AddPCRProfile adds a profile defined by the supplied options to the supplied secboot_tpm2.PCRProtectionProfileBranch, using the specified digest algorithm for the PCR digest.

AddSystemdStubProfile adds the systemd EFI linux loader stub profile to the PCR protection profile, in order to generate a PCR policy that restricts access to a key to a defined set of kernel commandlines when booting a linux kernel using the systemd EFI stub.

KernelCommandlineParams returns a ImageLoadParams for the specified kernel commandlines.

NewFileImage creates a new FileImage for the file at the specified path.

NewImageLoadActivity returns a new ImageLoadActivity for the specified image that will be executed during the boot process, before ExitBootServices.

NewImageLoadSequences returns a new ImageLoadSequences object with the specified parameters, which will be inherited by all of the appended paths.

NewSnapFileImage creates a new SnapFileImage for the file at the specified relative path within the supplied snap.

SnapModelParams returns a ImageLoadParams for the specifed snap models.

WithBootManagerCodeProfile requests that the UEFI boot manager code and boot attempts profile is added, which restricts access to a resource to a specific set of UEFI applications that are measured to PCR4.

WithDriversAndAppsProfile adds the UEFI Drivers and UEFI Applications profile (measured to PCR2).

WithHostEnvironment overrides the EFI host environment for a PCR profile with the supplied environment.

WithKernelConfigProfile adds the kernel config profile.

WithPlatformFirmwareProfile adds the SRTM, POST BIOS and Embedded Drivers profile (measured to PCR0).

WithSecureBootPolicyProfile requests that the UEFI secure boot policy profile is added, which restricts access to a resource based on a set of secure boot policies measured to PCR7.

WithShimSbatPolicyLatest can be supplied to AddPCRProfile to compute the profile with the value of the SbatLevel EFI variable set to "latest" (uint(1)), in addition to the current value of the variable.

WithSignatureDBUpdates can be supplied to AddPCRProfile to compute the profile for each of the supplied signature database updates in turn, in addition to the current signature database contents.

Db is the identity of the authorized signature database.

Dbx is the identity of the forbidden signature database.

KEK is the identity of the Key Exchange Key database.

PK is the identity of the Platform Key variable.

ImageLoadSequences corresponds to all of the boot paths for images executed before ExitBootServices.

SignatureDBUpdate corresponds to an update to a signature database, such as dbx.

SnapFileImage provides an image contained within a snap package that is loaded during the boot process before ExitBootServices.

SystemdStubProfileParams provides the parameters to AddSystemdStubProfile.

Image provides an image that is loaded during the boot process before ExitBootServices.

ImageLoadActivity corresponds to the execution of an image during the boot process, before ExitBootServices.

ImageLoadParams provides one or more values for an external parameter that is supplied to an image which is loaded during the boot process.

ImageReader corresponds to an open handle from which to read a binary image from.

PCRProfileEnablePCRsOption is an option for AddPCRProfile that adds one or more PCRs.

PCRProfileOption is an option for AddPCRProfile.

FileImage provides an image from a file that is loaded during the boot process before ExitBootServices.

HostEnvironment is an interface that abstracts out an EFI environment, so that consumers of the API can provide a custom mechanism to read EFI variables or parse the TCG event log.