Intel Extensible Firmware Interface User Manual
Page 705
Protocols
— Network Support
Version 1.10
12/01/02
15-99
Description
This function verifies the integrity and authorization of the indicated data object according to the
indicated credentials. The rules for successful verification depend on whether or not a Boot
Authorization Check is currently required on this platform.
If a Boot Authorization Check is not currently required on this platform, no authorization check is
performed. However, the following rules are applied for an integrity check:
• In this case, the credentials are optional. If they are not supplied (
Credentials.Data
is
NULL
), no integrity check is performed, and the function returns immediately with a “success”
indication and
IsVerified
is
TRUE
.
• If the credentials are supplied (
Credentials.Data
is other than
NULL
), integrity checks
are performed as follows:
Verify the credentials – The credentials parameter is a valid signed Manifest, with a single
signer. The signer’s identity is included in the credential as a certificate.
Verify the data object – The Manifest must contain a section named
“
memory:BootObject
,” with associated verification information (in other words, hash
value). The hash value from this Manifest section must match the hash value computed
over the specified
DataObject
data.
If these checks succeed, the function returns with a “success” indication and
IsVerified
is
TRUE
. Otherwise,
IsVerified
is
FALSE
and the function returns
with a “security violation” indication.
If a Boot Authorization Check is currently required on this platform, authorization and integrity
checks are performed. The integrity check is the same as in the case above, except that it is
required. The following rules are applied:
• Verify the credentials – The credentials parameter is required in this case
(
Credentials.Data
must be other than
NULL
). The credentials parameter is a valid
Signed Manifest, with a single signer. The signer’s identity is included in the credential as a
certificate.
• Verify the data object – The Manifest must contain a section named
“
memory:BootObject
,” with associated verification information (in other words, hash
value). The hash value from this Manifest section must match the hash value computed over
the specified
DataObject
data.
• Do Authorization check – This happens one of two ways depending on whether or not the
platform currently has a Boot Object Authorization Certificate configured.
If a Boot Object Authorization Certificate is not currently configured, this function
interacts with the user in a platform-specific way to determine whether the operation
should succeed.
If a Boot Object Authorization Certificate is currently configured, this function uses the
Boot Object Authorization Certificate to determine whether the operation should succeed.
The public key certified by the signer’s certificate must match the public key in the Boot
Object Authorization Certificate configured for this platform. The match must be direct,
that is, the signature authority cannot be delegated along a certificate chain.