• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /** @file
2   Header file for NV data structure definition.
3 
4 Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution.  The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9 
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12 
13 **/
14 
15 #ifndef __SECUREBOOT_CONFIG_NV_DATA_H__
16 #define __SECUREBOOT_CONFIG_NV_DATA_H__
17 
18 #include <Guid/HiiPlatformSetupFormset.h>
19 #include <Guid/SecureBootConfigHii.h>
20 
21 //
22 // Used by VFR for form or button identification
23 //
24 #define SECUREBOOT_CONFIGURATION_VARSTORE_ID  0x0001
25 #define SECUREBOOT_CONFIGURATION_FORM_ID      0x01
26 #define FORMID_SECURE_BOOT_OPTION_FORM        0x02
27 #define FORMID_SECURE_BOOT_PK_OPTION_FORM     0x03
28 #define FORMID_SECURE_BOOT_KEK_OPTION_FORM    0x04
29 #define FORMID_SECURE_BOOT_DB_OPTION_FORM     0x05
30 #define FORMID_SECURE_BOOT_DBX_OPTION_FORM    0x06
31 #define FORMID_ENROLL_PK_FORM                 0x07
32 #define SECUREBOOT_ADD_PK_FILE_FORM_ID        0x08
33 #define FORMID_ENROLL_KEK_FORM                0x09
34 #define FORMID_DELETE_KEK_FORM                0x0a
35 #define SECUREBOOT_ENROLL_SIGNATURE_TO_DB     0x0b
36 #define SECUREBOOT_DELETE_SIGNATURE_FROM_DB   0x0c
37 #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX    0x0d
38 #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX  0x0e
39 #define FORMID_SECURE_BOOT_DBT_OPTION_FORM    0x14
40 #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT    0x15
41 #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT  0x16
42 
43 #define SECURE_BOOT_MODE_CUSTOM               0x01
44 #define SECURE_BOOT_MODE_STANDARD             0x00
45 
46 #define KEY_SECURE_BOOT_ENABLE                0x1000
47 #define KEY_SECURE_BOOT_MODE                  0x1001
48 #define KEY_VALUE_SAVE_AND_EXIT_DB            0x1002
49 #define KEY_VALUE_NO_SAVE_AND_EXIT_DB         0x1003
50 #define KEY_VALUE_SAVE_AND_EXIT_PK            0x1004
51 #define KEY_VALUE_NO_SAVE_AND_EXIT_PK         0x1005
52 #define KEY_VALUE_SAVE_AND_EXIT_KEK           0x1008
53 #define KEY_VALUE_NO_SAVE_AND_EXIT_KEK        0x1009
54 #define KEY_VALUE_SAVE_AND_EXIT_DBX           0x100a
55 #define KEY_VALUE_NO_SAVE_AND_EXIT_DBX        0x100b
56 #define KEY_HIDE_SECURE_BOOT                  0x100c
57 #define KEY_VALUE_SAVE_AND_EXIT_DBT           0x100d
58 #define KEY_VALUE_NO_SAVE_AND_EXIT_DBT        0x100e
59 
60 #define KEY_SECURE_BOOT_OPTION                0x1100
61 #define KEY_SECURE_BOOT_PK_OPTION             0x1101
62 #define KEY_SECURE_BOOT_KEK_OPTION            0x1102
63 #define KEY_SECURE_BOOT_DB_OPTION             0x1103
64 #define KEY_SECURE_BOOT_DBX_OPTION            0x1104
65 #define KEY_SECURE_BOOT_DELETE_PK             0x1105
66 #define KEY_ENROLL_PK                         0x1106
67 #define KEY_ENROLL_KEK                        0x1107
68 #define KEY_DELETE_KEK                        0x1108
69 #define KEY_SECURE_BOOT_KEK_GUID              0x110a
70 #define KEY_SECURE_BOOT_SIGNATURE_GUID_DB     0x110b
71 #define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX    0x110c
72 #define KEY_SECURE_BOOT_DBT_OPTION            0x110d
73 #define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT    0x110e
74 
75 #define LABEL_KEK_DELETE                      0x1200
76 #define LABEL_DB_DELETE                       0x1201
77 #define LABEL_DBX_DELETE                      0x1202
78 #define LABEL_DBT_DELETE                      0x1203
79 #define LABEL_END                             0xffff
80 
81 
82 #define SECURE_BOOT_MAX_ATTEMPTS_NUM          255
83 
84 #define CONFIG_OPTION_OFFSET                  0x2000
85 
86 #define OPTION_CONFIG_QUESTION_ID             0x2000
87 #define OPTION_CONFIG_RANGE                   0x1000
88 
89 //
90 // Question ID 0x2000 ~ 0x2FFF is for KEK
91 //
92 #define OPTION_DEL_KEK_QUESTION_ID            0x2000
93 //
94 // Question ID 0x3000 ~ 0x3FFF is for DB
95 //
96 #define OPTION_DEL_DB_QUESTION_ID             0x3000
97 //
98 // Question ID 0x4000 ~ 0x4FFF is for DBX
99 //
100 #define OPTION_DEL_DBX_QUESTION_ID            0x4000
101 
102 //
103 // Question ID 0x5000 ~ 0x5FFF is for DBT
104 //
105 #define OPTION_DEL_DBT_QUESTION_ID            0x5000
106 
107 #define SECURE_BOOT_GUID_SIZE                 36
108 #define SECURE_BOOT_GUID_STORAGE_SIZE         37
109 
110 
111 //
112 // Nv Data structure referenced by IFR
113 //
114 typedef struct {
115   BOOLEAN AttemptSecureBoot;   // Attempt to enable/disable Secure Boot
116   BOOLEAN HideSecureBoot;      // Hiden Attempt Secure Boot
117   CHAR16  SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];
118   BOOLEAN PhysicalPresent;     // If a Physical Present User
119   UINT8   SecureBootMode;      // Secure Boot Mode: Standard Or Custom
120   BOOLEAN DeletePk;
121   BOOLEAN HasPk;               // If Pk is existed it is true
122   BOOLEAN AlwaysRevocation;    // If the certificate is always revoked. Revocation time is hidden
123   UINT8   CertificateFormat;   // The type of the certificate
124   EFI_HII_DATE RevocationDate; // The revocation date of the certificate
125   EFI_HII_TIME RevocationTime; // The revocation time of the certificate
126 } SECUREBOOT_CONFIGURATION;
127 
128 #endif
129