* [PATCH v1 02/28] SecurityPkg: Add new GUIDs
@ 2022-03-25 23:21 Judah Vang
2022-03-29 6:03 ` Wang, Jian J
0 siblings, 1 reply; 2+ messages in thread
From: Judah Vang @ 2022-03-25 23:21 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Jiewen Yao, Nishant C Mistry
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
Add new GUIDs
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Judah Vang <judah.vang@intel.com>
---
SecurityPkg/SecurityPkg.dec | 43 +++++++++++++++++++-
1 file changed, 42 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 9f7a032d60d5..ea88908ea7d2 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -5,7 +5,7 @@
# It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes)
# and libraries instances, which are used for those features.
#
-# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR>
# Copyright (c) Microsoft Corporation.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -217,6 +217,18 @@ [Guids]
## GUID used to specify section with default dbt content
gDefaultdbtFileGuid = { 0x36c513ee, 0xa338, 0x4976, { 0xa0, 0xfb, 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } }
+ ## Include/Guid/ProtectedVariable.h
+ # {8EBF379A-F18E-4728-A410-00CF9A65BE91}
+ gEdkiiProtectedVariableGlobalGuid = { 0x8ebf379a, 0xf18e, 0x4728, { 0xa4, 0x10, 0x0, 0xcf, 0x9a, 0x65, 0xbe, 0x91 } }
+
+ ## Include/Guid/ProtectedVariable.h
+ # {e3e890ad-5b67-466e-904f-94ca7e9376bb}
+ gEdkiiMetaDataHmacVariableGuid = {0xe3e890ad, 0x5b67, 0x466e, {0x90, 0x4f, 0x94, 0xca, 0x7e, 0x93, 0x76, 0xbb}}
+
+ ## Include/Guid/ProtectedVariable.h
+ # {a11a3652-875b-495a-b097-200917580b98}
+ gEdkiiProtectedVariableContextGuid = {0xa11a3652, 0x875b, 0x495a, {0xb0, 0x97, 0x20, 0x09, 0x17, 0x58, 0x0b, 0x98} }
+
[Ppis]
## The PPI GUID for that TPM physical presence should be locked.
# Include/Ppi/LockPhysicalPresence.h
@@ -242,6 +254,10 @@ [Ppis]
## Include/Ppi/Tcg.h
gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca, 0xc7, 0x17, 0x6c, 0xf1 } }
+ ## Key Service Ppi
+ # Include/Ppi/KeyServicePpi.h
+ gKeyServicePpiGuid = {0x583592f6, 0xEC34, 0x4CED, {0x8E, 0x81, 0xC8, 0xD1, 0x36, 0x93, 0x04, 0x27}}
+
#
# [Error.gEfiSecurityPkgTokenSpaceGuid]
# 0x80000001 | Invalid value provided.
@@ -325,6 +341,31 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00010032
+ ## Progress Code for variable integrity check result.<BR><BR>
+ # DEFAULT: (EFI_PERIPHERAL_FIXED_MEDIA | [EFI_STATUS&0xFF])
+ # @Prompt Status Code for variable integiry check result
+ gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity|0x01070000|UINT32|0x00010033
+
+ ## Null-terminated Unicode string of the Platform Variable Name
+ # @Prompt known unprotected variable name
+ gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName|L""|VOID*|0x00010034
+
+ ## Guid name to identify Platform Variable Guid
+ # @Prompt known unprotected variable guid
+ gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid|{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }|VOID*|0x00010035
+
+ ## Defines Protected Variable Integrity support.
+ # TRUE - Enable Protected Variable Integrity.<BR>
+ # FALSE - Disable Protected Variable Integrity.<BR>
+ # @Prompt Protected Variable Integrity support.
+ gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity|FALSE|BOOLEAN|0x00010036
+
+ ## Defines Protected Variable Confidentiality support.
+ # TRUE - Enable Protected Variable Confidentiality.<BR>
+ # FALSE - Disable Protected Variable Confidentiality.<BR>
+ # @Prompt Protected Variable Integrity support.
+ gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality|FALSE|BOOLEAN|0x00010037
+
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v1 02/28] SecurityPkg: Add new GUIDs
2022-03-25 23:21 [PATCH v1 02/28] SecurityPkg: Add new GUIDs Judah Vang
@ 2022-03-29 6:03 ` Wang, Jian J
0 siblings, 0 replies; 2+ messages in thread
From: Wang, Jian J @ 2022-03-29 6:03 UTC (permalink / raw)
To: Vang, Judah, devel@edk2.groups.io; +Cc: Yao, Jiewen, Mistry, Nishant C
Hi Judah,
The commit message is too simple to be useful for reviewers and developers.
Other patches have the same issue. Please add more descriptions to explain
the changes made in each patch (why and how).
