From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web09.3442.1648533820978652083 for ; Mon, 28 Mar 2022 23:03:41 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=PkMsZ/1J; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jian.j.wang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648533821; x=1680069821; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ndXc88pZtgUF66tWN7Rsw69Jj0AwaZlQGW+E/sZEsj4=; b=PkMsZ/1JxDicxjDCF231I8jeMTe1WB910qhVZnCwdwX/3WgUnWBNzdbk lMH3MpR0eiYlSTqKmDaNB13uoVHfisnK7aN3wG+ugi8xC+drc/m6/uB5N zOVJbHPSsYLMkXWrTAdLx3JDaB5XbWwy0lc6hrpDXgFq5d+l1xi5kNyoC 3OFJ+Dj50p5MqrLM2cYXgtSu0SNDsVhUY98NJYeakXRqo9+1nONWJf6eF yulNWAcqHDv6wAMg8ODsBaxvlUFR/NTbT5AKVBBCZsIZOYRVuj0l2WVAr DrRxAiYrEy/dph7SRansOwwVDNshXEEmBQMuvLtQmrwiI+lIps9U1N8Xd A==; X-IronPort-AV: E=McAfee;i="6200,9189,10300"; a="258885058" X-IronPort-AV: E=Sophos;i="5.90,219,1643702400"; d="scan'208";a="258885058" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Mar 2022 23:03:40 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,219,1643702400"; d="scan'208";a="585450372" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga001.jf.intel.com with ESMTP; 28 Mar 2022 23:03:40 -0700 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 28 Mar 2022 23:03:39 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Mon, 28 Mar 2022 23:03:39 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.176) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Mon, 28 Mar 2022 23:03:39 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X+bqHTCKjS4oapp2ZP2lBi+zPg1V9BfwsDYe4wkpodfd1GnKB5Fl/VdT0wdGVsehPZUfpW0sxV2SpvT4T1gD3lvsfmDwIajTfrjCAcfGEcVUMT89ACcjigrBfEH8oF3OnGQE4YKtc6kPIEXBsfGrVIjJKmNK0xi72LsSTZ7gvnuofu+P6RiRUHrx0EGPUI/UTxA6JD9cwNJ/JNtBICfn2RV4MRJBwzUJFKW5uYHzk/NTKXDI1d5/JWLLAIPOZ/ViEIQKawn76LEfJz1uPrC5qBU1fkDWjvmvigjccJ3cQHnuKK+VHi7M2cQDLc7NUkhRYPosVnWpWg/tdeMTHy20lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BVNVa3EH1iigqPjzRoQTTzM8SpfRSYs1WGgVWp8M4IA=; b=BCC4Ldk613DGPP95nLyaQS94xCc9VdFobJRsP+wwNwoh5gvv6b7C7r4xgelVu4jqXACinUehHjjwQjHQnAoky5I0YJ6OCWQ7x1yco1yEYgcoQfDlVUD091cZkO3XodkhTBlOEPffzvsolGbWE76T9vfQh64LUsAD/rLRulzwIJLndoV7NpbHiOSv2tFAGYRpS7NFP0NpyVw5mhn2yrmykGjUcXDP1GC3rY+a3Xhqhfsj9kqGd755/V3INzd5hSNaO+d3B3cVcPoev626qhrt6PRwLpataRutnNiR5VibAyTUGyKKgsrOeksYy0IFGhS4R3g3deqSGHDPI9Odx0GWqA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from CO1PR11MB4945.namprd11.prod.outlook.com (2603:10b6:303:9c::8) by CY4PR11MB1608.namprd11.prod.outlook.com (2603:10b6:910:e::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.22; Tue, 29 Mar 2022 06:03:32 +0000 Received: from CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::38c4:36d2:b3c1:5a09]) by CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::38c4:36d2:b3c1:5a09%6]) with mapi id 15.20.5102.023; Tue, 29 Mar 2022 06:03:32 +0000 From: "Wang, Jian J" To: "Vang, Judah" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Mistry, Nishant