From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.102]) by mx.groups.io with SMTP id smtpd.web12.1377.1585071859629775644 for ; Tue, 24 Mar 2020 10:44:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@microsoft.com header.s=selector2 header.b=B7WTa+gj; spf=pass (domain: microsoft.com, ip: 40.107.244.102, mailfrom: bret.barkelew@microsoft.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mljIndFxEpoVmAaAX9yeRSrUYapPRhRB2MBOpWi6sNzUOmionNZlXgV1/nFBZY4+x3ydwxUAZ8GvH9HFzDewGM/PtrTGAGFnJA1Rte+YRqq2Yj58H//q3vuB0tjXHQIGPjPxyxfzBHzXGxMmtwCeCE3U556aLN8TFvnMlsb0OQkR89K/Sjj8u4gksobrKVu63eacXgAvvnXzuzqPZ3Aw+TgOhZ6xg5tFjzneAGhDAoM1fCEJr2+BC720Ubkia4Pb1K5XHJq2gSCy3JJnEzsAOHpUEoeMWN/g7Ll9YZJ1zDBkpLF8PTq/OAgr0oPlFJnwUKfFe95GCbwThrR9R4u9Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AHamoZlNcemdBerNGeCkBJJBA7U0J/gWJp1tC9fDFbo=; b=H2/tGcN657CDmvRhVmFqQsj00oUV9AoU/G+l7T2jMKoRm610UvxVtTsWxNd+M4CcXje/BlEoKc9NqIxkrLBw7fjJa8m9SBtAj6yLZtaRJPkkfIHuZGZ+gJ0BkaD+7GTqeyHPM76d6CqrmB+633Y5uTQ3qmb5aYCCX6DNjDSFRBmqknfyRtbnEjmPUwt2a7ocWJmwNLuAcFg5ghuOOjkNAiKGxCNbX2CQhkSjHZ5XZx8677P7z+mWmpjnyPIOpvh2/x5xMGTn8PYJB38cv1XEJbLVLLPEkGYCfgkeyrDUQ2PcdAhev4j3bj0Zo1yh1ajmO9MYyjZV0FMDBwTvBw36VQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AHamoZlNcemdBerNGeCkBJJBA7U0J/gWJp1tC9fDFbo=; b=B7WTa+gjXBxXmRGDCQ5lJiRAGlf6cAwPuooASnNKJjQxZk6B11kcftkqr2UOTub7S0DCgzpqf9KL5vM3BVgMuvo2DhJJ6ul0iMQIaol+sQTDWPI8Huop8sB+2n5u0SUKWw1wAilKxHQFt1B4q+Z/GUvpa36HI2wXQvXmTy/ygAU= Received: from CY4PR21MB0743.namprd21.prod.outlook.com (2603:10b6:903:b2::9) by CY4PR21MB0821.namprd21.prod.outlook.com (2603:10b6:903:b8::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.2; Tue, 24 Mar 2020 17:44:18 +0000 Received: from CY4PR21MB0743.namprd21.prod.outlook.com ([fe80::90d:10d9:c5bc:5318]) by CY4PR21MB0743.namprd21.prod.outlook.com ([fe80::90d:10d9:c5bc:5318%10]) with mapi id 15.20.2878.000; Tue, 24 Mar 2020 17:44:18 +0000 From: "Bret Barkelew" To: "devel@edk2.groups.io" , "jian.j.wang@intel.com" CC: Jiewen Yao , Chao Zhang , Nishant C Mistry Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v4 1/3] SecurityPkg: add RpmcLib and VariableKeyLib public headers Thread-Topic: [EXTERNAL] [edk2-devel] [PATCH v4 1/3] SecurityPkg: add RpmcLib and VariableKeyLib public headers Thread-Index: AQHWAaZqfdUmQ2YBEEe3PPHFZgaEdahYBD1H Date: Tue, 24 Mar 2020 17:44:18 +0000 Message-ID: References: <20200324063523.336-1-jian.j.wang@intel.com>,<20200324063523.336-2-jian.j.wang@intel.com> In-Reply-To: <20200324063523.336-2-jian.j.wang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-03-24T17:43:46.7432723Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged authentication-results: spf=none (sender IP is ) smtp.mailfrom=Bret.Barkelew@microsoft.com; x-originating-ip: [71.212.145.195] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: d6bd49c3-68ee-4487-34fe-08d7d01afa4b x-ms-traffictypediagnostic: CY4PR21MB0821: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 03524FBD26 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(4636009)(366004)(39860400002)(346002)(376002)(136003)(396003)(15650500001)(7696005)(966005)(5660300002)(55016002)(9686003)(8990500004)(110136005)(2906002)(316002)(478600001)(54906003)(53546011)(6506007)(33656002)(8936002)(76116006)(52536014)(81166006)(81156014)(86362001)(10290500003)(26005)(71200400001)(186003)(8676002)(64756008)(66946007)(4326008)(66476007)(66446008)(66556008)(91956017);DIR:OUT;SFP:1102;SCL:1;SRVR:CY4PR21MB0821;H:CY4PR21MB0743.