1 /** @file 2 Header file for NV data structure definition. 3 4 Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 http://opensource.org/licenses/bsd-license.php 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 13 **/ 14 15 #ifndef __SECUREBOOT_CONFIG_NV_DATA_H__ 16 #define __SECUREBOOT_CONFIG_NV_DATA_H__ 17 18 #include <Guid/HiiPlatformSetupFormset.h> 19 #include <Guid/SecureBootConfigHii.h> 20 21 // 22 // Used by VFR for form or button identification 23 // 24 #define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001 25 #define SECUREBOOT_CONFIGURATION_FORM_ID 0x01 26 #define FORMID_SECURE_BOOT_OPTION_FORM 0x02 27 #define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03 28 #define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04 29 #define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05 30 #define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06 31 #define FORMID_ENROLL_PK_FORM 0x07 32 #define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08 33 #define FORMID_ENROLL_KEK_FORM 0x09 34 #define FORMID_DELETE_KEK_FORM 0x0a 35 #define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b 36 #define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c 37 #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d 38 #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX 0x0e 39 #define FORM_FILE_EXPLORER_ID 0x0f 40 #define FORM_FILE_EXPLORER_ID_PK 0x10 41 #define FORM_FILE_EXPLORER_ID_KEK 0x11 42 #define FORM_FILE_EXPLORER_ID_DB 0x12 43 #define FORM_FILE_EXPLORER_ID_DBX 0x13 44 #define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14 45 #define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15 46 #define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16 47 #define FORM_FILE_EXPLORER_ID_DBT 0x17 48 49 #define SECURE_BOOT_MODE_CUSTOM 0x01 50 #define SECURE_BOOT_MODE_STANDARD 0x00 51 52 #define KEY_SECURE_BOOT_ENABLE 0x1000 53 #define KEY_SECURE_BOOT_MODE 0x1001 54 #define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002 55 #define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003 56 #define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004 57 #define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005 58 #define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008 59 #define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009 60 #define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a 61 #define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b 62 #define KEY_HIDE_SECURE_BOOT 0x100c 63 #define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d 64 #define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e 65 66 #define KEY_SECURE_BOOT_OPTION 0x1100 67 #define KEY_SECURE_BOOT_PK_OPTION 0x1101 68 #define KEY_SECURE_BOOT_KEK_OPTION 0x1102 69 #define KEY_SECURE_BOOT_DB_OPTION 0x1103 70 #define KEY_SECURE_BOOT_DBX_OPTION 0x1104 71 #define KEY_SECURE_BOOT_DELETE_PK 0x1105 72 #define KEY_ENROLL_PK 0x1106 73 #define KEY_ENROLL_KEK 0x1107 74 #define KEY_DELETE_KEK 0x1108 75 #define KEY_SECURE_BOOT_KEK_GUID 0x110a 76 #define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b 77 #define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c 78 #define KEY_SECURE_BOOT_DBT_OPTION 0x110d 79 #define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e 80 81 #define LABEL_KEK_DELETE 0x1200 82 #define LABEL_DB_DELETE 0x1201 83 #define LABEL_DBX_DELETE 0x1202 84 #define LABEL_DBT_DELETE 0x1203 85 #define LABEL_END 0xffff 86 87 #define KEY_TRANS_SECURE_BOOT_MODE 0x2000 88 89 #define SECURE_BOOT_MAX_ATTEMPTS_NUM 255 90 91 #define CONFIG_OPTION_OFFSET 0x2000 92 93 #define OPTION_CONFIG_QUESTION_ID 0x2000 94 #define OPTION_CONFIG_RANGE 0x1000 95 96 // 97 // Question ID 0x2000 ~ 0x2FFF is for KEK 98 // 99 #define OPTION_DEL_KEK_QUESTION_ID 0x2000 100 // 101 // Question ID 0x3000 ~ 0x3FFF is for DB 102 // 103 #define OPTION_DEL_DB_QUESTION_ID 0x3000 104 // 105 // Question ID 0x4000 ~ 0x4FFF is for DBX 106 // 107 #define OPTION_DEL_DBX_QUESTION_ID 0x4000 108 109 // 110 // Question ID 0x5000 ~ 0x5FFF is for DBT 111 // 112 #define OPTION_DEL_DBT_QUESTION_ID 0x5000 113 114 #define FILE_OPTION_GOTO_OFFSET 0xC000 115 #define FILE_OPTION_OFFSET 0x8000 116 #define FILE_OPTION_MASK 0x3FFF 117 118 #define SECURE_BOOT_GUID_SIZE 36 119 #define SECURE_BOOT_GUID_STORAGE_SIZE 37 120 121 #define SECURE_BOOT_MODE_USER_MODE 0 122 #define SECURE_BOOT_MODE_SETUP_MODE 1 123 #define SECURE_BOOT_MODE_AUDIT_MODE 2 124 #define SECURE_BOOT_MODE_DEPLOYED_MODE 3 125 126 // 127 // Nv Data structure referenced by IFR 128 // 129 typedef struct { 130 BOOLEAN AttemptSecureBoot; // Attempt to enable/disable Secure Boot 131 BOOLEAN HideSecureBoot; // Hiden Attempt Secure Boot 132 CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE]; 133 BOOLEAN PhysicalPresent; // If a Physical Present User 134 UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom 135 UINT8 CurSecureBootMode; // Current SecureBoot Mode SetupMode/UserMode/AuditMode/DeployedMode 136 UINT8 TransSecureBootMode; // Trans Next SecureBoot Mode 137 BOOLEAN DeletePk; 138 BOOLEAN HasPk; // If Pk is existed it is true 139 BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden 140 UINT8 CertificateFormat; // The type of the certificate 141 EFI_HII_DATE RevocationDate; // The revocation date of the certificate 142 EFI_HII_TIME RevocationTime; // The revocation time of the certificate 143 } SECUREBOOT_CONFIGURATION; 144 145 #endif 146