1. Add Uefi231 secure boot related definitions

Signed-off-by: hhuan13
Reviewed-by: tye, qlong
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12143 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h
index bf5295a0463f1a0faf1c54ed6d2ff9569a178915..ef160e72a30e9348b45fc8c3d38f1af9412d5c8e 100644 (file)
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -35,7 +35,8 @@
 /// for the forbidden signature database.\r
 ///\r
 #define EFI_IMAGE_SECURITY_DATABASE1      L"dbx"\r
 /// for the forbidden signature database.\r
 ///\r
 #define EFI_IMAGE_SECURITY_DATABASE1      L"dbx"\r

-\r
+#define SECURE_BOOT_MODE_ENABLE           1\r
+#define SECURE_BOOT_MODE_DISABLE          0\r

 #define SETUP_MODE                        1\r
 #define USER_MODE                         0\r
 ///\r
 #define SETUP_MODE                        1\r
 #define USER_MODE                         0\r
 ///\r


@@ -58,6 +59,12 @@
 ///\r
 #define EFI_SIGNATURE_SUPPORT_NAME        L"SignatureSupport"\r
 \r
 ///\r
 #define EFI_SIGNATURE_SUPPORT_NAME        L"SignatureSupport"\r
 \r

+///\r
+/// Globally "SecureBoot" variable to specify whether the platform firmware \r
+/// is operating in Secure boot mode (1) or not (0). All other values are reserved.\r
+///\r
+#define EFI_SECURE_BOOT_MODE_NAME         L"SecureBoot"\r
+\r

 //***********************************************************************\r
 // Signature Database\r
 //***********************************************************************\r
 //***********************************************************************\r
 // Signature Database\r
 //***********************************************************************\r


@@ -200,6 +207,15 @@ typedef struct {
   { \\r
     0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \\r
   }\r
   { \\r
     0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \\r
   }\r

+\r
+///\r
+/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315]\r
+/// SignedData value.\r
+///\r
+#define EFI_CERT_TYPE_PKCS7_GUID \\r
+  { \\r
+    0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \\r
+  }\r

   \r
 //***********************************************************************\r
 // Image Execution Information Table Definition\r
   \r
 //***********************************************************************\r
 // Image Execution Information Table Definition\r


@@ -274,5 +290,6 @@ extern EFI_GUID gEfiCertX509Guid;
 extern EFI_GUID gEfiCertSha224Guid;\r
 extern EFI_GUID gEfiCertSha384Guid;\r
 extern EFI_GUID gEfiCertSha512Guid;\r
 extern EFI_GUID gEfiCertSha224Guid;\r
 extern EFI_GUID gEfiCertSha384Guid;\r
 extern EFI_GUID gEfiCertSha512Guid;\r

+extern EFI_GUID gEfiCertPkcs7Guid;\r

 \r
 #endif\r
 \r
 #endif\r

diff --git a/MdePkg/Include/Uefi/UefiMultiPhase.h b/MdePkg/Include/Uefi/UefiMultiPhase.h
index c435b03f9cc67be0d473a1aff56fcfe1be34792b..510c841c47934c5bde58d190fe92ed213454043e 100644 (file)
--- a/MdePkg/Include/Uefi/UefiMultiPhase.h
+++ b/MdePkg/Include/Uefi/UefiMultiPhase.h
@@ -1,7 +1,7 @@
 /** @file\r
   This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.\r
 \r
 /** @file\r
   This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.\r
 \r

-Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r

 This program and the accompanying materials are licensed and made available under \r
 the terms and conditions of the BSD License that accompanies this distribution.  \r
 The full text of the license may be found at\r
 This program and the accompanying materials are licensed and made available under \r
 the terms and conditions of the BSD License that accompanies this distribution.  \r
 The full text of the license may be found at\r


@@ -120,16 +120,21 @@ typedef struct {
 ///\r
 /// Attributes of variable.\r
 /// \r
 ///\r
 /// Attributes of variable.\r
 /// \r