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 6bJfxWjWrh+OJQHUkBYIAQTUb6bxzgpKPh9f4tUpwVU2IzfcdMAtDAa8ELRAAH/Gk/LtDjGU5LGWX0af6AkrP0kZdPS2MwoAKFNkOAC4HxDmA5UylpFqO8TcvYsx2/tSALX6OIr2gfqG5TcmB8U2OJx/yEK4C9jx4awSt5XxxlkEAKDj7mLiFVeAf8IH5sGrfBdmYQ8mK0A9F6a3kcEEG2GDzg7MsfvmzLtC6Yk9hQ7EctgG8HmpoaMRCFGY+7S+BD6ZfGH9nQg7tsVZEGm/3kouXnXBaMzxryDCeNdItkG7XWV38e+MbwTx2NqbVBNQx3v6AhicpD21nxRLUhWo6iY5sDJhThWlco80K25OL0pzzWRTtbgcoHaI5lOhXnK0PplTrsdfuTuu80xtLpYFBqTUTHUCcb83gxhWsb29I7wIwPbS+KVRHqxu8dqtmYu7Oi89QVHc3zwecuAJsDqzptakVS30jAbVmzWOQUPBUgU4FkDzoHe7SYImkqlj+2h2E8Mg9V4meCcVI4/vvgKmrg== x-ms-exchange-antispam-messagedata: 9D0K0V6i7WduC8PH/qhLkg/UFHgbtt5O/P4O4taTp1gRBwQ4ffy3zQVhSHXKwv8H4eWPxOuHnUBXQauEPnO2udMcEm2EZT9NRv38ctSWTtqBkTGSGCM0c+aVYfTgpWsU4FZMDGEeYyINyiBFQgv8FQ== x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: d6bd49c3-68ee-4487-34fe-08d7d01afa4b X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2020 17:44:18.2074 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: irg+PK0VcvfwNdFC6HMcsVfSjRejExo3WqBrbz7AM0gXz28OY/dl0xui6yMvEOu9fWFDM/S9RWTBBZ0SWrUuTQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0821 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_CY4PR21MB074365BF620415605DFD4BD9EFF10CY4PR21MB0743namp_" --_000_CY4PR21MB074365BF620415605DFD4BD9EFF10CY4PR21MB0743namp_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Is there a reason this needs to be called =93VariableKeyLib=94 rather than = any other =93KeyLib=94? It seems general-purpose as an interface. - Bret ________________________________ From: devel@edk2.groups.io on behalf of Wang, Jian J= via Groups.Io Sent: Monday, March 23, 2020 11:35:21 PM To: devel@edk2.groups.io Cc: Jiewen Yao ; Chao Zhang ;= Nishant C Mistry Subject: [EXTERNAL] [edk2-devel] [PATCH v4 1/3] SecurityPkg: add RpmcLib an= d VariableKeyLib public headers > v4: remove CounterId which should not be exposed REF: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbu= gzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2594&data=3D02%7C01%7Cbret.b= arkelew%40microsoft.com%7C3e34ac4a40d94c82e86b08d7cfbd8b82%7C72f988bf86f141= af91ab2d7cd011db47%7C1%7C0%7C637206285305504454&sdata=3DwCxxsc6cc%2Ffdu= q88XOZOZv6debpAQMZiIdsFjD0zHXE%3D&reserved=3D0 RpmcLib.h and VariableKeyLib.h are header files required to access RPMC device and Key generator from platform. They will be used to ensure the integrity and confidentiality of NV variables. Cc: Jiewen Yao Cc: Chao Zhang Cc: Nishant C Mistry Signed-off-by: Jian J Wang --- SecurityPkg/Include/Library/RpmcLib.h | 42 ++++++++++++++ SecurityPkg/Include/Library/VariableKeyLib.h | 59 ++++++++++++++++++++ SecurityPkg/SecurityPkg.dec | 8 +++ 3 files changed, 109 insertions(+) create mode 100644 SecurityPkg/Include/Library/RpmcLib.h create mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Li= brary/RpmcLib.h new file mode 100644 index 0000000000..8e3868516c --- /dev/null +++ b/SecurityPkg/Include/Library/RpmcLib.h @@ -0,0 +1,42 @@ +/** @file + Public definitions for the Replay Protected Monotonic Counter (RPMC) Lib= rary. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _RPMC_LIB_H_ +#define _RPMC_LIB_H_ + +#include + +/** + Requests the monotonic counter from the designated RPMC counter. + + @param[out] CounterValue A pointer to a buffer to store the= RPMC value. + + @retval EFI_SUCCESS The operation completed successful= ly. + @retval EFI_DEVICE_ERROR A device error occurred while atte= mpting to update the counter. + @retval EFI_UNSUPPORTED The operation is un-supported. +**/ +EFI_STATUS +EFIAPI +RequestMonotonicCounter ( + OUT UINT32 *CounterValue + ); + +/** + Increments the monotonic counter in the SPI flash device by 1. + + @retval EFI_SUCCESS The operation completed successful= ly. + @retval EFI_DEVICE_ERROR A device error occurred while atte= mpting to update the counter. + @retval EFI_UNSUPPORTED The operation is un-supported. +**/ +EFI_STATUS +EFIAPI +IncrementMonotonicCounter ( + VOID + ); + +#endif \ No newline at end of file diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h b/SecurityPkg/Inc= lude/Library/VariableKeyLib.h new file mode 100644 index 0000000000..fe642b3d66 --- /dev/null +++ b/SecurityPkg/Include/Library/VariableKeyLib.h @@ -0,0 +1,59 @@ +/** @file + Public definitions for Variable Key Library. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _VARIABLE_KEY_LIB_H_ +#define _VARIABLE_KEY_LIB_H_ + +#include + +/** + Retrieves the variable root key. + + @param[out] VariableRootKey A pointer to pointer for the var= iable root key buffer. + @param[in,out] VariableRootKeySize The size in bytes of the variabl= e root key. + + @retval EFI_SUCCESS The variable root key was returned= . + @retval EFI_DEVICE_ERROR An error occurred while attempting= to get the variable root key. + @retval EFI_ACCESS_DENIED The function was invoked after loc= king the key interface. + @retval EFI_UNSUPPORTED The variable root key is not suppo= rted in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +GetVariableRootKey ( + OUT VOID **VariableRootKey, + IN OUT UINTN *VariableRootKeySize + ); + +/** + Regenerates the variable root key. + + @retval EFI_SUCCESS The variable root key was regenera= ted successfully. + @retval EFI_DEVICE_ERROR An error occurred while attempting= to regenerate the root key. + @retval EFI_ACCESS_DENIED The function was invoked after loc= king the key interface. + @retval EFI_UNSUPPORTED Key regeneration is not supported = in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +RegenerateKey ( + VOID + ); + +/** + Locks the regenerate key interface. + + @retval EFI_SUCCESS The key interface was locked succe= ssfully. + @retval EFI_UNSUPPORTED Locking the key interface is not s= upported in the current boot configuration. + @retval Others An error occurred while attempting= to lock the key interface. +**/ +EFI_STATUS +EFIAPI +LockKeyInterface ( + VOID + ); + +#endif \ No newline at end of file diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 5335cc5397..2cdfb02cc5 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -76,6 +76,14 @@ # TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h + ## @libraryclass Provides interfaces to access RPMC device. + # + RpmcLib|Include/Library/RpmcLib.h + + ## @libraryclass Provides interfaces to access variable root key. + # + VariableKeyLib|Include/Library/VariableKeyLib.h + [Guids] ## Security package token space guid. # Include/Guid/SecurityPkgTokenSpace.h -- 2.24.0.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56132): https://nam06.safelinks.protection.outlook.com/= ?url=3Dhttps%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F56132&data= =3D02%7C01%7Cbret.barkelew%40microsoft.com%7C3e34ac4a40d94c82e86b08d7cfbd8b= 82%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637206285305514447&sdat= a=3DCoBs9mwnHTAAZiErAEHS3E7dbdRd%2FZefJPKXKPmJwfc%3D&reserved=3D0 Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=3Dhttp= s%3A%2F%2Fgroups.io%2Fmt%2F72512084%2F1852292&data=3D02%7C01%7Cbret.bar= kelew%40microsoft.com%7C3e34ac4a40d94c82e86b08d7cfbd8b82%7C72f988bf86f141af= 91ab2d7cd011db47%7C1%7C0%7C637206285305514447&sdata=3D%2B14%2BIfGmu88GS= nKZnpb51EGaW3MqfFCT1%2BWI5Bhdlo0%3D&reserved=3D0 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A= %2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=3D02%7C01%7Cbret.barkelew= %40microsoft.com%7C3e34ac4a40d94c82e86b08d7cfbd8b82%7C72f988bf86f141af91ab2= d7cd011db47%7C1%7C0%7C637206285305514447&sdata=3DJLLWLjx0OW0eTjn7xXG5aN= HdAfWQqhY4qLXSuNhhcys%3D&reserved=3D0 [bret.barkelew@microsoft.com] -=3D-=3D-=3D-=3D-=3D-=3D --_000_CY4PR21MB074365BF620415605DFD4BD9EFF10CY4PR21MB0743namp_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

