[efi] Add definitions for the UEFI shim lock protocol

The UEFI shim includes a "shim lock protocol" that can be used by a
third party second stage loader such as GRUB to verify a kernel image.

Add definitions for the relevant portions of this protocol interface.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/include/ipxe/efi/Protocol/ShimLock.h b/src/include/ipxe/efi/Protocol/ShimLock.h
new file mode 100644 (file)
index 0000000..b313651
--- /dev/null
+++ b/src/include/ipxe/efi/Protocol/ShimLock.h
@@ -0,0 +1,31 @@
+#ifndef _IPXE_EFI_SHIM_LOCK_PROTOCOL_H
+#define _IPXE_EFI_SHIM_LOCK_PROTOCOL_H
+
+/** @file
+ *
+ * EFI "shim lock" protocol
+ *
+ */
+
+FILE_LICENCE ( BSD3 );
+
+#define EFI_SHIM_LOCK_PROTOCOL_GUID                                    \
+       { 0x605dab50, 0xe046, 0x4300,                                   \
+       { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } }
+
+#define SHIMAPI __asmcall
+
+typedef
+EFI_STATUS SHIMAPI
+(*EFI_SHIM_LOCK_VERIFY) (
+  IN VOID *buffer,
+  IN UINT32 size
+  );
+
+typedef struct _EFI_SHIM_LOCK_PROTOCOL {
+  EFI_SHIM_LOCK_VERIFY Verify;
+  VOID *Reserved1;
+  VOID *Reserved2;
+} EFI_SHIM_LOCK_PROTOCOL;
+
+#endif /*_IPXE_EFI_SHIM_LOCK_PROTOCOL_H */

diff --git a/src/include/ipxe/efi/efi.h b/src/include/ipxe/efi/efi.h
index 1dd0d44538031e14781964798e9f330572fc9d22..e0e2db60843de9b1d4c1f50cb67aee5a06c926fd 100644 (file)
--- a/src/include/ipxe/efi/efi.h
+++ b/src/include/ipxe/efi/efi.h
@@ -197,6 +197,7 @@ extern EFI_GUID efi_pci_io_protocol_guid;
 extern EFI_GUID efi_pci_root_bridge_io_protocol_guid;
 extern EFI_GUID efi_pxe_base_code_protocol_guid;
 extern EFI_GUID efi_serial_io_protocol_guid;
+extern EFI_GUID efi_shim_lock_protocol_guid;
 extern EFI_GUID efi_simple_file_system_protocol_guid;
 extern EFI_GUID efi_simple_network_protocol_guid;
 extern EFI_GUID efi_simple_pointer_protocol_guid;

diff --git a/src/interface/efi/efi_debug.c b/src/interface/efi/efi_debug.c
index 967bb6182dc46df0289ab548829078e8d3a752fb..02cbf9fa4f1569e2663b55851347d2b43e2465e7 100644 (file)
--- a/src/interface/efi/efi_debug.c
+++ b/src/interface/efi/efi_debug.c
@@ -143,6 +143,8 @@ static struct efi_well_known_guid efi_well_known_guids[] = {
          "PxeBaseCode" },
        { &efi_serial_io_protocol_guid,
          "SerialIo" },
+       { &efi_shim_lock_protocol_guid,
+         "ShimLock" },
        { &efi_simple_file_system_protocol_guid,
          "SimpleFileSystem" },
        { &efi_simple_network_protocol_guid,

diff --git a/src/interface/efi/efi_guid.c b/src/interface/efi/efi_guid.c
index 663585dc29ebead93999e898239bdc87bc725d77..25c342ffb70fc48f4b3dc6b0388f7eea514f150a 100644 (file)
--- a/src/interface/efi/efi_guid.c
+++ b/src/interface/efi/efi_guid.c
@@ -54,6 +54,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/efi/Protocol/PciRootBridgeIo.h>
 #include <ipxe/efi/Protocol/PxeBaseCode.h>
 #include <ipxe/efi/Protocol/SerialIo.h>
+#include <ipxe/efi/Protocol/ShimLock.h>
 #include <ipxe/efi/Protocol/SimpleFileSystem.h>
 #include <ipxe/efi/Protocol/SimpleNetwork.h>
 #include <ipxe/efi/Protocol/SimplePointer.h>
@@ -227,6 +228,10 @@ EFI_GUID efi_pxe_base_code_protocol_guid
 EFI_GUID efi_serial_io_protocol_guid
        = EFI_SERIAL_IO_PROTOCOL_GUID;
 
+/** Shim lock protocol GUID */
+EFI_GUID efi_shim_lock_protocol_guid
+       = EFI_SHIM_LOCK_PROTOCOL_GUID;
+
 /** Simple file system protocol GUID */
 EFI_GUID efi_simple_file_system_protocol_guid
        = EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID;