[mirror_edk2.git] / SecurityPkg / SecurityPkg.dec

## @file  SecurityPkg.dec\r
#  This package includes the security drivers, defintions(including PPIs/PROTOCOLs/GUIDs  \r
#  and library classes) and libraries instances.\r
#\r
# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
# This program and the accompanying materials are licensed and made available under\r
# the terms and conditions of the BSD License which accompanies this distribution.\r
# The full text of the license may be found at\r
# http://opensource.org/licenses/bsd-license.php\r
#\r
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
#\r
##\r
\r
[Defines]\r
  DEC_SPECIFICATION              = 0x00010005\r
  PACKAGE_NAME                   = SecurityPkg\r
  PACKAGE_GUID                   = 24369CAC-6AA6-4fb8-88DB-90BF061668AD\r
  PACKAGE_VERSION                = 0.91\r
\r
[Includes]\r
  Include\r
\r
[LibraryClasses]\r
  ##  @libraryclass  Definitions for common TPM commands as library API for TPM\r
  #                  module use.\r
  TpmCommLib|Include/Library/TpmCommLib.h\r
\r
[Guids]\r
  ## Security package token space guid\r
  # Include/Guid/SecurityPkgTokenSpace.h\r
  gEfiSecurityPkgTokenSpaceGuid  = { 0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba }}\r
  ## Guid acted as the authenticated variable store header's signature, and to specify the variable list entries put in the EFI system table.\r
  #  Include/Guid/AuthenticatedVariableFormat.h\r
  gEfiAuthenticatedVariableGuid  = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r
\r
  ## Include/Guid/TcgEventHob.h\r
  gTcgEventEntryHobGuid              = { 0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 }}\r
\r
  ## Include/Guid/PhysicalPresenceData.h\r
  gEfiPhysicalPresenceGuid           = { 0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }}\r
\r
[Ppis]\r
  ## Include/Ppi/LockPhysicalPresence.h\r
  gPeiLockPhysicalPresencePpiGuid    = { 0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } }\r
\r
  ## Include/Ppi/TpmInitialized.h\r
  gPeiTpmInitializedPpiGuid      = { 0xe9db0d58, 0xd48d, 0x47f6, { 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 }}\r
\r
[PcdsFixedAtBuild]\r
  ## Pcd for OptionRom.\r
  #  Image verification policy settings:\r
  #  ALWAYS_EXECUTE                         0x00000000\r
  #  NEVER_EXECUTE                          0x00000001\r
  #  ALLOW_EXECUTE_ON_SECURITY_VIOLATION    0x00000002\r
  #  DEFER_EXECUTE_ON_SECURITY_VIOLATION    0x00000003\r
  #  DENY_EXECUTE_ON_SECURITY_VIOLATION     0x00000004\r
  #  QUERY_USER_ON_SECURITY_VIOLATION       0x00000005 \r
  gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00|UINT32|0x00000001\r
  \r
  ## Pcd for removable media.\r
  #  Removable media include CD-ROM, Floppy, USB and network.\r
  #  Image verification policy settings:\r
  #  ALWAYS_EXECUTE                         0x00000000\r
  #  NEVER_EXECUTE                          0x00000001\r
  #  ALLOW_EXECUTE_ON_SECURITY_VIOLATION    0x00000002\r
  #  DEFER_EXECUTE_ON_SECURITY_VIOLATION    0x00000003\r
  #  DENY_EXECUTE_ON_SECURITY_VIOLATION     0x00000004\r
  #  QUERY_USER_ON_SECURITY_VIOLATION       0x00000005\r
  gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05|UINT32|0x00000002\r
  \r
  ## Pcd for fixed media.\r
  #  Fixed media include hard disk.\r
  #  Image verification policy settings:\r
  #  ALWAYS_EXECUTE                         0x00000000\r
  #  NEVER_EXECUTE                          0x00000001\r
  #  ALLOW_EXECUTE_ON_SECURITY_VIOLATION    0x00000002\r
  #  DEFER_EXECUTE_ON_SECURITY_VIOLATION    0x00000003\r
  #  DENY_EXECUTE_ON_SECURITY_VIOLATION     0x00000004\r
  #  QUERY_USER_ON_SECURITY_VIOLATION       0x00000005  \r
  gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05|UINT32|0x00000003\r
  \r
  ## Defer Image Load policy settings.\r
  #  The policy is bitwise. \r
  #  If bit is set, the image from corresponding device will be trust when loading.\r
  #\r
