @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
+ ClientId is required by the server and either none or an\r
+ invalid id was provided.\r
+ @retval EFI_DEVICE_ERROR Device or key server error. Check individual key request(s) to\r
+ see which ones may have been processed.\r
+ @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
+ KeyDescriptorCount is NULL, or Keys is NULL.\r
+ @retval EFI_NOT_FOUND One or more EFI_KMS_KEY_DESCRIPTOR structures\r
+ could not be processed properly. KeyDescriptorCount\r
+ contains the number of structures which were successfully\r
+ processed. Individual structures will reflect the status of the\r
+ processing for that structure.\r
+ @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_KMS_GET_KEY) (\r
+ IN EFI_KMS_PROTOCOL *This,\r
+ IN EFI_KMS_CLIENT_INFO *Client,\r
+ IN OUT UINT16 *KeyDescriptorCount,\r
+ IN OUT EFI_KMS_KEY_DESCRIPTOR *KeyDescriptors,\r
+ IN OUT UINTN *ClientDataSize OPTIONAL,\r
+ IN OUT VOID **ClientData OPTIONAL\r
+ );\r
+\r
+/**\r
+ Add a new key.\r
+\r
+ @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
+ @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
+ @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be\r
+ processed by this operation. On normal return, this\r
+ number will be updated with the number of key\r
+ descriptors successfully processed.\r
+ @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR\r
+ structures which describe the keys to be added.\r
+ On input, the KeyId field for first key must contain\r
+ valid identifier data to be used for adding a key to\r
+ the KMS. The values for these fields in this key\r
+ definition will be considered default values for\r
+ subsequent keys requested in this operation. A value\r
+ of 0 in any subsequent KeyId field will be replaced\r
+ with the current default value. The KeyFormat and\r
+ KeyValue fields for each key to be added must contain\r
+ consistent values to be associated with the given KeyId.\r
+ On return, the KeyStatus field will reflect the result\r
+ of the operation for each key request.\r
+ @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of \r
+ data specified by the ClientData parameter. This\r
+ parameter may be NULL, in which case the ClientData\r
+ parameter will be ignored and no data will be\r
+ transferred to or from the KMS. If the parameter is\r
+ not NULL, then ClientData must be a valid pointer.\r
+ If the value pointed to is 0, no data will be transferred\r
+ to the KMS, but data may be returned by the KMS.\r
+ For all non-zero values *ClientData will be transferred\r
+ to the KMS, which may also return data to the caller.\r
+ In all cases, the value upon return to the caller will\r
+ be the size of the data block returned to the caller,\r
+ which will be zero if no data is returned from the KMS.\r
+ @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
+ *ClientDataSize that is to be passed directly to the\r
+ KMS if it supports the use of client data. This \r
+ parameter may be NULL if and only if the \r
+ ClientDataSize parameter is also NULL. Upon return to\r
+ the caller, *ClientData points to a block of data of \r
+ *ClientDataSize that was returned from the KMS. \r
+ If the returned value for *ClientDataSize is zero,\r
+ then the returned value for *ClientData must be NULL\r
+ and should be ignored by the caller. The KMS protocol\r
+ consumer is responsible for freeing all valid buffers\r
+ used for client data regardless of whether they are\r
+ allocated by the caller for input to the function or by\r
+ the implementation for output back to the caller.\r
+\r
+ @retval EFI_SUCCESS Successfully added all requested keys.\r
+ @retval EFI_OUT_OF_RESOURCES Could not allocate required resources.\r
+ @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
+ request(s) to see which ones may have been processed.\r
+ @retval EFI_BUFFER_TOO_SMALL If multiple keys are associated with a single identifier, and the\r
+ KeyValue buffer does not contain enough structures\r
+ (KeyDescriptorCount) to contain all the key data, then\r
+ the available structures will be filled and\r
+ KeyDescriptorCount will be updated to indicate the\r
+ number of keys which could not be processed\r
+ @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
+ ClientId is required by the server and either none or an\r
+ invalid id was provided.\r
+ @retval EFI_DEVICE_ERROR Device or key server error. Check individual key request(s) to\r
+ see which ones may have been processed.\r
+ @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
+ KeyDescriptorCount is NULL, or Keys is NULL.\r
+ @retval EFI_NOT_FOUND One or more EFI_KMS_KEY_DESCRIPTOR structures\r
+ could not be processed properly. KeyDescriptorCount\r
+ contains the number of structures which were successfully\r
+ processed. Individual structures will reflect the status of the\r
+ processing for that structure.\r
+ @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_KMS_ADD_KEY) (\r
+ IN EFI_KMS_PROTOCOL *This,\r
+ IN EFI_KMS_CLIENT_INFO *Client,\r
+ IN OUT UINT16 *KeyDescriptorCount,\r
+ IN OUT EFI_KMS_KEY_DESCRIPTOR *KeyDescriptors,\r
+ IN OUT UINTN *ClientDataSize OPTIONAL,\r
+ IN OUT VOID **ClientData OPTIONAL\r
+ );\r
+\r
+/**\r
+ Delete an existing key from the KMS database.\r
+\r
+ @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
+ @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
+ @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be\r
+ processed by this operation. On normal return, this\r
+ number will be updated with the number of key\r
+ descriptors successfully processed.\r
+ @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR\r
+ structures which describe the keys to be deleted.\r
+ On input, the KeyId field for first key must contain\r
+ valid identifier data to be used for adding a key to\r
+ the KMS. The values for these fields in this key\r
+ definition will be considered default values for\r
+ subsequent keys requested in this operation. A value\r
+ of 0 in any subsequent KeyId field will be replaced\r
+ with the current default value. The KeyFormat and\r
+ KeyValue fields are ignored, but should be 0.\r
+ On return, the KeyStatus field will reflect the result\r
+ of the operation for each key request.\r
+ @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of \r
+ data specified by the ClientData parameter. This\r
+ parameter may be NULL, in which case the ClientData\r
+ parameter will be ignored and no data will be\r
+ transferred to or from the KMS. If the parameter is\r
+ not NULL, then ClientData must be a valid pointer.\r
+ If the value pointed to is 0, no data will be transferred\r
+ to the KMS, but data may be returned by the KMS.\r
+ For all non-zero values *ClientData will be transferred\r
+ to the KMS, which may also return data to the caller.\r
+ In all cases, the value upon return to the caller will\r
+ be the size of the data block returned to the caller,\r
+ which will be zero if no data is returned from the KMS.\r
+ @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
+ *ClientDataSize that is to be passed directly to the\r
+ KMS if it supports the use of client data. This \r
+ parameter may be NULL if and only if the \r
+ ClientDataSize parameter is also NULL. Upon return to\r
+ the caller, *ClientData points to a block of data of \r
+ *ClientDataSize that was returned from the KMS. \r
+ If the returned value for *ClientDataSize is zero,\r
+ then the returned value for *ClientData must be NULL\r
+ and should be ignored by the caller. The KMS protocol\r
+ consumer is responsible for freeing all valid buffers\r
+ used for client data regardless of whether they are\r
+ allocated by the caller for input to the function or by\r
+ the implementation for output back to the caller.\r
+\r
+ @retval EFI_SUCCESS Successfully deleted all requested keys.\r
+ @retval EFI_OUT_OF_RESOURCES Could not allocate required resources.\r
+ @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
+ request(s) to see which ones may have been processed.\r
+ @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
+ ClientId is required by the server and either none or an\r
+ invalid id was provided.\r
+ @retval EFI_DEVICE_ERROR Device or key server error. Check individual key request(s) to\r
+ see which ones may have been processed.\r
+ @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
+ KeyDescriptorCount is NULL, or Keys is NULL.\r
+ @retval EFI_NOT_FOUND One or more EFI_KMS_KEY_DESCRIPTOR structures\r
+ could not be processed properly. KeyDescriptorCount\r
+ contains the number of structures which were successfully\r
+ processed. Individual structures will reflect the status of the\r
+ processing for that structure.\r
+ @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_KMS_DELETE_KEY) (\r
+ IN EFI_KMS_PROTOCOL *This,\r
+ IN EFI_KMS_CLIENT_INFO *Client,\r
+ IN OUT UINT16 *KeyDescriptorCount,\r
+ IN OUT EFI_KMS_KEY_DESCRIPTOR *KeyDescriptors,\r
+ IN OUT UINTN *ClientDataSize OPTIONAL,\r
+ IN OUT VOID **ClientData OPTIONAL\r
+ );\r
+\r
+/**\r
+ Get one or more attributes associated with a specified key identifier.\r
