Lines Matching full:to
2 The Key Management Service (KMS) protocol as defined in the UEFI 2.3.1 specification is to
3 provides services to generate, store, retrieve, and manage cryptographic keys.
4 The intention is to specify a simple generic protocol that could be used for many implementations.
6 A driver implementing the protocol may need to provide basic key service that consists of a
7 key store and cryptographic key generation capability. It may connect to an external key
8 server over the network, or to a Hardware Security Module (HSM) attached to the system it
28 // operation to indicate support for multiple data types.
192 /// Pointer to a valid client identifier.
198 /// KMS does not support client names, this field should be set to EFI_KMS_DATA_TYPE_NONE.
203 /// ClientNameStringType is set to EFI_KMS_DATA_TYPE_NONE. Otherwise, it must contain
208 /// Pointer to a client name. This field will be ignored if ClientNameStringType is set to
209 /// EFI_KMS_DATA_TYPE_NONE. Otherwise, it must point to a valid string of the specified type.
216 /// The size of the KeyIdentifier field in bytes. This field is limited to the range 0 to 255.
220 /// Pointer to an array of KeyIdentifierType elements.
228 /// Pointer to a key value for a key specified by the KeyFormat field. A NULL value for this
234 /// to indicate the status of individual operations when a KMS function is called with multiple
268 /// An array of bytes to hold the attribute data associated with the KeyAttributeIdentifier.
293 /// field. This field is limited to the range 0 to 255.
297 /// Pointer to an array of KeyAttributeIdentifierType elements. For string types, there must
302 /// The instance number of this attribute. If there is only one instance, the value is set to
303 /// one. If this value is set to 0xFFFF (all binary 1's) then this field should be ignored if an
306 /// field in the request. If set to 0xFFFF in the request, it will match any attribute with the
321 /// Pointer to a key attribute value for the attribute specified by the KeyAttributeIdentifier
327 /// This field is used to indicate the status of individual operations when a KMS function is
348 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.
351 @retval EFI_NOT_READY No connection to the KMS is available.
354 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the KMS.
367 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.
368 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.
369 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of
373 transferred to or from the KMS. If the parameter is
375 If the value pointed to is 0, no data will be transferred
376 to the KMS, but data may be returned by the KMS.
378 to the KMS, which may also return data to the caller.
379 In all cases, the value upon return to the caller will
380 be the size of the data block returned to the caller,
382 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of
383 *ClientDataSize that is to be passed directly to the
386 ClientDataSize parameter is also NULL. Upon return to
387 the caller, *ClientData points to a block of data of
394 allocated by the caller for input to the function or by
395 the implementation for output back to the caller.
398 @retval EFI_NOT_READY No connection to the KMS is available.
401 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the KMS.
402 @retval EFI_OUT_OF_RESOURCES Required resources were not available to perform the function.
418 The key value(s) is returned to the caller.
420 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.
421 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.
422 @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be
426 @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR
427 structures which describe the keys to be generated.
429 may specify an identifier to be used for the key,
442 with the GUID used to generate the key if it was a
444 to memory containing the key value for the generated
449 of the request relative to that key.
450 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of
454 transferred to or from the KMS. If the parameter is
456 If the value pointed to is 0, no data will be transferred
457 to the KMS, but data may be returned by the KMS.
459 to the KMS, which may also return data to the caller.
460 In all cases, the value upon return to the caller will
461 be the size of the data block returned to the caller,
463 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of
464 *ClientDataSize that is to be passed directly to the
467 ClientDataSize parameter is also NULL. Upon return to
468 the caller, *ClientData points to a block of data of
475 allocated by the caller for input to the function or by
476 the implementation for output back to the caller.
481 the KMS. Check individual key request(s) to see which ones
483 @retval EFI_OUT_OF_RESOURCES Required resources were not available to perform the function.
485 request(s) to see which ones may have been processed.
489 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the KMS. Check
490 individual key request(s) to see which ones may have been
515 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.
516 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.
517 @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be
521 @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR
522 structures which describe the keys to be retrieved
525 must specify an identifier to be used to retrieve a
535 request relative to the individual key descriptor.
536 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of
540 transferred to or from the KMS. If the parameter is
542 If the value pointed to is 0, no data will be transferred
543 to the KMS, but data may be returned by the KMS.
545 to the KMS, which may also return data to the caller.
546 In all cases, the value upon return to the caller will
547 be the size of the data block returned to the caller,
549 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of
550 *ClientDataSize that is to be passed directly to the
553 ClientDataSize parameter is also NULL. Upon return to
554 the caller, *ClientData points to a block of data of
561 allocated by the caller for input to the function or by
562 the implementation for output back to the caller.
567 request(s) to see which ones may have been processed.
570 (KeyDescriptorCount) to contain all the key data, then
572 KeyDescriptorCount will be updated to indicate the
577 @retval EFI_DEVICE_ERROR Device or key server error. Check individual key request(s) to
603 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.
604 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.
605 @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be
609 @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR
610 structures which describe the keys to be added.
612 valid identifier data to be used for adding a key to
618 KeyValue fields for each key to be added must contain
619 consistent values to be associated with the given KeyId.
622 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of
626 transferred to or from the KMS. If the parameter is
628 If the value pointed to is 0, no data will be transferred
629 to the KMS, but data may be returned by the KMS.
631 to the KMS, which may also return data to the caller.
632 In all cases, the value upon return to the caller will
633 be the size of the data block returned to the caller,
635 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of
636 *ClientDataSize that is to be passed directly to the
639 ClientDataSize parameter is also NULL. Upon return to
640 the caller, *ClientData points to a block of data of
647 allocated by the caller for input to the function or by
648 the implementation for output back to the caller.
653 request(s) to see which ones may have been processed.
656 (KeyDescriptorCount) to contain all the key data, then
658 KeyDescriptorCount will be updated to indicate the
663 @retval EFI_DEVICE_ERROR Device or key server error. Check individual key request(s) to
689 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.
690 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.
691 @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors to be
695 @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR
696 structures which describe the keys to be deleted.
698 valid identifier data to be used for adding a key to
707 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of
711 transferred to or from the KMS. If the parameter is
713 If the value pointed to is 0, no data will be transferred
714 to the KMS, but data may be returned by the KMS.
716 to the KMS, which may also return data to the caller.
717 In all cases, the value upon return to the caller will
718 be the size of the data block returned to the caller,
720 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of
721 *ClientDataSize that is to be passed directly to the
724 ClientDataSize parameter is also NULL. Upon return to
725 the caller, *ClientData points to a block of data of
732 allocated by the caller for input to the function or by
733 the implementation for output back to the caller.
738 request(s) to see which ones may have been processed.
742 @retval EFI_DEVICE_ERROR Device or key server error. Check individual key request(s) to
769 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.
770 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.
771 @param[in] KeyIdentifierSize Pointer to the size in bytes of the KeyIdentifier variable.
772 @param[in] KeyIdentifier Pointer to the key identifier associated with this key.
773 @param[in, out] KeyAttributesCount Pointer to the number of EFI_KMS_KEY_ATTRIBUTE
780 @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE
785 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of
789 transferred to or from the KMS. If the parameter is
791 If the value pointed to is 0, no data will be transferred
792 to the KMS, but data may be returned by the KMS.
794 to the KMS, which may also return data to the caller.
795 In all cases, the value upon return to the caller will
796 be the size of the data block returned to the caller,
798 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of
799 *ClientDataSize that is to be passed directly to the
802 ClientDataSize parameter is also NULL. Upon return to
803 the caller, *ClientData points to a block of data of
810 allocated by the caller for input to the function or by
811 the implementation for output back to the caller.
816 attribute request(s) to see which ones may have been
820 structures (KeyAttributesCount) to contain all the key
822 KeyAttributesCount will be updated to indicate the
828 … request(s) (i.e. key attribute status for each) to see which ones
855 Add one or more attributes to a key specified by a key identifier.
857 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.
858 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.
859 @param[in] KeyIdentifierSize Pointer to the size in bytes of the KeyIdentifier variable.
860 @param[in] KeyIdentifier Pointer to the key identifier associated with this key.
861 @param[in, out] KeyAttributesCount Pointer to the number of EFI_KMS_KEY_ATTRIBUTE
862 structures to associate with the Key. On normal returns,
865 @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE
866 structures providing the attribute information to
872 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of
876 transferred to or from the KMS. If the parameter is
878 If the value pointed to is 0, no data will be transferred
879 to the KMS, but data may be returned by the KMS.
881 to the KMS, which may also return data to the caller.
882 In all cases, the value upon return to the caller will
883 be the size of the data block returned to the caller,
885 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of
886 *ClientDataSize that is to be passed directly to the
889 ClientDataSize parameter is also NULL. Upon return to
890 the caller, *ClientData points to a block of data of
897 allocated by the caller for input to the function or by
898 the implementation for output back to the caller.
903 attribute request(s) to see which ones may have been
907 enough structures (KeyAttributesCount) to contain all
909 KeyAttributesCount will be updated to indicate the
918 … request(s) (i.e. key attribute status for each) to see which ones
945 Delete attributes to a key specified by a key identifier.
947 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.
948 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.
949 @param[in] KeyIdentifierSize Pointer to the size in bytes of the KeyIdentifier variable.
950 @param[in] KeyIdentifier Pointer to the key identifier associated with this key.
951 @param[in, out] KeyAttributesCount Pointer to the number of EFI_KMS_KEY_ATTRIBUTE
952 structures to associate with the Key.