C" Subject: Re: [PATCH v1 02/28] SecurityPkg: Add new GUIDs Thread-Topic: [PATCH v1 02/28] SecurityPkg: Add new GUIDs Thread-Index: AQHYQJ8U/K6s8xic2E+30ZGZR8L5xqzV4vIg Date: Tue, 29 Mar 2022 06:03:32 +0000 Message-ID: References: <20220325232113.1913-1-judah.vang@intel.com> In-Reply-To: <20220325232113.1913-1-judah.vang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.401.20 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1adb4c01-818b-4d67-2de4-08da1149dadf x-ms-traffictypediagnostic: CY4PR11MB1608:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 5m5FUA82g4JBbHwmrMc9PW0XNBlmy84d9uTyY9RyWVAo6dUSJMiJws8cFV4wBUmL8jJEAZTTtuWX5nY3quSs1JnIM08Xqgq7Kq6pRVbMvT4/RBAE9EPJJWPsSpzXbT4ZntfTEjGmI7/TRG21YwVgqyRNQ0Bb1JTHDSE40kSBPEImpfbKPXRqdZpUTlKxXByIprXxo40Ogt1TxDZPdww7cZAD0bEbPMoH8+tXXXI89TvrgcpTpMlNHhpotbwuLMpIEe9XUKFf2MW+g930MN2IAc0IBTQHAaJCAg/fzIoDJhyhnImaHVtuaSTpNVPyFDcG86p2sdi5iUTTzHHA9BBZeBA7f9SXxkGwF6ZUFq1Ce05X8+YCVuU/p7uedfreV/d8E4lueWYXcunmeC16zdVODzhrmdu29jSzA1d0kAmrf/Mw6+jl9WG9KDKiLF/JXEoq7nvsYvXwQFfSqhvOu59GYKm/sJ2bvbh0dbYIq/6ZqubdSE5+RcM4y1sN7xugIpQDgbZkLwlWgbkXYA9cPFe/PCo48ig3bKXpWyJP9Wizl19SBdnKoc+tFt5Ne91dJsCxcjTBULOun5OV6kMlOIdCTt56FxjN/iTgM5TyJ5AGnWSJkTrIIx+vqYYIs+/ANMuw+0Hwnmab/XG2BNFo17JiCh1tGqNka2TFMg3XY7fUfuM/gXM8aXhXr99pkqimi2GTGt+aVoOrarMRgNwZlrlQQE0wZRe9zG/5PoheE9kMBq/lyc0Pigp1Jpyr1qN5eZiqnA45bdrCE/00G2jezSwqV0dgIiPl3SRxYA66I2//TxYJ8a1ZQH1bsVu0/WC2JXeqMQOELNNXKX3zGZGvCKrL8w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4945.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(508600001)(86362001)(83380400001)(4326008)(966005)(107886003)(316002)(26005)(186003)(71200400001)(55016003)(38070700005)(33656002)(6506007)(7696005)(76116006)(66946007)(53546011)(8936002)(45080400002)(2906002)(52536014)(82960400001)(122000001)(64756008)(66556008)(66476007)(66446008)(8676002)(38100700002)(54906003)(15650500001)(5660300002)(110136005)(9686003)(14943795004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?VFI/tQ5qsEkNC5l2B9XVZbRMGRyKnudML+I8SiiV133UEcsIMLih25oX5AOT?= =?us-ascii?Q?hhXE3JR0s/DA3wf7alLKaB5fj7wywuqsfNDZ32A2iRilheXQHvhw7TW62py7?= =?us-ascii?Q?0m+bsMWAhzPPSB1mTzKUH5TKREvL0JTSOTXAzFrTu5ts08Xxr0tiMlLgO8ou?= =?us-ascii?Q?LwCdFgM0nOVXepLQGASGtUZa4KlYSwFdlmkCviB7EVoo1qA+fZGq5k9Nfjtx?= =?us-ascii?Q?1tiJUADRrSW2VkHACeVjTSJ1BEoEFXnI3Pc0vLRrb2YYzIKHyCyVlELPmrPS?= =?us-ascii?Q?qroHgPENgQHhq626y0sHKhXg9aXo/8a1WEtAESNOaugvldTujjo0LuzgEt8J?= =?us-ascii?Q?sQKXdO4GYgH2p8pKRltLoWZq5t0qgGx1dFGAlCbA/15OW90wg1TmcrZty/hJ?= =?us-ascii?Q?Ts2BqYbh8vIFz8ceAKPcvSS+BmEW4OXqXqPcnmQytPnJWYFfMh7Z9OzAm6Fq?= =?us-ascii?Q?LMvNwhGXm6rnmrpN66J2plYd4mx64c/tjiH52ezX3nGCjfL6vijxzd1jupXz?= =?us-ascii?Q?uPOc/erBrSw5AoZ4y6NXWf0kKPpCxGYDwFRRMzHCBCOb27utQCTqvLygeKE3?= =?us-ascii?Q?LuDVdwLWotypU612+msVjXdp8qIUX5ZxqkeYYf1pEO4P+wAwXmGK3e07HgiE?= =?us-ascii?Q?t39ozILrsb/4hZsSszLmT/NtTU9WUd9tthsfIknFHqyPWGdquIUExX0mTMtL?= =?us-ascii?Q?0HcqAHqW5Y5c68aqB9Fl5QzauaMSkKCVfJtubHZty9xeqTZkMEdZAubciKxb?