+ If none are found, the returned attributes count contains a value of zero.\r
+\r
+ @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
+ @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
+ @param[in] KeyIdentifierSize Pointer to the size in bytes of the KeyIdentifier variable.\r
+ @param[in] KeyIdentifier Pointer to the key identifier associated with this key.\r
+ @param[in, out] KeyAttributesCount Pointer to the number of EFI_KMS_KEY_ATTRIBUTE\r
+ structures associated with the Key identifier. If none\r
+ are found, the count value is zero on return.\r
+ On input this value reflects the number of KeyAttributes\r
+ that may be returned.\r
+ On output, the value reflects the number of completed\r
+ KeyAttributes structures found.\r
+ @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE\r
+ structures associated with the Key Identifier.\r
+ On input, the fields in the structure should be NULL.\r
+ On output, the attribute fields will have updated values\r
+ for attributes associated with this key identifier.\r
+ @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of \r
+ data specified by the ClientData parameter. This\r
+ parameter may be NULL, in which case the ClientData\r
+ parameter will be ignored and no data will be\r
+ transferred to or from the KMS. If the parameter is\r
+ not NULL, then ClientData must be a valid pointer.\r
+ If the value pointed to is 0, no data will be transferred\r
+ to the KMS, but data may be returned by the KMS.\r
+ For all non-zero values *ClientData will be transferred\r
+ to the KMS, which may also return data to the caller.\r
+ In all cases, the value upon return to the caller will\r
+ be the size of the data block returned to the caller,\r
+ which will be zero if no data is returned from the KMS.\r
+ @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
+ *ClientDataSize that is to be passed directly to the\r
+ KMS if it supports the use of client data. This \r
+ parameter may be NULL if and only if the \r
+ ClientDataSize parameter is also NULL. Upon return to\r
+ the caller, *ClientData points to a block of data of \r
+ *ClientDataSize that was returned from the KMS. \r
+ If the returned value for *ClientDataSize is zero,\r
+ then the returned value for *ClientData must be NULL\r
+ and should be ignored by the caller. The KMS protocol\r
+ consumer is responsible for freeing all valid buffers\r
+ used for client data regardless of whether they are\r
+ allocated by the caller for input to the function or by\r
+ the implementation for output back to the caller.\r
+\r
+ @retval EFI_SUCCESS Successfully retrieved all key attributes.\r
+ @retval EFI_OUT_OF_RESOURCES Could not allocate resources for the method processing.\r
+ @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
+ attribute request(s) to see which ones may have been\r
+ processed.\r
+ @retval EFI_BUFFER_TOO_SMALL If multiple key attributes are associated with a single identifier,\r
+ and the KeyAttributes buffer does not contain enough\r
+ structures (KeyAttributesCount) to contain all the key\r
+ attributes data, then the available structures will be filled and\r
+ KeyAttributesCount will be updated to indicate the\r
+ number of key attributes which could not be processed.\r
+ @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
+ ClientId is required by the server and either none or an\r
+ invalid id was provided.\r
+ @retval EFI_DEVICE_ERROR Device or key server error. Check individual key attribute\r
+ request(s) (i.e. key attribute status for each) to see which ones\r
+ may have been processed.\r
+ @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
+ KeyIdentifierSize is NULL , or KeyIdentifier\r
+ is NULL, or KeyAttributes is NULL, or\r
+ KeyAttributesSize is NULL.\r
+ @retval EFI_NOT_FOUND The KeyIdentifier could not be found.\r
+ KeyAttributesCount contains zero. Individual\r
+ structures will reflect the status of the processing for that\r
+ structure.\r
+ @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_KMS_GET_KEY_ATTRIBUTES) (\r
+ IN EFI_KMS_PROTOCOL *This,\r
+ IN EFI_KMS_CLIENT_INFO *Client,\r
+ IN UINT8 *KeyIdentifierSize,\r
+ IN CONST VOID *KeyIdentifier,\r
+ IN OUT UINT16 *KeyAttributesCount,\r
+ IN OUT EFI_KMS_KEY_ATTRIBUTE *KeyAttributes,\r
+ IN OUT UINTN *ClientDataSize OPTIONAL,\r
+ IN OUT VOID **ClientData OPTIONAL\r
+ );\r
+\r
+/**\r
+ Add one or more attributes to a key specified by a key identifier.\r
+\r
+ @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
+ @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
