beautypg.com

Intel Extensible Firmware Interface User Manual

Page 690

background image

Extensible Firmware Interface Specification

15-84

12/01/02

Version 1.10

//*******************************************************
// BIS_CERT_ID
//*******************************************************
typedef UINT32 BIS_CERT_ID;

This type represents a shortened value that identifies the platform’s currently configured Boot
Object Authorization Certificate. The value is the first four bytes, in “little-endian” order, of the
SHA-1 hash of the certificate, except that the most-significant bits of the second and third bytes
are reserved, and must be set to zero regardless of the outcome of the hash function. This type is
included in the array of values returned from the

GetSignatureInfo()

function to indicate

the required source of a signature for a boot object or a configuration update request. There are a
few predefined reserved values with special meanings as described below.

//*******************************************************
// BIS_CERT_ID predefined values
// Currently defined values for EFI_BIS_SIGNATURE_INFO.
// CertificateId.
//*******************************************************

#define BIS_CERT_ID_DSA BIS_ALG_DSA //CSSM_ALGID_DSA
#define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 //CSSM_ALGID_MD5_WITH_RSA

These C preprocessor symbols provide values for the

BIS_CERT_ID

type. These values are

used when the platform has no configured Boot Object Authorization Certificate. They indicate
the signature algorithm that is supported by the platform. Users must be careful to avoid
constructing Boot Object Authorization Certificates that transform to

BIS_CERT_ID

values that

collide with these predefined values or with the

BIS_CERT_ID

values of other Boot Object

Authorization Certificates they use.

//*******************************************************
// BIS_CERT_ID_MASK
// The following is a mask value that gets applied to the
// truncated hash of a platform Boot Object Authorization
// Certificate to create the CertificateId. A CertificateId
// must not have any bits set to the value 1 other than bits in
// this mask.
//*******************************************************
#define BIS_CERT_ID_MASK (0xFF7F7FFF)

This C preprocessor symbol may be used as a bit-wise “AND” value to transform the first four
bytes (in little-endian order) of a SHA-1 hash of a certificate into a certificate ID with the
“reserved” bits properly set to zero.

See also other documents in the category Intel Hardware: