2 files changed, 8 insertions, 2 deletions

diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
index b6b958da514..c99384fb005 100644
--- a/include/efi_tcg2.h
+++ b/include/efi_tcg2.h
@@ -28,6 +28,8 @@
 #define EFI_TCG2_EXTEND_ONLY 0x0000000000000001
 #define PE_COFF_IMAGE 0x0000000000000010
 
+#define EFI_TCG2_MAX_PCR_INDEX 23
+
 /* Algorithm Registry */
 #define EFI_TCG2_BOOT_HASH_ALG_SHA1    0x00000001
 #define EFI_TCG2_BOOT_HASH_ALG_SHA256  0x00000002
@@ -127,8 +129,8 @@ struct efi_tcg2_boot_service_capability {
 	efi_tcg_event_algorithm_bitmap active_pcr_banks;
 };
 
+/* up to and including the vendor ID (manufacturer_id) field */
 #define boot_service_capability_min \
-	sizeof(struct efi_tcg2_boot_service_capability) - \
 	offsetof(struct efi_tcg2_boot_service_capability, number_of_pcr_banks)
 
 #define TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03 "Spec ID Event03"
diff --git a/include/efi_variable.h b/include/efi_variable.h
index 4623a641427..0440d356bc8 100644
--- a/include/efi_variable.h
+++ b/include/efi_variable.h
@@ -12,6 +12,7 @@
 
 enum efi_auth_var_type {
 	EFI_AUTH_VAR_NONE = 0,
+	EFI_AUTH_MODE,
 	EFI_AUTH_VAR_PK,
 	EFI_AUTH_VAR_KEK,
 	EFI_AUTH_VAR_DB,
@@ -161,10 +162,13 @@ efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t *
 /**
  * efi_var_restore() - restore EFI variables from buffer
  *
+ * Only if @safe is set secure boot related variables will be restored.
+ *
  * @buf:	buffer
+ * @safe:	restoring from tamper-resistant storage
  * Return:	status code
  */
-efi_status_t efi_var_restore(struct efi_var_file *buf);
+efi_status_t efi_var_restore(struct efi_var_file *buf, bool safe);
 
 /**
  * efi_var_from_file() - read variables from file