+ @param[in] KeyIdentifierSize Pointer to the size in bytes of the KeyIdentifier variable.\r
+ @param[in] KeyIdentifier Pointer to the key identifier associated with this key.\r
+ @param[in, out] KeyAttributesCount Pointer to the number of EFI_KMS_KEY_ATTRIBUTE\r
+ structures to associate with the Key. On normal returns,\r
+ this number will be updated with the number of key\r
+ attributes successfully processed.\r
+ @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE\r
+ structures providing the attribute information to\r
+ associate with the key.\r
+ On input, the values for the fields in the structure\r
+ are completely filled in.\r
+ On return the KeyAttributeStatus field will reflect the\r
+ result of the operation for each key attribute request.\r
+ @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of \r
+ data specified by the ClientData parameter. This\r
+ parameter may be NULL, in which case the ClientData\r
+ parameter will be ignored and no data will be\r
+ transferred to or from the KMS. If the parameter is\r
+ not NULL, then ClientData must be a valid pointer.\r
+ If the value pointed to is 0, no data will be transferred\r
+ to the KMS, but data may be returned by the KMS.\r
+ For all non-zero values *ClientData will be transferred\r
+ to the KMS, which may also return data to the caller.\r
+ In all cases, the value upon return to the caller will\r
+ be the size of the data block returned to the caller,\r
+ which will be zero if no data is returned from the KMS.\r
+ @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
+ *ClientDataSize that is to be passed directly to the\r
+ KMS if it supports the use of client data. This \r
+ parameter may be NULL if and only if the \r
+ ClientDataSize parameter is also NULL. Upon return to\r
+ the caller, *ClientData points to a block of data of \r
+ *ClientDataSize that was returned from the KMS. \r
+ If the returned value for *ClientDataSize is zero,\r
+ then the returned value for *ClientData must be NULL\r
+ and should be ignored by the caller. The KMS protocol\r
+ consumer is responsible for freeing all valid buffers\r
+ used for client data regardless of whether they are\r
+ allocated by the caller for input to the function or by\r
+ the implementation for output back to the caller.\r
+\r
+ @retval EFI_SUCCESS Successfully added all requested key attributes.\r
+ @retval EFI_OUT_OF_RESOURCES Could not allocate required resources.\r
+ @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
+ attribute request(s) to see which ones may have been\r
+ processed.\r
+ @retval EFI_BUFFER_TOO_SMALL If multiple keys attributes are associated with a single key\r
+ identifier, and the attributes buffer does not contain\r
+ enough structures (KeyAttributesCount) to contain all\r
+ the data, then the available structures will be filled and\r
+ KeyAttributesCount will be updated to indicate the\r
+ number of key attributes which could not be processed. The\r
+ status of each key attribute is also updated indicating success or\r
+ failure for that attribute in case there are other errors for those\r
+ attributes that could be processed.\r
+ @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
+ ClientId is required by the server and either none or an\r
+ invalid id was provided.\r
+ @retval EFI_DEVICE_ERROR Device or key server error. Check individual key attribute\r
+ request(s) (i.e. key attribute status for each) to see which ones\r
+ may have been processed.\r
+ @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
+ KeyAttributesCount is NULL, or KeyAttributes\r
+ is NULL, or KeyIdentifierSize is NULL, or\r
+ KeyIdentifer is NULL.\r
+ @retval EFI_NOT_FOUND The KeyIdentifier could not be found. On return the\r
+ KeyAttributesCount contains the number of attributes\r
+ processed. Individual structures will reflect the status of the\r
+ processing for that structure.\r
+ @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_KMS_ADD_KEY_ATTRIBUTES) (\r
+ IN EFI_KMS_PROTOCOL *This,\r
+ IN EFI_KMS_CLIENT_INFO *Client,\r
+ IN UINT8 *KeyIdentifierSize,\r
+ IN CONST VOID *KeyIdentifier,\r
+ IN OUT UINT16 *KeyAttributesCount,\r
+ IN OUT EFI_KMS_KEY_ATTRIBUTE *KeyAttributes,\r
+ IN OUT UINTN *ClientDataSize OPTIONAL,\r
+ IN OUT VOID **ClientData OPTIONAL\r
+ );\r
+\r
+/**\r
+ Delete attributes to a key specified by a key identifier.\r
+\r
+ @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
+ @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
+ @param[in] KeyIdentifierSize Pointer to the size in bytes of the KeyIdentifier variable.\r
