MdeModulePkg[all]  0.98
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
SecurityManagementLib.h File Reference




typedef IN CONST
typedef IN CONST
typedef IN CONST
typedef IN CONST


EFI_STATUS EFIAPI RegisterSecurityHandler (IN SECURITY_FILE_AUTHENTICATION_STATE_HANDLER SecurityHandler, IN UINT32 AuthenticationOperation)
EFI_STATUS EFIAPI ExecuteSecurityHandlers (IN UINT32 AuthenticationStatus, IN CONST EFI_DEVICE_PATH_PROTOCOL *FilePath)
EFI_STATUS EFIAPI RegisterSecurity2Handler (IN SECURITY2_FILE_AUTHENTICATION_HANDLER Security2Handler, IN UINT32 AuthenticationOperation)
EFI_STATUS EFIAPI ExecuteSecurity2Handlers (IN UINT32 AuthenticationOperation, IN UINT32 AuthenticationStatus, IN CONST EFI_DEVICE_PATH_PROTOCOL *File, IN VOID *FileBuffer, IN UINTN FileSize, IN BOOLEAN BootPolicy)

Detailed Description

This library class defines a set of interfaces to abstract the policy of security measurement by managing the different security measurement services. The library instances can be implemented according to the different security policy.

Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent

Macro Definition Documentation


Image buffer is required by the security handler.


Typedef Documentation


The security handler is used to abstract platform-specific policy from the DXE core response to an attempt to use a file that returns a given status for the authentication check from the section extraction protocol.

The possible responses in a given SAP implementation may include locking flash upon failure to authenticate, attestation logging for all signed drivers, and other exception operations. The File parameter allows for possible logging within the SAP of the driver.

If File is NULL, then EFI_INVALID_PARAMETER is returned.

If the file specified by File with an authentication status specified by AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.

If the file specified by File with an authentication status specified by AuthenticationStatus is not safe for the DXE Core to use under any circumstances, then EFI_ACCESS_DENIED is returned.

If the file specified by File with an authentication status specified by AuthenticationStatus is not safe for the DXE Core to use at the time, but it might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is returned.

FileBuffer will be NULL and FileSize will be 0 if the handler being called did not set EFI_AUTH_OPERATION_IMAGE_REQUIRED when it was registered.

[in]AuthenticationStatusThe authentication status returned from the security measurement services for the input file.
[in]FileThe pointer to the device path of the file that is being dispatched. This will optionally be used for logging.
[in]FileBufferThe file buffer matches the input file device path.
[in]FileSizeThe size of File buffer matches the input file device path.
Return values
EFI_SUCCESSThe file specified by File did authenticate, and the platform policy dictates that the DXE Core may use File.
EFI_SECURITY_VIOLATIONThe file specified by File did not authenticate, and the platform policy dictates that File should be placed in the untrusted state. A file may be promoted from the untrusted to the trusted state at a future time with a call to the Trust() DXE Service.
EFI_ACCESS_DENIEDThe file specified by File did not authenticate, and the platform policy dictates that File should not be used for any purpose.

Function Documentation


The security handler is used to abstracts security-specific functions from the DXE Foundation of UEFI Image Verification, Trusted Computing Group (TCG) measured boot, User Identity policy for image loading and consoles, and for purposes of handling GUIDed section encapsulations.

[in]AuthenticationStatusThe authentication status for the input file.
[in]FileThe pointer to the device path of the file that is being dispatched. This will optionally be used for logging.
[in]FileBufferA pointer to the buffer with the UEFI file image
[in]FileSizeThe size of File buffer.
[in]BootPolicyA boot policy that was used to call LoadImage() UEFI service.
Return values
EFI_SUCCESSThe file specified by DevicePath and non-NULL FileBuffer did authenticate, and the platform policy dictates that the DXE Foundation may use the file.
EFI_SUCCESSThe device path specified by NULL device path DevicePath and non-NULL FileBuffer did authenticate, and the platform policy dictates that the DXE Foundation may execute the image in FileBuffer.
EFI_SUCCESSFileBuffer is NULL and current user has permission to start UEFI device drivers on the device path specified by DevicePath.
EFI_SECURITY_VIOLATIONThe file specified by DevicePath and FileBuffer did not authenticate, and the platform policy dictates that the file should be placed in the untrusted state. The image has been added to the file execution table.
EFI_ACCESS_DENIEDThe file specified by File and FileBuffer did not authenticate, and the platform policy dictates that the DXE Foundation may not use File.
EFI_SECURITY_VIOLATIONFileBuffer is NULL and the user has no permission to start UEFI device drivers on the device path specified by DevicePath.
EFI_SECURITY_VIOLATIONFileBuffer is not NULL and the user has no permission to load drivers from the device path specified by DevicePath. The image has been added into the list of the deferred images.

