From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Vang, Judah" <judah.vang@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
"Mistry, Nishant C" <nishant.c.mistry@intel.com>
Subject: Re: [Patch v2 02/28] SecurityPkg: Add new GUIDs for
Date: Thu, 12 May 2022 09:33:19 +0000 [thread overview]
Message-ID: <CO1PR11MB49451FBA66735EEB03FE3032B6CB9@CO1PR11MB4945.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20220429180430.3292-3-judah.vang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Vang, Judah <judah.vang@intel.com>
> Sent: Saturday, April 30, 2022 2:04 AM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Mistry, Nishant C <nishant.c.mistry@intel.com>
> Subject: [Patch v2 02/28] SecurityPkg: Add new GUIDs for
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
>
> The gEdkiiProtectedVariableGlobalGuid HOB contains the global
> configuration data structure which is verified in PEI Phase.
> The gEdkiiMetaDataHmacVariableGuid is used for saving the
> meta data HMAC variable.
> The gEdkiiProtectedVariableContextGuid contains the Protected
> Variable context saved in PEI phase to be used later.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
> Signed-off-by: Judah Vang <judah.vang@intel.com>
> ---
> SecurityPkg/SecurityPkg.dec | 43 +++++++++++++++++++-
> 1 file changed, 42 insertions(+), 1 deletion(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index 9f7a032d60d5..ea88908ea7d2 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -5,7 +5,7 @@
> # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library
> classes)
> # and libraries instances, which are used for those features.
> #
> -# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR>
> # Copyright (c) Microsoft Corporation.<BR>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> @@ -217,6 +217,18 @@ [Guids]
> ## GUID used to specify section with default dbt content
> gDefaultdbtFileGuid = { 0x36c513ee, 0xa338, 0x4976, { 0xa0, 0xfb,
> 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } }
>
> + ## Include/Guid/ProtectedVariable.h
> + # {8EBF379A-F18E-4728-A410-00CF9A65BE91}
> + gEdkiiProtectedVariableGlobalGuid = { 0x8ebf379a, 0xf18e, 0x4728, { 0xa4,
> 0x10, 0x0, 0xcf, 0x9a, 0x65, 0xbe, 0x91 } }
> +
> + ## Include/Guid/ProtectedVariable.h
> + # {e3e890ad-5b67-466e-904f-94ca7e9376bb}
> + gEdkiiMetaDataHmacVariableGuid = {0xe3e890ad, 0x5b67, 0x466e, {0x90,
> 0x4f, 0x94, 0xca, 0x7e, 0x93, 0x76, 0xbb}}
> +
> + ## Include/Guid/ProtectedVariable.h
> + # {a11a3652-875b-495a-b097-200917580b98}
> + gEdkiiProtectedVariableContextGuid = {0xa11a3652, 0x875b, 0x495a, {0xb0,
> 0x97, 0x20, 0x09, 0x17, 0x58, 0x0b, 0x98} }
> +
> [Ppis]
> ## The PPI GUID for that TPM physical presence should be locked.
> # Include/Ppi/LockPhysicalPresence.h
> @@ -242,6 +254,10 @@ [Ppis]
> ## Include/Ppi/Tcg.h
> gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca,
> 0xc7, 0x17, 0x6c, 0xf1 } }
>
> + ## Key Service Ppi
> + # Include/Ppi/KeyServicePpi.h
> + gKeyServicePpiGuid = {0x583592f6, 0xEC34, 0x4CED, {0x8E, 0x81, 0xC8, 0xD1,
> 0x36, 0x93, 0x04, 0x27}}
> +
> #
> # [Error.gEfiSecurityPkgTokenSpaceGuid]
> # 0x80000001 | Invalid value provided.
> @@ -325,6 +341,31 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
>
>
> gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x0
> 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID
> *|0x00010032
>
> + ## Progress Code for variable integrity check result.<BR><BR>
> + # DEFAULT: (EFI_PERIPHERAL_FIXED_MEDIA | [EFI_STATUS&0xFF])
> + # @Prompt Status Code for variable integiry check result
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity|0x01070000|U
> INT32|0x00010033
> +
> + ## Null-terminated Unicode string of the Platform Variable Name
> + # @Prompt known unprotected variable name
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName|L""|VOID*|0x00010
> 034
> +
> + ## Guid name to identify Platform Variable Guid
> + # @Prompt known unprotected variable guid
> + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid|{ 0x00, 0x00, 0x00,
> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> 0x00 }|VOID*|0x00010035
> +
> + ## Defines Protected Variable Integrity support.
> + # TRUE - Enable Protected Variable Integrity.<BR>
> + # FALSE - Disable Protected Variable Integrity.<BR>
> + # @Prompt Protected Variable Integrity support.
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity|FALSE|BOOLEA
> N|0x00010036
> +
> + ## Defines Protected Variable Confidentiality support.
> + # TRUE - Enable Protected Variable Confidentiality.<BR>
> + # FALSE - Disable Protected Variable Confidentiality.<BR>
> + # @Prompt Protected Variable Integrity support.
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality|FALSE|BO
> OLEAN|0x00010037
> +
> [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> ## Image verification policy for OptionRom. Only following values are
> valid:<BR><BR>
> # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and
> has been removed.<BR>
> --
> 2.35.1.windows.2
next prev parent reply other threads:[~2022-05-12 9:33 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-29 18:04 [Patch v2 00/28] UEFI variable protection Judah Vang
2022-04-29 18:04 ` [Patch v2 01/28] MdeModulePkg: Add new GUID for Variable Store Info Judah Vang
2022-05-12 9:32 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 02/28] SecurityPkg: Add new GUIDs for Judah Vang
2022-05-12 9:33 ` Wang, Jian J [this message]
2022-04-29 18:04 ` [Patch v2 03/28] MdeModulePkg: Update AUTH_VARIABLE_INFO struct Judah Vang
2022-05-12 9:33 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 04/28] MdeModulePkg: Add reference to new Ppi Guid Judah Vang
2022-05-12 9:32 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 05/28] MdeModulePkg: Add new ProtectedVariable GUIDs Judah Vang
2022-05-12 9:32 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 06/28] MdeModulePkg: Add new include files Judah Vang
2022-05-12 9:31 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 07/28] MdeModulePkg: Add Null ProtectedVariable Library Judah Vang
2022-05-22 8:38 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 08/28] MdeModulePkg: Add new Variable functionality Judah Vang
2022-05-22 10:24 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 09/28] MdeModulePkg: Add support for Protected Variables Judah Vang
2022-05-22 14:03 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 10/28] SecurityPkg: Add new KeyService types and defines Judah Vang
2022-05-22 14:06 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 11/28] SecurityPkg: Update RPMC APIs with index Judah Vang
2022-05-22 14:07 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 12/28] SecurityPkg: Add new variable types and functions Judah Vang
2022-05-22 14:12 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 13/28] SecurityPkg: Fix GetVariableKey API Judah Vang
2022-05-22 14:15 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 14/28] SecurityPkg: Add null encryption variable libs Judah Vang
2022-05-22 14:20 ` Wang, Jian J
2022-04-29 18:04 ` [Patch v2 15/28] SecurityPkg: Add VariableKey library function Judah Vang
2022-04-29 18:04 ` [Patch v2 16/28] SecurityPkg: Add EncryptionVariable lib with AES Judah Vang
2022-04-29 18:04 ` [Patch v2 17/28] SecurityPkg: Add Protected Variable Services Judah Vang
2022-04-29 18:04 ` [Patch v2 18/28] MdeModulePkg: Reference Null ProtectedVariableLib Judah Vang
2022-04-29 18:04 ` [Patch v2 19/28] SecurityPkg: Add references to new *.inf files Judah Vang
2022-04-29 18:04 ` [Patch v2 20/28] ArmVirtPkg: Add reference to ProtectedVariableNull Judah Vang
2022-05-03 7:29 ` Ard Biesheuvel
2022-04-29 18:04 ` [Patch v2 21/28] UefiPayloadPkg: Add ProtectedVariable reference Judah Vang
2022-04-29 21:03 ` Guo Dong
2022-04-29 18:04 ` [Patch v2 22/28] EmulatorPkg: " Judah Vang
2022-04-29 18:04 ` [Patch v2 23/28] OvmfPkg: " Judah Vang
2022-04-29 18:04 ` [Patch v2 24/28] OvmfPkg: Add ProtectedVariableLib reference Judah Vang
2022-04-29 18:04 ` [Patch v2 25/28] " Judah Vang
2022-04-29 18:04 ` [Patch v2 26/28] " Judah Vang
2022-04-29 18:04 ` [Patch v2 27/28] OvmfPkg: Add ProtectedVariable reference Judah Vang
2022-05-03 7:30 ` [edk2-devel] " Ard Biesheuvel
2022-04-29 18:04 ` [Patch v2 28/28] CryptoPkg: Enable cypto HMAC KDF library Judah Vang
2022-05-17 2:48 ` [edk2-devel] [Patch v2 00/28] UEFI variable protection Michael Kubacki
[not found] ` <16EFC4965F71DFB8.20068@groups.io>
2022-06-16 19:13 ` Michael Kubacki
2022-08-23 3:35 ` Michael Kubacki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO1PR11MB49451FBA66735EEB03FE3032B6CB9@CO1PR11MB4945.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox