IUefiVariableStore Interface Reference

The IUefiVariableStore interface allows inspecting and manipulating the content of an existing UEFI variable store in a NVRAM file. More...

Inheritance diagram for IUefiVariableStore:

Public Member Functions
void	addVariable (in wstring name, in wstringUUID owner, in UefiVariableAttributes[] attributes, in octet[] data)
	Adds a new variable to the non volatile storage area.
void	deleteVariable (in wstring name, in wstringUUID owner)
	Deletes the given variable from the non volatile storage area.
void	changeVariable (in wstring name, in octet[] data)
	Changes the data of the given variable.
void	queryVariableByName (in wstring name, out wstringUUID owner, out UefiVariableAttributes[] attributes, out octet[] data)
	Queries the variable content variable by the given name.
void	queryVariables (out wstring[] names, out wstringUUID[] owners)
	Queries all variables in the non volatile storage and returns their names.
void	enrollOraclePlatformKey ()
	Enroll the default platform key from Oracle for enabling Secure Boot.
void	enrollPlatformKey (in octet[] platformKey, in wstringUUID owner)
	Convenience method to enroll a new platform key (PK) for enabling Secure Boot.
void	addKek (in octet[] keyEncryptionKey, in wstringUUID owner, in SignatureType signatureType)
	Convenience method to add a new Key Encryption Key (KEK) for Secure Boot.
void	addSignatureToDb (in octet[] signature, in wstringUUID owner, in SignatureType signatureType)
	Convenience method to add a new entry to the signature database.
void	addSignatureToDbx (in octet[] signature, in wstringUUID owner, in SignatureType signatureType)
	Convenience method to add a new entry to the forbidden signature database.
void	enrollDefaultMsSignatures ()
	Convenience method to enroll the standard Microsoft KEK and signatures in the signature databases.
void	addSignatureToMok (in octet[] signature, in wstringUUID owner, in SignatureType signatureType)
	Convenience method to add a new entry to the MOK (Machine Owner Key) signature database.

Public Attributes
attribute boolean	secureBootEnabled
	Flag whether secure boot is currently enabled for the VM.

Detailed Description

The IUefiVariableStore interface allows inspecting and manipulating the content of an existing UEFI variable store in a NVRAM file.

This is used only in the INvramStore::uefiVariableStore attribute.

Interface ID:

{D134C6B6-4479-430D-BB73-68A452BA3E67}

Member Function Documentation

addVariable()

void IUefiVariableStore::addVariable	(	in wstring	name,
		in wstringUUID	owner,
		in UefiVariableAttributes[]	attributes,
		in octet[]	data
	)

Adds a new variable to the non volatile storage area.

Parameters

name	Name of the variable.
owner	UUID of the variable owner.
attributes	Attributes of the variable.
data	The variable data.

deleteVariable()

void IUefiVariableStore::deleteVariable	(	in wstring	name,
		in wstringUUID	owner
	)

Deletes the given variable from the non volatile storage area.

Parameters

name	Name of the variable.
owner	UUID of the variable owner.

changeVariable()

void IUefiVariableStore::changeVariable	(	in wstring	name,
		in octet[]	data
	)

Changes the data of the given variable.

Parameters

name	Name of the variable.
data	The new variable data.

queryVariableByName()

void IUefiVariableStore::queryVariableByName	(	in wstring	name,
		out wstringUUID	owner,
		out UefiVariableAttributes[]	attributes,
		out octet[]	data
	)

Queries the variable content variable by the given name.

Parameters

name	Name of the variable to look for.
owner	UUID of the variable owner returned on success.
attributes	Attributes of the variable.
data	The variable data returned on success.

queryVariables()

void IUefiVariableStore::queryVariables	(	out wstring[]	names,
		out wstringUUID[]	owners
	)

Queries all variables in the non volatile storage and returns their names.

Parameters

names	The variable names returned on success.
owners	UUID of the variable owners returned on success.

enrollOraclePlatformKey()

void IUefiVariableStore::enrollOraclePlatformKey

(

)

Enroll the default platform key from Oracle for enabling Secure Boot.

enrollPlatformKey()

void IUefiVariableStore::enrollPlatformKey	(	in octet[]	platformKey,
		in wstringUUID	owner
	)

Convenience method to enroll a new platform key (PK) for enabling Secure Boot.

Parameters

platformKey	The platform key (PK) to enroll.
owner	UUID of the PK owner.

addKek()

void IUefiVariableStore::addKek	(	in octet[]	keyEncryptionKey,
		in wstringUUID	owner,
		in SignatureType	signatureType
	)

Convenience method to add a new Key Encryption Key (KEK) for Secure Boot.

Parameters

keyEncryptionKey	The Key Encryption Key (KEK) to add.
owner	UUID of the KEK owner.
signatureType	Type of the signature.

addSignatureToDb()

void IUefiVariableStore::addSignatureToDb	(	in octet[]	signature,
		in wstringUUID	owner,
		in SignatureType	signatureType
	)

Convenience method to add a new entry to the signature database.

Parameters

signature	The signature to add.
owner	UUID of the signature owner.
signatureType	Type of the signature.

addSignatureToDbx()

void IUefiVariableStore::addSignatureToDbx	(	in octet[]	signature,
		in wstringUUID	owner,
		in SignatureType	signatureType
	)

Convenience method to add a new entry to the forbidden signature database.

Parameters

signature	The signature to add.
owner	UUID of the signature owner.
signatureType	Type of the signature.

enrollDefaultMsSignatures()

void IUefiVariableStore::enrollDefaultMsSignatures

(

)

Convenience method to enroll the standard Microsoft KEK and signatures in the signature databases.

addSignatureToMok()

void IUefiVariableStore::addSignatureToMok	(	in octet[]	signature,
		in wstringUUID	owner,
		in SignatureType	signatureType
	)

Convenience method to add a new entry to the MOK (Machine Owner Key) signature database.

Parameters

signature	The signature to add.
owner	UUID of the signature owner.
signatureType	Type of the signature.

Member Data Documentation

secureBootEnabled

attribute boolean IUefiVariableStore::secureBootEnabled

Flag whether secure boot is currently enabled for the VM.