]> git.proxmox.com Git - mirror_edk2.git/blobdiff - SecurityPkg/SecurityPkg.dec
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SecurityPkg: Add constraints on PK strength
[mirror_edk2.git] / SecurityPkg / SecurityPkg.dec
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 2cdfb02cc5a2a336613c7b01bc0ab01b36b81d47..dfbbb0365a2bd98d08c9e343b41a70f5d4fa7ca5 100644 (file)
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -5,9 +5,9 @@
 #  It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes)\r
 #  and libraries instances, which are used for those features.\r
 #\r
-# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
 # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR>\r
-# Copyright (c) 2017, Microsoft Corporation.  All rights reserved. <BR>\r
+# Copyright (c) Microsoft Corporation.<BR>\r
 # SPDX-License-Identifier: BSD-2-Clause-Patent\r
 #\r
 ##\r
@@ -84,6 +84,9 @@
   #\r
   VariableKeyLib|Include/Library/VariableKeyLib.h\r
 \r
+  ## @libraryclass  Provides interfaces about firmware TPM measurement.\r
+  #\r
+  TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h\r
 [Guids]\r
   ## Security package token space guid.\r
   # Include/Guid/SecurityPkgTokenSpace.h\r
@@ -180,6 +183,13 @@
   ## Include/OpalPasswordExtraInfoVariable.h\r
   gOpalExtraInfoVariableGuid =  {0x44a2ad5d, 0x612c, 0x47b3, {0xb0, 0x6e, 0xc8, 0xf5, 0x0b, 0xfb, 0xf0, 0x7d}}\r
 \r
+  ## GUID used to exchange registered SWI value and NVS region between Tcg2Acpi and Tcg2Smm.\r
+  ## Include/Guid/TpmNvsMm.h\r
+  gTpmNvsMmGuid                      = { 0xc96c76eb, 0xbc78, 0x429c, { 0x9f, 0x4b, 0xda, 0x51, 0x78, 0xc2, 0x84, 0x57 }}\r
+\r
+  ## GUID used to enforce loading order between Tcg2Acpi and Tcg2Smm\r
+  gTcg2MmSwSmiRegisteredGuid         = { 0x9d4548b9, 0xa48d, 0x4db4, { 0x9a, 0x68, 0x32, 0xc5, 0x13, 0x9e, 0x20, 0x18 } }\r
+\r
 \r
 [Ppis]\r
   ## The PPI GUID for that TPM physical presence should be locked.\r
@@ -203,6 +213,9 @@
   ## Include/Ppi/FirmwareVolumeInfoStoredHashFv.h\r
   gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid = {0x7f5e4e31, 0x81b1, 0x47e5, { 0x9e, 0x21, 0x1e, 0x4b, 0x5b, 0xc2, 0xf6, 0x1d } }\r
 \r
+  ## Include/Ppi/Tcg.h\r
+  gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca, 0xc7, 0x17, 0x6c, 0xf1 } }\r
+\r
 #\r
 # [Error.gEfiSecurityPkgTokenSpaceGuid]\r
 #   0x80000001 | Invalid value provided.\r
@@ -272,6 +285,12 @@
   # @ValidList  0x80000003 | 0x010D0000\r
   gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007\r
 \r
+  ## Defines the IO port used to trigger a software System Management Interrupt (SMI).<BR><BR>\r
+  #  Used as the SMI Command IO port by security functionality that triggers a software SMI such\r
+  #  as Physical Presence Interface (PPI).<BR>\r
+  # @Prompt SMI Command IO port.\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdSmiCommandIoPort|0xB2|UINT16|0x00000009\r
+\r
   ## Progress Code for FV verification result.<BR><BR>\r
   #  (EFI_SOFTWARE_PEI_MODULE | EFI_SUBCLASS_SPECIFIC | XXX)\r
   # @Prompt Status Code for FV verification result\r
@@ -364,6 +383,7 @@
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E\r
 \r
   ## Guid name to identify TPM instance.<BR><BR>\r
+  #  NOTE: This Pcd must be FixedAtBuild if Standalone MM is used\r
   #  TPM_DEVICE_INTERFACE_NONE means disable.<BR>\r
   #  TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.<BR>\r
   #  TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.<BR>\r
@@ -429,7 +449,18 @@
 \r
   ## This PCD defines initial setting of TCG2 Persistent Firmware Management Flags\r
   # PCD can be configured for different settings in different scenarios\r
-  # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT\r
+  # This PCD follows UEFI TCG2 library definition bit of the BIOS TPM/Storage Management Flags<BR>\r
+  #    BIT0  -  Reserved <BR>\r
+  #    BIT1  -  TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR <BR>\r
+  #    BIT2  -  Reserved <BR>\r
+  #    BIT3  -  TCG2_LIB_PP_FLAG_RESET_TRACK <BR>\r
+  #    BIT4  -  TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON <BR>\r
+  #    BIT5  -  TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF <BR>\r
+  #    BIT6  -  TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS <BR>\r
+  #    BIT7  -  TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS <BR>\r
+  #    BIT16 -  TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID <BR>\r
+  #    BIT17 -  TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID <BR>\r
+  #    BIT18 -  TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID <BR>\r
   # @Prompt Initial setting of TCG2 Persistent Firmware Management Flags\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x700E2|UINT32|0x0001001B\r
 \r
EFI Development Kit II mirror for PVE