# and libraries instances, which are used for those modules.\r
#\r
# Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved.\r
-# Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2007 - 2020, Intel Corporation. All rights reserved.<BR>\r
# Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR>\r
# (C) Copyright 2016 - 2019 Hewlett Packard Enterprise Development LP<BR>\r
# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
-# Copyright (c) 2016, Microsoft Corporation<BR>\r
+# Copyright (c) Microsoft Corporation.<BR>\r
# SPDX-License-Identifier: BSD-2-Clause-Patent\r
#\r
##\r
[Includes]\r
Include\r
\r
+[Includes.Common.Private]\r
+ Library/BrotliCustomDecompressLib/brotli/c/include\r
\r
[LibraryClasses]\r
## @libraryclass Defines a set of methods to reset whole system.\r
ResetSystemLib|Include/Library/ResetSystemLib.h\r
\r
+ ## @libraryclass Business logic for storing and testing variable policies\r
+ VariablePolicyLib|Include/Library/VariablePolicyLib.h\r
+\r
## @libraryclass Defines a set of helper functions for resetting the system.\r
ResetUtilityLib|Include/Library/ResetUtilityLib.h\r
\r
#\r
DisplayUpdateProgressLib|Include/Library/DisplayUpdateProgressLib.h\r
\r
+ ## @libraryclass This library contains helper functions for marshalling and\r
+ # registering new policies with the VariablePolicy infrastructure.\r
+ #\r
+ VariablePolicyHelperLib|Include/Library/VariablePolicyHelperLib.h\r
+\r
[Guids]\r
## MdeModule package token space guid\r
# Include/Guid/MdeModulePkgTokenSpace.h\r
## Include/Guid/EndofS3Resume.h\r
gEdkiiEndOfS3ResumeGuid = { 0x96f5296d, 0x05f7, 0x4f3c, {0x84, 0x67, 0xe4, 0x56, 0x89, 0x0e, 0x0c, 0xb5 } }\r
\r
+ ## Used (similar to Variable Services) to communicate policies to the enforcement engine.\r
+ # {DA1B0D11-D1A7-46C4-9DC9-F3714875C6EB}\r
+ gVarCheckPolicyLibMmiHandlerGuid = { 0xda1b0d11, 0xd1a7, 0x46c4, { 0x9d, 0xc9, 0xf3, 0x71, 0x48, 0x75, 0xc6, 0xeb }}\r
+\r
## Include/Guid/S3SmmInitDone.h\r
gEdkiiS3SmmInitDoneGuid = { 0x8f9d4825, 0x797d, 0x48fc, { 0x84, 0x71, 0x84, 0x50, 0x25, 0x79, 0x2e, 0xf6 } }\r
\r
## GUID indicates the capsule is to store Capsule On Disk file names.\r
gEdkiiCapsuleOnDiskNameGuid = { 0x98c80a4f, 0xe16b, 0x4d11, { 0x93, 0x9a, 0xab, 0xe5, 0x61, 0x26, 0x3, 0x30 } }\r
\r
+ ## Include/Guid/MigratedFvInfo.h\r
+ gEdkiiMigratedFvInfoGuid = { 0xc1ab12f7, 0x74aa, 0x408d, { 0xa2, 0xf4, 0xc6, 0xce, 0xfd, 0x17, 0x98, 0x71 } }\r
+\r
[Ppis]\r
## Include/Ppi/AtaController.h\r
gPeiAtaControllerPpiGuid = { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0, 0x7a, 0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }}\r
gEfiLockBoxProtocolGuid = { 0xbd445d79, 0xb7ad, 0x4f04, { 0x9a, 0xd8, 0x29, 0xbd, 0x20, 0x40, 0xeb, 0x3c }}\r
\r
## Include/Protocol/FormBrowserEx.h\r
- gEfiFormBrowserExProtocolGuid = { 0x1f73b18d, 0x4630, 0x43c1, { 0xa1, 0xde, 0x6f, 0x80, 0x85, 0x5d, 0x7d, 0xa4 } }\r
gEdkiiFormBrowserExProtocolGuid = { 0x1f73b18d, 0x4630, 0x43c1, { 0xa1, 0xde, 0x6f, 0x80, 0x85, 0x5d, 0x7d, 0xa4 } }\r
\r
## Include/Protocol/EbcVmTest.h\r
# 0x80000006 | Incorrect error code provided.\r
#\r
\r
+ ## Include/Protocol/VariablePolicy.h\r
+ gEdkiiVariablePolicyProtocolGuid = { 0x81D1675C, 0x86F6, 0x48DF, { 0xBD, 0x95, 0x9A, 0x6E, 0x4F, 0x09, 0x25, 0xC3 } }\r
+\r
[PcdsFeatureFlag]\r
## Indicates if the platform can support update capsule across a system reset.<BR><BR>\r
# TRUE - Supports update capsule across a system reset.<BR>\r
# @Prompt Enable PCI bridge IO alignment probe.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdPciBridgeIoAlignmentProbe|FALSE|BOOLEAN|0x0001004e\r
\r
- ## Indicates if StatusCode is reported via Serial port.<BR><BR>\r
- # TRUE - Reports StatusCode via Serial port.<BR>\r
- # FALSE - Does not report StatusCode via Serial port.<BR>\r
- # @Prompt Enable StatusCode via Serial port.\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|TRUE|BOOLEAN|0x00010022\r
-\r
- ## Indicates if StatusCode is stored in memory.\r
