Support User Manuals

Intel Extensible Firmware Interface Network Router User Manual

Open as PDF

of 1084

Extensible Firmware Interface Specification

15-92 12/01/02 Version 1.10

So for example with a signer’s information file name of “myinfo.SF,” the corresponding DSA

signature block file name would be “myinfo.DSA.”

The format of a signature block file is defined in [PKCS].

//**********************************************************

// “X-Intel-BIS-ParameterSet” Attribute value

// Binary Value of “X-Intel-BIS-ParameterSet” Attribute.

// (Value is Base-64 encoded in actual signed manifest).

//**********************************************************

#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \

{0xedd35e31,0x7b9,0x11d2,0x83,0xa3,0x0,0xa0,0xc9,0x1f,0xad,0xcf}

This preprocessor symbol gives the value for an attribute inserted in signed manifests to

distinguish updates of BIS parameters from updates of other parameters. The representation

inserted into the manifest is base-64 encoded.

Description

This function updates one of the configurable parameters of the Boot Object Authorization set

(Boot Object Authorization Certificate or Boot Authorization Check Flag). It passes back a new

unique update token that must be included in the request credential for the next update of any

parameter in the Boot Object Authorization set. The token value is unique to this platform,

parameter set, and instance of parameter values. In particular, the token changes to a new unique

value whenever any parameter in this set is changed.

Status Codes Returned

EFI_SUCCESS The function completed successfully.

EFI_NO_MAPPING

The

AppHandle parameter is not or is no longer a valid

application instance handle associated with the EFI_BIS protocol.

EFI_OUT_OF_RESOURCES The function failed due to lack of memory or other resources.

EFI_DEVICE_ERROR The function encountered an unexpected internal error in a

cryptographic software module.

EFI_SECURITY_VIOLATION

The signed manifest supplied as the

RequestCredential

parameter was invalid (could not be parsed),

or

The signed manifest supplied as the

RequestCredential

parameter failed to verify using the installed Boot Object

Authorization Certificate or the signer’s Certificate in

RequestCredential,

or

Platform-specific authorization failed,

or

continued

previous next