beautypg.com

Description, Status codes returned – Intel Extensible Firmware Interface User Manual

Page 698

background image

Extensible Firmware Interface Specification

15-92

12/01/02

Version 1.10

So for example with a signer’s information file name of “myinfo.SF,” the corresponding DSA
signature block file name would be “myinfo.DSA.”

The format of a signature block file is defined in [PKCS].

//**********************************************************
// “X-Intel-BIS-ParameterSet” Attribute value
// Binary Value of “X-Intel-BIS-ParameterSet” Attribute.
// (Value is Base-64 encoded in actual signed manifest).
//**********************************************************

#define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUID \

{0xedd35e31,0x7b9,0x11d2,0x83,0xa3,0x0,0xa0,0xc9,0x1f,0xad,0xcf}

This preprocessor symbol gives the value for an attribute inserted in signed manifests to
distinguish updates of BIS parameters from updates of other parameters. The representation
inserted into the manifest is base-64 encoded.

Description

This function updates one of the configurable parameters of the Boot Object Authorization set
(Boot Object Authorization Certificate or Boot Authorization Check Flag). It passes back a new
unique update token that must be included in the request credential for the next update of any
parameter in the Boot Object Authorization set. The token value is unique to this platform,
parameter set, and instance of parameter values. In particular, the token changes to a new unique
value whenever any parameter in this set is changed.

Status Codes Returned

EFI_SUCCESS

The function completed successfully.

EFI_NO_MAPPING

The

AppHandle

parameter is not or is no longer a valid

application instance handle associated with the EFI_BIS protocol.

EFI_OUT_OF_RESOURCES

The function failed due to lack of memory or other resources.

EFI_DEVICE_ERROR

The function encountered an unexpected internal error in a
cryptographic software module.

EFI_SECURITY_VIOLATION

The signed manifest supplied as the

RequestCredential

parameter was invalid (could not be parsed),
or
The signed manifest supplied as the

RequestCredential

parameter failed to verify using the installed Boot Object
Authorization Certificate or the signer’s Certificate in

RequestCredential

,

or
Platform-specific authorization failed,
or

continued

See also other documents in the category Intel Hardware: