From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web11.980.1648250493117999131 for ; Fri, 25 Mar 2022 16:21:34 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=aInqk6KC; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: judah.vang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648250493; x=1679786493; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=FBEt02Chv3XuTTCgk10lcAQBXgD2pouJIKDmStS7ZdU=; b=aInqk6KC1KxnZxZdYzgV+pPKGxmb27ef1VDB1opAcu3lcaozvb0ychQ4 hdBQMnFGLxYSazjHwXizQCBxuoy7/S976F0hoQafOLVU8kxCLKAyK1JTh ppLhWJH1xhKhA9DGm6iv7vD7zdmUdIlF3QgFgwcgqG8iwF+fRNTVCcRnf LRqYsF0TKA1nxYTYFCqWYjMoEXkLugRdcae6SCFWx/tTcVW5hAWyLrIEj tU3mvnftWG4D5hVqWrCuQeGLy5hDq68DK5YrAqMYPDdKlYQdVLvx8Z9U8 DwVmvGMGycrgzih+auUeGifD6bJpevAhj0wD613m27EAGTbAgFMuge/PR w==; X-IronPort-AV: E=McAfee;i="6200,9189,10297"; a="238671957" X-IronPort-AV: E=Sophos;i="5.90,211,1643702400"; d="scan'208";a="238671957" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2022 16:21:32 -0700 X-IronPort-AV: E=Sophos;i="5.90,211,1643702400"; d="scan'208";a="638365454" Received: from jvang-mobl.amr.corp.intel.com ([10.212.95.18]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2022 16:21:32 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Nishant C Mistry Subject: [PATCH v1 02/28] SecurityPkg: Add new GUIDs Date: Fri, 25 Mar 2022 16:21:13 -0700 Message-Id: <20220325232113.1913-1-judah.vang@intel.com> X-Mailer: git-send-email 2.35.1.windows.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 Add new GUIDs Cc: Jian J Wang Cc: Jiewen Yao Cc: Nishant C Mistry Signed-off-by: Judah Vang --- SecurityPkg/SecurityPkg.dec | 43 +++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 9f7a032d60d5..ea88908ea7d2 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -5,7 +5,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) # and libraries instances, which are used for those features. # -# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent @@ -217,6 +217,18 @@ [Guids] ## GUID used to specify section with default dbt content gDefaultdbtFileGuid = { 0x36c513ee, 0xa338, 0x4976, { 0xa0, 0xfb, 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } } + ## Include/Guid/ProtectedVariable.h + # {8EBF379A-F18E-4728-A410-00CF9A65BE91} + gEdkiiProtectedVariableGlobalGuid = { 0x8ebf379a, 0xf18e, 0x4728, { 0xa4, 0x10, 0x0, 0xcf, 0x9a, 0x65, 0xbe, 0x91 } } + + ## Include/Guid/ProtectedVariable.h + # {e3e890ad-5b67-466e-904f-94ca7e9376bb} + gEdkiiMetaDataHmacVariableGuid = {0xe3e890ad, 0x5b67, 0x466e, {0x90, 0x4f, 0x94, 0xca, 0x7e, 0x93, 0x76, 0xbb}} + + ## Include/Guid/ProtectedVariable.h + # {a11a3652-875b-495a-b097-200917580b98} + gEdkiiProtectedVariableContextGuid = {0xa11a3652, 0x875b, 0x495a, {0xb0, 0x97, 0x20, 0x09, 0x17, 0x58, 0x0b, 0x98} } + [Ppis] ## The PPI GUID for that TPM physical presence should be locked. # Include/Ppi/LockPhysicalPresence.h @@ -242,6 +254,10 @@ [Ppis] ## Include/Ppi/Tcg.h gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca, 0xc7, 0x17, 0x6c, 0xf1 } } + ## Key Service Ppi + # Include/Ppi/KeyServicePpi.h + gKeyServicePpiGuid = {0x583592f6, 0xEC34, 0x4CED, {0x8E, 0x81, 0xC8, 0xD1, 0x36, 0x93, 0x04, 0x27}} + # # [Error.gEfiSecurityPkgTokenSpaceGuid] # 0x80000001 | Invalid value provided. @@ -325,6 +341,31 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00010032 + ## Progress Code for variable integrity check result.

+ # DEFAULT: (EFI_PERIPHERAL_FIXED_MEDIA | [EFI_STATUS&0xFF]) + # @Prompt Status Code for variable integiry check result + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity|0x01070000|UINT32|0x00010033 + + ## Null-terminated Unicode string of the Platform Variable Name + # @Prompt known unprotected variable name + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName|L""|VOID*|0x00010034 + + ## Guid name to identify Platform Variable Guid + # @Prompt known unprotected variable guid + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid|{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }|VOID*|0x00010035 + + ## Defines Protected Variable Integrity support. + # TRUE - Enable Protected Variable Integrity.
+ # FALSE - Disable Protected Variable Integrity.
+ # @Prompt Protected Variable Integrity support. + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity|FALSE|BOOLEAN|0x00010036 + + ## Defines Protected Variable Confidentiality support. + # TRUE - Enable Protected Variable Confidentiality.
+ # FALSE - Disable Protected Variable Confidentiality.
+ # @Prompt Protected Variable Integrity support. + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality|FALSE|BOOLEAN|0x00010037 + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Image verification policy for OptionRom. Only following values are valid:

# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.
-- 2.26.2.windows.1