Home | History | Annotate | Download | only in SecureBootConfigDxe 
      1 /** @file
      2   Header file for NV data structure definition.
      3 
      4 Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
      5 This program and the accompanying materials
      6 are licensed and made available under the terms and conditions of the BSD License
      7 which accompanies this distribution.  The full text of the license may be found at
      8 http://opensource.org/licenses/bsd-license.php
      9 
     10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
     11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
     12 
     13 **/
     14 
     15 #ifndef __SECUREBOOT_CONFIG_NV_DATA_H__
     16 #define __SECUREBOOT_CONFIG_NV_DATA_H__
     17 
     18 #include <Guid/HiiPlatformSetupFormset.h>
     19 #include <Guid/SecureBootConfigHii.h>
     20 
     21 //
     22 // Used by VFR for form or button identification
     23 //
     24 #define SECUREBOOT_CONFIGURATION_VARSTORE_ID  0x0001
     25 #define SECUREBOOT_CONFIGURATION_FORM_ID      0x01
     26 #define FORMID_SECURE_BOOT_OPTION_FORM        0x02
     27 #define FORMID_SECURE_BOOT_PK_OPTION_FORM     0x03
     28 #define FORMID_SECURE_BOOT_KEK_OPTION_FORM    0x04
     29 #define FORMID_SECURE_BOOT_DB_OPTION_FORM     0x05
     30 #define FORMID_SECURE_BOOT_DBX_OPTION_FORM    0x06
     31 #define FORMID_ENROLL_PK_FORM                 0x07
     32 #define SECUREBOOT_ADD_PK_FILE_FORM_ID        0x08
     33 #define FORMID_ENROLL_KEK_FORM                0x09
     34 #define FORMID_DELETE_KEK_FORM                0x0a
     35 #define SECUREBOOT_ENROLL_SIGNATURE_TO_DB     0x0b
     36 #define SECUREBOOT_DELETE_SIGNATURE_FROM_DB   0x0c
     37 #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX    0x0d
     38 #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX  0x0e
     39 #define FORMID_SECURE_BOOT_DBT_OPTION_FORM    0x14
     40 #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT    0x15
     41 #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT  0x16
     42 
     43 #define SECURE_BOOT_MODE_CUSTOM               0x01
     44 #define SECURE_BOOT_MODE_STANDARD             0x00
     45 
     46 #define KEY_SECURE_BOOT_ENABLE                0x1000
     47 #define KEY_SECURE_BOOT_MODE                  0x1001
     48 #define KEY_VALUE_SAVE_AND_EXIT_DB            0x1002
     49 #define KEY_VALUE_NO_SAVE_AND_EXIT_DB         0x1003
     50 #define KEY_VALUE_SAVE_AND_EXIT_PK            0x1004
     51 #define KEY_VALUE_NO_SAVE_AND_EXIT_PK         0x1005
     52 #define KEY_VALUE_SAVE_AND_EXIT_KEK           0x1008
     53 #define KEY_VALUE_NO_SAVE_AND_EXIT_KEK        0x1009
     54 #define KEY_VALUE_SAVE_AND_EXIT_DBX           0x100a
     55 #define KEY_VALUE_NO_SAVE_AND_EXIT_DBX        0x100b
     56 #define KEY_HIDE_SECURE_BOOT                  0x100c
     57 #define KEY_VALUE_SAVE_AND_EXIT_DBT           0x100d
     58 #define KEY_VALUE_NO_SAVE_AND_EXIT_DBT        0x100e
     59 
     60 #define KEY_SECURE_BOOT_OPTION                0x1100
     61 #define KEY_SECURE_BOOT_PK_OPTION             0x1101
     62 #define KEY_SECURE_BOOT_KEK_OPTION            0x1102
     63 #define KEY_SECURE_BOOT_DB_OPTION             0x1103
     64 #define KEY_SECURE_BOOT_DBX_OPTION            0x1104
     65 #define KEY_SECURE_BOOT_DELETE_PK             0x1105
     66 #define KEY_ENROLL_PK                         0x1106
     67 #define KEY_ENROLL_KEK                        0x1107
     68 #define KEY_DELETE_KEK                        0x1108
     69 #define KEY_SECURE_BOOT_KEK_GUID              0x110a
     70 #define KEY_SECURE_BOOT_SIGNATURE_GUID_DB     0x110b
     71 #define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX    0x110c
     72 #define KEY_SECURE_BOOT_DBT_OPTION            0x110d
     73 #define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT    0x110e
     74 
     75 #define LABEL_KEK_DELETE                      0x1200
     76 #define LABEL_DB_DELETE                       0x1201
     77 #define LABEL_DBX_DELETE                      0x1202
     78 #define LABEL_DBT_DELETE                      0x1203
     79 #define LABEL_END                             0xffff
     80 
     81 
     82 #define SECURE_BOOT_MAX_ATTEMPTS_NUM          255
     83 
     84 #define CONFIG_OPTION_OFFSET                  0x2000
     85 
     86 #define OPTION_CONFIG_QUESTION_ID             0x2000
     87 #define OPTION_CONFIG_RANGE                   0x1000
     88 
     89 //
     90 // Question ID 0x2000 ~ 0x2FFF is for KEK
     91 //
     92 #define OPTION_DEL_KEK_QUESTION_ID            0x2000
     93 //
     94 // Question ID 0x3000 ~ 0x3FFF is for DB
     95 //
     96 #define OPTION_DEL_DB_QUESTION_ID             0x3000
     97 //
     98 // Question ID 0x4000 ~ 0x4FFF is for DBX
     99 //
    100 #define OPTION_DEL_DBX_QUESTION_ID            0x4000
    101 
    102 //
    103 // Question ID 0x5000 ~ 0x5FFF is for DBT
    104 //
    105 #define OPTION_DEL_DBT_QUESTION_ID            0x5000
    106 
    107 #define SECURE_BOOT_GUID_SIZE                 36
    108 #define SECURE_BOOT_GUID_STORAGE_SIZE         37
    109 
    110 
    111 //
    112 // Nv Data structure referenced by IFR
    113 //
    114 typedef struct {
    115   BOOLEAN AttemptSecureBoot;   // Attempt to enable/disable Secure Boot
    116   BOOLEAN HideSecureBoot;      // Hiden Attempt Secure Boot
    117   CHAR16  SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];
    118   BOOLEAN PhysicalPresent;     // If a Physical Present User
    119   UINT8   SecureBootMode;      // Secure Boot Mode: Standard Or Custom
    120   BOOLEAN DeletePk;
    121   BOOLEAN HasPk;               // If Pk is existed it is true
    122   BOOLEAN AlwaysRevocation;    // If the certificate is always revoked. Revocation time is hidden
    123   UINT8   CertificateFormat;   // The type of the certificate
    124   EFI_HII_DATE RevocationDate; // The revocation date of the certificate
    125   EFI_HII_TIME RevocationTime; // The revocation time of the certificate
    126 } SECUREBOOT_CONFIGURATION;
    127 
    128 #endif
    129