Reviewed-by: Jian J Wang <jian.j.w...@intel.com> Regards, Jian
> -----Original Message----- > From: Vang, Judah <judah.v...@intel.com> > Sent: Saturday, April 30, 2022 2:04 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.w...@intel.com>; Yao, Jiewen <jiewen....@intel.com>; > Mistry, Nishant C <nishant.c.mis...@intel.com> > Subject: [Patch v2 02/28] SecurityPkg: Add new GUIDs for > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 > > The gEdkiiProtectedVariableGlobalGuid HOB contains the global > configuration data structure which is verified in PEI Phase. > The gEdkiiMetaDataHmacVariableGuid is used for saving the > meta data HMAC variable. > The gEdkiiProtectedVariableContextGuid contains the Protected > Variable context saved in PEI phase to be used later. > > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Nishant C Mistry <nishant.c.mis...@intel.com> > Signed-off-by: Jian J Wang <jian.j.w...@intel.com> > Signed-off-by: Nishant C Mistry <nishant.c.mis...@intel.com> > Signed-off-by: Judah Vang <judah.v...@intel.com> > --- > SecurityPkg/SecurityPkg.dec | 43 +++++++++++++++++++- > 1 file changed, 42 insertions(+), 1 deletion(-) > > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 9f7a032d60d5..ea88908ea7d2 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -5,7 +5,7 @@ > # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and > library > classes) > # and libraries instances, which are used for those features. > # > -# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR> > +# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR> > # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR> > # Copyright (c) Microsoft Corporation.<BR> > # SPDX-License-Identifier: BSD-2-Clause-Patent > @@ -217,6 +217,18 @@ [Guids] > ## GUID used to specify section with default dbt content > gDefaultdbtFileGuid = { 0x36c513ee, 0xa338, 0x4976, { 0xa0, > 0xfb, > 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } } > > + ## Include/Guid/ProtectedVariable.h > + # {8EBF379A-F18E-4728-A410-00CF9A65BE91} > + gEdkiiProtectedVariableGlobalGuid = { 0x8ebf379a, 0xf18e, 0x4728, { 0xa4, > 0x10, 0x0, 0xcf, 0x9a, 0x65, 0xbe, 0x91 } } > + > + ## Include/Guid/ProtectedVariable.h > + # {e3e890ad-5b67-466e-904f-94ca7e9376bb} > + gEdkiiMetaDataHmacVariableGuid = {0xe3e890ad, 0x5b67, 0x466e, {0x90, > 0x4f, 0x94, 0xca, 0x7e, 0x93, 0x76, 0xbb}} > + > + ## Include/Guid/ProtectedVariable.h > + # {a11a3652-875b-495a-b097-200917580b98} > + gEdkiiProtectedVariableContextGuid = {0xa11a3652, 0x875b, 0x495a, {0xb0, > 0x97, 0x20, 0x09, 0x17, 0x58, 0x0b, 0x98} } > + > [Ppis] > ## The PPI GUID for that TPM physical presence should be locked. > # Include/Ppi/LockPhysicalPresence.h > @@ -242,6 +254,10 @@ [Ppis] > ## Include/Ppi/Tcg.h > gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca, > 0xc7, 0x17, 0x6c, 0xf1 } } > > + ## Key Service Ppi > + # Include/Ppi/KeyServicePpi.h > + gKeyServicePpiGuid = {0x583592f6, 0xEC34, 0x4CED, {0x8E, 0x81, 0xC8, 0xD1, > 0x36, 0x93, 0x04, 0x27}} > + > # > # [Error.gEfiSecurityPkgTokenSpaceGuid] > # 0x80000001 | Invalid value provided. > @@ -325,6 +341,31 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] > > > gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x0 > 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID > *|0x00010032 > > + ## Progress Code for variable integrity check result.<BR><BR> > + # DEFAULT: (EFI_PERIPHERAL_FIXED_MEDIA | [EFI_STATUS&0xFF]) > + # @Prompt Status Code for variable integiry check result > + > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity|0x01070000|U > INT32|0x00010033 > + > + ## Null-terminated Unicode string of the Platform Variable Name > + # @Prompt known unprotected variable name > + > gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName|L""|VOID*|0x00010 > 034 > + > + ## Guid name to identify Platform Variable Guid > + # @Prompt known unprotected variable guid > + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid|{ 0x00, 0x00, 0x00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00 }|VOID*|0x00010035 > + > + ## Defines Protected Variable Integrity support. > + # TRUE - Enable Protected Variable Integrity.<BR> > + # FALSE - Disable Protected Variable Integrity.<BR> > + # @Prompt Protected Variable Integrity support. > + > gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity|FALSE|BOOLEA > N|0x00010036 > + > + ## Defines Protected Variable Confidentiality support. > + # TRUE - Enable Protected Variable Confidentiality.<BR> > + # FALSE - Disable Protected Variable Confidentiality.<BR> > + # @Prompt Protected Variable Integrity support. > + > gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality|FALSE|BO > OLEAN|0x00010037 > + > [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] > ## Image verification policy for OptionRom. Only following values are > valid:<BR><BR> > # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification > and > has been removed.<BR> > -- > 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89700): https://edk2.groups.io/g/devel/message/89700 Mute This Topic: https://groups.io/mt/90781887/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