Regards,
Jian
> -----Original Message-----
> From: Vang, Judah <judah.vang@intel.com>
> Sent: Saturday, March 26, 2022 7:21 AM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Mistry, Nishant C <nishant.c.mistry@intel.com>
> Subject: [PATCH v1 02/28] SecurityPkg: Add new GUIDs
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
>
> Add new GUIDs
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
> Signed-off-by: Judah Vang <judah.vang@intel.com>
> ---
> SecurityPkg/SecurityPkg.dec | 43 +++++++++++++++++++-
> 1 file changed, 42 insertions(+), 1 deletion(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index 9f7a032d60d5..ea88908ea7d2 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -5,7 +5,7 @@
> # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library
> classes)
> # and libraries instances, which are used for those features.
> #
> -# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR>
> # Copyright (c) Microsoft Corporation.<BR>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> @@ -217,6 +217,18 @@ [Guids]
> ## GUID used to specify section with default dbt content
> gDefaultdbtFileGuid = { 0x36c513ee, 0xa338, 0x4976, { 0xa0, 0xfb,
> 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } }
>
> + ## Include/Guid/ProtectedVariable.h
> + # {8EBF379A-F18E-4728-A410-00CF9A65BE91}
> + gEdkiiProtectedVariableGlobalGuid = { 0x8ebf379a, 0xf18e, 0x4728, { 0xa4,
> 0x10, 0x0, 0xcf, 0x9a, 0x65, 0xbe, 0x91 } }
> +
> + ## Include/Guid/ProtectedVariable.h
> + # {e3e890ad-5b67-466e-904f-94ca7e9376bb}
> + gEdkiiMetaDataHmacVariableGuid = {0xe3e890ad, 0x5b67, 0x466e, {0x90,
> 0x4f, 0x94, 0xca, 0x7e, 0x93, 0x76, 0xbb}}
> +
> + ## Include/Guid/ProtectedVariable.h
> + # {a11a3652-875b-495a-b097-200917580b98}
> + gEdkiiProtectedVariableContextGuid = {0xa11a3652, 0x875b, 0x495a, {0xb0,
> 0x97, 0x20, 0x09, 0x17, 0x58, 0x0b, 0x98} }
> +
> [Ppis]
> ## The PPI GUID for that TPM physical presence should be locked.
> # Include/Ppi/LockPhysicalPresence.h
> @@ -242,6 +254,10 @@ [Ppis]
> ## Include/Ppi/Tcg.h
> gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca,
> 0xc7, 0x17, 0x6c, 0xf1 } }
>
> + ## Key Service Ppi
> + # Include/Ppi/KeyServicePpi.h
> + gKeyServicePpiGuid = {0x583592f6, 0xEC34, 0x4CED, {0x8E, 0x81, 0xC8, 0xD1,
> 0x36, 0x93, 0x04, 0x27}}
> +
> #
> # [Error.gEfiSecurityPkgTokenSpaceGuid]
> # 0x80000001 | Invalid value provided.
> @@ -325,6 +341,31 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
>
>
> gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x0
> 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID
> *|0x00010032
>
> + ## Progress Code for variable integrity check result.<BR><BR>
> + # DEFAULT: (EFI_PERIPHERAL_FIXED_MEDIA | [EFI_STATUS&0xFF])
> + # @Prompt Status Code for variable integiry check result
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity|0x01070000|U
> INT32|0x00010033
> +
> + ## Null-terminated Unicode string of the Platform Variable Name
> + # @Prompt known unprotected variable name
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName|L""|VOID*|0x00010
> 034
> +
> + ## Guid name to identify Platform Variable Guid
> + # @Prompt known unprotected variable guid
> + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid|{ 0x00, 0x00, 0x00,
> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> 0x00 }|VOID*|0x00010035
> +
> + ## Defines Protected Variable Integrity support.
> + # TRUE - Enable Protected Variable Integrity.<BR>
> + # FALSE - Disable Protected Variable Integrity.<BR>
> + # @Prompt Protected Variable Integrity support.
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity|FALSE|BOOLEA
> N|0x00010036
> +
> + ## Defines Protected Variable Confidentiality support.
> + # TRUE - Enable Protected Variable Confidentiality.<BR>
> + # FALSE - Disable Protected Variable Confidentiality.<BR>
> + # @Prompt Protected Variable Integrity support.
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality|FALSE|BO
> OLEAN|0x00010037
> +
> [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> ## Image verification policy for OptionRom. Only following values are
> valid:<BR><BR>
> # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and
> has been removed.<BR>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-29 6:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-25 23:21 [PATCH v1 02/28] SecurityPkg: Add new GUIDs Judah Vang
2022-03-29 6:03 ` Wang, Jian J
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox