From PhoenixWiki

Provide support for a single class of credentials

Contents 1 GUID 2 Prototype 3 Parameters 4 Description 5 Related Definitions 5.1 Enroll() 5.2 Form() 5.3 Tile() 5.4 Title() 5.5 User() 5.6 Select() 5.7 Deselect() 5.8 Default() 5.9 GetInfo() 5.10 GetNextInfo()

GUID

#define EFI_USER_CREDENTIAL_PROTOCOL_GUID \
  { 0x71ee5e94, 0x65b9, 0x45d5, \
  { 0x82, 0x1a, 0x3a, 0x4d, 0x86, 0xcf, 0xe6, 0xbe } }

Prototype

typedef struct _EFI_USER_CREDENTIAL_PROTOCOL {
  EFI_GUID                     Identifier;
  EFI_GUID                     Type;
  EFI_CREDENTIAL_ENROLL        Enroll;
  EFI_CREDENTIAL_FORM          Form;
  EFI_CREDENTIAL_TILE          Tile;
  EFI_CREDENTIAL_TITLE         Title;
  EFI_CREDENTIAL_USER          User;
  EFI_CREDENTIAL_SELECT        Select;
  EFI_CREDENTIAL_DESELECT      Deselect;
  EFI_CREDENTIAL_DEFAULT       Default;
  EFI_CREDENTIAL_GET_INFO      GetInfo;
  EFI_CREDENTIAL_GET_NEXT_INFO GetNextInfo;
  EFI_CREDENTIAL_CAPABILITIES  Capabilities;
} EFI_USER_CREDENTIAL_PROTOCOL;

Parameters

Member	Description
Identifier	Uniquely identifies this credential provider.
Type	Identifies this class of User Credential Provider. See EFI_CREDENTIAL_CLASS_x in “Related Definitions” below.
Enroll	Enroll a user using this credential provider.
Form	Return the form set and form identifier for the form.
Tile	Returns an optional bitmap image used to identify this credential provider.
Title	Returns a string used to identify this credential provider.
User	Returns the user profile identifier ascertained by using this credential.
Select	Called when a credential provider is selected.
Deselect	Called when a credential provider is deselected.
Default	Returns whether the credential provider can provide the default credential.
GetInfo	Return user information provided by the credential provider.
GetNextInfo	Cycle through all user information available from the credential provider.
Capabilities	Bitmask which describes the capabilities supported by the credential provider.

Description

Attached to a device handle, this protocol identifies a single means of identifying the user. If EFI_CREDENTIAL_CAPABILITIES_ENROLL is specified, then this credential provider supports the ability to enroll new user identification information using the Enroll() function.

Related Definitions

#define EFI_USER_CREDENTIAL_CLASS_UNKNOWN \
  { 0x5cf32e68, 0x7660, 0x449b, \
  { 0x80, 0xe6, 0x7e, 0xa3, 0x6e, 0x3, 0xf6, 0xa8 } }

#define EFI_USER_CREDENTIAL_CLASS_PASSWORD \
  { 0xf8e5058c, 0xccb6, 0x4714, \
  { 0xb2, 0x20, 0x3f, 0x7e, 0x3a, 0x64, 0xb, 0xd1 } }

#define EFI_USER_CREDENTIAL_CLASS_SMART_CARD \
  { 0x5f03ba33, 0x8c6b, 0x4c24, \
  { 0xaa, 0x2e, 0x14, 0xa2, 0x65, 0x7b, 0xd4, 0x54 } }

#define EFI_USER_CREDENTIAL_CLASS_FINGERPRINT \
  { 0x32cba21f, 0xf308, 0x4cbc, \
  { 0x9a, 0xb5, 0xf5, 0xa3, 0x69, 0x9f, 0x4, 0x4a } }

#define EFI_USER_CREDENTIAL_CLASS_HANDPRINT \
  { 0x5917ef16, 0xf723, 0x4bb9, \
  { 0xa6, 0x4b, 0xd8, 0xc5, 0x32, 0xf4, 0xd8, 0xb5 } }

#define EFI_USER_CREDENTIAL_CLASS_SECURE_CARD \
  { 0x8a6b4a83, 0x42fe, 0x45d2, \
  { 0xa2, 0xef, 0x46, 0xf0, 0x6c, 0x7d, 0x98, 0x52 } }

Enroll()

Enroll a user on a credential provider.

