Support User Manuals

Intel Extensible Firmware Interface Network Router User Manual

Open as PDF

of 1084

Extensible Firmware Interface Specification

15-84 12/01/02 Version 1.10

//*******************************************************

// BIS_CERT_ID

//*******************************************************

typedef UINT32 BIS_CERT_ID;

This type represents a shortened value that identifies the platform’s currently configured Boot

Object Authorization Certificate. The value is the first four bytes, in “little-endian” order, of the

SHA-1 hash of the certificate, except that the most-significant bits of the second and third bytes

are reserved, and must be set to zero regardless of the outcome of the hash function. This type is

included in the array of values returned from the GetSignatureInfo() function to indicate

the required source of a signature for a boot object or a configuration update request. There are a

few predefined reserved values with special meanings as described below.

//*******************************************************

// BIS_CERT_ID predefined values

// Currently defined values for EFI_BIS_SIGNATURE_INFO.

// CertificateId.

//*******************************************************

#define BIS_CERT_ID_DSA BIS_ALG_DSA //CSSM_ALGID_DSA

#define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 //CSSM_ALGID_MD5_WITH_RSA

These C preprocessor symbols provide values for the BIS_CERT_ID type. These values are

used when the platform has no configured Boot Object Authorization Certificate. They indicate

the signature algorithm that is supported by the platform. Users must be careful to avoid

constructing Boot Object Authorization Certificates that transform to BIS_CERT_ID values that

collide with these predefined values or with the BIS_CERT_ID values of other Boot Object

Authorization Certificates they use.

//*******************************************************

// BIS_CERT_ID_MASK

// The following is a mask value that gets applied to the

// truncated hash of a platform Boot Object Authorization

// Certificate to create the CertificateId. A CertificateId

// must not have any bits set to the value 1 other than bits in

// this mask.

//*******************************************************

#define BIS_CERT_ID_MASK (0xFF7F7FFF)

This C preprocessor symbol may be used as a bit-wise “AND” value to transform the first four

bytes (in little-endian order) of a SHA-1 hash of a certificate into a certificate ID with the

“reserved” bits properly set to zero.

previous next