2011-09-02 09:49:32 +02:00
|
|
|
/** @file
|
2015-07-01 05:13:02 +02:00
|
|
|
The variable data structures are related to EDKII-specific
|
2011-09-02 09:49:32 +02:00
|
|
|
implementation of UEFI authenticated variables.
|
2015-07-01 05:13:02 +02:00
|
|
|
AuthenticatedVariableFormat.h defines variable data headers
|
|
|
|
and variable storage region headers that has been moved to
|
|
|
|
VariableFormat.h.
|
|
|
|
|
2016-04-28 07:15:03 +02:00
|
|
|
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
|
2019-04-04 01:06:56 +02:00
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
2011-09-02 09:49:32 +02:00
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__
|
|
|
|
#define __AUTHENTICATED_VARIABLE_FORMAT_H__
|
|
|
|
|
2015-07-01 05:13:02 +02:00
|
|
|
#include <Guid/VariableFormat.h>
|
2011-09-02 09:49:32 +02:00
|
|
|
|
2011-10-28 05:46:20 +02:00
|
|
|
#define EFI_SECURE_BOOT_ENABLE_DISABLE \
|
|
|
|
{ 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }
|
|
|
|
|
|
|
|
extern EFI_GUID gEfiSecureBootEnableDisableGuid;
|
2012-11-28 07:59:13 +01:00
|
|
|
extern EFI_GUID gEfiCertDbGuid;
|
|
|
|
extern EFI_GUID gEfiCustomModeEnableGuid;
|
2013-09-12 07:23:28 +02:00
|
|
|
extern EFI_GUID gEfiVendorKeysNvGuid;
|
2011-10-28 05:46:20 +02:00
|
|
|
|
|
|
|
///
|
2012-07-05 10:08:12 +02:00
|
|
|
/// "SecureBootEnable" variable for the Secure Boot feature enable/disable.
|
|
|
|
/// This variable is used for allowing a physically present user to disable
|
|
|
|
/// Secure Boot via firmware setup without the possession of PKpriv.
|
2011-10-28 05:46:20 +02:00
|
|
|
///
|
2015-07-01 05:13:02 +02:00
|
|
|
/// GUID: gEfiSecureBootEnableDisableGuid
|
|
|
|
///
|
|
|
|
/// Format: UINT8
|
|
|
|
///
|
2011-10-28 05:46:20 +02:00
|
|
|
#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable"
|
|
|
|
#define SECURE_BOOT_ENABLE 1
|
|
|
|
#define SECURE_BOOT_DISABLE 0
|
2011-09-02 09:49:32 +02:00
|
|
|
|
2012-03-27 10:17:23 +02:00
|
|
|
///
|
|
|
|
/// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".
|
|
|
|
/// Standard Secure Boot mode is the default mode as UEFI Spec's description.
|
|
|
|
/// Custom Secure Boot mode allows for more flexibility as specified in the following:
|
|
|
|
/// Can enroll or delete PK without existing PK's private key.
|
|
|
|
/// Can enroll or delete KEK without existing PK's private key.
|
|
|
|
/// Can enroll or delete signature from DB/DBX without KEK's private key.
|
|
|
|
///
|
2015-07-01 05:13:02 +02:00
|
|
|
/// GUID: gEfiCustomModeEnableGuid
|
|
|
|
///
|
|
|
|
/// Format: UINT8
|
|
|
|
///
|
2012-03-27 10:17:23 +02:00
|
|
|
#define EFI_CUSTOM_MODE_NAME L"CustomMode"
|
|
|
|
#define CUSTOM_SECURE_BOOT_MODE 1
|
|
|
|
#define STANDARD_SECURE_BOOT_MODE 0
|
|
|
|
|
2013-09-12 07:23:28 +02:00
|
|
|
///
|
|
|
|
/// "VendorKeysNv" variable to record the out of band secure boot keys modification.
|
2019-10-09 09:20:15 +02:00
|
|
|
/// This variable is a read-only NV variable that indicates whether someone other than
|
2013-09-12 07:23:28 +02:00
|
|
|
/// the platform vendor has used a mechanism not defined by the UEFI Specification to
|
|
|
|
/// transition the system to setup mode or to update secure boot keys.
|
|
|
|
///
|
2015-07-01 05:13:02 +02:00
|
|
|
/// GUID: gEfiVendorKeysNvGuid
|
|
|
|
///
|
|
|
|
/// Format: UINT8
|
|
|
|
///
|
2013-09-12 07:23:28 +02:00
|
|
|
#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv"
|
|
|
|
#define VENDOR_KEYS_VALID 1
|
|
|
|
#define VENDOR_KEYS_MODIFIED 0
|
|
|
|
|
2011-09-02 09:49:32 +02:00
|
|
|
#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__
|