Finds next variable in storage blocks of volatile and non-volatile storage areas.

This code finds next variable in storage blocks of volatile and non-volatile storage areas. If VariableName is an empty string, then we just return the first qualified variable without comparing VariableName and VendorGuid.

[in]VariableNameName of the variable to be found.
[in]VendorGuidVariable vendor GUID to be found.
[out]AuthVariableInfoPointer to AUTH_VARIABLE_INFO structure for output of the next variable.
Return values
EFI_INVALID_PARAMETERIf VariableName is not an empty string, while VendorGuid is NULL.
EFI_SUCCESSVariable successfully found.
EFI_NOT_FOUNDVariable not found

Update the variable region with Variable information.

[in]AuthVariableInfoPointer AUTH_VARIABLE_INFO structure for input of the variable.
Return values
EFI_SUCCESSThe update operation is success.
EFI_WRITE_PROTECTEDVariable is write-protected.
EFI_OUT_OF_RESOURCESThere is not enough resource.

Get scratch buffer.

[in,out]ScratchBufferSizeScratch buffer size. If input size is greater than the maximum supported buffer size, this value contains the maximum supported buffer size as output.
[out]ScratchBufferPointer to scratch buffer address.
Return values
EFI_SUCCESSGet scratch buffer successfully.
EFI_UNSUPPORTEDIf input size is greater than the maximum supported buffer size.

Sends an NVM Express Command Packet to an NVM Express controller or namespace. This function only supports blocking execution of the command.

[in]ThisThe PPI instance pointer.
[in]NamespaceIdIs a 32 bit Namespace ID to which the Nvm Express command packet will be sent. A Value of 0 denotes the NVM Express controller, a Value of all 0FFh in the namespace ID specifies that the command packet should be sent to all valid namespaces.
[in,out]PacketA pointer to the EDKII PEI NVM Express PassThru Command Packet to send to the NVMe namespace specified by NamespaceId.
Return values
EFI_SUCCESSThe EDKII PEI NVM Express Command Packet was sent by the host. TransferLength bytes were transferred to, or from DataBuffer.
EFI_NOT_READYThe EDKII PEI NVM Express Command Packet could not be sent because the controller is not ready. The caller may retry again later.
EFI_DEVICE_ERRORA device error occurred while attempting to send the EDKII PEI NVM Express Command Packet.
EFI_INVALID_PARAMETERNamespace, or the contents of EDKII_PEI_NVM_EXPRESS_PASS_THRU_COMMAND_PACKET are invalid. The EDKII PEI NVM Express Command Packet was not sent, so no additional status information is available.
EFI_UNSUPPORTEDThe command described by the EDKII PEI NVM Express Command Packet is not supported by the host adapter. The EDKII PEI NVM Express Command Packet was not sent, so no additional status information is available.
EFI_TIMEOUTA timeout occurred while waiting for the EDKII PEI NVM Express Command Packet to execute.

Get the device path of NVM Express host controller.

[in]ThisThe PPI instance pointer.
[in]ControllerIdThe ID of the NVM Express host controller.
[out]DevicePathLengthThe length of the device path in bytes specified by DevicePath.
[out]DevicePathThe device path of NVM Express host controller. This field re-uses EFI Device Path Protocol as defined by Section 10.2 EFI Device Path Protocol of UEFI 2.7 Specification.
Return values
EFI_SUCCESSThe operation succeeds.
EFI_INVALID_PARAMETERThe parameters are invalid.
EFI_NOT_FOUNDThe specified NVM Express host controller not found.
EFI_OUT_OF_RESOURCESThe operation fails due to lack of resources.

Get the device path of ATA AHCI host controller.

[in]ThisThe PPI instance pointer.
[in]ControllerIdThe ID of the ATA AHCI host controller.
[out]DevicePathLengthThe length of the device path in bytes specified by DevicePath.
[out]DevicePathThe device path of ATA AHCI host controller. This field re-uses EFI Device Path Protocol as defined by Section 10.2 EFI Device Path Protocol of UEFI 2.7 Specification.
Return values
EFI_SUCCESSThe operation succeeds.
EFI_INVALID_PARAMETERThe parameters are invalid.
EFI_NOT_FOUNDThe specified ATA AHCI host controller not found.
EFI_OUT_OF_RESOURCESThe operation fails due to lack of resources.

Used to retrieve the list of legal port numbers for ATA devices on an ATA controller. These can either be the list of ports where ATA devices are actually present or the list of legal port numbers for the ATA controller. Regardless, the caller of this function must probe the port number returned to see if an ATA device is actually present at that location on the ATA controller.

The GetNextPort() function retrieves the port number on an ATA controller. If on input Port is 0xFFFF, then the port number of the first port on the ATA controller is returned in Port and EFI_SUCCESS is returned.

If Port is a port number that was returned on a previous call to GetNextPort(), then the port number of the next port on the ATA controller is returned in Port, and EFI_SUCCESS is returned. If Port is not 0xFFFF and Port was not returned on a previous call to GetNextPort(), then EFI_INVALID_PARAMETER is returned.

If Port is the port number of the last port on the ATA controller, then EFI_NOT_FOUND is returned.

[in]ThisThe PPI instance pointer.
[in,out]PortOn input, a pointer to the port number on the ATA controller. On output, a pointer to the next port number on the ATA controller. An input value of 0xFFFF retrieves the first port number on the ATA controller.
Return values
EFI_SUCCESSThe next port number on the ATA controller was returned in Port.
EFI_NOT_FOUNDThere are no more ports on this ATA controller.
EFI_INVALID_PARAMETERPort is not 0xFFFF and Port was not returned on a previous call to GetNextPort().

Used to retrieve the list of legal port multiplier port numbers for ATA devices on a port of an ATA controller. These can either be the list of port multiplier ports where ATA devices are actually present on port or the list of legal port multiplier ports on that port. Regardless, the caller of this function must probe the port number and port multiplier port number returned to see if an ATA device is actually present.

The GetNextDevice() function retrieves the port multiplier port number of an ATA device present on a port of an ATA controller.

If PortMultiplierPort points to a port multiplier port number value that was returned on a previous call to GetNextDevice(), then the port multiplier port number of the next ATA device on the port of the ATA controller is returned in PortMultiplierPort, and EFI_SUCCESS is returned.

If PortMultiplierPort points to 0xFFFF, then the port multiplier port number of the first ATA device on port of the ATA controller is returned in PortMultiplierPort and EFI_SUCCESS is returned.

If PortMultiplierPort is not 0xFFFF and the value pointed to by PortMultiplierPort was not returned on a previous call to GetNextDevice(), then EFI_INVALID_PARAMETER is returned.

If PortMultiplierPort is the port multiplier port number of the last ATA device on the port of the ATA controller, then EFI_NOT_FOUND is returned.

[in]ThisThe PPI instance pointer.
[in]PortThe port number present on the ATA controller.
[in,out]PortMultiplierPortOn input, a pointer to the port multiplier port number of an ATA device present on the ATA controller. If on input a PortMultiplierPort of 0xFFFF is specified, then the port multiplier port number of the first ATA device is returned. On output, a pointer to the port multiplier port number of the next ATA device present on an ATA controller.
Return values
EFI_SUCCESSThe port multiplier port number of the next ATA device on the port of the ATA controller was returned in PortMultiplierPort.
EFI_NOT_FOUNDThere are no more ATA devices on this port of the ATA controller.
EFI_INVALID_PARAMETERPortMultiplierPort is not 0xFFFF, and PortMultiplierPort was not returned on a previous call to GetNextDevice().

Gets the device path information of the underlying ATA host controller.

[in]ThisThe PPI instance pointer.
[out]DevicePathLengthThe length of the device path in bytes specified by DevicePath.
[out]DevicePathThe device path of the underlying ATA host controller. This field re-uses EFI Device Path Protocol as defined by Section 10.2 EFI Device Path Protocol of UEFI 2.7 Specification.
Return values
EFI_SUCCESSThe device path of the ATA host controller has been successfully returned.
EFI_INVALID_PARAMETERDevicePathLength or DevicePath is NULL.
EFI_OUT_OF_RESOURCESNot enough resource to return the device path.

Gets the device path of a specific storage security device.

