Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-dbus-interfaces / b235159e0acc9943bc5f4e428ba6536f2e3cb621^! / . / yaml / xyz / openbmc_project / BIOSConfig / SecureBoot.interface.yaml
commitb235159e0acc9943bc5f4e428ba6536f2e3cb621[log] [tgz]
authorPrithvi Pai <ppai@nvidia.com>Tue Feb 04 16:25:37 2025 +0530
committerPrithvi Pai <ppai@nvidia.com>Wed Feb 05 14:24:05 2025 +0530
tree6b276e3d2c63d397340523d390b951889f4a2aef
parent0e78828ce927548b4dd679e06fdaf2f294983289 [diff] [blame]
Add UEFI SecureBoot Setting related interfaces

Redfish added schema for SecureBoot, which contains UEFI Secure Boot
related information and represents properties for managing the UEFI
Secure Boot functionality of a system. It would be useful to add
remote UEFI secure boot configuration support which provides unified
interface for remote uefi secure boot configuration in data centers,
and provide a generic implementation for the remote management of
uefi secure boot.

Redfish Schema -
https://redfish.dmtf.org/schemas/v1/SecureBoot.v1_1_2.json

BIOSConfig.SecureBoot exposes three properties:
1) Enable: An indication of whether UEFI Secure Boot is enabled.
2) Current Boot: An indication of UEFI Secure Boot state during the
   current boot cycle
3) Mode: Indicates the current UEFI Secure Boot mode, as defined in
   the UEFI Specification.

Change-Id: I1a345c2efcdd42be9920b509649621157b88775a
Signed-off-by: Prithvi Pai <ppai@nvidia.com>

diff --git a/yaml/xyz/openbmc_project/BIOSConfig/SecureBoot.interface.yaml b/yaml/xyz/openbmc_project/BIOSConfig/SecureBoot.interface.yaml
new file mode 100644
index 0000000..aaca566
--- /dev/null
+++ b/yaml/xyz/openbmc_project/BIOSConfig/SecureBoot.interface.yaml

@@ -0,0 +1,59 @@
+description: >
+    UEFI Secure Boot information and represents properties for managing the UEFI
+    Secure Boot functionality of a system.
+
+properties:
+    - name: CurrentBoot
+      type: enum[self.CurrentBootType]
+      description: >
+          The UEFI Secure Boot state during the current boot cycle.
+      default: Unknown
+
+    - name: PendingEnable
+      type: boolean
+      description: >
+          An indication of whether the UEFI Secure Boot takes effect on next
+          boot.
+
+    - name: Mode
+      type: enum[self.ModeType]
+      description: >
+          The current UEFI Secure Boot Mode.
+      default: Unknown
+
+enumerations:
+    - name: CurrentBootType
+      description: >
+          Secure Boot Current Boot Type.
+      values:
+          - name: Unknown
+            description: >
+                UEFI Secure Boot is currently unknown.
+          - name: Enabled
+            description: >
+                UEFI Secure Boot is currently enabled.
+          - name: Disabled
+            description: >
+                UEFI Secure Boot is currently disabled.
+
+    - name: ModeType
+      description: >
+          Secure Boot Mode Type. UEFI Secure Boot Modes are defined in UEFI
+          Specification -
+          https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html#secure-boot-modes
+      values:
+          - name: Unknown
+            description: >
+                UEFI Secure Boot is currently unknown.
+          - name: Setup
+            description: >
+                UEFI Secure Boot is currently in Setup Mode.
+          - name: User
+            description: >
+                UEFI Secure Boot is currently in User Mode.
+          - name: Audit
+            description: >
+                UEFI Secure Boot is currently in Audit Mode.
+          - name: Deployed
+            description: >
+                UEFI Secure Boot is currently in Deployed Mode.