TianoCore EDK2 master
Loading...
Searching...
No Matches
AuthenticatedVariableFormat.h File Reference

Go to the source code of this file.

Macros

#define EFI_SECURE_BOOT_ENABLE_DISABLE    { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }
 
#define EFI_SECURE_BOOT_ENABLE_NAME   L"SecureBootEnable"
 
#define SECURE_BOOT_ENABLE   1
 
#define SECURE_BOOT_DISABLE   0
 
#define EFI_CUSTOM_MODE_NAME   L"CustomMode"
 
#define CUSTOM_SECURE_BOOT_MODE   1
 
#define STANDARD_SECURE_BOOT_MODE   0
 
#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME   L"VendorKeysNv"
 
#define VENDOR_KEYS_VALID   1
 
#define VENDOR_KEYS_MODIFIED   0
 

Variables

EFI_GUID gEfiSecureBootEnableDisableGuid
 
EFI_GUID gEfiCertDbGuid
 
EFI_GUID gEfiCustomModeEnableGuid
 
EFI_GUID gEfiVendorKeysNvGuid
 

Detailed Description

The variable data structures are related to EDKII-specific implementation of UEFI authenticated variables. AuthenticatedVariableFormat.h defines variable data headers and variable storage region headers that has been moved to VariableFormat.h.

Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file AuthenticatedVariableFormat.h.

Macro Definition Documentation

◆ CUSTOM_SECURE_BOOT_MODE

#define CUSTOM_SECURE_BOOT_MODE   1

Definition at line 52 of file AuthenticatedVariableFormat.h.

◆ EFI_CUSTOM_MODE_NAME

#define EFI_CUSTOM_MODE_NAME   L"CustomMode"

"CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard". Standard Secure Boot mode is the default mode as UEFI Spec's description. Custom Secure Boot mode allows for more flexibility as specified in the following: Can enroll or delete PK without existing PK's private key. Can enroll or delete KEK without existing PK's private key. Can enroll or delete signature from DB/DBX without KEK's private key.

GUID: gEfiCustomModeEnableGuid

Format: UINT8

Definition at line 51 of file AuthenticatedVariableFormat.h.

◆ EFI_SECURE_BOOT_ENABLE_DISABLE

#define EFI_SECURE_BOOT_ENABLE_DISABLE    { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }

Definition at line 18 of file AuthenticatedVariableFormat.h.

◆ EFI_SECURE_BOOT_ENABLE_NAME

#define EFI_SECURE_BOOT_ENABLE_NAME   L"SecureBootEnable"

"SecureBootEnable" variable for the Secure Boot feature enable/disable. This variable is used for allowing a physically present user to disable Secure Boot via firmware setup without the possession of PKpriv.

GUID: gEfiSecureBootEnableDisableGuid

Format: UINT8

Definition at line 35 of file AuthenticatedVariableFormat.h.

◆ EFI_VENDOR_KEYS_NV_VARIABLE_NAME

#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME   L"VendorKeysNv"

"VendorKeysNv" variable to record the out of band secure boot keys modification. This variable is a read-only NV variable that indicates whether someone other than the platform vendor has used a mechanism not defined by the UEFI Specification to transition the system to setup mode or to update secure boot keys.

GUID: gEfiVendorKeysNvGuid

Format: UINT8

Definition at line 65 of file AuthenticatedVariableFormat.h.

◆ SECURE_BOOT_DISABLE

#define SECURE_BOOT_DISABLE   0

Definition at line 37 of file AuthenticatedVariableFormat.h.

◆ SECURE_BOOT_ENABLE

#define SECURE_BOOT_ENABLE   1

Definition at line 36 of file AuthenticatedVariableFormat.h.

◆ STANDARD_SECURE_BOOT_MODE

#define STANDARD_SECURE_BOOT_MODE   0

Definition at line 53 of file AuthenticatedVariableFormat.h.

◆ VENDOR_KEYS_MODIFIED

#define VENDOR_KEYS_MODIFIED   0

Definition at line 67 of file AuthenticatedVariableFormat.h.

◆ VENDOR_KEYS_VALID

#define VENDOR_KEYS_VALID   1

Definition at line 66 of file AuthenticatedVariableFormat.h.