From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 1458B81FD1 for ; Wed, 8 Feb 2017 23:20:37 -0800 (PST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga102.jf.intel.com with ESMTP; 08 Feb 2017 23:20:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,349,1484035200"; d="scan'208";a="1124128252" Received: from jyao1-mobl.ccr.corp.intel.com ([10.254.176.87]) by fmsmga002.fm.intel.com with ESMTP; 08 Feb 2017 23:20:36 -0800 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Star Zeng , Feng Tian , Michael Kinney Date: Wed, 8 Feb 2017 23:20:31 -0800 Message-Id: <1486624832-15736-4-git-send-email-jiewen.yao@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 In-Reply-To: <1486624832-15736-1-git-send-email-jiewen.yao@intel.com> References: <1486624832-15736-1-git-send-email-jiewen.yao@intel.com> Subject: [PATCH V3 3/4] MdeModulePkg/dec: add PcdImageProtectionPolicy. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 07:20:37 -0000 Add PCD for image protection policy. Cc: Star Zeng Cc: Feng Tian Cc: Michael Kinney Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- MdeModulePkg/MdeModulePkg.dec | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..ab0490f 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1087,6 +1087,16 @@ # @Prompt Memory profile driver path. gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath|{0x0}|VOID*|0x00001043 + ## Set image protection policy. The policy is bitwise. + # If a bit is set, the image will be protected by DxeCore if it is aligned. + # The code section becomes read-only, and the data section becomes non-executable. + # If a bit is clear, the image will not be protected.

+ # BIT0 - Image from unknown device.
+ # BIT1 - Image from firmware volume.
+ # @Prompt Set image protection policy. + # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047 + ## PCI Serial Device Info. It is an array of Device, Function, and Power Management # information that describes the path that contains zero or more PCI to PCI briges # followed by a PCI serial device. Each array entry is 4-bytes in length. The -- 2.7.4.windows.1