[in]ThisThe PPI instance pointer.
[in]DeviceIndexSpecifies the storage security device to which the function wants to talk. Because the driver that implements Storage Security Command PPIs will manage multiple storage devices, the PPIs that want to talk to a single device must specify the device index that was assigned during the enumeration process. This index is a number from one to NumberofDevices.
[out]DevicePathLengthThe length of the device path in bytes specified by DevicePath.
[out]DevicePathThe device path of storage security device. This field re-uses EFI Device Path Protocol as defined by Section 10.2 EFI Device Path Protocol of UEFI 2.7 Specification.
Return values
EFI_SUCCESSThe operation succeeds.
EFI_INVALID_PARAMETERDevicePathLength or DevicePath is NULL.
EFI_NOT_FOUNDThe specified storage security device not found.
EFI_OUT_OF_RESOURCESThe operation fails due to lack of resources.

Send a security protocol command to a device that receives data and/or the result of one or more commands sent by SendData.

The ReceiveData function sends a security protocol command to the given DeviceIndex. The security protocol command sent is defined by SecurityProtocolId and contains the security protocol specific data SecurityProtocolSpecificData. The function returns the data from the security protocol command in PayloadBuffer.

For devices supporting the SCSI command set, the security protocol command is sent using the SECURITY PROTOCOL IN command defined in SPC-4.

For devices supporting the ATA command set, the security protocol command is sent using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize is non-zero.

If the PayloadBufferSize is zero, the security protocol command is sent using the Trusted Non-Data command defined in ATA8-ACS.

If PayloadBufferSize is too small to store the available data from the security protocol command, the function shall copy PayloadBufferSize bytes into the PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.

If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, the function shall return EFI_INVALID_PARAMETER.

If the given DeviceIndex does not support security protocol commands, the function shall return EFI_UNSUPPORTED.

If the security protocol fails to complete within the Timeout period, the function shall return EFI_TIMEOUT.

If the security protocol command completes without an error, the function shall return EFI_SUCCESS. If the security protocol command completes with an error, the function shall return EFI_DEVICE_ERROR.

[in]ThisThe PPI instance pointer.
[in]DeviceIndexSpecifies the storage security device to which the function wants to talk. Because the driver that implements Storage Security Command PPIs will manage multiple storage devices, the PPIs that want to talk to a single device must specify the device index that was assigned during the enumeration process. This index is a number from one to NumberofDevices.
[in]TimeoutThe timeout, in 100ns units, to use for the execution of the security protocol command. A Timeout value of 0 means that this function will wait indefinitely for the security protocol command to execute. If Timeout is greater than zero, then this function will return EFI_TIMEOUT if the time required to execute the receive data command is greater than Timeout.
[in]SecurityProtocolIdThe value of the "Security Protocol" parameter of the security protocol command to be sent.
[in]SecurityProtocolSpecificDataThe value of the "Security Protocol Specific" parameter of the security protocol command to be sent.
[in]PayloadBufferSizeSize in bytes of the payload data buffer.
[out]PayloadBufferA pointer to a destination buffer to store the security protocol command specific payload data for the security protocol command. The caller is responsible for having either implicit or explicit ownership of the buffer.
[out]PayloadTransferSizeA pointer to a buffer to store the size in bytes of the data written to the payload data buffer.
Return values
EFI_SUCCESSThe security protocol command completed successfully.
EFI_WARN_BUFFER_TOO_SMALLThe PayloadBufferSize was too small to store the available data from the device. The PayloadBuffer contains the truncated data.
EFI_UNSUPPORTEDThe given DeviceIndex does not support security protocol commands.
EFI_DEVICE_ERRORThe security protocol command completed with an error.
EFI_INVALID_PARAMETERThe PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero.
EFI_TIMEOUTA timeout occurred while waiting for the security protocol command to execute.

Send a security protocol command to a device.

The SendData function sends a security protocol command containing the payload PayloadBuffer to the given DeviceIndex. The security protocol command sent is defined by SecurityProtocolId and contains the security protocol specific data SecurityProtocolSpecificData. If the underlying protocol command requires a specific padding for the command payload, the SendData function shall add padding bytes to the command payload to satisfy the padding requirements.

For devices supporting the SCSI command set, the security protocol command is sent using the SECURITY PROTOCOL OUT command defined in SPC-4.

For devices supporting the ATA command set, the security protocol command is sent using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize is non-zero. If the PayloadBufferSize is zero, the security protocol command is sent using the Trusted Non-Data command defined in ATA8-ACS.

If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall return EFI_INVALID_PARAMETER.

If the given DeviceIndex does not support security protocol commands, the function shall return EFI_UNSUPPORTED.

If the security protocol fails to complete within the Timeout period, the function shall return EFI_TIMEOUT.

If the security protocol command completes without an error, the function shall return EFI_SUCCESS. If the security protocol command completes with an error, the functio shall return EFI_DEVICE_ERROR.

[in]ThisThe PPI instance pointer.
[in]DeviceIndexThe ID of the device.
[in]TimeoutThe timeout, in 100ns units, to use for the execution of the security protocol command. A Timeout value of 0 means that this function will wait indefinitely for the security protocol command to execute. If Timeout is greater than zero, then this function will return EFI_TIMEOUT if the time required to execute the receive data command is greater than Timeout.
[in]SecurityProtocolIdThe value of the "Security Protocol" parameter of the security protocol command to be sent.
[in]SecurityProtocolSpecificDataThe value of the "Security Protocol Specific" parameter of the security protocol command to be sent.
[in]PayloadBufferSizeSize in bytes of the payload data buffer.
[in]PayloadBufferA pointer to a destination buffer to store the security protocol command specific payload data for the security protocol command.
Return values
EFI_SUCCESSThe security protocol command completed successfully.
EFI_UNSUPPORTEDThe given DeviceIndex does not support security protocol commands.
EFI_DEVICE_ERRORThe security protocol command completed with an error.
EFI_INVALID_PARAMETERThe PayloadBuffer is NULL and PayloadBufferSize is non-zero.
EFI_TIMEOUTA timeout occurred while waiting for the security protocol command to execute.

Clears any system state that was created in response to the Active call.

PeiServicesGeneral purpose services available to every PEIM.
ThisThe PEI_SMM_CONTROL_PPI instance.
PeriodicOptional parameter to repeat at this period one time or, if the Periodic Boolean is set, periodically.
Return values
EFI_SUCCESSThe SMI/PMI has been engendered.
EFI_DEVICE_ERRORThe source could not be cleared.
EFI_INVALID_PARAMETERThe service did not support the Periodic input argument.

This function is called by SmmChildDispatcher module to report an existing SMI handler is unregistered, to SmmCore.

ThisThe protocol instance
HandlerGuidThe GUID to identify the type of the handler. For the SmmChildDispatch protocol, the HandlerGuid must be the GUID of SmmChildDispatch protocol.
HandlerThe SMI handler.
ContextThe context of the SMI handler. If it is NOT NULL, it will be used to check what is registered.
ContextSizeThe size of the context in bytes. If Context is NOT NULL, it will be used to check what is registered.
Return values
EFI_SUCCESSThe original record is removed.
EFI_NOT_FOUNDThere is no record for the HandlerGuid and handler.

Set memory profile recording state.

[in]RecordingStateRecording state.
EFI_SUCCESS Set memory profile recording state successfully.
EFI_UNSUPPORTED Memory profile is unsupported.

Record memory profile of multilevel caller.

[in]CallerAddressAddress of caller.
[in]ActionMemory profile action.
[in]MemoryTypeMemory type. EfiMaxMemoryType means the MemoryType is unknown.
[in]BufferBuffer address.
[in]SizeBuffer size.
[in]ActionStringString for memory profile action. Only needed for user defined allocate action.
EFI_SUCCESS Memory profile is updated.
EFI_UNSUPPORTED Memory profile is unsupported, or memory profile for the image is not required, or memory profile for the memory type is not required.
EFI_ACCESS_DENIED It is during memory profile data getting.
EFI_ABORTED Memory profile recording is not enabled.
EFI_OUT_OF_RESOURCES No enough resource to update memory profile for allocate action.
EFI_NOT_FOUND No matched allocate info found for free action.

Variable property set. Variable driver will do check according to the VariableProperty before really setting the variable into variable storage.

[in]NamePointer to the variable name.
[in]GuidPointer to the vendor GUID.
[in]VariablePropertyPointer to the input variable property.
Return values
EFI_SUCCESSThe property of variable specified by the Name and Guid was set successfully.
EFI_INVALID_PARAMETERName, Guid or VariableProperty is NULL, or Name is an empty string, or the fields of VariableProperty are not valid.
EFI_OUT_OF_RESOURCESThere is not enough resource for the variable property set request.

Variable property get.

[in]NamePointer to the variable name.
[in]GuidPointer to the vendor GUID.
[out]VariablePropertyPointer to the output variable property.
Return values
EFI_SUCCESSThe property of variable specified by the Name and Guid was got successfully.
EFI_INVALID_PARAMETERName, Guid or VariableProperty is NULL, or Name is an empty string.
EFI_NOT_FOUNDThe property of variable specified by the Name and Guid was not found.

Allows platform protocol to override host controller information

[in]ControllerHandleHandle of the UFS controller.
[in,out]HcInfoPointer EDKII_UFS_HC_INFO associated with host controller.
Return values
EFI_SUCCESSFunction completed successfully.
OthersFunction failed to complete.

Callback function for platform driver.

[in]ControllerHandleHandle of the UFS controller.
[in]CallbackPhaseSpecifies when the platform protocol is called
[in,out]CallbackDataData specific to the callback phase. For PreHce and PostHce - EDKII_UFS_HC_DRIVER_INTERFACE. For PreLinkStartup and PostLinkStartup - EDKII_UFS_HC_DRIVER_INTERFACE.
Return values
EFI_SUCCESSOverride function completed successfully.
EFI_INVALID_PARAMETERCallbackPhase is invalid or CallbackData is NULL when phase expects valid data.
OthersFunction failed to complete.

Unregister a PE/COFF image that has been registered with the emulator. This should be done before the image is unloaded from memory.

[in]ThisThis pointer for EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL structure
[in]ImageBaseThe base address in memory of the PE/COFF image
Return values
EFI_SUCCESSThe image was unregistered with the emulator.
otherImage could not be unloaded.

This interface allows you to configure the EBC debug support driver. For example, turn on or off saving and printing of delta VM even if called. Or to even disable the entire interface, in which case all functions become no-ops.

[in]ThisA pointer to the EFI_EBC_SIMPLE_DEBUGGER_PROTOCOL structure.
[in]ConfigIdID to be configured.
[in]ConfigValueValue to be set.
Return values
EFI_UNSUPPORTEDNo support for it.
EFI_SUCCESSConfigure EBC debug.

Override function for SDHCI controller operations

[in]ControllerHandleThe EFI_HANDLE of the controller.
[in]SlotThe 0 based slot index.
[in]PhaseTypeThe type of operation and whether the hook is invoked right before (pre) or right after (post)
[in,out]PhaseDataThe pointer to a phase-specific data.
Return values
EFI_SUCCESSThe override function completed successfully.
EFI_NOT_FOUNDThe specified controller or slot does not exist.

Register the hot key with its browser action, or unregistered the hot key. If the action value is zero, the hot key will be unregistered if it has been registered. If the same hot key has been registered, the new action and help string will override the previous ones.

[in]KeyDataA pointer to a buffer that describes the keystroke information for the hot key. Its type is EFI_INPUT_KEY to be supported by all ConsoleIn devices.
[in]ActionAction value that describes what action will be trigged when the hot key is pressed.
[in]DefaultIdSpecifies the type of defaults to retrieve, which is only for DEFAULT action.
[in]HelpStringHelp string that describes the hot key information. Its value may be NULL for the unregistered hot key.
Return values
EFI_SUCCESSHot key is registered or unregistered.

Convert AsmText to the instruction. This function is only used for test purposes.

[in]ThisA pointer to the EFI_EBC_VM_TEST_PROTOCOL structure.
[in]AsmTextA pointer to EBC ASM text code.
[out]BufferBuffer to store the instruction.
[out]BufferLenSize of buffer that is required to store data.
Return values
EFI_UNSUPPORTEDThis functionality is unsupported.
EFI_SUCCESSSuccessfully convert AsmText to the instruction.

Dump the executed instruction. This function is only used for test purposes.

[in]ThisA pointer to the EFI_EBC_VM_TEST_PROTOCOL structure.
[out]AsmTextContain the disasm text.
[out]BufferBuffer to store the instruction.
[out]BufferLenSize of buffer that is required to store data.
Return values
EFI_UNSUPPORTEDThis functionality is unsupported.
EFI_SUCCESSSuccessfully dump the executed instruction.

Display one form, and return user input.

FormDataForm Data to be shown.
UserInputDataUser input data.
Return values
EFI_SUCCESSForm Data is shown, and user input is got.
EFI_STATUS EFIAPI ExecuteSecurity2Handlers ( IN UINT32  AuthenticationOperation,
IN UINT32  AuthenticationStatus,
IN VOID FileBuffer,
IN UINTN  FileSize,
IN BOOLEAN  BootPolicy 

Execute registered handlers based on input AuthenticationOperation until one returns an error and that error is returned.

