projects / mirror_edk2.git / blame
| Commit | Line | Data |
|---|---|---|
| 0c18794e | 1 | ## @file SecurityPkg.dec\r |
| 2 | # This package includes the security drivers, defintions(including PPIs/PROTOCOLs/GUIDs \r | |
| 3 | # and library classes) and libraries instances.\r | |
| 4 | #\r | |
| 5 | # Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r | |
| 6 | # This program and the accompanying materials are licensed and made available under\r | |
| 7 | # the terms and conditions of the BSD License which accompanies this distribution.\r | |
| 8 | # The full text of the license may be found at\r | |
| 9 | # http://opensource.org/licenses/bsd-license.php\r | |
| 10 | #\r | |
| 11 | # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
| 12 | # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
| 13 | #\r | |
| 14 | ##\r | |
| 15 | \r | |
| 16 | [Defines]\r | |
| 17 | DEC_SPECIFICATION = 0x00010005\r | |
| 18 | PACKAGE_NAME = SecurityPkg\r | |
| 19 | PACKAGE_GUID = 24369CAC-6AA6-4fb8-88DB-90BF061668AD\r | |
| 20 | PACKAGE_VERSION = 0.91\r | |
| 21 | \r | |
| 22 | [Includes]\r | |
| 23 | Include\r | |
| 24 | \r | |
| 25 | [LibraryClasses]\r | |
| 26 | ## @libraryclass Definitions for common TPM commands as library API for TPM\r | |
| 27 | # module use.\r | |
| 28 | TpmCommLib|Include/Library/TpmCommLib.h\r | |
| 29 | \r | |
| 30 | [Guids]\r | |
| 31 | ## Security package token space guid\r | |
| 32 | # Include/Guid/SecurityPkgTokenSpace.h\r | |
| 33 | gEfiSecurityPkgTokenSpaceGuid = { 0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba }}\r | |
| 34 | ## Guid acted as the authenticated variable store header's signature, and to specify the variable list entries put in the EFI system table.\r | |
| 35 | # Include/Guid/AuthenticatedVariableFormat.h\r | |
| 36 | gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r | |
| 37 | \r | |
| 38 | ## Include/Guid/TcgEventHob.h\r | |
| 39 | gTcgEventEntryHobGuid = { 0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 }}\r | |
| 40 | \r | |
| 41 | ## Include/Guid/PhysicalPresenceData.h\r | |
| 42 | gEfiPhysicalPresenceGuid = { 0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }}\r | |
| a0c56a82 LG |
43 | \r |
| 44 | ## Include/Guid/PwdCredentialProviderHii.h\r | |
| 45 | gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }}\r | |
| 46 | \r | |
| 47 | ## Include/Guid/UsbCredentialProviderHii.h\r | |
| 48 | gUsbCredentialProviderGuid = { 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, 0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, 0xa9 }}\r | |
| 49 | \r | |
| 50 | ## Include/Guid/UserIdentifyManagerHii.h\r | |
| 51 | gUserIdentifyManagerGuid = { 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 }}\r | |
| 52 | \r | |
| 53 | ## Include/Guid/UserProfileManagerHii.h\r | |
| 54 | gUserProfileManagerGuid = { 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, 0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe }}\r | |
| 55 | \r | |
| 56 | ## Include/Guid/TcgConfigHii.h\r | |
| 57 | gTcgConfigFormSetGuid = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }}\r | |
| 0c18794e | 58 | \r |
| 59 | [Ppis]\r | |
| 60 | ## Include/Ppi/LockPhysicalPresence.h\r | |
| 61 | gPeiLockPhysicalPresencePpiGuid = { 0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } }\r | |
| 62 | \r | |
| 63 | ## Include/Ppi/TpmInitialized.h\r | |
| 64 | gPeiTpmInitializedPpiGuid = { 0xe9db0d58, 0xd48d, 0x47f6, { 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 }}\r | |
| 65 | \r | |
| 66 | [PcdsFixedAtBuild]\r | |
| 67 | ## Pcd for OptionRom.\r | |
| 68 | # Image verification policy settings:\r | |
| 69 | # ALWAYS_EXECUTE 0x00000000\r | |
| 70 | # NEVER_EXECUTE 0x00000001\r | |
| 71 | # ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002\r | |
| 72 | # DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r | |
