Support User Manuals

Intel Extensible Firmware Interface Network Router User Manual

Open as PDF

of 1084

Extensible Firmware Interface Specification

15-106 12/01/02 Version 1.10

Description

This function verifies the integrity and authorization of the indicated data object according to the

indicated credentials and authority certificate.

Both an integrity check and an authorization check are performed. The rules for a successful

integrity check are:

• Verify the credentials – The credentials parameter is a valid Signed Manifest, with a single

signer. The signer’s identity is included in the credential as a certificate.

• Verify the data object – The Manifest must contain a section with the name as specified by the

SectionName parameter, with associated verification information (in other words, hash

value). The hash value from this Manifest section must match the hash value computed over

the data specified by the DataObject parameter of this function.

The authorization check is optional. It is performed only if the

AuthorityCertificate.Data parameter is other than NULL. If it is other than NULL, the

rules for a successful authorization check are:

• The AuthorityCertificate parameter is a valid digital certificate. There is no

requirement regarding the signer (issuer) of this certificate.

• The public key certified by the signer’s certificate must match the public key in the

AuthorityCertificate. The match must be direct, that is, the signature authority cannot

be delegated along a certificate chain.

If all of the integrity and authorization check rules are met, the function returns with a “success”

indication and IsVerified is TRUE. Otherwise, it returns with a nonzero specific error code and

IsVerified is FALSE.

Status Codes Returned

EFI_SUCCESS The function completed successfully.

EFI_NO_MAPPING

The

AppHandle parameter is not or is no longer a valid

application instance handle associated with the EFI_BIS protocol.

EFI_INVALID_PARAMETER

The

Credentials parameter supplied by the caller is NULL or

an invalid memory reference,

or

The

Credentials.Data parameter supplied by the caller is

NULL or an invalid memory reference,

or

The Credentials.Length supplied by the caller is zero,

or

The DataObject parameter supplied by the caller is NULL or

an invalid memory reference,

or

The

DataObject.Data parameter supplied by the caller is

NULL or an invalid memory reference,

or

continued

previous next