= =?us-ascii?Q?SwJXevQT9DhfzggHF28hmm9Iwh9iU3V49IDaFvx3F9TnREjVYuGTVLqimjII?= =?us-ascii?Q?OuOkEEqlMEirsD038SbCfpjWgOtvpWQHUzs5UVMMU0OQ5mMwrSatZl0L+oF5?= =?us-ascii?Q?18eFZ9I1dQSeW39PXLblA6ELIDtJHDoiTzsQ+iQNuMUEBxM+cGGYBEos8Hp5?= =?us-ascii?Q?N9bnK5Kz+Ftm34CuZVl23DgpitIWC1Z5WEdnHj4AYIsLLlMeJEj0g3P1eQxG?= =?us-ascii?Q?3LP4pcjpLNor99Z7yCbezqYfFlvNcdymXEIHgUVeuuzi1VWY+YtTkFuFii/+?= =?us-ascii?Q?OxP0LfnqhHHbOopn2WQB+04xeoOv9HA5gE3MaKT5R9pcZO72d2dFioTryJ2V?= =?us-ascii?Q?31LNivpZf5RV6U8Gshti4gT6on9p8wOeRzd2mgC9ZAyUWHexy3+vbNo17+iv?= =?us-ascii?Q?nmKfl/OVdItjZMH+bL8fBkt6uohW4t4aaGuCXkg55NLdwqd/Lhtn9quboMY6?= =?us-ascii?Q?xw2HUj+aOiEZyNB174Yog4COQnQwYimNm+i2KpPJ40gII9IiWTRBQLDaNOzK?= =?us-ascii?Q?kBXlbU1HX4/vhkSdm9xAbkw8kY6/HgWjEegjek79p/ZZ1z78fX4Q8T0Ojzn3?= =?us-ascii?Q?vlj6dGAOmWYTp0kbLaZDo65n5ukDGyl8EFOKb0FUxyH3xSyE7TP66TCmCBRH?= =?us-ascii?Q?4Fmh+o1OwphXo1xHSjUlh8WXQCJSsmw/yhHjpLINtD7xASq8gWfGn+2nhlGd?= =?us-ascii?Q?IuReqYqIYUZ/FCYo3wbwzV9FuqXzkkGboaAqe7gIZNKerFIRMa6OG1VbcuUG?= =?us-ascii?Q?sbgCd/z5c7YNnVy++qAONNYAiGgSFgeIJ/MMHUkDGxpDxJ21K+cIJuLXRHYy?= =?us-ascii?Q?9d+cABrAmoyI6pXiW4wS3QeMkq0b4V7d0WFeDLsPVW45BUzNyp+qM4GAaiwM?= =?us-ascii?Q?zsQftIhbNIlZTt65KAN7MCJ6PBEQ/93UCvO6IcQzINh5nJYpmt1vE34I22Hb?= =?us-ascii?Q?mBeFXHEWAA=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4945.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1adb4c01-818b-4d67-2de4-08da1149dadf X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Mar 2022 06:03:32.7440 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: k+9aUIqiOElEd4XyUk10Vxb3vgu7/j/FLKRFl8Xq+3ZP6BPM+W1YPNjY/4rVXvkKV3/bhTZ5DqNPEFVw3rJ1UA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1608 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Judah, The commit message is too simple to be useful for reviewers and developers. Other patches have the same issue. Please add more descriptions to explain the changes made in each patch (why and how). Regards, Jian > -----Original Message----- > From: Vang, Judah > Sent: Saturday, March 26, 2022 7:21 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Yao, Jiewen ; > Mistry, Nishant C > Subject: [PATCH v1 02/28] SecurityPkg: Add new GUIDs >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 >=20 > Add new GUIDs >=20 > Cc: Jian J Wang > Cc: Jiewen Yao > Cc: Nishant C Mistry > Signed-off-by: Judah Vang > --- > SecurityPkg/SecurityPkg.dec | 43 +++++++++++++++++++- > 1 file changed, 42 insertions(+), 1 deletion(-) >=20 > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 9f7a032d60d5..ea88908ea7d2 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -5,7 +5,7 @@ > # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and l= ibrary > classes) > # and libraries instances, which are used for those features. > # > -# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
> +# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> # Copyright (c) Microsoft Corporation.
