sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
713ffa208e3a9c71a84b1b0743c536662af6ba8c
system76-edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
sfu5 ecc722ad41 1. Remove “Force clear PK” feature in AuthVarialbe driver. 
2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib.
2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature.
3. Fix some bugs in AuthVariable driver.

Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-27 08:17:23 +00:00

119 lines
4.5 KiB
C
Raw Blame History

/** @file
Header file for NV data structure definition.
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __SECUREBOOT_CONFIG_NV_DATA_H__
#define __SECUREBOOT_CONFIG_NV_DATA_H__
#include <Guid/HiiPlatformSetupFormset.h>
#include <Guid/SecureBootConfigHii.h>
//
// Used by VFR for form or button identification
//
#define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001
#define SECUREBOOT_CONFIGURATION_FORM_ID 0x01
#define FORMID_SECURE_BOOT_OPTION_FORM 0x02
#define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03
#define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04
#define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05
#define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06
#define FORMID_ENROLL_PK_FORM 0x07
#define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08
#define FORMID_ENROLL_KEK_FORM 0x09
#define FORMID_DELETE_KEK_FORM 0x0a
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX 0x0e
#define FORM_FILE_EXPLORER_ID 0x0f
#define FORM_FILE_EXPLORER_ID_PK 0x10
#define FORM_FILE_EXPLORER_ID_KEK 0x11
#define FORM_FILE_EXPLORER_ID_DB 0x12
#define FORM_FILE_EXPLORER_ID_DBX 0x13
#define SECURE_BOOT_MODE_CUSTOM 0x01
#define SECURE_BOOT_MODE_STANDARD 0x00
#define KEY_SECURE_BOOT_ENABLE 0x1000
#define KEY_SECURE_BOOT_MODE 0x1001
#define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002
#define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003
#define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004
#define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005
#define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008
#define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009
#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a
#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b
#define KEY_SECURE_BOOT_OPTION 0x1100
#define KEY_SECURE_BOOT_PK_OPTION 0x1101
#define KEY_SECURE_BOOT_KEK_OPTION 0x1102
#define KEY_SECURE_BOOT_DB_OPTION 0x1103
#define KEY_SECURE_BOOT_DBX_OPTION 0x1104
#define KEY_SECURE_BOOT_DELETE_PK 0x1105
#define KEY_ENROLL_PK 0x1106
#define KEY_ENROLL_KEK 0x1107
#define KEY_DELETE_KEK 0x1108
#define KEY_SECURE_BOOT_KEK_GUID 0x110a
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c
#define LABEL_KEK_DELETE 0x1200
#define LABEL_DB_DELETE 0x1201
#define LABEL_DBX_DELETE 0x1202
#define LABEL_END 0xffff
#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255
#define CONFIG_OPTION_OFFSET 0x2000
#define OPTION_CONFIG_QUESTION_ID 0x2000
#define OPTION_CONFIG_RANGE 0x1000
//
// Question ID 0x2000 ~ 0x2FFF is for KEK
//
#define OPTION_DEL_KEK_QUESTION_ID 0x2000
//
// Question ID 0x3000 ~ 0x3FFF is for DB
//
#define OPTION_DEL_DB_QUESTION_ID 0x3000
//
// Question ID 0x4000 ~ 0x4FFF is for DBX
//
#define OPTION_DEL_DBX_QUESTION_ID 0x4000
#define FILE_OPTION_OFFSET 0x8000
#define FILE_OPTION_MASK 0x7FFF
#define SECURE_BOOT_GUID_SIZE 36
#define SECURE_BOOT_GUID_STORAGE_SIZE 37
//
// Nv Data structure referenced by IFR
//
typedef struct {
BOOLEAN SecureBootState; //Secure Boot Disable/Enable;
BOOLEAN HideSecureBoot; //Hiden Attempt Secure Boot
CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];
BOOLEAN PhysicalPresent; //If a Physical Present User;
UINT8 SecureBootMode; //Secure Boot Mode: Standard Or Custom
BOOLEAN DeletePk;
BOOLEAN HasPk; //If Pk is existed it is true;
} SECUREBOOT_CONFIGURATION;
#endif
Reference in New Issue View Git Blame Copy Permalink