10c18794ea4289f03fefc7117b56740414cc0536cgdong/** @file 27ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng The variable data structures are related to EDKII-specific 30c18794ea4289f03fefc7117b56740414cc0536cgdong implementation of UEFI authenticated variables. 47ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng AuthenticatedVariableFormat.h defines variable data headers 57ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng and variable storage region headers that has been moved to 67ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng VariableFormat.h. 77ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng 87ae77cee9627f417b3bbcc3334d3823ff248a3f5Star ZengCopyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> 97ae77cee9627f417b3bbcc3334d3823ff248a3f5Star ZengThis program and the accompanying materials 107ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zengare licensed and made available under the terms and conditions of the BSD License 117ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zengwhich accompanies this distribution. The full text of the license may be found at 120c18794ea4289f03fefc7117b56740414cc0536cgdonghttp://opensource.org/licenses/bsd-license.php 130c18794ea4289f03fefc7117b56740414cc0536cgdong 147ae77cee9627f417b3bbcc3334d3823ff248a3f5Star ZengTHE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 150c18794ea4289f03fefc7117b56740414cc0536cgdongWITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 160c18794ea4289f03fefc7117b56740414cc0536cgdong 170c18794ea4289f03fefc7117b56740414cc0536cgdong**/ 180c18794ea4289f03fefc7117b56740414cc0536cgdong 190c18794ea4289f03fefc7117b56740414cc0536cgdong#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__ 200c18794ea4289f03fefc7117b56740414cc0536cgdong#define __AUTHENTICATED_VARIABLE_FORMAT_H__ 210c18794ea4289f03fefc7117b56740414cc0536cgdong 227ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng#include <Guid/VariableFormat.h> 230c18794ea4289f03fefc7117b56740414cc0536cgdong 24beda2356f5128efa4461046f882b6516ece6afc7qianouyang#define EFI_SECURE_BOOT_ENABLE_DISABLE \ 25beda2356f5128efa4461046f882b6516ece6afc7qianouyang { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } } 26beda2356f5128efa4461046f882b6516ece6afc7qianouyang 27beda2356f5128efa4461046f882b6516ece6afc7qianouyangextern EFI_GUID gEfiSecureBootEnableDisableGuid; 28c11d47b80bc5a52e58410e0e8b5e3d0ca5ce6edcsfuextern EFI_GUID gEfiCertDbGuid; 29c11d47b80bc5a52e58410e0e8b5e3d0ca5ce6edcsfuextern EFI_GUID gEfiCustomModeEnableGuid; 30a555940b2d4cb525d8c2bfcf16fbaab89157556fFu Siyuanextern EFI_GUID gEfiVendorKeysNvGuid; 31af9af05bec5b1880f8e4f9142ecc0044fd0acb33Chao Zhangextern EFI_GUID gEdkiiSecureBootModeGuid; 32beda2356f5128efa4461046f882b6516ece6afc7qianouyang 33beda2356f5128efa4461046f882b6516ece6afc7qianouyang/// 348f8ca22e594e3a6c313f725fbc7e2b20d75c79fdsfu/// "SecureBootEnable" variable for the Secure Boot feature enable/disable. 358f8ca22e594e3a6c313f725fbc7e2b20d75c79fdsfu/// This variable is used for allowing a physically present user to disable 368f8ca22e594e3a6c313f725fbc7e2b20d75c79fdsfu/// Secure Boot via firmware setup without the possession of PKpriv. 37beda2356f5128efa4461046f882b6516ece6afc7qianouyang/// 387ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// GUID: gEfiSecureBootEnableDisableGuid 397ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// 407ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// Format: UINT8 417ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// 42beda2356f5128efa4461046f882b6516ece6afc7qianouyang#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable" 43beda2356f5128efa4461046f882b6516ece6afc7qianouyang#define SECURE_BOOT_ENABLE 1 44beda2356f5128efa4461046f882b6516ece6afc7qianouyang#define SECURE_BOOT_DISABLE 0 450c18794ea4289f03fefc7117b56740414cc0536cgdong 46ecc722ad418a926af4e383f8977444717786fe20sfu/// 47ecc722ad418a926af4e383f8977444717786fe20sfu/// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard". 48ecc722ad418a926af4e383f8977444717786fe20sfu/// Standard Secure Boot mode is the default mode as UEFI Spec's description. 49ecc722ad418a926af4e383f8977444717786fe20sfu/// Custom Secure Boot mode allows for more flexibility as specified in the following: 50ecc722ad418a926af4e383f8977444717786fe20sfu/// Can enroll or delete PK without existing PK's private key. 51ecc722ad418a926af4e383f8977444717786fe20sfu/// Can enroll or delete KEK without existing PK's private key. 52ecc722ad418a926af4e383f8977444717786fe20sfu/// Can enroll or delete signature from DB/DBX without KEK's private key. 53ecc722ad418a926af4e383f8977444717786fe20sfu/// 547ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// GUID: gEfiCustomModeEnableGuid 557ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// 567ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// Format: UINT8 577ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// 58ecc722ad418a926af4e383f8977444717786fe20sfu#define EFI_CUSTOM_MODE_NAME L"CustomMode" 59ecc722ad418a926af4e383f8977444717786fe20sfu#define CUSTOM_SECURE_BOOT_MODE 1 60ecc722ad418a926af4e383f8977444717786fe20sfu#define STANDARD_SECURE_BOOT_MODE 0 61ecc722ad418a926af4e383f8977444717786fe20sfu 620c18794ea4289f03fefc7117b56740414cc0536cgdong/// 63a555940b2d4cb525d8c2bfcf16fbaab89157556fFu Siyuan/// "VendorKeysNv" variable to record the out of band secure boot keys modification. 64a555940b2d4cb525d8c2bfcf16fbaab89157556fFu Siyuan/// This variable is a read-only NV varaible that indicates whether someone other than 65a555940b2d4cb525d8c2bfcf16fbaab89157556fFu Siyuan/// the platform vendor has used a mechanism not defined by the UEFI Specification to 66a555940b2d4cb525d8c2bfcf16fbaab89157556fFu Siyuan/// transition the system to setup mode or to update secure boot keys. 67a555940b2d4cb525d8c2bfcf16fbaab89157556fFu Siyuan/// 687ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// GUID: gEfiVendorKeysNvGuid 697ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// 707ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// Format: UINT8 717ae77cee9627f417b3bbcc3334d3823ff248a3f5Star Zeng/// 72a555940b2d4cb525d8c2bfcf16fbaab89157556fFu Siyuan#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv" 73a555940b2d4cb525d8c2bfcf16fbaab89157556fFu Siyuan#define VENDOR_KEYS_VALID 1 74a555940b2d4cb525d8c2bfcf16fbaab89157556fFu Siyuan#define VENDOR_KEYS_MODIFIED 0 75a555940b2d4cb525d8c2bfcf16fbaab89157556fFu Siyuan 760c18794ea4289f03fefc7117b56740414cc0536cgdong#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__ 77