+ @param[in] KeyIdentifier Pointer to the key identifier associated with this key.\r
+ @param[in, out] KeyAttributesCount Pointer to the number of EFI_KMS_KEY_ATTRIBUTE\r
+ structures to associate with the Key.\r
+ On input, the count value is one or more.\r
+ On normal returns, this number will be updated with\r
+ the number of key attributes successfully processed.\r
+ @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE\r
+ structures providing the attribute information to\r
+ associate with the key.\r
+ On input, the values for the fields in the structure\r
+ are completely filled in.\r
+ On return the KeyAttributeStatus field will reflect the\r
+ result of the operation for each key attribute request.\r
+ @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of \r
+ data specified by the ClientData parameter. This\r
+ parameter may be NULL, in which case the ClientData\r
+ parameter will be ignored and no data will be\r
+ transferred to or from the KMS. If the parameter is\r
+ not NULL, then ClientData must be a valid pointer.\r
+ If the value pointed to is 0, no data will be transferred\r
+ to the KMS, but data may be returned by the KMS.\r
+ For all non-zero values *ClientData will be transferred\r
+ to the KMS, which may also return data to the caller.\r
+ In all cases, the value upon return to the caller will\r
+ be the size of the data block returned to the caller,\r
+ which will be zero if no data is returned from the KMS.\r
+ @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
+ *ClientDataSize that is to be passed directly to the\r
+ KMS if it supports the use of client data. This \r
+ parameter may be NULL if and only if the \r
+ ClientDataSize parameter is also NULL. Upon return to\r
+ the caller, *ClientData points to a block of data of \r
+ *ClientDataSize that was returned from the KMS. \r
+ If the returned value for *ClientDataSize is zero,\r
+ then the returned value for *ClientData must be NULL\r
+ and should be ignored by the caller. The KMS protocol\r
+ consumer is responsible for freeing all valid buffers\r
+ used for client data regardless of whether they are\r
+ allocated by the caller for input to the function or by\r
+ the implementation for output back to the caller.\r
+\r
+ @retval EFI_SUCCESS Successfully deleted all requested key attributes.\r
+ @retval EFI_OUT_OF_RESOURCES Could not allocate required resources.\r
+ @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
+ attribute request(s) to see which ones may have been\r
+ processed.\r
+ @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
+ ClientId is required by the server and either none or an\r
+ invalid id was provided.\r
+ @retval EFI_DEVICE_ERROR Device or key server error. Check individual key attribute\r
+ request(s) (i.e. key attribute status for each) to see which ones\r
+ may have been processed.\r
+ @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
+ KeyAttributesCount is NULL, or\r
+ KeyAttributes is NULL, or KeyIdentifierSize\r
+ is NULL, or KeyIdentifer is NULL.\r
+ @retval EFI_NOT_FOUND The KeyIdentifier could not be found or the attribute\r
+ could not be found. On return the KeyAttributesCount\r
+ contains the number of attributes processed. Individual\r
+ structures will reflect the status of the processing for that\r
+ structure.\r
+ @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_KMS_DELETE_KEY_ATTRIBUTES) (\r
+ IN EFI_KMS_PROTOCOL *This,\r
+ IN EFI_KMS_CLIENT_INFO *Client,\r
+ IN UINT8 *KeyIdentifierSize,\r
+ IN CONST VOID *KeyIdentifier,\r
+ IN OUT UINT16 *KeyAttributesCount,\r
+ IN OUT EFI_KMS_KEY_ATTRIBUTE *KeyAttributes,\r
+ IN OUT UINTN *ClientDataSize OPTIONAL,\r
+ IN OUT VOID **ClientData OPTIONAL\r
+ );\r
+\r
+/**\r
+ Retrieve one or more key that has matched all of the specified key attributes.\r
+\r
+ @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.\r
+ @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.\r
+ @param[in, out] KeyAttributesCount Pointer to a count of the number of key attribute structures\r
+ that must be matched for each returned key descriptor.\r
+ On input the count value is one or more.\r
+ On normal returns, this number will be updated with\r
+ the number of key attributes successfully processed.\r
+ @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE\r
+ structure to search for.\r
+ On input, the values for the fields in the structure are\r
+ completely filled in.\r
+ On return the KeyAttributeStatus field will reflect the\r
+ result of the operation for each key attribute request.\r
+ @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors matched\r
+ by this operation.\r
+ On entry, this number will be zero.\r
+ On return, this number will be updated to the number\r
+ of key descriptors successfully found.\r
+ @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR\r
+ structures which describe the keys from the KMS\r
+ having the KeyAttribute(s) specified.\r
+ On input, this pointer will be NULL.\r
+ On output, the array will contain an\r
+ EFI_KMS_KEY_DESCRIPTOR structure for each key\r
+ meeting the search criteria. Memory for the array\r
+ and all KeyValue fields will be allocated with the\r
+ EfiBootServicesData type and must be freed by the\r
+ caller when it is no longer needed. Also, the KeyStatus\r
+ field of each descriptor will reflect the result of the\r
+ request relative to that key descriptor.\r
+ @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of \r
+ data specified by the ClientData parameter. This\r
+ parameter may be NULL, in which case the ClientData\r
+ parameter will be ignored and no data will be\r
+ transferred to or from the KMS. If the parameter is\r
+ not NULL, then ClientData must be a valid pointer.\r
+ If the value pointed to is 0, no data will be transferred\r
+ to the KMS, but data may be returned by the KMS.\r
+ For all non-zero values *ClientData will be transferred\r
+ to the KMS, which may also return data to the caller.\r
+ In all cases, the value upon return to the caller will\r
+ be the size of the data block returned to the caller,\r
+ which will be zero if no data is returned from the KMS.\r
+ @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of\r
+ *ClientDataSize that is to be passed directly to the\r
+ KMS if it supports the use of client data. This \r
+ parameter may be NULL if and only if the \r
+ ClientDataSize parameter is also NULL. Upon return to\r
+ the caller, *ClientData points to a block of data of \r
+ *ClientDataSize that was returned from the KMS. \r
+ If the returned value for *ClientDataSize is zero,\r
+ then the returned value for *ClientData must be NULL\r
+ and should be ignored by the caller. The KMS protocol\r
+ consumer is responsible for freeing all valid buffers\r
+ used for client data regardless of whether they are\r
+ allocated by the caller for input to the function or by\r
+ the implementation for output back to the caller.\r
+\r
+ @retval EFI_SUCCESS Successfully retrieved all requested keys.\r
+ @retval EFI_OUT_OF_RESOURCES Could not allocate required resources.\r
+ @retval EFI_TIMEOUT Timed out waiting for device or key server. Check individual key\r
+ attribute request(s) to see which ones may have been\r
+ processed.\r
+ @retval EFI_BUFFER_TOO_SMALL If multiple keys are associated with the attribute(s), and the\r
+ KeyValue buffer does not contain enough structures\r
+ (KeyDescriptorCount) to contain all the key data, then\r
+ the available structures will be filled and\r
+ KeyDescriptorCount will be updated to indicate the\r
+ number of keys which could not be processed.\r
+ @retval EFI_ACCESS_DENIED Access was denied by the device or the key server; OR a\r
+ ClientId is required by the server and either none or an\r
+ invalid id was provided.\r
+ @retval EFI_DEVICE_ERROR Device or key server error. Check individual key attribute\r
+ request(s) (i.e. key attribute status for each) to see which ones\r
+ may have been processed.\r
+ @retval EFI_INVALID_PARAMETER This is NULL, ClientId is required but it is NULL,\r
+ KeyDescriptorCount is NULL, or\r
+ KeyDescriptors is NULL or KeyAttributes is\r
+ NULL, or KeyAttributesCount is NULL.\r
+ @retval EFI_NOT_FOUND One or more EFI_KMS_KEY_ATTRIBUTE structures could\r
+ not be processed properly. KeyAttributeCount contains\r
+ the number of structures which were successfully processed.\r
+ Individual structures will reflect the status of the processing for\r
+ that structure.\r
+ @retval EFI_UNSUPPORTED The implementation/KMS does not support this function.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_KMS_GET_KEY_BY_ATTRIBUTES) (\r
+ IN EFI_KMS_PROTOCOL *This,\r
+ IN EFI_KMS_CLIENT_INFO *Client,\r
+ IN OUT UINTN *KeyAttributeCount,\r
+ IN OUT EFI_KMS_KEY_ATTRIBUTE *KeyAttributes,\r
+ IN OUT UINTN *KeyDescriptorCount,\r
+ IN OUT EFI_KMS_KEY_DESCRIPTOR *KeyDescriptors,\r
+ IN OUT UINTN *ClientDataSize OPTIONAL,\r
+ IN OUT VOID **ClientData OPTIONAL\r
+ );\r
+\r
+///\r
+/// The Key Management Service (KMS) protocol provides services to generate, store, retrieve,\r
+/// and manage cryptographic keys.\r
+///\r
+struct _EFI_KMS_PROTOCOL {\r
+ ///\r
+ /// Get the current status of the key management service. If the implementation has not yet\r
+ /// connected to the KMS, then a call to this function will initiate a connection. This is the\r
+ /// only function that is valid for use prior to the service being marked available.\r
+ ///\r
+ EFI_KMS_GET_SERVICE_STATUS GetServiceStatus;\r
+ ///\r
+ /// Register a specific client with the KMS.\r
+ ///\r
+ EFI_KMS_REGISTER_CLIENT RegisterClient;\r
+ ///\r
+ /// Request the generation of a new key and retrieve it.\r
+ ///\r
+ EFI_KMS_CREATE_KEY CreateKey;\r
+ ///\r
+ /// Retrieve an existing key.\r
+ ///\r
+ EFI_KMS_GET_KEY GetKey;\r
+ ///\r
+ /// Add a local key to KMS database. If there is an existing key with this key identifier in the\r
+ /// KMS database, it will be replaced with the new key.\r
+ ///\r
+ EFI_KMS_ADD_KEY AddKey;\r
+ ///\r
+ /// Delete an existing key from the KMS database.\r
+ ///\r
+ EFI_KMS_DELETE_KEY DeleteKey;\r
+ ///\r
+ /// Get attributes for an existing key in the KMS database.\r
+ ///\r
+ EFI_KMS_GET_KEY_ATTRIBUTES GetKeyAttributes;\r
+ ///\r
+ /// Add attributes to an existing key in the KMS database.\r
+ ///\r
+ EFI_KMS_ADD_KEY_ATTRIBUTES AddKeyAttributes;\r
+ ///\r
+ /// Delete attributes for an existing key in the KMS database.\r
+ ///\r
+ EFI_KMS_DELETE_KEY_ATTRIBUTES DeleteKeyAttributes;\r
+ ///\r
+ /// Get existing key(s) with the specified attributes.\r
+ ///\r
+ EFI_KMS_GET_KEY_BY_ATTRIBUTES GetKeyByAttributes;\r
+ ///\r
+ /// The version of this EFI_KMS_PROTOCOL structure. This must be set to 0x00020040 for\r
+ /// the initial version of this protocol.\r
+ ///\r
+ UINT32 ProtocolVersion;\r
+ ///\r
+ /// Optional GUID used to identify a specific KMS. This GUID may be supplied by the provider,\r
+ /// by the implementation, or may be null. If is null, then the ServiceName must not be null.\r
+ ///\r
+ EFI_GUID ServiceId;\r
+ ///\r
+ /// Optional pointer to a unicode string which may be used to identify the KMS or provide\r
+ /// other information about the supplier.\r
+ ///\r
+ CHAR16 *ServiceName;\r
+ ///\r
+ /// Optional 32-bit value which may be used to indicate the version of the KMS provided by\r
+ /// the supplier.\r
+ ///\r
+ UINT32 ServiceVersion;\r
+ ///\r
+ /// TRUE if and only if the service is active and available for use. To avoid unnecessary\r
+ /// delays in POST, this protocol may be installed without connecting to the service. In this\r
+ /// case, the first call to the GetServiceStatus () function will cause the implementation to\r
+ /// connect to the supported service and mark it as available. The capabilities of this service\r
+ /// as defined in the reminder of this protocol are not guaranteed to be valid until the service\r
+ /// has been marked available.\r
+ ///\r
+ BOOLEAN ServiceAvailable;\r
+ ///\r
+ /// TURE if and only if the service supports client identifiers. Client identifiers may be used\r
+ /// for auditing, access control or any other purpose specific to the implementation.\r
+ ///\r
+ BOOLEAN ClientIdSupported;\r
+ ///\r
+ /// TURE if and only if the service requires a client identifier in order to process key requests.\r
+ /// FALSE otherwise.\r
+ ///\r
+ BOOLEAN ClientIdRequired;\r
+ ///\r
+ /// The maximum size in bytes for the client identifier.\r
+ ///\r
+ UINT16 ClientIdMaxSize;\r
+ ///\r
+ /// The client name string type(s) supported by the KMS service. If client names are not\r
+ /// supported, this field will be set the EFI_KMS_DATA_TYPE_NONE. Otherwise, it will be set\r
+ /// to the inclusive 'OR' of all client name formats supported. Client names may be used for\r
+ /// auditing, access control or any other purpose specific to the implementation.\r
+ ///\r
+ UINT8 ClientNameStringTypes;\r
+ ///\r
+ /// TURE if only if the KMS requires a client name to be supplied to the service.\r
+ /// FALSE otherwise.\r
+ ///\r
+ BOOLEAN ClientNameRequired;\r
+ ///\r
+ /// The maximum number of characters allowed for the client name.\r
+ ///\r
+ UINT16 ClientNameMaxCount;\r
+ ///\r
+ /// TURE if and only if the service supports arbitrary client data requests. The use of client\r
+ /// data requires the caller to have specific knowledge of the individual KMS service and\r
+ /// should be used only if absolutely necessary.\r
+ /// FALSE otherwise.\r
+ ///\r
+ BOOLEAN ClientDataSupported;\r
+ ///\r
+ /// The maximum size in bytes for the client data. If the maximum data size is not specified\r
+ /// by the KMS or it is not known, then this field must be filled with all ones.\r
