1*12058948SGerd Hoffmann# -*- Mode: Python -*- 2*12058948SGerd Hoffmann# vim: filetype=python 3*12058948SGerd Hoffmann# 4*12058948SGerd Hoffmann 5*12058948SGerd Hoffmann## 6*12058948SGerd Hoffmann# = UEFI Variable Store 7*12058948SGerd Hoffmann# 8*12058948SGerd Hoffmann# The qemu efi variable store implementation (hw/uefi/) uses this to 9*12058948SGerd Hoffmann# store non-volatile variables in json format on disk. 10*12058948SGerd Hoffmann# 11*12058948SGerd Hoffmann# This is an existing format already supported by (at least) two other 12*12058948SGerd Hoffmann# projects, specifically https://gitlab.com/kraxel/virt-firmware and 13*12058948SGerd Hoffmann# https://github.com/awslabs/python-uefivars. 14*12058948SGerd Hoffmann## 15*12058948SGerd Hoffmann 16*12058948SGerd Hoffmann## 17*12058948SGerd Hoffmann# @UefiVariable: 18*12058948SGerd Hoffmann# 19*12058948SGerd Hoffmann# UEFI Variable. Check the UEFI specifification for more detailed 20*12058948SGerd Hoffmann# information on the fields. 21*12058948SGerd Hoffmann# 22*12058948SGerd Hoffmann# @guid: variable namespace GUID 23*12058948SGerd Hoffmann# 24*12058948SGerd Hoffmann# @name: variable name, in UTF-8 encoding. 25*12058948SGerd Hoffmann# 26*12058948SGerd Hoffmann# @attr: variable attributes. 27*12058948SGerd Hoffmann# 28*12058948SGerd Hoffmann# @data: variable value, encoded as hex string. 29*12058948SGerd Hoffmann# 30*12058948SGerd Hoffmann# @time: variable modification time. EFI_TIME struct, encoded as hex 31*12058948SGerd Hoffmann# string. Used only for authenticated variables, where the 32*12058948SGerd Hoffmann# EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute bit 33*12058948SGerd Hoffmann# is set. 34*12058948SGerd Hoffmann# 35*12058948SGerd Hoffmann# @digest: variable certificate digest. Used to verify the signature 36*12058948SGerd Hoffmann# of updates for authenticated variables. UEFI has two kinds of 37*12058948SGerd Hoffmann# authenticated variables. The secure boot variables ('PK', 38*12058948SGerd Hoffmann# 'KEK', 'db' and 'dbx') have hard coded signature checking rules. 39*12058948SGerd Hoffmann# For other authenticated variables the firmware stores a digest 40*12058948SGerd Hoffmann# of the signing certificate at variable creation time, and any 41*12058948SGerd Hoffmann# updates must be signed with the same certificate. 42*12058948SGerd Hoffmann# 43*12058948SGerd Hoffmann# Since: 10.0 44*12058948SGerd Hoffmann## 45*12058948SGerd Hoffmann{ 'struct' : 'UefiVariable', 46*12058948SGerd Hoffmann 'data' : { 'guid' : 'str', 47*12058948SGerd Hoffmann 'name' : 'str', 48*12058948SGerd Hoffmann 'attr' : 'int', 49*12058948SGerd Hoffmann 'data' : 'str', 50*12058948SGerd Hoffmann '*time' : 'str', 51*12058948SGerd Hoffmann '*digest' : 'str'}} 52*12058948SGerd Hoffmann 53*12058948SGerd Hoffmann## 54*12058948SGerd Hoffmann# @UefiVarStore: 55*12058948SGerd Hoffmann# 56*12058948SGerd Hoffmann# @version: currently always 2 57*12058948SGerd Hoffmann# 58*12058948SGerd Hoffmann# @variables: list of UEFI variables 59*12058948SGerd Hoffmann# 60*12058948SGerd Hoffmann# Since: 10.0 61*12058948SGerd Hoffmann## 62*12058948SGerd Hoffmann{ 'struct' : 'UefiVarStore', 63*12058948SGerd Hoffmann 'data' : { 'version' : 'int', 64*12058948SGerd Hoffmann 'variables' : [ 'UefiVariable' ] }} 65