-#define EFI_VARIABLE_NON_VOLATILE                 0x00000001\r
-#define EFI_VARIABLE_BOOTSERVICE_ACCESS           0x00000002\r
-#define EFI_VARIABLE_RUNTIME_ACCESS               0x00000004\r
-#define EFI_VARIABLE_HARDWARE_ERROR_RECORD        0x00000008\r
-\r
+#define EFI_VARIABLE_NON_VOLATILE                            0x00000001\r
+#define EFI_VARIABLE_BOOTSERVICE_ACCESS                      0x00000002\r
+#define EFI_VARIABLE_RUNTIME_ACCESS                          0x00000004\r

 ///\r
 /// This attribute is identified by the mnemonic 'HR' \r
 /// elsewhere in this specification.\r
 /// \r
 ///\r
 /// This attribute is identified by the mnemonic 'HR' \r
 /// elsewhere in this specification.\r
 /// \r

-#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS   0x00000010\r
+#define EFI_VARIABLE_HARDWARE_ERROR_RECORD                   0x00000008\r
+///\r
+/// Attributes of Authenticated Variable\r
+///\r
+#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS              0x00000010\r
+#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS   0x00000020\r
+#define EFI_VARIABLE_APPEND_WRITE                            0x00000040\r
+\r

 \r
 ///   \r
 /// AuthInfo is a WIN_CERTIFICATE using the wCertificateType\r
 \r
 ///   \r
 /// AuthInfo is a WIN_CERTIFICATE using the wCertificateType\r


@@ -165,5 +170,24 @@ typedef struct {
   WIN_CERTIFICATE_UEFI_GUID   AuthInfo;\r
 } EFI_VARIABLE_AUTHENTICATION;\r
 \r
   WIN_CERTIFICATE_UEFI_GUID   AuthInfo;\r
 } EFI_VARIABLE_AUTHENTICATION;\r
 \r

-#endif\r
+///\r
+/// When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is \r
+/// set, then the Data buffer shall begin with an instance of a complete (and serialized)\r
+/// EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall be followed by the new \r
+/// variable value and DataSize shall reflect the combined size of the descriptor and the new \r
+/// variable value. The authentication descriptor is not part of the variable data and is not \r
+/// returned by subsequent calls to GetVariable().\r
+///\r
+typedef struct {\r
+  ///\r
+  /// For the TimeStamp value, components Pad1, Nanosecond, TimeZone, Daylight and \r
+  /// Pad2 shall be set to 0. This means that the time shall always be expressed in GMT.\r
+  ///\r
+  EFI_TIME                    TimeStamp;\r
+  /// \r
+  /// Only a CertType of  EFI_CERT_TYPE_PKCS7_GUID is accepted.\r
+  ///\r
+  WIN_CERTIFICATE_UEFI_GUID   AuthInfo;\r
+ } EFI_VARIABLE_AUTHENTICATION_2;\r

 \r
 \r

+#endif\r

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 2e4b06f55f9b512c1071811d5a1d0301f5eba9a2..08dd4361088a940e7e9888a552748995cb307d23 100644 (file)
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -422,6 +422,7 @@
   gEfiCertSha224Guid             = { 0xb6e5233,  0xa65c, 0x44c9, {0x94, 0x7,  0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd }}\r
   gEfiCertSha384Guid             = { 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e,  0x1 }}\r
   gEfiCertSha512Guid             = { 0x93e0fae,  0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a }}\r
   gEfiCertSha224Guid             = { 0xb6e5233,  0xa65c, 0x44c9, {0x94, 0x7,  0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd }}\r
   gEfiCertSha384Guid             = { 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e,  0x1 }}\r
   gEfiCertSha512Guid             = { 0x93e0fae,  0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a }}\r

+  gEfiCertPkcs7Guid              = { 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7 }}\r

 \r
   #\r
   # GUID defined in PI1.0\r
 \r
   #\r
   # GUID defined in PI1.0\r