+ ///\r
+ UINTN ClientDataMaxSize;\r
+ ///\r
+ /// TURE if variable length key identifiers are supported.\r
+ /// FALSE if a fixed length key identifier is supported.\r
+ ///\r
+ BOOLEAN KeyIdVariableLenSupported;\r
+ ///\r
+ /// If KeyIdVariableLenSupported is TRUE, this is the maximum supported key identifier length\r
+ /// in bytes. Otherwise this is the fixed length of key identifier supported. Key ids shorter\r
+ /// than the fixed length will be padded on the right with blanks.\r
+ ///\r
+ UINTN KeyIdMaxSize;\r
+ ///\r
+ /// The number of key format/size GUIDs returned in the KeyFormats field.\r
+ ///\r
+ UINTN KeyFormatsCount;\r
+ ///\r
+ /// A pointer to an array of EFI_GUID values which specify key formats/sizes supported by\r
+ /// this KMS. Each format/size pair will be specified by a separate EFI_GUID. At least one\r
+ /// key format/size must be supported. All formats/sizes with the same hashing algorithm\r
+ /// must be contiguous in the array, and for each hashing algorithm, the key sizes must be in\r
+ /// ascending order. See "Related Definitions" for GUIDs which identify supported key formats/sizes.\r
+ /// This list of GUIDs supported by the KMS is not required to be exhaustive, and the KMS\r
+ /// may provide support for additional key formats/sizes. Users may request key information\r
+ /// using an arbitrary GUID, but any GUID not recognized by the implementation or not\r
+ /// supported by the KMS will return an error code of EFI_UNSUPPORTED\r
+ ///\r
+ EFI_GUID *KeyFormats;\r
+ ///\r
+ /// TRUE if key attributes are supported.\r
+ /// FALSE if key attributes are not supported.\r
+ ///\r
+ BOOLEAN KeyAttributesSupported;\r
+ ///\r
+ /// The key attribute identifier string type(s) supported by the KMS service. If key attributes\r
+ /// are not supported, this field will be set to EFI_KMS_DATA_TYPE_NONE. Otherwise, it will\r
+ /// be set to the inclusive 'OR' of all key attribute identifier string types supported.\r
+ /// EFI_KMS_DATA_TYPE_BINARY is not valid for this field.\r
+ ///\r
+ UINT8 KeyAttributeIdStringTypes;\r
+ UINT16 KeyAttributeIdMaxCount;\r
+ ///\r
+ /// The number of predefined KeyAttributes structures returned in the KeyAttributes\r
+ /// parameter. If the KMS does not support predefined key attributes, or if it does not\r
+ /// provide a method to obtain predefined key attributes data, then this field must be zero.\r
+ ///\r
+ UINTN KeyAttributesCount;\r
+ ///\r
+ /// A pointer to an array of KeyAttributes structures which contains the predefined\r
+ /// attributes supported by this KMS. Each structure must contain a valid key attribute\r
+ /// identifier and should provide any other information as appropriate for the attribute,\r
+ /// including a default value if one exists. This variable must be set to NULL if the\r
+ /// KeyAttributesCount variable is zero. It must point to a valid buffer if the\r
+ /// KeyAttributesCount variable is non-zero.\r
+ /// This list of predefined attributes is not required to be exhaustive, and the KMS may\r
+ /// provide additional predefined attributes not enumerated in this list. The implementation\r
+ /// does not distinguish between predefined and used defined attributes, and therefore,\r
+ /// predefined attributes not enumerated will still be processed to the KMS.\r
+ ///\r
+ EFI_KMS_KEY_ATTRIBUTE *KeyAttributes;\r
+};\r
+\r
+extern EFI_GUID gEfiKmsFormatGeneric128Guid;\r
+extern EFI_GUID gEfiKmsFormatGeneric160Guid;\r
+extern EFI_GUID gEfiKmsFormatGeneric256Guid;\r
+extern EFI_GUID gEfiKmsFormatGeneric512Guid;\r
+extern EFI_GUID gEfiKmsFormatGeneric1024Guid;\r
+extern EFI_GUID gEfiKmsFormatGeneric2048Guid;\r
+extern EFI_GUID gEfiKmsFormatGeneric3072Guid;\r
+extern EFI_GUID gEfiKmsFormatMd2128Guid;\r
+extern EFI_GUID gEfiKmsFormatMdc2128Guid;\r
+extern EFI_GUID gEfiKmsFormatMd4128Guid;\r
+extern EFI_GUID gEfiKmsFormatMdc4128Guid;\r
+extern EFI_GUID gEfiKmsFormatMd5128Guid;\r
+extern EFI_GUID gEfiKmsFormatMd5sha128Guid;\r
+extern EFI_GUID gEfiKmsFormatSha1160Guid;\r
+extern EFI_GUID gEfiKmsFormatSha256256Guid;\r
+extern EFI_GUID gEfiKmsFormatSha512512Guid;\r
+extern EFI_GUID gEfiKmsFormatAesxts128Guid;\r
+extern EFI_GUID gEfiKmsFormatAesxts256Guid;\r
+extern EFI_GUID gEfiKmsFormatAescbc128Guid;\r
+extern EFI_GUID gEfiKmsFormatAescbc256Guid;\r
+extern EFI_GUID gEfiKmsFormatRsasha11024Guid;\r
+extern EFI_GUID gEfiKmsFormatRsasha12048Guid;\r
+extern EFI_GUID gEfiKmsFormatRsasha2562048Guid;\r
+extern EFI_GUID gEfiKmsFormatRsasha2563072Guid;\r
+extern EFI_GUID gEfiKmsProtocolGuid;\r
+\r
+#endif\r