| 73 | # DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r | |
| 74 | # QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 \r | |
| 75 | gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00|UINT32|0x00000001\r | |
| 76 | \r | |
| 77 | ## Pcd for removable media.\r | |
| 78 | # Removable media include CD-ROM, Floppy, USB and network.\r | |
| 79 | # Image verification policy settings:\r | |
| 80 | # ALWAYS_EXECUTE 0x00000000\r | |
| 81 | # NEVER_EXECUTE 0x00000001\r | |
| 82 | # ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002\r | |
| 83 | # DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r | |
| 84 | # DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r | |
| 85 | # QUERY_USER_ON_SECURITY_VIOLATION 0x00000005\r | |
| 86 | gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05|UINT32|0x00000002\r | |
| 87 | \r | |
| 88 | ## Pcd for fixed media.\r | |
| 89 | # Fixed media include hard disk.\r | |
| 90 | # Image verification policy settings:\r | |
| 91 | # ALWAYS_EXECUTE 0x00000000\r | |
| 92 | # NEVER_EXECUTE 0x00000001\r | |
| 93 | # ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002\r | |
| 94 | # DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r | |
| 95 | # DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r | |
| 96 | # QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 \r | |
| 97 | gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05|UINT32|0x00000003\r | |
| 98 | \r | |
| 99 | ## Defer Image Load policy settings.\r | |
| 100 | # The policy is bitwise. \r | |
| 101 | # If bit is set, the image from corresponding device will be trust when loading.\r | |
| 102 | #\r | |
| 103 | # IMAGE_UNKNOWN 0x00000001\r | |
| 104 | # IMAGE_FROM_FV 0x00000002\r | |
| 105 | # IMAGE_FROM_OPTION_ROM 0x00000004\r | |
| 106 | # IMAGE_FROM_REMOVABLE_MEDIA 0x00000008\r | |
| 107 | # IMAGE_FROM_FIXED_MEDIA 0x00000010\r | |
| 108 | gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy|0x0000001F|UINT32|0x0000004\r | |
| 109 | \r | |
| 110 | ## The token file name used to save credential in USB credential provider driver.\r | |
| 111 | # The specified file should be saved at the root directory of USB storage disk.\r | |
| 112 | gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName|L"Token.bin"|VOID*|0x00000005\r | |
| 113 | \r | |
| 114 | ## The size of Append variable buffer. This buffer is reserved for runtime use, OS can append data into one existing variable.\r | |
| 115 | gEfiSecurityPkgTokenSpaceGuid.PcdMaxAppendVariableSize|0x2000|UINT32|0x30000005 \r | |
| 116 | \r | |
| 117 | ## This PCD specifies the type of TCG platform that contains TPM chip. \r | |
| 118 | # This PCD is only avaiable when PcdTpmPhysicalPresence is TRUE.\r | |
| 119 | # If 0, TCG platform type is PC client.\r | |
| 120 | # If 1, TCG platform type is server.\r | |
| 121 | gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006\r | |
| 122 | \r | |
| 123 | ## The PCD is used to control whether to support hiding the TPM.\r | |
| 124 | # If TRUE, PcdHideTpm controls whether to hide the TPM.\r | |
| 125 | gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport|FALSE|BOOLEAN|0x00000007\r | |
| 126 | \r | |
| 127 | [PcdsDynamic, PcdsDynamicEx]\r | |
| 128 | ## The PCD is used to control whether to hide the TPM.\r | |
| 129 | gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm|FALSE|BOOLEAN|0x00010002\r | |
| 130 | \r | |
| 131 | ## The PCD is used to specify whether or not MOR (MemoryOverwriteControl) feature is enabled.\r | |
| 132 | gEfiSecurityPkgTokenSpaceGuid.PcdMorEnable|FALSE|BOOLEAN|0x00010000\r | |
| 133 | \r | |
| 134 | [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r | |
| 135 | ## This PCD indicates the presence or absence of the platform operator.\r | |
| 136 | gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001\r | |
| 137 | \r |