  # IMAGE_UNKNOWN                         0x00000001\r
  # IMAGE_FROM_FV                         0x00000002\r
  # IMAGE_FROM_OPTION_ROM                 0x00000004\r
  # IMAGE_FROM_REMOVABLE_MEDIA            0x00000008\r
  # IMAGE_FROM_FIXED_MEDIA                0x00000010\r
  gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy|0x0000001F|UINT32|0x0000004\r
  \r
  ## The token file name used to save credential in USB credential provider driver.\r
  #  The specified file should be saved at the root directory of USB storage disk.\r
  gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName|L"Token.bin"|VOID*|0x00000005\r
\r
  ## The size of Append variable buffer. This buffer is reserved for runtime use, OS can append data into one existing variable.\r
  gEfiSecurityPkgTokenSpaceGuid.PcdMaxAppendVariableSize|0x2000|UINT32|0x30000005  \r
\r
  ## This PCD specifies the type of TCG platform that contains TPM chip. \r
  #  This PCD is only avaiable when PcdTpmPhysicalPresence is TRUE.\r
  #  If 0, TCG platform type is PC client.\r
  #  If 1, TCG platform type is server.\r
  gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006\r
\r
  ## The PCD is used to control whether to support hiding the TPM.\r
  #  If TRUE, PcdHideTpm controls whether to hide the TPM.\r
  gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport|FALSE|BOOLEAN|0x00000007\r
  \r
[PcdsDynamic, PcdsDynamicEx]\r
  ## The PCD is used to control whether to hide the TPM.\r
  gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm|FALSE|BOOLEAN|0x00010002\r
\r
  ## The PCD is used to specify whether or not MOR (MemoryOverwriteControl) feature is enabled.\r
  gEfiSecurityPkgTokenSpaceGuid.PcdMorEnable|FALSE|BOOLEAN|0x00010000\r
\r
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
  ## This PCD indicates the presence or absence of the platform operator.\r
  gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001\r
\r
Commit	Line	Data
0c18794e	1	## @file SecurityPkg.dec\r
	2	# This package includes the security drivers, defintions(including PPIs/PROTOCOLs/GUIDs \r
	3	# and library classes) and libraries instances.\r
	4	#\r
	5	# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
	6	# This program and the accompanying materials are licensed and made available under\r
	7	# the terms and conditions of the BSD License which accompanies this distribution.\r
	8	# The full text of the license may be found at\r
	9	# http://opensource.org/licenses/bsd-license.php\r
	10	#\r
	11	# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	12	# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	13	#\r
	14	##\r
	15	\r
	16	[Defines]\r
	17	DEC_SPECIFICATION = 0x00010005\r
	18	PACKAGE_NAME = SecurityPkg\r
	19	PACKAGE_GUID = 24369CAC-6AA6-4fb8-88DB-90BF061668AD\r
	20	PACKAGE_VERSION = 0.91\r
	21	\r
	22	[Includes]\r
	23	Include\r
	24	\r
	25	[LibraryClasses]\r
	26	## @libraryclass Definitions for common TPM commands as library API for TPM\r
	27	# module use.\r
	28	TpmCommLib\|Include/Library/TpmCommLib.h\r
	29	\r
	30	[Guids]\r
	31	## Security package token space guid\r
	32	# Include/Guid/SecurityPkgTokenSpace.h\r
	33	gEfiSecurityPkgTokenSpaceGuid = { 0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba }}\r
	34	## Guid acted as the authenticated variable store header's signature, and to specify the variable list entries put in the EFI system table.\r
	35	# Include/Guid/AuthenticatedVariableFormat.h\r
	36	gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }\r
	37	\r
	38	## Include/Guid/TcgEventHob.h\r
	39	gTcgEventEntryHobGuid = { 0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 }}\r
	40	\r
	41	## Include/Guid/PhysicalPresenceData.h\r
	42	gEfiPhysicalPresenceGuid = { 0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }}\r
	43	\r
	44	[Ppis]\r
	45	## Include/Ppi/LockPhysicalPresence.h\r
	46	gPeiLockPhysicalPresencePpiGuid = { 0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } }\r