Is there a reason this needs to be called =93Variabl= eKeyLib=94 rather than any other =93KeyLib=94? It seems general-purpose as = an interface.

 

- Bret

 


From: devel@edk2.groups.io = <devel@edk2.groups.io> on behalf of Wang, Jian J via Groups.Io <ji= an.j.wang=3Dintel.com@groups.io>
Sent: Monday, March 23, 2020 11:35:21 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Jiewen Yao <jiewen.yao@intel.com>; Chao Zhang <chao.b.z= hang@intel.com>; Nishant C Mistry <nishant.c.mistry@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v4 1/3] SecurityPkg: add Rpm= cLib and VariableKeyLib public headers
 
> v4: remove CounterId which should not be expo= sed

REF: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugzill= a.tianocore.org%2Fshow_bug.cgi%3Fid%3D2594&amp;data=3D02%7C01%7Cbret.ba= rkelew%40microsoft.com%7C3e34ac4a40d94c82e86b08d7cfbd8b82%7C72f988bf86f141a= f91ab2d7cd011db47%7C1%7C0%7C637206285305504454&amp;sdata=3DwCxxsc6cc%2F= fduq88XOZOZv6debpAQMZiIdsFjD0zHXE%3D&amp;reserved=3D0

RpmcLib.h and VariableKeyLib.h are header files required to access RPMC
device and Key generator from platform. They will be used to ensure the
integrity and confidentiality of NV variables.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 SecurityPkg/Include/Library/RpmcLib.h     &n= bsp;  | 42 ++++++++++++= ;++
 SecurityPkg/Include/Library/VariableKeyLib.h | 59 ++++= ;+++++++++++++++= ;+
 SecurityPkg/SecurityPkg.dec       =            |  8 += ;++
 3 files changed, 109 insertions(+)
 create mode 100644 SecurityPkg/Include/Library/RpmcLib.h
 create mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h

diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Li= brary/RpmcLib.h
new file mode 100644
index 0000000000..8e3868516c
--- /dev/null
+++ b/SecurityPkg/Include/Library/RpmcLib.h
@@ -0,0 +1,42 @@
+/** @file

+  Public definitions for the Replay Protected Monotonic Counter (= RPMC) Library.

+

+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR><= br>
+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#ifndef _RPMC_LIB_H_

+#define _RPMC_LIB_H_

+

+#include <Uefi/UefiBaseType.h>

+

+/**

+  Requests the monotonic counter from the designated RPMC counter= .

+

+  @param[out]   CounterValue    &nb= sp;       A pointer to a buffer to store the = RPMC value.

+

+  @retval       EFI_SUCCESS &n= bsp;           The operat= ion completed successfully.

+  @retval       EFI_DEVICE_ERROR&nb= sp;       A device error occurred while attem= pting to update the counter.

+  @retval       EFI_UNSUPPORTED&nbs= p;        The operation is un-supported.=

+**/

+EFI_STATUS

+EFIAPI

+RequestMonotonicCounter (

+  OUT UINT32  *CounterValue

+  );

+

+/**

+  Increments the monotonic counter in the SPI flash device by 1.<= br>
+

+  @retval       EFI_SUCCESS &n= bsp;           The operat= ion completed successfully.

+  @retval       EFI_DEVICE_ERROR&nb= sp;       A device error occurred while attem= pting to update the counter.

+  @retval       EFI_UNSUPPORTED&nbs= p;        The operation is un-supported.=

+**/

+EFI_STATUS

+EFIAPI

+IncrementMonotonicCounter (

+  VOID

+  );

+

+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h b/SecurityPkg/Inc= lude/Library/VariableKeyLib.h
new file mode 100644
index 0000000000..fe642b3d66
--- /dev/null
+++ b/SecurityPkg/Include/Library/VariableKeyLib.h
@@ -0,0 +1,59 @@
+/** @file

+  Public definitions for Variable Key Library.