- # The memory is boot time memory in PEI Phase and is runtime memory in DXE Phase.<BR><BR>\r
- # TRUE - Stores StatusCode in memory.<BR>\r
- # FALSE - Does not store StatusCode in memory.<BR>\r
- # @Prompt Enable StatusCode via memory.\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|FALSE|BOOLEAN|0x00010023\r
-\r
## Indicates if PEI phase StatusCode will be replayed in DXE phase.<BR><BR>\r
# TRUE - Replays PEI phase StatusCode in DXE phased.<BR>\r
# FALSE - Does not replay PEI phase StatusCode in DXE phase.<BR>\r
# @Prompt Degrade 64-bit PCI MMIO BARs for legacy BIOS option ROMs\r
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDegradeResourceForOptionRom|TRUE|BOOLEAN|0x0001003a\r
\r
+ ## Indicates if the platform can support process non-reset capsule image at runtime.<BR><BR>\r
+ # TRUE - Supports process non-reset capsule image at runtime.<BR>\r
+ # FALSE - Does not support process non-reset capsule image at runtime.<BR>\r
+ # @Prompt Enable process non-reset capsule image at runtime.\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSupportProcessCapsuleAtRuntime|FALSE|BOOLEAN|0x00010079\r
+\r
[PcdsFeatureFlag.IA32, PcdsFeatureFlag.ARM, PcdsFeatureFlag.AARCH64]\r
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDegradeResourceForOptionRom|FALSE|BOOLEAN|0x0001003a\r
\r
# @Prompt Variable storage size.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x10000|UINT32|0x30000005\r
\r
+ ## Toggle for whether the VariablePolicy engine should allow disabling.\r
+ # The engine is enabled at power-on, but the interface allows the platform to\r
+ # disable enforcement for servicing flexibility. If this PCD is disabled, it will block the ability to\r
+ # disable the enforcement and VariablePolicy enforcement will always be ON.\r
+ # TRUE - VariablePolicy can be disabled by request through the interface (until interface is locked)\r
+ # FALSE - VariablePolicy interface will not accept requests to disable and is ALWAYS ON\r
+ # @Prompt Allow VariablePolicy enforcement to be disabled.\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|FALSE|BOOLEAN|0x30000020\r
+\r
## FFS filename to find the ACPI tables.\r
# @Prompt FFS name of ACPI tables storage.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiTableStorageFile|{ 0x25, 0x4e, 0x37, 0x7e, 0x01, 0x8e, 0xee, 0x4f, 0x87, 0xf2, 0x39, 0xc, 0x23, 0xc6, 0x6, 0xcd }|VOID*|0x30000016\r
# @Prompt Shadow Peim and PeiCore on boot\r
gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot|TRUE|BOOLEAN|0x30001029\r
\r
+ ## Enable the feature that evacuate temporary memory to permanent memory or not<BR><BR>\r
+ # Set FALSE as default, if the developer need this feature to avoid this vulnerability, please\r
+ # enable it to shadow all PEIMs no matter the behavior controled by PcdShadowPeimOnBoot or\r
+ # PcdShadowPeimOnS3Boot<BR>\r
+ # TRUE - Evacuate temporary memory, the actions include copy memory, convert PPI pointers and so on.<BR>\r
+ # FALSE - Do nothing, for example, no copy memory, no convert PPI pointers and so on.<BR>\r
+ # @Prompt Evacuate temporary memory to permanent memory\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes|FALSE|BOOLEAN|0x3000102A\r
+\r
## The mask is used to control memory profile behavior.<BR><BR>\r
# BIT0 - Enable UEFI memory profile.<BR>\r
# BIT1 - Enable SMRAM profile.<BR>\r
# @Prompt Enable Capsule On Disk support.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleOnDiskSupport|FALSE|BOOLEAN|0x0000002d\r
\r
+ ## Maximum permitted encapsulation levels of sections in a firmware volume,\r
+ # in the DXE phase. Minimum value is 1. Sections nested more deeply are\r
+ # rejected.\r
+ # @Prompt Maximum permitted FwVol section nesting depth (exclusive).\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth|0x10|UINT32|0x00000030\r
+\r
[PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
## This PCD defines the Console output row. The default value is 25 according to UEFI spec.\r
# This PCD could be set to 0 then console output would be at max column and max row.\r
# @Prompt Console Output Row of Text Setup\r
gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutRow|25|UINT32|0x4000000e\r