> # SPDX-License-Identifier: BSD-2-Clause-Patent > @@ -217,6 +217,18 @@ [Guids] > ## GUID used to specify section with default dbt content > gDefaultdbtFileGuid =3D { 0x36c513ee, 0xa338, 0x4976, {= 0xa0, 0xfb, > 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } } >=20 > + ## Include/Guid/ProtectedVariable.h > + # {8EBF379A-F18E-4728-A410-00CF9A65BE91} > + gEdkiiProtectedVariableGlobalGuid =3D { 0x8ebf379a, 0xf18e, 0x4728, { = 0xa4, > 0x10, 0x0, 0xcf, 0x9a, 0x65, 0xbe, 0x91 } } > + > + ## Include/Guid/ProtectedVariable.h > + # {e3e890ad-5b67-466e-904f-94ca7e9376bb} > + gEdkiiMetaDataHmacVariableGuid =3D {0xe3e890ad, 0x5b67, 0x466e, {0x90, > 0x4f, 0x94, 0xca, 0x7e, 0x93, 0x76, 0xbb}} > + > + ## Include/Guid/ProtectedVariable.h > + # {a11a3652-875b-495a-b097-200917580b98} > + gEdkiiProtectedVariableContextGuid =3D {0xa11a3652, 0x875b, 0x495a, {0= xb0, > 0x97, 0x20, 0x09, 0x17, 0x58, 0x0b, 0x98} } > + > [Ppis] > ## The PPI GUID for that TPM physical presence should be locked. > # Include/Ppi/LockPhysicalPresence.h > @@ -242,6 +254,10 @@ [Ppis] > ## Include/Ppi/Tcg.h > gEdkiiTcgPpiGuid =3D {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, = 0xca, > 0xc7, 0x17, 0x6c, 0xf1 } } >=20 > + ## Key Service Ppi > + # Include/Ppi/KeyServicePpi.h > + gKeyServicePpiGuid =3D {0x583592f6, 0xEC34, 0x4CED, {0x8E, 0x81, 0xC8,= 0xD1, > 0x36, 0x93, 0x04, 0x27}} > + > # > # [Error.gEfiSecurityPkgTokenSpaceGuid] > # 0x80000001 | Invalid value provided. > @@ -325,6 +341,31 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] >=20 >=20 > gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x0 > 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID > *|0x00010032 >=20 > + ## Progress Code for variable integrity check result.

> + # DEFAULT: (EFI_PERIPHERAL_FIXED_MEDIA | [EFI_STATUS&0xFF]) > + # @Prompt Status Code for variable integiry check result > + > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity|0x01070000|U > INT32|0x00010033 > + > + ## Null-terminated Unicode string of the Platform Variable Name > + # @Prompt known unprotected variable name > + > gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName|L""|VOID*|0x00010 > 034 > + > + ## Guid name to identify Platform Variable Guid > + # @Prompt known unprotected variable guid > + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid|{ 0x00, 0x00, 0x= 00, > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > 0x00 }|VOID*|0x00010035 > + > + ## Defines Protected Variable Integrity support. > + # TRUE - Enable Protected Variable Integrity.
> + # FALSE - Disable Protected Variable Integrity.
> + # @Prompt Protected Variable Integrity support. > + > gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity|FALSE|BOOLEA > N|0x00010036 > + > + ## Defines Protected Variable Confidentiality support. > + # TRUE - Enable Protected Variable Confidentiality.
> + # FALSE - Disable Protected Variable Confidentiality.
> + # @Prompt Protected Variable Integrity support. > + > gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality|FALSE|B= O > OLEAN|0x00010037 > + > [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] > ## Image verification policy for OptionRom. Only following values are > valid:

> # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specificati= on and > has been removed.
> -- > 2.26.2.windows.1