+

+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR><= br>
+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#ifndef _VARIABLE_KEY_LIB_H_

+#define _VARIABLE_KEY_LIB_H_

+

+#include <Uefi/UefiBaseType.h>

+

+/**

+  Retrieves the variable root key.

+

+  @param[out]     VariableRootKey  =        A pointer to pointer for the variable = root key buffer.

+  @param[in,out]  VariableRootKeySize    = ; The size in bytes of the variable root key.

+

+  @retval       EFI_SUCCESS &n= bsp;           The variab= le root key was returned.

+  @retval       EFI_DEVICE_ERROR&nb= sp;       An error occurred while attempting = to get the variable root key.

+  @retval       EFI_ACCESS_DENIED&n= bsp;      The function was invoked after locking t= he key interface.

+  @retval       EFI_UNSUPPORTED&nbs= p;        The variable root key is not s= upported in the current boot configuration.

+**/

+EFI_STATUS

+EFIAPI

+GetVariableRootKey (

+      OUT VOID    **VariableRo= otKey,

+  IN  OUT UINTN   *VariableRootKeySize

+  );

+

+/**

+  Regenerates the variable root key.

+

+  @retval       EFI_SUCCESS &n= bsp;           The variab= le root key was regenerated successfully.

+  @retval       EFI_DEVICE_ERROR&nb= sp;       An error occurred while attempting = to regenerate the root key.

+  @retval       EFI_ACCESS_DENIED&n= bsp;      The function was invoked after locking t= he key interface.

+  @retval       EFI_UNSUPPORTED&nbs= p;        Key regeneration is not suppor= ted in the current boot configuration.

+**/

+EFI_STATUS

+EFIAPI

+RegenerateKey (

+  VOID

+  );

+

+/**

+  Locks the regenerate key interface.

+

+  @retval       EFI_SUCCESS &n= bsp;           The key in= terface was locked successfully.

+  @retval       EFI_UNSUPPORTED&nbs= p;        Locking the key interface is n= ot supported in the current boot configuration.

+  @retval       Others  &= nbsp;           &nbs= p;   An error occurred while attempting to lock the key interface= .

+**/

+EFI_STATUS

+EFIAPI

+LockKeyInterface (

+  VOID

+  );

+

+#endif
\ No newline at end of file
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 5335cc5397..2cdfb02cc5 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -76,6 +76,14 @@
   #

   TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h

 

+  ## @libraryclass  Provides interfaces to access RPMC devic= e.

+  #

+  RpmcLib|Include/Library/RpmcLib.h

+

+  ## @libraryclass  Provides interfaces to access variable r= oot key.

+  #

+  VariableKeyLib|Include/Library/VariableKeyLib.h

+

 [Guids]

   ## Security package token space guid.

   # Include/Guid/SecurityPkgTokenSpace.h

--
2.24.0.windows.2


-=3D-=3D-=3D-=3D-=3D-=3D
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56132): https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2.gr= oups.io%2Fg%2Fdevel%2Fmessage%2F56132&amp;data=3D02%7C01%7Cbret.barkele= w%40microsoft.com%7C3e34ac4a40d94c82e86b08d7cfbd8b82%7C72f988bf86f141af91ab= 2d7cd011db47%7C1%7C0%7C637206285305514447&amp;sdata=3DCoBs9mwnHTAAZiErA= EHS3E7dbdRd%2FZefJPKXKPmJwfc%3D&amp;reserved=3D0
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgroups.= io%2Fmt%2F72512084%2F1852292&amp;data=3D02%7C01%7Cbret.barkelew%40micro= soft.com%7C3e34ac4a40d94c82e86b08d7cfbd8b82%7C72f988bf86f141af91ab2d7cd011d= b47%7C1%7C0%7C637206285305514447&amp;sdata=3D%2B14%2BIfGmu88GSnKZnpb51E= GaW3MqfFCT1%2BWI5Bhdlo0%3D&amp;reserved=3D0
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2.gr= oups.io%2Fg%2Fdevel%2Funsub&amp;data=3D02%7C01%7Cbret.barkelew%40micros= oft.com%7C3e34ac4a40d94c82e86b08d7cfbd8b82%7C72f988bf86f141af91ab2d7cd011db= 47%7C1%7C0%7C637206285305514447&amp;sdata=3DJLLWLjx0OW0eTjn7xXG5aNHdAfW= QqhY4qLXSuNhhcys%3D&amp;reserved=3D0  [bret.barkelew@microsoft.com]
-=3D-=3D-=3D-=3D-=3D-=3D

--_000_CY4PR21MB074365BF620415605DFD4BD9EFF10CY4PR21MB0743namp_--