5 boot integrity services protocol, Efi_bis_protocol, Boot – Intel Extensible Firmware Interface User Manual
Page 675: Integrity services protocol
Protocols — Network Support
Version 1.10
12/01/02
15-69
15.5 Boot Integrity Services Protocol
This chapter defines the Boot Integrity Services (BIS) protocol, which is used to check a digital
signature of a data block against a digital certificate for the purpose of an integrity and
authorization check. BIS is primarily used by the Preboot Execution Environment (PXE) Base
Code protocol
to check downloaded network boot images
before executing them. BIS is an EFI Boot Services Driver, so its services are also available to EFI
Applications until the time of
. More information about BIS can be
found in the Boot Integrity Services Application Programming Interface Version 1.0.
This section defines the Boot Integrity Services Protocol. This protocol is used to check a digital
signature of a data block against a digital certificate for the purpose of an integrity and
authorization check.
EFI_BIS_PROTOCOL
Summary
The
EFI_BIS_PROTOCOL
is used to check a digital signature of a data block against a digital
certificate for the purpose of an integrity and authorization check.
GUID
#define EFI_BIS_PROTOCOL_GUID
\
{0x0b64aab0,0x5429,0x11d4,0x98,0x16,0x00,0xa0,0xc9,0x1f,0xad,0xcf}
Protocol Interface Structure
typedef struct _EFI_BIS_PROTOCOL {
EFI_BIS_INITIALIZE
Initialize;
EFI_BIS_SHUTDOWN
Shutdown;
EFI_BIS_FREE
Free;
EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE
GetBootObjectAuthorizationCertificate;
EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG
GetBootObjectAuthorizationCheckFlag;
EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN
GetBootObjectAuthorizationUpdateToken;
EFI_BIS_GET_SIGNATURE_INFO
GetSignatureInfo;
EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION
UpdateBootObjectAuthorization;
EFI_BIS_VERIFY_BOOT_OBJECT
VerifyBootObject;
EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL
VerifyObjectWithCredential;
} EFI_BIS_PROTOCOL;