Intel Extensible Firmware Interface User Manual

Protocols

— Network Support

Version 1.10

12/01/02

15-89

The left-hand string must appear exactly as shown. The right-hand string must be a unique GUID
for every manifest file created. The Win32 function UuidCreate() can be used for this on Win32
systems. The GUID is a binary value that must be base-64 encoded. Base-64 is a simple
encoding scheme for representing binary values that uses only printing characters. Base-64
encoding is described in [BASE-64].

Name: memory:UpdateRequestParameters

This identifies the manifest section that carries a dummy zero-length data object serving as the
collection point for the attribute values appearing later in this manifest section (lines prefixed
with “

X-Intel-BIS-

”). The string “

memory:UpdateRequestParameters

” must

appear exactly as shown.

Digest-Algorithms: SHA-1

This enumerates the digest algorithms for which integrity data is included for the data object.
These are required even though the data object is zero-length. For systems with DSA signing,
SHA-1 hash, and 1024-bit key length, the digest algorithm must be “

SHA-1

.” For systems with

RSA signing, MD5 hash, and 512-bit key length, the digest algorithm must be “

MD5

.” Multiple

algorithms can be specified as a whitespace-separated list. For every digest algorithm

XXX

listed,

there must also be a corresponding

XXX-Digest

line.

SHA-1-Digest: (base-64 representation of a SHA-1 digest of zero-length
buffer)

Gives the corresponding digest value for the dummy zero-length data object. The value is base-
64 encoded. Note that for both MD5 and SHA-1, the digest value for a zero-length data object is
not zero.

X-Intel-BIS-ParameterSet: (base-64 representation of
BootObjectAuthorizationSetGUID)

A named attribute value that distinguishes updates of BIS parameters from updates of other
parameters. The left-hand attribute-name keyword must appear exactly as shown. The GUID
value for the right-hand side is always the same, and can be found under the preprocessor symbol

BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE

. The representation inserted into

the manifest is base-64 encoded.

Note the “

X-Intel-BIS-

” prefix on this and the following attributes. The “

X-

” part of the

prefix was chosen to avoid collisions with future reserved keywords defined by future versions of
the signed manifest specification. The “

Intel-BIS-

” part of the prefix was chosen to avoid

collisions with other user-defined attribute names within the user-defined attribute name space.

X-Intel-BIS-ParameterSetToken: (base-64 representation of the current
update token)

A named attribute value that makes this update of BIS parameters different from any other on the
same target platform. The left-hand attribute-name keyword must appear exactly as shown. The
value for the right-hand side is generally different for each update-request manifest generated.
The value to be base-64 encoded is retrieved through the functions

GetBootObjectAuthorizationUpdateToken()

or

UpdateBootObjectAuthorization()

.

X-Intel-BIS-ParameterId: (base-64 representation of
“BootObjectAuthorizationCertificate” or
“BootAuthorizationCheckFlag”)