1/*++ 2 3Copyright (c) 2004, Intel Corporation. All rights reserved.<BR> 4This program and the accompanying materials 5are licensed and made available under the terms and conditions of the BSD License 6which accompanies this distribution. The full text of the license may be found at 7http://opensource.org/licenses/bsd-license.php 8 9THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 11 12Module Name: 13 14 Bis.h 15 16Abstract: 17 18 This file defines the BIS protocol. 19 20--*/ 21 22#ifndef _BIS_H_ 23#define _BIS_H_ 24 25#include <EfiSpec.h> 26 27// 28// Basic types 29// 30typedef VOID *BIS_APPLICATION_HANDLE; 31typedef UINT16 BIS_ALG_ID; 32typedef UINT32 BIS_CERT_ID; 33 34// 35// EFI_BIS_DATA type. 36// 37// EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ). 38// 39typedef struct _EFI_BIS_DATA { 40 UINT32 Length; // Length of Data in 8 bit bytes. 41 UINT8 *Data; // 32 Bit Flat Address of data. 42} EFI_BIS_DATA; 43 44// 45// EFI_BIS_VERSION type. 46// 47typedef struct _EFI_BIS_VERSION { 48 UINT32 Major; // BIS Interface version number. 49 UINT32 Minor; // Build number. 50} EFI_BIS_VERSION; 51 52// 53// ----------------------------------------------------// 54// Use these values to initialize EFI_BIS_VERSION.Major 55// and to interpret results of Initialize. 56// ----------------------------------------------------// 57// 58#define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1 59#define BIS_VERSION_1 1 60 61// 62// EFI_BIS_SIGNATURE_INFO type. 63// 64typedef struct _EFI_BIS_SIGNATURE_INFO { 65 BIS_CERT_ID CertificateID; // Truncated hash of platform Boot Object 66 // authorization certificate. 67 // 68 BIS_ALG_ID AlgorithmID; // A signature algorithm number. 69 UINT16 KeyLength; // Length of alg. keys in bits. 70} EFI_BIS_SIGNATURE_INFO; 71 72// 73// Currently defined values for EFI_BIS_SIGNATURE_INFO.AlgorithmID. 74// The exact numeric values come from 75// "Common Data Security Architecture (CDSA) Specification". 76// 77#define BIS_ALG_DSA (41) // CSSM_ALGID_DSA 78#define BIS_ALG_RSA_MD5 (42) // CSSM_ALGID_MD5_WITH_RSA 79// Currently defined values for EFI_BIS_SIGNATURE_INFO.CertificateId. 80// 81#define BIS_CERT_ID_DSA BIS_ALG_DSA // CSSM_ALGID_DSA 82#define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA 83// The following is a mask value that gets applied to the truncated hash of a 84// platform Boot Object Authorization Certificate to create the certificateID. 85// A certificateID must not have any bits set to the value 1 other than bits in 86// this mask. 87// 88#define BIS_CERT_ID_MASK (0xFF7F7FFF) 89 90// 91// Macros for dealing with the EFI_BIS_DATA object obtained 92// from BIS_GetSignatureInfo() 93// BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO 94// elements are contained in a EFI_BIS_DATA struct pointed to 95// by the provided EFI_BIS_DATA*. 96// 97#define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO)) 98 99// 100// BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO* 101// from a given EFI_BIS_DATA*. 102// 103#define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data) 104 105// 106// Binary Value of "X-Intel-BIS-ParameterSet" Attribute. 107// (Value is Base64 encoded in actual signed manifest). 108// {EDD35E31-07B9-11d2-83A3-00A0C91FADCF} 109// 110#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \ 111 { \ 112 0xedd35e31, 0x7b9, 0x11d2, \ 113 { \ 114 0x83, 0xa3, 0x0, 0xa0, 0xc9, 0x1f, 0xad, 0xcf \ 115 } \ 116 } 117 118// 119// -----------------------------------// 120// EFI_BIS_PROTOCOL 121// -----------------------------------// 122// 123#define EFI_BIS_PROTOCOL_GUID \ 124 { \ 125 0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf} \ 126 } 127 128typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL; 129 130typedef 131EFI_STATUS 132(EFIAPI *EFI_BIS_INITIALIZE) ( 133 IN EFI_BIS_PROTOCOL * This, // this 134 OUT BIS_APPLICATION_HANDLE * AppHandle, // Application handle. 