\r
+[PcdsFixedAtBuild.AARCH64, PcdsPatchableInModule.AARCH64]\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiExposedTableVersions|0x20|UINT32|0x0001004c\r
+\r
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
## UART clock frequency is for the baud rate configuration.\r
# @Prompt Serial Port Clock Rate.\r
# @Prompt Flag to request system reboot after processing capsule.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdSystemRebootAfterCapsuleProcessFlag|0x0001|UINT16|0x0000006d\r
\r
- ## Publish PropertiesTable or not.\r
- #\r
- # If this PCD is TRUE, DxeCore publishs PropertiesTable.\r
- # DxeCore evaluates if all runtime drivers has 4K aligned PE sections. If all\r
- # PE sections in runtime drivers are 4K aligned, DxeCore sets BIT0 in\r
- # PropertiesTable. Or DxeCore clears BIT0 in PropertiesTable.\r
- # If this PCD is FALSE, DxeCore does not publish PropertiesTable.\r
- #\r
- # If PropertiesTable has BIT0 set, DxeCore uses below policy in UEFI memory map:\r
- # 1) Use EfiRuntimeServicesCode for runtime driver PE image code section and\r
- # use EfiRuntimeServicesData for runtime driver PE image header and other section.\r
- # 2) Set EfiRuntimeServicesCode to be EFI_MEMORY_RO.\r
- # 3) Set EfiRuntimeServicesData to be EFI_MEMORY_XP.\r
- # 4) Set EfiMemoryMappedIO and EfiMemoryMappedIOPortSpace to be EFI_MEMORY_XP.\r
- #\r
- # NOTE: Platform need gurantee this PCD is set correctly. Platform should set\r
- # this PCD to be TURE if and only if all runtime driver has seperated Code/Data\r
- # section. If PE code/data sections are merged, the result is unpredictable.\r
- #\r
- # UEFI 2.6 specification does not recommend to use this BIT0 attribute.\r
- #\r
- # @Prompt Publish UEFI PropertiesTable.\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable|FALSE|BOOLEAN|0x0000006e\r
-\r
## Default OEM ID for ACPI table creation, its length must be 0x6 bytes to follow ACPI specification.\r
# @Prompt Default OEM ID for ACPI table creation.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId|"INTEL "|VOID*|0x30001034\r
# @Prompt TCG Platform Firmware Profile revision.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision|0|UINT32|0x00010077\r
\r
+ ## Indicates if StatusCode is reported via Serial port.<BR><BR>\r
+ # TRUE - Reports StatusCode via Serial port.<BR>\r
+ # FALSE - Does not report StatusCode via Serial port.<BR>\r
+ # @Prompt Enable StatusCode via Serial port.\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|TRUE|BOOLEAN|0x00010022\r
+\r
+ ## Indicates if StatusCode is stored in memory.\r
+ # The memory is boot time memory in PEI Phase and is runtime memory in DXE Phase.<BR><BR>\r
+ # TRUE - Stores StatusCode in memory.<BR>\r
+ # FALSE - Does not store StatusCode in memory.<BR>\r
+ # @Prompt Enable StatusCode via memory.\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|FALSE|BOOLEAN|0x00010023\r
+\r
[PcdsPatchableInModule]\r
## Specify memory size with page number for PEI code when\r
# Loading Module at Fixed Address feature is enabled.\r
# @Prompt If there is any test key used by the platform.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x00030003\r
\r
+ ## This dynamic PCD holds the base address of the Guest-Hypervisor Communication Block (GHCB) pool allocation.\r
+ # @Prompt GHCB Pool Base Address\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0|UINT64|0x00030007\r
+\r
+ ## This dynamic PCD holds the total size of the Guest-Hypervisor Communication Block (GHCB) pool allocation.\r
+ # The amount of memory allocated for GHCBs is dependent on the number of APs.\r
+ # @Prompt GHCB Pool Size\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0|UINT64|0x00030008\r
+\r
[PcdsDynamicEx]\r
## This dynamic PCD enables the default variable setting.\r
# Its value is the default store ID value. The default value is zero as Standard default.\r