If none of the handlers return an error, then EFI_SUCCESS is returned. The handlers those satisfy AuthenticationOperation will only be executed. The handlers are executed in same order to their registered order.

[in]AuthenticationOperationThe operation type specifies which handlers will be executed.
[in]AuthenticationStatusThe authentication status for the input file.
[in]FileThis is a pointer to the device path of the file that is being dispatched. This will optionally be used for logging.
[in]FileBufferA pointer to the buffer with the UEFI file image
[in]FileSizeThe size of File buffer.
[in]BootPolicyA boot policy that was used to call LoadImage() UEFI service.
Return values
EFI_SUCCESSThe file specified by DevicePath and non-NULL FileBuffer did authenticate, and the platform policy dictates that the DXE Foundation may use the file.
EFI_SUCCESSThe device path specified by NULL device path DevicePath and non-NULL FileBuffer did authenticate, and the platform policy dictates that the DXE Foundation may execute the image in FileBuffer.
EFI_SUCCESSFileBuffer is NULL and current user has permission to start UEFI device drivers on the device path specified by DevicePath.
EFI_SECURITY_VIOLATIONThe file specified by DevicePath and FileBuffer did not authenticate, and the platform policy dictates that the file should be placed in the untrusted state. The image has been added to the file execution table.
EFI_ACCESS_DENIEDThe file specified by File and FileBuffer did not authenticate, and the platform policy dictates that the DXE Foundation may not use File.
EFI_SECURITY_VIOLATIONFileBuffer is NULL and the user has no permission to start UEFI device drivers on the device path specified by DevicePath.
EFI_SECURITY_VIOLATIONFileBuffer is not NULL and the user has no permission to load drivers from the device path specified by DevicePath. The image has been added into the list of the deferred images.
EFI_INVALID_PARAMETERFile and FileBuffer are both NULL.
EFI_STATUS EFIAPI ExecuteSecurityHandlers ( IN UINT32  AuthenticationStatus,

Execute registered handlers until one returns an error and that error is returned. If none of the handlers return an error, then EFI_SUCCESS is returned.

Before exectue handler, get the image buffer by file device path if a handler requires the image file. And return the image buffer to each handler when exectue handler.

The handlers are executed in same order to their registered order.

[in]AuthenticationStatusThis is the authentication type returned from the Section Extraction protocol. See the Section Extraction Protocol Specification for details on this type.
[in]FilePathThis is a pointer to the device path of the file that is being dispatched. This will optionally be used for logging.
Return values
EFI_SUCCESSThe file specified by File authenticated when more than one security handler services were registered, or the file did not authenticate when no security handler service was registered. And the platform policy dictates that the DXE Core may use File.
EFI_SECURITY_VIOLATIONThe file specified by File did not authenticate, and the platform policy dictates that File should be placed in the untrusted state. A file may be promoted from the untrusted to the trusted state at a future time with a call to the Trust() DXE Service.
EFI_ACCESS_DENIEDThe file specified by File did not authenticate, and the platform policy dictates that File should not be used for any purpose.
IN UINT32  AuthenticationOperation 

Register security measurement handler with its operation type. Different handlers with the same operation can all be registered.

If SecurityHandler is NULL, then ASSERT(). If no enough resources available to register new handler, then ASSERT(). If AuthenticationOperation is not recongnized, then ASSERT(). If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, then ASSERT(). If the previous register handler can't be executed before the later register handler, then ASSERT().

[in]Security2HandlerThe security measurement service handler to be registered.
[in]AuthenticationOperationThe operation type is specified for the registered handler.
Return values
EFI_SUCCESSThe handlers were registered successfully.
IN UINT32  AuthenticationOperation 

Register security measurement handler with its operation type. Different handlers with the same operation can all be registered.

If SecurityHandler is NULL, then ASSERT(). If no enough resources available to register new handler, then ASSERT(). If AuthenticationOperation is not recongnized, then ASSERT(). If the previous register handler can't be executed before the later register handler, then ASSERT().

[in]SecurityHandlerThe security measurement service handler to be registered.
[in]AuthenticationOperationTheoperation type is specified for the registered handler.
Return values
EFI_SUCCESSThe handlers were registered successfully.