From ab0eecec6e1233b7ca179d8a8f2b2e44e9546b7f Mon Sep 17 00:00:00 2001 From: hhuan13 Date: Tue, 16 Aug 2011 07:16:02 +0000 Subject: 1. Add Uefi231 secure boot related definitions Signed-off-by: hhuan13 Reviewed-by: tye, qlong git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12143 6f19259b-4bc3-4df7-8a09-765794883524 --- MdePkg/Include/Guid/ImageAuthentication.h | 19 ++++++++++++++- MdePkg/Include/Uefi/UefiMultiPhase.h | 40 ++++++++++++++++++++++++------- 2 files changed, 50 insertions(+), 9 deletions(-) (limited to 'MdePkg/Include') diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h index bf5295a046..ef160e72a3 100644 --- a/MdePkg/Include/Guid/ImageAuthentication.h +++ b/MdePkg/Include/Guid/ImageAuthentication.h @@ -35,7 +35,8 @@ /// for the forbidden signature database. /// #define EFI_IMAGE_SECURITY_DATABASE1 L"dbx" - +#define SECURE_BOOT_MODE_ENABLE 1 +#define SECURE_BOOT_MODE_DISABLE 0 #define SETUP_MODE 1 #define USER_MODE 0 /// @@ -58,6 +59,12 @@ /// #define EFI_SIGNATURE_SUPPORT_NAME L"SignatureSupport" +/// +/// Globally "SecureBoot" variable to specify whether the platform firmware +/// is operating in Secure boot mode (1) or not (0). All other values are reserved. +/// +#define EFI_SECURE_BOOT_MODE_NAME L"SecureBoot" + //*********************************************************************** // Signature Database //*********************************************************************** @@ -200,6 +207,15 @@ typedef struct { { \ 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \ } + +/// +/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315] +/// SignedData value. +/// +#define EFI_CERT_TYPE_PKCS7_GUID \ + { \ + 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \ + } //*********************************************************************** // Image Execution Information Table Definition @@ -274,5 +290,6 @@ extern EFI_GUID gEfiCertX509Guid; extern EFI_GUID gEfiCertSha224Guid; extern EFI_GUID gEfiCertSha384Guid; extern EFI_GUID gEfiCertSha512Guid; +extern EFI_GUID gEfiCertPkcs7Guid; #endif diff --git a/MdePkg/Include/Uefi/UefiMultiPhase.h b/MdePkg/Include/Uefi/UefiMultiPhase.h index c435b03f9c..510c841c47 100644 --- a/MdePkg/Include/Uefi/UefiMultiPhase.h +++ b/MdePkg/Include/Uefi/UefiMultiPhase.h @@ -1,7 +1,7 @@ /** @file This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases. -Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at @@ -120,16 +120,21 @@ typedef struct { /// /// Attributes of variable. /// -#define EFI_VARIABLE_NON_VOLATILE 0x00000001 -#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 -#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 -#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008 - +#define EFI_VARIABLE_NON_VOLATILE 0x00000001 +#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 +#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 /// /// This attribute is identified by the mnemonic 'HR' /// elsewhere in this specification. /// -#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 +#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008 +/// +/// Attributes of Authenticated Variable +/// +#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 +#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 +#define EFI_VARIABLE_APPEND_WRITE 0x00000040 + /// /// AuthInfo is a WIN_CERTIFICATE using the wCertificateType @@ -165,5 +170,24 @@ typedef struct { WIN_CERTIFICATE_UEFI_GUID AuthInfo; } EFI_VARIABLE_AUTHENTICATION; -#endif +/// +/// When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is +/// set, then the Data buffer shall begin with an instance of a complete (and serialized) +/// EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall be followed by the new +/// variable value and DataSize shall reflect the combined size of the descriptor and the new +/// variable value. The authentication descriptor is not part of the variable data and is not +/// returned by subsequent calls to GetVariable(). +/// +typedef struct { + /// + /// For the TimeStamp value, components Pad1, Nanosecond, TimeZone, Daylight and + /// Pad2 shall be set to 0. This means that the time shall always be expressed in GMT. + /// + EFI_TIME TimeStamp; + /// + /// Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted. + /// + WIN_CERTIFICATE_UEFI_GUID AuthInfo; + } EFI_VARIABLE_AUTHENTICATION_2; +#endif -- cgit v1.2.3