Description, Status codes returned – Intel Extensible Firmware Interface User Manual

Page 712

Advertising
background image

Extensible Firmware Interface Specification

15-106

12/01/02

Version 1.10

Description

This function verifies the integrity and authorization of the indicated data object according to the
indicated credentials and authority certificate.

Both an integrity check and an authorization check are performed. The rules for a successful
integrity check are:
• Verify the credentials – The credentials parameter is a valid Signed Manifest, with a single

signer. The signer’s identity is included in the credential as a certificate.

• Verify the data object – The Manifest must contain a section with the name as specified by the

SectionName

parameter, with associated verification information (in other words, hash

value). The hash value from this Manifest section must match the hash value computed over
the data specified by the

DataObject

parameter of this function.

The authorization check is optional. It is performed only if the

AuthorityCertificate.Data

parameter is other than

NULL

. If it is other than

NULL

, the

rules for a successful authorization check are:
• The

AuthorityCertificate

parameter is a valid digital certificate. There is no

requirement regarding the signer (issuer) of this certificate.

• The public key certified by the signer’s certificate must match the public key in the

AuthorityCertificate

. The match must be direct, that is, the signature authority cannot

be delegated along a certificate chain.

If all of the integrity and authorization check rules are met, the function returns with a “success”
indication and

IsVerified

is

TRUE

. Otherwise, it returns with a nonzero specific error code and

IsVerified

is

FALSE

.

Status Codes Returned

EFI_SUCCESS

The function completed successfully.

EFI_NO_MAPPING

The

AppHandle

parameter is not or is no longer a valid

application instance handle associated with the EFI_BIS protocol.

EFI_INVALID_PARAMETER

The

Credentials

parameter supplied by the caller is

NULL

or

an invalid memory reference,
or
The

Credentials.Data

parameter supplied by the caller is

NULL

or an invalid memory reference,

or
The

Credentials.Length

supplied by the caller is zero,

or
The

DataObject

parameter supplied by the caller is

NULL

or

an invalid memory reference,
or
The

DataObject.Data

parameter supplied by the caller is

NULL

or an invalid memory reference,

or

continued

Advertising
Popular Brands
Popular manuals