Intel Extensible Firmware Interface User Manual
Page 696
Extensible Firmware Interface Specification
15-90
12/01/02
Version 1.10
A named attribute value that indicates which BIS parameter is to be updated. The left-hand
attribute-name keyword must appear exactly as shown. The value for the right-hand side is the
base-64 encoded representation of one of the two strings shown.
X-Intel-BIS-ParameterValue: (base-64 representation of
certificate or
single-byte boolean flag)
A named attribute value that indicates the new value to be set for the indicated parameter. The
left-hand attribute-name keyword must appear exactly as shown. The value for the right-hand
side is the appropriate base-64 encoded new value to be set. In the case of the Boot Object
Authorization Certificate, the value is the new digital certificate raw data. A zero-length value
removes the certificate altogether. In the case of the Boot Authorization Check Flag, the value is
a single-byte boolean value, where a nonzero value “turns on” the check and a zero value “turns
off” the check.
//**********************************************************
// Signer’s Information File Example
//**********************************************************
The signer’s information file must include a section whose name matches the reserved data object
section name of the section in the Manifest file. This section in the signer’s information file
carries the integrity data for the attributes in the corresponding section in the manifest file. An
example signer’s information file is shown below.
Signature-Version: 2.0
SignerInformationPersistentId: (base-64 representation of a unique
GUID)
SignerInformationName: BIS_UpdateManifestSignerInfoName
Name: memory:UpdateRequestParameters
Digest-Algorithms: SHA-1
SHA-1-Digest: (base-64 representation of a SHA-1 digest of the
corresponding manifest section)
A line-by-line description of this signer’s information file is as follows.
Signature-Version: 2.0
This is a standard header line that all signed manifests have. It must appear exactly as shown.
SignerInformationPersistentId: (base-64 representation of a unique
GUID)
The left-hand string must appear exactly as shown. The right-hand string must be a unique GUID
for every signer’s information file created. The Win32 function UuidCreate() can be used for this
on Win32 systems. The GUID is a binary value that must be base-64 encoded. Base-64 is a
simple encoding scheme for representing binary values that uses only printing characters. Base-
64 encoding is described in [BASE-64].
SignerInformationName: BIS_UpdateManifestSignerInfoName
The left-hand string must appear exactly as shown. The right-hand string must appear exactly as
shown.
Name: memory:UpdateRequestParameters