From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web09.2145.1652348007746805014 for ; Thu, 12 May 2022 02:33:28 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=GQNWW5F5; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jian.j.wang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652348007; x=1683884007; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=8yiNLhlstLpPh4hm/o//p+HvsN1A9cpFsdolWkmV1vs=; b=GQNWW5F5MMgNmYY/zQzhv5SLTxXhEcASnErzn+srSbb5gEMSj2Fj0tOn hSMWOYXWbaxFS3K1LxRvAKvaavjAZLuw5qMFS5/kChc97hV2/ucj20Uhc xwsL8GyabacgNislUVlQxpJGvwrMkgckihdRGC1FRJwZnChbCg5uCzW0P rtt4lt8+9cuQCW2L5si+OwMf1zNPOdXou3tWZFtFB0/i0KTJ/6TMgU+Ty w3qFkfWskR56SW3HVv1HY5pPktLk5GUaYR3IU7rZJcpd+bRBwwisX8LJJ X1pCGLAumZUyWXVfZX6avJgvmryCbbwaqcSKccu/VwQre74BTMQeCwC3v Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10344"; a="257496693" X-IronPort-AV: E=Sophos;i="5.91,219,1647327600"; d="scan'208";a="257496693" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2022 02:33:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,219,1647327600"; d="scan'208";a="670778661" Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84]) by fmsmga002.fm.intel.com with ESMTP; 12 May 2022 02:33:26 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 12 May 2022 02:33:26 -0700 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 12 May 2022 02:33:25 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Thu, 12 May 2022 02:33:25 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.102) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Thu, 12 May 2022 02:33:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mIINpGIp5TBV5uFXgxy0yrQmRUnetyUfNHshcNkpXWRQJkypCcxOPCFjGJOBdiTtK+VmacOCzXzEJgKrcb3xw36E6AlJojEnDHsSkdWh9O6DUfOmIZr3MnQeROB9J2e+mwygf+Za4hsEcfKfjgAnGo4850orGCYmI4HnZ2xm8jItkiPHX/wu+zcE082fbJa8B3Go6Rjb8U0JEvO3aOEukFOwtPhWAUp+XOUlJ4Ai8HkzD8/lWzFPuU4wkv7G48dLFoLsgMoc1HKN+/DOgCCcahjW+rQWsyUJh59MQHCvM8gvOQCAGRsLlpORAlyQJrMQ4hYLsFwoSu/NXki4TZJPRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=COALy363Zk+1RErij38psF3v9ipQvVivsGW+2jG6DZI=; b=ZRsMhoaPu6zKOzXN4B28kbznEAnFYudnO0yGFjfeIikFs0GOSW80ETU2+jSojtuyi0TdLpSYuNWlCvU5xAHpsXu3dMqxH/QHbbwPlJ775I3VAmkIZDQ1s5i54k1nHA+hnyACA2p2g1nmb7pyfS4JaiQ4ZWyJ/Y5KGg5H3PMzLC3SEE+EoUs6fq0LJazJro4AuaA3W5/ETYgCWOS3tUbuGQA4DbITC7J0YxV+2F2oK2MZk5CagKwcpZ4AI3kVg5kYzh71qZQFSGzzge36Tyf8h94Fqrvqjh6QRLkKDnUXNPU3PL9Uf4EVr1khnaG+F92NNtApExA1YnrTNtVJF3FR2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from CO1PR11MB4945.namprd11.prod.outlook.com (2603:10b6:303:9c::8) by BY5PR11MB4085.namprd11.prod.outlook.com (2603:10b6:a03:18d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.20; Thu, 12 May 2022 09:33:19 +0000 Received: from CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::8446:b1e5:5d0e:aa88]) by CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::8446:b1e5:5d0e:aa88%5]) with mapi id 15.20.5250.013; Thu, 12 May 2022 09:33:19 +0000 From: "Wang, Jian J" To: "Vang, Judah" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Mistry, Nishant C" Subject: Re: [Patch v2 02/28] SecurityPkg: Add new GUIDs for Thread-Topic: [Patch v2 02/28] SecurityPkg: Add new GUIDs for Thread-Index: AQHYW/O0jqWpvR7OEE+I9BsUcp6BYa0bDq9w Date: Thu, 12 May 2022 09:33:19 +0000 Message-ID: References: <20220429180430.3292-1-judah.vang@intel.com> <20220429180430.3292-3-judah.vang@intel.com> In-Reply-To: <20220429180430.3292-3-judah.vang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.401.20 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 272c0791-4089-4336-1754-08da33fa7321 x-ms-traffictypediagnostic: BY5PR11MB4085:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: VtWcPvMwFDcsBTa6HBs1QlXYjclmScCg+AGwHW2By8XTc9VnqJj7utTw7CUgfotloEGntHpcHQfqNGNjBAQHHO7RDkLTr+RhZ3DR8GRFRyhizpQ90lZm5TWuGNCdk/RYYWvMDySiZeY0btvX9qYoGDc6Vq23/RADXOzypyFt7S3jk96BkNLvD+whPeQp/5efFn9WYh94XirXRGK6zUo9PYc7RwPPxZwJazuUEa50CBstFlSrtASjFXouIe5Prxdc4N8bypumKaN2qlg5gKjDbKEhYYVaB1VoUfz2mTRJtEmKg4yqXUoTGm2t+bO5JUMkVUjZambOqBMlBDDMXModgqg/1A4IcUDEfzLGBGxR07yIaNgjlWtTwvm6Jvfq/uG2frLi6kdPalzz1OKJN/AO5xRlAdPOqKlJv13GUGodB6dOMijcyuxMEVIn5mJdA+dtRNvPEbEao2xTIRyjb7MBgE1WAczcezfS4ZYeoVXoYoiQjXmG1nlWY7PI8RxBlDoKLmLecwetotwg1rApFr4vUnYWCRCcmSyHFALw/+ON0SWeA+pjbzBjafbl33y+9V3Ax8tvfAdePN8uk03bVd0ZPe5zAkASGZrCulRBg2PwMazfaHUbC+2VAwaXhDlcUoq9pVyt8/21FbMqKkT3X+kJYxxXYjRn35u+BLQTWDfitdzKCDBTFWiTnuONr+MINftGmoSkIZjXcrEG9jKn9Pw8V5u6ir/Kggkzj42S/rQsJ2OzS1kjWfqR2Wj7CzpfCc9abZy1qJcY8YpOjNaKioK9R4mNFSDD4TZklk3d0Dz2kQNoFqdZC+KNpRupghMWeFHvekJJU6pejynQG9x8VPx3ZA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4945.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(52536014)(9686003)(107886003)(55016003)(5660300002)(33656002)(7696005)(66946007)(6506007)(53546011)(26005)(186003)(2906002)(66446008)(66476007)(4326008)(76116006)(45080400002)(64756008)(54906003)(8676002)(66556008)(71200400001)(122000001)(38070700005)(83380400001)(8936002)(86362001)(15650500001)(966005)(508600001)(82960400001)(38100700002)(316002)(110136005)(14943795004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Rtv/bxO+tYMOfgbM6v5KzYRE/EfNbmCtJ4wzvCViD+AlQDFjhzXiJd+Jo+Lm?= =?us-ascii?Q?+iNkhr9cBfRw0rSow5I8rU8ch6o6t/9iSZWKhfKxtU3UfGb4nD+e8yOed8Cc?= =?us-ascii?Q?Ez860aLVwWFdb4wKZK/OgD4w5wdvlXlU8J5KTObUCiqCgNwhqXD1aKQ1WUdR?= =?us-ascii?Q?bk05lnLcyLxDFcKe5F5QwH48R6+sJu0xdiLDqBNLz6/GTLiTDISE1B4iWzAw?= =?us-ascii?Q?STHcGfjsRBXj15bat1wfz2Cl053kconhQl/Rs6X6fNZ9qY4HoyrtZlO6fuuP?= =?us-ascii?Q?JNMTmdBEJ4mhOoSVYKk9FUvlZe1Z9T7WHaD9BdYrEY274kgzHAFwtvWVT/fx?= =?us-ascii?Q?2hT+lMEWe8r/VX8Pmzi8XdCNLyT8wbIsqQSOR6Jo73prjg2SCbCXiUdzoi3z?= =?us-ascii?Q?ZoK0PyT70j5AppqH0Ph+o8sJw68wma2C08AQ/EYjgMfoNOlxnK0QeQl/Ji43?= =?us-ascii?Q?MJoKQzI/Cu1rdOYRZKKGnO3IMzicuEy3HRoUDZWU+wPwkiABfJbTZa/ovCnU?= =?us-ascii?Q?w5FR4nYy2dTCptRY5fPoRTvSY+3dLVSg9kn5dfXVfUy2/a+ohnQnhKSaOo9Z?= =?us-ascii?Q?jhsGFOwggvW3mnYtCWXQGWZp7BU47kvuGjhbNVr5blDNf6WZx7VwBOI7/m/w?= =?us-ascii?Q?/g/hdJyDOEzg1RXuoAuhaLtfy/CTAYRrl8jtRauU2zyio0vTkZD9E2EC+zou?= =?us-ascii?Q?9//BMIxxUnZYGoGfg+opqIER75fi/YXp/FOJY8wplBL/B01SB8VY0mhj+suS?= =?us-ascii?Q?GePL7HqkRj/73YnafvIhQmTQmevc/NDdFmq9ZIc44Kb+e38Xxg8wZAQv2QDe?= =?us-ascii?Q?8tOOlr1SvIJUZSa91o9uurEYu8PqxRczqacKWRajnVOMvPM+ihfsnHdI88bJ?= =?us-ascii?Q?gGnFjZQ+YFNZAi/1lBtsJLKLBhpnPTrtRbJXDxEJ8X1IaFnaGn/29nCR4HL7?= =?us-ascii?Q?0Ow9ZVpyNisPerMlrdQT/dQrB+qPxr6CYovK30/e60UEcuqpQNtFHQHLB45d?= =?us-ascii?Q?QS1LUGX1UO6a/nn47MQQg3JT84D4fJAowH5gF54IJn/jt9FT8XK+IL69CicG?= =?us-ascii?Q?wVjbJtPTulWPW6/bwGmGWxOUqHxX/Ig+Fs5aB/y5LrstIgWhtLxgLjPyYNVI?= =?us-ascii?Q?qMTC5m3sHKNdsYsOG1VqYQvzzs4buCfU7p7ziK6+09U+BZAM4Qlg1jeF0tGf?= =?us-ascii?Q?aNK1MyX0egasF4o9aNJZ7w/iX3GXDRJJ0H8FCCJ0sLrP9Pq6h0TI37QNKkLK?= =?us-ascii?Q?zvMlJ+cSCYJ10lFHOwtl6PGYbFty18pDQJRn8gnaM7RSEC1QeFafK1xX5Ksh?= =?us-ascii?Q?o7b0iDs0NhvL5mvR32skn91Ig8g+Znp0NeusLyA4zUhSZcsobqVanB7ZiC7U?= =?us-ascii?Q?iK+AWremec0JONF+GyrxmBdr7sTK14NM0X3pjZv9OZEfqhCfGwqWR5IVjL2B?= =?us-ascii?Q?3JD1yDQH+NoUx/+zIv6kkf8lgH7gMRbeylHi/0lQ8uhry7DWOY7/q5j72JAZ?= =?us-ascii?Q?i/64xYo6hQXs4tc95PlMEZuj0jezlLqu83Gj6mXC5gN7vT0CN+Xfl8WlZVdz?= =?us-ascii?Q?yjFoRwoxKf0usFvaqXCoLPbO8OA+5tEIGz0G2MfhxLC6wpi4cID/z2rmeb4g?= =?us-ascii?Q?WGxGCla3bpZ5cABiEm58vz7eo4P8kvECFhXE9sRUBPFk7rUxOIczmCqahGYJ?= =?us-ascii?Q?oRqx5hPug6xhtGb0I7L7vHSsQS0wCYpHg+PLnoG7GqF8pCFuLeY4R+4GiGQo?= =?us-ascii?Q?w4RpSEUYKw=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4945.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 272c0791-4089-4336-1754-08da33fa7321 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 May 2022 09:33:19.2423 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ejCJ6F/HmaZsiCPagpYSiSL++aaL7aZ9J3rlGOFrn+s3Y1TsFrRTbxDWyXcVJbyIPYqW9BnVHQcny6JnKJWl7A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4085 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Vang, Judah > Sent: Saturday, April 30, 2022 2:04 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Yao, Jiewen ; > Mistry, Nishant C > Subject: [Patch v2 02/28] SecurityPkg: Add new GUIDs for >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 >=20 > The gEdkiiProtectedVariableGlobalGuid HOB contains the global > configuration data structure which is verified in PEI Phase. > The gEdkiiMetaDataHmacVariableGuid is used for saving the > meta data HMAC variable. > The gEdkiiProtectedVariableContextGuid contains the Protected > Variable context saved in PEI phase to be used later. >=20 > Cc: Jian J Wang > Cc: Jiewen Yao > Cc: Nishant C Mistry > Signed-off-by: Jian J Wang > Signed-off-by: Nishant C Mistry > Signed-off-by: Judah Vang > --- > SecurityPkg/SecurityPkg.dec | 43 +++++++++++++++++++- > 1 file changed, 42 insertions(+), 1 deletion(-) >=20 > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 9f7a032d60d5..ea88908ea7d2 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -5,7 +5,7 @@ > # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and l= ibrary > classes) > # and libraries instances, which are used for those features. > # > -# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
> +# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> # Copyright (c) Microsoft Corporation.
> # SPDX-License-Identifier: BSD-2-Clause-Patent > @@ -217,6 +217,18 @@ [Guids] > ## GUID used to specify section with default dbt content > gDefaultdbtFileGuid =3D { 0x36c513ee, 0xa338, 0x4976, {= 0xa0, 0xfb, > 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } } >=20 > + ## Include/Guid/ProtectedVariable.h > + # {8EBF379A-F18E-4728-A410-00CF9A65BE91} > + gEdkiiProtectedVariableGlobalGuid =3D { 0x8ebf379a, 0xf18e, 0x4728, { = 0xa4, > 0x10, 0x0, 0xcf, 0x9a, 0x65, 0xbe, 0x91 } } > + > + ## Include/Guid/ProtectedVariable.h > + # {e3e890ad-5b67-466e-904f-94ca7e9376bb} > + gEdkiiMetaDataHmacVariableGuid =3D {0xe3e890ad, 0x5b67, 0x466e, {0x90, > 0x4f, 0x94, 0xca, 0x7e, 0x93, 0x76, 0xbb}} > + > + ## Include/Guid/ProtectedVariable.h > + # {a11a3652-875b-495a-b097-200917580b98} > + gEdkiiProtectedVariableContextGuid =3D {0xa11a3652, 0x875b, 0x495a, {0= xb0, > 0x97, 0x20, 0x09, 0x17, 0x58, 0x0b, 0x98} } > + > [Ppis] > ## The PPI GUID for that TPM physical presence should be locked. > # Include/Ppi/LockPhysicalPresence.h > @@ -242,6 +254,10 @@ [Ppis] > ## Include/Ppi/Tcg.h > gEdkiiTcgPpiGuid =3D {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, = 0xca, > 0xc7, 0x17, 0x6c, 0xf1 } } >=20 > + ## Key Service Ppi > + # Include/Ppi/KeyServicePpi.h > + gKeyServicePpiGuid =3D {0x583592f6, 0xEC34, 0x4CED, {0x8E, 0x81, 0xC8,= 0xD1, > 0x36, 0x93, 0x04, 0x27}} > + > # > # [Error.gEfiSecurityPkgTokenSpaceGuid] > # 0x80000001 | Invalid value provided. > @@ -325,6 +341,31 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] >=20 >=20 > gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x0 > 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID > *|0x00010032 >=20 > + ## Progress Code for variable integrity check result.

> + # DEFAULT: (EFI_PERIPHERAL_FIXED_MEDIA | [EFI_STATUS&0xFF]) > + # @Prompt Status Code for variable integiry check result > + > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity|0x01070000|U > INT32|0x00010033 > + > + ## Null-terminated Unicode string of the Platform Variable Name > + # @Prompt known unprotected variable name > + > gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName|L""|VOID*|0x00010 > 034 > + > + ## Guid name to identify Platform Variable Guid > + # @Prompt known unprotected variable guid > + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid|{ 0x00, 0x00, 0x= 00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00 }|VOID*|0x00010035 > + > + ## Defines Protected Variable Integrity support. > + # TRUE - Enable Protected Variable Integrity.
> + # FALSE - Disable Protected Variable Integrity.
> + # @Prompt Protected Variable Integrity support. > + > gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity|FALSE|BOOLEA > N|0x00010036 > + > + ## Defines Protected Variable Confidentiality support. > + # TRUE - Enable Protected Variable Confidentiality.
> + # FALSE - Disable Protected Variable Confidentiality.
> + # @Prompt Protected Variable Integrity support. > + > gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality|FALSE|B= O > OLEAN|0x00010037 > + > [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] > ## Image verification policy for OptionRom. Only following values are > valid:

> # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specificati= on and > has been removed.
> -- > 2.35.1.windows.2