Prototype

typedef 
EFI_STATUS
(EFIAPI *EFI_CREDENTIAL_ENROLL)(
  IN  CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
  IN  EFI_USER_PROFILE_HANDLE            User,
  );

Parameters

Parameter	Description
This	Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
User	The user profile to enroll.

Description
This function enrolls a user profile using this credential provider. If a user profile is success-fully enrolled, it calls the User Manager Protocol function Notify() to notify the user manager driver that credential information has changed.

Status Codes Returned

Status Code	Description
EFI_SUCCESS	User profile was successfully enrolled
EFI_ACCESS_DENIED	Current user profile does not permit enrollment on the user profile handle. Either the user profile cannot enroll on any user profile or cannot enroll on a user profile other than the current user profile.
EFI_UNSUPPORTED	This credential provider does not support enrollment in the pre-OS.
EFI_DEVICE_ERROR	The new credential could not be created because of a device error.
EFI_INVALID_PARAMETER	User does not refer to a valid user profile handle.

Form()

Returns the user interface information used during user identification.

Prototype

typedef 
EFI_STATUS
(EFIAPI *EFI_CREDENTIAL_FORM)(
  IN  CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
  OUT EFI_HII_HANDLE                     *Hii,
  OUT EFI_GUID                           *FormSetId,
  OUT EFI_FORM_ID                        *FormId
  );

Parameters

Parameter	Description
This	Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
Hii	On return, holds the HII database handle.
FormSetId	On return, holds the identifier of the form set which contains the form used during user identification.
FormId	On return, holds the identifier of the form used during user identification.

Description
This function returns information about the form used when interacting with the user during user identification.

Tile()

Returns bitmap used to describe the credential provider type.

Prototype

typedef 
EFI_STATUS
(EFIAPI *EFI_CREDENTIAL_TILE)(
  IN     CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
  IN OUT UINTN                              *Width,
  IN OUT UINTN                              *Height,
  OUT    EFI_HII_HANDLE                     *Hii,
  OUT    EFI_IMAGE_ID                       *Image
  );

Parameters

Parameter	Description
This	Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
Width	On entry, points to the desired bitmap width. If NULL then no bitmap information will be returned. On exit, points to the width of the bitmap returned.
Height	On entry, points to the desired bitmap height. If NULL then no bitmap information will be returned. On exit, points to the height of the bitmap returned.
Hii	On return, holds the HII database handle.
Image	On return, holds the HII image identifier.

Description
This optional function returns a bitmap which is less than or equal to the number of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND is returned.

Status Codes Returned

Status Code	Description
EFI_SUCCESS	Image identifier returned successfully.
EFI_NOT_FOUND	Image identifier not returned.

Title()

Returns string used to describe the credential provider type.

Prototype

typedef 
EFI_STATUS
(EFIAPI *EFI_CREDENTIAL_TITLE)(
  IN     CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
  OUT    EFI_HII_HANDLE                     *Hii,
  OUT    EFI_STRING_ID                      *String
  );

Parameters

Parameter	Description
This	Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
Hii	On return, holds the HII database handle.
String	On return, holds the HII string identifier.

Description
This function returns a string which describes the credential provider. If no such string exists, then EFI_NOT_FOUND is returned.

Status Codes Returned

Status Code	Description
EFI_SUCCESS	String identifier returned successfully.
EFI_NOT_FOUND	String identifier not returned.

User()

Return the user identifier associated with the currently authenticated user.

Prototype

typedef 
EFI_STATUS
(EFIAPI *EFI_CREDENTIAL_USER)(
  IN     CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
  IN     EFI_USER_PROFILE_HANDLE            User,
  OUT    EFI_USER_INFO_IDENTIFIER           *Identifier
  );

Parameters

Parameter	Description
This	Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
The user profile handle of the user profile currently being considered by the user identity manager. If NULL, then no user profile is currently under consideration.
Identifier	On return, points to the user identifier.

Description
This function returns the user identifier of the user authenticated by this credential provider. This function is called after the credential-related information has been submitted. This function can return one of four possible responses:

• If no user profile can yet be identified, then EFI_NOT_READY is returned.
• If the user has been locked out, then EFI_ACCESS_DENIED is returned.
• If the user specified by User is identified, then Identifier returns with the user identifier associated with that handle and EFI_SUCCESS is returned.
• If another user (other than that specified by User) is identified, then Identifier returns with the user identifier associated with the other user profile and EFI_SUCCESS is returned.

Status Codes Returned

Status Code	Description
EFI_SUCCESS	User identifier returned successfully.
EFI_NOT_READY	No user identifier can be returned.
EFI_ACCESS_DENIED	The user has been locked out of this user credential.

Select()

Indicate that user interface interaction has begun for the specified credential.

Prototype

typedef 
EFI_STATUS
(EFIAPI *EFI_CREDENTIAL_SELECT)(
  IN  CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
  OUT EFI_CREDENTIAL_LOGON_FLAGS         *AutoLogon
  );

Parameters

Parameter	Description
This	Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
AutoLogon	On return, points to the credential provider’s capabilities after the credential provider has been selected by the user.

Description
This function is called when a credential provider is selected by the user. If AutoLogon returns FALSE, then the user interface will be constructed by the User Identity Manager.

Status Codes Returned

Status Code	Description
EFI_SUCCESS	Credential provider successfully selected.

Deselect()

Indicate that user interface interaction has ended for the specified credential.

Prototype

typedef 
EFI_STATUS
(EFIAPI *EFI_CREDENTIAL_DESELECT)(
  IN  CONST EFI_USER_CREDENTIAL_PROTOCOL *This
  );

Parameters

Parameter	Description
This	Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.

Description
This function is called when a credential provider is deselected by the user.

Status Codes Returned

Status Code	Description
EFI_SUCCESS	Credential provider successfully selected.

Default()

Return the default logon behavior for this user credential.

Prototype

typedef 
EFI_STATUS
(EFIAPI *EFI_CREDENTIAL_DEFAULT)(
  IN  CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
  OUT EFI_CREDENTIAL_LOGON_FLAGS         *AutoLogon
  );

Parameters

Parameter	Description
This	Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
AutoLogon	On return, holds whether the credential provider should be used by default to automatically log on the user.

Description
This function reports the default login behavior regarding this credential provider. If Default is returned TRUE, then the User Identity Manager may uses this as a hint to use this credential provider as the default credential provider. If more than one credential provider returns with this set, then the selection is implementation specific. If Default is TRUE and AutoLogon is TRUE then the User Identity Manager may uses this as a hint to log the user on immediately.

Status Codes Returned

Status Code	Description
EFI_SUCCESS	Default information successfully returned.

GetInfo()

Return information attached to the credential provider.

Prototype

typedef
EFI_STATUS
(EFIAPI *EFI_CREDENTIAL_GET_INFO)(
  IN     CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
  IN     EFI_USER_INFO_HANDLE               UserInfo,
  OUT    EFI_USER_INFO                      *Info,
  IN OUT UINTN                              *InfoSize,
 );

Parameters

Parameter	Description
This	Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
UserInfo	Handle of the user information data record.
Info	On entry, points to a buffer of at least *InfoSize bytes. On exit, holds the user information. If the buffer is too small to hold the information, then EFI_BUFFER_TOO_SMALL is re-turned and InfoSize is updated to contain the number of bytes actually required.
InfoSize	On entry, points to the size of Info. On return, points to the size of the user information.

Description
This function returns user information.

Status Codes Returned

Status Code	Description
EFI_SUCCESS	Information returned successfully.
EFI_ACCESS_DENIED	The information about the specified user cannot be accessed by the current user.
EFI_BUFFER_TOO_SMALL	The size specified by InfoSize is too small to hold all of the user information. The size required is returned in *InfoSize.

GetNextInfo()

Enumerate all of the enrolled users on the platform.

Prototype

typedef
EFI_STATUS
(EFIAPI *EFI_USER_CREDENTIAL_GET_NEXT_INFO)(
  IN     CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
  IN OUT EFI_USER_INFO_HANDLE               *UserInfo
  );

Parameters

Parameter	Descriptin
This	Points to the instance of this EFI_USER_CREDENTIAL_PROTOCOL.
UserInfo	On entry, points to the previous user information handle or NULL to start enumeration. On exit, points to the next user information handle or NULL if there is no more user in-formation.

Description
This function returns the next user information record. To retrieve the first user information record handle, point UserInfo at a NULL. Each subsequent call will retrieve another user in-formation record handle until there are no more, at which point UserInfo will point to NULL.

Status Codes Returned

Status Code	Description
EFI_SUCCESS	User information returned.
EFI_NOT_FOUND	No more user information found.

---

Copyright (C) 2008,2010 Phoenix Technologies Ltd. All Rights Reserved. Portions copyright (C) 2008 UEFI Forum, Inc. Used with permission