135 IN OUT EFI_BIS_VERSION * InterfaceVersion, // ver needed/available. 136 IN EFI_BIS_DATA * TargetAddress // Address of BIS platform. 137 ); 138 139typedef 140EFI_STATUS 141(EFIAPI *EFI_BIS_FREE) ( 142 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 143 IN EFI_BIS_DATA * ToFree // EFI_BIS_DATA being freed. 144 ); 145 146typedef 147EFI_STATUS 148(EFIAPI *EFI_BIS_SHUTDOWN) ( 149 IN BIS_APPLICATION_HANDLE AppHandle // From Initialize( ). 150 ); 151 152typedef 153EFI_STATUS 154(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE) ( 155 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 156 OUT EFI_BIS_DATA **Certificate // Pointer to certificate. 157 ); 158 159typedef 160EFI_STATUS 161(EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT) ( 162 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 163 IN EFI_BIS_DATA * Credentials, // Verification signed manifest. 164 IN EFI_BIS_DATA * DataObject, // Boot object to verify. 165 OUT BOOLEAN *IsVerified // Result of verifcation. 166 ); 167 168typedef 169EFI_STATUS 170(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG) ( 171 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 172 OUT BOOLEAN *CheckIsRequired // Value of check flag. 173 ); 174 175typedef 176EFI_STATUS 177(EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN) ( 178 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 179 OUT EFI_BIS_DATA **UpdateToken // Value of update token. 180 ); 181 182typedef 183EFI_STATUS 184(EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION) ( 185 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 186 IN EFI_BIS_DATA * RequestCredential, // Update Request Manifest. 187 OUT EFI_BIS_DATA **NewUpdateToken // Next update token. 188 ); 189 190typedef 191EFI_STATUS 192(EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL) ( 193 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 194 IN EFI_BIS_DATA * Credentials, // Verification signed manifest. 195 IN EFI_BIS_DATA * DataObject, // Boot object to verify. 196 IN EFI_BIS_DATA * SectionName, // Name of credential section to use. 197 IN EFI_BIS_DATA * AuthorityCertificate, // Certificate for credentials. 198 OUT BOOLEAN *IsVerified // Result of verifcation. 199 ); 200 201typedef 202EFI_STATUS 203(EFIAPI *EFI_BIS_GET_SIGNATURE_INFO) ( 204 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 205 OUT EFI_BIS_DATA **SignatureInfo // Signature info struct. 206 ); 207 208#define EFI_BIS_PROTOCOL_REVISION 0x00010000 209 210struct _EFI_BIS_PROTOCOL { 211 // 212 // member vars 213 // 214 UINT64 Revision; 215 216 // 217 // methods 218 // 219 EFI_BIS_INITIALIZE Initialize; 220 EFI_BIS_SHUTDOWN Shutdown; 221 EFI_BIS_FREE Free; 222 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE GetBootObjectAuthorizationCertificate; 223 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG GetBootObjectAuthorizationCheckFlag; 224 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN GetBootObjectAuthorizationUpdateToken; 225 EFI_BIS_GET_SIGNATURE_INFO GetSignatureInfo; 226 EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION UpdateBootObjectAuthorization; 227 EFI_BIS_VERIFY_BOOT_OBJECT VerifyBootObject; 228 EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL VerifyObjectWithCredential; 229}; 230 231extern EFI_GUID gEfiBisProtocolGuid; 232 233#endif 234