956 @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE
957 structures providing the attribute information to
963 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of
967 transferred to or from the KMS. If the parameter is
969 If the value pointed to is 0, no data will be transferred
970 to the KMS, but data may be returned by the KMS.
972 to the KMS, which may also return data to the caller.
973 In all cases, the value upon return to the caller will
974 be the size of the data block returned to the caller,
976 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of
977 *ClientDataSize that is to be passed directly to the
980 ClientDataSize parameter is also NULL. Upon return to
981 the caller, *ClientData points to a block of data of
988 allocated by the caller for input to the function or by
989 the implementation for output back to the caller.
994 attribute request(s) to see which ones may have been
1000 … request(s) (i.e. key attribute status for each) to see which ones
1030 @param[in] This Pointer to the EFI_KMS_PROTOCOL instance.
1031 @param[in] Client Pointer to a valid EFI_KMS_CLIENT_INFO structure.
1032 @param[in, out] KeyAttributesCount Pointer to a count of the number of key attribute structures
1037 @param[in, out] KeyAttributes Pointer to an array of EFI_KMS_KEY_ATTRIBUTE
1038 structure to search for.
1043 @param[in, out] KeyDescriptorCount Pointer to a count of the number of key descriptors matched
1046 On return, this number will be updated to the number
1048 @param[in, out] KeyDescriptors Pointer to an array of EFI_KMS_KEY_DESCRIPTOR
1059 request relative to that key descriptor.
1060 @param[in, out] ClientDataSize Pointer to the size, in bytes, of an arbitrary block of
1064 transferred to or from the KMS. If the parameter is
1066 If the value pointed to is 0, no data will be transferred
1067 to the KMS, but data may be returned by the KMS.
1069 to the KMS, which may also return data to the caller.
1070 In all cases, the value upon return to the caller will
1071 be the size of the data block returned to the caller,
1073 @param[in, out] ClientData Pointer to a pointer to an arbitrary block of data of
1074 *ClientDataSize that is to be passed directly to the
1077 ClientDataSize parameter is also NULL. Upon return to
1078 the caller, *ClientData points to a block of data of
1085 allocated by the caller for input to the function or by
1086 the implementation for output back to the caller.
1091 attribute request(s) to see which ones may have been
1095 (KeyDescriptorCount) to contain all the key data, then
1097 KeyDescriptorCount will be updated to indicate the
1103 … request(s) (i.e. key attribute status for each) to see which ones
1131 /// The Key Management Service (KMS) protocol provides services to generate, store, retrieve,
1137 /// connected to the KMS, then a call to this function will initiate a connection. This is the
1138 /// only function that is valid for use prior to the service being marked available.
1154 /// Add a local key to KMS database. If there is an existing key with this key identifier in the
1167 /// Add attributes to an existing key in the KMS database.
1179 /// The version of this EFI_KMS_PROTOCOL structure. This must be set to 0x00020040 for
1184 /// Optional GUID used to identify a specific KMS. This GUID may be supplied by the provider,
1189 /// Optional pointer to a unicode string which may be used to identify the KMS or provide
1194 /// Optional 32-bit value which may be used to indicate the version of the KMS provided by
1199 /// TRUE if and only if the service is active and available for use. To avoid unnecessary
1200 /// delays in POST, this protocol may be installed without connecting to the service. In this
1201 /// case, the first call to the GetServiceStatus () function will cause the implementation to
1202 /// connect to the supported service and mark it as available. The capabilities of this service
1203 /// as defined in the reminder of this protocol are not guaranteed to be valid until the service
1209 /// for auditing, access control or any other purpose specific to the implementation.
1213 /// TRUE if and only if the service requires a client identifier in order to process key requests.
1224 /// to the inclusive 'OR' of all client name formats supported. Client names may be used for
1225 /// auditing, access control or any other purpose specific to the implementation.
1229 /// TRUE if only if the KMS requires a client name to be supplied to the service.
1239 /// data requires the caller to have specific knowledge of the individual KMS service and
1265 /// A pointer to an array of EFI_GUID values which specify key formats/sizes supported by
1270 /// This list of GUIDs supported by the KMS is not required to be exhaustive, and the KMS
1283 /// are not supported, this field will be set to EFI_KMS_DATA_TYPE_NONE. Otherwise, it will
1284 /// be set to the inclusive 'OR' of all key attribute identifier string types supported.
1292 /// provide a method to obtain predefined key attributes data, then this field must be zero.
1296 /// A pointer to an array of KeyAttributes structures which contains the predefined
1299 /// including a default value if one exists. This variable must be set to NULL if the
1300 /// KeyAttributesCount variable is zero. It must point to a valid buffer if the
1302 /// This list of predefined attributes is not required to be exhaustive, and the KMS may
1305 /// predefined attributes not enumerated will still be processed to the KMS.