	47	\r
	48	## Include/Ppi/TpmInitialized.h\r
	49	gPeiTpmInitializedPpiGuid = { 0xe9db0d58, 0xd48d, 0x47f6, { 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 }}\r
	50	\r
	51	[PcdsFixedAtBuild]\r
	52	## Pcd for OptionRom.\r
	53	# Image verification policy settings:\r
	54	# ALWAYS_EXECUTE 0x00000000\r
	55	# NEVER_EXECUTE 0x00000001\r
	56	# ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002\r
	57	# DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r
	58	# DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r
	59	# QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 \r
	60	gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy\|0x00\|UINT32\|0x00000001\r
	61	\r
	62	## Pcd for removable media.\r
	63	# Removable media include CD-ROM, Floppy, USB and network.\r
	64	# Image verification policy settings:\r
65	# ALWAYS_EXECUTE 0x00000000\r
66	# NEVER_EXECUTE 0x00000001\r
67	# ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002\r
68	# DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r
69	# DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r
70	# QUERY_USER_ON_SECURITY_VIOLATION 0x00000005\r
71	gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy\|0x05\|UINT32\|0x00000002\r
72	\r
73	## Pcd for fixed media.\r
74	# Fixed media include hard disk.\r
75	# Image verification policy settings:\r
76	# ALWAYS_EXECUTE 0x00000000\r
77	# NEVER_EXECUTE 0x00000001\r
78	# ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002\r
79	# DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r
80	# DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r
81	# QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 \r
82	gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy\|0x05\|UINT32\|0x00000003\r
83	\r
84	## Defer Image Load policy settings.\r
85	# The policy is bitwise. \r
86	# If bit is set, the image from corresponding device will be trust when loading.\r
87	#\r
88	# IMAGE_UNKNOWN 0x00000001\r
89	# IMAGE_FROM_FV 0x00000002\r
90	# IMAGE_FROM_OPTION_ROM 0x00000004\r
91	# IMAGE_FROM_REMOVABLE_MEDIA 0x00000008\r
92	# IMAGE_FROM_FIXED_MEDIA 0x00000010\r
93	gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy\|0x0000001F\|UINT32\|0x0000004\r
94	\r
95	## The token file name used to save credential in USB credential provider driver.\r
96	# The specified file should be saved at the root directory of USB storage disk.\r
97	gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName\|L"Token.bin"\|VOID*\|0x00000005\r
98	\r
99	## The size of Append variable buffer. This buffer is reserved for runtime use, OS can append data into one existing variable.\r
100	gEfiSecurityPkgTokenSpaceGuid.PcdMaxAppendVariableSize\|0x2000\|UINT32\|0x30000005 \r
101	\r
102	## This PCD specifies the type of TCG platform that contains TPM chip. \r
103	# This PCD is only avaiable when PcdTpmPhysicalPresence is TRUE.\r
104	# If 0, TCG platform type is PC client.\r
105	# If 1, TCG platform type is server.\r
106	gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass\|0\|UINT8\|0x00000006\r
107	\r
108	## The PCD is used to control whether to support hiding the TPM.\r
109	# If TRUE, PcdHideTpm controls whether to hide the TPM.\r
110	gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport\|FALSE\|BOOLEAN\|0x00000007\r
111	\r
112	[PcdsDynamic, PcdsDynamicEx]\r
113	## The PCD is used to control whether to hide the TPM.\r
114	gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm\|FALSE\|BOOLEAN\|0x00010002\r
115	\r
116	## The PCD is used to specify whether or not MOR (MemoryOverwriteControl) feature is enabled.\r
117	gEfiSecurityPkgTokenSpaceGuid.PcdMorEnable\|FALSE\|BOOLEAN\|0x00010000\r
118	\r
119	[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
120	## This PCD indicates the presence or absence of the platform operator.\r
121	gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence\|TRUE\|BOOLEAN\|0x00010001\r
122	\r