[efi] Add definitions for the UEFI shim lock protocol

The UEFI shim includes a "shim lock protocol" that can be used by a
third party second stage loader such as GRUB to verify a kernel image.

Add definitions for the relevant portions of this protocol interface.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

2 files changed, 32 insertions, 0 deletions

diff --git a/src/include/ipxe/efi/Protocol/ShimLock.h b/src/include/ipxe/efi/Protocol/ShimLock.h
new file mode 100644
index 0000000..b313651
--- /dev/null
+++ b/src/include/ipxe/efi/Protocol/ShimLock.h
@@ -0,0 +1,31 @@
+#ifndef _IPXE_EFI_SHIM_LOCK_PROTOCOL_H
+#define _IPXE_EFI_SHIM_LOCK_PROTOCOL_H
+
+/** @file
+ *
+ * EFI "shim lock" protocol
+ *
+ */
+
+FILE_LICENCE ( BSD3 );
+
+#define EFI_SHIM_LOCK_PROTOCOL_GUID					\
+	{ 0x605dab50, 0xe046, 0x4300,					\
+	{ 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } }
+
+#define SHIMAPI __asmcall
+
+typedef
+EFI_STATUS SHIMAPI
+(*EFI_SHIM_LOCK_VERIFY) (
+  IN VOID *buffer,
+  IN UINT32 size
+  );
+
+typedef struct _EFI_SHIM_LOCK_PROTOCOL {
+  EFI_SHIM_LOCK_VERIFY Verify;
+  VOID *Reserved1;
+  VOID *Reserved2;
+} EFI_SHIM_LOCK_PROTOCOL;
+
+#endif /*_IPXE_EFI_SHIM_LOCK_PROTOCOL_H */
diff --git a/src/include/ipxe/efi/efi.h b/src/include/ipxe/efi/efi.h
index 1dd0d44..e0e2db6 100644
--- a/src/include/ipxe/efi/efi.h
+++ b/src/include/ipxe/efi/efi.h
@@ -197,6 +197,7 @@ extern EFI_GUID efi_pci_io_protocol_guid;
 extern EFI_GUID efi_pci_root_bridge_io_protocol_guid;
 extern EFI_GUID efi_pxe_base_code_protocol_guid;
 extern EFI_GUID efi_serial_io_protocol_guid;
+extern EFI_GUID efi_shim_lock_protocol_guid;
 extern EFI_GUID efi_simple_file_system_protocol_guid;
 extern EFI_GUID efi_simple_network_protocol_guid;
 extern EFI_GUID efi_simple_pointer_protocol_guid;